#room-bugs

No it's not a bug . It's common for app logic to blacklist certain input and not to blacklist other 🙂

That's a misconfiguration that's done on purpose in this room 🙂

Did this ever get resolved?

I am doing password attack in protocols and server 2 and I typed I think the correct syntax to retrieve the password, but it stay blocked on status and i can’t get the pass

@cobalt lily, do you see packets leaving your attack box? Ex. run tcpdump in a different terminal looking at port 143.

Like in what way? What do I type?

Ex. tcpdump -nnpi tun0 port 143

Why I have to do it?

Oh you are using the Kali VM.

Kali

You don't need tun0 just eth0 or whatever the interface label is.

But why? On the tube i saw they use hydra

To see if packets are actually leaving the attack box and it's just not stuck.

Oh

If it was working you should see a lot of packets going to the target.

But why the packet are not leaving? I typed the string you told me but the system doesn’t recognize tun0

Ok I can install it maybe

Read up. Since you are using the Kali VM from within the browser you would use eth0 instead of tun0.

The system doesn’t recognize even the eth0

ip addr list will give you the interface labels.

Maybe there is another way to see if packages are Lea ing

Leaving

Which room is this?

Protocols and servers 2

Got it. Let me take a look.

@cobalt lily tcpdump -nnpi ens5 port 143

It's just a way to troubleshoot. Look at packet leaving the box.

Run that in a different tab while you are running hydra.

My attackbox doesn’t let me run two box in the same time but I try

Create a second tabl in the terminal

Wait maybe I didn’t type the pass 🤣

I solved

Thanks

lol. okay

The username in screen capture is not the right one too.

bump

It's a bug with the input entry

@quaint sparrow, so there's no workaround? I don't know if I can survive leaving the room in this state with one unanswered question. 🙂

Not ATM

Thank you.

the oder of the kill chain seems to be pretty messed up in the "Incident handling with Splunk" room

hello
[8:13 PM]
I keep getting unable to connect error in Attackbox when trying to access IP address through firefox
[8:13 PM]
Splunk 2 Room

any solution of getting timeout after using ssh?
i can use ping fine but ssh just doesnt work

You're using your own machine or AttackBox ?

AttackBox

Which room ?

https://tryhackme.com/r/room/meterpreter

ssh: connect to host 10.10.218.239 port 22: Connection timed out

Why do you need ssh here ?

This is Windows machine

Username: ballen

Password: Password1
what im i supposedto do with these?

Those're SMB credentials

🤦‍♂️

It can take up to 10-15min for that machine to fully boot up

thx for the help

On the search skills section it says to use shodan to see what country uses lighttp the most but it only shows 404 not found in Brazil on shodan

Metasploit: Meterpreter room task 5.
The hint: In the Meterpreter prompt: You will need to migrate to the "lsass.exe" process first (ps will list its PID), then run "hashdump".
When trying to migrate the session dies. I followed youtube to get the correct first answer first but only my sessions dies. This should not happen?

meterpreter > migrate 736
[*] Migrating from 2912 to 736...

[*] 10.10.195.105 - Meterpreter session 1 closed. Reason: Died

Task 2 Blue
msfconsole -q
exploit/windows/smb/ms17_010_eternalblue
set rhosts <ip_target>
set payload windows/x64/shell/reverse_tcp
run
now i have 150 session opened and it doesn't stop

OWASP Juice box questions unreadable on dark mode

Hello, I just wanted to report a possible human error in the description for the SOP in SOAR room part of SOC analyst lvl 2 path.

It does estate the same-origin policy SOP description
instead of the Standard Operating Procedures also abbreviated as SOP or SOPs

This would be spotted in task 3.

in https://tryhackme.com/r/room/gobusterthebasics I am running into an issue. Task5 Question #2 wants you to enumerate www.offensivetools.thm but will not enumerate. When I plug in the ip address instead of the website I still find the secret directory, but as far as I can tell offensivetools.thm isn't accessible in VM or even outside of it, or anywhere.

Try to add domain to /etc/hosts

I finished the room some time ago.

Great job , congrats 🙂 🚀

oh ty.

Gave +1 Rep to @spare mirage (current: #2 - 2414)

I think it should be mentioned within the room itself, the only part that's being mentioned is to edit resolved.conf

Yup , you're right 🙂

Working through the MISP room in dark mode and in Task 4, there's a graphic in the Taxonomies section that is barely legible in dark mode

#general message
not sure if i am wrong here or the picture is
but please check out my above linked message in #general

Yup , you're right 😄

Is this command causing any bugs as it starts the nmapping but doesn't progress:
nmap -A -sS 10.10.41.135

You're going an aggressive scan stealthily, you'll be there for a while.

Black color in the room : https://tryhackme.com/r/room/javascriptbasics Task 5

Okay, so just waiting then? Would there be a smarter way?

Either dropping the -Ss or -A

Having the same issue with a few rooms. You can mark the text to make it white

Fair enough. So nmap -A -10.10.41.135 should do the same job but just not stealth, right?

Yeah, will still be slow though.

yeah i know but it's a problem of color it should be white intead of black

Thanks and that's fine

Gave +1 Rep to @quaint sparrow (current: #1 - 3301)

Fixed. Thank you for reporting. 😎

Gave +1 Rep to @sweet cloak (current: #2621 - 1)

You can press Enter while nmap is running to check the progress 😄

Oh that's cool. I just learned -v but Enter is helpful too to check the progress

Yeah it should display the % of completing of the running scan 😄

Just tested it. That's a neat feature, honestly should be mentioned in the NMAP Room 😄

"Command Injection" room has several errors in Task #4

In the example, it says

This means that any commands such as whoami will not be processed.

This is not correct. (HTML-side filters won't prevent command injection). Similarly, the next paaragraph says

2. The application will then only proceed to execute this data which is all numerical.

Awkward English phrasing aside, there is no such check on the server side.

In the same room, "Command Injection", same Task #4, the PHP code in the image has syntax errors and woudln't run anyway! This is hard to see because of the red boxes, but is especially noticeable from the code coloring. (The closing ?> tag is the "string" color)

Line #3 of the code snippet SHOULD read

echo passthru("/bin/ping -c 4 " . $_GET["ping"]);

(Notice the . is in the wrong place, and there is an incorrect " before close of the function call.)

Same room ("Command Injection"), same Task #4, not a bug but enhancement suggestion: in the second code snippet, add a comment, e.g.,

if (!filter_input(INPUT_GET, "number", FILTER_VALIDATE_NUMBER)) {
    // Only run this code if $_GET["number"] is a valid Number // <-- Add comment
}

Though not wrong this is a bad code snippet anyway, because 0 is a valid number and is falsey. Better would be

if (false === filter_input(INPUT_GET, "number", FILTER_VALIDATE_NUMBER)) {
    // Invalid input; handle error and return
}

Hey! I think there's a room bug in the Nmap Basic Port Scans room, Task 5

I'm tring to do a syn scan to find the services but I can't seem to get the output that's needed to get the answer to the room, I tried scanning for all ports to see if that would fix the issue but it didn't

I looked up online and found a write up and noticed that the author of that write up only did a nmap -sS scan to the the target with no additional flags and was able to get the port and the service to show up

You may be scanning the wrong machine

I used the ip that's in the question, 10.10.190.3, it's attached in the screenshot, and the command i used to do the scan

The question tells you what flags to use. ...

Yes, I know! I used extra flags just to see if that would prompt something else but it didn't

This attached screenshot is with the flags that the question tells me to use

Okay, so the part you included about certain flags used in someone's writeup isn't relevant to your issue.

The part your report is missing is what result you're expecting but not seeing. In this case, an irc service on port 6**7, right?

And in your steps to reproduce, you launched the new VM? (You didn't confirm this, so making sure.)

