#room-bugs

is there any problem in
https://tryhackme.com/room/alfred#
i can't get shell via nc ?
i try the hint but also no shell

the ps1 already upload from python3 -m server.http

I've noticed an issue with this room: https://tryhackme.com/room/lfibasics
Did a bit of a search in #room-help and noticed a couple of people experiencing the same problem, but no solutions.
The problem is with Task 3 when accessing the log file at /var/log/apache2/access.log
I'm getting a 500 status code as it seems that the page is missing. I went as far as to find some walkthroughs (just to make sure I wasn't going completely crazy), and the url I am using is correct according to the couple I looked at.
I don't know if this can be fixed, or if the relevant people are aware of it already. But I thought I'd make it known to be sure.

Hey everyone! On the room uploadvulns (https://tryhackme.com/room/uploadvulns), I am having internal server errors every time I try to upload files (png, PHP, whatever)

Even with correct extensions (due to script filters) I can’t upload

Well that's a new one

Could you explain exactly what you're trying?

(cc @fast bear -- apologies, didn't realise this was back a bit 🙂 )

Yes! On the task 7 (bypass client side filtering) I am trying to upload a png file in the Java.uploadvulns.thm as normal (clicking on the site buttons and selecting a simple png file to upload)

But it gives me the 500 error

The same thing happens for the task 8 and 9 when I try to upload a simple image (png) file

Checking now 🙂

Weird

That's worked for me

Same with task 8 for that matter

Could you deploy a new instance of the VM and see if the same thing is happening @fast bear?

Trying again 🙂

Now it is working!

Thanks - rebooting is always the answer

Hi, i want to share a problem in room/bashscripting, Task 4, Question 1: How can we get the number of arguments supplied to a script? Question 2: How can we get the filename of our current script(aka our first argument)? Hint: "This is using the $n feature we looked at" <-- This Information was not given to me as no-premium-user(yet)... Only Google helped me... This Task could need a improvment by adding a deeper Explaination of what $ can do, because although I answered correct Im still confused about the function... I have a clue about it but surely others could have a bad time searching for this particular two answers. Also in the last Question: " What will the output of “echo $1 $3” if the script was ran with “./script.sh hello hola aloha” " is a missing word "do", a incorrect grammar. I hope this Report will help maybe...

In the Active Directory Basics room, task 5 is this sentence: "The type of trusts put in place determines how the domains and trees in a forest are able to communicate and send data to and from each other when attacking an Active Directory environment you can sometimes abuse these trusts in order to move laterally throughout the network." I think there should be a period in between other and when.

I'm having the same issue. I guess it's time to redeploy the VM.

Just as an update to my previous post,. I tried again today, this time from a different computer, and now I am able to access the file. I'm not sure if the issue was on my end, or if it got fixed overnight on the back end, but everything seems to be working fine now.

Complete Beginner Path - Nmap - Task 14 - Question 1
The correct answer is "N", but as you can see in the screenshot, the host is responding to ICMP requests

ping 10.10.83.239

You didn't check if it was responding to ICMP, you checked if it responded to any of those (assuming you were running as root)

Didn't run it with root, so it only sent the SYN packets. Thx and sorry for the false claim!
Strangely the host seems down if I run the same command as root. Shouldn't it be up too, because besides the ICMP echo, ACK packets and ICMP timestamp request, the SYN packets get send too?

Gave +1 Rep to @eternal summit

¯_(ツ)_/¯

So the best way to determine if a host responds to ICMP packets is by using ping?

ping sends icmp echo requests

It determines if it responds to icmp echo requests. It doesn't check other types.

Thx

https://tryhackme.com/room/brainpan
no flags?

Correct, no flags.

Site: https://tryhackme.com/room/networkservices
Module: Network Services
Task: 3
?Error: Picture (https://image.flaticon.com/icons/svg/2879/2879093.svg) doesn't load.

I've not necessarily got a bug, more of an inconsistency in what was asked vs. what the answer was in a room, is this place still alright for that?

