machine is ultimate slow
#koth
stiff egret
That also happens when someone is running recon scripts, like linPEAS.
Also, if you have root, patch the machines and keep the 'noobs' out.
If you run scripts like, pspy, the machine goes extremely slow, it is possible someone is running that.
There are a lot of examples for this, running hydra at max threads also makes the machines slow
Rustscan can crash machines
stiff egret
Can you DM me the IP of machine?
stiff egret
Can confirm, machine is alright.
fair adder
Guys, how do you do that? Within 15 minutes, ๐
Got my first 15 points and i'm just good to go to the shower by now. So exiting ๐
blissful flare
๐ฅฒ
its all about how many times you have played a machines
thats why we are waiting for new machines
nova tide
thats why we are waiting for new machines
@stiff egret
fair adder
its all about how many times you have played a machines
Yes, I only started with koth since yesterday. But at the same time, i'm a noob and still have tons of things to learn.
I still need to rely to much on my notes atm
nova tide
no one is in the shell
They might not have a tty session
stiff egret
<@!580609268261191680>
ok breathing in before I break the PG13 rule.
I TEXTED YOU WE COULD'VE FINISHED THOSE LAST WEEKEND!
nova tide
I TEXTED YOU WE COULD'VE FINISHED THOSE LAST WEEKEND!
i told you i am free at night
fair adder
H1: Hard is hard. Can't privilege escalate ๐
fathom lotus
stiff egret
lemme check
blissful flare
๐
stiff egret
blissful flare
is it all right?
stiff egret
And it is proved
BROKEN
~~@lusty portal Hey, Same issue with website not picking up king from port 9999. ~~ Apologies for the ping, everything is OK.
IP: 10.10.81.198
Match ID: 31656
blissful flare
ok
stiff egret
On second thoughts, Hold on.
blissful flare
compensation will be 10 wins direct
stiff egret
your name is wrong
blissful flare
on scoreboard
stiff egret
OP 
stiff egret
I have to change ir
Ofc!
stiff egret
Don't blame me if I take the king now
blissful flare
Don't blame me if I take the king now
๐ข
is it
like we should do
do it
we ont patch anything here ok @stiff egret
stiff egret
I have no idea, have you patched it?
placid fable
Mr. Holmes got in with the patches ๐
blissful flare
hahah
blissful flare
I have no idea, have you patched it?
no but another guy did think so
stiff egret
Mate, what did you do
blissful flare
no rev shells
stiff egret
GG
blissful flare
If only if
stiff egret
Nice game lol, also cut that sir 
blissful flare
I could get a follow back on ista
stiff egret
lol
stiff egret
done (:
blissful flare
thanks
mellow hornet
join us plzhttps://tryhackme.com/games/koth/join/2e5ff0012e8103bf26cea346
upper marlin
can you get the machine which is not currently in machine pool?
nova tide
can you get the machine which is not currently in machine pool?
Yes, you can. Either be in public match or start a private one.
There are more machines in the pool but it only shows 10 most recent released on the page.
upper marlin
Ok. I thought you only get from pool. No problem.
fair adder
anyone for koth? 31975
tawdry burrow
Hey guys. If i'm playing a koth and even with a players name in king.txt the points aren't getting added. is there anything i can do?
fair adder
Hello, i wanted to know if somebody would like to guide me for my first koth tomorow
because of even if i did a lot of ctf i never do a koth
stiff egret
Hello, i wanted to know if somebody would like to guide me for my first koth tom...
Check pins ๐
fair adder
Check pins ๐
What do you mean by pins?
stiff egret
Click on that button
and you can see the pinned msgs, that are/were found useful.
-- If anyone wants to learn/Guidance about KoTH, they can always check out this blog post:
https://blog.tryhackme.com/guide-to-king-of-the-hill/
fair adder
Ok thanks you very much
upper marlin
There is something wrong with my game. I have my username in king.txt but on leaderboard it is not giving point
this is game. IP: 10.10.117.60
It is showing the username on port 9999
@stiff egret any help?
tawdry burrow
There is something wrong with my game. I have my username in king.txt but on lea...
I've heard people are having this problem too. I experienced it last night for myself
upper marlin
This needs to be fixed. You can just win by flags.
tawdry burrow
Has anyone from staff confirmed it's an issue they know about?!
stiff egret
<@!580609268261191680> any help?
Sorry for late reply, timezones thing, and about that issue
Although, it is a common issue sometimes, but please make sure you are entering the exact username in that file
upper marlin
Yeah. I rechecked it so many times
stiff egret
Has anyone from staff confirmed it's an issue they know about?!
It was a known issue sometime back, but I haven't seen it raised recently
upper marlin
Also confirmed that the 9999 port was also showing the perect username.
upper marlin
Sorry for late reply, timezones thing, and about that issue
No need to be sorry. It's sunday morning. No one likes working on sunday morning even in India.
stiff egret
Ah. Then it can the the site issue, I can't raise it now that the game is over. But I'll keep an eye around (:
upper marlin
Ah. Then it can the the site issue, I can't raise it now that the game is over. ...
Yeah. Also it was windows machine(H1:medium). If that has something to do with this.
marsh falcon
were could we find flag? Only the root flag?
Some are well hidden, some are on the home directory of users. But i think its different from box to box
upper marlin
Some are well hidden, some are on the home directory of users. But i think its d...
Some are in ascii art formate too. Good luck about those.
stiff egret
Can you send you the IP in DM?
@quiet schooner If you are around, can you give this food box a look? (ref to ss)
quiet schooner
<@!252418040388517888> If you are around, can you give this food box a look? (r...
I'm doing pwk so not really around for THM
stiff egret
quiet schooner
Are you sure that's the service name?
stiff egret
I'm doing pwk so not really around for THM
ah, ok
quiet schooner
try koth.service
stiff egret
Are you sure that's the service name?
