#koth

i gave up long time ago

lmao

Same

I think this is you

true

if he was a sysadmin he would certainly use an iptables, but it's forbidden in koth 🤣

Hehehe

can you give me a tip

so i can get a flag bro

I guess he is dead

He won’t give a tip

is this a flag or what

i also saw that

decoding it looks like a password

but unfortunately it's not a flag

it was a hash

now what

this is the password

736872656o6973616s6r696s6r

lets try it

these are the only flags that have on the machine

@steep agate u broke the shreck machine

I did the basics, I just removed the id_rsa, and changed the passwords, the rest you can get shell at will

nor the failures in the web applications I corrected

do we use metasploit to exploit apache tomcat on port 8080

I wanted to test something but I don't think it's possible in koth, it's kind of a shell breaker, when the person doesn't hide their pts, you break their shell, you can't even exit

this machine is full of fun entrypoint

only 11 minutes left

yeah

youre a pro

i lost

that nothing, I'm just a koth user, like many others hahaha

👀

@brittle lotus restarting 4/5 times

🤣

Hi

I don't play anymore. The service was not available.

lol, the only thing i did was remove the id_rsa from gloria you were using to connect over ssh

Is this new game? "Restart"

no, I mean you restarted the machine like 5 times, still having several entrypoints

5?

3/4

No

I didn't even play

I connect only once

10.10.205.113
10.10.114.192
10.10.216.181
10.10.187.175

4 restarts

What is that?

I thought they were trolling the game, if I patched the gloria user, 3 people were already clicking on reset, lol, I just thought it was funny

After that I started playing. 🤣

🤣

And next game I just join

And logout...

when I was going to score out of nowhere I saw about 3 people clicking on restart, then I: WTF WHAT'S HAPPENING, and I kept laughing

🤣

Not the first time.

yeah

I am going to sleep. It's too late for me.

See you

beauty, we are together flint, if you need we are there

@brittle lotus see you later

all the criminal bosses are offline lol

lemme steal wins

@steep agate yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy

what ? lol '-'

nothing nothing

What happened ?

oh

relax, I'm not even going to play, I'm just going to get root, if you want you can stay in king there

oh ohk

actually I'm going to stay in the king for 1 minute, I'm going to record the "demo" of something I intend to release

But don't worry, after I record, I take my nick from the king and leave the machine, for you to play

finally someone with heart lol 😂

you guys keep beating the machine you've already played over and over

actually, I think everyone here plays for fun, including me, koth is good because you train your "blue team" side, and it's good to do research related to defenses on linux machines, attack your opponent on the machine without using urandom, or things like that, defend your king, modifying attributes, learning to fix simple flaws like a command injection, an lfi, a file upload , among others, anyway, as far as I know, everyone plays for fun, including me too

sorry, my english is very bad hahahaha

yea tho i think chattr is a dumb thing lol it's annoying

it's perfecto

but chattr is not the only way to protect your king, actually chattr is one of them, but there are several

I want to defeat it lol

i know

with the help of google translate this saves my skin sometimes 🤣

any ideas ?

you'll get used to speaking in no time

any ideas to "neutralize" chattr ?

yup

tried changing the root folder name to root2 once

if anyone used chattr +i, to change attributes, just use -i, to remove attributes and put your name there

to mess with the/root/king.txt algorithm i think

you can also remove chattr from the machine, then the person will have to download the binary, upload it to the machine and then run it, I think that until they do that you will have enough time to protect some entry points

oh noo other way

pkill bro pkill

let go

but there is a way to "neutralize" this pkill of pts

hackers damn

am doommed

keep forgetting to open attackbox early

ready, I've done the tests, video and prints

now I'm out of the machine, good game

yup am king thanks muahhhhhhhhhhhhhhhh

we are together, if you need help, or anything like that just call me

😃

yup also look at my keepsake

i beat a God 😂

joy

dont come back oh am kidding lol 🏃‍♂️ 💨

joking/kidding

hahahaha relax bro, you got root on this machine much faster than the other players, good, I was testing something there, but it's already out of the machine, I'll post it on my github today

