#room-bugs

Ohh, I didn't know that. That's ok

thanks for the response 🙏

Would you like me to delete my msg or leave it as it is?

It's fine to leave it here

Alright, thanks for the quick response

Running into issues following this room's instructions:
https://tryhackme.com/room/windows10privesc
In Task 11, it tells me to do

git clone https://github.com/Tib3rius/creddump7
pip3 install pycrypto
python3 creddump7/pwdump.py SYSTEM SAM

I did a bit of research and had to use pycryptodome instead of pycrypto, ran into some compatibility issues with the old package

I have the same problem. The flag.txt from the Administrators Documents folder is missing.

Hey 🙂 I'm taking a look into this @unreal bough @keen sluice

Oh it's not just me, thanks for conforming Ethlaron.

Thanks, and no problem

Thanks Ben for looking into it.

Gave +1 Rep to @dusky junco

Update: this is resolved now. If you terminate and re-deploy the machine in task 2, you'll be good to go 🙂 sorry, I'll admit that I missed this when creating the new machine. cc @unreal bough @keen sluice

Nice, but shouldn't the flag be in the Alternate Data Stream? The question strongly hints at that.

I think you are meant to launch vel and it will show you wants in the ADS, normal files have an ADS stream.

Thanks man, easy miss. I appreciate you fixing the box 🙂

Gave +1 Rep to @dusky junco

Hey yup, so I'm not entirely sure the technique the content developer who created the original box used for this. I appreciate this is an important subject for the room. I'm going to look into re-creating it. For now, the room is completable 🙂

Is there a bug in the Nessus tool room? Anytime I try to scan the active machine IP address, no vulnerabilities are detected. Kind of frustrating

Red Team Capstone Challenge - .89 is no longer reachable from attackbox

Hello, I have asked several times without an answer... I am on the machine Jumpbox, I tried with attackbox, kali web machine, and my own browser. In all cases I can't connect to port 80, do you also have the issue?

Thank you.

https://tryhackme.com/room/jumpbox

https://tryhackme.com/room/insekube could not pull image from local - even with suggested config 🤔 ?

Well, find a solution, but differs from hints in text.. different image?

Good evening please, I need help, my AttackBox Machine on Tryhackme has been black for a long time and prevents me from working. Has anyone ever encountered this error?

@hallow karma Not sure if this is related to the issues I was running into. Do we have amplitude data for this?

It may have been released long enough for the local cache to clear. If I understand the original post correctly

well... I think it would be enough to enhance the text of the last task a bit to not mislead to use a non-existing image. It works, but maybe not as intended.

Thanks!

Gave +1 Rep to @dusky junco

Why do so many rooms have technical or content problems which stop learners in their tracks?

That's one example, and I completed it without that knowledge.
That's also an ancient room.
If you have any more examples, please do post them here.

There's a bug in the kill chain question where one answer is absent so you can't complete the challenge

Can we get this fixed? Observe how there are 6 answers on the left but recon is missing on the right so you can't actually answer the questions to proceed.

Read the task, that’s not what it’s asking you to do

Certificate for this image in the OSI model room expired

Can you check if you can access Imgur

imgur loads fine

Howdy. For the BreachingAD room (https://tryhackme.com/room/breachingad), I'm having some DNS problems. I configured DNS as instructed on both my AttackBox and my Kali VM (VPN'd in). It appears that the DNS service is either off, or malfunctioning on the THMDC machine:

┌──(kali㉿kali)-[~]
└─$ nslookup thmdc.za.tryhackme.com
;; communications error to 10.200.26.101#53: timed out
;; communications error to 10.200.26.101#53: timed out
;; communications error to 10.200.26.101#53: timed out
Server:         1.1.1.1
Address:        1.1.1.1#53

I configured Kali to use Cloudflare as a fallback. See screenshot for my network settings.

aaah this problem again but this time not for shadow

oh this is a thing that happens a lot?

well apparently

shadow "fixed" it by making it so they joined another subnet

i.e leaving the room
waiting 5-15 mins
rejoin the room
regen the vpn configuration file
connecting again
settings up the dns again
then run nslookup to see if it worked

ahhhhhhhhhh

Cc @glad badger I think this might become a major qa issue as Imgur takes down anonymously uploaded content

ditto

nope. got a new subnet but... still can't connect, either on Kali or AttackBox

welp not much shadow can do then

shadow is just fine. will contact THM support for helo

You can contact support but you’ll receive much faster support here

Oh! Okay, awesome. Thanks Janna

*Jabba

*Jason dammit autocorrect

I did the things Shadow mentioned:

• left room
• took 20 minute break
• regen'd network-specific OVPN configuration
• redid OVPN config on Kali box
• reconnected

Now I have two problems. Firstly, I still can't resolve DNS for the AD controller. Secondly, the OVPN config is incorrect on my Kali machine. And a new AttackBox container did not start the VPN automagically.

This is what I see when I try to connect using both the AttackBox and my Kali box:

2023-05-28 21:02:44 Using peer cipher 'AES-256-CBC'
2023-05-28 21:02:44 Error: problem with tun vs. tap setting
2023-05-28 21:02:44 Exiting due to fatal error

Forum: https://tryhackme.com/forum/thread/63729476e7f018006020992f

Have to add something to resolv.conf to fix this. Seems hacky.

This about breaching AD?

Edit your ovpn file and change dev breachad to dev tun

@lunar turret

@wispy geode Got it, great success, thank you very much. That worked and I'm unblocked.

Gave +1 Rep to @wispy geode

How do I give you Rep?

Awesome

The bot gives rep when you mention or reply to someone and say thank you, thanks, thnx

It's nice fake internet points 😁

I love it. It's like Reddit karma but better

hello, I cannot access the machine in the linux fundamentals 1 room:

I should be able to access it directly from my browser and don't need anything like a vm or the attackbox

oh we got another one that has this problem

it is kinda rare but they are probably still investigating what is causing it

@hazy tiger are you busy or could you look into the above.... it is the white screen split view again

I think the devs are asleep

ping says the host is up, but using the ip adress in the browser returns: unable to connect

after the nmap scan; using ssh with tryhackme and tryhackme works as alternative ^^

Most of the images in room Linux Modules (https://tryhackme.com/room/linuxmodules) are not being displayed.

What's not to understand? It's clear on the right side, the missing part "Recon" cannot be filled in so the learner is stuck.
What's your view?

Open the provided ATT&CK Navigator layer and identify matched TTPs to the cyber kill chain. Once TTPs are identified, map them to the cyber kill chain in the static site.

To complete the challenge, you must submit one technique name per kill chain section.

bit of a issue not sure if its a bug or just fix it with a refresh but im in a system trying to scp a file to my home system problem is it asks for a password looked on the info tab and the password is N/A on my machine so kind of hit a road block here

@agile sequoia Did you get it to work?

Hi guys and ladies. It seems to me like a bug in room Blue (which is Eternalblue practice room on Offencive Pentesting path). The third question on screen has the answer || RHOST || which is obvious but wrong.

guys in apache log file poisoing attack : box Archangel:

im uable to get the php code execute and get result. any one wants to help?

This isn't a bug, it's just answer tolerance kicking in, since you have almost all the answer correct.

It helps with spelling and such.

The longer the answer, the greater the answer tolerance will be used.

How should I submit this answer then? Wait till next day?

I just had a second look, I'm still not awake.

You're missing a letter from your answer.

Oh, I see. In Metasploit both RHOST and RHOSTS are valid that's why I was confused. Thank you @quaint sparrow

Gave +1 Rep to @quaint sparrow

Yeah answer tolerance should have picked that up

this problem occurs in the windows fundamental room 1 as well

and why is there a wireshark installer on the vm?

Hi, please use #room-help for this

Hey there, attempting metasploitexploitation room using attackbox, keep getting issues when running modules: not sure how to work around it

this also: Error: 10.10.114.136: LoadError cannot load such file -- active_record/associations/has_many_association

Hello, the registry explorer won’t start on machine of #Unattended room. It remains in state where it says starting. I aborted after about 15 minuten. VM also seems very slow.

Hi there, anyone facing the connection issue to CapStone?

Hi there, I saw that one of the questions on burp-suite basics may be outdated, because i just downloaded a new version and there is no sub-tab for 4 letters in user options

Hello, the room:

Digital Forensics Case B4DM755

You have incorrect text in the following item:

Including hidden files, how many files are currently stored on the flash drive?

It should be fixed to:

Excluding hidden files, how many files are currently stored on the flash drive?

@proud carbon

Hello @copper tide,

Thank you for carefully examining the details in Digital Forensics Case B4DM755 😄

The original phrasing is intentional. The question was written as "Including hidden files, how many files are currently stored on the flash drive?" because it considers the hidden files.

