#room-bugs

Perfect

?

is it normal that the flags don't work as passwords for the named users on linuxagency?

Honestly? No clue.
That's usually a routing thing, but given it's just AJAX that isn't working (i.e. you can access the site normally), it's unlikely to be at that level

Ok, got it. Thanks for your help 🙂

cannot su into dalia's account with her flag in linuxagency room, bug or am I missing something?
restarted machine and the same problem

Linum: Local Enum - Every time I get a reverse shell it works for around 2 minutes then dies and wont allow me to spawn another one. have had to terminate the box and redo

it's intended

I can't press Select and Upload

And I can not close the machine

have you tried refreshing?

Yes, so many time

I'm afraid I destroyed something, before it worked and I did something and it did not work. LOL

hello ,everyone,the room Linux Agency,task 4,i got dalia's flag ,but i can't use the flag auth...why?

but the task 4 dalia's flag answer is corret

It's intended

I think

what?

haha ,i got it.thanks

su dalia from viktor is not the intended path in the Linux Agency room. 🙂 @main iris

jabba

Hello, I'm working my way on the complete beginner learning path. But lastly, any room mark complete at 100% doesn't appear on my dashboard. Do you know how to fix that ?

It cannot be fixed because it's an intended change for now

Can you tell me a little bit more ?

The site staff changed the way it works. You no longer get ticks in paths.

Yeah it is

The named users are privilege escalation ones

So how do we know where we are on the path ?

I don't know. I didn't change it. I'm just a discord moderator.

It will be changing soonish

Yeah I gathered as much, finished the room this morning

Ok then I'll continue walking on the path

Help pls

doing the linux priv esc room and on my 3rd reset in less than 10 minutes. I'm not bashing because im really enjoying THM, but this has been happening far to often in a lot of rooms , very frustrating.

Why are you redeploying so often?

I put the odds at about 90% that it's your VPN

Hi team, having a strange issue with the nmap room when attempting the practical. It looks like I'm not getting a target machine IP

Hello, dear thm team.
I have a bug on this room: https://tryhackme.com/room/ccghidra
Task 4, second and third questions:

What is the first variable set to in the main function?
What is the first variable set to, in the function "fn1"?
I found 2 variables on main function (but no one have length equal 2 symbols) and no one on fn1. This method just returns nothing (see on the attached screen).

Did you use your own machine or THM Attack box?

Using THM Attack Box

Did you click the green deploy button with a cloud on it?

honestly idk , in the past that seems to have solved it when I reset n run a room/box with a new IP. I reset my vm and got it back up n running so all is good for now!

I beleive so. Here's what I'm seeing currently

You did not deploy the VM

That's the attackbox.

Go to like... Task 1? And click deploy

Duh, thank you kindly. I did that couple days ago and forgot about it xD

If you ever see MACHINE_IP check that you've deployed the machine

Can't SSH into the AllInOne Room (https://tryhackme.com/room/allinonemj)

That's very vague.
How do you know you cannot ssh?
Is there an error?
What error?
Can you provide screenshots?
Have you checked any writeups to make sure you are doing it right?

Check the pins in #site-support and try the MTU fix @opal ingot

Hm their message was deleted.

incorrect username, should be lower case for A

Hmm.. I'm trying to do https://tryhackme.com/room/corp and it seems to be uncooperative. When I click the start menu nothing happens no-matter how long I wait. I reset the machine and tested again. Same behavior. Anyone experiencing the same issue?

I've also noticed a bunch of other issues mentioned here

Yeah, it needs some fixes but I think the creator has been super busy

understood 🙂

I'll see if I can bend it to my will until that happens I guess 😄

should be a nice challenge I suppose

Finished anyways. Done.

The button “Select and Upload” doesn’t work.

That's almost certainly at your side given that's the first I'm hearing of it and it's JS.
What's the IP address?

10.8.147.35

That's your IP address -- what's the IP address of the box?

It does not matter because it happens to me in every machine I open for this task. But 10.10.47.65

It matters because it means I can check it

Ok sorry

It's working fine for me, so that's definitely client side

Can you show me the developer console please?

LOL it's work now sorry for disturbance

Fair enough 👍

Happy hacking 😄

Thx😋

@next bluff
This room has lots of great information. The problem ive found though is task 3 it approaches it from back to front. So it got me to add a load of paths to the website before adding the function that they are direction to. I had the website running and then once i start adding things to it, and it was coming up like python errors. I spent a while researching and resolving this which i managed to do. After finding the fix ive moved on to the next parts of the task while are the things that i found to resolve the issues i was getting. An easy fix you be tell people at the start of the task to turn the server off and or they could re-position the order of the information.

@green steppe if i'm not mistaken, you are the creator of the Rust room. In Task 4, there is this minor styling issue. This should be all included as a code block instead of only the first line. In the same task, there is 3 places where this is incorrectly styled.

Hi, the room windowseventlogs has some issues with detailed questions about numbers of logs in the event viewer section i have deployed the room multiple times but never get the right number of log entries

btw, the rpwebscanning room has a question that appears to be version specific for zap. My zap never gave a specific web browser alert so I had to go check this writeup https://deskel.github.io/posts/thm/rp-web-scanning for the answer.

The alert is deprecated. It's a known issue.

Thx

The Shodan room could do with font normalisation, and also, in Task 7, the content before the image has been repeated twice @green steppe

any chance you figured it out? Me and another person are stuck on that one as well

I think there might be an issue with the "Sysinternals" room in the Cyber defence path.

I'm having trouble with the "sysinternals" room - getting task3 getting "Sysinternals live" to work - I set the path of the sysinternals and got webclient running - it doesn't seem to save the "turn network discovery on" settings.

it cant be done, that I'm aware of, in order for it to work the machine needs to be able to get a callback from a *.google.com endpoint
so unless they give the room internet access, or emulate the google site somehow, no chance

Can you all help me solve linux agency i think it is have some problems I trying tu su to mission1 by entering mission1 flag but it is showing me authentication failure. Please someone please check

yeah, i mentioned it in this room, but didn't take it any further, i don't like having unfinished rooms also

They all worked on my end, going to say user error, read the task carefully

Okay i'll try again. Thank you.

Wireshark room > Task 4 > Opening Paragraph: Horrific grammar

@twin tapir

Fix

yo I’m aware of the grammar I just followed darks template don’t blame me blame me dark

Oh godI

I must’ve been super tired writing that

hmm, Lian_Yu seems to include a youtube video which is no longer avaiable (account terminated), is it required to continue the room?

doesn't appear to, ok

Is there a specific format to report a "bug" in a room?

Nothing major, just an invalid href= link in a recent room, felt I should do my part and report it. Not sure how to contact the room owner though?

Pass it here and I'll fix it 🙂

This room: https://tryhackme.com/room/webosint

That room is private

Well I just finished it?

Where did you get the link to join it from?

Once you're in it doesn't show you the status

The href for linking antifa.com to Russia, is invalid

That room is slated for release on the 21st of February

@plucky nimbus you missed a dead link in it btw ^^

@waxen wigeon Where did you find the join link for that room?