Hey! Would love to hear more, or see when released 😁 ... I've only been doing THM for a month, just started with KoTH last week, but I've been sysadmin for a long time, so I have enjoyed finding and making tools and tricks, but still have a lot to learn haha

I think I'll post it today on github, hahaha how cool you are sysadmin, I think linux sysadmin is really cool too, I have several pdfs here about it, it's very good

@fossil pecan I also need to update my github, from tricks to koth, I will add more things too, add more things to defend linux machines, windows too, teach how to patch for example in a file upload, lfi, command injection, etc.

nice, i'm excited to learn more, i'll be publishing some of my tools and stuff also ... linux only tho, i still need to learn windows 😛 ... haven't used windows much since 2008-2010 lol

2008-2010 ? lol

I must have been 5/6 years old at that time

🤣

😛

was my first college job as win sysadmin for uni ... but i ended up rebuilding most on linux

fuk IIS and all that old ASP crap

damn, that's cool, very good

https://giphy.com/gifs/ifc-danny-glover-lethal-weapon-U0zjzTCmGuUKc

🤣

so cool

@fossil pecan

I'll post it later today on my github

nice

coming from system/devops engineer, it's really hard for me to not make (or try to) "autopwn" scripts haha ... I'm obsessed with scripts & automation

very cool

hahahaha, I wanted to take LPIC in the future

LPIC?

yeah

"Linux Professional Institute Certification"

ah nice

i'm terrible with terms & acronyms haha ... but i know most of the fundamentals 😛

hahahaha it's part

i can't "remember" or "memorize" anything ... but i'm addicted to "understanding" everything

I understand, how cool

Well, I think just from this conversation, I believe he's twice my age 🤣

haha ya maybe ... i'm a late bloomer 👴

I turn 17y this month

nice, i'm 32 in august

😛

as I imagined, double

almost dbl haha

🤣

yeah

well, the chat was good, I'll have to leave, and later I'll come back and I'll post it on github, see you later xD

Anyone up for some koth?

starting up (beginner friendly) koth game(s), getting ready in the KOTH voice channel 😄

ok

https://tryhackme.com/games/koth/join/52cd989c0753dbad53403361

@steep agate i'm trying windows koth "offline" ... i'm on the box, found a flag ... found king.txt, and put my name in there .. not king tho? haha idk windows for shit

my name is in king.txt ... am i missing something on windows?

haha found a bunch more flags

no clue if/how king works on windows

helo snipe

does me too lol no clue

@brittle lotus look at my other keepsake

@brittle lotus well played

I need to learn some more of those tricks haha

Just know mostly sysadmin things 😜

lol

is amtheu online

https://giphy.com/gifs/foxsearchlight-super-troopers-2-3JTpczfnK4q1kbYYaJ

@steep agate

@brittle lotus that really was awesome, haha you stumped me on a few things 😛 ... GL on the rest of your games, i gotta go sleep haha

It was great game.😎 👍

🤣 👍

It is same for me. I am only sysadmin to like you.

And that is ok. And this is borring.. 😉

Haha, we should hang out in voice sometime and chat

We will. I need to learn english better.

last minute lol

Hahhahaha.... Reset master. It was fun.

sorry he gave me the match to play it he would've killed me if I lost

"badass are coming soon" 👀

to beat a god you have to cheat

sorry, at that time I was already sleeping like a stone 🤣

hi

whats up

just kill your while loop with king

and that's it, then you put your name on the king i, it's very easy hehehe, neutralized 😎 👍

using this here in koth would be OP, but I think it's forbidden 🤣

https://www.deviantart.com/kryssalian

idg

the last time we wanted to do a reset loop

against you

you added your dummy account

lol it was not my account, i called a friend of mine to play too, since everyone was together against me in loop, he plays koth sometimeso, g3n is good, i think he knows more than me

oh whats yoour write up link

he plays sometimes, but this birdhead never plays with me 😦

I play against my boy @fair meteor although he spanks me everytime 😂

what ?

we play together I'm commanding his moves he's typing lol

he is also good, these days he was asking me for some tips and i advised him

he's fast

my wpm is as fast as my username

for me you can take me out of king at will, i just want to train my skills with linux defense in koth

oh seriously

yeah

You really sound like a od 😂 lol

ask and it shall be given unto u

lately I've seen more things about defense on linux machines, hidden process, etc.