There are two hidden files on the flash drive, which total eight files when added to the six visible files prior disk imaging and recovery of the deleted files.

However, I understand how this can cause some confusion.

Thank you for your observation, and we highly appreciate your help in maintaining the accuracy of our materials

Gave +1 Rep to @copper tide

hello guys and ladies i think i have a problems with some rooms especially older ones i don't some kinda of adblocker or firewall blocking but it seems that pictures are not loading so is anyone else experiencing this problem

Is it Imgur pictures?

yes , i think you experiencing too

No, my ISP/Country doesn't block them.

Unless Imgur removes them.

sorry, but i didn't understand what you mean by imgur

imgur is the name of the website that hosts some of the pictures.

honestly i don't if tryhackme uses imgur it must be solution for this problem and i think they already know becuase some of those rooms are useful

Imgur's removing images that aren't attached to accounts

In the SOC Level 1 Path - under Yara, Task 8, I run the command that it tells me too, and it says "system seems to be clean", but yet all the questions are asking "what yara rule did it match on", "what does Loki classigy this file as" etc.

Hey I'm having a problem with the Post-Exploitation Basics room, when I try import the .json files into BloodHound it is telling me Bad .json file

Can someone help me with these questions? I'm not sure what I'm doing wrong. I've checked walkthroughs, and they all seem to use the same command.

[Room: Common Linux Privesc]- [Task 9 ]-[Question] Now we're inside tmp, let's create an imitation executable. The format for what we want to do is: echo "[whatever command we want to run]" > [name of the executable we're imitating]

What would the command look like to open a bash shell, writing to a file with the name of the executable we're imitating

My awnser : echo “/bin/bash” > ls

But i still get (Uh-oh! Your answer is incorrect). Even after looking in mutiples walkthroughs

Can someone explain me?
I am in "The Lay of the land" room, I am interesting that file which is not located in "Desktop" of user but command line's command showing that file

I used this command as room taught to me: Get-ChildItem -Hidden -Path C:\Users\kkidd\Desktop\

Actually your answer is correct! Are you sure to not mistake such as extra space, less space or something

Hi I'm making room https://tryhackme.com/room/contentdiscovery# and i have to open firefox and then type http://MACHINE_IP/robots.txt but im getting an error 405 method not allowed, anyone know how to fix it?

You haven't deployed the target machine

MACHINE_IP is automatically replaced when you deploy it

thx

Would you help me solve this problem?
Room is private

If this is an error on our behalf. Please contact us.
"

room Volatility

mean the room is either very old and outdated
or broken
or getting updated
it also means you probably won't get access to it unless it gets made public again which does not happen supper often
if you can tell where you got linked to it,,,, the link to it will probably get removed to avoid same confusion for others

do you have the same shape?

¯_(ツ)_/¯

¯_(ツ)_/¯

🙂

weird yeah seems shadow can access it and it is not private for shadow

hmmmm

thank you

guess it is up to someone else to confirm what is happening here

so we will wait 🙂

Did you have access to it before?

probably not as it says shadow has not joined the room and it looks like shadow has answered 0 questions

https://tryhackme.com/room/volatility

would be the room link

Try the room with room-code volatility 🙂

I can access the link.

guess there might have been an old version that got marked as private but a new one that works then maybe

Snort Challenge - The Basics - Task 2

Investigate the log file. What is the SEQ number of packet 62?

https://octothorp88.medium.com/tryhackme-snort-challenge-the-basics-800c3728c65

This is an error in the room; the correct answer it the ACK number for packet 62 not the SEQ number.

This error still exists

Hi, in this room https://tryhackme.com/room/phishingemails5fgjlzxc, the start machine button doesn't exist. I also tried in many ways, but it doesn't appear. My friends also tested.

Please don't try to ping THM staff for this. The appropriate people monitor this channel.

Thanks, I deleted it.

Gave +1 Rep to @eternal summit

Forwarded it, appreciated 🙂

Hello everyone!
I am in Windows Priv Esc room
I didn't understand this, What is "thmservice" in this command?
In real world how do I know what should I type after "accesschk64.exe -qlc" command
I mean How this rooms creator know that "thmservice"

They created the service in order to give you this example, irl you'd have to list the services and go through every one yourself to see if there's anything you can take advantage of

You'd also have to upload any tools to the machine yourself

How I list avialable service can you tell me or show me hint

This is the #room-bugs
Your questions should really be in #room-help
It's not a bug if you don't understand the content

Ooo I am sorry I made mistake, I know I should ask that question from room-help

Velociraptor room -> Task 4 -> Question 2

The answer for the question "How many files were uploaded?" is supposedly 20.

But the number that I'm actually getting from Velociraptor's output is 19

https://tryhackme.com/room/linuxmodules

full of broken imgur image links now due to imgur removing images not linked to any accounts

The start machine button should be available now 🙂

Thx 🙂

Gave +1 Rep to @rugged canyon

no problem fontaene

It should be bug!
This is from "Windos priv esc" room task 7 Abusing Vulnerable Software
I did everything one by one as room.
Here you can see use "pwnd" part of administrator group, but when I type it credentials it doesn't work
I think it is bug or something other

I encountered a bug at Windows Privilege Escalation # Abusing vulnerable software too
RDP keeps disconnecting

Just update. I try to access it without password, surprisingly it did work. I can access user "pwnd" without password but according to room's teaching i should type password. I am confused

Hi guys, I am having issues with https://tryhackme.com/room/windowsprivesc20 (Task 3 / IIS Configuration). I am supposed to find credentials in web.config file but they are clearly not there. Could you please fix that?

I recently completed this room, I suggest to you restart machine and try again. (I assume you did wrong that causes issue)

Hello ! I have issue with the room "Hacking with powershell" - Task 3 - Question 3 (How many cmdlets...). I've run the right command which gives me a certain number which is not validated, I've searched some walktroughts and videos which gave another number but it's still not validated. 😕

Hi, I'd like to report a few typos in https://tryhackme.com/room/linprivesc

should be "its"

in task 3, don't capitalise this

same task, should be "accessed"

this sentence is hard to comprehend, my suggestion: 'The reason for the above three different "find" commands (potentially) returning the same result is that "perm" parameter affects the way "find" works. This is confirmed by the screenshot of the command's manual as seen below:" or something

Same task. Other than the comma being unaesthetic, the second clause is ... not good. Suggestion: "This allows for an interesting privilege escalation path, which we will examine in more detail in task 6."

same task, ||3.4.0|| is also installed on the target machine

same task, should be "seems"

should be "few of them, rather"

should be "while keeping in mind that"

I'd argue that a simple as would be a better replacement

Otherwise it's a bit too wordy imo

and here would add Would be better to familiarise yourself with a few of them, rather then having a single go-to tool

sure

then
no

Why?

Than

"Then" is an adverb that refers to a specific time in the past or future. For example: "I went to the store, and then I went home."
"Than" is a conjunction used to compare two things. For example: "I am taller than my brother."

Oh I thought you were talking about my whole suggestion

Yup, my bad :)

Not really a bug but was not sure which other chat to put this in but the room called "Carnage" question : "
What is the domain name for the first IP address of the Cobalt Strike server? You may use VirusTotal to confirm if it's the Cobalt Strike server (check the Community tab)." The answer given for this is the 2nd IP address that is accepted as the correct answer not first. So there is an error in the question wording and the correct answer should be the domain name of the first IP address not the 2nd.

Update : i also tried to leave/rejoin the room, still not validating that answer

https://tryhackme.com/room/iso27001
this room has lots of typo, grammatical mistakes, pointing them out individually would be tedious.

Task4 above

here's I am meant to scroll through the text, until unless one hovers, one can't notice even, its just there

multi lines could be easily paragrahed, I don't understand why this sliding thing happened.

out of nowhere, 9 is highlighted, among every other subtopic?!

I am afraid if this content was just copy pasted, who is that "he" being referred there?

@muted musk I believe this is your room?

snort challenege room task 2 - seq# of packet 62 and ttl for packet 65 dont seem to be right. snorts output makes it seem obvious but it's wrong.

and isnt the syntax on the output $sourceip -> $destip? either im wrong (more likely lol) or the answer for the last part of task 2 is backwards?

Yes it is
I´m sorry i need to improve my english
Any recomendations about what should i write there?

is there anyone having problem with OWASP Top 10 - 2021 machine?

the index page is just loading

it seems not only this room the other rooms are the same

is there high load on the rooms or something!!??

If it’s happening on other rooms, then it’s probably not a bug #site-support

hi do you know if the alfred room it still available : https://tryhackme.com/room/alfred

https://tryhackme.com/room/kali My-Machine page is 404

in task 3

Staff are aware, not sure why it isn't in #1092490706385383524

The kali room and my-machine page have both been deprecated. A reasomably long time ago too.