I'm assuming someone leaked it somewhere?

I'm assuming so as well

Well, it's all gonna be reset on the 21st anyway, so tough luck to anyone who did it early 🤷‍♂️

So I'm assuming points don't count after it's reset?

You don't get any as it's private anyway

Good to know, thank you. Honestly didn't even know it was private

Might just leave it then, given it's a walkthrough anyway

Oh, no, it's a challenge

Where did you get the link to the room?

DM me

Dropped the info to timtaylor via DM

anyone else have issues with hackpark, seems to lag and not work properly

ive had no issues with any rooms thus far

Dang it I'm mad. I'll use a more finely toothed comb next time.

ahhh nice

i changed their username

so cute to see them living up to their name hahahah

Been trying to complete Windows PrivEsc for like 2 weeks now :L
On task 7 the reverse shell doesn't execute. I'm logged in as admin, I've tried the entire process multiple times now. Does anyone have any idea why it doesn't run? @slate parrot sorry to ping you but did you ever find a solution?

Nope, a lot of the tasks in that room are broken. The room author was going to revisit it at some stage. Sorry 😦

Dangit! It's the only room I need to complete the beginner pathway 😢

The room creator was super helpful, worth pinging them.

You also have to add a comma to the section on MAC flooding: Once the CAM table is filled the switch will no longer accept new MAC addresses and so in order to keep the network alive, the switch will send out packets to all ports of the switch.
It's a run-on sentence. Add a comma after "filled".

flag is mission1{....}

?

SQL Injection Lab where I am facing this issue. Is there any issues regarding the update challenge?

sqlite_version() is reflected instead of showing the data base version.

Network Services 2 - Task 9 (Enumerating MySQL). The last question but one says that you should run the default "select module()" command. The default is "select version()" and that is what the question wants as an answer.

Just tested the challenge and it is working as intended. The sqlite_version() function returns the version number when testing. If you have any specific issues with it then feel free to contact me and we can have a look at it

Can I DM u?

sure

oh got that too but I was doing it wrong

probably missed some punctuation somewhere

The creator posted it on twitter

Room:Core Windows Processes, Task2.

This should be written wmic process

@tight relic Hi✨

Hi

Thank you for your input. The reference to wmic is just a general indicator to learn more about it. Even wmic process would not be the full command used. Something like wmic process list brief would be an actual command used.

Oh, I see. Thank you for explaining in detail.✨

it has some minor spelling mistakes.

That is not a public room yet

it is

i just accessed i it rn

It is NOT a public room yet.

It's not public

It's not even readied. Talk to the creator.

i dont know the creator 😦

ok sry 😦 .. i will ask yall be4 posting a question

Then how did you get the link?

somone in darksec posted

They're probably the creator then.

Yeah they are quite clearly the creator based on what they said.

mhm

@eternal summit if there is still a link in Darksec I'll delete it. Where is/was it?

Hello, I wasn't sure where to post this but in the John the ripper room in task 6, the /etc/shadow file available for download is different than the one provided

In OWASP Juice Shop task1 there is a repetition. I'm not sure if it was done on purpose.
You will find these in all types in all types of web applications

@topaz thorn Hi there
excuse me to interrupt you
i found a very little problem with site's coding which i though it would be useful to aware you about that

I'm not site staff I can't fix that

What room?

Nmap room

Task 5

@obsidian kiln did you break it?

thank you for your attentions

The heck happened there

Looks fine to me?

@wheat fractal Try a hard refresh? (Ctrl + F5)

It's showing up fine on my screen

let me check it again@obsidian kiln

It's probably your screen width?

still the same

Even with a much smaller screen width I am not getting that James

Just goes off the screen

cause i have eys's issue i have to use this size of screen but it happens even if i back to normal one

@obsidian kiln that is wrong room :))

That is seriously weird

https://tryhackme.com/room/furthernmap

Further nmap

Yep, that's what I'm looking at

Task 5

heeemmmm i even cleaned the cash

i dont know really

i just though it might be useful to aware you about that @obsidian kiln

That image shouldn't be nearly that big anyway. The heck happened there

is it maybe one of the plugins in firefox that the user installed?

Hm, that's a good shout actually

@wheat fractal Do you have any plugins that affect stuff on the screen?

^ worth trying incognito with no plugins to see if it's fixed afterwards

tha's all i have on Firefox the last update

My firefox is one behind. Trying it now

i got firefox, can give it a go

Yeah, it's still Ok for me in updated firefox. That is very odd

You able to show me the CSS styles for the image in inspect element @wheat fractal?

yup still fine

which part

Select specifically the image, then it should be over on the right hand side

image is selected

Mind doing a hard refresh and see if that fixes it?

if that helps you yes sure @obsidian kiln

I mean at this point I'm just debugging -- I don't have a clue why it's doing that given I can't replicate

@obsidian kiln it is okay now

wondering what was the problem

Well then.
It'll be to do with a fix I implemented when the editor changed at the start of December. I had to make it really wacky html in order to style the image

That didn't hold over well when the editor changed back

oh....so what's why he said you broke it :😆

okay thank you for your efforts

Np!

i would be a good ....idea to put on a announce to tell everyone refresh their cash

yeap

seems you did a major change

@obsidian kiln i have to do something about my browser.......

How about clearing the cache?

@trail bramble did it twice

it seems my ISP filtered the server where is imagase are stored

cause i can get them if i run VPN

the question is WHY!>

? Are you connecting from some restricted network?

Then, it's not THM problem. You should say the network admin.

yeap problem that is the case

Those are on imgur

imgur itself is open but again the images are blocked , ofc i know this is not THM problem , i just wonder what heck is wrong with my ISP or who's responsible for that

Usually ISP level blocking, change your DNS

@eternal summit thanks for the help

at least that gave a clue about who's responsible for that

jewel room is bugged. not getting reverse shell. also tried following the walkthrough step by step , still the same. (https://tryhackme.com/room/uploadvulns task 11)

@versed inlet the video walkthrough?

yep

The box hasn't changed since the video was recorded, so it can't have gone wrong

i dunno what else to say

im not getting the reverse shell

Try redeploying?

ive been on it for the entire day

Oh, actually.

redeployed like 3-5 times

What's the IP?

one sec

10.10.31.155

Lemme check it

k thanks

you are free to look at the payloads i aleardy uploaded aswell

That's what I'm doing 😁

Did you get a shell back there?

what do you mean

i put the payload on the server but i couldnt get a shell

I assume you have a listener up?

yep i did

Because that's running just fine

wait what

Did you get a shell back?

no

Hm

10.9.255.254 your IP, yes?

yep

Listener on port 1234?

yep

Are you using Kali?

yep

ill even go ahead and try attackbox rn

one min

yep doesnt work with attackbox aswell

just FYI , the command im listening with is :nc -nlvp 1234

That's definitely working at my end

=/

Hi guys, have a bug when trying to do Overpass on attackbox, do not want to comment too much includes spoliers.

so i dont know what to do man

i did the exact same

Yeah, you need to SSH in or RDP or VNC

You can't use the in browser access

You're entering ../content/ZIE.jpg into the admin page, yes?

yes

exactly

Could you fullscreen your attackbox and send me the URL please?

