Or pywhat from bee?π€
#koth
placid fable
bright geyser
pywhat
placid fable
Sorry, I had Wiener's attack in mind from some other userπ π€¦ββοΈ
placid fable
pywhat
This should be the one
https://github.com/Ciphey/Ciphey
formal sable
@bright geyser @placid fable excellent, thank you very much, I'll try that later.
sour vectorBOT
Gave +1 Rep to @bright geyser
sour vectorBOT
Gave +1 Rep to @placid fable
stiff egret
dumb bot
molten mason
the only true way to defend spacejam
gilded bough
anyone up for playing a priv battle?
steep agate
Creating
steep agate
cay y provide the source
I'm creating a technique article, I'll share it soon :)
steep agate
cay y provide the source
my github, I posted it
nimble lily
my github, I posted it
link
nimble lily
my github, I posted it
thanks i find it
sour vectorBOT
Gave +1 Rep to @steep agate
steep agate
thanks i find it
π
nova tide
seems good other than alias and script to keep killing shell(should suggest patching machine instead of auto kill sessions).
steep agate
Yes, I'm still going to put more defense techniques in this repository, lately it's been pretty busy here because of school
nova tide
would be better if you can remove those? Your choice though π€·ββοΈ
molten mason
using dark magic, I think I've extracted the wordlists from hackers. interestingly, it uses a separate wordlist for each user
placid fable
using dark magic, I think I've extracted the wordlists from hackers. interesting...
Is that the one from which a password is selected from 3000-5000?
For the users rcampbell, gcrawford, plague?
molten mason
Is that the one from which a password is selected from 3000-5000?
For the users ...
Yep, although the wordlists vary pretty greatly in length. plague's wordlist has just under 1k entries, while gcrawford's is around 4.5k, and none of them have overlapping entries
molten mason
I did a writeup on the Hackers wordlists (or at least what I think are the exact lists) 
https://jcoscia.com/post/thm-hacking-the-gibson/
quiet schooner
using dark magic, I think I've extracted the wordlists from hackers. interesting...
Concerning
I'd honestly ask you not to share the wordlists themselves as that strikes me as a massively unfair advantage @molten mason
molten mason
I'd honestly ask you not to share the wordlists themselves as that strikes me as...
Understandable, I can remove those. None of this has been used in an actual game as I just did this tonight, so I can toss out my copy too
quiet schooner
The process is pretty cool though, good job there
molten mason
The process is pretty cool though, good job there
Thanks! The forbidden knowledge has been destroyed. 
sour vectorBOT
Gave +1 Rep to @quiet schooner
stiff egret
That is some really nice blog. @molten mason Loved the last quote.
quiet schooner
I did a writeup on the Hackers wordlists (or at least what I think are the exact...
Now that you've done that though, if you'd like to discuss anything about it with me then please DM
fair adder
Hey is there any recording of a KOTH game to see how it's played or what is done?
steep agate
Hey is there any recording of a KOTH game to see how it's played or what is done...
on my channel there is a video, rooting the carnage
fair adder
on my channel there is a video, rooting the carnage
Thanks MatheuZ!
sour vectorBOT
Gave +1 Rep to @steep agate
steep agate
Thanks MatheuZ!
xD
fresh wyvern
Anyone know the reason behind this error when using ssh in the spacejam koth
Load key "id_rsa": error in libcrypto
nova tide
Hey is there any recording of a KOTH game to see how it's played or what is done...
You can also check the pinned messages, there are some on John Hammond and optional's channel.
bright geyser
Hey is there any recording of a KOTH game to see how it's played or what is done...
if you go to learn page and search KOTH there are 2 machines you can play with, alone, before trying the actual KOTH game
bright geyser
@fair adder quite a nice game, I enjoyed it π
placid imp
theres a player named SamHattter he's removed all flags and copied them somewhere
later on in the game he got 8 flags after the flags got deleted
nova tide
later on in the game he got 8 flags after the flags got deleted
you can email at koth@tryhackme.com with proper screenshots, game id and suspected player name.
placid imp
π
fleet gale
nova tide
@nimble lily deleted your message as it was showing flag in the screenshot.
nimble lily
i dont notice i just was fixing the code
vapid dragon
theres a player named SamHattter he's removed all flags and copied them somewher...
yea i've seen him too he just stops all ways to gain access not fixing them
hybrid talon
hey, anyone up for KOTH?
harsh obsidian
nimble lily
gg
worthy isle
KOTH in 15 mins hop in!! https://tryhackme.com/games/koth/join/b263a980ff5377afcecc528e
muted wasp
yo
normal hawk
he got banned?
worthy isle
KOTH in 20 minutes who tryna join? https://tryhackme.com/games/koth/join/a6cfe966c81ea918ad875b16
brittle flicker
Who is this Koth fella? Eh?
fair adder
Who is this Koth fella? Eh?
King Of The Hill.
brittle flicker
Oh I know :3 I keep asking that
I got muted on the channel for asking so many times :3
Just wanted to pop in tho
fair adder
The bot muted you? π
brittle flicker
Nah, i think it was someone running this
It was a while back tho π
I havenβt used tryhackme in almost a year
bright geyser
20 minutes to figure out that I was using double quotes to write my name and windows echo write those quotes too... I feel so dumb π
nimble lily
worthy isle
Someone broke the box π¬π€¦π»ββοΈ
Heβs gonna win by 5 points fml hahahah
merry crypt
this is my second koth game ever
@worthy isle i lost to you today, we were playing the lion box
but it was fun, i got 3rd place
shrewd spire
in koth are you allowed to delete chattr? seems to be what the king has done
ah nvm
was just moved somewhere different
shrewd spire
how do you get it back? or is there a cute alternative to remove immutable from king.txt?
quiet schooner
how do you get it back? or is there a cute alternative to remove immutable from ...
Bring your own chattr, or yeah there are other ways of removing it
shrewd spire
next time i come prepared
#include <stdio.h>
#include <stdlib.h>
#include <sys/stat.h>
#include <sys/ioctl.h>
#include <linux/fs.h>
int main(int argc, char **argv)
{
FILE *fp;
if ((fp = fopen(argv[1], "r")) == NULL) {
perror("fopen(3) error");
exit(EXIT_FAILURE);
}
int val = atoi(argv[2]); // 16 adds the immutable flag, 0 removes it
if (ioctl(fileno(fp), FS_IOC_SETFLAGS, &val) < 0)
perror("ioctl(2) error");
fclose(fp);
printf("done");
return 0;
}
prisma roost
Long time, hop in, it starts in 20 mins. Public game.
Hope you don't get hogwart again, I remember what happened last time π
nova tide
https://tryhackme.com/games/koth/join/da261da281660a8209fb5887
can i join?
stiff egret
our tools and tricks are in sync, we tie each other bruh @nova tide
stiff egret
Hope you don't get hogwart again, I remember what happened last time π
I do know the root password 
nova tide
our tools and tricks are in sync, we tie each other bruh <@!267010557889085440>
Not like imma leave this marriage ceremony food just to play a KoTH match with you π
stiff egret
I would
nova tide
Noob
stiff egret
et tu brute
stiff egret
which one is yours @prisma roost
nova tide
He's not in
prisma roost
which one is yours <@!717250576747986955>
I've got an exam tomorrow sadly 
stiff egret
ah, best of luck for that exam 
nova tide
I've got an exam tomorrow sadly <:sadcooctus:738001364566933584>
Who studies for an exam?