That's what it is, iirc.
quiet schooner
My local files say koth rather than king
stiff egret
try koth.service
No on that too
stiff egret
My local files say koth rather than king
Oh, yes, that could be it
quiet schooner
entirely possible that someone removed it though
upper marlin
I am gonna try in one more game and see if issue persists or not!
And the service is running too.
stiff egret
I've reported this to admins, it's a site issue. And should get fixed soon. (:
upper marlin
ok. Because I can confirm that this is issue because in next match I have same issue.
nova tide
<@!252418040388517888> If you are around, can you give this food box a look? (r...
Have reported already in #koth-staff
upper marlin
ok. Because I can confirm that this is issue because in next match I have same i...
should I send the info on this?
nova tide
No need. It's been reported to admins they will look into it.
upper marlin
ok. Good luck with the bug finding.
gritty cedar
lapis folio
well ..
steep agate
And the service is running too.
yesterday if you put your nick in king.txt , it wasn't counting points
but apparently they've already solved
sometimes king.txt points don't count
steep agate
On the machine now now you tasted your own poison hahahahahaha @lapis folio
lapis folio
well i don't want a king ...
steep agate
neither do I, for me to score the flags is fine ๐
lapis folio
of course ...
ohh yeah i'm stupid loser ok ... u want to say like that to me i know :) no problem ... i'm just play it for fun
steep agate
????? Lol
I'm just playing for fun too lol
but if you think, that's fine, life goes on. now i have to finish some things, goodbye xD
lapis folio
well ... good luck
fair adder
Hello, i have a question, what could i do when the other players always disconnect me and lock my connection?
stiff egret
they don't 'lock' your connection, they just kick you out of the machine, what you can do in this is find other ways to get in the machine, think like a mercenary and try to find ways to hide your connection better once inside the machine.
fair adder
well i guess he won so, i will try to find something ๐
stiff egret
For e.g. Once you get a reverse shell, don't stablise it, because that allocates you a tty, and that makes you more visible.
stiff egret
In every machine, there are minimum 3 ways to get inside, you just have to ....
!dark
pearl gladeBOT
DarkStar7471
stiff egret
nvm
stiff egret
blissful flare
!dark
pearl gladeBOT
DarkStar7471
steep agate
yo
steep agate
@upper marlin this king not counting error is showing up every week
stiff egret
Is the game on?
upper marlin
yes
stiff egret
DM me the box IP
upper marlin
You want creds?
stiff egret
I've pinged skidy regarding this. Hopefully this will be resolved. He did fix it last time, this is weird.
upper marlin
yes. that's why I am reporting again. It happened in morning too but I had a placement meeting so I couldn't report in time.
@stiff egret Is it possible that this is user issue? can you please join the game and try your username ?
https://tryhackme.com/games/koth/join/ef0d3d4c73f37e7c5446d70f this is invitation link
upper marlin
how to contact your competitor in koth? If you have their network IP?
steep agate
how to contact your competitor in koth? If you have their network IP?
if you are on the same machine as you logged into ssh, you can type: wall yourmessage
upper marlin
Yeah. But someone was bruteforcing ssh logon. I just wanted to tell them to stop as it was worthless.
steep agate
I understood
fair adder
hey, do you know were i could find some doc about windows defense?
fair adder
These KOTH games start to be stupid like hell when peoples shut down services instead of fixing it... https://tryhackme.com/games/koth/32284
fair adder
This Mrapdoul user (https://tryhackme.com/p/Mrapdoul) indeed seems to cheat over and over again. Plays 2 KoTH at the same time. Like ATM of writing this. Takes immediately control of the box, shut down services... Feels like he has nothing else to do as just cheating and misunderstanding what real ego is...
cerulean willow
This Mrapdoul user (https://tryhackme.com/p/Mrapdoul) indeed seems to cheat over...
You saw it pitiful this kind of person
fair adder
You saw it pitiful this kind of person
Just an idiot who think is smart
That script kiddy should be banned, that's my opinion
This is not playing anymore, what he does
cerulean willow
That script kiddy should be banned, that's my opinion
I totally agree with you
quiet schooner
That script kiddy should be banned, that's my opinion
The rules say where to handle this
pallid karma
mm.. does winning without king (only flags) count?
i won my first game tonight but it doesnt show up in the completed koth rooms and i didnt get my badge
the odd thing is that the game doesnt seem to have been completed
steep agate
i won my first game tonight but it doesnt show up in the completed koth rooms an...
victory only counts if you stay longer in the king
steep agate
it doesn't matter if you score all the flags, if you don't stay on the king during the game until the end you don't win the match, but you scored the flags
steep agate
even though i had the most point i did not win?
yes if you have more points you win
steep agate
well, if you scored higher than everyone else in the room you participated in, you won
pallid karma
that whaat i thought
quiet schooner
But if the match didn't end, that's a bug - #site-bugs
quiet schooner
the odd thing is that the game doesnt seem to have been completed
This.
Report it as a site bug
steep agate
but the game doesnt show up in the completed games
I understand
nova tide
the odd thing is that the game doesnt seem to have been completed
not a bug. it won't show up in recent games because only king changes once or more counts to be shown. otherwise it will add up in your win count.