They're indeed very old, just saw them on my way and reported 😄
Thank you for the response.

Gave +1 Rep to @eternal summit

Deprecated, not just old.

Thank you for letting us know. Although the Kali room is still public, this room is a likely candidate to be retired in the near future. 🙂

Gave +1 Rep to @agile mason

Happy to help 🙂

There is bug from "DNS Manipulation" room. Because python code works well in my linux machine after transferrring those codes. But it doesn't work from attackbox (I installed all modules and requirements)

Hey, ftp isn't working for me on the Brainstorm room. I can login into it anonymously but it doesn't list directories or files. It's probably extremely slow.
can anyone share the dll file and the chatserver.exe file? I would greatly appreciate any help

I am doing the room GitHappens, and when I download the repository files with the git-dumper tool, it doesn't download the commit files. any idea why? #githappens

Within Phishing Analysis Tools : Task 7 Phishing Case 1, on the last question, you are asked to find the shortened URL and then defang it. I chose CyberChef to Extract the URLS from the .eml file and got 2 shortened URLS which are slightly different than what the answer is.

Not sure if this is a bug, But i cant see any content here.
https://tryhackme.com/room/introwebapplicationsecurity

I cant seem to post pictures yet

it resolved itself after reloading the page 5 times, not sure if browser or server issue.

Possibly.

If you want to upload screenshots, you'll need to verify your account.

!docs verify

!docs verify

Hello, the Pyramid of Pain practical (task 9) seems to be broken. Whatever order you put the answers in comes out wrong. Luckily you don't need to complete that part to finish the task, but it should still confirm your answer.

cc @dusky junco

It's not broken.

Not for me anyway

Trying to do the Redline room, following the directions preciesly, and none of the analysis files are forming/importing correctly.

Hello @tropic flame I'm facing issues for months now trying to work on the OpenCTI room. The OpenCTI instance is totally unreachable. Many users are facing this problem and it's really impacting for my work. Could you please see what's going on ? Appreciated : https://tryhackme.com/room/opencti

@glad badger This machine often takes a long time to start up. I think it says 5/10 minutes but I had to wait a little longer (subscriber) for it to start.

Possibly add a message in the room to say it may take 15 minutes to start up?

Thanks a lot @hazy tiger but in fact I've been waiting for almost half an hour and nothing

Gave +1 Rep to @hazy tiger

(I have a subscriber access)

smart grotto room not working. One of the steps is to modify the etc/hosts file to make it show 10.10.21.99 development.smag.thm then save it then when you browse in the url bar to that it should pop up but its not

#room-help

In the "Introduction to DevSecOps" room the static site is missing for me. It is also not showing as that little icon in the task section.

@tropic flame Can we hope to have an answer please ???

... You do realise you're typing to a bot?

I do, but what else I can do.... 😒

I addressed it under your original message^ 🙂

Anyone address this? I found the same thing today

what the heck with breaching active directory room?

why I can't launch the network?

So, I don't have buttons to activate, or stop the network and also don't have information about network status?
for example, in enumerating active directory room i have all this things

Blaster machine is not working according to the walkthrough!

up

lately the rooms links on advent of Cyber 3 (2021) dont open up a working link take day 5 task 10 doesnt allow me to use the link to open up the page

In burp suite - intruder the question for task 7 is wrong (?) in the attack box, burp suite's intruder pitchfork has a max of 5 payload sets but the answer is 20. Is the burp version outdated on attack box that causes this discrepency?

is Zeek Scripts not working for others? facing syntax error from a newly launch machine

root@ip-10-10-119-111:/home/ubuntu/Desktop/Exercise-Files/TASK-7/101# zeek -C -r sample.pcap -s 101.zeek
error: Error in signature (./101.zeek:1): syntax error

root@ip-10-10-119-111:/home/ubuntu/Desktop/Exercise-Files/TASK-7/101# cat 101.zeek
event zeek_init()
{
print ("Started Zeek!");
}
event zeek_done()
{
print ("Stopped Zeek!");
}

hi guys do you happen to know why we can't use nmap function in vm's ?

what error do you get?

this is my second attempt to do the room after giving up a few weeks ago due to the same issue. The attackbox never connects to the network for me like it's supposed to. I've started and restarted and restarted the attackbox, left the room, re-joined, repeated... arggh.

Added to the review ticket. 🙂

it's finally working for me 🥳 after an hour entering and exiting other AD rooms thinking "fine, I'll just move on" and then "no wait I'll be lost" I tried it again and it's working. 👏

Look at the top right, what is the network state?

Are you able to leave the room and re-join?

Just bumping this to the top. Issue still exists. User options "Misc" sub-tab no longer exists.

https://tryhackme.com/room/linprivesc in Task 7 for the find command, the 0 before the suid bit is unnecessary. it doesn't cause any harm for it to be there but it's best to remove it from there to avoid any confusion for newbies

also the machines in this room so far have failed to create a home folder for the karen user

Screenshot?

here you go

Hm weird

is this an old room?

Yes, not sure if it was updated or not.

I believe the whole room should be looked over and overhauled a bit. I pointed out earlier in this chat the various grammatical mistakes and occasionally hard to understand phrasings in it. I'm not saying that it's a bad room, it does teach what it wants to, but it doesn't feel that it lives up to the standards of the rest of the site. For example https://tryhackme.com/room/linuxprivesc does a much better job at explaining this stuff, but it has less practicals. Maybe combing the two together might be a good idea to end up with something that's worthy of being on a learning path.

It is an very old community room

How many cmdlets are installed on the system(only cmdlets, not functions and aliases)? is there a solution for this

In the SOC 1 path --> Cyber Defense Framework section will not show completion. It keeps showing I have 97% complete and missing one question in the Mitre Room. But I have completed it 100%! It's really frustrating how many bugs and errors are on this site!

Hey. We are working on a solution for this and troubleshooting why it's taking that long to boot up. I apologise for the issues and inconveniece

https://tryhackme.com/room/burpsuiterepeater - The id we're pointed at, nr 2, is not the CEO, who's got id 1. So if you get the notes for id 2 it's empty. For 1 there's the flag. FYI @hazy tiger . Btw it might be start to change it to two so people don't just get the first one 😉

Sorry, why am I being pinged here? 🙂

You told me on thm to send stuff here on the discord instead and to tag you. Sorry if I shouldn't ❤️ 🙂

Thought I'd report room bugs without sending them there. Which is better?

Ah, yes, I remember you:)
For streaming, recording or general site queries, I’m okay with being pinged (within reason)

For room bugs, you’re free to post them here or create a ticket through the site, but I don’t directly handle them. Feel free to post them here and they will be picked up by the content engineers, QA or (if I’m around) me

Ok, thanks Jason ❤️ Sorry for the ping 🙂

No harm down :)

So I am doing the basic static analysis room, and couldn't get the other browsers to open, so I used google chrome. It said it needed to unlock the profile. I did and a bunch of tab were already open trying to load

Did it maybe not clear from the last person, or something else?

slow as all get out too, though that may come with the territory

https://tryhackme.com/room/burpsuitebasics - The Active Machine with the name "Bastion v1.5" spins up but never responds to http requests so the tasks cannot be repeated. I have tried this using different browsers on different networks three different times today. The http never gives a response.

It is supposed to return the Bastion page

Are you waiting 5- 10 minutes?

Are you on the VPN?

It doesn't clear the VM after each person.
It spins up an entirely new VM for each person from the saved VM the creator uploaded.
When it's terminated, the machine state is permanently lost

I was using the VPN. I will try again now.

Just tried again. Still not loading. Even did an NMAP scan and it says host not responding.

What's your target?

The Bastion page

IP....

MY VPN IP: 10.18.28.72
TARGET IP: 10.10.63.238

It works for me.

Do you have any errors on your VPN output?

No

I am properly connected. In your first screenshot you were not connected to VPN.

Yes I was.

If you look in the top right hand corner, you can see my tun0.

can we go to a VC?

No.

So I may share screen?

!docs verify

If you verify you can send screenshots,

And since this isn't a bug, but a connection issue, we should move to #site-support

"Works for me" does not really prove anything.

ugh

this is annoying.

It proves it works, and it's not a fault with THM.

So it must be something on your end.

A since you won't verify your THM with Discord, you can't attach screenshots.

And you can't join the VC because you're also not verified...

YEah I got you I'm verifying

https://tenor.com/view/works-on-my-machine-ryan-gosling-works-on-my-gif-24523830

"Bug" or rather a needed update. All the burp intro rooms are for an older version of burp before the settings where separate.

At one point I found the answer to a question by looking at a screenshot in the room but at another one I had to start the attackbox that uses the older version. A bit of a hickup if you're using a vm & vpn but not a big one. I can imagine a true newbie might give up though ❤️

I understand you would have to update the attackbox to fix this but why not let us learn on the current versions of software instead of older versions.

