If you count the number of asterisks, you should be able to see that it's not matching with the amount of the answer you are trying, thus it can't be the right answer and seems to be not a bug

#999368037528514600 If you need help with that room question

Gave +1 Rep to @raw bison

i cannot execute the command, what can i do?

run msfdb as a non-root user

this is attack box

i cannot come out of root

just adduser then

Running databases and database control scripts as root is a generally a bad idea, and I don't see us supporting that use-case. You can switch to a non-root user by using su - USER, run the script, and then return to root by exiting the less-privileged shell.

Alternatively, head to https://tryhackme.com/my-machine and deploy the AttackBox

cc @dusky junco ignore ping

Also @frail zephyr Have you tried just running msfconsole?

The database should already be initilised

Actually, you shouldn't be initialising the database at all

leave i booted into kali , its running fine😇

Here's a post made by CMNatic 2 years ago:

TLDR: You should not initialise the Metasploit database yourself (i.e. through msfdb init) as you would on your own install of Kali because this has been fully automated and fixed on the TryHackMe AttackBox. The task in the Metasploit room instructing you to do so has now been changed to reflect this (:

Thanks Habba(:

Jabba

Habba Habba 😏

how to cat flag.txt ? any idea?

Try more

thnx

The first answer should be wrong. Or maybe i am god?

k

3rd question , there is spelling mistake , it shoud be rustscan

What is the URL to the room please?

https://tryhackme.com/room/rustscan

In the "Content Discovery" room, Task 9, I misspelled the answer to the question, but it still marked it as completed.

in the content discovery room when Iaunch the machine it does not connect on port 80 .. it keeps complaining "Error response Error code: 405"

I do see the port is open and the process is up but the website is not served tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1473/python

It's not asking for the port number

It's asking for WHAT is running on the highest port.

My bad apache is right

Now it's best you delete these pics so you're not ruining flags for others.

Done

@raw bison still around?

@chrome drum Please do not send invites to random discord servers in here, make sure your account has not been compromised

There is another one in Voice chat.

hydra took care of it

Hello everyone sorry for bothering you all but I have been dealing with this for quite sometimes now, mostly when playing ctf do you all encounter instances where you can see an ftp running with anonymous login while scanning but try to ftp into it but get login failed ? Most time I try to terminate and restart the machine and sometime I have to do that more than 4 times before I’m able to login finally, I’m I missing anything or why is that happening, and yes you might want to ask if the server is up and the answer is yes cause I try to ping .

can anyone share link of stenography room , i am not able to find it😅

nvr happened to me

I know this is not a big issue. Just wanted to let you know. In Windows Fundamentals 3 Task 7 the answer should be Trusted Platform Module but while writing i miss the T of Trusted in the answer but answer still got accepted.

that is not a bug and is thanks to tryhackme having answer tolerances meaning if you refresh the page it will update to the correct answer... the answer tolerances means that you can get an answer slightly wrong and it will still be accepted as correct to avoid you having to write it out all again

Gave +1 Rep to @nimble gyro

GG robocop

https://tryhackme.com/room/thelayoftheland
In task 6, the photo does not load. It looks as if it has been removed from aws bucket or the wrong permissions on aws has

Room: https://tryhackme.com/room/defensivesecurity
Task 3
Submitting a ip address with space before ( <ip>) or after the ip address (<ip> ) result in an error, even if it's the correct ip address

A word with a space at the end or at the beginning is something different than without that space. Your TryhackMe password will not work if you add a space there 😉

Sure but for beginners it would be nice to have the input trimmed. They might get confused why the correct answer isn't working.

It's not a valid part of an IP address and hence should be ignored

Same as typically you can't have spaces before or after your username

Hi! Don't know if this was already reported, but on Searchlight - IMINT challenge (https://tryhackme.com/room/searchlightosint), the answer format for the question "What is their phone number?"on Task 5 is incorrect. (not a bug, just a formatting thing)

The phone number is correct.

+44 is for the UK, replaces the 0.

Yes it is. I'm talking about the mask in the input.

It was showing that it should have a blank space in the answer, but there is not.

its weird i am not able to connect to internet with attackbox

there is a bug in the owasptop10 room, task 25, second question. it says to alter the value of a cookie to 'admin' to be able to enter the admin dashboard and get the flag, but it's possible to enter in the admin just by putting the '/admin' at the url. it doesn't need to change the cookie value

You cannot unless you are a subscriber

then tmr

tryhackme.com/room/metasploitexploitation#
In task 3, "Different from regular Metasploit usage, once Metasploit is launched with a database, the help command, you will show the Database Backends Commands menu." It should say -
the help command will show you

is this intended cuz I can the history of command on this machine?
Room: https://tryhackme.com/room/cyborgt8

You're root so eh.

Hey,
I don't know if someone reported about this but you can't view the image in this section in: https://tryhackme.com/room/thelayoftheland room

Thank you for reporting. I'll report back when it is fixed. 🙂

Gave +1 Rep to @proper meadow

😁

Should be fixed now. 🥳

@glad badger Working, thank you!

Gave +1 Rep to @glad badger

Room: https://tryhackme.com/room/splunk2gcd5
Task: 1
Issue: url of BOTSv1 Splunk room redirects to a private room, which isn't accessabble

Is it private?

Yeah, the room has been made private as it may:
Be getting fixed
Too old so it's been retired.

Tl;DR, it's not a bug, it's intentional.

Thought it might be a old room which got removed. That's why i mentioned it 👌🏽

Probably best mentioning where you found it.

You can read it above

With Room, Task etc

D'oh, true.

Link removed as the room it linked to has been retired. Thank you for reporting. 🙂

Gave +1 Rep to @soft terrace

@eternal summit

-ban @drowsy karma -ddays 1 Secure your account and appeal this ban by emailing bans@tryhackme.com

🔨 Banned Ramzan#4526 indefinitely

This room is not opening.
Link:- https://tryhackme.com/room/btmisp
It's showing me "Problem finding room.."
Can anyone help?

Who says those are the same box?

this is not a bug.... the target machine is a different one compared to the image example... the example is there to teach you what to look for... which is something different on the target machine

Ohh i see, well thnx

no problem

@gleaming shadow

Room: https://tryhackme.com/room/follinamsdt
The doc file is in Documents not Desktop as the instruction say

Clicking on it doesn't start any application either

@gleaming shadow

-ban @wispy bramble -ddays 1 Nitro phishing. Secure your account and then appeal this ban by emailing bans@tryhackme.com

🔨 Banned Weber#4717 indefinitely

@gleaming shadow

@raw bison

-ban 797851105857765397 -ddays 1 Malicious discord server invites. If account was compromised, change password and add 2FA, then appeal by emailing bans@tryhackme.com

🔨 Banned ! L ?#3107 indefinitely

thanks @raw bison

Gave +1 Rep to @raw bison

-ban 685844343621288035 -ddays 1 nitro scam. ban appeals are bans@tryhackme.com

🔨 Banned Stormgod_Zephyrus1603#7904 indefinitely

Hello, before the , it will be 6 char and after the , it will be 5 char for the answers

-ban @zenith cairn -ddays 1 nitro scam. ban appeals are bans@tryhackme.com

🔨 Banned aeropop#1919 indefinitely

@queen sphinx ⬆️

-ban @chrome bronze -ddays 1 nitro scam. ban appeals are bans@tryhackme.com

🔨 Banned aryan7tiwary#7946 indefinitely

maybe it starts from the bottom of the channels list

as #voice-chat tends to get the message a few sec before room bugs

There's an invite that links to this channel

In the Windows Fundamentals 2 room the question requesting the name of the hidden share answer is sh4r3dF0Ld3r. According to Microsoft documentation a hidden share name requires a $ at the end of the name. So the correct answer should be sh4r3dF0Ld3r$. Is this something that can be fixed?