that nothing, I'm just one more, there are people better than me, I'm just training

wish me luck i'm facing a god

lol food the creds are in my head\

the battlegrounds hackthebox level is very good, it doesn't have so many entrypoints, it's fun, but too bad you can only play 2x a month, and practice is unlimited

lol

i want to report someone

but KoTh is a good place to train your skills with linux defense, but not only like koth, there are other labs to train too, skills with linux, sysadmin, and etc, for example, iptables cannot be used, which certainly a sysadmin would use, it's much smaller, but fun

this guy cheats more than you lol @steep agate

he could've just emptied the path export PATH='' not necessarily cheating

this is bloody

hmm whatever

check the binaries in /usr/bin

lol, but I don't use cheats, I even use very newbie techniques against you guys

just remove the id_rsa key that no one else tries to own the machine kkk.

or else change the user ssh password

I always try to get shell in different ways, for example I found a new one, with a recent cve

if it's pwnkit, it's overrated, if I play I always do chmod -s $(which pkexec)

pwnkit to make sure I'm rooted, and change the root password, and that of other users, then I exit and try to get a different shell and root

but it's ok, you can team up against me, resets, do what you want, I play 4fun XD

also, congrats on the top 1 position in koth 🥳

idc 😡 next match i'm removing etc var and bin folders

i dont have joy again 😂

there's the appropriates channels to report someone (koth@tryhackme.com)

thank you! I was so addicted that when I saw it I had already played it about 50 times, and it's worse than drugs

Gave +1 Rep to @prisma roost

I think this month I'll stop playing koth, and I'll leave some defense techniques, shell x shell, hidden process/tty/pts/ , defenses in king, correcting web flaws, among others, playing 4fun is the best thing, you have fun, and learn new things by researching

in my github/ytb channel

https://tryhackme.com/games/koth/join/ebd9d78c7a2067e7bcbcaa45

@edgy knoll lol he deleted binaries

@prisma roost lol i mean there are just guru's

hey i'm pretty new can i do the koth one day?

you have to change your experience on your profile to play

Yeah

hello

buddy

@fair meteor look lol 😂

I lost your match I'm so sorry 😭

due to heavy cheating I won 💪 😂

you owe me two matches now lol

brah this dude lol

i hope he dont join our game

oh your there

lol

pray although i only fear 3 people

matt mug flint

yeah im right here

and @fair adder he's been offline since idk y

what

yeah you have to take notes

oh hello boss

😆

whats up

Hii

havent seen you in a while

just i am not doing koth

busy with my work

are you a pentester

yes Red Teamer

nice

oh my buddy use to say if it's windows @fair adder will win lol

ya

my laptop is dead

am switching to the slow as hell one

i hate the windows machines

https://tryhackme.com/games/koth/join/448541d7e96a17d30de6d6cf

good luck @sinful moat

were already in a game Niko

you would beat us anyway

ok

hahah

tell me when you start new game

goodluck

am connecting with my buddy' account

you joined it

ok

ok

i did't see it lol

in order to be the best you have to beat the best

LoL Yes

Beat @steep agate

i have tried lol he is good

No I don't like this box

lol its not windows

yes 😭

😂

i came in late lol

no hope for me

there is hope

mr niko is in there

yes

Niko why havent you got in yet

i am in other game

i am not playing that game

why

you took anonymous ftp down

no

i did't do any thing in hacker box

i took the whole thing down

you did

yup

try another way

http://10.10.148.202/backdoor

I dont have joy people

Although it's pointless now lol

i have to log off my mac

and use kali

i try to use my mac with homebrew run into problems

i didnt see this one that's why tho

🙂

i didnt know how i enterd i mean when

if it's windows i cant even dream of winning

🥲

what's with the face 😂 round 2

Yes 🙂

welcome to the second round

I'm saying prayers RN

lord may it not be windows 🙏

Xd

ah welcome bro but this is personal

play with you next time lol battery low

@fair meteor i beat your idol 😂

@fair adder bye bye

lol

bye bro

hahaha

https://tryhackme.com/games/koth/join/5174b3b9bb67ef7bd12b94a8

hiii

whats up?