If there wasn't anyone else with king points it won't show up in recent games but that doesn't mean it doesn't count.
nova tide
mm.. does winning without king (only flags) count?
if you win with 0 points/win by default that's the win that won't count.
nova tide
<@!267010557889085440> is there a win cout?
on the leaderboard.
pallid karma
i won with points
nova tide
then it would have given you +1 for your leaderboard.
steep agate
I think you only get the badge when you win with king points
pallid karma
ok
nova tide
I'm not sure how long it takes to award the badge. I would recommend waiting for sometime, if it's not still added then you can email and support will add it manually. Don't forget to attach the game url.
pallid karma
how can i recover it?
nova tide
I think you only get the badge when you win with king points
Not sure about that either ๐
pallid karma
the game url?
i mean, the game ended and i closed the tab after it was saying i won
nova tide
Here you go: https://tryhackme.com/games/koth/32295
steep agate
Not sure about that either ๐
๐
pallid karma
i'll play again to win it with king
nova tide
GLHF
pallid karma
thanks ๐
ebon lichen
It's getting late, for me at least, anyone up for a final one? https://tryhackme.com/games/koth/join/479be9e3d1ed9076730e0422
fair adder
Hi guys :)
steep agate
Hi guys :)
hi
steep agate
Thank you very much!! :)
fair adder
Hello, do you know where I could learn how to defend windows machines? Like auto RDP disconnection for all the others account etc ...
fair adder
oh i will play agains't you UwU
stray wraith
fair adder
good luk so ๐
stray wraith
nova tide
Thank you very much!! :)
Oh KoTH video? Can i get a link too?
stray wraith
1 reset left
dunno king time is not updating
@fair adder ||check out port runnin mysql||
fair adder
yep
i know their is a db
but i would like to know how do you patch the vim privesc fail
stray wraith
uhuh
steep agate
Oh KoTH video? Can i get a link too?
do you want the link to my video? sorry i didn't understand very well i'm using the translator because i'm brazilian ๐
nova tide
do you want the link to my video? sorry i didn't understand very well i'm using ...
send me your video link. 
you can DM
or can share in #thm-community-media if it's totally a THM content ๐ค
steep agate
but i would like to know how do you patch the vim privesc fail
chmod 755 /usr/bin/vim
fair adder
ty
steep agate
send me your video link. <:ghostblobgib:689626579168395289>
okay
stray wraith
||use vim to modify /etc/passwd for root || @fair adder
fair adder
||use vim to modify /etc/passwd for root || <@456226577798135808>
nice trick ty
sour vectorBOT
Gave +1 Rep to @stray wraith
steep agate
@stray wraith @fair adder what box?
fair adder
food
steep agate
steep agate
root is a bit tricky
there are several ways to get root on this machine, even with that CVE-2021-3493
stray wraith
๐
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges.
ooooh this is sick
steep agate
Yes ๐
terse willow
```The overlayfs implementation in the linux kernel did not properly validate wi...
Enjoy
steep agate
a very interesting machine is also carnage, its root is amazing
steep agate
was funny when you kick me x)
you can set crontab to kick people off the machine too
stray wraith
was funny when you kick me x)
i had to google how to do that
i keep forgetting
gotta play more often
๐
send again
fair adder
you can set crontab to kick people off the machine too
how could i do this?
king is borken again
nova tide
send ip
nova tide
king is borken again
^
placid fable
and i can't sry because i dont screenshot ip
You must have used the IP in some command
export IP=""?
quiet schooner
history | grep 10.10
nova tide
You must have used the `IP` in some command
`export IP=""`?
i was asking for the ip if the machine was currently active and i could check it myslef.
steep agate
send again
my github :)
steep agate
how could i do this?
just adjust the crontab to kill the other opponent's session, but I don't know if it's against rules so I don't support you doing this
stray wraith
Thank you
steep agate
xD
stray wraith
โญ'ed
fair adder
just adjust the crontab to kill the other opponent's session, but I don't know i...
Do you have a tuto or a doc so I can learn how to do this
stiff egret
Do you have a tuto or a doc so I can learn how to do this
John's videos, Optional's Videos and there's also a blog in pinned messages.
fair adder
Ok ty ๐
fair adder
i was asking for the ip if the machine was currently active and i could check it...
It's down right now
steep agate
I don't understand, why sometimes king.txt dots don't work?
stiff egret
I don't understand, why sometimes king.txt dots don't work?
elaborate?
nova tide
elaborate?
king points bug again
steep agate
elaborate?
?
stiff egret
king points bug again
jabba, imma just point them now to you
short tusk
Hey!
If you're having issues with KoTH and the king.txt does not seem to be working,
please ping me or any of the KoTH Staff with the Machine IP.
Do this while the game is still active so that we can review the machine:)
stray wraith
@stiff egret ๐
stiff egret
<@580609268261191680> ๐
๐
steep agate
there could be a reward system for the world's top 10 koth, that's my opinion and I think it would be cool
fair adder
is it alowed to don't do recon on a room we already did? like folowing our old notes?รน
stiff egret
"don't" ? Why? Recon is not a rule, it's a choice, if you want to, because it's usually needed. If you don't need it, fewel free to skip it
fair adder
because it's a big disadvantage for those who have to do scans
so i wanted to know if we don't need to do it every games
stiff egret
Not a rule, No.
fair adder
ok
steep agate
recon is a fundamental part, and it is very important to know how to do a good recon.
fair adder
recon is a fundamental part, and it is very important to know how to do a good r...
yes but i don't even finish my nmap scan that somebody rooted the machine
steep agate
yes but i don't even finish my nmap scan that somebody rooted the machine
Use rustscan bro
fair adder
i guess i will
steep agate
It's much faster than nmap
fair adder
ok
fair adder
It's much faster than nmap
hell yea much faster
naive goblet
is rustscan that much faster then -T5 nmap????
fair adder
i think yes
naive goblet
well guess it is up to try it and time them to find out.... then again with the right flags for nmap you should be able to rival the rustscan speed ยฏ_(ใ)_/ยฏ
steep agate
hell yea much faster
xD
steep agate
is rustscan that much faster then -T5 nmap????
Yes
stiff egret
well guess it is up to try it and time them to find out.... then again with the ...
Rustscan and nmap works together, rustscan gets you the open ports, faster than nmap can and then pipes them to nmap, that way nmap can finish up the overall scan faster.
Alone, Rustscan can go as high as all ports in one sec I think, it will probably push the target machine to 95%+ usage, but it can get you all ports very very fast.
There's a certain factor for PORT CHECKING in rustscan, that simply can't match or is comparable to nmap. In any way.