Yeah, one of the ports needed was bound by a attackbox service

Yep.

Thanks glad you are aware 😄

I found out by trying to kill the service and yeeted my session 😄

It never used to be an issue then the attackbox changed

You can use SSH or RDP or VNC just fine

It appears to be something wrong in the Windows Event Logs room, task 2. I'm providing the right answer, but it isn't correct..

It also appears that "What are the total number of events?" question isn't correct. Maybe i'm doing something wrong, but i don't think so.

I can't even interpret the questions in the rest of the room. It's asking for definitions, and when i read the exact definitions from Microsoft's web site it's not possible to give any answer or understand how it should look like..

They're different tho

Yes, that's meant to happen

It's an rbash for a reason

possible bug on the bash scripting walkthrough, task 5, Q3, answer takes "" as quotes, while the walkthrough uses ''. Intentional or not?

The commands you are allowed to use in this room are:

cat
tac
head
tail
xxd
base64
find
grep
echo
xargs
hexeditor
tar
gzip
7zip
binwalk
Bear in mind, commands such as cd are not allowed.

oh yeah, there is no python import function btw as everything is symlinked to the user, nice try there is a privesc with nothing to gain if you wanna find it

Hi all, I am on the Network Discovery room (Telnet). The nmap scan that is advised takes a long time... Is this normal?

Hello Guys, can anyone help me resolve something with the WebAppSec 101 room from THM website?

I have some issue with the Authentication section.
How can I know username of a logged on user? from question: What is the username of a logged on user?

Should I handle the new cookie value to doing that?
Please, any help will be apreciate! 🙂

Can anyone help with super long nmap scan times?

you can try tailoring your nmap script to suite your needs if you want to scan just telnet point the port to telnet, or you can add -T4 to increase the speed. man nmap is your bible

I have tried a fair few options... The method the room wants you to use takes very long for me

Enumerating Telnet in the Network Services room

add -T4 at the end of the command to speed it up

nmap -A -p- -T4 IP

that should fix the issue with the script taking way too long 🙂

I get "Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn"

and then if i use -Pn it takes a long time

Sounds like you're not properly connected to the VPN

#site-support

The browser says I am connected

as james advised let's move the discussion to tech-support

Hello i have problem with this room

https://tryhackme.com/room/introtox8664

When i load this and login to ssh and want to set a breakpoint it gives me this error Cannot place a breakpoint on 0x5589ce52e637 unmapped memory.See e? dbg.bpinmaps

So i cant continue

@sleek jay Task 3 /tmuxremux, should be most instead of must. Great room by the way! (sorry for tagging you as it was not clear who's the creator, you or Oreo and i couldn't find a user called Oreo on the server)

It’s @tardy lynx room

Thank you

@oblique hemlock , you can often just put the room and issue; it will usually get re-directed to the right sources at that point

hi i opened room named empire and i haven't joined it yet but it is showing 50% already completed

Let me check @craggy solar

okay

DM me your THM username.

okay

Have you left and rejoined the room?

Sometimes rooms say they have been completed but a quick leave and rejoin updates it.

okay, i don't remember joining this room and mostly when i join a room i complete it until it is really hard so i keep it for later

if i join now my previous answers will be shown right?

Yes.

Right now you're not showing as joined, so please re-join the room and see what happens.

okay i will join and check

But there was a minor bug a while ago wherein rooms had issues with tasks, Skidy advised everyone to leave and join the room if this were the case.

okay my bad i have answered few questions sorry i will investigate properly next time before submitting again sorry

I think I know your issue.

If I recall correctly, the empire room was updated? This means that all new tasks were not completed.

So you may have completed the room but as the room was re-created, all the new tasks were marked as uncompleted and old tasks stayed.

okay i will keep that in mind thank you so much for your help

kk sorry

https://tryhackme.com/room/relevant the machine is dying for me after an hour

@dusky junco this is on your list right?

I think windows boxes have a bug there that's slowly being fixed

Yeaps... But I was able to root it on 3rd boot so I didn't went crazy at all

hey found wrong input validation on bash scripting room in 2 questions its marking the wrong answers as right

Probably just answer tolerance

can i dm you the screen shot?

Are there over 10% incorrect characters? @limber plaza

No, NM its just an answer tolerance 😅

there is a room (Content Security Policy) that multiple people are stuck on, it got reported tons of times that it needs internet connection to be done, but got said that it doesn't every time this was brought up. I just asked the room-maker and they confirmed that it needs internet access. They said it needs an admin to do so because room-creators can't enable internet access on their own anymore. Which admin can i tag?

https://tryhackme.com/room/csp

@dusky junco is this within your powers?

Hey, I have a question / report for windows10privesc, "Task 8" => "HKCU\SOFTWARE\Policies\Microsoft\Windows\Installer" Does not exist, so the readme is not in sync with the machine. "Task 10" flat out doesn't work for me, tried to restart the vm multiple times, the script just says there are no credentials stored. Is it just me ?

Task 9 also doesn't work as intended anymore, the password is not leaked in the winlogon key

I don’t think we have the security groups for boxes to be public facing anymore - I’ll have to ask

Well damn

OWASP Top 10 room, task 16 last answer. I got the private key but I think it's not accepting the right answer.
I put in the first 18 characters, ||MIIEoglBAAKCAQEA7|| and it doesn't accept.
#room-help message

do you mind tagging me once you have the answer please? I have spent way too much time on that box and would love to finish it

you have one letter that is wrong

did you type it over?

yeah I did, let me recheck.

are those ls or is

lmao

haha that is where the problem is indeed, try the different combinations i would say 😄

Got it, thanks.

The old creddump7 should not be linked anymore, a newer, python3 alternative (https://github.com/ict/creddump7 untested) should be best

Just shouldn’t even use creddump7 at all should be using impacket. I personally hate the fact that it teaches creddump7

Ah, @twin tapir Just who I wanted to see

Speaking of impacket

It's being weird

god damn it muiri

you’re dummy self already dmed me once go and shoot

anonymous room is not working as intended , not getting a reverse shell

can someone shed some light on this

@twin tapir yeah. My point is, the rooms need overall revamp because it is highly unstable / inconsistent between 2 instances and is outdated

GraphQL Task 4 seems to be giving me a wrong answer although I have checked my formatting a few times

did you copy and paste this answer? It seems like the double quotes are messed up. That happens sometimes when you copy and paste

hmm weird, even when I typed it correctly I was getting the same error, but some how changes the quotes around worked this time

Your answer had left double quotation mark and right double quotation mark whereas the answer requires two quotation mark entries instead. Some text editors auto-correct the latter into the former, which can be annoying when having to be exact.

thanks @glad badger that makes sense now

room ice contains a link to the room rpnmap which has been yoinked a while back

task2, question 2

I just went back and tried this room with the notes i'd saved and can confirm it no longer works.