You gotta try beating holmes in koth
prisma roost
Who studies for an exam?
nova tide
You gotta try beating holmes in koth
Satisfaction > *
prisma roost
You gotta try beating holmes in koth
I mean, looked pretty easy in the previous game
stiff egret
Satisfaction > *
weird kinks but ok.
nova tide
I mean, looked pretty easy in the previous game <:KEKW:781639376060416111>
I DOUBT
stiff egret
I mean, looked pretty easy in the previous game <:KEKW:781639376060416111>
I am just gonna say, 'Hogwarts'
prisma roost
I am just gonna say, 'Hogwarts'
I am just gonna say, 'your machine'
nimble lily
carnage
nimble lily
keyboard mistake 
prisma roost
Not like imma leave this marriage ceremony food just to play a KoTH match with y...
what a classic pakistani thing to say, 
I wouldn't leave the food either
stiff egret
@fair adder π
nimble lily
its not allowed to stop ssh 
stiff egret
I don't know if anyone is stopping ssh?
whoever it was, hehe
I don't have a pts, @fair adder
fair adder
I don't know if anyone is stopping ssh?
i just change the port
naive smelt
Anyone down for a game? It's my first time playing. Game starts in 6 minutes
https://www.tryhackme.com/games/koth/41741#
placid fable
Anyone down for a game? It's my first time playing. Game starts in 6 minutes
htt...
This is not an invite link, it is for spectators
You need to share the invite link in order to invite others
naive smelt
This is not an **invite link**, it is for **spectators**
You need to share the *...
Ah, thanks. I played two games last night. I was able to win as king in my second game!
sour vectorBOT
Gave +1 Rep to @placid fable
upbeat bone
Anyone want to play a game?
upbeat bone
I'm working now....
upbeat bone
you still wanna play?
shrewd spire
is it legal to kill other players terminal sessions from root?
cause thats really annoying π
terse willow
is it legal to kill other players terminal sessions from root?
Is it something you could reasonably expect a defender to do irl?
shrewd spire
wouldnt that be rude to the attackers, after they put in so much effort?
everyone has to make a living ;D
terse willow
Nah, killing shells is perfectly legitimate
upbeat bone
I'm lookin for a game in the next couple hours if anyone wants to ply
upbeat bone
Likewise
that was a blast
Yes please
Hahaha it was a surprise for sure. I'll have to add that to my playbook thanks for sharing!
Never heard of it. I got some research to do I guess lol
upbeat bone
I noticed some weird things too. Couldn't watch cat <king>
Permissions denied
But idk if I had a full shell.
I'm sort of new
bright geyser
while if the player got a reverse shell via python or something else you can use:
ps -ax | grep + a regex for finding an IP address that starts with 10. π
(P.S: please don't use it just to annoy the other players)
upbeat bone
That would kill your own shell tho too...perminant lockout right?
Oh I guess it's just run once. But wouldn't the regex match your ip as well?
Lol nvm. Still manually passing the pid to kill so it's safe
shrewd spire
'patching' by wiping all the web directories seems like it should be forbidden
fair adder
@shrewd spire i Did't do that
shrewd spire
it felt like you did... on the second reset none of the web directories were available any more, even on the random ports?
fair adder
@shrewd spire No I did't Touch the Web stuff
shrewd spire
hmmmm
sour vectorBOT
Gave +1 Rep to @stiff egret
quiet schooner
'patching' by wiping all the web directories seems like it should be forbidden
Yeah IMO that's not a valid patch in terms of the rules
bright geyser
in the Hogwarts machine the king file was missing (I managed to become king anyway) was it supposed to be like this (I mean the player have to do "some magic" itself) or was just that time that was missing?
nova tide
in the Hogwarts machine the king file was missing (I managed to become king anyw...
it is missing intentionally. @stiff egret totally didn't forget to add that
upbeat bone
It was 2AM my time when you asked. I'm down for another game sometime though!
upbeat bone
in the Hogwarts machine the king file was missing (I managed to become king anyw...
Way to go, I did that box for the first time yesterday...only got one flag and no shells.
stiff egret
it is missing intentionally. <@!580609268261191680> *totally didn't forget to ad...
π€£
I have no clue how I missed that, but it is what it is, and in cyber sec, it's never a vuln its always a feature.
bright geyser
I have no clue how I missed that, but it is what it is, and in cyber sec, it's n...
It's a pretty one tho... Because you have to watch for little details to get in while other machines (easy ones) you just run some tools like (nmap, hydra, msf) and the job is done
Great job @stiff egret
bright geyser
Way to go, I did that box for the first time yesterday...only got one flag and n...
If it's the same flag I found first then you were in the right place. Next time just watch better π
upbeat bone
Mine involved spoiler: ||SQLi on the spell/login page||
fair adder
When can i start playing koth
prisma roost
When can i start playing koth
Whenever you want :)
prisma roost
You can change that in your profile to intermediate
Read the first pin in this channel
fair adder
You can change that in your profile to intermediate
i am lost in here what should i
do
how does it even work
prisma roost
Find flags
nimble lily
take ip
scan it
find ports open
find vulnerable service or application at the ip
get in the machine
get flags
than become root
and put your name at /root/king.txt
defend your title
nova tide
how does it even work
!docs koth
pearl gladeBOT
TryHackMe
nova tide
You can also watch some videos people have created
fair adder
That's what I need to do before I dive in.
shrewd spire
im enjoying koth almost more for finding all the little ways to get a foothold and root than the actual comp haha
i get root one way then try to reverse engineer all the sites and services to see what other tricks the authors came up with
upbeat bone
Not at 2:30 AM lol
naive cradle
looking for people to play my first game of koth with
steep agate
π
shrewd spire
hey in the offline machine, setting king.txt doesnt seem to work
nova tide
hey in the offline machine, setting king.txt doesnt seem to work
what are you trying to do?
shrewd spire
i set king.txt to my username and its not updating the scorebored
figure it might be because i used backup privilege to get writes to admin
upbeat bone
It's bc you patched SMB π
upbeat bone
oh...in that case I have nearly 2 mins to catch up lol
shrewd spire
go go go! (king might be broken though)
upbeat bone
nah, I can't get it. I joined late but still can't get a foothold
if you cat does it show your username?
shrewd spire
type, and yep
shrewd spire
i dont think the win really counts unless someone gets king
upbeat bone
what do you mean by 'counts'? is there a KOTH rank or something?
shrewd spire
doesnt show up in the list of recent games as far as i can see
and there is a koth rank under leaderboards
pearl crane
shrewd spire
lolol
still cant figure out how to make king stick in offline
administrator/king-server/king.txt seems to be the place, but no jazz
pearl crane
yea its in there
shrewd spire
but it doesnt work there either
shrewd spire
i reckon the issue might be windows echo adds a newline
ran out of time to test it π
prisma roost
@shrewd spire are you still trying to get in?