sorry i was sleeping i just woke up

Ohk

@steep agate one Guy was telling that to be best you have beat the best.

so i tell him beat you.

are you guys playing still

no

for sure just looking for some people to play with. I still wanna knock out a couple more rooms before I try KOTH

@summer needle U should KOTH is kinda more of like been fast

in fact, you just play several times, the more you play, the more you learn, the more you lose, the more you feel the pleasure of knocking everyone down, you search for knowledge

@steep agate damn i need your writeup

koth

please

but what writeup? the only thing i have like this is viddos on my channel about koth

github

@steep agate Wats ur channel name

#thm-community-media message

https://youtube.com/c/MatheuZSecurity

Thanks

The kinda situation am in now is complex

I got root for 10sec😭

@steep agate U killed my shell

whhhhhhhhhhhhhhhhyyyyyyyyyyyy

lol

I really don't know how to use vim fast

I was like shit "pressing delete key"

He's gonna get in back soon

And before i know boom i saw a broadcasted message saying bye

I then knew that was the end

Besides hw did u do that

```kill ps aux|grep sshd|grep pts|awk '{print $2}';echo "bye";

😎 👍

well I'm going to bypass the XDR, good game bro, if you need just give me a touch here @fair meteor

Nice tanx

xD

you have to beat the best to be the best

too easy boys

big dub

@lilac idol I challange u to a duel😆

https://tenor.com/view/duel-slap-glove-i-challenge-you-to-a-duel-homer-gif-16137544

@near lily lol lets play

https://tenor.com/view/the-last-duel-ridley-scott-medieval-2021-movies-gif-22727250

anyone up for koth? https://tryhackme.com/games/koth/join/3c3058eda9c80c11549c3429

(starts in ca. 20min)

for sure

ima join hold o

on

nice

invite

@lilac idol Am here!

invite

https://tryhackme.com/games/koth/join/9c6b90a358130827b8ecf158

Join up y'all

@steep agate Whhhhhhhhhhhhhyyyyyyyyyyyyyyyyyyyyy

can I join? 👀

Yeah\

1min remaining be fast

ah, I'll pass then. Have fun y'all 😄

Just got back home, setting up everything now. Gonna take a while.

I thought it'll be standard 25 mins wait

I'll send the next link not sure i'll win this one @steep agate Is here

ah niceeee

have fun

Yeah I kinda started it before I sent the link

@lilac idol Yh I didn't touch perms in /tmp

you did what to get root

Idk about that, I was careful not to mess with file perms because I didn't want to break a rule by accident

one sec

play koth 🥺

https://gtfobins.github.io/gtfobins/find

i thought you did

Using the bobba user

carnage

but I didn't change perms, I used find . -exec /bin/sh \; -quit

yeah

but how did you privesc

that was the privesc

from duku

@lilac idol like that

nope bobba

Oh the password for bobba was in the db

i was trying to privesc from duku

and so I used python to create a shell and used that with su -l bobba and the password I found to get in

with this

strings web.db

Yeah that was the issue, duku had no suid bit executables

whereas bobba did

I think 3 suid perm

yeah

you found it in the database

Yeah

bobba

I used netcat to get it off the server

and then read it from kali

what ?

DB browser

Yep

How do u find ftp port

lets play again

I'll play shortly, need a piss 🤣

Like what ports do I scan

scan every port

it could be on a random port

lol that will take time am playing koth hogwarts

yh

someone can change it

once they get root access

to a random port

i have only played like 3 machines so far

👀

I tried hogwarts and failed miserably

although I was distracted as I was helping mates with their course work

That was my second time on carnage though

you get the first access on ftp

I presume it was anonymous access?

Yeah I know

yeah

Yeah

Just because I tried it with nc and it didn't seem to complain but for some reason when I used the ftp client it complained

yeah if you play someone who plays this a lot then good luck

they already know every machine

The ports changes and i don't know the port range to use

and I couldn't be bothered figuring it out because I was distracted

-p-

Was definitely good fun to play against you 🙂

that will take time

rustscan

very OP lol

and then for particular versions manually do an nmap service version scan on those ports

I found that ideal

yeah it was fun to play against you too, good game

U're hiding ur pts right?