Nmap is a very detailed tool for scanning, rustscan only lists out the open ports.
steep agate
There's a certain factor for PORT CHECKING in rustscan, that simply can't match ...
Yes
on koth, rustcan helps a lot on some machines with high ssh ports
fair adder
i'm alone, did somebody want to play with me?
marsh falcon
have u gotten root @fair adder ? idk if its me but it looks like king isnt displaying
fair adder
kind don't work onProduction
marsh falcon
disconnect.sh ๐
marsh falcon
port 9001 and 9002 are open
fair adder
@stiff egret
it's probably babauca
@marsh falcon even if this it was a good game
marsh falcon
thats a bummer
fair adder
a noob
marsh falcon
that game was beginning to get intense
fair adder
@brittle galleon go read the rules
marsh falcon
constant disconnects between users ๐
fair adder
yes was fun
fair adder
you close the ports
marsh falcon
i didnt tho..
fair adder
i know syde i don't think he should do this
marsh falcon
i was busy disconnecting the others
fair adder
is it possible that a misconfiguration of the crontab close ports?
marsh falcon
and someone was constantly disconnecting me so it couldnt have been me
fair adder
and someone was constantly disconnecting me so it couldnt have been me
it's me UwU
i was trying to do this in the crontab
marsh falcon
yea i saw it
i had to move fast and removed the sh script on roots home directory
u shouldve hid it better ๐
fair adder
lel i can't experiment with you
placid fable
I got access to it๐
placid fable
Who's king?
placid fable
port 22 not close for you
No, something else
fair adder
i guess it's side
but i'm sad because i did something so he couldn't log back as root
and so i would be the king
but i can't connect ssh so he won
fair adder
ty
placid fable
Looks like someone was trying to fix server.py script๐ค
/home/skidy/homework/server.py
fair adder
not me
fair adder
Port 22
i forget the password lol
i know i put matieu in but don'tremeber of the rest
or mathieu
well i loose
gg everybody
placid fable
I don't know what to do, should I change password for you? Or is the game over?
fair adder
idk
it's mmy false i forgot my password
x)
don't worry @marsh falcon deserved the win
placid fable
Alright, next time try to check for services running on 9001 and 9002
fair adder
what are them?
placid fable
What exactly is running on these ports.
placid fable
what are them?
Check it next time you get access to the box
fair adder
you don't want to tell me?
fair adder
Check it next time you get access to the box
ok
marsh falcon
Looks like someone was trying to fix `server.py` script๐ค
not me as well i kept getting disconnected
brittle galleon
a noob
One of u closed the ports, I know for sure. I guess u played as a team against me. Its a individual game. Nab
fair adder
I don't close the ports,I don't touch the python server files
fair adder
One of u closed the ports, I know for sure. I guess u played as a team against m...
You think we are cheating?
If it was the case why should I kick him and why did he removed my file for kick all users
marsh falcon
One of u closed the ports, I know for sure. I guess u played as a team against m...
we weren't teaming. we we're going up against each other
the game is finished anyways, no need to get heated up
fair adder
Yes
short tusk
Could you elabroate?
fair adder
well we are on the file but it don't add king time
i'm on this file Users\Administrator\king-server\king.txt
also by the way if somebody know how to auto disconnect all user on windows server 2012 r2 could he send me ressources or teach me how because i don't find anithing on the pinned messages
or any other defense tips for windows machine
fair adder
start in 20m come play and have fun ๐ https://tryhackme.com/games/koth/join/cab7b98ef86ef06f95a840a2
steep agate
he closed all ports
Script kiddie
๐ ๐ ๐
I hate this kind of people, who change the ssh port or close it, IN PUBLIC ROOM
fair adder
Me two
brittle galleon
Script kiddie
It doesn't matter, I had to go anyway
terse fulcrum
Anyone give some hint on production KOH
Priv esc
I got only two flags also not rooted
Can someone help me
nova tide
Anyone give some hint on production KOH
Priv esc
Have you tried checking ||sudo -l||
fair adder
yes but it is asking password again
If you can't use sudo l try find...
prime knoll
ebon lichen
@rancid pewter As per pinned message, letting you know the "king" status isn't being updated for game running on 10.10.197.148 Thanks!
sour vectorBOT
Gave +1 Rep to @rancid pewter
ebon lichen
@rancid pewter ๐
nova tide
<@!388443780757585921> As per pinned message, letting you know the "king" status...
known issue and have been reported to admins. They will look into it.
ebon lichen
known issue and have been reported to admins. They will look into it.
Just to be sure, do you want us to continue to report the issue (when it occurs)?
nova tide
Until further notice i would suggest not to. Will be announced here when its fixed. Thanks for reporting though.
spice steppe
nova tide
@livid lava mind if i drop a dm?
wicked shard
Anyone up for a match?
nova tide
wicked shard
cool
nova tide
Anyone up for a match?
We can play if you want to.
But rn lunch break from work so gonna grab something to eat
wicked shard
oh ok
wicked shard
yeah i know man , I am playing against a oscp certified ๐
nova tide
KoTH lead > OSCP
terse willow
yeah i know man , I am playing against a oscp certified ๐
Remember that OSCP is still entry level ๐
wicked shard
๐
terse willow
Just don't play against an OSCE3
wicked shard
ok
dapper escarp
~~Just don't play against an OSCE3~~
but OSEE is fine 
terse willow
but OSEE is fine <:kekw:701487209538388039>
OSEE isn't useful in a pool of mainly Linux machines with a fast-paced game environment ๐
Actually, tbf, that applies to OSCE3 as well ๐คทโโ๏ธ
dapper escarp
nah just drop a kernel 0day
ebon lichen
@nova tide When I click "Join a public game" on the KotH landing page, it returns Uh-oh! undefined. Any idea what might be causing that?
short tusk
<@!267010557889085440> When I click "Join a public game" on the KotH landing pag...
Are you using bitdefender or any in-browser anti virus?
ebon lichen
Are you using bitdefender or any in-browser anti virus?