I've killed your terminal sessions but you've already won so no matter
inner nexus
I've killed your terminal sessions but you've already won so no matter
you probably killed one of my shells then, i saw one get term'd lol
shrewd spire
<@!771511981269188618> are you still trying to get in?
what did you do to king lol π i couldnt put it back
something tricksy with lxc?
prisma roost
what did you do to king lol π i couldnt put it back
Nah, simply uploaded my own chattr binary
Made an infinite while loop which changed the file to mutable, wrote my username and made it immutable again,
Started this loop in the background as a process
shrewd spire
Made an infinite while loop which changed the file to mutable, wrote my username...
haha thats clever. i was thinking of doing a binary to do the same, but this is nice and elegant
prisma roost
you probably killed one of my shells then, i saw one get term'd lol
Yehz probably
shrewd spire
i was seriously startting to look askance at echo
prisma roost
Nah, just a simple bash scripting trick 
prisma roost
yeh, I patched the crontab privesc and changed it so it ran as the serv3 user rather than root
prisma roost
yeh, there are at least 2 or 3 different ways for foothold and privesc on every machine
placid fable
Gotta catch patch 'em all π
prisma roost
I joined the game 30 mins late, aquinas was already king for that time
so, after putting my name in king.txt, I just gave up
placid fable
IDT you got it 
prisma roost
prisma roost
IDT you got it <:fawaz:905820218935365664>
Yeh, I understand you have to patch everything but I wasn't going to win anyways, so gave up 
placid fable
*Gotta ~~catch~~ __patch__ 'em all* π
Uh ho, that's Pokemon sloganπ
NVM, both of you played well
shrewd spire
i usually dont bother patching things unless threatened
like... some sort of forest animal
placid fable
I ain't forest animal 
prisma roost
yeh, most games you play are with beginners, patching is only needed when someone has oscp in their profile π
stiff egret
I shouldn't say this, but count me in
less goooo @fair adder
you know we can start a public match and it will start sooner?
2 mins
gogogo
placid fable
That's for private matchesπ
prisma roost
infloop, you coming? π
prisma roost
oh, ffs, it's started already
stiff egret
Really hope this isn't windows or Hogwarts
placid fable
infloop, you coming? π
Yes
stiff egret
lets go
inner nexus
yeh, I patched the crontab privesc and changed it so it ran as the serv3 user ra...
I shoulda looked thereπ€¦πΏββοΈ next time :D
stiff egret
Uh, not me
stiff egret
whoever it is, they've passed the humour check
to whoever is using pspy There are ways to kinda ruin pspy yk..
prisma roost
okay, to whoever is killing pty sessions, you're not killing the connection, I just respawn a pty
stiff egret
*to whoever is using pspy There are ways to kinda ruin pspy yk..*
it logs everything, as the lawyers say, bury them in paperwork.
stiff egret
okay, to whoever is killing pty sessions, you're not killing the connection, I j...
lol
machine died or something? @prisma roost you able to ping?
prisma roost
nah, looks good but it is slow
stiff egret
yeah, that's why I said, someone is running pspy
slows the whole machine super down
famous last words
prisma roost
kill him or his connection π
stiff egret
be a dear and Ctrl + C yourself
stiff egret
I have a feeling they have a nc session
prisma roost
AHHHH @placid fable
prisma roost
NYANCAT
prisma roost
this is beyonf annoying
stiff egret
slow the machine so much that even king service is not able to read the flag lol
okay imma just throw this trick out
placid fable
slow the machine so much that even king service is not able to read the flag lol...
I have been trying to write my username into it π₯²
stiff egret
since the game is over already
if you throw enough information at pspy, the service clogs and you can do your work hidden
prisma roost
You know, I've been sporty but I could end this with pwnkit
stiff egret
You know, I've been sporty but ~~I could end this with pwnkit~~
lmao
what's on the machine writing my name will be unaffected by pwnkit - but you'll get shells tho
also /etc/bash.d is suid
stiff egret
I have been trying to write my `username` into it π₯²
you kicked us all out and are now harassing the king file alone
placid fable
WTF, I just kicked someone once and my own other pwncat shell
stiff egret
lol
placid fable
π
stiff egret
gotta say this was highlight of my day so far
prisma roost
gotta say this was highlight of my day so far <:KEKW:781639376060416111>
torturing us? 
placid fable
I did get root within 3-5 minutes
Put to no correct use
prisma roost
I did get `root` within 3-5 minutes <:fawaz:905820218935365664>
Put to no *corr...
I had to look for a cve on librenms, NEED proper notes
A'ight Imma give up
prisma roost
me neither anymore
placid fable
Did you too get to see those, Holmes?
prisma roost
no pty no nyancat
the mount trick?
stiff egret
I didn't go that far today, just normal unstable nc
why stablise it if unstable can get you nopty session
placid fable
it's infloop torturing you
I ain't, for some time; I was writing some C code to overwrite that king.txt file
prisma roost
I just rm -f king.txt && echo Zeeshan1234 > king.txt
placid fable
I will figure it out, patch the kernel to disallow writing to /root/king.txt π
stiff egret
placid fable
GGs Holmes
stiff egret
GG mate, it was fun
prisma roost
GG fun indeed
placid fable
why stablise it if unstable can get you nopty session
pgrep -a sh should list it all, I remember checking it at start when you already had holmes on the KoTH scoreboard π
prisma roost
I once did `pgrep sh | xargs kill -9 ` long back
killed yoursef
stiff egret
yee
prisma roost
nova tide
where you guys at?
in bed
upbeat bone
Starting in 11 mins
https://tryhackme.com/games/koth/join/e7fdb7db0d7883140dc6e38b
shrewd spire
so who was doing all the messing about yesterday, nyan cat and random etc? be keen to learn some tricks
also no idea how the king file was being reverted so quickly π id do make mutable && echo my name && make immutable && cat and find mr.holmes laughing at me from the terminal
pearl crane
are you allowed to change passwords in koths?
nova tide
are you allowed to change passwords in koths?
yes.
stiff egret
also no idea how the king file was being reverted so quickly π id do make mutab...
lmao
stiff egret
so who was doing all the messing about yesterday, nyan cat and random etc? be ke...
will be fun, HMU when you play, if I am also around, then we can drop in VC
crimson zephyr
someone doing koth ? I want to spectacle π
upbeat bone
@crimson zephyr I usually do one over lunch. Started an hour ago. Same time tomorrow probably
crimson zephyr
@upbeat bone @fair adder thanks bros for the answer, maybe a next time β€οΈ
sour vectorBOT
Gave +1 Rep to @upbeat bone
upbeat bone
Is the message about cheese strats baked into the VMs or is that something being deployed by users?
upbeat bone
Starting in about 20 mins
https://tryhackme.com/games/koth/join/fd75a20288f283675cfdfe62
upbeat bone
@shrewd spire I don't think you'll need it, but good luck anyways!
shrewd spire
to you too!
upbeat bone
I'm gonna need it for this one
shrewd spire
phew, now im king i can give you a hint π
upbeat bone
hahahahaa
shrewd spire
this koth machine was originally the hacker of the hill hard box
upbeat bone
well I just started like a week or 2 ago π
shrewd spire
i dont think its cheating to look up a writeup of that. i have a writeup from when it was a regular room for me
upbeat bone
Currently trying SSRF...but that doesn't seem like the answer.
shrewd spire
its a real hard box, imo
some things are different than from ^, but its mostly the same
upbeat bone
Cool. I'll do my best to 'try harder' but might pull a few clues from there.