let's play

yeah use rustscan

fucking vm copy isn't shared

I forget that

yes, I like to do a lot of research involving linux, and I test sometimes not always on koth, I play koth for that, and for the fun too ahueaheha, to see people trying to root/shell

https://tryhackme.com/games/koth/join/415c8439798cedd10ecb7b76

is the room I'm in

yeah

@steep agate lol

So is it going to be on github

👀

in the future yes, there are several features

such as what

one of them is you run a command in some other terminal, you make the person unable to exit the machine, you lock him in a restricted shell, and so on, there are several things

Nice

mathew said this is old but i havent seen one better than this https://noxtal.com/cheatsheets/2020/08/08/ultimate-koth-defense-guide/#remove-user-from-sudoers

it's old, look at the date, but it still works on koth machines

y'all should enjoy the game

my laptop battery is almost dead

I have no clue with this one icl

UEsDBAoACQAAAJadq1RMPeimHwAAABMAAAAJABwAY3JlZHMudHh0VVQJAAMcBHxiHAR8YnV4CwAB
BAAAAAAEAAAAANsLE1t+lexRf5gWwdTJB0nMZHLf++BKaOdVpGT2HuFQSwcITD3oph8AAAATAAAA
UEsBAh4DCgAJAAAAlp2rVEw96KYfAAAAEwAAAAkAGAAAAAAAAQAAAKSBAAAAAGNyZWRzLnR4dFVU
BQADHAR8YnV4CwABBAAAAAAEAAAAAFBLBQYAAAAAAQABAE8AAAByAAAAAAA=

I found that and have no clue what to do with it

i found this on port 3333

I presumed it was b64 but it's not

or it's encoded or something

me too

it could be encoded multiple times

in different encodings

i tried anonymous ftp

yeah that didn't work for me

MatheuZSec

that is base64 encoded format

decode it

i found mathew name on port 9999

hahah

it will have credentials to login as fortuna

base64 to file

PK
� ���–«TL=è¦������ ��creds.txtUT �|b|bux�
��������Û[~•ìQ˜ÁÔÉIÌdrßûàJhçU¤döáPKL=è¦������PK

� ���–«TL=è¦������ ������
���¤����creds.txtUT�|bux�
��������PK����
�
�O���r�����

it says creds.txt

use this website https://base64.guru/converter/decode/file

lol the guy is good

it put a password on the zip

when i downloaded it

oh that would make more sense

it's a zip rip

yeah

I got the creds

use john the ripper

zip2john application.zip > hash

john -w=/usr/share/wordlists/rockyou.txt hash

then get the cred

he already got all 7 flags

and probably changed the password

the login isn't working for ftp

lol he's good

ssh

I tried that but I'll try again ig

he probably changed the password

yeah

by now

lol Thats the first thing to do

👀

yeah ssh is patched along with ftp

yeah

were done for

There's no hope

yeah we're already locked out

lol

be familiar with linux according to matthew

Unfortunately the only alternative is trying to find a vuln in the webpage

which is unlikely

or those "random" ports anyway

I might play Koth. 🤔

the ports are locked off

search Apache/2.4.29 vulnerabilities

there's not much for it really

even if you get in he will kill the shell right away

I will not kill the shell, feel free to try to get root, and remove my name from king

Have you left anything open? 😭

try to inject something on port 80 website

i think thats the last thing open

I put your name on the king for you to be merry xD

Anything left vulnerable at all?

lol thanks

Gave +1 Rep to @steep agate

Just wondering whether to bother trying still for now or wait till the next game

port 80 http webserver

is vulnerable

May I DM?

yeah

good for today enough koth, thanks guys, it was a great game!

fortuna password : loveitachi

I put this password now, if you still want to play

@lilac idol@dry fossil

gg

I figured out an entry point anyway

I'm working on another entry point

did you view creds.txt

yeah

I've not managed to get in but I'd found an ssh key in a file share

do you want to play again

can do

lets play

okay invite

https://tryhackme.com/games/koth/join/7e66a4aa473b47b63074f821

the file share is stuck mounted

ffs

Imma head off for now actually, am quite tired, will be on tomorrow tho

Do the machines change? Like can't you just automate it once you've already done it?

I think Hackers and maybe like 1 or 2 other machines have dynamic flags and passwords so you can’t exactly script those ones as easily, but yeah

Ah okay

But once you know initial access, you basically are just racing

Autopwns aren’t allowed because of the rules in place, but there’s nothing else stopping you other than being reported by other players and an honor code 🤷‍♂️