Aye, go for it 🙂

awesome

On Phishing Emails 5 https://tryhackme.com/room/phishingemails5fgjlzxc
Question 1 gives you an incorrect hint. The answer is actually in US format and also it expects you to enter a yyyy rather than yy

Interesting that one. When I right-click the image and want to view it I see this

hey, I think there is a wrong answer for the question in https://tryhackme.com/room/investigatingwindows
The said question is "At what time did Windows first assign special privileges to a new logon?"
None of the answers seem to be correct

room thefindcommand

should be

find / -type f -perm 004

wording is a bit werid.
could mean anyone can read, but not above, group or owner can be any permission.
Then it would be impossible to do since - is inclusive and / would return false positives with group or user permissions.

for example

rwx r-- r-x file1.txt

would be returned for find / -type f -perm /444, which is clearly a file not meant to be found by the criteria in text form.

sure, that permission makes no sense, but the point is the same.

004 is not readable by everyone though

https://tryhackme.com/room/networkservices task3 , img element not working ...

same img error in task4

of that same room'

hi guys, i was trying out the internal room(https://tryhackme.com/room/internal) and the static resources are not loading for me(GET http://internal.thm/blog/wp-content/themes/twentyseventeen/assets/js/jquery.scrollTo.js?ver=2.1.2 net::ERR_NAME_NOT_RESOLVED and many other) could someone help me out if this is a problem on my end...

This is indeed an issue on your end

Or more accurately, something you haven't done.

okay thanks for replying, i will try a different path then😃

Update: found where i was going wrong, Thanks @eternal summit

https://tryhackme.com/room/puttingitalltogether

Not sure if this is actually a problem, but under "How Web Servers Work" one of the example web servers is simply "NodeJS", shouldn't it be something like express.js?

Nodejs can run a webserver. Express is just a framework for node.

Oh I see, my bad. I thought express was used to run the web server itself.

Is it not still a package within NodeJS?

Inbuilt or otherwise

Probably ¯_(ツ)_/¯

Nmap Post Port Scans Task 3

Run nmap with -O option against MACHINE_IP. What OS did Nmap detect?
You can get to the answer with -sV and not with -O as suggested.

not a bug, -O is the 'official' way to run operating system detection
https://nmap.org/book/man-os-detection.html

Correct. But the instruction is to run an -O test and to answer the question with that, but it does not show the answer to that question!?

ah my bad sorry i didn't read your ss properly

Network Services 2 > Task 4 > run ./bash -p

Any help with this issue, i've restart everything but no luck.

Not a bug. You've downloaded the website and not the binary file.

Ahh okay xD

ty @wheat fractal

Gave +1 Rep to @teal ledge

That's _asnwer tolernace_😄

Room: https://tryhackme.com/room/bpvolatility
Task 4 doesn't have a download link attached.

Could be fixed by maybe including the hash in hint.

room: https://tryhackme.com/room/walkinganapplication

Task 4's flag is impossible to see for screen reader users.
Don't get me wrong, the task is doable enough, and the objective can be completed without issue, but the way the flag is a generated css background image makes it impossible to reach or read for assistive tech which means these users can't progress even if they get the approach right.

room: https://tryhackme.com/room/vulnversity
Task 4 first question. All files I tried to upload to the target machine's upload page were blocked regardless of extension. I'm assuming image files should have been ok and that possibly PHP files would be blocked.

I'm pretty sure it's a whitelist with the correct extension, not a blacklist.
It's working as intended.

well I cant see how I can answer the question if I cant deduce the common extension thats blocked if they are all blocked. That was why I thought there was a bug with the room. I'll keep trying 😉

It's a webserver that runs PHP.
As a pentester that's found an upload form, you'd logically want to upload a certain file type.

Can someone take a look at this question, did I spell it wrong?

Room name : Nax
Görsel

MSF changed the exploit name/path

Yes, this is a bug, but the room creator is inactive

okay thanks ı found it

Gave +1 Rep to @eternal summit

On the room solr in the Discovery part (task 3) it says to visit it, but to see the web interface you need to add /solr at the end which is not mentioned.

It is common for the attackboxes to access the web ? Shouldnt this be disabled?