I appreciate it!
shrewd spire
oh def. to get king you need to understand: command injection, php filter lfi, api brute forcing, xxe, access log poisoning, restricted shell escapes, credential reuse, static binaries, and docker escapes
you have 18 minutes. good luck π
upbeat bone
rofl.
placid fable
oh def. to get king you need to understand: command injection, php filter lfi, a...
Was that H1: Hard?
Hackerman adminπ
prisma roost
verbal remnant
hi everyone! I was wondering, how do i actually connect to KOTH?
I connected with openvpn from my kali machine, THM showed i was connected
but in the KOTH loading room, it doesnt show an ip that i use for hacking
Can i have help?
upbeat bone
you are a spectator I believe.
verbal remnant
then how do i play?
upbeat bone
You will need to join a game
verbal remnant
i did
i cliked join game
it shows me the time until start
i see whos in my lobby
then when it starts it shows machine name... no ip
upbeat bone
does it show you in your lobby?
upbeat bone
try refresh the browser once timer starts.
verbal remnant
ok
upbeat bone
if anyone is playing 42322 sorry about breaking the box twice
but also there's 10 mins left. If we reset I wont break it again (at least not the same way lol)
@verbal remnant did you get it working?
oblique lark
Hey everyone, I need some help regarding the Linux Privesc room in the cronjobs task
I modified the backup.sh using the script provided and using my machine ip and port and already had a listener setup but nothing is connecting back
I checked that the cronjob is there with the right path, and the file that I modified is in the right path as well
For reference I'm using the attackbox
that's the command
Ofcourse using my own machine ip and port for the attackbox and listening port respectively
oblique lark
Ofcourse using my own machine ip and port for the attackbox and listening port r...
@fair adder
You got it
upbeat bone
inner nexus
Does anyone want to do a private ctf on H1:Easy? I want to practice my blue teaming
jaunty gyro
Does anyone want to do a private ctf on H1:Easy? I want to practice my blue team...
Sure
jaunty gyro
You still up? I just woke up
I am now
nova tide
You don't really need anything specific. Just do it as you do a normal box. You might will be using some reverse shells and other common tools, don't forget to keep notes as you go through koth machines that could come in handy in future.
Also give this a read as well as the blog post linked within:
https://help.tryhackme.com/king-of-the-hill
prisma lion
Are there times when KOTHs tend to be more active? Weekends?
(as in, greater likelihood of participation by other members)
nova tide
Are there times when KOTHs tend to be more active? Weekends?
There are people who actively play in vc. You can join them i guess
prisma lion
There are people who actively play in vc. You can join them i guess
what's vc?
nova tide
voice channel/voice call
jaunty gyro
can i dm you the code?
Sure thing
inner nexus
ight
nova tide
@prisma lion you can also share invite link here so if anyone wants to play they can join you.
prisma lion
awesome, thanks!
sour vectorBOT
Gave +1 Rep to @nova tide
inner nexus
just sent it
upbeat bone
https://tryhackme.com/games/koth/join/476d630fcb5c32df7d117bd6
starts in about 20 mins π
steep agate
https://github.com/nostalgiaufc1/KOTH-TryHackMe-Tips-Tricks
Thx,when i am logged into my github account i give star B)
terse willow
You're asking the "original author" credited in your repo to credit you..? For generic, commonly known commands no less... π€
steep agate
steep agate
You're asking the "original author" credited in your repo to credit you..? For g...
for those who are starting to play koth it can be of a lot of use π
terse willow
for those who are starting to play koth it can be of a lot of use π
No doubt -- I was asking about the crediting 
steep agate
oh i got it
copper kindle
Does anyone have tips on shell persistence?
I figured it's easy enough to setup a bind shell and just hide the process but I'm wondering what fun strategies that everyone else has
tardy pulsar
Does anyone have tips on shell persistence?
always attempt to use SSH, once you are able to login using SSH use the -S (could be -s, can't recall) to hide the shell from the w or who commands.
upbeat bone
starting in 20ish mins https://tryhackme.com/games/koth/join/055c4e7875c2299a8ea96d73
rugged leaf
KOTH machines need to be updated
nobody is realing learning from them anymore, y'all just save creds and hack faster
prisma roost
I think, it was mentioned that they were going to start using dynamic flags but it's been ages so don't think that's gonna happen, as for the creds, it's more a game of patching/defending your title imo
bright geyser
I think, it was mentioned that they were going to start using dynamic flags but ...
ofc but if someone have the credentials saved somewhere they can have early access and do whatever they want until someone else gets in... At least password should be random and medium difficult to brute force it
prisma roost
ofc but if someone have the credentials saved somewhere they can have early acce...
Yeh, for most "pro people" games I've played, it's assumed that your opponents have gotten root on the machine within 3 -5 minutes and you're severely crippled if you don't have notes/passwords saved
bright geyser
Yeh, for most "pro people" games I've played, it's assumed that your opponents h...
Yeah, but I've learned the lesson... I have the scans like nmap/dirbuster inside a folder, no creds / flags tho. If I see someone in before 10minutes I watch inside that folder π π
nova tide
I think, it was mentioned that they were going to start using dynamic flags but ...
dynamic flags would most likely be for future events not for koth atm.
nova tide
ofc but if someone have the credentials saved somewhere they can have early acce...
a few machines have random passwords, old ones might be removed/updated in the future just need to get some free time for that.
prisma roost
dynamic flags would most likely be for future events not for koth atm.
Β―_(γ)_/Β―
terse willow
Dynamic flags are something I can add, but they aren't integrated with THM
Convince Skidy to commission a KoTH box from me and I'll build you a new one π
nova tide
Convince Skidy to commission a KoTH box from me and I'll build you a new one π
i mean he won't say no if you present an idea π
terse willow
Not really how it works these days
steep agate
π
grand hornet
I am unable to use find command says permission denied in koth
placid fable
Someone messed up with it then, ls -al /usr/bin/find might not be showing the executable bit set
grand hornet
does that comes in fair play, I am playing for the first time
placid fable
does that comes in fair play, I am playing for the first time
No that doesn't come under fair play. One of the KoTH rules mentions to keep the system in initial (working) state
grand hornet
so can we report about this or not?
placid fable
You can report them to koth@tryhackme.com with the game ID, user you suspect and the reasons
grand hornet
ok
steep agate
Someone messed up with it then, `ls -al /usr/bin/find` might not be showing the ...
in some users of some machines it is normal for find to give permission denied LOL
placid fable
Isn't it a basic utility, which should be usable out of the box? And the creator of the box might not have changed that behaviourπ€
placid fable
in some users of some machines it is normal for find to give permission denied L...
WDYM, in some machines it gives Permission denied when using find command?
steep agate
WDYM, in some machines it gives `Permission denied` when using `find` command?
yeah
for example when you get reverse shell on carnage machine, you enter as user duku, you are not allowed to execute find
( this print is from a friend of mine when he was playing koth against a person from another country, and he told me this)
steep agate
WDYM, in some machines it gives `Permission denied` when using `find` command?
but that's right, removing the binaries has to report
taking some binary out of SUID also results in report ?
placid fable
Removing SUID bit?