Nope, and currently successfully enrolled in two other games. So it worked fine, say 15 mins ago.
nova tide
Nope, and currently successfully enrolled in two other games. So it worked fine,...
You can't join more than 2 public games at once.
ebon lichen
You can't join more than 2 public games at once.
Ah, thanks. That makes sense. Appreciate the feedback.
sour vectorBOT
Gave +1 Rep to @nova tide
ebon lichen
https://tryhackme.com/games/koth/join/e88bb6cb80bf1099511298b8
That link works fine. Guess I should dial it down a bit ๐
nova tide
You can join public games through invite link though.
ebon lichen
You can join public games through invite link though.
Thanks! Clear. ๐
fair adder
why did the hacker machine take so much time to bruteforce
i guess you should use passwords hight on the rockyou wordlist because we only have one hour to root the machine
stiff egret
It uses passwords high on rockyou. AND it is made with one hour thing keeping in mind. The machine is bruteforce-able in a fairly good amount of time. If it is taking you too long, highly likely that you may be doing something wrong.
fair adder
๐ค
maybe
but i guess my command is good
hydra -l gcrawford -P /home/nk0/wordlists/rockyou.txt ftp://IP -t 64
stiff egret
I can only speculate, there is also the factor of other players bruting the machine, resulting in machine being super slow with all those threads.
fair adder
sure
stiff egret
hm, that command looks find iirc.
fair adder
12minuts...
and my opponent is already in
even ssh is long...
[STATUS] 1257.43 tries/min, 8802 tries in 00:07h, 14335725 to do in 190:01h, 64 active
but if it was high, why should i get 8802 tries?
stiff egret
Ping me the machine IP in DM please.
fair adder
i did it
ftp```[STATUS] 964.67 tries/min, 14470 tries in 00:15h, 14330057 to do in 247:35h, 64 active
and ssh```[STATUS] 26.29 tries/min, 184 tries in 00:07h, 14344214 to do in 9095:04h, 4 active
I mean you realise that it is possible that your opponent might have changed the passwords?
fair adder
i don't think he did it
because with the time he should already be root
i think he just bruteforce the ssh credentials
but not the ftp
i think he change the ssh but not the ftp
stiff egret
\
Can confirm the ssh password is not changed. I just ran the bruteforce, and logged in.
stiff egret
Yes.
fair adder
what's wrong with me?
stiff egret
that's what I said to my therapist.
jokes aside, your VPN connection could be dropping
stiff egret
Bruteforcing FTP now
fair adder
i do
it's bruteforcing
Hydra v9.2 (c) 2021 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).
Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2021-10-06 15:57:39
[WARNING] Restorefile (you have 10 seconds to abort... (use option -I to skip waiting)) from a previous session found, to prevent overwriting, ./hydra.restore
[DATA] max 64 tasks per 1 server, overall 64 tasks, 14344398 login tries (l:1/p:14344398), ~224132 tries per task
[DATA] attacking ftp://10.10.94.76:21/
[STATUS] 257.00 tries/min, 257 tries in 00:01h, 14344230 to do in 930:15h, 64 active
[STATUS] 385.67 tries/min, 1157 tries in 00:03h, 14343370 to do in 619:52h, 64 active
i don't have the password
did i use the wrong command?
stiff egret
Interesting, now from what I think, there's a possibility that ftp password is changed, I am running the same command, and it isn't picking it up.
And overall machine is fine, as I was able to bruteforce hydra at double the rate I bruted ftp at.
stiff egret
That's weird, because I can tell you, the current password is as high in the wordlist as <300.
fair adder
ok
fair adder
@stiff egret one player changed the content of the flags
ip: 10.10.44.166
and flag is the flag4.txt in root dir
here are the palyers
and i suspect nerdrobot
because he get the root flag
short tusk
Boop @nova tide, if you're around
fair adder
it's useless to play against this type of palyers
short tusk
I'm not 200% sure how to check who's done what.
I presume it may be the user who has the most flags but until Naughty or Homles come online there's not much I can do.
nova tide
Boop <@!267010557889085440>, if you're around
Just came back from office ๐
fair adder
because he don't deserve to win
nova tide
Let me see
fair adder
ty ๐
prime knoll
nova tide
https://tryhackme.com/games/koth/32641
you need to share invite link for other people to join.
That's a spectators link
gloomy estuary
quiet schooner
``` hydra -l gcrawford -P /home/nk0/wordlists/rockyou.txt ftp://10.10.94.76 -t 6...
Bear in mind that if someone beats you and changes the password, you'll not find it
tribal elk
``` hydra -l gcrawford -P /home/nk0/wordlists/rockyou.txt ftp://10.10.94.76 -t 6...
Is it only me who is seeing that a protocol is missing?.
hydra -l gcrawford -P /home/nk0/wordlists/rockyou.txt 10.10.94.76 -t 64 ftp
fair adder
?
tribal elk
Bear in mind that if someone beats you and changes the password, you'll not find...
oops, sorry wrong room
nova tide
Is it only me who is seeing that a protocol is missing?.
` hydra -l gcrawford -P...
ftp://<ip> works too
tribal elk
ftp://<ip> works too
Thanks for letting me know. I didn't knew that.๐ @nova tide
sour vectorBOT
Gave +1 Rep to @nova tide
dapper plume
are all koth machines have 3 flags ?
nova tide
are all koth machines have 3 flags ?
different machines have different amount of flags.
dapper plume
thanks
nova tide
You can see the total flags by hovering your cursor to the flag icon near flags submission box.
fair adder
anyone wants to join me at some koth?
fair adder
hello
i have an issue while i'm trying to connect on ssh to the machines
i get this error message```Permission denied, please try again.
maybe it's from my config or bad version but it's a bit borring cause i can't play
do you have any idea of were the problem could come from?
nova tide
Are you able to do other rooms?
nova tide
i get this error message```Permission denied, please try again.