Thanks! 🙂

Yup, burp is on the list to fix

https://tryhackme.com/room/wazuhct - Room has very confusing wording, Task 7 is particularly a nightmare. There are also some odd screenshots such as: The one that says to select rule but is highlighting "Administration", there's really no point to draw extra attention to the Administration section, would be better if the red box was around "Rule".

Also randomly has a question:
Ensure that you are logged in to the Wazuh management server on 10.10.229.53
But my other questions:
Ensure that you are logged in to the Wazuh management server on 10.10.186.32

I haven't restarted the room, nor the box, so not sure why it's asking me to go to another IP (it doesn't work), nor does it give me login creds for the new IP it wants me to connect to. I am connected to 10.10.186.32 Wazuh.

Overall the room is very easy and doesn't require much to deduce the answers but it's kind of a headache to read if you're actually trying to get the information and not just speed run the room.

I tried both rdp and ssh and creds didnt work. I never use the split view unless necessary, which in this case may be. But I am going to try yours and the others suggestion on changing the password in split. Cheers.

Just use the Split View, I think that’s what I had to do. Iirc I manually enabled ssh just to have an easier time lol

I will agree this room is very vague on these bits

Right? Great material but a bit vague at times.

Yeah depends on the author/creator tbh

Looks like this is still an issue

It’s under review :)

hey , i have a problem with the Overpass2 room

what i can see is just a loading screen

I imagine so, but then why were there a bunch of tabs and a browser profile in use already?

I tried it again today, and this is the error I got after trying to open chrome a few times

also for some reason the internet is not working in the VM

The OWASP Juice room also have old Burp stuff FYI

https://tryhackme.com/room/uploadvulns in the Complete Beginner path. In task 1 you're asked to start the machine and to add an entry to the hosts file, then in task 2, you're told you need to do two other rooms first. Might be a good idea to just swap there two around. The suggested rooms are 13 & 15 task long and seem learning intense, so if you havn't done them they'll take quite some time 🙂

This isn't really a bug.

But are the two rooms in question before the room in a learning path?

Hello, i think i noticed something wrong in this room : https://tryhackme.com/room/linprivesc
Task 5, we are supposed to use an exploit from CVE : https://www.exploit-db.com/exploits/37292

But when i try, i have this error message on the remote machine : ./exploit: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found (required by ./exploit)

I tried a few exploit but all of them looks to use C libraries. When i take a look in the writeup. Everything looks fine for the person who try.

Did you compile that on the target vm itself? That error means the binary was compiled targeting a libc shared library that doesn’t exist in the system you are running the binary on.

Not a coding bug but a logic one 😉 No, they are required for the room but not in the path. This is the case for other rooms too, like the one before, the OWASP juice shop. It requires Burpsuite Repeater that's not in the path (but we find this out right at the top of the room!!) (I ended up doing all the burp rooms while I were at it.) I don't mind doing extra rooms since my goal is learning, but since the path is Complete beginner all pre recs should really be in there 🙂 ❤️

If certain rooms, or the knowledge you gain in them, are required for a room, it would be great to place this info in the first task ❤️

I have to agree with Sofia here, it'd be better to have the introduction / prerequisites first before the deploying part

Imo it's still not a bug.

But, as scrubz said, techincally not a bug

Rather for #feedback-and-ideas

Depends what you'd classify as a bug :P

Doesn't hurt to post it here though

yeah junior pentester path has burp suite rooms in it but they are after some of the rooms where you more or less need to have burp knowledge to pass through it

Sounds like a general logic check of the reqiurements for rooms in the paths would be great too then. I expect there's quite a big chance that people just give up or go somewhere else to learn, and that's not what thm would like, right 🙂 no moneys 😉

@placid abyss @quaint sparrow Suggestions/ feedback are also welcome here regarding rooms

cc @obsidian kiln some feedback regarding uploadvulns

thanks @weary urchin 🙌

Gave +1 Rep to @weary urchin

Thought so, thanks

Gave +1 Rep to @hazy tiger

Thanks @hazy tiger

Gave +1 Rep to @hazy tiger

Thanks @placid abyss

Oh yeah sorry, that was the problem. Thanks for your time.

Gave +1 Rep to @supple crescent

Did somebody completed the Aurora EDR room recently? I am unable to complete the scenario as there are no other logs generated than errors and informations about a licencing expired issue:

no valid license file found 
   Module: Aurora-Agent 
   Licensepath: C:\Program Files\Aurora-Agent 

License file found 
   Module: Aurora-Agent 
   Owner: xxxxx Aurora Agent (xxxxxx @ tryhackme.com) 
   Reason: license expired 
   Valid: false 
   Valid-From: 2022/06/05 
   Valid-To: 2023/06/13 

I haven’t done that room at all but do you have perms to change the time on the relevant vm to something within that range?

Yes, we have permissions to change the VM time and that solves the issue. I feel stupid for not thinking about it. Thank you!

Gave +1 Rep to @supple crescent

Awesome, glad it worked!

Hi can someone please help me, I'm on take 6 practical network simulator and for some reason my network log isn't loading and it won't let me finish because for some reason its not taking my packet

In the velociraptor room, it seems like there is a typo in the image. It shows the command being issued from program files, and it really should be issued from program files\velociraptor.

Bug on Burp Suite: The Basics section: Options. Question: 3.
Question:
In which base category can you find the "Updates" sub-category, which controls the Burp Suite update behaviour?
Answer should be: Misc.
But answer format is: *****

How should I pass this?

Hi I am doing the room “OWASP Top 10 - 2021” Task 10. After I spin up the Attack Box I cannot see anything running on port 82

Hello.

In this room: https://tryhackme.com/room/furthernmap, task 14 (Practical):

The first question: Does the target <ip here> respond to ICMP (ping) requests (Y/N)?
The answer is Yes, when I do (nmap -sn <ip here>) from the attackbox against the targeted machine I get "Host is up" back and when I submit "Y" it says it's wrong and only takes "N" for the right answer.

are you sure you are pinging the right machine??? some people ping their attackbox instead of the target machine

Yes I'm sure, double-checked everything now.
From the attackbox, ping sweeping the IP address of the machine (Active Machine Information

• Red header) and tells me host is up.

The answer is "Y" but "N" is accepted as correct.

yeah because that is how the target machine used to work and doubt that should have changed

So in this case the answer validation is not correct, right? just making sure I'm learning correctly and not missing anything

Hello 👋.

I have a Issue in this room: https://tryhackme.com/room/bashscripting

the problem being: some of the questions/tasks are completely unrelated to the information above.
For example in task 4 (parameters), there is no piece of information related to the task "How can we get the number of arguments supplied to a script?"

Forwarded, thanks for reporting 🙂

Gave +1 Rep to @half solstice

The thing is, if you are using -sn from the attackbox, it's using an ARP request to determine if the host is up rather than an ICMP request, due to the attackbox and the target machine are on the same subnet. Means, as a reply you should get a mac address.
If you just do ping target_IP you shouldn't get a response.

In the velociraptor room, Task 6 question 3, the question reads,
What is followed by the WHERE keyword?
It should say something like, "What follows the WHERE keyword?"

I see about the subnet...
Indeed, ping target_IP resulted in 100% packet loss.

Thanks a lot for the clarification!

Gave +1 Rep to @raw bison

I'm having the same issue everything I found shows it should be "Misc" so I just moved on to the next task for now I've seen a few other posts about it so hopefully answered soon.

Done!

The room gives a url in task 1 and states ‘feel free to use it to help you through this room’, my assumption would be that the intent was that for answers not explicitly given in the content, you get from info at that url or other external source (man pages, etc)

Yeah that could maybe be the case. Thank you for the answer!

Gave +1 Rep to @supple crescent

Hello , this room: https://tryhackme.com/room/windowseventlogs 's virtual machine just disappeared and I can't access it. Is it a scheduled updating or a bug?

Hello, I have completed this room: https://tryhackme.com/room/winadbasics. However, it doesn't count as completed.

Forwarded, thanks for reporting 🙂

Gave +1 Rep to @split marsh

Heyho, in the "Attacking ICS Plant #1" room, the answer to the second question in Task 2 is missing a ')'

Hello Red Team OPSEC task has 7 problems. The site does not working. Answer 45231. Don't submit

Red Team - Sandbox evasion Task 4 - section Taking a nap.
This section discusses adding a sleep delay to the dropper.ccp main function as a way to evade short running sandbox's however the displayed code snip refers to code for checking the host is a windows DC from a later section "Querying Network information"

It works, you just have to follow the example and use the answer format shown in the text box.

45231 won't work, but 4 5 * * * will.