I had to terminate the machine and then start it again and then it worked

don't really know what went wrong on the backend for that to happen

In Room "File Inclusion", Task #5, it appears as if all instances of /etc/passwd/. should be replaced with /etc/./passwd (changed position of dot). Does not work as currently written.

The room "File Inclusion" also has "black text" when in Dark Mode. This occurs in several tasks, including at least Task #4 and Task #5.

gys i need help

whats the issue

Bro

I got it

Don't worry

ok

Wait are u like good at thm

I believe the . at the end is just a period ending a sentence. Placing the dot between /etc/./passwd doesn’t really do anything. In that context the . means “this directory” you could theoretically place dozens of those ./ in a directory string and it wouldn’t change anything. Ex: /etc/././././././passwd is the same as /etc/passwd

Thank you! I was losing my mind thinking I was not reading the instructions properly. But it is in fact an error in the instructions.

Gave +1 Rep to @sick kestrel (current: #174 - 45)

https://tryhackme.com/r/room/blue

Whenever you use metasploit, sometimes the entire terminal will stop responding, if i use a command, such as just a simple search command > search eternal, the terminal will freeze and you're stuck in a loop where whatever you type, it doesn't register and you can only click enter to go down new lines which also doesn't do anything.

Search command takes some time to finish 🙂

Be patient

Also specify -f if you want to search for file

regardless of how long you wait

it still stays like that

following up on the video, -f was never used

Are you a premium user ?

yes i am

pretty sure that's what this role is for, idk

I am starting the AttackBox now to see what's going on 🙂

alright

I got results , it took about 2 min which is still longer than it should be 🙂

alright thanks, i guess im just impatient 😅

Gave +1 Rep to @spare mirage (current: #2 - 2467)

Well AttackBox isn't the fastest either 🤣

I am doing linux fundamentals part 3 and just tried running this command: python3 -m http.server

and I got the below error after hitting enter:

Traceback (most recent call last):
File "/usr/lib/python3.8/runpy.py", line 194, in _run_module_as_main
return _run_code(code, main_globals, None,
File "/usr/lib/python3.8/runpy.py", line 87, in _run_code
exec(code, run_globals)
File "/usr/lib/python3.8/http/server.py", line 1294, in <module>
test(
File "/usr/lib/python3.8/http/server.py", line 1249, in test
with ServerClass(addr, HandlerClass) as httpd:
File "/usr/lib/python3.8/socketserver.py", line 452, in init
self.server_bind()
File "/usr/lib/python3.8/http/server.py", line 1292, in server_bind
return super().server_bind()
File "/usr/lib/python3.8/http/server.py", line 138, in server_bind
socketserver.TCPServer.server_bind(self)
File "/usr/lib/python3.8/socketserver.py", line 466, in server_bind
self.socket.bind(self.server_address)
OSError: [Errno 98] Address already in use

.
Is there anything that I am doing wrong or is it just a bug or something? I restarted the whole thing but still didn't work.
Thanks in advance!

Try to specify different port like 9000 🙂

python3 -m http.server 9000

default port is probably used by another service

Thanks KGB, i tried port 8080 and it workded

In Linux Fundamentals 2 room, this portion doesn't make any sense.

The highlighted portion refers to older content.

Screenshots in rooms are usually just for example purposes 🙂

But the text refers to screenshot which is not there.

Although it is available in walkthorugh video.

Ah , I see now 😄 . Yup , you're right 🙂 .

This room was updated in the meantime that's why the video gives different results 😄

I hope THM team updates the text to refer to the updated screenshots.

I was completing the passive reconnaissance room, and it asked me this: "According to Shodan.io, what is the 2nd country in the world in terms of the number of publicly accessible Apache servers?"....I went to shodan.io, and it said china was second, so I put that in. it wouldn't take it, so I went back to shodan. I saw that Germany was close in 3rd, so I put that in instead, and it worked. (im gonna guess china passed germany since the room was made)

Disagree. The context of the page is /etc/passwd is explicity filtered, so /etc/./passwd gets around the filter.

See specificly this paragraph (notice where the code ticks are):

To make it clearer, if we try this concept in the file system using cd .., it will get you back one step; however, if you do cd ., It stays in the current directory. Similarly, if we try /etc/passwd/.., it results to be /etc/ and that's because we moved one to the root. Now if we try /etc/passwd/., the result will be /etc/passwd since dot refers to the current directory.

(Also worth noting that /etc/passwd/.. doesn't work as the text claims because passwd isn't a directory.)

Hi. In https://tryhackme.com/r/room/insecuredeserialisation is a typo. A missing 't' in 'PHP Gadge Chain'

In room "Burp Suite Basics" there is a very minor dark text issue in Task #14

Submit the form — the request should be intercepted by the proxy.

Somehow the em-dash gets it's own explicit black styling.

Submit the form&nbsp;<span style="color:rgb(32, 33, 36);font-family:arial, sans-serif;font-size:14px">—</span>&nbsp;the request should be intercepted by the <span data-testid="glossary-term" class="glossary-term">proxy</span>.

I was referring to the first question/answer in that task... what you suggest doesn't make sense

You're referring this this paragraph (which is also incorrect)?

2. In this section, the developer decided to filter keywords to avoid disclosing sensitive information! The /etc/passwd file is being filtered. There are two possible methods to bypass the filter. First, by using the NullByte %00 or the current directory trick at the end of the filtered keyword /.. The exploit will be similar to http://webapp.thm/index.php?lang=/etc/passwd/. We could also use http://webapp.thm/index.php?lang=/etc/passwd%00.

Again, please note the positioning of the code ticks. I don't think your interpretation is correct. ... but perhaps it's because both paragraphs incorrectly treat passwd as a directory.

Give Lab #3 a try to read /etc/passwd. What is the request look like? is just a .

I'm not referring to the Q/A at all, just the explanatory text.

Hi everyone. I was doing https://tryhackme.com/r/room/introtok8s Task #8. It seems like when I run kubectl apply -f nginx-deployment.yaml the container is stuck at ContainerCreating status. kubectl describe pod returns following error " Warning FailedMount 119s (x14 over 14m) kubelet MountVolume.SetUp failed for volume "webapp-volume" : configmap "webapp-config" not found ". If someone has faced this issue before, please help

I'm not at all sure if this is a bug or not, but I'm doing https://tryhackme.com/r/room/netsecchallenge on the very last task, and I got it down to 6% chance of discovery and nothing's happening. I'm not sure if I need to get it even lower (if so I have no clue what else I can possibly due, as fragmenting the response returns no open ports no matter what seemingly, and I am using everything else that I have access to I think) or if it's just not giving me the flag. I'm just kind of confused.
EDIT: I got it to work with some help. I added too many flags and for some reason it wasn't working because of that. A simple nmap -sN <ip> was all that was required. This was a bit confusing to me personally, but it did work.

i think there is problem in sql in this ctf :Lunizz CTF

have a look

think i found a room bug for
https://tryhackme.com/r/room/xss

could be a nothing burger

okay, while i have the start machine in browser on right side for the practice, my browswer extension block the use of the lab material. i view page source and i see my details of when i signed up to THM, IP address, etc

(i already did this room, just going over material)

using https://10-10-x-x.p.thmlabs.com works. when iwent back to the way i had it before it still shows details when view page source.

Right. Looks like I was trying this on the Lab3 page not the Lab4 page.