```i know the pr...
Uninstall arch easy
fair adder
Are you able to do other rooms?
i don't try rooms, but for koth i tryed to machines, hogward and fortune
fair adder
*Uninstall arch easy* <:kekw:658061932577816606>
@nova tide i guess the problem is for every rooms
not only koth
because i when i try to login in the Introduction To Honeypots machine i get this message
Unable to negotiate with 10.10.113.87 port 22: no matching host key type found. Their offer: ssh-rsa,ssh-dss
but i can connect on ```ssh demo@10.10.113.87 -p 1400
Because there isn't any ssh on 22 or not allowed?
Haven't tried this room though.
fair adder
Because there isn't any ssh on 22 or not allowed?
Haven't tried this room though...
it is
nova tide
but i can connect on ```ssh demo@10.10.113.87 -p 1400
```
Then you might be doing something wrong idk. Can't understand much by just the info you are providing.
fair adder
fair adder
Then you might be doing something wrong idk. Can't understand much by just the i...
well idk what i do wrong it's the problem
nova tide
๐คทโโ๏ธ
fair adder
should i reinstall arch just for this problem?
on the doc i only find for creating a server using openssh
nova tide
fair adder
good idea i will wait for help there
fair adder
do you want to play?
https://tryhackme.com/games/koth/join/cce6484017b97df27a5ed7d8
too late
:/
fair adder
is it allowed to play with two accounts to try defense?
like i defend with my first account and then attack with the secound
when i'm alone in the lobby
terse willow
Only in private games
terse willow
Np ๐
fair adder
3 times it's h1 easy lel
nova tide
But is it easy though?
fair adder
Anyone lead an in-person KoTH event?
weary axle
But is it easy though?
๐ฏ
stiff egret
Anyone lead an in-person KoTH event?
Elaborate?
fair adder
But is it easy though?
Yes, I don't find all the differs way to enter in the machine
fair adder
Elaborate?
Iโd like to put on a KoTH event at work for all our new SOC analysts to get them excited to learn more. But Iโve never lead a KoTH, let alone in person. Looking for tips to make non-red people interested in learning how to do basic PenTesting and then compete
stiff egret
Iโd like to put on a KoTH event at work for all our new SOC analysts to get them...
show them the video of John and this Koth launch
100%
fair adder
Okay! Thanks. I Havnt touched THM since the Christmas event but want to get back into it and thought this would be the best jump start
fair adder
Everytime my brute forces attacks don't work on the hackers machine but work on simple rooms like hydra etc... idk why but it's sad because I can't do this room
fair adder
I'm talking about ftp and the syntax is perfect I verify with writeups and with Mr Holmes or Naughty73
quiet schooner
I'm talking about ftp and the syntax is perfect I verify with writeups and with ...
Then someone is likely getting the password faster than you and immediately changing it
fair adder
Then someone is likely getting the password faster than you and immediately chan...
How,like the password is in the first 200 and I run as soon as the IP display and my config is a 1060
Weird
fair adder
i have a good connection as well
what is wrong with this command?
their already in...
is it too bad to be win?
short tusk
Sample command: hydra -t <threads> -l <username> -P /path/to/password.lst <machine_ip> ftp
fair adder
for me it's a good connection
fair adder
Sample command: `hydra -t <threads> -l <username> -P /path/to/password.lst <mach...
ok i will try next time like that
but mein seems to work too
on other rooms
do you have a recommandation about the number of thread?
short tusk
No more than 16 imo
fair adder
ok
short tusk
You have to remember, it's not about how fast your computer and network is, it's about the machine you're attacking too.
fallow heart
@fair adder did you close some ports?
fallow heart
you did i think ^^ we did a reset
fair adder
like i wrote a script to disconnect users
fallow heart
np
fair adder
wasn't my intention
@fallow heart reset only reboot?
don't will delete my defense?
i think the ports still close
did a staff could turn them back on please? i'm really sorry
i wanted to kill user connections every 5secs not services
fallow heart
no it's back to normal now
fair adder
nice
wind fjord
i wanted to kill user connections every 5secs not services
Not part of the game but I'm like 80% sure that breaks some kind of rule
fair adder
Not part of the game but I'm like 80% sure that breaks some kind of rule
disconnecting users is ok, but not services
we can disconnect ssh connection, it's a part of the game
wind fjord
It's okay to disconnect people every once in a while, but writing a script to do that every 5 seconds is defo pushing it in my opinion
wind fjord
I'm not KOTH staff, so do as you want, just giving you a heads up
fair adder
well let's ask them
fallow heart
well it's not write in the rules
scripts that harden the machine are forbidden.. but i guess that can be interpreted in many ways
wind fjord
From the official blog here: https://blog.tryhackme.com/guide-to-king-of-the-hill/
fair adder
for me it's ok
like i could do it without scripts
just using who every sec
like i did before
but i thoug that automatisation was better
idea
fallow heart
as far as i can see you are alone on the box anyway, im still trying on initial access ๐
fair adder
gl ๐
i don't really defend
(because i forget my password)
oh no reset removed my chattr patch
nova tide
i wanted to kill user connections every 5secs not services
Won't that be a better idea to just patch the way they are getting in from? Defending comes in blue teaming and I don't see how killing every other connection would be counted as blue teaming. Let's say you are in a real world scenario and you have just kicked out every employee from the system rather than patching one simple ssh key.
fair adder
Won't that be a better idea to just patch the way they are getting in from? Defe...
this is for fun when i patch everithing i found
because their is also reverse shell not only ssh
fair adder
i have a question, how did jceggink could edit king.txt file even if he was edited using chattr and the chattr binary replaced by something who do that
# chattr +j king.txt
You are late
bye, Nekro
i would like to know how so i could learn more ๐
(tell me after the game if you see my msg)
ebon lichen
๐
fallow heart
Bring your own chattr ๐
@ebon lichen did you shut down ssh? .. there are only three ports left open
ebon lichen
You can still get in via the 15065
fallow heart
ik
ebon lichen
Then let's privesc and restart SSH ๐
fallow heart
failing at the privesc from bread ๐
ebon lichen
failing at the privesc from bread ๐
check /dev/shm, left you a present.
fallow heart
Hahaha, thx ๐
nova tide
this is for fun when i patch everithing i found
not fun when you are on the other end
fair adder
not fun when you are on the other end
What if the others can do and not me? I already was in the other side and now what it is. And as you can see i didn't win๐ it makes everything exciting and it's competition ๐
Their is always another way๐
stiff egret
like i could do it without scripts
That's what makes the diff you see, you can obviously do it without the script, but when you do that, i.e. run the commands every second, and realise that automation is not allowed, then you'll realise, sooner or later, that there gotta be a different way to keep them out.