What am I supposed to do here? At a certain point, the room stopped working, and even terminating it would do nothing as a page refresh would show it was still there. And this shows I cannot even wait for it to die 😦
It's not the browser either, I have two THM sessions on two devices on two different networks and they both show this "error"...

well, as I posted this the room died. It's not the first time this has happened, however, and for this room only (for now)

room https://tryhackme.com/room/yara (Yara 3011v2) In-browser machine doesn't render underscores _ -> shows them as spaces instead.

Room: Threat Intelligence Tools - https://tryhackme.com/room/threatinteltools#

Task 5 - Phishtool

Question 4: What is the Originating IP address? Defang the IP address.

Question 5: How many hops did the email go through to get to the recipient?

It is not explained within this task nor is it obvious how to answer either of these questions.

The task also doesn't make use of Phishtool at all with the attached machine, which is odd. It's like an entirely different task/questions.

Task 6 - Cisco Talos Intelligence

Similar issues as well. Doesn't seem very clear as to how to actually proceed with the task. It says you need to download a file, but that file is existent on the virtual machine, so are we to download it to our computer from there? Or do we log on to the phishing tool from the VM? It's extremely slow and clunky trying to do that, so it's a bit odd still.

Same with the rest of the tasks pretty much. For example, Task 7 scenario 1, how are we supposed to figure that out? It's not explained in the task or the room.

Doesn't explain how to find the hash in order to use the cisco tool to answer the question etc.

overall an extremely frustrating room and the tryhackme forum seems to have the same feelings

https://tryhackme.com/forum/thread/62e93bf06458eccfa7f7def2

guys I've noticed that the deploy room for the room I'm doing is gone? anyone who experienced this?

ditto seems there is no machine to launch in said room

something has gone wrong somewhere

I'll forward it, thanks for reporting 🙂

Gave +1 Rep to @sudden sable

Should be fixed again

Hello,
I’m having issues configuring dns and connecting to domain.
Even after setting dns with systemd-resolve conmand , nothing works. This is for lateral movement network
Please Advice

Hello! I have been trying to finish the room https://tryhackme.com/room/breachingad for a few days, but it is impossible to ping the main DC, and the reset button doesn’t seem to be working either
Thanks for reading my message 🙂

Are you on a VM or attackbox?

Attackbox

Hi, I am trying to start with https://tryhackme.com/room/breachingad as well - I tried both via openvpn and attackbox but have had no luck in setting up the DNS (on both openvpn/attackbox) and cannot really start the room. I raised a bug ticket ID #8833

In the "Hacking with PowerShell" room I think the machine is different.

I agree, also some files are NOT present, so it is not possible to answer some questions like : Number of cmdlets, number of local users, number of local groups, date of KB, content of backup, file with API_KEY.

Did you change your /etc/resolv.conf ?

@quaint sparrow yes - I tried that - in summary put in nameserver 10.200.20.101 (the IP of THMDC) - when using openvpn and my own kali vm - and tried to run the command as per room page on attackbox - but still no joy

@Scrubz - I just noticed (sorry first time in discord ... been busy going through the paths) the breaching-ad network chat above - saw your discussions, will try that (leave room, wait 5 and retry - hopefully getting another subnet) - I did try leaving but joined in less than 5 I think

@Scrubz - it worked! 😮

@Scrubz - thanks for your help, I can ping and nslookup thmdc.za.tryhackme.com - thanks heaps

No problem whatsoever,
Glad you're up and running.

@quaint sparrow any help with this ?

I'd need to boot up a machine and see.

Thanks in advance

Gave +1 Rep to @quaint sparrow

which task?

For Advent of Cyber 2022, task 13 (Smart Contracts), one of the solidity files doesn't compile in Remix, even with the specified compiler version.

If anyone knows how to fix, please let me know. Thanks!

weird... wonder what changed to make that happen

anyways if you can read smart contract code or code in general you can use that to get the flag

@ivory rover ⬆️

ok thank you

Gave +1 Rep to @rugged canyon

Hi i found out a writing error in a room

which room
which task
which sentence????

and yes this is the place to report it

Piramyd of Pain, task 4, "Because Any.run is a sandboxing service that executes the sample, we can review any connections such as HTPP requests"

Hi there o/
@quaint sparrow @wheat fractal @bright flax
I've noticed this bug too in "Hacking with Powershell" room, is it confirmed that there's something wrong with the VM ? 🙂

I had a look last night but was unsure what I was looking for, I can have another look later and try and help. (I'm not staff)

Yep, no problem (I noticed that you're not staff, don't worry, that's already cool to take time for us, thanks).
Here are some examples of differences between VM's results and correct answers in the room :

Gave +1 Rep to @quaint sparrow

Hey:) sorry for the inconvenience. I recently made some changes to this room to update it but it looks like it's had some un-intended problems. I'll look into this today

Ah, Ben's on the case 😀

Perfect, thanks to both of you 👍

Gave +1 Rep to @dusky junco

Hey 👋 just to follow up. I've made some changes to the VM. I'm just testing it now, but the VM should reflect the expected answers fine now. I've also added some guidance especially to Task 3 Q#3 re. the cmdlets - there're numerous ways to measure how many cmdlets are installed but they provide different amounts based upon your query. I've added a hint to this question to make it a bit clearer on exactly what the answer is looking for (i.e. the question is expecting you to follow the format of the room i.e. Verb-Noun | module-module. You could, for example, use Get-command | measure which technically is correct (though gives a different output), but it isn't the approach that you're taught in the room. If that makes sense?

cc @quaint sparrow

Ah, that's great Ben, I need to actually finish this room too.

Thanks!

Gave +1 Rep to @dusky junco

Anyone doing the Virtualization and Containers room? I think task 5's question is bugged.

Great, thanks again, I'm gonna continu my work in progress in this room tonight ! 👌

Gave +1 Rep to @dusky junco

Hi Benjamin, I beleive so too! 😕

YAY, it's not just me 🙂 I thought my docker skills weren't that rusty 😉

I put in a ticket, so i'm sure it'll be fixed soon. Apparently they're off today though.

Awesome! 🤩

You could just post in #1126165932482506893

Some people have finished the room

Why, what's wrong?

RE Task 5 being bugged, I just done it, it's straight forward, and only took 5 min(s)

Can't say the same sadly

Doesn't accept the correct answer

Did you get the same flag?

The underscores are missing.

I just went to the ||machine_ip:5000||

Then theres a bug, the underscores don't display in the attached view

What if you curl?

No, they physically do not show

If I type in _ it doesn't show up

It's nothing to do with the specific command being ran, more the actull interface

I curled it too, maybe that was my problem 😄

If your using the split view, the underscores wont show up - no command you use

Nice Jay, thanks! 🙂

Gave +1 Rep to @placid abyss

Seems to be just a "visual bug", as copy pasting seems to pick up on the underscore.
We added a little note to the room.

https://www.youtube.com/watch?v=wdi3p_S7jtQ in this video theirs a " room as LEARN LINUX "it private how can I do the task on them https://tryhackme.com/room/linux1

This is an old room and was probably replaced with

https://tryhackme.com/room/linuxfundamentalspart1
https://tryhackme.com/room/linuxfundamentalspart2
https://tryhackme.com/room/linuxfundamentalspart3

Hi, I am trying to access machine in splunk201 room(uncident handling with splunk) using attackbox and getting 502 badgateway error. Is there a fix?

Hi there. WindowsEventLogs room > Task 5 > Question 2: Answer includes the query for "SubjectUserName", but then when the next question asks how many results were from that query, the actual XPath would have been using the TargetUserName, which results in two. So just a bit of incorrectness in Answer #2 if I'm correct.

I need help. I have been connecting with openvpn but when I'm trying to open a ACMI site with my virtual ip address the page is still loading

Hello, the machine in this room: https://tryhackme.com/room/vulnnetroasted seems to be crashing fairly often, and/or becoming unresponsive.

i am getting remote server issues as well

https://tryhackme.com/room/webenumerationv2 Task 6
Q: There are some virtual hosts running on this server. What are they?
The command learnt in the information section gives output 1 which is quite confuzzling for a newbie ❤️
After googling I found that adding --append-domain gave the correct result

#room-help might be better place to ask from room-bugs

mhm, this might be a result of a newer version of gobuster? The VM hasn't changed and it definitely used to work with the provided command. I'll take a look into it next week:)

Yup, I saw mentions of workarounds by downgrading too. Odd that a new version not would be backwards compatible to this extent. Thanks ❤️

And thanks for a great room. Enough into about a tool to get a basic understanding and some use so you know where to dig down later, but not so much as to overwhelm.