Might be that i've just not tried browsing the web through the attackboxes before

Nevermind seems to be allowed, i just never use the attackboxes so it was a surprise to me 🙂

if you are a subscriber your attackboxes can access the web and it is allowed and encouraged and used for some rooms... if you are a free user you can not connect to the web through the attackbox and that probably covers the liabilities with this potential problem

hello, I found the answer to the question in this room, but every time it says wrong, I think it's a bug, I would appreciate it if you could help me.

https://tryhackme.com/room/malresearching?__cf_chl_rt_tk=WE5_OtRoYxGcuCsm_VcbegwebmDIuITE4BsT.4SezpI-1641824280-0-gaNycGzNCSU

4 task 3 Questions

https://any.run/report/c378387344e0a552dc065de6bfa607fd26e0b5c569751c79fbf9c6f2e91c9807/3363fde4-111b-4aaa-b73d-e4144433c284

even though this is the answer it says wrong

reply:
16/09/2019, 13:54:48

Hi
in room https://tryhackme.com/room/xss
And task 9
An image is missing

Hey all, I'm not sure if it's a bug per se, but I did find an unused flag in https://tryhackme.com/room/walkinganapplication , title acmeitsupportv10 . Not to get into too many details without spoiling the room for others, but it's after you have the ability to log in to the framework. It doesn't look like the flag's used for any of the tasks.

iirc the box is reused in other rooms in the module 🙂

A-ha! Getting a bit ahead of myself, then. Cheers!

Am I the only one who cannot access the http://machine_ip:8983/ address in
https://tryhackme.com/room/solar ?

Have you start the target machine?

http://machine_ip:8983/ is something that is there until the machine is started, the machine_ip part will get replaced with the machine ip when it has started, so for example if the machine ip is 10.0.0.0 then the link on the page will end up being http://10.0.0.0:8983/, and this is the same on every machine.
Also don't forget to connect to the vpn if you are using your own computer instead of the attack box.
(This is because the ip is not the same all the time because every user has their own instance of the room, this is also why all the progress on the machine resets when you terminate the machine and start it again)

Hi.... on room "Python Basics" Task 8 ... I can't seem to get the flag to pop

Hi! On https://tryhackme.com/room/bufferoverflowprep#.
'Type "HELP" and press Enter. Note that there are 10 different OVERFLOW commands numbered 1 - 10. Type "OVERFLOW1 test" and press enter. The response should be "OVERFLOW1 COMPLETE". Terminate the connection. '
Doing OVERFLOW2 test doesn't change and it gives the same params as OVERFLOW1

Room: https://tryhackme.com/room/kuberneteschalltdi2020
Problem with VM loading up with only port 22 open, tested multiple times and still stays the same.

Room Red Team Threat Intel - https://tryhackme.com/room/redteamthreatintel
Task 7 Question 1 is not requiring the flag to complete. Intended ?

It seems to have been fixed

Fixed. 👍

Does anyone know if the kubernetes instance on Kubernetes Chall TDI 2020 is messed up? Doesn't seem accessible to connect to and I had someone else try it and they said they couldn't reach it either. Doesn't show the port it should be on in any scans.

For the love of

Hey, thank you so much for replying. But yes I used the IP which was assigned to the attackbox. Still I wasn't able to access.

Gave +1 Rep to @strong arrow

I reported it so much but couldn’t seem to get an answer!

That will be the wrong IP.
The target machine and the attackbox are different and have different IPs

Yes, I saw your post here. I submitted via feedback on the site, and just came here early this morning to see if anyone mentioned it (first time here) and saw you posted but no response. I DM'd someone on the site to have them try it and they also couldn't connect to the kube. I've tried it five different times on three days since sometimes restarting the machine works after waiting a bit.

Were you conected to the vpn?

Ill try it! Thanks!

Gave +1 Rep to @coarse trail

Well, not saying it is working. I haven't tried it again in a few days. I was planning on trying it again today, but if you're going to, post here and let me know if it finally worked for you, if you could be so kind and have the time.

@dense garnet @coarse trail it's being investigated

Cool, thank you for letting us know!

Gave +1 Rep to @eternal summit

Thanks James!

Gave +1 Rep to @eternal summit

Room - Linux Priv Esc
Module - Privilege escalation Sudo
Bug - Got the flag without privilege escalation

Yes.

Wait... did you use the ip for the machine or for the attack box?

How can I get the permission to share attachment here?

idk

get verified maybe?

btw try adding /solr/ at the end
so it would be https://machine_ip:8983/solr/

Okay let me try

!docs verify

Thank you very much :)

Gave +1 Rep to @teal ledge

Thanks!! it worked :)

lol I had the same issue earlier

Hehe okay 👍

Should we submit typos and such here?