On further investigation the trailing /. does work with include() and file_get_contents() in PHP 5.2.17. However, much like the null byte trick, the trailing /. does NOT work with PHP 7.4.3 (the version on the AttackBox) for include() or file_get_contents(). (See attached images; one with reverse shell + PHP interactive into the Lab's target, the other with PHP interative on AttackBox.). For the particular filter in Lab4, the suggestion of doing /. infix (in the middle of the path) will work in all versions.

https://tryhackme.com/r/room/wiresharkthebasics

This room has issues with text coloring specific to Dark Mode

Hello,

I'm working on a Kubernetes challenge and I've encountered an issue with the question about the replica set name. From the kubectl commands I ran on the cluster, I can see:

1. When I run kubectl get rs, the replica set name shown is:
   hello-tryhackme-875767b84

2. When I run kubectl get pods, the pod name shown is:
   hello-tryhackme-875767b84-sfk2c

I entered the replica set name as shown in the kubectl get rs output (hello-tryhackme-875767b84), but the system is marking this as incorrect. Could you please verify if there's an issue with the answer validation or clarify what exactly is being asked for in this question?

Thank you for your help.

i encountered the same problem.. did this get resolved?

Using the most up to date kali VM to redo AoC D10, and reverse TCP fails to bind, had to use the AttackBox in order to be able for it to work.

I'm still stuck on this SNORT The Basics set of challenges. I have the packets without issue and they match those on the write up i'm using https://medium.com/@jcm3/snort-challenge-the-basics-tryhackme-walkthrough-0fd146bed94f ```WARNING: No preprocessors configured for policy 0.
05/13-10:17:10.205385 65.208.228.223:80 -> 145.254.160.237:3372
TCP TTL:47 TOS:0x0 ID:49316 IpLen:20 DgmLen:1420 DF
A* Seq: 0x114C7C80 Ack: 0x38AFFFF3 Win: 0x1920 TcpLen: 20

I've edited the correct local rules file and my snort command should be alright snort -v -n 63 -c local.rules -A full -l . -r mx-3.pcap I have the rule alert tcp any 80 <> any 80 (msg: "this should work as a message"; sid: 101; rev:1) Does anyone see anything wrong? Is there anything I'm missing?

Room "Upload Vulnerabilities", Task 7:
dead link at "Having established this, let's start Burpsuite and reload the page."
Please refer to https://tryhackme.com/r/resources/blog/setting-up-burp instead of the now broken link https://blog.tryhackme.com/setting-up-burp/ thanks 🙂

On the offensive security intro room, they want you to use gobuster to scan textfiles on a fake website but it is not working in accordance to the lesson. It's supposed to output a set amount of statuses but on my box, it just says "unable to connect".

Lesson: https://tryhackme.com/r/room/offensivesecurityintro

You need to add the target ip and domain to your /etc/hosts file

@sick kestrel The module gives you the exact command to enter into the terminal for the desired result I mentioned:

gobuster -u http://fakebank.thm -w wordlist.txt dir

This is supposed to give the exact output I mentioned previously where it displays "/images (Status:301 and /bank-transfers (Status: 200)" however, the TryHackMe webhosted VM's connection request to the URL in the command above is being refused.

I appreciate you taking the time to reach out!

Can you describe what the exact issue is or a general description of the issue you are having?

Are you on the correct machine?

Hi, I have a room bug

ok third time is a charm lol.

The docker pull command is incorrect in the DAST room - Task 7
It says to run docker pull owasp/zap2docker-stable but it should be docker pull zaproxy/zap-stable

and some of the other commands are wrong also

I just got the idea from #general chat that this channel might be more appropriate for this issue (I posted this in #site-bugs earlier today):

There are outdated links in the Velociraptor room.
https://tryhackme.com/r/room/velociraptorhp

In Task 5, it provides this link (in both the task body and the first two hints), which takes you to a 404 page:
https://docs.velociraptor.app/docs/gui/vfs/

The updated link appears to be this:
https://docs.velociraptor.app/docs/clients/vfs/

It looks like there's an outdated link in Task 6 as well.
The final question hint of the task provides:
https://docs.velociraptor.app/docs/extending_vql/

But the correct link is:
https://docs.velociraptor.app/docs/vql/extending_vql/

Wireshark: The Basics room (Task 2) has black text on Dark Mode

More below:
Highlighted text:

Non-highlighted:

Should be fixed now. Thanks for bringing it up. 🙏

Gave +1 Rep to @thorny sequoia (current: #2629 - 1)

Hello, in https://tryhackme.com/r/room/commonattacks there is a white text on a light purple background
Is this a bug ?

I mean, it was certainly not intentional...
That's the new dark mode causing chaos again

'MBR and GPT Analysis' room is unreachable, tried on 3 differents browsers restarted the machines 6 times. When i finally connect it's unstable as hell. Am i alone ?

@austere gorge I just tested there and its working ok for me. Are you able to browser or search for the room and find it? Other rooms all working fine?

Now it's looking good, before, during the issue, others rooms worked fine.

Just this one restarted itself a couple of time

Interesting, good its back working. Strange, website logic wise there isn't anything specific to certain rooms (unless there is some A/B product experiment ongoing). Thanks for reporting, I'll keep an eye on it.

Maybe, my connexion was unstable, in that case, my bad.

In room /Zeekbro, there is a minor dark text issue (when in dark mode) on Task 6 Zeek Scripts | Fundamentals.

Hello Guys hope you're fine,
I got an eror when lauching the room nmap :https://tryhackme.com/r/room/nmap When i tried to start the machine for practice nothing happen, like the screen of the VM don't display, someone can check this out ?

This is intended to happen, not all machines open up as a split screen machine.

I know that we can connect with ssh, but there's no credential to connect to and i need sudo for nmap

You don't need to connect to SSH for that machine.

All tasks can be answered with nmap.

i know but i can't acces it

Are you using the attackbox?

nope, it is preferable for this task to use the attackbox ?

@quaint sparrow I’m in the Security Principles room on Task 6. There are 3 questions. I’ve tried all 10 answers but none of them work. Any suggestions?

do i need to use the attackbox ?

Is anyone else having difficulty getting the system to accept answers?
https://tryhackme.com/r/room/introwebapplicationsecurity
I have entered text directly from the page into the answer box and it still will not accept it.

🙃

this room https://tryhackme.com/r/room/lle has a link [thefindcommand] which is a private room.
plus there are few typos

Which question and what's your answer 🙂 ?

I got it. 🤦🏻‍♀️🤦🏻‍♀️🤦🏻‍♀️

noy a bug but a typo... ROOM: Networking Core Priotocols task 2: states. "DNS traffic uses UDP port 53 by default and TCP port 53 as a default fallback." which im sure it ment to mention a different port number to fall back. im happy to help 🙂

Not really a bug but some texts are invisble in dark mode due to font color
This is from Snort room

I think it's meant to be like that. Using port 53 via UDP by default, but using port 53 via TCP as fall back.

https://tryhackme.com/r/room/walkinganapplication

In task 3, "what is the framework flag?" I have the answer for it but it is not accepting the answer. Error shows that answer is too short but it is the correct answer

What's your answer ?

THM{CHANGE_DEFAULT_CREDENTIALS}

That's not a correct framework flag 😦

Oh sorry then

im having the same issue

only works if i ctrl+A

and its highlighted

Apologies, finishing the remainder of the room, task 5 has more black text, cheers 🙂

Lmao true, highlighting helps reading it

https://tryhackme.com/r/room/owaspjuiceshop this room in dark mode also contains a lot of unreadable black text

Is this the correct channel to highlight these? I'm just calling them out as I progress through all the learning paths. Apologies if it's not and I'm spamming the wrong channel.

Yes it is 🙂

im trying to upload a VM as a material but i keep getting stuck here can somone help pls?

cant upload a picture for some reason but it says 'NaN% Converting...'

@dusky junco

A few hours ago Wreath network was down and I was unable to start it, now it shows as Running but no timer and no vpn server file available

guys, i'm trying to complete active Reconnaissance room and there's a task where i need to nc to a vm via 21 port, but the vm is refusing connection

i'm stuck

it lagged

everything's okay now

This room has a separate machine for nc , make sure that you're using machine from Task 6

Hello Guys, everything fine ?
I got a little problem when trying to answer to nmap room : https://tryhackme.com/r/room/nmap i don't get the "machine IP" that i need to scan on Task 3, someone can help pls ?