Gave +1 Rep to @dusky junco

Fyi on this and other rooms btw. Most rooms use the path SecLists while it's all lower case on my kali vm. I checked the attack box and it has the pascal case one. I guess kali is the odd one out since the git proj is called SecLists so if you clone that's the name you get too. Maybe not something that would make a noob stumble but maybe worth mentioning somewhere?

just started Local File Inclusion and im getting an error msg 502 -> Bad gateway when i just started the machine

waited for 2 mins

Forget what i said....it fixed it self

its fixed now

Okay glad to hear it's sorted itself. Usually this error means that you need to wait a bit longer for the machine to start (think of it as you turning on your PC and applications staring up) 🙂

Yea thank you. Literally stared working a second after i wrote here haha

Gave +1 Rep to @dusky junco

Did you ever figure this out? I am having the same issue.

I'm getting an error in the Snort room when trying to run traffic-generator.sh "Failed to execute child process "tcpreplay" (No such file or directory)

Never mind, figured it out seconds after posting. Needed to use sudo.

hey guys, I'm doing overpass3 and up to the part where I use the user creds to log in via ftp, I'm then supposed to craft a php reverse shell and upload it to the server. every walkthrough i've followed through on allows the user to cd to backups and use the put command to upload their shell. I keep getting an error saying that it couldn't create the file. wondering if the room is bugged as every other video i've seen it's working fine.. they cd to backups, use put ~/Downloads/payload.sh.php and it uploads. cannot recreate on my end.

The room hasn't been modified
If you verify with the bot and post a screemshot below, I can look into it

!docs verify

Sorry for the delay, yeah i figured that out eventually after a lot of swearing 😄

not sure if the verification worked, I'm guessing thats why i cant upload screen caps?

Yep, if you can't upload files then that's it

easy man, i'll wait for the bot to verify me

It should be instant, please can you try and verify again?

haha, had a dyslexic moment and mixed up where I was putting the ! , i'll grab that screen cap for you

Ahaha, no problem

there be the culprit

Ah right, slightly different problem
Try turning passive mode off

still not able to create the file

I'd suggest dropping into #room-help for this

haha yeah, thanks for your help anyway. I take it it's not bugged at all and I'm doing something wrong

Gave +1 Rep to @eternal summit

AWS Lambda
https://tryhackme.com/room/awslambda

TASK 5 Q1

Using the command "aws lambda get-policy --query Policy --output text --function-name <function arn from task 2>" retrieve the invocation policy for this sample function. What is the Action for the most permissive Statement?

Please Correct: <function arn from task 3>

This is fixed now. Thank you for reporting 🙏

Gave +1 Rep to @dark raptor

the room exploiting active directory is currently not working

or at least it's the http://distributor.za.tryhackme.loc/creds site/machine

which subnet and have you hit the reset button yet???

THM is not getting back to me via the ticket so I am gonna post it here, anyone encountering the same problem in the Linux Privilege Escalating room on the NFS priv escalation task?

Room URL
https://tryhackme.com/room/linprivesc

Task/question
Task 11 / Q: "Gain a root shell on the target system"

Description
When I compile the given nfs.c ($ cat nfs.c int main() { setgid(0); setuid(0); system("/bin/bash"); return 0; }) on my own machine and then mount it on the box and try to run it it gives me this error: $ ./nfs ./nfs: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found (required by ./nfs). I am no expert in C but I am guessing this is happening because of compatibility issues. I also tried other bash shells such as wget https://github.com/polo-sec/writing/raw/master/Security%20Challenge%20Walkthroughs/Networks%202/bash and that did not work as well because of this error: $ ./bash -p ./bash: error while loading shared libraries: libtinfo.so.5: cannot open shared object file: No such file or directory , I tried both on my own machine with the same permissions and they worked.

Error message
lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found | ./bash: error while loading shared libraries: libtinfo.so.5: cannot open shared object file: No such file or directory

ah yes this problem... simple solution try and live of the land... i.e copy the bash binary from the target machine into the nfs share folder... then change the permissions on your attackmachine in the nfs folder and finally run the copied bash binary with suid bit set on your target machine to get a root shell

the problems you are experencing has to do with version mismatchs and libraries being included meaning it will fail because of cross compilation or none static bianry bash version

so you mean cp -p /bin/bash /NFS_SAHRE_FOLDER_PATH on the victim and then on my machine change the permissions of the copied file to be able to execute it as root as then try it like that, please correct me if i am wrong

yuup exactly that

./bash -p to run it after you set the suid bit though

so it does not drop the root privs

alr thank you

no problem

recognise this problem happens a lot so have helped a lot of users with it

it is a good lesson to learn that cross compilation and none staic binaries being hard to use

hi, i introduced some of my friends to thm, specifically the intro to lan room, and although without logging in it says the room is public, as soon as they login to a free account, it sends them to the subscription page

https://tryhackme.com/external/api/scoreboard?roomCode={roomCode} API is not working is there an alternate API for this
https://help.tryhackme.com/en/articles/6498330-enterprise-api searched in this could not find any API
In which chat group should I ask about this issue
Thanks in Advance

@tropic flame

Hey, please contact B2B support if you’re trying to use the enterprise API.

If you’re not on one of our business plans, we are unable to assist.

@tropic flame @hazy tiger support@tryhackme.com support@tryhackme.com
Yes we are on a business plan and have mailed this issue to the above-mentioned email 4 days prior, still no reply, If there is any other email that we can contact for faster support please suggest
Thank you.

Gave +1 Rep to @hazy tiger

Create a ticket through the website

@hazy tiger Please provide link where we can raise ticket Could not find it any where in website.

Bottom right of the website

Thanks Scrubz^

Thank you

Gave +1 Rep to @quaint sparrow

Where is this room found?

Yes, but where did you find the link?

It's a private room, so anyone who's given the link can access the room.

"outwith" is not a typo.

Hi, is there the right place to report a typo on a picture ?

In the room "DNS in detail" > Task 4 > Typo on the picture "Authoratative DNS Server"

yes

👌🏻 , good to know for the future

ROOM: Threat Intelligence for SOC
Task 2 | Question: Based on the set of IOCs, how many IOC hits were discovered in the logs?
According to the Kibana-Elastic virtual machine in the cloud it is showing 45 hits, however, the correct one is 48, I verified it by looking at the writeup on youtube. I put the dates requested by and with the list of ip's Room.

in the room "Windows PrivESc Arena" > task3 > there's a problem copying the malicious exe file from the linux VM to the windows VM .

hi, i think i found a security issue with a recent machine, I wrote to hello@tropic flame but I'm guessing that box isn't monitored over the weekend. Is there anyone with THM that I can report to?

The boxes are supposed to be vulnerable

What sort of issue are you talking about

obviously i know the boxes are supposed to be vulnerable. i think someone has left real-world credentials on a recent box.

hmm @dusky junco

Dm me

3 months later and still not updated

😦

Hello.

I'm doing (Web Fundamentals - Introduction to web hacking) and I haven't finished the last part (SQL Injection) yet, but I received the badge for "Intro to web hacking"

This problem by @orchid schooner was never fixed

Get a bug on room SQL Injection > Task 5, I found the password, but the popup disappears without clicking on its "close" button and it does not show the flag (I have a screen if necessary)

you have some sort of popup blocker or smth ?

ublock origin on my browser (test disabled and it's not better) + dns filter on my lan but it shouldn't interact with THM

let me try run it and will let you know if is the same

👌🏻

when ypu find martin password you get to 2nd tab right? then on top you need to have 1st flag

yeah ... -_-'

helped ?

got stuck on this popup without reading the next page. It's time to take a break and have a coffee

thanks @sharp citrus

Gave +1 Rep to @sharp citrus

it can happen. take brake. and slow you self when learning. no need to speed-run things 🙂

just delete your screen, you have cc the answer on the left 😉

oh. thanks. yea. thnaks

Gave +1 Rep to @pine sandal

Don't know if this was related but I did the smart contract challenge on Day 8 this week and the provided script wouldn't compile. The bug is the import for the openzeppelin strings util, I think they changed how their ABI works and now it has to take a paramter of uint256. Just to make it apparent here is the original compile error

Then you can fix this and make the compiler happy by casting it:

nice you seem to have provided a fix for your found bug so that it can be changed in the descripiton in the room

but yeah the challenge is solvable by actually reverse engineering the flag from the code

Yea IK, can't keep secrets on chain, but unfortunatly doesn't let people do re-entrancy practically. If you guys wanted to implement a long term fix, you could copy the openzeppelin code add it to the zip and import it locally, therefor any future changes wont affect the room.

shadow is just a room tester they don't have perms to change stuff in the room ¯_(ツ)_/¯

would point this towards @dusky junco or @glad badger for fixing

CC @twin tapir this is your day of the AoC task ^^

carbon copies

hello everyone, this was taken from the Autopsy room , task number 7 "What self-assuring message did the 'Informant' write for himself on a Sticky Note? (no spaces)" when i enter the answer , it say it is incorrect , does anyone else experience this?