Both should work, no? Due to answer tolerance?

Did you refresh the page to see what the actual stored answer is?

Either way, if $ is just an indicator that it's hidden them couldn't you argue it's not part of the name?

The dollar sign is not just an indicator. The dollar sign $ is required in the Share name field and also if you are browsing shares, you will see sh4r3dF0Ld3r but you will not see sh4r3dF0Ld3r$(because the share is hidden based on the name), these two share names can point to different locations.

Yes but you could argue...

But please see my other point about refreshing the page.

So what is refreshing the page going to do?

Answer tolerance.

the correct answer acording to shadows refersh for said question is without the $

It loads the answer from the database, rather than displaying the answer it accepted from you

There is tolerance on answers

And does the room accept the answer with a dollar sign?

did not try that because don't feel like reseting progress to check

The share name on the system THM-WINFUN2 is not a hidden share if the ($) dollar sign is required.

Is not a hidden share?

Also you're just restating your point every time...

You are right, I do not want to lose my progress.

So my question is do you want to allow people that are not familiar with creating shares in Windows to be looking for a checkbox to hide a share or do you want to teach them the right way add the dollar sign to the share on THM-WINFUN2

I do not represent tryhackme.

So can you pass this information on to someone that does represent THM?

You need to post here, explicitly stating the bug.
That's all. No need to argue or get angry with the volunteers here.

I am not angry. I am disappointed that you would rather side step an issue and make light of it, instead of just saying we will make a note of this and update if necessary.(I could be wrong)

-mute @orchid beacon Please adjust your attitude in this discord. Your attitude towards volunteers here is not acceptable

🔇 Muted Sm1ley#8105 for 1 day

Moderators aren’t site staff FYI

-ban @winter cypress -ddays 1 nitro scam. ban appeals are bans@tryhackme.com

🔨 Banned Khalid.#8605 indefinitely

Hello, can you show an image of what the Folder Name looks like, and what the Shared Name looks like? 🙂

Hi, seems there's a bug in Zeek room

fatal error when trying to investigate TASK-5 http.pcap

same when trying to investigate the ftp.pcap

Zeek signatures topic

Where do I paste an image?

In the new Follina room, I had the room open for like 20 mins. Defender popped up because it detected two infected files on the desktop. The two files are for the task.

@tropic flame the Brainstorm room seems to be broken

That's a bot.

the Brainstrom room seems to be broken !! can anyone help me out ??

Please use #room-help for help with rooms

okk !!

Did it stop you from completing the room?

Verify what?

Thank you

Gave +1 Rep to @vital vine

I see what you mean now. The share is not hidden, but the folder that is shared is a hidden folder. 🙂 I'll ask the content developer about this. Perhaps the question to ask is: What is the name of the hidden folder that is shared?

The question has been updated. Thank you for reporting this. 🙂

Gave +1 Rep to @orchid beacon

I think there is a small typo in room CTF Collection Vol. 2 in Easter 15 hint

Thank you! 🙂

Gave +1 Rep to @glad badger

It did not. I was past the steps that I needed the files for. I could have restarted the room if I needed to. The bigger point is that it happened, which means that it can happen to others.

Not sure if this is the right channel to report this but I made a typo in the room "fileinc" yet the answer was accepted.

Answer tolerance, perfectly intentional

Alright 🙂

It says "does not have the format" ?

omfg

sorry guys

Those are the two files you've created and loaded on there right? If they're quarantined you can reload them easily enough.

Unintended privilege escalation in https://tryhackme.com/room/vulnnetdotjar using pwnkit.

Thank you for letting us know. 🙂 It's the choice of the community content creator to update their room. 🙂

Gave +1 Rep to @strong kelp

in some of them was fixed. I only realized it was unintended after i checked the writeups

Hello hello,
Been doing the https://tryhackme.com/room/postexploit room and got to the part of bloodhound enumeration. When i load the sharphound zip into Bloodhound however, i get a bad Json message.
My college had the same experience, is this a shortcoming on our end or a bug?

due to some version missmatchs between bloodhound and sharphound causes this problem.... using an older version of bloodhound has made it work for others in the past though shadow can't recall what version exactly

Thought This was the case, so maybe a feedback could be to update the sharp hound on the room machine

true.... but doubt that would happen quickly or soon

I see, I hope a staff member sees this 😇

think the attackbox might still work if you use that though

That is the one I tried, I am asking myself rn if I can be bothered to try older bloodhounds 😁

oh okay then that is kinda bad

yeah setting up your own virtual machine with bloodhound and trying multiple versions will take a while

Hi, I was doing windows internals room in which windows api room was linked for further information, however when I open that it says private room. Is there someway this room can be brought back together? Thanks!

the windows api room is still being developed and is not yet done it seems

Oh ok, thanks for letting me know. Is there any tentative timeline by which I could expect to try it out?

Gave +1 Rep to @rugged canyon

no idea

still the link to that room should probably not be there before the room is done

Also, as a suggestion, could in development rooms could be marked as such?

¯_(ツ)_/¯

shadow is not thm staff so they can do very little about this

The link is present in the Windows Internals room (https://tryhackme.com/room/windowsinternals) Task 7, if you need that to either remove or whatever?

Ah, no worries then

Thanks for the help though

no problem

lets hope someone from thm staff sees this and can make changes

maybe send that in the feedback form actually.... you can find that feedback form in #feedback-and-ideas

Oh sure, let me do that

Thank you for reporting. 🙂

Gave +1 Rep to @shrewd quiver

Did you see my message earlier

Hello, ensure the versions (3.x or 4.x) of Bloodhound and Sharphound matchup. Are you using the AttackBox?

I was indeed using the Attackbox, I admit however I didn't put much effort into troubleshooting as I was just testing said issue for a friend.

Should work if the versions match up. 🙂

I Will give it another shot tomorrow, thanks !

Gave +1 Rep to @glad badger

Not sure if it's an error but in this question (Windows fundamentals 3 task 5 about firewalls) the question ask for profile (in the text of the task too ) but the hint and the answer are with network instead of profile

The profile is called "public network"

ty

So about the Post-Exploitation Room, Sharphound is version3 and Bloodhound on attackbox is 4. The shortest path for me, was downloading the Bloodhound 3.5 Verison from official GitHub and run it straight after unzipping with Bloodhound --No-Sandbox.

Hii, I think I found a bug in "Burp Suite: The Basics" Task 2. But it could occur in other tasks as well... When I answer the questions it only checks for the first 20 characters of the answer...