Go to Task 2 and press green Start machine button 🙂

thx so much 🙂

Gave +1 Rep to @spare mirage (current: #2 - 2602)

yea you gotta start machine twice in some rooms for some reason

i got it, thanks you too, that's bc all the previous room (except for ssh) only used VM without attackbox ^^

Gave +1 Rep to @vestal surge (current: #2633 - 1)

for the DOM based attacks room, the AttackBox has warning about Unable to mount 77MB volume. No. Filesystem or .Encrypted interface on D-Bus object

Finding issues with my first TryHackMe course... seeing exercises are poorly constructed and VM instance does not work. For example in the first course SOC1 - Threat Intelligence Tools - Task 7, the VM instance does not have internet connectivity to access VirusTotal to upload malicious attachment. There isn't a method to download the malicious emails used to local machine.

Is anyone else running in to similar issue?

If you aren't premium user AttackBox doesn't have Internet access

Our company paid for a subscription. How does one go about completing the room if the tools are not available to complete the material?

Try to calculate md5 hash of the file and search it on VT on your own machine

Or if you're premium user you can use AttackBox

I did load the Attack Box, but unable to download the email samples to transfer the malicious attachment

You don't need sample , you can calculate the hash and search for a hash on VT 🙂

Is there a method to download the sample malicious emails? I would then be able to analyze on my on local workstation

Use md5sum <file-name> to calculate the hash of the email file

Then search that hash on VT 🙂

Are all the excerises on TryHackMe half baked?

s

What do you mean ?

We cannot give advice on downloading any of the lab material to your local workstation as these are usually real malicious samples. It is for your safety that they are kept in our environments:)

Thanks Jabba. I would have loaded to my local VM for analysis. The instructions provided in the course do not match the example, which I was reaching out. Per @KBG I did pull the hash and was able to search VirusTotal on my local

Gave +1 Rep to @hazy tiger (current: #6 - 1461)

owaspjuice shop/ dark bug

In room "25 Days of Cyber Security", Task 7 (Day 5) [from 2020]

You can find a cheatsheet for more snippets of SQLMap commands here

... "here" links to a website that no longer exists. Suggested link: https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/SQL Injection/SQLmap.md

In room "25 Days of Cyber Security", Task 8 (Day 6) [from 2020]

Question "Run a ZAP (zaproxy) automated scan on the target. How many XSS alerts are in the scan?" has accepted answer of 2; correct answer is 5

Downloading wreath openvpn file leading to http error 500 now

Dark bug on /r/room/fileinc

#room-bugs
Small bug in "Task 5 - Interacting With the Filesystem!" in "Linux Fundamentals Part 1"

What is the contents of this file?
Hello World

But content of the file is: Hello World!

maybe its just me but in room https://tryhackme.com/r/room/uploadvulns Task 9. According to older walkthroughs the site is supposed to tell you "Gifs only please!" when you upload another file type. but instead nothing happens it just returns to the original screen with "no files selected"

guys, i have a problem with both attack boxes (kali, thm attack box), my keyboard input is not working though the mouse is working

i've reloaded them multiple time

s

On kali there was also a similar kind of error

@spare mirage

Yeah , I think that staff is aware of that , it is already reprted a few times 🙂 . You can just ignore it . It should impact AttackBox functionality 🙂

thx, it fixed itself somehow

strange things

Hi! Room "Linux Privilege Escalation" task 7 about SUID seems a bit scrambled structure-wise. It says "nano /etc/shadow" will read the file when you actually need to exploit another binary. Semantically a bit confusing that part. Also there is a sentence in lowercase "reading the /etc/shadow file" in the middle of the task seeming out of place 🙂

a

Hello everyone. Need a little help here. I'm receiving the 405 error code - method error when trying to access a local URL on one of the atattack boxes that is assigned to me. I can't answer the questions without accaccessing the site. Has anyone run into that issue?

In the Caldera room of the SOC Level 2 path, the command to run the Caldera server doesn't work as shown in the room walkthrough. After activating the Python virtual environment, running python3 server.py --insecure as instructed results in a ModuleNotFoundError. However, if one executes the command with python rather than python3 then the server works as expected.

You're probably entering AttackBox instead of machine ip 🙂

Hello, the GoBuster: The Basics room doesn't work properly. I have everything well configured, I restarted it and still doesnt' work 😦

I used the IP of the machine instead the adress "www.offensivetools.thm" and still can't make it work properly

Try to add www.offensivetools.thm and offensivetools.thm domain to /etc/hosts

omw!

Like this?

Save it 🙂

ctrl+x

yep i'm gonna try

Yeah it works now

hahah

ty

Gonna try to enumerate everything again

Works flawlessly, thanks again

❤️

You're doing great , keep up the good work 🙂

Should be fixed now. Thanks for mentioning 🙏

Gave +1 Rep to @tardy silo (current: #1725 - 2)

No worries! Should be fixed now too ✌️

No it's the right channel, all good 🙂

what is the secure port for SMTP

Depend 587 or 465

anyone also having some problems with Nessus scanner? it shows zero vulnerabilities

Are you scanning the right ip?

I'm using the "target ip adress" from the THM machine

even though I applied all the settings that are recommended, it still showing zero vulnerabilities

https://tryhackme.com/r/room/rpnessusredux
here in task 4

in other domains I can scan without any problems

Hello, in Android Hacking 101, task 3, there is a typo: Dinamyc Analysis

Hello !
There seems to be a small error in the task03 of the room Moniter Link (CVE-2024-21413) ( https://tryhackme.com/r/room/monikerlink ) :

It says: Modify the Moniker Link (line #12) in our PoC to reflect the IP address of our AttackBox, but it seems to me that the IP address of the attack box should be indicated in line #17.

Thanks for all you do! ❤️

I changed my VPN and it worked

Hey text me if you need help

the URL republicofkoffee.com used in the webosint room was bought up and it now redirects to malicious site

-mute 1334499215338115153 DM Jabba to be unmuted

🔇 Muted bryanjackson.9052 for 1 day

-mute 1334499215338115153 9999d time update

🔇 Muted bryanjackson.9052 for 27 years 20 weeks and 4 days

what could be the reasdn for tryhackme website freezing every 10 seconds for me in firefox? its the only website that does this? i am even worried about being hacked LOL

hello

I can't connect to the VPN

We had the same issue earlier today , check out that message 🙂
#room-help message

its almost imposioble to study like this. the website freezes. lags, its the only website that does that

I have no way to connect

yesterday io spent 2 hours and could not go over almost anything,. its very frustrating... is there suipport here for that?

Yes it is , here's the mail below

ty

what password did the user submit here? i decoded it but the pass wont fit the solution blank...

needs to fit here unless ists bugged.

What's your answer ?

THM(7BB8WM6P) but that does not fit

||THM{7BB8WM6P}||

Curly not ordinary brackets 🙂

yeah yeah.. thats automatic on the response format

but it does not fit. it fits up until the M

Which room and which question ?

see?

Nestworking Secure Protocols, task 8

%7B is encoded {
%7D is encoded }
Refresh the page and copy this || THM{B8WM6P} ||

and how do i know that?

it worked, but how do i know next time where it should begin ?

You can use cyberchef to decode it for you

When you see % it usually indicates some URL-encoding

https://gchq.github.io/CyberChef/#recipe=URL_Decode()&input=VEhNJTdCQjhXTTZQJTdE

Snort Challenge - Live Attacks room, task 3

Thanks it would be nice if this information would read in the room instructions (about the timeframe).