This isn't a room bug, it's for #room-help or #room-hints In any case, the error already tells you, id_rsa files require specific permissions to work, you can change file permissions with the chmod command. Google is your best friend this field, read up on what permissions are required

This isn't actualy a room bug but more like a room creation thing. I want to upload a banner image to my room but, it only allows urls and my image is a local file. How can I use it?

Host the file somewhere?

Using what service?

Google one?

I tried hosting it on mega but seems THM can't find the file

blob:https://mega.nz/36dfd6d8-6473-4ed3-bfc4-63f8e5e4093a

I was stuck with the same problem and disconnecting from the DB solved it for me

hey guys i am trying to exploit the new room Red v5 https://tryhackme.com/room/redisl33t, I finished the first two tasks and I need to get root access now, for that you need to exploit the binary pkexec on /home/red/.git/pkexec because it has the setuid however for the exploit you need gcc to compile the code but the victim machine does not have it installed and when I try compiling it on my own machine and then uploading it I get this error:
/lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found (required by ./exploit)
any solutions? or should I wait until it is fixed thanks in advance

there is a few solutions... either you can figure out how to cross compile the exploit
or you can look into providing gcc onto the target machine
or the third most easy option.. find an version of the exploit that does not need to be compiled using things like lua or ruby or python

even the one with python needs gcc a snip from the code:

    os.system("mkdir -p 'GCONV_PATH=.' pwnkit ; touch 'GCONV_PATH=./pwnkit'; chmod a+x 'GCONV_PATH=./pwnkit'")
    os.system("echo 'module UTF-8// PWNKIT// pwnkit 2' > pwnkit/gconv-modules")
    f=open("pwnkit/pwnkit.c","w") ; f.write(so) ;f.close()
    os.system("gcc pwnkit/pwnkit.c -o pwnkit/pwnkit.so -shared -fPIC")
    envi=[b"pwnkit", b"PATH=GCONV_PATH=.",b"CHARSET=PWNKIT",b"SHELL=pwnkit",None]
    env=(c_char_p * len(envi))() ;env[:]=envi
    libc = CDLL(find_library('c'))
    libc.execve(b'/usr/bin/pkexec',c_char_p(None) ,env)

main()```

I could not find any other exploits with the mentoned languages, i cannot run apt-install on the victim, and whats cross compiling

keep looking... there are versions that don't use gcc

I think I found it trying it rn

ah thank you shadow i guess i just did not look enough 🙂

Gave +1 Rep to @rugged canyon

I have reported bug by rasing ticket #9195
It has been another 4 days still no reply

Support has a 5-8 day responsibility rate, please be patient.

Ok did not know that thank you for clarifying👍

Gave +1 Rep to @quaint sparrow

Just ask your question.

Ah, you've spammed that in multiple channels..

Just be patient.

Well, 3 now.

Just one would have been great, no reason for the sarcastical tone, you're the one seeking help after all.

that attitude is really not appreciated megalodon

people are volunteering their time?

?

This server is English only

:mute: _m3g4l0d0n#0 has been muted.

Hi. I think there's a task in the Unified Kill Chain room (https://tryhackme.com/room/unifiedkillchain) that needs to be updated. In Task 5 "Phase: In (Initial Foothold)", it mentions Unified Kill Chain's "Weaponization" phase. But a 2020 addendum on the bottom of page 6 of the Unified Kill Chain website's PDF (https://www.unifiedkillchain.com/assets/The-Unified-Kill-Chain.pdf) says "...Weaponization
was renamed to Resource Development following the addition of that tactic to MITRE ATT&CK™ in October 2020 (v8)".So I think maybe the reference to the "Weaponization" phase it should be updated to "Resource Development" and link to the MITRE Tactic TA004 (https://attack.mitre.org/tactics/TA0042/).

Hi. I think there's a mistake in the "Packets & Frames" room (https://tryhackme.com/room/packetsframes). In Task 4 "UDP/IP", it says that UDP headers have a "Time to Live (TTL)" header. But I think that's for IP headers, not UDP. I don't think UDP cares about TTL. I think it was in the table describing IP headers in the room's Task 1 " What are Packets and Frames?" and copied over.

Hi, I think I have found a discrepancy in the information provided for room: https://tryhackme.com/room/redteamengagements

Task 7, "When will the engagement end?". The resource plan provided shows a discrepancy between the ENGAGEMENT DATES: 10/12/21 - 11/12/21 and the actual dates used later such as Post-Exploitation and Persistence: 10/24/2021 - 11/14/2021

Post exploitation is after the engagement,

Late reply, but I am having the same problem

Hello I think I found a bug. I am doing Network Services 2 im on task3 and I cannot get the folder of the remote IP and I have tried closing the VMs and starting new ones still not working

is that target machine still active ?

is that still active target ip ?

I just restarted it

and logout and logged back into my account

let me know new ip so i can try mount it on my pc

10.10.75.142

i created /tmp/dir and used thissudo mount -t nfs 10.10.234.189:home /tmp/dir/ -nolock

still nothing on my end

use sudo

oh sry

that is the wrong answer here as they are already runnning as root

sudo mount -t nfs 10.10.75.142:home /tmp/dir/ -nolock

oh. yea

also important lesson.. why are you only checking for none hidden files and folder/directories

I know the ls command should show me the file... I normally use ls -la

why should it show you the file??? by default it does not show hidden files... hence the -a option

also another tip

don't be inside the same folder you are mounting to while mounting

as that can cause problems with it not updating until you leave or close that terminal

that worked

thank you

nice now you are getting closer

thank you for providing this tip I will remember it from now on

Gave +1 Rep to @rugged canyon

no problem

https://tryhackme.com/room/networksecurityprotocols task Presentation and Session Layers has a typo: Secure Socket Shell (SSL)

Hi to all you cybersecurity enthusiasts, In some rooms, I found broken links. How and where should I submit them?

submit em here'

Hey y'all, I'm a bit new here first time posting anything here, and I'm not sure if this is a bug, but I revisited the blue room just for fun and I've somehow managed to create 282 active sessions

Yes, I followed the exact steps mentioned in the room. I'm curious as to why something like this would happen

PS: I've already completed the room before. I'm not looking for hints, or answers or such; just curious as to why these many sessions are created

Here's what I did

## Fire up msfconsole
## setg RHOSTS, LHOSTS, PAYLOAD, stuff like that

msf6> use exploit/windows/smb/ms17_010_eternalblue

msf6 exploit(windows/smb/ms17_010_eternalblue) > run
....
# Ctrl+Z
msf6 exploit(windows/smb/ms17_010_eternalblue) > use post/multi/manage/shell_to_meterpreter

msf6 post(multi/manage/shell_to_meterpreter) > set SESSION 1 set
 
msf6 post(multi/manage/shell_to_meterpreter) > run
## Get into the session, background it to do some other stuff locally on my machine (nothing that could affect this stuff). Hop back in, switched back to powershell and it somehow got fucked. Abort session and back to running the exploit again. 

That's when this happened. The second time running the exploit

how do you add code?

Why are the actual results hidden?

[*] 10.10.53.17:25                    - Scanned 1 of 1 hosts (100 % complete)
[*] Auxiliary module execution completed```

Oh I omitted them since it's all just a bunch of Session created (see the image I posted) nothing more.

And no, I'm quite positive that I did not omit anything important from the description

Hi, I'm not sure whether this is a room bug or a problem with my current working machine. When I'm working on https://tryhackme.com/room/windowslocalpersistence Task6, flag13 and added UserInitMprLogonScript value to the registry according to the instruction, I cannot get a reverse shell on my port. When I checked the registry with the command 'reg query "HKCU\Environment "/s', the item didn't appear. After I added it with the command in the shell, I could successfully get my reverse shell.

https://tryhackme.com/room/dnsindetail
Task 4 has a typo in this picture

https://tryhackme.com/room/zer0logon

Room does not respond to nmblookup on VPN. Only on AttackBox.

Send a screenshot of your OpenVPN output?

everything works but the firewall seems to be blocking any form of enumeration

@glad badger Do we know the room maintainer?

Room creator is no longer with THM. 🙏

Yup 😆 Looking for the maintainer, i.e. who do I reach out to for troubleshooting

Room magician @earnest patio could be good. 😄

Munra is truly the magician

Hey Munra 👋
For when you read this, any reason why the zer0logon room would be blocking VPN connections, but not the AttackBox?

room commonlinuxprivesc task 8, first q. Might be nice to add exiting vi after the exit there 😉

also task 6, q2 is a bit funny since it refers to "what you just read" and what type of privesc it is. What we read last was to su to another user. The answer is vertical since they mean the tasks goal... but maybe make the questions reference what's actually meant 😉 (sorry for nitpicking, bored in the countryside house without a good computer lol, even typing this on my phone since I don't want to bog down my crazy zzzlow laptop with discord :D)

Hello guys why i can not connect to the room adresse ip i have all the things setting up i am in the owasp top 10 room in command injection challenge

To my understanding, nmblookup only works if you are within the same ~~network ~~ subnet.