Thanks I’ll update this (: good find!

Room: Authenticate, Task 4(JSON Web Token)

This is not "edit the stored cookie", but "edit the stored Local Storage".

that is a cookie ....

here https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector/Cookies

? My understanding is :

• Cookie and Local Storage is different.
• JWT can be stored Cookie or Local Storage.
  https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector/Local_Storage_Session_Storage

Am I not correct?

Partially, but also if you search on google: where are JWT stored you get this:

Uh, I know that.

But I post #room-bugs . [Authenticate] room's app set JWT to Local Storage.
Therefore I point out the document has a bug. That's all.

There's an issue in the Yara room - specifically the Loki task. When trying to scan file 2 it's showing an error with one of the yara rules and no scan results are coming through. I'm unable to complete the tasks

The task description makes you realize access tokens can also be (insecurely) located in either local storage or session storage. Perhaps better wording would be edit the stored access token.

Steel Mountain: Page instructs you to download PowerUp, it doesn't point out that it's included in Kali already ( /usr/share/windows-resources/powersploit/Privesc/PowerUp.ps1 ), not sure about AttackBox

@dusky junco ^^

PowerUp.ps1 is not on the AttackBox. Although Empire/Starkiller will include it if I remember correctly.

learncyberin25days - Task 16/Day 14: scylla.sh is down (gone ?) so the "Has rudolph been pwned? What password of his appeared in a breach?" question can't be solved

pretty sure it's scylla.so now, and it looks like the dev's fixing it now (saw them say this in another server)

cool

Ah yeah I updated that in aoc2 but didn’t think about that room

I’ll update it when I get to my work laptop (:

Don't know if it's just me but Scylla.so doesn't work either

nor me

Scylla often gets taken down either because of maintenance happening or he’s been under some attacks and companies going after him recently

did anyone run into a issue in Common Linux Privesc room task 4 question 6. When I submit the answer It pops a error undefined!!!

hello, in the linux fundamentals 3 there is a bug in task nr 5 on the second question

when you answer it, the answer changes from "FIND" to "FINDE"

do only i have this bug?

Just tried that, didn't happen to me. Try refreshing

i dont know if this is the right room for this but i cant ssh into the thm machines, ssh is working on other websites and im connected in the thm network.

not all the boxes have ssh, depends on the machine you are trying, does nmap show ssh open?

yes

its the final task on CC: Pen Testing

and linux strength training isnt working as well

odd, what error are you receiving

time out

ssh: connect to host 10.10.39.126 port 22: Connection timed out

Odd. You are connected to the VPN, right?

yes everything works except for the ssh connection

Hmm. Haven't come across that as of now. I would suggest regenerating the VPN config

already tried

Not sure if anyone else has more experience. @eternal summit do you happen to know a solution for SSH not working even after VPN config regen?

I have a vague memory of soimething like that due to my client being old and using a protocol the server didn't accept

hmm, that might be it, try doing the ssh connection with -vv

you can then force the protocol the connection should use

ok i will try

@dusky junco are you there?

i have a small question for you 🙂

expecting SSH2_MSG_KEX_ECDH_REPLY

@obsidian flame MTU fix

Pinned in #site-support

ty ty

room tmux last task , submitting the partial answer worked , and after refreshing it is displaying the full answer , don't know if it is a bug or not , just sharing it here !

there is some answer tolerance for questions

okay 🙂

Room: rrootme > Task 2 > Question 2: "What version of Apache are running" - should be "What version of Apache is running".

Room: Kenobi,
Link: https://tryhackme.com/room/kenobi
Task: 2, 6th line from the end.
Bug: Typo (an -> a)

No offense to the classic passwd's room owner, but... SPOILER AHEAD.
||I was 1 ltrace command away, in knowing the username|| It took me hardly 3-4 mins to solve this challenge 😉

Hi

is there anyone finished the Sysinternals room ?

i got stuck on this Q

There is a txt file on the desktop named file.txt. What is the text within the ADS?

the answer which i'm getting has deffrent format

@uneven vault I think you should ask this on #room-help

Thanks I solved it

updated thanks varg (:

updated -- thanks (: good spot

Any update on this?

Hey! Yeah apologies. So it's something that we can do (in terms of giving it internet access) as long as it isn't vulnerable -- which it doesn't look like it is.

However there's a few things with it and I've reached out to the creator yesterday and I'm waiting to hear back from him (:

VulnVersity is down, anyone else or is it just me?

Why do you think it is down?

I rebooted my machine twice, still can't connect to it, can't scan it, can't do anything with it. I don't think it's on my end since I've just done another room that functioned well.

Are you connected to the VPN?

Yes i am

And you have tried to perform an nmap scan?

Great, would love to hear (from you) once it is up and running

The nmap scan functionned

but I can't use gobuster, it prompts me to a "no access" error

Are you specifying the correct webserver port?

and I can't browse to it

I am

http://machine_ip:[webserver_port]

I'll try again but I d on't think this is the problem

Can you supply the command you were using?

gobuster dir -u http://10.10.183.107:3333/ -w SecLists/Discovery/Web-Content/directory-list-2.3-small.txt

Are you able to directly to go the webserver?

(typing the url into your browser)

Well I wasn't until now, but it seems to be working as of 10 seconds ago

You fixed it with magic didn't you

Yes:)

Jabba the Magician.

Thanks 🙂

Room Bash Scripting (https://tryhackme.com/room/bashscripting)

Position of else is incorrect please replace the image

something else, not something else

Although I agree, it's not very well worded

I agree not a big thing but may be this will create less confusion of that else getting understood as something else XD

RDP isnt working on https://tryhackme.com/room/windowsprivescarena ive reboooted 3 times now. tried with remmina and rdesktop

ok i was running a VPN at the same time, turned it off and now it works

Hey, i am doing the Linux Challenges room. Is it possible, that there is a typo at flag 14? so this is the task: Where on the file system are logs typically stored? Find flag 14. and in the correct folder there is a document called flagtourteen. Is that just to prevent searching for it or is this a typo?

Which Task?

2

Room name? That's a retired room.

Its Linux Challenges in the Linux Fundamentals module

Could be either a typo or intended name obfuscation.

i just wanted to proof. Thanks

Task 6 Day 4 : the word list at /opt/AoC-2020/Day-4/wordlist seems to be missing...attackbox ip:10.10.227.114

What is missing exactly?

nvm, my bad!

sorry, I was looking at it late yesterday and my eyes must have gone funny lol

actually, I realized my error, there are pictures cropped too tight, I just posted the wrong one, as I said, it was late yesterday when I made the note. So this is the linux modules room, task 8

the top picture is supposed to show an xargs command, but it's unfortunately somewhere off to the right, it's referred to in the text below though, the next one similarly is supposed to be showing the use of a variable argVar but that too is not to be seen

Right click on the first image, and open in new tab. Going to check why it is not displaying the whole image. Thank you for reporting.

thanks tim, I was able to work out the answers anyway, but it could be very confusing to a beginner coming across it. While I have you, I have an answer that works in practice but I can't get it to match the template answer for task 8 question 3, could I check it with you, been at it for ages

DM me your answer and I will compare.