Gave +1 Rep to @waxen yoke (current: #91 - 82)

@obsidian kiln

Oh, that's not an Easter egg or a bug. Just unfortunately what happens sometimes. The room needs to be reworked around it, although if it's a community room there's a good chance the creator is long gone.
I'm assuming that domain was once legitimate and owned by someone else, or I would say the room creator should have bought it themselves to protect the room.

Yea, I was being facetious about Easter egg. The domain was bought in 2022 and has been changes ip addresses every few days since

Oops

see as it show room completed but not updating in path

Also similar happen with another room like i complted the room didn't get the badge then i have reset and redo the room to get the badge

Try to leave the romm and re-join

yeah it would fix but this happening with both the room so, i wanted to report it as i tried it signing out and login again

There seems to be a problem in the room: Passive Reconnaissance. The answer for task 6 is no longer germany but china.

I agree.

Thank you for reporting. The room is now private and locked. 🙂

Gave +1 Rep to @sick kestrel (current: #147 - 53)

k2 middle camp and summit has a lot of disconnections. Tried with both attack box and kali. Its a premium room. Lost my shell so many times because the VM keeps disconnecting. Not a fan that this is a premium room and its having issues. Please get this fixed, I did not pay to do premium rooms that keeps disconnecting.

for the third metasploit room in cybersec 101, can run msfdb init as root. but also doesnt work as non-root (ubuntu).

as root i get: Please run msfdb as a non-root user

as ubuntu i get: pg_ctl: could not start server failed

You don't need to do that on AttackBox , db is already initialized 🙂

oh okay, Thanks!

Gave +1 Rep to @spare mirage (current: #2 - 2707)

Idk if it’s something I’m doing but in the metasploit room, I start the attack box. Click start machine on the task 1 and it doesn’t open. Aside from that when I try to run msfconsole it tells me the software needs to be updated.

It isn't supposed to open in split-screen view , follow along with the room , you will need to exploit it using AttackBox/your own machine 🙂 . You can ignore update warning

Yeah one opens in the split screen and the other from task 1 doesn’t open. I had the same issue for John the ripper. Maybe cus I have the web page open to long 🤷‍♂️

It isn't supposed to open

when there are two "split-screen" devices open like attck box and a lab box, they are accessible by pressing the tab with their name at the bottom center of the VM screens. Is that visible?

No it’s not. I’m guessing you mean like in John the ripper there’s attack box and ctfjpr next to it like two tabs.
But for metasploit it’s just attack box and then putting in the code for evasion should work? That’s what I put in after the root@ line and it said no such file or directory.

Yes , that's how it should work , follow along the task to see what you will need to do 🙂

Ok yeah I’ll give it another go. Could be something I’m doing again. Still new haha

You will rarely be able to access machines directly in split-screen view like in john room 🙂

You're usually supposed to use AttackBox to exploit the machine like in this case

yes, thats what I mean't. its rare but it happens sometimes, and i couldn't remember exactly which rooms do it, so wanted to check. Go Blue! 😉

Ah ok, yeah I’m just getting into this and making the mistake of trying to do it while I’m working too sometimes a bad combo. GO BLUE!

Windows Fundamentals 1 room
unable to switch windows local users
On lusrmgr.msc user: tryhackmebilli . 'V' Marked on "User not allowed to change password" and I have changed the password .

Hey everyone I need help I solved some questions on the webosint room like 2 or 3 hours ago but when I re-open the room. This is saying room is locked the room owner has locked this room to access material start machine and answer questions sh***tt!!!!!

The room was locked recently.

DevSecOps path, CI/CD and Build Security Room, Network is not starting

Hey guys, does any one knows if there's an error with What the shell? task 14 ? , I'm trying to use nc with -e but it keeps saying invalid option -- 'e'

In room "Windows Fundamentals 1", task 3, I don't really understand the question "Besides Clock and Network, what other icon is visible in the Notification Area?". What does it look for?

@sour hawk you're looking for Action Center

Got it. Thanks.

Just leave room then refresh and join again

Double check your rule. The walkthrough you're looking at shows "<>" which provides both directions, so your total count and log file will actually be doubled. If you fix your local.rules to have only 1 rule you should get the right information in the right order.

Room -> Gobuster: The basics
Issue - Adding dns server to resolved.config as instructed doesn’t work at all.

Fix - Added the dns server to /etc/resolv.config & it worked.

Anyone want to explain why? I’m all ears.

thank you, it works now

Gave +1 Rep to @austere jacinth (current: #1728 - 2)

Room "JWT Security", Task 3
TYPO

Symmetric Signing - A symmetric signing algorithm, such as HS265, creates the signature [...]

HS265 should be HS256

Can you provide a screenshot 🙂 ?

Not every version of netcat is compiled with -e. In fact, most don't these days. It's affectionately known as the "gaping security hole" for a reason.

Thinking this may be more of a bug...

Use ls -la in root dir 🙂

In Linux fondamentals part 3
Task 8
There are no .log files that describes what the question is asking me for
I tried checking all access and error logs, tried all ips and none is matching the format or the answer after for the file, am I dumb and missing something or the room is bugged ?

You're inspecting files on your AttackBox

....

No dont continue

Please

I'm dumb

My bad, sorry

Thanks, resolved

Gave +1 Rep to @spare mirage (current: #2 - 2726)

I can't ssh, into vm of https://tryhackme.com/room/linprivesc room

It's showing /home/karen: No such file or directory

Seems like you're already on the machine

Yeah but the connection getting closed, getting the following error message

Warning: Permanently added '10.10.84.83' (ED25519) to the list of known hosts.
Could not chdir to home directory /home/karen: No such file or directory
mktemp: failed to create directory via template ‘/home/karen/.kitty-ssh-kitten-untar-XXXXXXXXXXXX’: No such file or directory
Creating temp directory failed
Shared connection to 10.10.84.83 closed.

Moniker Link (CVE-2024-21413) Exploitation
Not sure if this is a bug or me just being dumb but in the Task it says "Modify the Moniker Link (line#12)..."
However in line 12 is the recievers e-mail and the moniker link seems to be in line 17.
The line 31 for the "Mailserver placeholder" fits perfectly.

Currently doing the "Subdomain Enumeration" room, I can't complete Task 6. Looks like all of the requests have a size of 472. If I use -fs to filter that out, I get no requests returned. I've tried copy and paste, but still no results so maybe it's not a typo. I'm assuming MACHINE_IP is the AttackBox IP as I see no other IP address.

No MACHINE_IP is the ip of the target machine 🙂

Ah, thought that didn't make sense. Thanks!

I think my confusion was that I was expecting a Start Machine button in that particular section, but it was at the start. The View Site buttons throughout made me think it would be in the same place as the task. But that makes sense now.

I just started the nmap room and i cant seem to open the virtual machine.

I click on start machine and nothing pops up

Not crazy, I mentioned this in here a few weeks ago. I guess they haven’t gotten around to correcting it yet.

#room-bugs message

It isn't supoosed to 🙂 . You're supposed to perform scan against that machine 🙂

Okay thanks

https://tryhackme.com/r/room/threatinteltools

phishtool.com from task 5 appears to no longer exist and now yields a 403 error

Additionally, whois has been updated, so Task 6 Q2 is incorrect

#room-bugs

https://tryhackme.com/r/room/hashingbasics task 6 has small typo saved in saved in

https://tryhackme.com/r/room/subdomainenumeration , This room have a little problem, with task 2 crt.sh dont work, website down ?

Please, I'm trying to deploy the machine on the Linux fundamental room, but it kept saying error parsing

Try to refresh the web page

Ctrl and F5

I've done that, but it's still the same

Hello, hope everyone is fine

I was trying to do the room called Enumerating Active Directory, I started the attack box and I am not able to ping THMDC IP, seems attackbox is not part of the network, could you please help me?