Makes sense

Most of the action for people who play this a lot is being on the box and reacting to other people’s defenses/trolls/traps quickly enough

if you use autopwn you will be banned, it is forbidden

You playing KoTH? I'm finishing work and eating dinner, probably gonna get back on THM for a while if you're still around 😁

'Honor code' is probably the best way to say it.

No dynamic flags on any.
Dynamic passwords or more box components on Hackers, Fortune, and Hogwarts

its pretty lively today

yea that's the best knowing the passwords already is prolly cheating already

How many flags are there in carnage?

I've got 7 so far, I'm assuming that's all of them

@broken loom GG

https://tryhackme.com/games/koth/join/9b66ea8ddf26b8f039152075

@graceful bear GG! almost caught up haha, just found 2nd flag as game was ending 😛 ... only 2 on that box? probably more just harder to find?

That was a good game!!!

yeah only 2 flags x)

haha ok

anyone have join link for current public game on "food" box?

just seen it's ending in 3 minutes tho

all good, it put me into another food game 😛

good stuff

lmk how many flags you manage to get, I found 6

same

got 7 on carnage

nice

i don't think ive found more than 6 on any yet haha

found 7th flag!

haven't seen any activity from the others playing in this game 😦

Oooh, where was the 7th?

wait do you mean the one in /home/tryhackme

called flag7 or do you mean you found 7 overall (just checked and congrats on getting 7 I had no clue and used the find functions so I presume it was hidden inside a file or something)

ya it was in a unique location

i found with global search from /

ahh fair enough, will get it next time

i used to play with someone who would change the flags

Someone deleted binaries

is it illegal

to change the flags

lets go

yEAH

Oh yeah

Then probably they will report u

???

oh okay

Nice

Any games going on?

i read the rules

yeah we got a game

Yes it's against rules

got a join link? just joined public, but next isn't for 25m 😦

Yeah

the game already started sorry

My wifi is down

ok

Feel free to win 🤣🤣 🤣

i thought you could still join late ... sometimes it puts me in games near the end haha, but now i'm 20m away in a game by myself 😛

https://tryhackme.com/games/koth/join/d104bf614eea5e7132224da1

i was in but he killed my shell or something

im locked up

this guy is cheating

bad

i did not kill ur shell

I removed the authorized keys

so u won't login with the id_rsa

idiot

bro thats not cheating and sorry if u are too angry

you are cheating

you made my whole screen mess up

and made my terminal fcked up

I just sent random messages

lol ya seems like someone tanked this sytem ... no user names for ids, and /etc/ssh is gone entirely 🤔

there's actually /etc/ssh

youre getting banned

bro what did i do

empty dir? haha

🤷‍♂️

U are root also

No authorized keys

i don't think this was @fair meteor fault btw

it was

Then generate another id_rsa

/etc/ssh is the entire sshd server config 😛

my terminal said 999+ things popping up

when i got root

Really??

i got urandmed too lol

hes cheating

part of the game

Soooooooorrrrrrrrrrryyyyyyyyyy

I just wanted to make it fun

❤️

i dig it

im reporting you for messing my terminal up

?

oh shit that other game started lol

forgot

youre getting reported

link to the game

Finally, I'm become to winner of the KOTH.

Oh mug3 is there nvm

someone fuked this box, or really fking with my sessions somehow lol

bash: /usr/bin/ls: No such file or directory
bash-4.2# id
id
bash: id: command not found
bash-4.2# echo $PATH
echo $PATH
/usr/local/bin:/usr/bin
bash-4.2# export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
bash-4.2# ls
ls
bash: ls: command not found
bash-4.2# sh
sh
bash: sh: command not found
bash-4.2# /bin/sh
/bin/sh
bash: /bin/sh: No such file or directory
bash-4.2# 

lets play then

which machine

but I didn't received KOTH winner badge. why?

lol did u get root

Yes

which machine

H1:Hard

Am not sure u put ur name in king.txt

Did u do docker escape to get the main root

I didn't access the got king.txt but I see this king.txt file.

U should have put ur name in king.txt file

Though u won

Cause u had much flags than ur opponent

lol @fossil pecan

what are you doing with my shell

❤️

reset?

dont use that script again

it made my computer lock up