It should be allowed π
steep agate
I understand, removing the binary with rm or chmod 700 is prohibited, I believe only removing the binary that is allowed SUID is enabled
placid fable
Nah, one of the rules says - Removing a binary or removing the executable bit isn't allowed
SUID could be removed, it isn't executable bit
IIRC, some boxes have ||find|| as a SUID binary, so one should simply remove the SUID bit only and not the whole binary out of the wayπ
steep agate
so, that's what I said, take it out of SUID, I'm using the translator, it's kind of hard to communicate around here
placid fable
Ok, I get it
steep agate
i from brazil
placid fable
Espanol then?
steep agate
no, here we speak in brazilian portuguese, there are two types of portuguese, portuguese portugal and portuguese brazilian
bright geyser
I am unable to use find command says permission denied in koth
If you aren't root you can't see everything... You can use at the end 2> /dev/null to redirect error messages to null
If you can't use find command then someone changed permission of binary
grand hornet
Yes i did that
bright geyser
unfortunately there are some "pros" who do some copy paste to make you angry π π
grand hornet
So how could I be able to find flags or files with suid permissions
bright geyser
just set up a python server and get the binary from your PC
Put it somewhere else and change the name
So the "enemy" can't find it
nimble brook
i'm just on the carnage box with KOTH, and the walkthroughs online seem to match the box, however, my machine doesn't give me any response for ports 80-82 alike what is seen on the tutorials, am I missing something?
bright geyser
try to reset it, if nmap doesn't find any services
P.S the KOTH machines was made to practice, walkthrough won't help you improve
nimble brook
i only went to walkthrough after it was finished
but noticed that I couldn't navigate to the sites that the walkthrough could
i am able to nmap and find the open ports
but the html sites do not show the correct things
same now for shrek box
i'm not trying to cheat by using walkthroughs, but didn't think that I was seeing the intended behaviour
oops, just realized my own VPN was on....
white nymph
@mighty spoke
found you
steep agate
I'm going to do a koth event on my server next month π
hot owl
hi there, how do you guys unlock a permission denied king.txt file ( I got the root access), I tried with chattr -i /root/king.txt but it didn't work, any suggestions ? thank you
prisma roost
hi there, how do you guys unlock a permission denied king.txt file ( I got the r...
the file may need to be changed to writeable chmod 600 king.txt but honestly, I find it's easier to just remove and recreate the file
rm -f king.txt && echo username >king.txt
nova tide
the file may need to be changed to writeable `chmod 600 king.txt` but honestly, ...
you can't remove the file if it have a i flag using chattr.
prisma roost
you can't remove the file if it have a ``i`` flag using chattr.
yes, after removing it ofcourse
while true;do chattr -i king.txt;rm -f king.txt && echo username >king.txt;chattr +i king.txt;done&
naive goblet
you can do near nothing with the file if the imutable tag is set using chattr
nova tide
yes, after removing it ofcourse
```bash
while true;do chattr -i king.txt;rm -f ...
you don't need to remove the file if you have already removed the flag.
prisma roost
the file permissions may have been set differently
if chmod 400 king.txt has been run, it doesn't change even after removing the immutable bit
lean comet
Question about Hogwarts KOTH machine. I don't wanna ruin it for others who have not completed it yet, view this at your own discretion. || I cannot find a king.txt file on this machine. I have gained root access but the king file is not in /root? Can I get some help with this, I am confused? ||
stiff egret
Sorry for that mate @lean comet
I can confirm that I forgot intentionally didn't add the king.txt file in root directory. You need to create it in /root/king.txt and add your name there.
lean comet
Ah thank you very much for the clarification.
raw grove
naive goblet
that definitely breaks the rules
brittle lotus
why did you remove the binaries?? oh shit man this ruins the game
I didn't
root@web-serv:/# echo *
dev proc root run sys tmp var
somebody fucked up machine
maybe dock0d1
steep agate
brittle lotus
I will vote for reset
fair adder
@brittle lotus
brittle lotus
What?
fair adder
what do you want with me?
brittle lotus
Are you dock0d1?
fair adder
yes
brittle lotus
Did you delete binaries on H1: Easy?
fair adder
and no, it wasn't me who fucked up the machine, i left the room after that
brittle lotus
I'm tired now. Next time. π
fair adder
ok, have a good rest
nova tide
you can email at koth@tryhackme.com
steep agate
Ok
prisma lion
Starting in ~13 mins https://tryhackme.com/games/koth/join/4e1d4e209b354e174f3e7d8c
prisma lion
dang, just now saw this
what password was that for?
or were you just trolling? π
nova tide
you can email at ``koth@tryhackme.com``
@fair adder ^
verbal remnant
yo
matheu
my nmap is stuck at scanning 7 services
@steep agate it wont move π¦
cobalt mist
Hey koth staff
the Lion machine is broken(I think?)
when I get the id_rsa and paste it in
it's in a weird format
actually nvm
spare walrus
it's in a weird format
yes, i had the same problem.
verbal remnant
My koth connection is hella slow for me and my friend
we're both connected OVPN
but the webpage takes FOREVER to load
and he cant even ping π¦
but nmap detects it
like whaaa
bright geyser
when I get the id_rsa and paste it in
I don't remember the name of the machine but there is one which have the id_rsa "encrypted" and you have to decrypt it before you can use it
cobalt mist
I don't remember the name of the machine but there is one which have the id_rsa ...
Yeah, I know that
prisma lion
Starts in ~15 mins https://tryhackme.com/games/koth/join/319c56952cc0c0d24037d687
vague venture
https://github.com/nostalgiaufc1/TryHackMe-KOTH-Cheatsheet
This needs a pin.. π
random fjord
nova tide
https://tryhackme.com/games/koth/43541
that's a spectators link, you need to share invitation link for people to join.
oh you shared in #koth-voice-chat
steep agate
I don't know, I'm on the phone, and snacking @brittle lotus
slim umbra
How do I host my own koth event :hmm: I need my own custom room anyone help π
I'm making it complete beginner friendly with all low hanging vulnerabilities, a lot of flags (So people don't get bored) and maybe 50-60 people might attend it for 2 hours π
any help from Tryhackme
π
quiet schooner
any help from **Tryhackme**
The koth service is open source, but you will need to write an application to poll it and display scores etc.
slim umbra
Oh the CTFd koth-agent right
grand ember
yes but no, the koth agent isn't really that suited for this environment and to get it to work you'd need to play a bit with it
at least not if you're hosting it on thm
quiet schooner
yes but no, the koth agent isn't really that suited for this environment and to ...
Nah, you just poll it and process the data
grand ember
Nah, you just poll it and process the data
yes, but the ctfd koth agent reads a file or runs a command (in this case you'd need to poll the actual koth machine) and it's expected to be reachable from the ctfd instance
quiet schooner
Oh, wait, ctfd
quiet schooner
Oh the CTFd koth-agent right
Nah, I mean the tryhackme koth service
Pretty easy to have an app that polls it every minute and keeps totals, serves stats on update over websockets
grand ember
i remember making a obs overlay that parsed websocket koth data from a thm koth game and displayed it
quiet schooner
Yea, if you wanted to run your own custom games you'd need the polling and score tracking yourself though
grand ember
mhm
slim umbra
Oh where can I find the service ??
quiet schooner
It's on my github which is linked in my discord profile
slim umbra
It's on my github which is linked in my discord profile
Thanks!!
sour vectorBOT
Gave +1 Rep to @quiet schooner
slim umbra
this one right https://github.com/NinjaJc01/koth-flag
slim umbra
last thing xD just a feasability check
slim umbra
this one right https://github.com/NinjaJc01/koth-flag
I could write a service which could poll this api and use ctfd api to award that particular user
works right
:hmm:
stiff egret
hmm fair
terse willow
I could write a service which could poll this api and use ctfd api to award that...