I'm typing in the correct answer for the File Inclusion room, Task 5, Question 1, but I get no response from the site at all when clicking submit. I'm completely confused as to why?

copy down the answer somewhere

then hit ctrl + F5

then try again

happens sometimes that the pages stop responding to answers of questions

dunno why

Still not giving a response. I tried restarting the room as well... Funny thing is, when I take my answer out and click Submit then the page responds as incorrect

Switched device, answer worked in Safari. Was previously using chrome on windows

I have been trying to get to the target host from my kali attack box for OWASP Top 10 Task 7 and while I was able to get to the hosted evilshell page when I try to browse to port 8888 I get an unable to connect error. I tried this from my raspberry pi connected with openvpn and ran into the same error

Don't know if I am just missing something, screwing something up, or if there really is something bugged

Usually means you have the wrong VM deployed

In the OWASP top 10 room, in task 14 about XXE, there is an error with formatting. the room is meant to highlight a word with the code tags but highlights the wrong one.

In the last point on the list, the word "element" is highlighted, when the preceding word "body" should be highlighted

Fixed. Thank you for reporting. 🙂

Gave +1 Rep to @muted nimbus

looking good 👍

Gave +1 Rep to @vital vine

I'm having a look at it 🙂

Muiri's added the following 🙂 @slender gulch thanks for bringing it up

Gave +1 Rep to @vital vine

Ok robocop, i'll be back in like, 5 minutes 😄 you both deserve rep

Gave +1 Rep to @misty cave

Hello, furthernmap room's task 14 has a bug, the server does not let me scan its ports; it works with neither of sN, sF, sX flags
nmap's error:

Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 3.12 seconds

Did you add -Pn?

The note from Nmap quite literally also provides the solution

@quaint sparrow @obsidian kiln Thanks for the responses, I was using the -Pn flag inappropriately.

Gave +1 Rep to @quaint sparrow

Hopefully an admin sees this and can update the room but I was going through the post-exploitation basics room (https://tryhackme.com/room/postexploit) and SharpHound is older than the bloodhound version that you're instructed to install. Can someone please update the bloodhound install instructions to download from here instead of through apt? This version worked great. https://github.com/BloodHoundAD/BloodHound/releases/tag/3.0.5

It's also worth noting that the room Attacktive Directory (https://tryhackme.com/room/attacktivedirectory) has you install bloodhound and it isn't even utilized in the room.

-ban 830080738913157140 -ddays 1 Nitro scam link. If account was compromised, change password and add 2FA, then appeal by emailing bans@tryhackme.com

🔨 Banned Kuv32#8778 indefinitely

Hello

i wanted to report that musicalstego room cannot be completed as the github page you need to access no longer exists

@wheat fractal is that your room and github?

Hello, there is a typo in the Intro to Anti-Virus room. In Task 7, under C# Fingerprints, there is a sentence that starts with "Then, if it complied correctly..." It should be compiled, not complied.

room " Linux PrivEsc " ssh to machine dont work

i terminate the machine re open it and same problem , i even killed openvpn and connected again and still

nmap machine ssh working on port 22 just to triple check everything

ya, ill take a look at it

Hello everyone sorry for bothering but have had instances where I Inputted the correct answer but it the website won’t pass it as correct check online to see if I’m wrong but to find out I’m not, have anyone here experience any thing similar ? Please ?

don't muti-post tho, you've already posted in #room-help

Okay sir @median coral

It gives you a message about not being able to find matching algorithms right?
Not a bug. Google the error.

Dear Team,
I found this URL at the end of linuxfundamentalspart3:
The find command - https://tryhackme.com/room/thefindcommand
It says "Room is private If this is an error on our behalf. Please contact us."

oh huh so it still links to that room even though it was made private over 6 months ago???

yes, at the bottom of the page

shadow can do nothing about it as they are not thm staff but yeah weird it is still linked

I like the "Royal we" 😄 Thanks anyways. Do you know the owner of that room? Is there a way to join it?

Gave +1 Rep to @rugged canyon

the owner/creator of the room is: concatenate
but if it is made private there tends to be a good reason to not let others join it.... usually the room is undergoing updates or is so old it can't be fixed

The room has been retired. 🙂

Fixed by removing the link. Thank you for reporting. 🙂

Gave +1 Rep to @woeful cliff

wow it was quick, thanks! 🙂

Gave +1 Rep to @glad badger

sad because shadow heavily liked that room... it taught a lot of valuable information for finding flags and other useful stuff on linux boxes

thanks

Gave +1 Rep to @eternal summit

Hi, new here & working in the Vulnversity room. Where do I locate the ip add for the nmap scan. The only one I can find is for my Kali machine after my machine in step 1.

Hello everyone, I’m trying to work on THM from my own personal virtual box but I’m not able to ping or even scan my victim IP? Is there something I’m missing or THM IP”s just don’t work with any other machine apart from THM machine ?

Are you on VPN?

Under the hacktivities?page=v3&tab=practice page for Pentesting Tools it isn't giving the green check marks for the completed rooms.

The rooms uncompleted are redirects, the old rooms have been made private as they are retired.

And the new ones don't count towards the badge yet.

Ok like the Metasploit modules I have completed all those and received my badge

Hello! In this room: https://tryhackme.com/room/linuxagency I can just use pwnkit and bypass all the other lateral privilege escalations

alot of the older rooms will have been built before a fix for pwnkit, so they will be vuln to it.

Thanks man! Its a shame, this room is amazing

Gave +1 Rep to @quaint sparrow

Hi, I think I found a mistake in the Osquery room

the "correct" answer that I had to type in Task 5 is "select username from users where username like '%en';"

but I tried the same thing on the attached machine with the only difference being '%or' instead of '%en'

and I retrieved the "Administrator" username, therefore this syntax does not limit the username to 3 characters long as the question demands

I did achieve the wanted result tho with adding "and length(name) = 3" to the query

and that was incorrect as my answer wasn't accepted

any thoughts?

I mean, you can just choose not to use it lol

And actully do it the way that was intended by the room author

The question does specifically say and ends with en, so i don't think it's an issue in this case

yea but it also says "where the username is 3 characters long"

So in this cae the answer will be something like _en

_en is looking for a username that is 3 letters long, and ends in en

It's strange cause I remember me typing '%en' and not '_en' (didn't even know about that)

and now it shows that my answer really was with '_en'

is there any chance it altered my answer after accepting it or am I tripping?

Yes. so, the reason it was accepted with the wrong symbol is the answer tolerance, and the answer is changed to the correct one when you reload.

(no point saving and loading all the almost there but not quite long answers)

Oh that's cool, even though I still disagree with it but I guess that's up to the room creator

thanks 🙂

The Badbyte room is having a problem. It gives me an error when I try to foot hold the machine (https://imgur.com/oCiaPxZ.png).

In the section What the Shell? under *msfvenom *of the Complete Beginner learning path there is a link to the welcome room (https://tryhackme.com/room/welcome). However the room is private. I am guessing that the room has been replaced by a newer room and the link needs to be updated.

In the Subdomain Enumeration room, task 2, the URL pointing to the google transparency report db (https://transparencyreport.google.com/https/certificates) now redirects to another page which doesn't seem to contain links to the searchable database

Room: androidhacking101
Task: 3

The typo is literally underlined in the screenshot

Might need a minor grammar pass as well (Following screenshot from Task 4)

Updated with a new search tool from entrust.com. Thank you for reporting. 🙂

Gave +1 Rep to @winter turret

So Im trying to do the PenTesting Tools series but the Metasploit and Burp Suite rooms aren’t being cleared after i finished them

has anyone else had this problem or am I just being dumb about it

they are redirecting to new rooms when the series is looking for the old rooms for completion.... hence it is a weird way of working that causes confusion and problems that thm has decided is they way they are doing stuff for now... hopefully they will fix it later

that’s weird. but thank you

Gave +1 Rep to @rugged canyon

no problem

Not sure it's been posted. In Network Services 2 (https://tryhackme.com/room/networkservices2), under Task 3 - Enumerating NFS, subsection NFS-Common, the linked Ubuntu package link mentions that two packages were specified so it can't display anything (Error
two or more packages specified (nfs-common xenial)).