Hello!
For this room https://tryhackme.com/room/linuxmodules
for the Task 7 That's what she sed and question What pattern did you use to reach that answer string? the correct answer doesn't work. I got with my command the answer for the previous question and my command have the same format as the "answer format" but it doesn't work.

Well there can be multiple ways of creating multiple pattern in such a way that it could give you the same result... Check the hint I gave, to submit in that particular format

Yes, I read it and did as you said. Can I post my solution here to check?

DM me, I will check it for you

wait...what!!

Refresh that’s answer tolerance

Tryhackme dark?

Wtf

dark reader plugins @midnight hollow

Ohh ty

For room https://tryhackme.com/room/rpwebscanning , Task 3 Zip ZAP! question This website doesn't force a secure connection by default and ZAP isn't pleased with it. Which related cookie is ZAP upset about? and the answer to it is httponly.

I think it gives false impression. For cookies to be sent over a secure connection flag secure is used.

eh yes, eyes care mod, just that xD

is this where i can ask about why my completed rooms arent updating??

In Network Services 2, Task 6, there's a question telling us to set the threads to 16. This won't do anything as it's max 1 thread per RHOST. @cinder bone

Thank you @eternal summit I'll change that 🙂

Also, for Task 9, Metasploit changed the default SQL @cinder bone

Just need to set sql back to what it was before

Wait, no

It needs to be set as select version() so it's just an error in the room

I see! Will change that also!

https://tryhackme.com/room/bruteit
User flag and web flag are backwards for the intended path

@dusky junco Task 5 Mitre, this should be plural not possessive.

Last question task 5

https://tryhackme.com/room/activedirectorybasics Task 8, last sentence in task text, Probably needs to be broken into two sentences etc.

Yep, I just flagged this and it should be fixed soon

Like a few messages above

With the creator

Oh lol

When it rains it pours.

You are onto it James apologies

Am enjoying the changes to the beginner path tho! 🙂

Nice excuse to go back over it.

Did you manage to find out the answer to those odd questions from that room?

It seems that there is something off about 'SSH' connection in the 'EasyCTF' room, It doesn't work.

It seems that there is something off about 'SSH' connection in the 'enpass' room, It doesn't work.

It was tested and it's definitely working

thanks

hi everybody (new to the server and quite new to THM in general); I have a smallish problem in the "Blue" room, namely:

• the exploit works in the provided attack box (metasploit version: 5.0.101-dev)
• the exploit fails reliably on a new Kali (metasploit version: 6.0.29-dev)
  is this a funky bug?
  (it also does not matter whether I'm trying the exploit with the default meterpeter shell or the reverse_tcp shell as given by the room, same results on the respective VMs)

Hi,

I think there is a bug in this room:
https://tryhackme.com/room/sustah

It's related to the root privilege escalation step:

Note: I tried to re-deploy the machine to confirm that.

Hope someone from the technical team will check it

according the creater that file is not in a standard location

Probably just an incorrect LHOST value

RHOST I get and understand what it should be what what should be LHOST in a locally running VM and connected via VPN? Should it my public IP? (Based on https://security.stackexchange.com/a/142280 )

@celest sphinx #room-help preferably

It should be your tun0 VPN IP

could confirm it, LHOST was the NATted IP of the VM, setting it to the tun0 IP enabled the exploit 👍 learned something again, thank you

Is there something wrong with the Inferno box ssh connects and kicks me out after 30 seconds while I'm looking through the box?
I tried terminating the room multiple times and restarting my vm

It was tested, and is working.

hello , im at the alfred room , im at the end of task2 , i succeeded to make my msfvenom file to run , but the msfconsole multi handler , gets stuck (pic will be sent on my next msg)

anyone?

Same issue here. I gained shell with a py script i found.. kept disconnecting fairly quickly. Finally found proper creds to ssh, but still disconnects. Terminated the box and re-deployed, still disconnects.. soooo annoying

Was thinking it might be some type of cron job running or something 🤔 but i cant stay connected long enough to find out

But it also spits commands out by itself...such as "logout". I didnt type it, but it logged me out bc of it lol

With that said tho... once you have access to the box... priv-esc is too easy.. so if you still havent rooted the box.. dont overthink it

you typed anything

try typing ls

For those who reported room completions not showing as complete in the learning paths, that has now been fixed. 🙂 🥳

Room: XSS Playground, Task9

The image link is dead.
https://d21ic6tdqjqnyw.cloudfront.net/wp-content/uploads/2013/01/08111203/BlogHeader.png

investigatingwindows - The format should be "YYYY"

It's just a small "bug", but in tryhackme.com/room/lle the image in task 9 got 2 times python3 -m which will cause an error (marked in red).

Hi, I would like to know if someone is having problems with Inferno machine where once connected with ssh or revshell it keeps disconnecting. Is it this behaviour normal?

Yeah got the same problem... quite frustrating to be honest @fiery lark , was it intended?

You don't need to specify a port if you don't want to. I think it uses 8000 by default

Yes guys, I'm sorry but it's intended. There's a reason if it's called "inferno" 😂 😂 😂

it's not a bug

I see... more than inferno i'd call it annoying 😅

I think there is a bug in room https://tryhackme.com/room/linuxmodules
Task 6, Question 2
If i run that command in that exact format, It returns stderr

refresh

thx 🙂

state what the bug is

state which task and question it is too :)

these links in the OWASP Top 10 to the OpenVPN room are not working
just fyi

Hello!
This room
https://tryhackme.com/room/commonlinuxprivesc
on "Task 7 Escaping Vi Editor", on the second question has a bug. The right answer doesn't work.

Hm... Sorry, but after I submitted 4th and 5th answers, the second one accept right answer...

Yup but it seems they don't care about issues with rooms

In Advent of Cyber 2 Day 24 first question
Scan the machine. What ports are open?
i am getting result 80,65000
when i entered it is showing incorrect answer but it is the correct answer

Try 80, 65000 if that helps?

https://tryhackme.com/room/linuxmodules Task 7 (sed) - I think the "Purple Gang" and the "Green Gang" are backwards.

Lol just worked Thanks

In the room bashscripting (https://tryhackme.com/room/bashscripting), Task 6 - Conditionals, using the operator && with [ is not appropriate. It'll work but give an error saying missing ].
Using single brackets, the correct operator for and would be -a imo

Also, the msg variable was probably meant to be used in line 4 and 7? It's unused and could confuse first-time-learners maybe🤷‍♂️

I think that the whole construct is a little bit overcomplicated...a simple 'echo $msg > "$filename"' would do the same.

@steel monolith worth updating that. Get a tester to look at it again when you do though.

yep thanks for bringing that up taking a look now

We care a whole lot, incessantly even. And it's intended functionality, not a bug. See a comment from the room creator: #room-bugs message

Yeah there's a particularly evil script in the root cron

It's possible to bypass though

Bug in the box rick and morty

What's the bug?