You could, yes, but remember that you don't have perms to create boxes that can connect to the wider internet
If you speak to the site then they might be willing to set something up to help you with this over the event -- any of the internal devs (or myself) can create boxes that don't exire and have internet access, so it's not difficult to do provided you have permission to do so π
slim umbra
Wait I lost context here π
site*- tryhackme right
The thing is my event isn't open for public it's for students in college
CTFd I've contacted them for sponsoring enterprise license for the event but It wasn't a fruitful thing as it was a hosting platform and all the attendees of the Techno-Cultural fest (which my event is part of ) is attended by students
even thm my marketing team has contacted π
terse willow
Oh, hang on, yes, you could do it by connecting to the tryhackme.com websocket for the game
Ignore me -- I anticipated polling the machine directly. Doing it with the THM points system that already exists is a much better idea
slim umbra
yeah...
Is there any chance that I could develop a koth room for thm which first I would use it for my event ?? π
terse willow
You can develop a room and attach a machine to it then get everyone to attack the same machine π€·ββοΈ
But then you don't get the KoTH websocket stats
Actual KoTH machines can't be created without help from Skidy or Ashu (the directors/owners). You can ask if they'd be willing to help out with that π
quiet schooner
But then you don't get the KoTH websocket stats
but if you're a decent webdev you can implement the polling and points yourself
terse willow
*but* if you're a decent webdev you can implement the polling and points yoursel...
Not unless you can deploy non-expiring machines with an outbound internet connection you can't
OH!
quiet schooner
deploy another instance ezpz
terse willow
You could, however, deploy the king service on port 80
And poll it using the .p.thmlabs.com domain
slim umbra
~~deploy another instance ezpz~~
π that was my initial plan 
terse willow
~~deploy another instance ezpz~~
Who, me? π
slim umbra
and manual polling
quiet schooner
Who, me? π
You can deploy two THM instances, one for polling and one for attacking
terse willow
Yeah, but the one doing the polling can't connect to the CTFd instance externally
slim umbra
for me it's a offline event so people will be infront of me so I can ask them to rise hands π
terse willow
And will also die after a maximum of 6 hours
slim umbra
And will also die after a maximum of 6 hours
2 hour event so should be fine
quiet schooner
Yeah, but the one doing the polling can't connect to the CTFd instance externall...
CTFd was a mix up
slim umbra
but yeahhh I can take this up as a hobby project maybe - Koth Opensource modification for CTFd π
But it would mess CTFd's licensing as they have their own enterprise version of koth
terse willow
CTFd was a mix up
Hm?
terse willow
Ah
terse willow
2 hour event so should be fine
When is the event?
slim umbra
23rd April
But honestly all the things I do for training students I indirectly promote thm it's just soo good
terse willow
What email address did you use to get in contact with THM?
slim umbra
it must be @pes.edu mail I'll confirm with marketing and get back one sec
slim umbra
yes
terse willow
When did you email?
slim umbra
atleast 8-10 days back
terse willow
Hm, okay, I'll query that and see what comes back π
slim umbra
<@621283810926919680> Mind if I DM? π
Sure
shrewd spire
hey in offline, how do you fix the king-server
suspect its been turned off
actually tips and tricks around offline / windows koth would be appreciated - had a bit of a struggle for king just now
brittle lotus
actually tips and tricks around offline / windows koth would be appreciated - ha...
I also had problems with offline yesterday. It worked after the restart.
crisp wagon
velvet ocean
hey guy we play king of the hill you can join us here : https://tryhackme.com/games/koth/join/d1f6e37e709311a42686b0e4
bright geyser
How do I have to write my username into offline (windows) machine? π€
I see there is a bat script, I tried to put my username there but it didn't work
bright geyser
nevermind, I was looking in the wrong directory π
shrewd spire
yeah not sure what that share folder is for on offline
or if there is a way to mess with it with malicious intent
crisp wagon
can anyone make KOTH game? π
quiet schooner
can anyone make KOTH game? π
In theory yes, in practice it's something that needs to be coordinated with tryhackme themselves
crisp wagon
In theory yes, in practice it's something that needs to be coordinated with tryh...
@quiet schooner dont mind but i am unable to understand your english. Your english is like a native speaker but mine is not
π
quiet schooner
<@252418040388517888> dont mind but i am unable to understand your english. You...
You cannot make a KoTH room without involvement from the THM staff.
bleak briar
Starting in 5 mins https://tryhackme.com/games/koth/join/3b2c68cc8012fec520ae8aa3
fair adder
mans dominating fortune
terse willow
Want me to help?
Reckon I still have creators notes for that box somewhere
prisma lion
https://tryhackme.com/games/koth/join/ad49d4569b35974c26df5187 Starting in ~15 mins
jovial field
He didnt Patch everything, He Just chnged ssh and telnet credentials.
shrewd spire
did you close the port 8080 webserver @steep agate
steep agate
did you close the port 8080 webserver <@745672959804571742>
what?
steep agate
did you close the port 8080 webserver <@745672959804571742>
I haven't closed any doors, nor am I on this machine anymore
silver sphinx
No problem
crisp wagon
is anyone interested in playing king of the hill so i ll make one game?
pearl crane
Is it allowed to use that new pkexe exploit on rooms?
stiff egret
Yes.
pearl crane
Kk
jovial field
shrewd spire
oi what
shrewd spire
he patches all the privescs to root making it basically impossible π¦
its basically a race to see who can get to root first
naive cradle
yeah I can see that now
shrewd spire
i dont do that - think it kind of defeats the purpose
naive cradle
It really does
shrewd spire
(even though its basically in the rules)
naive cradle
is it really possible to just patch everything on the box?
shrewd spire
this machine theere are only three paths from foothold to root, over three different suid binaries
pretty sure hes just gone chmod u-s on each one. done
naive cradle
welp
shrewd spire
welp indeed
naive cradle
fun stuff
steep agate
this machine theere are only three paths from foothold to root, over three diffe...
wrong, on this machine there are more than three ways to root, just study and search
steep agate
pretty sure hes just gone chmod u-s on each one. done
wrong, I didn't use it
π€·ββοΈ
sometimes there's even more, just look, research and especially study
soon I will record and post a video with more than 10 minutes, talking about tips and tricks for Koth, explaining how to defend and how to attack too, it will be really cool
in my opinion the best part is definitely when defending the box
naive cradle
nice
steep agate
sometimes there's even more, just look, research and especially study
I just think people should stop whining and complaining when they lose, it's part of it, I've lost a lot, but with that I learn too
shrewd spire
didnt you report a guy when he beat you, claiming he must have used an autopwn?
steep agate
didnt you report a guy when he beat you, claiming he must have used an autopwn?
I didn't report anyone, I just suspected the use of autopwn, but after you explained it right in private, it made sense
yes, you train your "blue team" side too
bright geyser
Isn't about learn is about taking notes and copy paste some commands or even worse (it happened) just copy paste credentials from previous games... That's why, at least random creds should be implemented
shrewd spire
hogwarts has random creds. but even then, knowing the path to get them is basically as good as compared to someone who doesnt know
its a bit of a flawed format. i like enumerating the rooms though and building stealth tools Β―_(γ)_/Β―
stiff egret
hogwarts has random creds. but even then, knowing the path to get them is basica...