That's the ladder of evolution from what I know.
fair adder
That's what makes the diff you see, you can obviously do it without the script, ...
Automation is not allowed?
I didn't knew sorry
Will read the rules again
Scripts that automatically hack(autopwns) and/or harden the machine are forbidden
It's not the same context
Like my script wasn't an autopwn
And I'm not sure that it harden the machine because I could do this my self really easyli
fair adder
But if it's not allowed, no problems I don't will do it again ๐
I just need to know ๐
fair adder
And if it is allowed should I respect a specific delay?
stiff egret
Ok, to be honest, it's really a grey side of things, it depends on the script, how and what it is doing.
stiff egret
That's what makes the diff you see, you can obviously do it without the script, ...
EDIT: Automation to some extent is allowed, killing shells, hardening the machines using automation can be considered grey area, and in the end is a subject to Moderator's understanding.
cc: @nova tide any edits?
ionic wagon
What is koth exactly? How friendly is it for beginners
stiff egret
You get a machine, 10 players also get the same target IP, all of you race to hack that machine and once you've hacked it, you race to defend it against the players who are still trying to get in. There are flags in the machine that you can find and submit to the main page, and there is a king.txt file, whoever adds their name in that file, gets 10 points per minute for the name being in it.
fair adder
Ok, to be honest, it's really a grey side of things, it depends on the script, h...
Disconnect user
Wait. 5 secs
Do it again
nova tide
-> Patch the machine.
-> Disconnect User.
-> See them reconnect again?
-> Find their backdoors and disconnect again.
Won't that be a better approach?
fair adder
-> Patch the machine.
-> Disconnect User.
-> See them reconnect again?
-> Find t...
This is for when I have to patch, like I'm trying to find backdoors, but if they prices and disconnects me I loose
It's not the only defense i use
nova tide
- This is not defense.
- You need set your backdoors/persistence so you can get back in.
fair adder
sure but i choose the users i kick
i guess i have to do private games to fully defend the machines
mortal trail
whose playing rn ? https://tryhackme.com/games/koth/32938
Got the Hard machine this time around ๐
mortal trail
@ebon lichenany hints on the H1:Hard machine?
ebon lichen
<@!863334212470964234>any hints on the H1:Hard machine?
There's an excellent room where you can practice all three Hacker of the Hill boxes, easy, medium and hard: https://tryhackme.com/room/hackerofthehill
mortal trail
Thanks mate
stiff egret
@quiet schooner
fair adder
Anyone want to do some koth?
fair adder
Anyone want to do some koth?
when you want ๐
quiet schooner
hackers never want to get bruteforced ๐ฆ
Try the standalone room
fair adder
Ok i will
quiet schooner
could you send me the link please
Standalone meaning not part of koth. Search "hackers"
fair adder
oh yes thank you
well it don't work
i will try with -64
what is wrong with this command? hydra -t 64 -l gcrawford -P /home/nk0/wordlists/rockyou.txt 10.10.226.34 ftp
well it don't work with -64
short tusk
Yikes, why 64
fair adder
Because it's max and faster. But I used 16 first but did nothing
short tusk
More doesn't always mean faster:)
nova tide
what is wrong with this command? `hydra -t 64 -l gcrawford -P /home/nk0/wordlist...
i checked myself. the services are running perfectly fine. I'm not sure if the rockyou is updated as well with the latest kali release? the following password would be within a few hundred/thousand passwords but on bare metal latest kali machine it won't give you the password.
cc: @quiet schooner @stiff egret
That hash is gcrawford ftp hash btw ^
nova tide
which funny thins do you while are king
lucid salmon
https://tenor.com/view/nyan-cat-rainbow-cat-kitten-kitty-gif-5716621
There's also other troll terminal?
iron cloud
lucid salmon
@wide horizon hi
check the 800 port
for a fair play
@wide horizon
I dont know the user of pythonista
wide horizon
I've been spending my time trying to bypass the upload filter, need to practice more
lucid salmon
I've been spending my time trying to bypass the upload filter, need to practice ...
next time use the 8002, the lesson part
uploading files in koth is slow
and it costs you time
wide horizon
I've never done this box before, so I was just doing it for the challenge lol
lucid salmon
http://10.10.57.84:8000/robots.txt
there are a gift
ebon heron
fair adder
hello, i don't know if it's normal, but i can't connect in ssh to the machine, like i were disconnected and when i try to connect i get this message:
ssh shifu@10.10.241.168
kex_exchange_identification: read: Connection reset by peer
Connection reset by 10.10.241.168 port 22
i just want to know if it's allowed by the rules or if it's just a problem from me
anyway, gg @eversingoob
**game link:**https://tryhackme.com/games/koth/33214
and by the way if it's allowed how to do this ๐
fallow heart
Maybe you broke it while doing chmod 777 on the entire server (for whatever reason..)?
spring hamlet
lmao
lucid salmon
@silk glade zzzzz
fair adder
why did not all the win count for the leaderboard?
like this one: https://tryhackme.com/games/koth/33243
and this one: https://tryhackme.com/games/koth/33242
didn't count
I just realized it
stiff egret
IIRC, The games with actual king changes are the only ones that are counted.