I have just answered to your question here: #room-help message

not from my local host and not from THM AttackBox

@novel carbon oh 😮

i just tried, and now its working, ok perfect then

hit it with whatever you can think of, if Ctrl-F5 does not work:

• use the Options button to leave and join again
• restart your browser with no history
• switch to a different browser
• logout/login of THM
• check DevTools > Console if there are errors

I can reach www.phishtool.com while browing from my host, but that fails if I go through a VPN (ProtonVPN, NordVPN)
also, I can reach it when browsing from THM AttackBox as per screenshot

Ah ok! I’ll try again later, I was definitely on a vpn

I have come across this same error: Could not chdir to home directory /home/karen: No such file or directory as per screenshot
I did not have the issue with mktemp: failed to create directory, and the connection getting closed
referring to your output, did it all happen in one go as part of the ssh login, or was there other activity (like entering commands) between the first error msg (Could not chdir to home directory ) and the seconde one (mktemp: failed to create directory)?

does the challenge room Smol supposed to show a website ?

Yes it is

I’m trying to run the attackbox but the machine tell me that I can’t run 3 vm at time

I’m not running 3vm at time

Terminate all your vms from previous rooms that you've done earlier today

Already done

why does the url for rooms changes? for exmaple: change from https://tryhackme.com/r/room/furthernmap to https://tryhackme.com/room/furthernmap
I'm using Glasp (a plugin that allows u to highlight web pages), it seems like if the url changes the highlights and notes no longer apply too?

The rooms Basic Pentesting attached VM does not expose users, or rather usernames.
First I tried it myself and then got a collegue with 25 years of experience to look over it.
He is also sure it should work. I guess there is a misconfiguration within the VM.

┌──(root㉿kali)-[~]
└─# enum4linux -a 10.10.75.98 | tee enum4linux-out
Starting enum4linux v0.9.1 ( http://labs.portcullis.co.uk/application/enum4linux/ ) on Mon Feb 3 13:00:04 2025

[+] Got OS info for 10.10.75.98 from srvinfo:
Cannot connect to server. Error was NT_STATUS_UNSUCCESSFUL

========================================( Users on 10.10.75.98 )========================================

Use of uninitialized value $users in print at ./enum4linux.pl line 972.
Use of uninitialized value $users in pattern match (m//) at ./enum4linux.pl line 975.

Use of uninitialized value $users in print at ./enum4linux.pl line 986.
Use of uninitialized value $users in pattern match (m//) at ./enum4linux.pl line 988.

==================================( Share Enumeration on 10.10.75.98 )=========================

VM or Web Kali box?

https://pastebin.com/SXL8ty1F

Kali Box von THM

Sorry, there you have the enum4linux output.

I think the problem lies within the target machine.

Yeah, enum4linux isn't friends on that, I'd suggest using the Attackbox.

Ah that explains a lot. Alright, I'll try it again with the Attack Box and give feedback. Thanks 🙂

That was the solution, thank you! Is there any way to add a note within the room to let people know that they should use the AttackBox and not Kali?

Gave +1 Rep to @quaint sparrow (current: #1 - 3340)

I think staff were pinged ages ago.

Let's hope they implement a warning. It really confused me why it wasn't working.

Anyway, thanks a bunch 🙂

After doing a TCP SYN Scan a bunch of times against the target VM, i get 7 ports shown to be open, right?

Guess what? My answer was considered wrong for apparently no reason

please help my openvpn connection problem in kali linux os

Can you provide a screenshot of machine info box

What's the problem 🙂 ?

ok

Looks like you're scanning ip of attackbox

It was the target VM

Which room ?

Nmap - Task 14

Can you provide a link there're multiple nmap rooms 🙂 ?

https://tryhackme.com/room/furthernmap

This is the one

Can you tell us which task and provide a shot of machine info box 🙂 ?

Just by terminating the target VM and restarting it was enough to get the correct results

Glad to hear that , keep up the good work 😄 🚀 🔥

aside from your question, I am curious if you are root when you run that SYN scan
are you root or user kali (i. e. non-root)?

kali

You need to be root for -sS scan

that's what I found strange, as the command should be rejected otherwise, as per screenshot
something I do not get here 🙃

Well it may defaulted to -sT in his case

Now I've completed the room

Congrats 🙂 🚀

seems like there is a change in nmap from 7.94 (not OK without sudo) to 7.95 (OK without sudo) 🙃

Was the first screenshot a fresh command?

Or did you use sudo previously?

Thanks for sharing 🙂

Gave +1 Rep to @novel carbon (current: #16 - 555)

I used sudo previously

That could be why it didn't ask for a password then.

You're in a terminal where you've already used sudo.

Nevermind, it has changed

yes, just confirmed by running it all again in fresh terminal (no sudo)

Not only that, but I was also able to finish the entire Free Roadmap for the Penetration Tester as well

is there anyone aware of any known issues with silver platter? I am attempting to ssh using the username and password found @ the ip address of the box and it's coming back as permission denied. I've used the attack box and my own kali vm.

https://tryhackme.com/room/passwordattacks
Task 6 needs to be updated, as changes to john.conf are depreciated, and custom rules must be added to a new file /etc/john/john.local.conf, else they will return a rule-not-found error

Hello every one quick question I'm currently in the Investigating with ELK 101 room . I've deployed the attack box and its been more than 5 minutes since i started the machine for this room typed the Ip in the browser getting 504 error any suggestion?

Great job , keep up the good work 🙂

Are you sure that your credentials are correct 🙂 ?

Press F5 from time to time to refresh the page, it can take up to 15min for that machine to fully boot up 🙂

just stumble upon a typo when looking up for the word 'reconnaisance' at https://tryhackme.com/room/furthernmap
anyways, can't post the pic for some reason😅

You can verify in order to upload images on Discord 🙂
https://help.tryhackme.com/en/articles/6495858-discord-how-do-i-verify-my-tryhackme-account

Ok thanks

Gave +1 Rep to @spare mirage (current: #2 - 2818)

There seems to be a bug in the Content discovery room, task 7. The answer is site and it’s only showing that the answer is too short which it isn’t.

Learning path: Jr Penetration Tester

site is too short.

The answer is 5 characters long.

Look at the hint.

site: doesn’t work either

Try to refresh the page

Same thing

Do you have underscores?

I would send a screenshot but I don’t have the permission

Or *

I've forwarded this on to the team

Thanks, I’ve been trying for like 10 minutes thinking I’m crazy or something

Hopefully they fix it

Hey guys,
Do you have issues submitting written answers in https://tryhackme.com/r/room/disgruntled ?
I cannot copy nor enter anything in answer fields, already cleared cache and changed browsers

I know this is basic, "Which of the following characters cannot be used in a subdomain ( 3 b _ - )?" the answer is _ right? though its not accepting this

the answer is '_' right

Staff are aware of users having issues unputing answers.

Perfect thanks for the response mate

Gave +1 Rep to @quaint sparrow (current: #1 - 3343)

🙂 turns out they were not! Lol

Is everything ok now 🙂 ?