Here is a link for nfs-common on Jammy Jellyfish: https://packages.ubuntu.com/jammy/nfs-common

I can't ping any of the entries in my /etc/hosts file (except for the localhost) someone please helpp.

It always shows an error Name or service not known.

This isn't a room bug

sorry bro, but can you help. I could'nt find another

Please don't call me bro.
Please ask in #infosec-general

Sorry sir. Thank you for the help btw

Gave +1 Rep to @eternal summit

Hi I am in OWASP Juice Shop task 7 q 3 I have completed the URL, refresh the page and I don't get any alert saying XSS. I don't understand what's wrong... Please some help
Is it a bug?

i replied u in other channel

if Metasploit doesnt work try using python script link is added in the hint of the task

Done! Thanks

Gave +1 Rep to @silver dust

👍

In the Splunk 101 room, for Task 6 Sigma Rules, I had an issue with apostraphe and quotes at the end of the first question, and the github repo .yml changed for the second question, event ID was removed in commit history, and splunk query translation changes. Used a walkthrough for the second question.

In the Wireshark 101 room, Task 12 HTTPS Traffic in Practical HTTPS Packet Analysis there is a line - "Let's take a closer look at one of the encrypted requests: Packet 11."
when i opened packet 11 i noticed the photo is not same as the packet details.
The photo in the room is Packet 36.
i think that should be fixed.

found an issue in https://tryhackme.com/room/linuxprivesc

the machine doesn't have msfvenom like it should

on Task 10

and also apparently john isn't install either

jtr

they told u to do it on your kali

ah mb i'm just an idiot

and what task that john isn't install?

Feel like there is a bug or outdated answer in the room: Passive Reconnaissance, task 6 question 3. The question is:

Based on Shodan.io, what is the 3rd most common port used for nginx?

The answer found at shodan is not the correct answer

https://www.shodan.io/search/facet?query=product%3ANginx&facet=port

You can see that the 3rd most common port is 5000, but this is not valid.

That's because it's still working from apache search.

the OWASP Juice Shop, task 8 questions are completely bugged. the flags doesn't appear even when clicking in the panels in the "score-board"

even deleting cookies and site data can't make the flags appear

is there a way to see the flags?

seems the only way to get the flags is terminating the attack box and target machines after each solved question

in the room attacktivedirectory at task 4 i can't get it to work, even if I follow a writeup to the letter. using the list of usernames I get 0 matches

What are you using to get them?

The list of usernames found in the room. I found that there are two versions on GitHub, neither worked

In the Burp Suite: The Basics room there is a link in Task 10 to the portswinger cert that doesn't work, the old one from the old burp suite room works. I hope i'm not wrong and they are different certs but if possible maybe somebody could check.

https://tryhackme.com/room/burpsuitebasics

This is the link from the new room:
http://burp/cert

And this is from the old one that works:
http://localhost:8080

dunno if this is technically a bug or not?
LST Room V2 VM
-Task 3 Question 3 has a different answer than the ``** ** ***** ********` would lead to believe, intentional misdirection?

Hmm. Indeed. ok fair enough, thanks

Gave +1 Rep to @vital vine

Hey folks I'm on the first tutorial https://tryhackme.com/room/tutorial# and there is no ipaddress anywhere on this page that produces any http response as far as I can see. No red box at the top for example. The IP of my 'attack box' is not the IP its looking for and If I press start machine it only starts hte attack box but if i press it again it says I can only have a maximum of 3 machines open

How do I close/shutdown machines that I'm not using ?

Thanks for the help @vital vine

Gave +1 Rep to @vital vine

Works fine for me 🤷‍♂️

Bear in mind that the URL http://burp is (obviously) not gonna work if you're not connected to the proxy...

Yeah i was connected but didn't work for me and for the guy who reported it at first... gonna try again tomorrow and come back with an update, thanks Muiri

Gave +1 Rep to @obsidian kiln

idk it keeps loading the page continuously like earlier

The link from the old room works but only if you are connected to the vpn and with burpsuite open, the new one doesn't load the page regardless of the vpn and burp being open...

You do not appear to have your proxy on

Yeah well sorry, i've read above when you first said proxy and my brain immediately thought of the vpn connection, sorry for the fuss

And thanks

Gave +1 Rep to @obsidian kiln

Np 🙂
The http://burp shortcut can only work if the proxy is capturing your traffic. Accessing it directly is a lot less clean, but obviously works

It actually specifies in Task 9 also all these steps that i didn't notice until now, i've finished the old room and got used to that

Yeah saw that now in the before task 😄

In SSDLC, Task 4, there is a minor typo. The post says "GDRP." It should say "GDPR"

Fixed, nice catch, that got past a lot of us 😄

Fixed

-ban 797435969996587030 -ddays 1 nitro scam

🔨 Banned Tonymontana#4963 indefinitely

Hello hello my dears,

So I just completed the CompTIA Pentest+ path and upon completion you get a voucher of 10%, that is stated to be valid until end of 2021. Just thought I'd let you know.

It should still be valid, https://help.tryhackme.com/miscellaneous/redeeming-comptia-pentest+-discount?from_search=90078916

I still have the student offer, but I thought I Would let you know the text is wrong 😄

anyone know why this happens on annie V2 room?

Just closes again instantly

https://www.exploit-db.com/exploits/49613

ofc with my own shellcode + ip

Looks to have a msfvenom shellcode in it.

I think you want to use msfconsole and exploit/multi/handler with that specific payload

I suppose, but the writeups did not do that

But I'll try

I'd suggest trying #room-help for this if you have issues first 🙂

It was refrenced in https://tryhackme.com/room/bof1

this may be a site bug, idrk

Looks like that room was retired, I'll remove the link, thanks

Gave +1 Rep to @midnight sand

Ohh, why do rooms retire?

Generally because they're old 😅 but it can also be because the content is outdated, doesn't match quality guidelines, and is unpopular. It may also be because a newer version is more applicable

Oh ok! Thanks

Hey, Web Enumeration Task 12 .... VM keeps crashing can't get a Nikto scan to finish without it crashing 😦

https://tryhackme.com/room/webenumerationv2

How do you know the target crashes?

I ran nikto -h TARGET_IP and nikto -h TARGET_IP -p 8080 -Display 2 and did not crash so far. 🙂

hi guys !
just a thing about this room : https://tryhackme.com/room/rpnessusredux
it seems that from the last nessus version, the plugin id for the question What is the plugin id of the plugin that determines the HTTP server type and version? have changed . I'm right ?

i'm running nessus 10.3.0

The icy MP responses stop

in the Web Enumeration room, in the last task (task 13 - conclusion), there is a room called RPWebScanning that was made private, so we cannot access it, but it's still recommended and there is a link to the room

Hey, I've been trying since 13:00 - 14:00 same commands and it opens fine but then ping ICMP drops out and it hangs for a little then recovers ... will try again

here's a sample of the output:

...again with a new instance

!vpnscript

nope ... just the single THM vpn connected

The rest of web enumeration and the vm's worked absolutely fine

Try port 8080 instead of 8083.