Shouldn’t the VPN work though?

I don't think so, as I belive it's the same as with ARP requests, they only work on the attackbox as they are on the same network subnet as the target machines

I’m not sure I follow what you mean by network

Are you referring to the subnet?

Yes. Sry should have been more clear 😄

helo everyone i don't know if it is my browser or not but a while i am getting a problem with some rooms especially older ones, the problem is the image is not appearing and when i click the place of image it says the image couldn't be loaded do anyone getting that bug or i am the only one experiencing. it really makes me feel stress there is several important rooms to me have that bug

Is the image an imgur one?

i think so but this bug was a while and it didn't fixed yet

I don't think it's a bug if it's imgur, it could be removed/blocked by your ISP/Country

Wich room/rooms ?

i encountered in many rooms especially older ones i think 800 days older ones

Okay, but could you give me a room link where it occurs for you?
I want to double check if it's on your side, or imgur

Done!

[BANSPAM] I cannot DM Popeye The Sailor Man#9675!

Hey guys anyone done Wonderland recently? I am stuck at last priv escalation

hatter@wonderland:~$ getcap -r / 2>/dev/null
/usr/bin/perl5.26.1 = cap_setuid+ep
/usr/bin/mtr-packet = cap_net_raw+ep
/usr/bin/perl = cap_setuid+ep
hatter@wonderland:~$ perl -e 'use POSIX qw(setuid); POSIX::setuid(0); exec "/bin/sh";'
bash: /usr/bin/perl: Permission denied
hatter@wonderland:~$ /usr/bin/perl -e 'use POSIX qw(setuid); POSIX::setuid(0); exec "/bin/sh";'
bash: /usr/bin/perl: Permission denied

even though perl binary has capabilities set with SUID why I am unable to get the root shell?

I actually just completed that room today. I am uncertain if the exploit you are trying is a valid way to priv esc in the room. I ended up going another route same concept. ||Something else has a SUID bit it shouldn't but you need another command to find it||.

I think there is a mistake in the John the Ripper room - In Task 1, in the paragraph titled "What makes Hashes Secure?", I think the P and NP are swapped
https://tryhackme.com/room/johntheripper0

At this room https://tryhackme.com/room/subdomainenumeration, they instruct use www = none
But if remove the www 'trick' works really fine!

https://tryhackme.com/room/owasptop102021 Task 2 links to https://tryhackme.com/my-machine which gives a 404

Not sure about that one. I'll have a look at it now 😃

This is because when connecting from the VPN, you are in a different network than the server. Windows will not answer (by default in recent versions) any NBSTAT request that comes from outside the local network. In case you are wondering how to obtain the name and domain of the server, you can also rely on RDP as it uses an SSL certificate with the full name/domain of the server as shown in the image (nmap should catch it with the -A option):

This link has been removed. Thanks for reporting it!

Gave +1 Rep to @swift hearth

Couldn't you edit SUBKEY: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters Value Name: AllowNBToInternet Type: Dword Value: 1 Default value of the flag: 0 to make it so that NBSTAT request are allowed specifically for that box?

Absolute legend! Thanks Munra

Gave +1 Rep to @earnest patio

Yes, that's one option. However it is unlikely you'll be in the same network as the DC in a real engagement, so it's probably left better as-is.

I'll add a note on the room to clarify this a bit, though.

It's funny how it's a security update from June 16, 2016 probably due to CVE-2016-3299

No idea that this was a function added

In this room : https://tryhackme.com/room/osimodelzi , the TCP also transforms the dog in a cat or am I missing something? :))

It's at Layer 4 - Transport

Hello guys, yesterday there was a live stream using TryHackMe Team room.
https://www.youtube.com/watch?v=igM76zRVgeA

I am trying to follow today, but for me the machine gave totally different results even the index page is different, fuff result is also different, it gives default apache2 index page etc.
https://tryhackme.com/room/teamcw

any ideas? 🙂

Ya the default page you are seeing is because you are missing something. I would say look at the ||Source code for the apache2 index page|| it will indicate what you are missing.

Which room?

What's your syntax?

I know which one you're on now.

It is.

it deosn't ask for a different port, it's default.

So the port doesn't need to be mentioned.

But I can see what you mean.

If you remove the ||port|| completly, you'll get the correct answer.

Are you using ipaddress or 10.10.10.2 ?

It's not asking for the active machine ip.

Yes, but which IP?

the active machine ip, or the one in the question?

Incorrect ip.

Use the one in the question, it's the one it's asking for.

guys im trying to connect to a machine using an attackbox and it gives the error

permission denied

publickey

i've even tried using openvpn on different machines of my own and it still gives the same error

Which machine are you trying to connect to?

in a room

walking an application

https://tryhackme.com/room/walkinganapplication

this one

Whats your IP for the room I can try and connect to it quick and see if I get the same error.

it's solved now. I was trying to ssh into it whereas i didnt have to

Ty anyways

They didn't need to shh in to the machine, so you would have.

Ahh ya that will do it for you makes sense why you were seeing the public key comment

Yeah thanks anyways mate

Gave +1 Rep to @stuck peak

In the Wireshark Room Task 4

I believe theres a word missing, it should be "traffic can [be] both the hard part as well as the fun part,"

🤓 ☝️

np gimme a sec

https://tryhackme.com/room/linuxfundamentalspart3 , the example given is missing a '/' in task6
0 *12 * * * cp -R /home/cmnatic/Documents /var/backups/

vs

0 */12 * * * cp -R /home/cmnatic/Documents /var/backups/

In the Network Services room, there's a portion that involves enumerating SMB, using enum4linux. The issue is, there's a question that asks you to identify which OS the remote server is using and there doesn't appear to be a way to do that currently, as SMBclient has changed something that doesn't allow you to gather OS info anymore

https://tryhackme.com/room/networkservices
Here's the room.
I managed to get past the question by guessing but I thought I was doing something wrong for hours until I googled the error message and found folks on stack overflow running into the same issue. I'll link a screenshot in a moment.

https://imgur.com/9T23DAe

Anyone, have some problems with openvpn connection with version 2.5.7 ?

when I try to made some scans with gobuster, or dirbuster, connection is down.

I will tag onto @heavy ridge 's post. You simply cannot continue in the Network Services room Task 4. God, every room, there just had to be something that stops your progress. I've given up on THM support long ago. Hope someone have a fix. So annoying. 😡

What happens when you don't declare a port?

The smbclient works.

https://asciinema.org/a/gH26U7qVcpGqAEqvhE2hbYEs4

If you check out that video it will show you that I can connect fine,

hi guys, i have a little issue with agent sudo room; i found the ssh password, but noway to etablish a connection. (i look some writeup it worked without any strange option for other peoples.) any ideas ? thanks

my command is just "ssh user@host

Are you using user or the username ?

the username

what's your ip?

wont spoil ^

10.10.36.132

and i'm connected via thm vpn

Is your ssh not doing anything?

nop just connection closed by 10.10.36.132 port 22

Interesting?

?

Does it connect right away?

nop no connection

but i can ping the serv and connect via ftp without issue

same for the http

sudo ip link set dev tun0 mtu 1200

Try running that command, then connect over ssh

(leave your THM vpn on)

dude

udabest

thanks 😄

can u quickly explain this command ?

It lowers the packet size sent.

set max transfer unit of the tun0 device( the openvpn connection device ) to 1200 meaning it lowers the max size of the packets meaning it sends packets more often and it helps get the packets to and from the target machine @wheat fractal

oh okay, thanks for answer 🙂

Hi everyone, not sure if it's the right channel to ask, but I can't connect to my own (private for now) room:

• Ubuntu VM with SSH and ping allowed, uploaded from VMware Workstation to Tryhackme.
• Started the VM (Start Machine), and can neither ping nor SSH it (other public-room VMs work fine)
  I suspect that some network changes were malformed during THM VM export, but don't have a way to check.
  What can I do to debug the issue and connect to my VM? Thanks.

Have you gave the machine the correct resources?

I think that can mess up connections to the machine?

2 cores / 4gb ram / 15gb disk / network adapter attached / other settings default / works fine locally

Yeah,it will locally.

But I think you need to give it the provisions for a free user, which is 516mb.

Is that right @dusky junco ?

Anyone is having issues with the Wreath sever for sshutle not working for gitserver pivoting section?

Hi @quaint sparrow , do you have any guides or a contact person to ask further about this issue? Thanks!

Gave +1 Rep to @quaint sparrow