Dm

No

say here

U can have all flags just whis strings, cat is block but strings no its a bug no?

@topaz thorn

In learn the linux fundamental part 1 - the room automotically completed the the task and no option to input answers

The goal is to bypass the filter.
Congratulations, you bypassed the filter.

...

You win!

Huzzah!

Closed: not a bug.

Lol

In The New Machine "The Great Escape" http server suddenly went down after few minutes , resetting the machine like twice and it's down .

NVM: it works now

The 503s are not a bug

I think in the room (https://tryhackme.com/room/ccpentesting), it may have an issue at task 18 (Vulnerable Web Application) concerning the last question. I got the table with empty data, no flag.

Table: m**
[2 entries]
+---------+---------+
| m       | v       |
+---------+---------+
| <blank> | <blank> |
| <blank> | <blank> |
+---------+---------+

Database: t****
Table: l**
[1 entry]
+---------+---------+
| f       | v       |
+---------+---------+
| <blank> | <blank> |
+---------+---------+

It's an issue with sqlmap usually

Thank you for your response.
In this case, how can I resolve it ? I'm using the AttackBox.

Don't use the attack box? Try cloning the python script from GitHub?

👍 , I will try it

Machine: Linux Modules
Task 8
Question 3
Says to use verbose flag but the correct answer is without it.

could be the answer tolerence acting up

what did you input?

ls | xargs -I word -n 1 sh -c "{ echo word >> shortrockyou; rm word }"

yeah probably the answer tolerance

did you try refreshing the page?

did someone delete the proof.txt contents for the inferno machine or is it just me? I got root and was able to access the proof.txt flag but nothing was in it

maybe I'm just being stupid but can someone clarify it for me if this is a bug or just a mistake on my part

in task 14 of room nmap the answer is showing that 3 ports are open or closed but it's not accepting as a correct answer

in the second picture I gave wrong answer but it accepted

it doesn`t respond to any command

May I pm you? since we apparently live on different time zones?
Thank you

The flag is in there after refresh.
I guess the tolerance takes it as correct either way.
It got me confused since there was a no way to "fit" the flag in there and correlate with the placeholder.

You are scanning the wrong IP, you did not have the VM deployed.

im still facing with a bug

this issue

#room-help

I given the ip address of Attack box

This is not a bug, you were scanning the wrong IP. This is user error.

ok I got it

i would like to report a presumed bug: in crack the hashes box, task 1.4 the hint says "A lot of tools will attempt to identify this as bcrypt and, well, that's not exactly right. Bcrypt is often cited (at this time) as being very difficult to crack. Try some other formats that start with the letter b, you'll see them in the suggested hash types" but i got confirmation that it is in fact bcrypt and the hint may be revisited to say something like: "try filter your password list by lenght to shorten the cracking time"

Plz state the room with a link

Yeah it is literally bcrypt

The hint is 100% incorrect

https://tryhackme.com/room/crackthehash

@eternal summit

It seems a bit odd but with 20cpus i cracked it in 1 day and 19hours using hashcat's -w 4 switch

good day all, I'm doing the room encryption crypto 101, got to task 9 where it says I should deploy the room "Learn Linux" but it says the room is private. Anyone know if this is a bug? Is there a similar room I can launch to complete this task?

https://tryhackme.com/module/linux-fundamentals first 3 from there

Learn Linux was split into the three Linux Fundamentals rooms

Fixed in the room

when I click the link in crpto101 task 9 it still takes me to that page.

You need to refresh to get the updated version

But it's fixed.

oh nice ty ty

sure

hey there i think i have found a bug. So i have finished the Introductory Networking a couple of days ago and everything is 100% done but it doesn't count as a room completed. I have tried and refreshed the site ofc but the problem has remained for a few days. its not a huge problem of course but it would be nice to get the room completed. Just wanted you guys to know 🙂 but anyway, thank you for an amazing site that i have learned so much on.

Is this in a learning path?

Because it no longer shows the checkmarks in learning paths

i dont know if it is a learning path. would you like screenshots?

!docs verify

You'll need to do that first, but it'd help

okay imma do that brb

so there we go

There's still a question that you haven't checked off probably

i think that should be it? ive cp my discord token to the bot and it say "upp to date"

Yep

does it show now or still nothing? 😦

I can't check on the site, but are all the tasks in the room green?

yes

yes

Huh ok, drop that into #site-bugs

thank you for the help ❤️

Room-Link: https://tryhackme.com/room/mitre
Task: 3, Last question
Bug: Typo (is)

Share badge functionality not working.. any idea?

Hi, I'm working through the 25 Days of Cyber Security. On Day 6 it requires an answer to 'How many XSS alerts are in the scan'. I am sure I answered this correctly, but it doesn't accept answer. It says format is in the form of single digit, so I used the answer both in the tutorial (same as my answer) and then tried every single digit and none work. Is there a bug? While waiting right now I have just run through every single digit (0-9) and it's finally accepted an answer, but it's not the right answer (according to my results and the tutorial by DarkStar). It wouldn't accept any of these yesterday.

Let me check.

The video tutorial provides the right answer to the question (Q5 in the current room, Q6 in the video), but the questions were re-arranged/changed since the video was recorded. @pure urchin

Thanks @glad badger . The answer it accepted as correct was not the same as the video / the actual correct answer (can I say what it accepted?).

And yes to confirm, Q5 in current room.

Room: Fowsniff CTF

"hashkiller" link is dead.

Resolved thanks (: give the page a refresh ❤️

This was evil. Still love you tho. 🖤 Thanks for the room.

incorrect series mentioned in the first task of the new room:
Which ISO27000 families standard can be audited?

Plus it's incorrect as you can audit against multiple iso standards such as iso 9001 etc

Last question is singular. it's A || risk || based appraoch

I’ll tell them to change it 🙂

i am an ISO haha, so this things i know by heart

also if he want's a markdown of that i can give it to him of all the iso controls 🙂

@muted musk ^^

grammar

task 4 has like 5 different formats for the notes :c

grammar again

grammar

I must have been tired to miss all of that

"What mathematical funcition can help to get integrity?" <- function ... https://tryhackme.com/room/iso27001

"Go and read the ISO 27001 doc ;)" hints like this are very poor, please add a link to the documentation. When you want that the users learn to google, then build a "google" machine ...