The bottleneck is making the rooms interesting enough to be part of the game, but easy enough to be hackable in 1 hr.
If the creators implement really hard enums, then though it improves the quality of box, it kind of defeats the whole purpose of hacking in a race.
Random creds are there in multiple boxs, and likely in all future boxes. (with all the sarcasm in the world, fo Naughty if you reply anything on this one.)
shrewd spire
yeah not much you can do really
UNLESS YOU RANDOMLY GENERATED BOXES ENTIRELY
i am a genius
stiff egret
lmao
shrewd spire
random boot2roots when
stiff egret
Some part of that is there in Hogwarts with almost every file name changes and ports, but we have to make the boxes themed, otherwise one box for all might come in picture.
stiff egret
lmao
stiff egret
yeah boot2root with no theme is no fun
Exactly my point.
stiff egret
what is this, offsec labs?
no comments
There were some boxes in dev with a lot of 'asked for' features, but creators got busy with life and stuff.
bright geyser
lol
stiff egret
That ideally shouldn't happen
naive goblet
wait lols you got a empty koth room????
steep agate
this happens because when the game is about to start with very few seconds left, the person leaves the room, and even then it counts as if the person who left was still in the room, so it's practically free king, it's happened to me a few times
naive goblet
wait does that mean you could technically exploit this if you have 2 tryhackme accounts????
steep agate
wait does that mean you could technically exploit this if you have 2 tryhackme a...
In theory yes, but I can't say for sure, probably yes
naive goblet
then again if you abuse this your account is at risk of getting terminated
as it would most definitely break tos
steep agate
this happened to me i think twice a while ago but i thought it was a visual bug just for me and i forgot to report it to the staff because i had to leave at the same time, now that aquinas says he proved the theory
steep agate
then again if you abuse this your account is at risk of getting terminated
yes , that would obviously result in a ban
shrewd spire
That ideally shouldn't happen
i lost. prick was using autopwns i think
stiff egret
i lost. prick was using autopwns i think
lmao
bright geyser
@brittle lotus you were my hero, now you're just a random guy π π
limber rune
i lost. prick was using autopwns i think
Lmaoooo imagine
brittle lotus
<@612193987251535898> you were my hero, now you're just a random guy π π
Me?
He is not talking about me.
bright geyser
Me?
If you have the same username on tryhackme website then yes. We were playing a game against a pro who got root before I even scanned the machine and since I saw you are top 5 I thought you were going to win π
brittle lotus
If you have the same username on tryhackme website then yes. We were playing a g...
Yes, I have the same username but I don't use autopwn.
bright geyser
Yes, I have the same username but I don't use autopwn.
I wasn't talking about the screenshot above, I was talking about another game π
brittle lotus
I wasn't talking about the screenshot above, I was talking about another game π
I don't know what is the problem if I doing something wrong.
brittle lotus
I don't know what is the problem if I doing something wrong.
Sorry about that if it is so.
bright geyser
I will explain in DM to not spam here.
P.S don't worry you didn't anything wrong
valid mulch
Last game, kth, there was a username lookup lets say, I discovered usernames, which I think are correct but they wouldn't show up in the lookup-thingy? So how does this exactly work, who gains root first controls others sessions and services basically and wins?
Im pretty new to this game mode, so I'm trying to figure out what is happening, can somebody delete like a ssh file to disable ssh login for others, sounds too OP to me
nova tide
Im pretty new to this game mode, so I'm trying to figure out what is happening, ...
Also give koth docs + koth blog a read if you haven't already.
!docs koth
pearl gladeBOT
TryHackMe
shrewd spire
Im pretty new to this game mode, so I'm trying to figure out what is happening, ...
ideally whoever gets root shouldn't do this unless you actually contest the king flag, imo
theres no skill in just knowing the machine more than someone who doesnt, and abusing that knowledge to ensure they cant get a foothold
shrewd spire
people might find https://github.com/ChrisPritchard/ctf-writeups/blob/master/tryhackme-koth/tools/mf.c a chatter equiv useful
and this super nasty king maker bad boy i used against people who really annoyed me haha π https://github.com/ChrisPritchard/ctf-writeups/blob/master/tryhackme-koth/tools/kingmaker.c
good going @brittle lotus for being the only opponent ever able to find and stop it after i dropped it (only used it against people like flint)
steep agate
I need to update my repository, I wanted to know whether to banish or not to put it there, and in my video that I will also release it, with defense and aggressive attack techniques
good repository bro xD
valid mulch
Yeah, why do you ask?
The reason I asked this question, was because firstly I thought it is command injection vulnerability, so scanned it with my tool for like 10+payloads, and nothing was found. Little after, found a few usernames using SMB/netbios port, but they weren't valid in the web lookup, so I'm almost positive that somebody removed them from /etc/passwd. Also, found what I think is a password on a share, so I wouldn't be surprised if somebody deleted entries from authorized_keys or something... Not really sure how I would use the lookup functionality, but perhaps there was a password hash or something... Wasn't really familiar with the rules, so I'm to blame for fuzzing port 9999, which now I know is not needed.
brittle lotus
good going <@612193987251535898> for being the only opponent ever able to find a...
Thank you for your knowledge.
sour vectorBOT
Gave +1 Rep to @shrewd spire
nova tide
@shrewd spire can you please not share all the writeups + flags here? even if you are bored.
terse willow
Writeups are fine. Flags are technically not allowed to be shared per site rules anyway.
terse willow
not sharing any flags (hopefully)
You definitely have some in the room writeups
Also, so he did
-undelete -a
sour vectorBOT
Up to 10 last deleted messages (last hour or 12 hours for premium):
none...
shrewd spire
You definitely have some in the room writeups <:kekw:787119647916949504>
er, flag paths not allowed?
flag content shouldnt be in there
terse willow
Yeah, I didn't see any flag contents in the KoTH Writeups
shrewd spire
i think there is flag content in one of the main room writeups, but that room specifically doesnt accept flag submissions
nova tide
Writeups are fine. Flags are technically not allowed to be shared per site rules...
I don't think sharing writeups for ALL of the machines + path for flags should be allowed either.
terse willow
I mean, writeups are allowed, and how many seconds would it take you to find a repository containing all the writeups on Google?
terse willow
All of the regular players have this stuff memorised anyway. Not a whole lot you can do to protect the integrity of machines this old π
shrewd spire
admittedly mine are somewhat more comprehensive than most you would find via google
i tried to find all the paths and document them
terse willow
I just meant sharing here.
Yeah, what's the difference though?
Click a link here or google it and click a link
If people wanna get a writeup for one of the KoTH machines they won't have any difficulty doing so
nova tide
π€·ββοΈ
shrewd spire
i guess my intention was around those who dont know the machines - if they face someone who is locking paths, and they dont know, then they could spend a frustrating hour trying to enumerate a hardened machine
at least with a guide, they can see if all the paths are closed off? eh
terse willow
π€·ββοΈ
(and yes, it sucks, but the only way to do anything about it is box rotations, and chances of that happening...)