Yep finishd it. was missing a single character in the password lol

Glad to hear that , keep up the good work 🙂 🚀

thanks and thanks for the follow up

Gave +1 Rep to @spare mirage (current: #2 - 2832)

I'm trying to solve this question but isn't solve it. Room Link: https://tryhackme.com/room/monikerlink

Try to refresh the page and copy this ||file://||

Same issue..

seems ok now

Yes.. Thank you.. 😊

Hi I am stuck with CI/CD and Build Security room. I forgot my password (to mother) and now I neither cannot login nor to register again. How to proceed??
I even restarted the room and reset all progress but it didn't help

Hey in the room Nmap Basic Port Scans, Task 5 i have done the nmap scan but there's no new ports with 4 digits, im assuming the service has been deleted from the machine

Can you provide a ss of what's going on ?

add -p- flag to your command 🙂

Are you sure that you're using the right machine , this room has 3 diffrent machines 🙂 ?

oh shoot this one got over my head

i feel dumb now 💀

for me you're good with the IP, check your first screenshot (left pane and right pane)

i have started the machine for task 5 TCP SYN Scan and now im getting one only open port

wait a bit more, ports will open slowly, one after the other

it worked, thank you ❤️

Gave +1 Rep to @novel carbon (current: #16 - 558)

Hi 👋

Maybe it's bug, but greater than that ( >= ) so... if we take greater than 65 it means 65, 66, 67 and so on so forth. In this room 3 question task 2 maybe little issue, check pls 😉

https://tryhackme.com/room/nosqlinjectiontutorial

Hello everyone. Just fyi, the ORM Injection room needs an Attack Box Start Button added to it.

||ORM Injection, ORMInjection, ORM Injection room, ORMInjection room ||The work around is to start the Attackbox VM from another room then come back to the ORM Injection room.

It's =>, not >=. In nosql what you're looking for is $gt (greater than) and $lt (less than)

Yeah, I know that => and >= it's different. I mean in question we have $gt ( greater than ) 65, that means we can filter by age starting from 65 then 66, 67 and so on. Why answer for that question " 0 " if we have 1st document that contain "gender" : "male" and "age" : "65"?

$gt is "greater than", not "greater than or equal to"

ohhh... I'm.... Thanks, I need to revise basic math signs, I thought it's >= not > 🫨

Yeah that's why I brought up => and >=, I think because you saw $gt and => right next to each other, your brain naturally thought greater than or equal to

Yeap, you're right 😊

In introductory networking task 8 Dig
Qesution = what is the very first place your computer would look to find the ip address of a domain

What's the name on cache file on Linux that keeps DNS records 🙂 ? it is /etc/..... 🙂 ?

Ahh still showing wrong

How is it called /etc/..... 🙂 ?

I send you a picture please help me out I trying half an hour

/etc/h..... 🙂 ?

/etc/ho.... 🙂 ?

I send you a picture in private

..... /....

Yeah , how is the file called 🙂 ?

Hosts

?

Cache

Exectly hosts file 🙂

😭Thank a lot for helping me out. I didn't think I get help that much fast

Thank you KGB thanks a lot

Anytime 🙂

what should I do if the tasks in the room disappeared

What do you mean 🙂 ?

write to me and I’ll send you a photo of the bug

You can verify and upload an image directly here 🙂
https://help.tryhackme.com/en/articles/6495858-discord-how-do-i-verify-my-tryhackme-account

Do you some AV running ?

What is AV?

Anti-Virus 🙂

yes

Try to disable it temporary and refresh the page 🙂

thank you this helped me, I hope I won't get hacked while my AV is disabled

Gave +1 Rep to @spare mirage (current: #2 - 2868)

Some AVs probably flag some words from the page content and block them 🙂 . Enable AV as soon as you finish the room .

(Nmap Basic port scan room)
I run this command: nmap -sU -F -v 10.10.148.149, and it asks what new port is now open, but only the 2 ports that are in the example are open.

Hello guys, on room https://tryhackme.com/room/threatinteltools , the "phishtool" task. The emails are given only on the VM but firefox isnt working on this VM therefor I cannot verify the emails on https://app.phishtool.com/. What would be a solution to have the internet work on the vm or download the eml files to my own pc?

You can use your own machine

the eml files arent given in the room

I will try with the openVPN app see if I can copy the files from there

THM would rather you didn't download room materials to your own machine, this in the event if something was to go wrong, THM would not be responsible, and it's generally not a good idea to remove malicious content from their enviorments.

You're supposed to use Thunderbird to analyse the emails.

how are we supposed to use virustotal with thunderbird?

You just need to take the hash of the email.

You don't need to remove the file for that.

not sure if this is a bug or intended, in Phishing Analysis Fundamentals task 6 it says to defang the urls or ips so they cant be clicked, but question 2 doesnt require the email to be defanged, idk if it was intentional but thought it should be here edit: especially since question 4 needs to it be defanged

Passive Reconnaissance - TASK 6:
Question: According to Shodan.io, what is the 2nd country in the world in terms of the number of publicly accessible Apache servers?
Answer Germany, but shodan shows China

for the third UDP port, you have to wait for a few minutes, like 5-6 minutes, for the service to be ready
after that nmap is able to see it open

Isn't this a bug?

xpath

No

Is the Incident handling with splunk bugged? I got the email address which I believe is correct: ||lillian.rose@po1s0n1vy.com|| but it doesn't fit so it just does ||lillian.rose@po1s0n1vy.co||

Tcpdump: The Basics - Task 4
For the last question i get the IP address x.y.53.80 but the accepted anwser is x.y.80.53

Not a bug, could be answer tolerance.

I could not get it to accept the correct anwser

Issue is still present

lol

Yeah I solved it but still is weird hahah

Not sure if this is the right place to report, but the url in this room (rubyfu[.]net) redirects to a malicious looking page

What's weird about it? It's two different tables. 😂

was the interactive lab shut down or..? (what is network room)

Should be a static website attached

Apolegies..realised what that icon was

The remnux room is not loading and freezes…

Don't know I'm still a beginner it didn't make sense for me

Enumeration Room (https://tryhackme.com/room/enumerationpe)
Task 5
For current release of SNMPCheck, the snmpcheck command simply brings up the GUI, whereas the command that provides the data needed to finish the task is named snmpwalk

Hello, for the room 'LookUp', why i can not access at her web site :

Have you added domain to /etc/hosts ?

i restarted my VM, thank you anyway

Gave +1 Rep to @spare mirage (current: #2 - 2925)

I think the flag is missing a closing bracket

Room: Data Exfiltration

who on earth implemented this crap flag submission

I am having the same issue

I have the correct flag but its not accepting it

mine is for a different room but I would imagine its affected in other rooms

Try to input your answer without that closing bracket

Did, doesn’t work

I think its an issue in all rooms

Not all

Some

Why on earth did they change the flag submission style

like please we do not care about the design of it. We just care about submitting it. I am hoping they roll back to the previous one

Luckily i still have * but yeah many people are reporting issues

What happened during the QA check 😅 . I swear I am able to find an issue for a lot of rooms nowadays.

@gleaming shadow u able to take a look at this? pretty sure its affecting several if not many rooms.

Think this is the wrong chat Katherine 🙂

@spare mirage is the site down for u?

literally got a 404 error and cannot even access any pages anymore on THM 😅 .

ok nvm the flag issue is now fixed. I guess they applied some sort of fix that caused me to get booted out of my account. Logged back in and now all is working

Works ok for now 😄

Think that might be a Kali thing:

Not least because the docs haven't been updated and (logically) that scan will always require raw packet privileges. i.e., Linux distros would need to remove the restriction which prevents low privileged users from crafting raw packets. I'd expect that from Kali, but not a distro designed to be stable

Kali definitely seems to be okay with it though

Hey everyone. I just wanted to let the THM team know that I've encountered a bug in the Room "CyberChef: The Basics", in Task 5 question 5. The answer is correct but (I suppose) because of the way the input form is structured with a clear URL structure, the correct solution can't be entered because it's in a different structure but the form on the site is hardcoded.
The answer is: https%3A%2F%2Ftryhackme%2Ecom%2Fr%2Fcareers

While writing this I was able to solve the issue but it's still a bug, beacuse the answer to the question is provided directly in the question. Currently the correct answer is defined as https://tryhackme.com/r/careers while it probably should be https%3A%2F%2Ftryhackme%2Ecom%2Fr%2Fcareers therefore either the question is not properly asked or the answer is not defined correctly.
Kind regards, Daniel

I had the same issue.
To bypass this bug I used Burp proxy (on the attackbox) with a "Match and replace" rule:
Type: Response Header, Match: SameSite=None, Replace: (empty)

Burp would also help to solve some of the questions. Instead of removing the cookie from the browser devtools, use Repeater and delete the cookie from REST requests.