@lilac idol You were told where to take accusations of cheating.

@graceful bear i wanna find those other 2 flags!! haha i'm only at 5 😛

👀

i wanna find the last flag lmao

oh there's 8?

hhaha

i'm not looking hard enough

yeap

we're getting record for king changes on the koth page game list 😄

Okay

Sorry

Spamming terminals isn't against the koth rules, they're just being a sore loser

Help!

My kali machine isn't connecting to the internet

So I have been using kali on thm

Anyone online

urandom not cheating

lol

I have worse things than urandom, you won't even be able to get out of the shell, and that's not cheating either, it's part of the game, it's the same as spawning nyancat, it's not cheating lol

Nice worse things

https://github.com/MatheuZSecurity/koth-protect-king

I'm updating my koth tricks repository, it should be ready by 16/15/17

gonna have to work on the unprotect version 🤣

set +o noclobber and whatnot

new box To try, pretty happy for a first attempt

this script is very beginner, i used it when i had only 50 wins around in koth, then i just put animation, lol

🤣

and it was with the intention of helping beginner players, but anyone can unprotect it, just know how to google and search @dry fossil

Fair enough 😄

How would you have gone about undoing chattr removal, just re-add a binary?

yes, just add the chattr binary again

buuuuuuuuuuut

if you leave wget, curl, etc, and leave these binaries only for those who are root, your opponent will not be able to put chattr on the machine, nor any exploit to be able to escalate privileges, but there is a way to "neutralize" that, you can also do it upload binaries, exploits etc, using ssh

another thing for an "add-on" would be to remove the gcc or the lib that gcc uses, so your opponent won't be able to compile on the machine 🤣

Yh that being said, you could use a netcat output to file

yeah

and if nc is removed or not present &> /dev/tcp/ip/port will work

we need to think about how your enemy would do it, certainly after that he wouldn't try, or he would click on reset or he would whimper, and about removing nc, I believe that "remove " can't, but leave it only for those who are root yes

well i never tested removing netcat from koth machine, so i can't give you a certainty @dry fossil

yh however they shouldn't really be resetting the machine just because they can't get in

but that's exactly what happens, for example

you couldn't enter the user who had that password, after that there are people who don't even try anymore, they just leave by clicking on reset and enter the next game, so I say you have to think how your enemy would make the machine, and the steps

Well yeah, ig, I just go to /games/koth and join another one that way if I'm locked out entirely

at least once I've tried finding a new entry point

that's what I want to tell you, people don't look for new entrypoints, they just use the same things and then if you couldn't click reset, or reset the machine, and if you didn't succeed again go to the next room

although, at most, there are 5/6 entry points on some machines, not all

I'm thinking of quitting koth, I've already reached my goal, and I had a lot of fun playing koth, met some brilliant people

you keep saying this...but👀

lol its so addictive hahaha

🤣

Do games run regularly or do I need to queue with people?

I might start this weekend lol. Intimidated but looks so fun

haha i know, right?!? i'm still just getting familiar with all the koth stuff, can't wait to learn more 😄 ... i need serious help on windows lol, i had admin last windows box, but writing my name in king.txt ... never registered my as king 😦

idk shit about windows 😛

you can always start a private match, which is essentially join by link only (to whoever you wanna share/party with)
or the "join public" game option will try to group up ppl for regular games, more like video game matchmaking

haha I've experienced that

goodluck!

whos playing koth right now?

windows box ;-;-;-;

Anyone wanna play koth?

would play if shadow was not planning on sleeping soon thanks to it being past midnight

This is probably an obvious question, but it's not obvious to me. Given the fact that everyone uses their own system to log into the same machine, are there any possible leaks of data or information that could occur?