Will do thanks

Gave +1 Rep to @glad badger

@eternal summit if u still around

-ban @nocturne needle -ddays 1 Nitro phishing. Secure your account and then appeal this ban by emailling bans@tryhackme.com

🔨 Banned vn._creations#4353 indefinitely

@solemn sinew Thank you

Gave +1 Rep to @solemn sinew

hi

the is a room bug in try hack me linux fundamentals part 1

im busy with uploadvulns and on magic.uploadvulns.thm i get internal server error 500, i tried many different things and i can't seem to complete it. i started googling and found some other people who finished it it followed 2 different people there solution step by step multiple times and it doesnt work. the times i don't receive the 500 error it still say submit=failure

Try upload a known good image. if that doesn't work, redeploy the machine.

lol that worked, i was trying for a while already thank you very much

Gave +1 Rep to @misty cave

im trying to do the pickle rick challenge room but i have tried on 4 different machine's by now and time and time again i lose connection to the server, even my active webpage which i was not even browsing atm just had the page open dissapeared. my gobuster scan worked a few minutes but same time my page dissapeared it started timeout exceeded retreiving headers. im pretty sure the problems ain't on my end. i really want to complete this today since its the last challenge for your certificate

Are you on a VM or the attackbox?

im on a vm as always

Type ip a

And count the number of tun* you have.

im having tun0 and tun1

Then type

sudo killall openvpn

Then once you have done that, reconnect to the VPN

Then do Ip a again.

i restored back 1 vpn gimme a minute to see if the error persists

It shouldn't do.

seems all good thanks alot 😄

Gave +1 Rep to @quaint sparrow

My guess is maybe one time you shut down your VM without disconnecting the VPN, rarely the VPN will still run.

Always best to Ctrl + C it when done 😄

Happy hacking!

good news guys i solved the big mystery

internal.thm is now http://10-10-x-x.p.thmlabs.com

No

wdym

It's not... You just need to add it to your hosts file.

The THM labs address is totally different...

i remember one of these room i solved like that

hold on im gonna try that

Ok, but that doesn't apply to internal which requires a hosts file entry
It was not a mystery at all. I think the room even tells you.

can i upload image here

that works thanks

Gave +1 Rep to @eternal summit

i dunno how but mines works too 😄

hello, the room Crash Course Pentesting is not free anymore i think can anyone confirm it for me please.

u can open in incognito window

it does not work

CC:pentesting?

yes

The room is private on purpose.

The room has been marked retired.

You should post the room where you found link so site staff can remove it.

okey

I tried it 🤓

It is still free, just not public anymore

so I have to ask the permission of the one who created the room?

No, it's retired. There's plenty of content to replace it.

ok

I got a bug with vulnnet:roasted. Came back from lunch break and the vm is still up.

Terminating it and then refreshing the page will say its still up. No way to shut it down. Anyone knows a solution for this?

If u go to the url to see what active target vm's are running. It's says even i started it at 6 am. Seem's weird i started on this specific room at 10 am.

CTRL-F5 to force a refresh that clears everything, and if it is actually still up then there's a pinned message in #site-support for killing all your active VM's

Thank you!

Gave +1 Rep to @misty cave

https://tryhackme.com/room/wiresharkpacketoperations task 3: question 1: answers as ||10.100.1.33|| but looking at the file it looks like this:

which gives another ip as the answer

namely: ||10.10.57.178||

you are right, but for kinda the wrong reason - the question asks for destination address and the statistics in your image show both source and destination

oooh that is a good catch

looking at just the destination address, ||10.100.1.33|| is still more frequent than ||10.10.57.178|| though

yeah shadow spotted the error after your comment... good catch and thanks

Gave +1 Rep to @sonic willow

https://tryhackme.com/room/lateralmovementandpivoting/
this room having some promblem since 4 hours

on my kali box it says

_─_ nslookup thmdc.za.tryhackme.com


;; Got recursion not available from 10.200.71.101, trying next server
Server:         1.1.1.1
Address:        1.1.1.1#53

** server can't find thmdc.za.tryhackme.com: NXDOMAIN

No

from attackbox

on the other hand i tested with breaching AD it is working just fine

ik first i tried it on my box then attackbox

it's been 4 hours but not enough votes so i can't reset it

okay thank you

Dunno if this is intentional or not

answer tolerances

i.e you can typo the answer slightly on some tasks and it will get accepted as correct

Alr thanks.

Gave +1 Rep to @rugged canyon

ye ye got it

just reload the page and it will correct itself to the real answer

I'm too tired to learn stuff rn so I m revising things I already know haha

thats fair.... enjoy segmenting knowledge better into your brain

Just to make it clear, the intended answer is ||10.100.1.33|| which is correct when you look at the "Destination and Ports" view for IPV4. I think that means this is not a bug, but i'm not sure if it'd be better if we add "Destination and Ports" to the question hint...

I found error in WbeOsint room of tryhackme

In it's second task 3rd question What is the first nameserver listed for the site?

I did whois and it showed me this

Now according to it answer would be NS1.BRAINYDNS.COM

But this is wrong when we specify it as answer

when I looked walkthrough it showed me this

Now I would be finding whole day if I would had not watched walkthrough.

ahh yes this is a problem with the much older content on THM. I've updated the answer in the room so that it now expects || ns1.brainydns.com|| (: ty

Gave +1 Rep to @quick depot

https://tryhackme.com/room/dailybugle
First question is "wrong"
If you copy paste the answer directly from the box, you get "Incorrect answer", you need to remove the - before it's excepted.

the site in the room upload vulnerabilities is not working

https://tryhackme.com/room/uploadvulns

Did you add the site to your hosts file?

#room-help please until you're sure it's a bug

Tbf, Lassi pointed them here.

They weren't specific about what they needed. In this case, it's help rather than reporting a bug

Nah, that's true.

welcome sir

another error is in task 7

we need to write answer and in it we will write liquid web, l.l.c

but when we do IP History it has record of liquid web it does not specify l.l.c

and in walkthrough it has l.l.c record

another reason why questions based on public information should be about the process rather than the answer

Thanks

Gave +1 Rep to @misty cave

A room / dependency probleem bug in easyctf : the required exploit script is a python2 script. Fixing and migrating the script is a bit out of scope for a easy room (in my eyes) and getting to run a python 2 script with python2 and pip2 etc is a sort of knowledge I wouldn't require for a easy room. Maybe add a little text blob explaining that python2 python3 part

https://tryhackme.com/room/easyctf

For your future use, the Attackbox has Python2 installed, so you can use it to run python2 scripts. In this case i had to run python2 -m pip install requests termcolor (which due to only subscribers having web access on the attackbox may make it harder for free users) but that's a lot easier than converting to python3.

Yeah totally, point is that my students where stumbling when I ran university course last week. For a little easier room the version problems should be at least mentioned in the text, especially if most walk throughs are older and not mentioned the situation.

Just bumped the difficulty a bit above beginners.

Gotcha, I'll bring it up and see what can be done without giving too much away.