Any game with king time > 0.
cc: @nova tide
nova tide
IIRC, The games with actual king changes are the only ones that are counted.
An...
All games are counted. That page just shows the most recent ones with king changes.
stiff egret
The leaderboard.
nova tide
Any game won with points > 0(default win) is counted for the leaderboard.
fair adder
ok ty
median meadow
@ebon lichen You're a ninja at these koth matches man!
ebon lichen
<@!863334212470964234> You're a ninja at these koth matches man!
Haha, that is very kind. Thanks! As mentioned in DM, take @woeful sundial advice and actually keep track of what you do each time you complete a room or play a KotH game. When you play the box again, keep adding to that readme.md and build on what you learned previously ๐
sour vectorBOT
Gave +1 Rep to @median meadow
median meadow
@ebon lichen Had a lot fun playing with and learning from you! People like you make this community amazing. Until next time my friend โ
ebon lichen
<@!863334212470964234> Had a lot fun playing with and learning from you! People ...
๐ likewise!
lucid salmon
H1 hard is Hard as fork
lucid salmon
https://tryhackme.com/games/koth/join/d24485cb99d17d5cf5a594f1
El chapo :0
fair adder
๐
livid lava
lel i just realized i'm in that game
swift torrent
primal scaffold
it is pronounced k-o-t-a-h not koth
nova tide
terse willow
it is pronounced k-o-t-a-h not koth <:kekw:658061932577816606>
Pardon?
Last I checked it is pronounced K-aw-th
stiff egret
@brazen cloud isn't it k'awh? for you?
heavy abyss
never played koth before, i'm in the lobby but how do i connect
short tusk
!docs KOTH
pearl gladeBOT
TryHackMe
short tusk
!docs koth
pearl gladeBOT
TryHackMe
heavy abyss
thx
fair adder
koth game soon! getting my machine ready
installing the metapackages on my windows subsystem for linux kali
quiet schooner
Last I checked it is pronounced K-aw-th
It's pronounced "cough"
weary axle
kowth
ebon lichen
Good evening, just realised I posted my query in the wrong room. I am currently playing the Panda box on 10.10.119.120, it appears that none of the system binaries can be found, with the exception of the shell-builtin command. PATH variable appears fine, and printf '%s\n' * in / shows that e.g. /bin still exists. Any ideas?
Makes navigating the box bit of a challenge, not impossible, but being limited to the shell-builtin commands makes collecting flags a bit of a pain.
cd /bin returns bash: cd: bin: No such file or directory, so I am starting to believe someone's changes permissions on /bin and possibly removed /usr/bin.
nova tide
seems like some might have removed the binaries/folder itself.
unable to get a rev shell as there aren't any binaries in the system
mind telling me shifu password?
@ebon lichen
ebon lichen
Don't know it, it has been changed, I am root now, but passwd no longer works, as the binary cannot be found.
nova tide
you can use echo * instead of ls. see if there's anything left in /?
ebon lichen
Yeah. printf '%s\n' * in / shows: [root@panda /]# printf '%s\n' * bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
nova tide
cd bin ?
ebon lichen
So the folder is there, but you cannot cd into it.
bash: cd: /bin: No such file or directory```Do you know of a way to list folder permissions with just builtin shell commands?
ebon lichen
Alas, nope.
bash: python: command not found
[root@panda /]# python3
bash: python3: command not found```/bin/python or /usr/bin/python ?
seems like binaries gone. i couldn't confirm it though.
ebon lichen
At least, I am still king ๐ [root@panda /]# printf "%s" "$(</root/king.txt)" jceggink
ebon lichen
well the game is over. GG ๐
Thanks for the suggestions. I have seen this happen a couple of times before. No have way to circumnavigate it using builtin shell commands, but I guess it is not quite in line with rule 8. Anyway, thanks!
sour vectorBOT
Gave +1 Rep to @nova tide
nova tide
Thanks for the suggestions. I have seen this happen a couple of times before. No...
if you see something like that again you can mail at koth@tryhackme.com with the proof(some screenshots) and suspected players. Would be better if have their names/ip.
ebon lichen
if you see something like that again you can mail at ``koth@tryhackme.com`` with...
Ok. No biggie, though, found a way around the issue and learned something new about shell builtin commands - silver lining etc ๐
graceful oriole
Hiii, anyone for any koth this afternoon?
I'm real begginer level but i wanna try
tardy pulsar
steep agate
you're lucky that I don't have my notebook, I'm on a 2gb ram, pentium dual core computer and I'm not even at home hahahahaha but next time, when I win my notebook this month or the next, you'll have an opponent at your height hahahaha
@ebon lichen
ebon lichen
you're lucky that I don't have my notebook, I'm on a 2gb ram, pentium dual core ...
Looking forward to it! Appreciate the competition ๐
steep agate
hahaha I'm looking forward to this too!
nova tide
anyone for kot?
seems like there are people playing and also in vc
#koth-voice-chat message
graceful oriole
Tnks
cerulean summit
hello
stiff egret
hello
fair adder
anybody know the solution to this on production koth?
retry without the $IP like ashu@10.10.199.98
thanks it worked
nova tide
getting better at koth
Congrats ๐ฅณ
But just don't share flags in public ๐
nova tide
Have fun 
fair adder
ty
dim scroll
I've start a King of the hill
Come and challenge me: https://tryhackme.com/games/koth/join/7aa9f6cefa1f96431ea32948
nova tide
nova tide
gg @dim scroll @ebon lichen
@ebon lichen let me know if you plan to play another one ๐
ebon lichen
<@!863334212470964234> let me know if you plan to play another one ๐
Congrats! Enjoyed that one, was forced to explore new avenues, which is great and brings the challenge back. Much appreciated!
red marsh
Currently in a game and 'Tyler' seems to be down - anyone else having this problem?
fair adder
Yoyo