Mhm, it levels the playing field a little
nova tide
at least with a guide, they can see if all the paths are closed off? eh
won't it better to let them try on their on?
shrewd spire
totally
I guess what im saying though, is you need to make me official king of the hill
terse willow
won't it better to let them try on their on?
Yeah, but then they just don't click the link
shrewd spire
emperor of the hill, if you will
steep agate
Is this also prohibited?
I will update my repository and a video of mine about shell x shell of koth, I will explain how to defend more and attack too, not kill shell B)
steep agate
https://github.com/MatheuZSecurity/hide-a-process -- hide a process in koth machine
grand ember
Even better, just unmount procfs 
steep agate
Even better, just unmount procfs <:wesmart:471076780514476042>
it's a simple script using mount, it's quite simple to unmount it, actually it's quite simple, but if you remove other people's permission to use mount and umount it's already more advantageous
balmy pagoda
@nova tide is that you messing up with my shell
nova tide
<@267010557889085440> is that you messing up with my shell
I am not even playing π
I just joined Niko's link but they left.
balmy pagoda
seriously
who is this fake naughty then in my shell
nova tide
OOF
balmy pagoda
Please can anyone overwrite a file
If -i chattr isn't working
in that case upload chattr bin in the remote system from your local
swift fossil
anyone up for koth
fair meteor
in that case upload chattr bin in the remote system from your local
Thanks
sour vectorBOT
Gave +1 Rep to @balmy pagoda
cloud birch
anyone wanna play?
naive cradle
I could
cloud birch
gang
fair meteor
@steep agate stop the oppression
U basically patch everything in 3min
Then join another game
fair meteor
Am just sayingπ u're too good
I tried using john to brute force the id_rsa but its telling me id_rsa file is not a private fie
steep agate
Am just sayingπ u're too good
oh, thanks
sour vectorBOT
Gave +1 Rep to @fair meteor
steep agate
on all machines, there is more than one way to gain access
brittle ether
on all machines, there is more than one way to gain access
Yeah right, but please donβt do it. Itβs in the rules I guess
steep agate
But don't worry, next time I won't change the id_rsa for you
steep agate
Yeah right, but please donβt do it. Itβs in the rules I guess
it's in the rules to change the ssh password, and the ssh keys, you can generate other keys too
steep agate
Cya next time
it's all right
brittle ether
it's in the rules to change the ssh password, and the ssh keys, you can generate...
Right what is ssh keys then ?
steep agate
Right what is ssh keys then ?
the ssh keys I say would be the id_rsa, id_rsa.pub
you can change them
brittle ether
you can change them
Are u sure ? Xd
steep agate
Are u sure ? Xd
yes
steep agate
Are u sure ? Xd
"Look for the most common possible ways to patch a box i.e: changing ssh keys, changing passwords, look for the processes running or give cronjobs a look?"
jovial field
I guess it is not allowed to kill services, is it?
jovial field
@steep agate could it be that you killed nostromo, the upload page and fixed the lfi
got it
steep agate
I guess it is not allowed to kill services, is it?
no, it is not allowed to kill doors
I didn't kill any pages, I just fixed the LFI, and the file upload
I left the nostromo open exactly for you to get shell
root@lion:~# cat /var/nostromo/conf/nhttpd.conf
MAIN [MANDATORY]
servername 127.0.0.1:8080
serverlisten *
serveradmin webmaster@nazgul.ch
serverroot /var/nostromo
servermimes conf/mimes
docroot /var/nostromo/htdocs
docindex index.html
LOGS [OPTIONAL]
logpid logs/nhttpd.pid
logaccess logs/access_log
SETUID [RECOMMENDED]
user gloria
ALIASES [OPTIONAL]
/icons /var/nostromo/icons
root@lion:~#
@jovial field
steep agate
I left the nostromo open exactly for you to get shell
why I corrected the lfi and corrected the file upload, I left the nostromo for you to get shell, if not, it's your vpn
steep agate
the problem was the port
oh
jovial field
xD
Not really but fine
And it is very impolite to mess up shells with the true randomness
steep agate
And it is very impolite to mess up shells with the true randomness
It was just a joke, the game was already over
jovial field
Allright
cloud birch
You can do that? Just disconnect people's shells? Lol? That's not against the rules?
terse willow
You can do that? Just disconnect people's shells? Lol? That's not against the ru...
Would you do it if you were a blueteamer and found a hacker had a shell on your machine?
If so, yes, it's within the rules
(Correct answer to that is yes, btw, you would absolutely terminate their access)
steep agate
You can do that? Just disconnect people's shells? Lol? That's not against the ru...
if you know how to hide your PTS, that already gives you an advantage π
steep agate
(Correct answer to that is yes, btw, you would absolutely terminate their access...
by the way, is it forbidden to use the rootkit to hide?
lilac idol
if you know how to hide your PTS, that already gives you an advantage π
youre really good
lilac idol
by the way, is it forbidden to use the rootkit to hide?
did you patch everything? im not finding a way in
steep agate
youre really good
thanks π
sour vectorBOT
Gave +1 Rep to @lilac idol
steep agate
did you patch everything? im not finding a way in
not really, I just fixed the main entrypoint, but on this machine there are several others
terse willow
by the way, is it forbidden to use the rootkit to hide?
Wouldn't be the first time someone's thrown a rootkit at it π€·ββοΈ
lilac idol
this is my first time trying koth
steep agate
16 years old you know a lot
thanks bro :D, the @graceful bear and @brittle ether they both know a lot too!! the only one who managed to do 26 king changes in total on me, resulted in a good match
graceful bear
thanks bro :D, the <@704061677582155848> and <@668464052598603786> they both kno...
the pleasure is all mineπ
steep agate
the pleasure is all mineπ
we're together brother π π
brittle ether
thanks bro :D, the <@704061677582155848> and <@668464052598603786> they both kno...
Zzz
lilac idol
thanks bro :D, the <@704061677582155848> and <@668464052598603786> they both kno...
how long did it take you to learn koth on every machine
steep agate
how long did it take you to learn koth on every machine
at first I took a beating from everyone, but after we practice we can make the machines, there are plenty of entrypoints for you to gain access to the machine
brittle ether
at first I took a beating from everyone, but after we practice we can make the m...
+1
steep agate
I think the koth itself is a matter of speed
steep agate
I think the koth itself is a matter of speed
at any time your opponent can enter the shell and kick you out, or change credentials, I will make an article/video about how to defend yourself, techniques, attacks on opponents, later
lilac idol
at any time your opponent can enter the shell and kick you out, or change creden...
yeah make a video tutorial bro
i have to start using rustscan
look how slow this scan is
steep agate
yeah make a video tutorial bro
yeah
steep agate
look how slow this scan is
yeah, I also use rustscan for CTF, it's faster to find the ports
graceful bear
rustscan == "nmap --min-rate 10000" lol
lilac idol
what else do you use
brittle ether
π
steep agate
what else do you use
rustscan, a tip when the "hogwarts" machine falls on koth, use rustscan it will help you a lot
brittle ether
lilac idol
how has none of them logged you out or anything
brittle ether
Good question
steep agate
how has none of them logged you out or anything
actually I don't know either, because not even with PTS hidden I'm
lilac idol
graceful bear
i'm telling you, the guy is a problemπ
lilac idol
i havent got 1 flag because i wasnt prepared, my vm is too slow
graceful bear
don't look at me, you're the only one who has root on the system