@misty cave thanks Also as a General Feedback from running a course with 30 students right now maybe having maybe a beginner tier or something like that where these kind of roadblocks are not there. Some easy rooms have a easy First exploit but a hard second stage.

Gave +1 Rep to @misty cave

-ban 740987583584010402 -ddays 1 scam

🔨 Banned DarkHawk#4392 indefinitely

oof

hello again, im trying to complete eternalblue room and in the 2nd part i need to get the vulnerable exploit running. i tried a few times since it was telling me i probably need to restart my machine a few times. so i did but i keep restarting and the run/exploit cmd keeps failing. i even used the video to see if its correct what im doing. and it was correct. so now im clueless.

lhost is set

10.0.2.15

should it be my thm ip?

tyvm

Re: #room-bugs message
The https://tryhackme.com/room/encryptioncrypto101 is still referring to the private room (CC Pentesting is the hyperlink to the private room)

Note: This room expects some familiarity with tools, and some research into how to use them yourself!
I recommend completing CC Pentesting first for some familiarity with John The Ripper.

Yup, it's a retired room. Not sure what to replace the reference with at the moment

Just remove the note altogether imo

It's James' room, so figured I'd take a peek and it looks like he's not a fan of that room #room-bugs message

-ban 850070964669775943 -ddays 1 Nitro scam link. If account was compromised, change password and add 2FA, then appeal by emailing bans@tryhackme.com

🔨 Banned Massi#5183 indefinitely

I know this is old, but the room is up!

Yes, because it was now ready for public release. 🙂

Just started TryHackMe and am on the Vulnversity box. Task 4 asks me to try upload a few filetypes to the server. It asks "what common extension seems to be blocked?" I just made new empty files and named them test.txt, test.exe, test.pdf, etc. All of them were disallowed it seems? I eventually found out the answer from the walkthrough, but when I tested it it gave me the same response as all the other types did. Anyone else had this happen?

Not a bug, but it's poor wording

It's "what common file type, which you'd want to upload to exploit the server, is blocked?" really

Ah, right

"Intro to ISAC" room Task 8. I got a Windows Activation Error when I RDP to the VM

Passed it on, thanks

Gave +1 Rep to @signal cairn

"Introduction to Web Hacking"
"Content Discovery"
Task 3 "Manual Discovery - Favicon"

All of this exercise has been updated except the answer that is asked to be provided.
The md5 hash value that we are given is d41d8cd98f00b204e9800998ecf8427e which is related to Zero byte favicon
The answer that is currently accepted is cgiirc

I'm pretty sure your curl failed then...

Oh my bad then, I'm going to retry

Are you a subscriber or a free user? I'm just wondering if the curl fails for free users

subscriber

Ok, I'll put a note in there for that.

Did you get the correct one?

I did it again and you were right, I found the correct result. Do you want me to delete my messages?

Nah, it's all good, it means people who search can find the thing 🙂

I've added the following to the task Note: This curl will fail on the Attackbox if you are a free user, in which case you should use a VM for this. If your hash ends with 427e then your curl failed, and you may need to try it again. ( @vital vine that should cut down on how many of those questions need to be fielded 🙂 )

Alright thank you

i tried that, but my windows powershell Doesn't like making it a oneliner...

oooh, wget https://static-labs.tryhackme.cloud/sites/favicon/images/favicon.ico -UseBasicParsing -o favicon.ico ; Get-FileHash .\favicon.ico -Algorithm MD5 works

curl and wget are both just aliases for Invoke-WebRequest in PS

Crack The Hash Level 2 is broken Haiti is a broken tool.

It is for me lol

└──╼ $./haiti 741ebf5166b9ece4cca88a3868c44871e8370707cf19af3ceaa4a6fba006f224ae03f39153492853
Traceback (most recent call last):
2: from ./haiti:7:in <main>'
1: from /usr/lib/ruby/vendor_ruby/rubygems/core_ext/kernel_require.rb:85:in require'
/usr/lib/ruby/vendor_ruby/rubygems/core_ext/kernel_require.rb:85:in `require': cannot load such file -- haiti (LoadError)

Well....... it's not a user issue..... more like an issue with a poorly documented tool.

Huh......

How do you even install it......

lol

There is a binary file in there........

Added the Powershell instructions

Oh hahaha

Gave +1 Rep to @misty cave

I ran the gem install haiti-hash command wrong earlier

Thanks @vital vine

Gave +1 Rep to @vital vine

I wanted to make the powershell window a different colour, but couldn't find a room where someone did that...

I know i've seen it though

In the Metasploit:Exploitation room, my machine from task 6 always kind of resets when I switch back to my kali atack machine. All my previous commands are gone, my root and most importantly, my reverse shell is killed. But the file I downloaded to it stays.

You mean when you have both machines in split view, right ?

Ok, its probably just my command line that is reset, not the whole machine, but that doesn't fix my problem.

I have the task on the left side and both machines on the right, where I can switch between them, but not have them open at the same time

Yes, that's already reported.
To solve that meanwhile, open both machines in full screen rather than split view, so you can use your browser tabs to switch between the machines

Hi all......

I think there is a bug with the Crack The Hash Level 2 room........

I'm working on task 5 question one and i get the following error after running the command in the instructions;

└──╼ $python3 wordlistctl.py fetch -l dogs -d
--==[ wordlistctl by blackarch.org ]==--

usage: wordlistctl fetch [-h] [-l WORDLIST [WORDLIST ...]]
[-g {usernames,passwords,discovery,fuzzing,misc} [{usernames,passwords,discovery,fuzzing,misc} ...]]
[-b BASEDIR] [-d] [-w WORKERS] [-u USERAGENT]
fetch_term
wordlistctl fetch: error: the following arguments are required: fetch_term

That's exactly how the room instructs people to complete the question by entering this command;
└──╼ $python3 wordlistctl.py fetch -l dogs -d

Right.......

Well......

I guess the room instructions might benefit from being updated.

Can you outline what the old instruction is, and what the new instruction is?

@misty cave No...... I'm not aware of what the correct command is right now i've switched to a different machine.

let me know when you figure it out and I'll update it. Working on other stuff atm, so can't go looking

@misty cave Oh no that's alright..... So....... Is it your machine ?

Nah It was made by a community member about 2 years ago, but i have access to all rooms on the site 🙂

@misty cave Oh i see......

+rep

@misty cave Thanks........

Gave +1 Rep to @misty cave

Not really a bug, rather a nuisance: introlan/task3 wants "adress" in 2 answers and "address" in the last answer. I was expecting it to be spelled consistently. The tasks use "address", as does the tooltip for ARP.

Have you refreshed the page?

Already finished the room and called it a day. Can test tomorrow if necessary.

Actually, can I re-answer questions to test such fixes? (assuming you wanted me to test a fix)

Refreshing updates the answer field to the one stored on the back end

Oh. Ok. So the answer to your question is „No“ then. At least as far as I can remember.

You can reset the whole room to answer again

Not much point though

https://tryhackme.com/room/blog bugged. User.txt doesn't work.

I'm seeing "Address" on the backend on all three. I think your one letter out was enough to make the regex happy 🤷‍♂️

frustrated with the file inclusion room. I already finished task two and was on three and I wasn’t getting the web server response I thought I should have gotten. I went back to step 2 and sure enough, it wasn't working now. Again, I already was able to close that step. Now, instead of getting /etc/paswwd I am getting an error page with an Apache response saying server is on 8080. Port 8080 isnt even open.

i let the room time out. came back and hour and a half later with a new target IP. Same bugs

Frustrated. I am just going to a different room. I guess I'll practice this at Portswigger academy.