Not really, if you use windows 7 or some other trash system someone could try to attack your machine but this is forbidden

They might get your VPN IP.
That's not really sensitive. Assuming you keep reasonable security measures - you don't punch gaping holes in Kali's security - you'll be fine.

Shadow if you are up for koth today let me know 😋

@graceful bear gg, where was that 7th flag that u found, I found two entry points and got the flags in the home directories and iirc one from a db

https://tenor.com/view/kermit-the-frog-dance-swag-moves-gif-15822539

the other is in an interesting directory in /etc

ahh

when you got root how'd you go about it? Did you escalate through neville using the ip suid?

That was my first way onto root but towards the end I found one file that led me to 3 other files and gave me access to a backdoor-esque thing

I did try and upload a reverse shell to the resume-upload and succeeded but it didn't seem to work, I also noticed wget and nc weren't working to connect to my webserver so I presume you set something up but that was good fun, first time on that one. I think I did fortuna twice and am still finding stuff on that. I want to try and find some new entry points on carnage as I've done that a few times now and I tried shrek the other day 🤣

yeap..using ip

interesting

yeah...hogwarts misbehaves when you try drop a file from a webserver, not sure why

it's always good to go through the machine after getting root..there's always some juicy stuff to find

yeah, I ended up sticking to the machine and not trying to do the webserver stuff, only reason I tried at first was to try and move across laterally to try and get a flag

@graceful bear

is that your desktop background

no, it's a video cover

aiyo

my reminder is already on

me and you

we got history

hahaha, what history lol

aiyo you beat me once never again

I've been beating gods at level 1 i have alot of keepsakes

i want to add your name lol 😂

😂 😂

actually i am busy in my exams these days, so not playing koth

alot

aiyo i'm 15

writing final year exams

also

nice i got messages from many koth players and most of them were 15-16

and thats great lol

all of them were good in ctf

hmmm

lies

i know this happened three days regularly😅

when my exams were not started

i am 20 btw lol

oh another god just entered our match lol

oh which class

yess theak

university right lol

college, second year is about to end next month

I'm free after next month grade 12 is over lol

idk what to do with my time

if it's a windows bot i'll just leave

i also hate windows

i think i have to learn powershell now😂 havnt mastered it yet

God like you 😝

🤣 🤣

Linux is so simple and straightforward

windows is blehhhhhhhhhhhhhhhhhhhhhhhhhhhhhh 😝

but that's what i use lol

i dont have windows

only parrot os

boss that's my dream stop using windows

maybe a spare windows for gaming lol

i used windows 10 for a month only

after that changed my os

parrot os is light weight and good

me vs your country

yess

aiyo hands up for the boss

hahaha

i saw you in lol

you changed password too, if i m not wrong

yup

you came in early

pkill is illegal 😭

naah bro i came after you

my pts was 1 and your 0

i noticed

was focused on putting my name in king

that's why

lol next time

pkill pts/1

rm -rf /bin

when you were doing that i was busy on deleting ssh files and changing all passwords😅

i did king after that

next time rm -rf /usr/bin no joy

oh

😂

interesting

yoo bro, had good match with you yesterday, but i lost🥲

the match was super fun!!! very competitive

king changes more than 20 times bruh, but at last i gave up because you had more flags than me

😹

https://www.youtube.com/watch?v=jz5H2SBjdEg

2 hrs left

👀

yes, it was 15 minutes, and even then I couldn't put everything I wanted to put in, but I put the essentials to win an entire match

Btw congrats on 1k

❤️

thanks xD

Gave +1 Rep to @quartz snow

congrats, it will be the first video on koth tips and tricks on youtube

the video was speechless, but before starting with the tricks, I put what it would be, I'm Brazilian and my english is not very good 😂

yeah

Time to defeat @steep agate with his own tricks

your all videos are speechless 😅

🤣

he said these are not all, it means he have many more hidden😂

the only one who managed to make 26 king changes was , he is @graceful bear really good, it was a great fight and game

I see