The last task called "Msfvenom" in room https://tryhackme.com/room/metasploitexploitation . Seems to have some issues. The virual machine that you start for that part "MetasploitMSFVENOM". Starts up with error "Could not chdir to home directory /home/murphy: No such file or directory". Then it is possible to do the sudo su and get a shell, but every time I switch back and forth between the attackbox and that box, that session is kicked out and stopped. And I need to do the sudo su again. This does not seems to be correct.

Start AttackBox in full-screen view and use the provided machine in split-screen view. That way you wouldn't be kicked out of a session 😄 .

But what about the missing home folder for user murphy, that does not seem to be a ok error message?

The directory isn't needed, the machine is probably used for another room and was changed.

Hope this is fixed soon. I have just this flag missing on my learning path and in the room 😂

PROBLEM: The underscore(_) character introduces regression when answering a flag.
ROOM EXAMPLE: windowprivesc20
REPRODUCTION: When typing manually a flag containing an underscore in the "Windows Priviledge Escalation" room from the Jr Penetration Tester path, the underscore will automatically delete itself.
SOLUTION: Copy/Pasting flags w/ underscores will work.
PS: As a side note whomever baselined 60 minutes to complete this same room was A BIT too optimistic 😉

Velociraptor room task 4 question "Review the output. How many files were uploaded?" Has an error. The answer it wants is 20, but the actual output you get in the exercise is 19 and I confirmed this not just in my machine, but in multipe walkthrough and youtube videos all sharing the same issue

this room machine is bugged , i am unable to connect to it when im on my own machine with VPN.
link : https://tryhackme.com/room/ctf

Thank you for reporting. 🙂

Gave +1 Rep to @strong jasper (current: #2656 - 1)

Have you verified your connection?

PROBLEM: Dead link(404) from the Conclusion portion of the windowsprivesc20 room
ROOM: windowsprivesc20
REPRODUCTION: Clicking on the "Hacktricks - Windows Local Privilege Escalation" link brings a "Document no found(404)" tab

TYPO (duplicated text)
ROOM: ORM Injection / TASK 5

Let's take a closer look at the source code used by the developer: to Let's take a closer look at the source code used by the developer for the Email (Vulnerable) input field:

GRIPE: "LDAP Injection" room was a mere 16 points. "Server-side Template Injection" room was similarly few points. Contrast with the next room in the series, "ORM Injection" which was 100+ points.

guys is this machine bugged? or have any issuse?
i cant read the "/var/log/apache2/access.log." file
and i tried everything
even i saw the writeup and still

In the new Bypass Really Simple Security room, Task 1, "servers" is mispelled as "severs"

https://tryhackme.com/room/bypassreallysimplesecurity

@last loom whatever you did with the answer bar, please restore it to old method. copy pasting screws up,
first Wreath now Snort room

?

That's a bot.

whom should I contact so they look into it

You don't need to, this is an issue they're aware of.

Won't be fixed today though

ok

Anyone know if the wreath room is down? I try starting up the network and it fails.

the pcap is not on the virtual machine tryhackme provides for this task in "thehiveproject" room. Task 5 Question: "Upload the pcap file as an observable. What is the flag obtained from https://10.10.195.217//files/flag.html". Also that link does not work that is provided in the question unless you remove the "s" from "https", since the site uses http

Also new answer format makes it impossible to enter the full answer to this last question for "thehiveproject" room meaning I cant answer it -

This is a known issue.

You have a typo there
THM{FILES_ARE_OBSERVABLES}

i cant type the s

its the new answer format bug that scrubz says is a known issue

But you're entering THM{FILES_ARE_OBSERVABLER} instead of THM{FILES_ARE_OBSERVABLES}

But those two have same number of characters , only in your is R at the end and it should be S 🙂

oh wait wait

wait wait i see what u mean

Try it and provide an update

yea i did i was SO CONFUSED cause i literally copied the exact answer i found in a walkthrough but its just a copy paste issue not a character limit. Didnt realize the typo at the end

Is everything ok now ?

these are still issues @spare mirage and obviously copy pasting messing up the answer format, but yea i was able to fix the typo

Glad to hear that

🙂

That's a problem i encounter moslty in old rooms. It's readable only in light mode or if i have it in dark mode i need to highlight it in order to read it.

hi, somone can help me with the Loopkup challenge? I can't reach the login page. I'm connected with vpn on my own kali machine

Have you added lookup.thm domain to /etc/hosts ?

oh xDxD, i try

ty very much, but should I do the same on the AttackBox?

Yes , if you want to access that domain 🙂

ok, ty

Hello, is this room working for anyone ? https://tryhackme.com/room/shellsoverview
I can't add attachments to show but this is what I see: there is the page structure (room description, "created by" section), but no tasks
thanks :)

Do you have some anti-virus software 🙂 ?

Yep, Avast showed an alert but I flagged it as false positive, So it was'nt enough ! Thanks, I'm going to investigate that!

Gave +1 Rep to @spare mirage (current: #2 - 2991)

Turn AV off temporary until you finish the room , many users reported that Avast blocked the room 🙂

Ok, thank you for the help! :) 👍

It appears that something is not working correctly with the URL given (http://MACHINE-IP.p.thmlabs.com) in Task 3 of the room "Splunk: Dashboards and Reports" (https://tryhackme.com/room/splunkdashboardsandreports).

It says it will take 3-5 minutes for the Splunk instance to start, but after 15 it still shows a webpage stating that "Further configuration is required."
This is in both my browser and the Firefox browser in the AttackBox

However, using the Target IP Address directly in the address bar of Firefox on the AttackBox pulls up the Splunk instance.

Can I report typos here?

Yes 🙂

https://tryhackme.com/room/logstash

Task 11, just before the questions, it has you save a .conf and run from location:

/usr/share/bin/logstash/

should be:

/usr/share/logstash/bin/

thanks KGB

Upon further investigation, it looks like the hyperlink itself is the issue. A copy and paste of the link into my browser rather than clicking on it after the IP has populated pulls up the Splunk instance.

Try to enter target IP with - between octets to resolve the issue 🙂 . http://10-10-203-87.p.thmlabs.com/

Oh my bad sorry , didn't see this 🙂

Hah, no worries, I just posted that recently

Yeah , I saw it too late 🤣 , but anyway glad that you resolved the issue , keep up the good work 🙂

Guys, when doing the Olympus room, i send my shell through the chat, but it doesnt show up on the database when i dump it, in fact it only shows the 3 "standard" messages the chat has when you dump the database, is this a bug?

In Bypassing Really Simple Security, Task 3, it says "Browers" instead of Browsers

https://tryhackme.com/room/bypassreallysimplesecurity

I have the same issue. ctrl-z and ctrl-y also don't work

type the letter before, then after any underscores. I agree though, the old way was better.

Hi. How much affects operation of the Caldera room if Aurora License is expired? ( License file found
Module: Aurora-Agent
Owner: content-dev@tryhackme.com
Reason: license expired
Valid: false
Valid-From: 2024/01/31
Valid-To: 2025/02/07)

Hello, please check the room - "pyLon"
https://tryhackme.com/room/pylonzf
There is an error in getting privilege escalation.
There is probably an error in the certificate itself. Because the room was created a long time ago.
Please check for operability.
Thank you.

I'm having an issue where webpages aren't loading, I've waited up to an hour, I can ping 10.10.10.10 and DNS is even working but no website

Which website ?

Smol right now, but it's occured on others

Can you provide a ss 🙂

Have you added that domain and subdomain to /etc/hosts

?

I just put in the IP