@hazy tiger ⬆️

-ban 651696071382401024 -ddays 1 Scam

🔨 Banned AP XD#3960 indefinitely

thank you @hazy tiger

Gave +1 Rep to @hazy tiger

Is this a bug in https://tryhackme.com/room/furthernmap ?

Task 14 asks "Does the target (10.10.92.96)respond to ICMP (ping) requests (Y/N)?"
It marks "N" as the correct answer

But nmap -sn 10.10.92.96 returns the following output:

Starting Nmap 7.60 ( https://nmap.org ) at 2022-08-29 02:14 BST
Nmap scan report for ip-10-10-92-96.eu-west-1.compute.internal (10.10.92.96)
Host is up (0.00011s latency).
MAC Address: 02:95:65:C5:F5:E7 (Unknown)
Nmap done: 1 IP address (1 host up) scanned in 0.26 seconds

I am a subscriber and am using the Attackbox, which has IP 10.10.154.135

yea but can u just ping it?

Oh my goodness I am a fool. Thank you

Out of interest, is nmap doing it with an ARP scan here?

in https://tryhackme.com/room/winadbasics Task 3 Organizational Units is spelled with a z in the contents but in the extra information widget thingy it is spelled with an s.

in https://tryhackme.com/room/dataxexfilt Task 4 Question 1 relies is spelled relys, might be a US / UK thing but I don't think so.

Hi, this isn't a bug but i think there is a little mistake in room "Protocols and Servers" Task 6.
The second question asks how many emails a user can download with IMAP. That do make sense, but as it is the pop3 task, I guess it should be pop3 insted of IMAP.

remember that Nmap has different behaviour doing that scan if you're running as root vs not. On the attackbox you are root, so i believe it does do an arp scan.

by extra information widget do you mean the Microsoft Docs?

Nope, that one slipped by me, I'll update it.

It seems the error was in the glossary. I corrected it already.

Cheers

In room: https://tryhackme.com/room/nmap04 in Task-3 when try to detect OS version. w/o -sS, the -O not give OS results
I'm i missing something or?

https://tryhackme.com/room/threatinteltools , i think in this room needs an update. When i try to answer from uriscan.io it didn't consider correct exat answers.but if i search medium there a old answers.

This is addressed in the room 😉 The results obtained are displayed in the image below. Use the details on the image to answer the questions:

https://tryhackme.com/room/uploadvulns - starting in task 5 (remote code execution) I'm having an issue where when I go to upload anything, be it a jpeg/png/shell/etc, it will show the file but when I hit the button to upload, nothing happens and it refreshes. I'll then check the /resources and it shows that nothing got uploaded. Thought it might have been me, so I skipped down to task 7 (bypassing client-side filtering) and ran into the same issue. It'll show that I either selected a png or not, but will never actually let it upload. I've tried using both Kali linux and attack box and both gave same issues. Also verified my /etc/hosts file was set up correctly per the instructions given.

are you getting http 500 errors? Might be worth killing the VM and restarting it

That's the weird thing - no errors at all. I've tried restarting both machines multiple times as well.

Been a long time since I did that room, Not sure what's happening here sorry. Hopefully someone else swings by with an answer

Hey I appreciate the effort regardless. Worst case scenario, I'll just take copious notes and watch someone on youtube

In the https://tryhackme.com/room/allinonemj room, the flags aren't working for me

Thanks haha, I forgot about that

Gave +1 Rep to @vital vine

In Wireshark 101, Task 7, there is a grammatical error under ARP Traffic overview under the first image.

"The Opcode is short for operation code and will you tell you whether it is an ARP Request or Reply."

Fixed that and made some other minor improvements to that paragraph, thanks

Gave +1 Rep to @dusky remnant

You're welcome.

Room: Year of the fox
Link: https://tryhackme.com/room/yotf
Issue: When I try to forward port 22 to other port to be accessible from outside (read multiple writeup and they use same method), I get this error
My Command: ./socat tcp-listen:1234,reuseaddr,fork tcp:localhost:22

I tried to download it from my machine but add the path but still doesn't work

Room: Sysinternals
Links: https://tryhackme.com/room/btsysinternalssg
Issue: Task 3 states that you should be able to change the advanced sharing settings so that you can access a network drive. However, the THM virtual machine has been configured to not allow this setting to be changed, meaning you cannot complete sections of this room

I have found numerous bugs within the SecOps and Monitoring section of Cyber Defense, I will document as many as I can remember

Room: Sysmon
Links: https://tryhackme.com/room/sysmon
Issue: From what I understand, the room is supposed to create a virtual machine which contains Sysmon and the configuration files. However, the the room instead creates a headless virtual machine which I have not been able to access using my OpenVPN client.

I've managed to RDP into this with no issues from the Attackbox and from my own Kali VM via the VPN. If you're having issues connecting i suggest using #site-support

did you RDP using Remmina? Thats one I have not tried

I tried rdesktop which I have used during my university degree but that wouldnt connect. But I think rdesktop struggles to connect to THM virtual machines

I did yes. If you used xfreerdp you'll likely need to put single quotes around the password as it has special characters.

Then i'd suggest using something different XD

I have used Remmina before, but my main issue was that the remote desktop was a small 4:3 interface, making it unusable. I'll try xfreerdp

remmina has a button that allows automatic scaling to any size you resize it to. You can also set the resolution before you connect if you want. I'd recommend you try different tools out and explore them before writing them off completely 😉

By the looks of it Task 3 needs some big disclaimers that you can't actually run it in its entirety on the VM (no internet access), and should instead continue to use the installation in C:\Tools\sysint\ that was introduced in task 2 to complete the room. I'll figure out what I want to put in there to fix that one.

Thanks 🙂

Gave +1 Rep to @tacit sky

Room: OWASP Top 10
Link: https://tryhackme.com/room/owasptop10
Issue: Task 25 wants you to change the cookie value for "userType" from "user" to "admin" in order to access the /admin page on the website. However even without changing this value, the /admin page seems accessible

Read / Google the error 🙂
You're trying to use a dynamically-linked binary -- i.e. the libraries that it depends on are not on the box. You need to a version that has been compiled and linked statically (i.e. the dependent libraries are included in the build).