Exactly I have been confused in several questions since they are not well written

oooh there is an ISO room? imma go and do it e_e

That's the most excitement I've seen over an ISO standard in...ever

+1

+1

task 4, the title "requirements" is also spelt wrong on the iso room

@gleaming shadow ... sry, when the community not can say, the quality of this machine is very poor, than we can close THM ...

room: https://tryhackme.com/room/iso27001

Issues:
Task 1:
1- "JUST THE ISO 27001 CAN BE AUDITED". Wrong more ISOs can be used to audit against depending on the goals and the industry...etc.
2- first question says "What does ISO mean?", it should say what does it stand for. It doesn't mean anything, it is abbreviation.
3- "Which is the objective from an ISMS?", it should be What is the objective of an ISMS. The accepted risk is also questionable.
4-"Which ISO2700 families standard can be audited?", accepted answer is wrong
Task 2:
1- "Also exist two kind of audits methods", should There also exist or something else. This is wrong.
2- "This was not a 27001 room?". Was this not...
3- "but maybe you don't ever will have 27001 audits" ???
4- "Which organization release a guide for remote audits to help organizations in the pandemic" did release a guide?
Task 3:
1- " I going to " I am going to
2- "introduce you to different thing about an ISMS should have considerate when is going into development" ????
3- "he can delegate his responsibility " they can delegate their responsibility
4- "well, that service should be documented and be competent about security" Incorrect, you can still gain certificates without a third party is competent about security. It all depends about the scope of the audit
5- "What mathematical funcition can help to get integrity?" has nothing to do with ISOs but technically correct. And it is function
General
1- A huge part of the room is plagiarized, from this site for example: https://reciprocitylabs.com/resources/what-are-the-three-types-of-iso-audits/ .

the room has been taken down, i will stop with my feedback

Eh?

Not sure I understood that, sorry

"That's the most excitement I've seen over an ISO standard in...ever" <- this was a reaction to your post

that doesn't mean he is the creator of the room, lol

i know

Oh I was reacting to @oblique hemlock

Who was like oooh ISO!

but it sounds like, he disrespect the feedback

Oh it's probably legit

ISO standards are generally dry reads

can be fun if you present them well

Haha perhaps

and if you have a good internal/external auditor

i've been doing for over a year now for the place i work for, a part of my role is to be the ISO (information security officer) so it can be fun and games and looking ahead

but there is also the dull paperwork, policies and stuff that goes into it

Hey all (: thanks for reporting the errors you've found with the ISO room. We've pulled it from being public to work with the creator and to get reviewed

Thanks for doing so 🙂

Yeah, once you have joined it you will still be able to see the room

It's just no one who hasn't already joined it can't now

Hope everything gets resolved!

I love the diversity of THM. But I wish there was a dedicated proof reading team that reviewed the editorial content of a THM room.

I found a room question that is potentially expired today, not a bug though. It is in the Searchlight - IMINT room. The last question wants the user to find the hotel the friend is staying at. The hotel, since the room was published, has closed down and the building is going through renovations. Although the question is still solveable, it takes significatnly more work than i believe was intended.

A recently released room is an example of this — appreciate that the author is likely to speak English as a second or third language, but this is more reason to offer such a proof reading service.

That's what the room testing team does, we can't make everything perfect, all we can do is give guidance towards the creator to help them avoid these mistakes, if we miss anything then report them here it's all human error there is no need for a proof reading team

https://tryhackme.com/room/iso27001

Appreciate some mistakes may be overlooked, but large swathes of text in this room need to be revised.

^

i agree with snkhan, while room testers do a good job at making sure the room content is good, often some of the rooms as snkhan mentioned are structured weirdly/grammatical issues etc. and i think a proof reader who has access to modify the room to correct these (rather than asking the creator to) would be very beneficial to the quality

maybe something like

• submit room for public release
• room tester tests the room (for bugs or wrong information)
• proof reader corrects any formatting issues / grammatical issues etc
• normal release schedule

That's exactly what the room tester does

Have you seen the linked room?

Yes I have it, it was tested

I’ve even volunteered to proof read in the past.

There are font issues in the very first paragraph, and grammatical issues throughout.

Look it's going to be reviewed again

from what i've seen and heard, room testers let the creator know about the issues, but things such as grammatical and formatting are not going to get resolved if for example the creator's primary language isn't english

When it's re-released it will be better

We can ensure you it will have less grammatical issues , I will say part of it is my fault due to me being the original tester and I may have overlooked a lot of certain things, so I can say I am to blame for a part of it due to me not re-checking clearly, so i'm sorry for the inconvenience this has caused

Thanks @topaz thorn, I hope the team can reconsider integrating a proof reading process as part of the excellent suggestion by @sonic willow

#feedback-and-ideas

I’ve sent this feedback (and countless others) via the feedback tool

Yep, in the room docs review we have to ensure that grammar and spelling is correct, I can say that I should have checked better and will try to not make this mistake again, I must have been under stress when testing this room for it to be incorrect like this

No worries @topaz thorn thanks for all your support in room testing, and keeping the flow of machines coming to us 🥰

snkhan, let's not be rude and move on. Please do not try to start any drama, site staff have been notified.

Not trying to be bothersome, just want to check if anyone was able to see my above message

(For the record @slate parrot, I know for a fact that Skidy and Ashu read everything that goes through that form -- like, literally all of it)

sorry for the late reply. it appears difficult to me since using the context clues from the video in the question make the answer very hard. Just searching key buildings nearby do not show the old hotel since it has gone so far removed in the search results. when going through the question, i had to eventually look up old shops in the vicinity to find the answer. not even the buildings directory listed the old hotel. the question is also not posed as a historical question but instead as if the hotel is supposed to still exist. I was only ever able to find the hotel directly if i already knew the name of it.

https://tryhackme.com/room/rpwebscanning
Was just going through this room and got real confused on ZAP question #8. Finished everything else and went searching for what I was missing.
Found it mentioned a while ago in the bugs section #site-bugs message
Throwing it in here as well.

That’s encouraging, it would be nice if there was some acknowledgement of having received the feedback though 😃

i agree ^, i sent a suggestion in about supporting LaTeX because it would encourage people to add more theoretical information security content but I have never gotten a reply. So i just assumed they didn't like my idea, which is fine but would be nice to have it said explicitly.

LaTeX would be hard...

at least in a web context

not really the point i'm making, but sure, even such a reply would suffice. In the content of "hey we saw your message, it is not gonna happen"

they probably get quite of bit, always hard to respond

Hi - I'd just like to report a potential bug - https://tryhackme.com/room/learncyberin25days

• Task 2 (Get Connected) - mentions deploying a machine to test attackbox connectivity - however there is no target machine to deploy for this task.

I've resoled this now ((: good spot @oak mica

nice work, thanks @dusky junco !

Hello I don't know if someone has already reported the bug, if so I apologize for the duplicate. The "Common Linux Privesc" room has problems displaying images in tasks 3 and 4. Is this normal? https://tryhackme.com/room/commonlinuxprivesc

Yep that's broken

@cinder bone did you change your username on github?

is this room broken on task3? https://tryhackme.com/room/sqlilab
i cant extract columns from the table named "secrets"
payload is "',nickName=(SELECT group_concat(id "," author "," secret text || ":") from secrets),email='"

hi is "blue" broken or something m trying to run the "eternalblue" but it sad 'Connection reset by peer'

https://tryhackme.com/room/blue

#room-help

The room is not broken

Update your metasploit

i update it to 6.0.30 v

https://tryhackme.com/room/networkservices2 The link to the bash is 404

On exploiting NFS just in case

Hello, dunno if someone already noticed it but the " Learning Linux " link is a 404 too

https://tryhackme.com/room/malstrings

i update it to 6.0.30v and btw i heared that the problem is in msf6 and it was working fine in msf5 ???