TL;DR: not a bug

thank you for clearing this, i did googled the error and try some various command but i wasn't clear of what linked binary means so that was why i couldn't go through it. i'll look more into it

Gave +1 Rep to @obsidian kiln

Np! Hopefully that'll help 🙂

Room: Osquery
Link: https://tryhackme.com/room/osqueryf8
Issue: For task 3, the answers for the first 2 questions are out of date. I had to look up walkthroughs online to get these answers. Osquery has been updated a few times, so these answers will need updating. There are similar issues with Task 4 questions 3 thru 5

hi there ! i got stuck in hydra lab because the site which gonna be cracked is not displaying

i checked my proxy and the firewall but i didn't find anything

need help please

Use #site-support or #room-help please, since I don't think it's a bug on the room itself

i will try it thanks anyway

Room: Osquery
Link: https://tryhackme.com/room/osqueryf8
Issue: Task 9 requires you to load an extension called "plgx_win_extension.ext.exe". When you use the recommended command, the extension cannot load because the "Extension binary doesn't exist"
Command from room: osqueryi --allow-unsafe --extension "C:\Program Files\osquery\extensions\osq-ext-bin\plgx_win_extension.ext.exe"
Error being thrown: Extension binary doesn't exist in: /home/tryhackme/C:\Program Files\osquery\extensions\osq-ext-bin\plgx_win_extension.ext.exe

Room: Annie Link:https://tryhackme.com/room/annie Issue: running 49613.py gives me a callback but no shell connection closes after a few seconds. msf module also doesnt work. i think its bugged.

did you change the port???? did you change the ip???? did you forget to change the shell code that you need to edit after using msfvenom???

yeah i think i wouldnt get a callback if not

you should leave the port as 50001 or it won't work

i.e the port variable in the script needs to be 50001 but the port in the shell code should be the correct port for your msfvenom and handler

i know

as i sad there wouldnt be a callback i allso checked some writeups in case i messed it up but they did the same

heavily doubt the room just broke on itself

so try and make a new shellcode and replace it again

yeah whatever others in the forum have the same problem

so i just do another room

my usual schedule if i get into issues is: do i think i did it right => restart the box => not working => rethink what i did => no solution => restart vm => still not working check forum or writeup. thats what i do before even think of reporting.

yeah wait a sec... going to test it themselves to see if it is broken or just some weirdness with the script for you

thx

works for shadow weirdly enoughs

$ nc -lnvp 1234
Listening on 0.0.0.0 1234
Connection received on 10.10.31.198 57690
whoami
annie
id 
uid=1000(annie) gid=1000(annie) groups=1000(annie),24(cdrom),27(sudo),30(dip),46(plugdev),111(lpadmin),112(sambashare)

mmm k

thx for the help

i try run it from attack box maybe

good luck and hope you can fix it somehow

there are other rooms to have fun with if not

true

or if you don't mind shadow can give you the ssh key file and you step up from there

linuxfundamentalspart3 / task6

Crontab is one of the processes that is started during boot, which is responsible for facilitating and managing cron jobs.

shouldn't this read as "Cron is one of the processes that is started"? At least, the service is called cron.service. The process also is "cron"

linuxfundamentalspart3 / task7

When developers wish to submit software to the community, they will submit it to an "apt" repository.
How about
"to a repository. For Ubuntu (and other Debian based systems) this will be an "apt" repository.

Am I overly pedantic? Is this something to be requested somewhere else or should I just keep ignoring this stuff because you people are getting enough of such requests?

It's beginner content so this might make it more confusing than it already is

Ah, ok. I'll keep this in mind.

nope still no luck but thx for the sanity check

Gave +1 Rep to @rugged canyon

no problem

Hmm....task 7 also gives some strange instructions which are confusing, at least to me.
It talks about using add-apt-repository to add a new repository,

Let's walk through adding and removing a repository using the add-apt-repository command we illustrated above.

but goes on manually creating and editing a list file.
In the end, it wants to remove the package (sublime in the example) but now uses add-apt-repository to remove a completely unrelated repo (with placeholder syntax) and then removing the package itself.

Is there a way this can be streamlined/cleaned up?

It's not something I should be pinged for, discord mods are not site staff

Understood.

Moving this stuff to the feedback form.

I don't see the stuff in the feedback form, but can have a look through here 🙂 just don't ping anyone specific, and we'll deal with em when we can 🙂

That sounds a lot like you're trying to execute this on the wrong machine. You're confusing a windows path and a linux path. (Yup, file exists when you use the right machine.)

There's no problem with this. I suspect you either haven't launched the machine attached to the room, or have made some other error which you should be able to troubleshoot. I'm going to assume your other bugs for this room also aren't valid.

Please make sure to take these basic troubleshooting steps before jumping to assuming it's a room-bug. In future can you submit screenshots of the issue, and what you've done to try and verify it?

Edited it to One method of adding repositories is to use the add-apt-repository command we illustrated above, but we're going to walk through adding and removing a repository manually.

+rep @vital pilot

Gave +1 Rep to @vital pilot

Just echoing this typo in the question for the task.

Adventifcyber2 day 2... without any value for /?id= You can still upload files.

Ah looks like i derped on this one

Missed this, fixed now, thanks

Gave +1 Rep to @thick stone

thanks for the bump

Gave +1 Rep to @gleaming latch

Welcome

Hey guys, I'm facing the same problem with room networkservices as this : #room-bugs message

What's the usual way to forward issues to the room creator ?

There is a strong chance you have started the incorrect machine.

Just terminated the machine and started the machine related to task 9, same ftpfinal name

Ok, let's move over to #room-help as this isn't a bug.

How is it not a bug when the answer for question 1 of task 9 is not in line with the results of the scan ? I did find the right answer but it doesn't match the scan results.

Easy.

There is more than one port open on the machine.

I don't want to put too much publicly, can I reach out privately ?

No, public is fine.

#room-help is there for stuff like this 🙂 It'd be useful to post what exact scan you're using over there 🙂

@raw bison

Thanks, just forgot the ddays 1 for that one 🙂

Thanks, nicely done 😄 dunno where they all came from

Gave +1 Rep to @raw bison

@hazy tiger

-ban @rich igloo -ddays 1 Nitro phishing. Please secure your account and then appeal by emailling bans@tryhackme.com

🔨 Banned Renren1503#5020 indefinitely

I'm doing the RA 2 room and I can not for the life of me to get internal dns resolution working.

Hi, im think there is a mistake in the room of Python Basics: https://tryhackme.com/room/pythonbasics, there is an 'elif' where there should be an 'else'.

Lmao how was that missed

good catch

hi!
I just spinned up Forsniff CTF room. https://tryhackme.com/room/ctf
I didnt dig too much yet but i think its might be broken by pastebin.
the clues leading to this twitter page: https://twitter.com/FowsniffCorp
there is a pastebin link https://pastebin.com/NrAqVeeX which contents has been removed recently by pastebin.
thanks in advance

i look at waybackmachine. Until is fixed, here is wayback pastebin that link
https://web.archive.org/web/20220307210821/https://pastebin.com/NrAqVeeX

you rock man!

thanks

glad to help

I'm not sure this is a bug.
In the File Inclusion room Lab #1 does not care which directory layer you use. It always returns the preview content of /etc/passwdas if it's already at the top layer and not at /var/www/html

You're specifying "/etc/passwd" as the path right? That's a full path, with the leading /.
If there's not ../ being prepended, or ./ then it's just going to accept the full path.

In summary, not a bug

oh... Good catch 😄 I've fixed it now. Thanks for pointing it out 😄

Gave +1 Rep to @wanton oyster

https://tryhackme.com/room/redteamrecon

Task 5

Should be "ViewDNS.info"

Has it above as well

It's nothing! 🙂

there's a bug in the answer for the user in task3, 4th answer, of this room https://tryhackme.com/room/networkservices2
it accepted the correct italian word "cappuccino" but the actual user is "cappucino"
I realised after trying several times to ssh into the machine with the wrong username, and I kept referencing the previous answer I gave thinking I was using the correct name

oh i didn't know there was any, yea i see the answer has been corrected

Hi, i facing some trouble with connect to RDP in room Relevant , if this behavior is expected?