No it's fixed in msf6 now.

I asked you to go to #room-help so please do.

Task 3: Privilege escalation, shell never comes back it just hangs

for Alfred

can someone confirm question 13 from room https://tryhackme.com/room/investigatingwindows3 is working as intended?

It works fine, others have completed the room

hey guys, i'm the kiba room https://tryhackme.com/room/kiba and i'm unable to receive a shell, i read this https://beginninghacking.net/2020/08/28/try-hack-me-kiba-this-room-was-released-today-this-will-get-unlocked-after-3-days-otherwise-you-can-use-the-root-flag-to-unlock-it-thmp___s/ and followed what this writeups says but i'm still unable to receive the shell and gain a foothold into the machine

@mossy zinc #room-help

alright i'll post this there

i tought it was a bug since following what was written in many writeups wasn't working

Picture in Task 8 isn't loading, all other pictures in the room work fine https://tryhackme.com/room/rppsempire

https://tryhackme.com/room/dockerrodeo

Docker does not seem to able to start.

https://i.ibb.co/JK5s387/againandagain.png

!docs verify

Is this intended for me?

Yes, because currently you can't embed images.

I'm okay with that.

Your Docker daemon shutdown/started up too quickly after the changes

did you simply restart the service or stopped and started?

I did wait more than a minute. Stopped and restarted it.

'Started it'.

Mhhm interesting

Only thing I can recommend is restarting your PC -- if not, use the attackbox (:

I'm sorry, but this is the Attackbox ^_^

Oh it is?

That's not good ahah

Okay -- lemme take a look into that Coldlip

Sure, thanks 🙂

What i tried:

• Waiting 60+ seconds for startup
• Reset both the room and Attackbox
• Change the configuration from docker-rodeo.thm to docker.thm in both HOSTS and the configuration of Docker.

I just gotta catchup on a few things w/ work so it'll be ~20 mins before I can start investigating

Awesome -- thanks so much for debugging that

Sure, i'll just give this another try and see if i can start it with increasing delay, or debug it. Ill keep you posted 🙂

Appreciate that! I'll get to debugging it myself when I can (:

@dusky junco I made a video which shows the bug, perhaps i can DM this to you?

Sure! I'll open my DM's (:

Should be good to send @wheat fractal

Hey, I'm trying to do The Great Escape box I have the backup api's location but when I'm trying to request it using the current active api (exactly like writeups and John's video showed) I dont get the 400 respcode.

I only get

An error occurred: api-dev-backup
                Response was:
                ---------------------------------------
                <-- -1 http://api-dev-backup:8080/exif?url=http://localhost
Response : 
Length : 0
Body : (empty)
Headers : (0)

I dont know what to do. I waited for the box after a redeploy for like 15min but it's still not working

we're looking into it, it seems to only affect the free tier for some reason

My scan gave 2.

Hey all, for users who have had issues with https://tryhackme.com/room/thegreatescape we've increased the resources (doubled the amount of RAM) that the instance that you deploy has.

You'll need to terminate the instance that you've got running in the room currently and refresh the page to ensure the changes reflect for y'all (:

(Please remember to respect the rules regarding the non-disclosure of sharing hints/giving answers/asking for help)

Any further issues please let us know! ❤️

can confirm, boots up much faster

Answer tolerance, refresh.

Not a bug but after chmod 544 .profile
Shouldn't be
-xr-r--r--
?

Task 15 Learning Linux Part 2

I'm talking about .profile permissions

you need +w to be able to redirect into the file

544 is an odd permission

more common are 644 (rw for owner, r for all others) or 755 (rwx for owner, rx for others)

you could always go 777

777 is overkill and you know it

I'd treat that as a firable offense as well

I have worked with a few people that have done that in their home

they are wrong

unless you want a security hole the size of an A380

or a 747

btw 747 is also a stupid permission, don't use that either

C130

point stands

so what are you trying to do, @jade raft

ah I see,

permissions are generally displayed as rwx rwx rwx

the numbers in chmod are in octal (base 8)

if you translate to binary, 544 -> 101 100 100

meaning r-xr--r--

Y I mean that screen I posted is what they show on lesson..
I think there are something wrong after in the example the author use
chmod 544 .profile
In the line where u see the green .profile I think the permissions should be -xr-r-r-- and not -r-xr--r-- as appear in the screenshoot above

so r is the 4's place, w is the 2's place and x is the 1's place

naw the screenshot is correct

@jade raft
https://muirlandoracle.co.uk/2020/03/05/unix-file-permissions/

and the handy blog post with pictures 😛

Is room the great escape still broken? because it seems that docker daemon is down 😦

Do you know in which port the Docker is running?

is the site accessible?

generally it's on 2375 or 2376 by default

ah sorry, misread

Yes I know but not in all

Internal pentesting room-bug

I'm trying to login into a site but i keep getting "hmm. We're having trouble finding that site"

It's a login page. I found it. But when i try to login to it ,it doesn't even show a wrong password error ,it simply redirects to we can't connect ro the server at internal.thm

After i click the login button it redirects to a dns "internal.thm"

It redirects from an IP address to dns

I tried to check what's the problem by intercepting with burp

Apparently there's a "redirect_to" command right after one clicks on login button

are you trying to login to wordpress?

Yes

I am @verbal sedge

on this page?
http://internal.thm/blog/wp-login.php

Yes

working fine for me

Damn. Why isn't working for me .

have you added internal.thm/blog in your /etc/hosts?

Yes

Lemme see

But i remember doing that

OWASP Top 10 - Task20 - Q5 Keep getting the same pop-ups the 2nd with the answer, but that is not accepted as an answer. Can't get anything else from it, so? Anybody have a suggestions?

@balmy kite you'll probably get better feedback in #room-help if you haven't posted there already

New here. Have to learn how it all works. Thanks. I have a look there.

I'm having issues on the Intro to Django room. Tried reaching out to the room creator but can't message unless I'm their friend and they aren't accepting any more requests. Anyone friends with @next bluff ?

Swafox is unavailable at the moment. Please state your issue:)

I was having issues with the lab and went to their GitHub where they listed exact code to make the lab work. I've used that code verbatim and am still having problems. The instructions state browsing to http://127.0.0.1:8000/Articles will show your app running. I get error 404. Same with 0.0.0.0:8000/Articles. Also in the instructions they show some code that will generate a "Hello World" upon visiting the URL that your app is at. Unfortunately they do not tell you where you're supposed to place this code to generate the response. Like I said, my code matches what they had posted on GitHub perfectly.

Another small issue with the lab is that the code they have posted on GitHub is not exactly what they have you do in the lab. I've taken screenshots and notes on the differences if that would help.

As a side note, please don't try to DM people without explicit permission

!rule 1