Could, I guess. Let the room creator know.

Just tag them?

Not sure if this was intentional or not but in the ZTH: Obscure Web Vulns room under task 4. The two questions seem to use the wrong syntax for the payloads.

The first accepts:
{{config.__class__.__init__.__globals__['os'].popen(/etc/passwd).read()}} but it should be {{config.__class__.__init__.__globals__['os'].popen('/etc/passwd').read()}}

The second accepts:
{{ ''.__class__.__mro__[2].__subclasses__()[40]()(/home/test/.ssh/id_rsa).read()}} but it should be
{{ ''.__class__.__mro__[2].__subclasses__()[40]('/home/test/.ssh/id_rsa').read()}}

Paradox doesn't seem to be in here, though I think you can send a message on THM itself.

I tried clicking on his username at the bottom of the room but didn't see an option to message.

Oh

RIP

shrug I tried!

Maybe its a clever way to get people to RTFM. 😄

That's answer tolerance

Fair, they also don't seem to work in the lab without the changes I mentioned.

Yeah. That's answer tolerance for you.

It's not something room creators have control over

Oh, there's a set/default tolerance?

There's a tolerance that room creators have zero influence over

That explains some of my typos that have been accepted as right answers.

x% wrong or whatever

I probably wouldn't have mentioned it at all but that extra '()' in the second example is misleading. It's also included in the instructions.

Now that is a bug that can and should be fixed.

Woo! I did a thing.

+rep @mint orchid

Gave +1 Rep to @mint orchid

Cyber Defence Path / Cyber Defense Introduction / Network Services / Task 3 Enumerating SMB first image is not loading.

Tried 2 browsers... Am i missing something important from that pic, does anybody now?

May be your network. My work network doesn't load any images from the tasks. Can make doing the rooms a little harder, but not too much so.

You're probably not missing anything vital.

If you get truly stuck, you can look at a write-up for the missing info

I'm from my home network it's not blocking it other images in other tasks or rooms load without problems. I will go with it and will search for it if i get stuck of something you are right.

Found another one in another task in the same room.
Task 4 Exploiting SMB

Nothing important, just icons or whatever

It's a bug with the image host rather than the room, they should be removed

Ohh understood thanks do you want me to remove the messages also from here?

Gave +1 Rep to @eternal summit

No reason to

In the 'common linux privesc' room, Task 9,
Let's go to user5's home directory, and run the file "script". What command do we think that it's executing?

When I execute the script I don't think it is using the command it is supposed to. (I am trying to avoid giving the answer).

My mistake, script runs /usr/bin/script. We need to run ./script

is that /room/linuxprivesc or /room/linprivesc?

https://tryhackme.com/room/commonlinuxprivesc

Oh, a third similar room. Don't think I've seen that one yet. Thanks 😄

Ah, that one is on subscriber track. I was waiting for next pay to subscribe.

I thought all hackers/wannabe hackers wear rolex and drive lamborghinis?

Then you thought wrong 😛

Room: windowseventlogs Question: "Execute the command from Example 7. Instead of the string Policy search for PowerShell. What is the name of the 3rd log provider?" -> Should be: " ... from Example 8" // EDIT: Actually, I think, the wording in that question is not clear, command from example 7 seems to be ok, but it should be changed a bit. The part "Instead of the string Policy" is confusing, because it looks like the author is referring to example 8

In room Phishing 3, under Phish Tool. It says "The right pane will show if any URLs were found in the email. In this case, no **emails **were found." It should say "The right pane will show if any URLs were found in the email. In this case, no URL's were found."

In room Phishing Emails 3, Phishing case 1... It asks about the shortened URL. The shortened URL is|| hxxps[://]t[.]co/yuxfZm8KPg?amp=3D= or hxxps[://]t[.]co/yuxfZm8KPg?amp=3D1. It accepts hxxps[://]t[.]co/yuxfZm8KPg?amp as the right answer.|| The best option is to modify the email to make the shortened URL's match, then modify the answer.

in room Simple CTF the exploit CVE-2019-9053 give me random salt password username and email and password every time i run this exploit script.

this is the correct answer but it doesn't accept room name : windows priv esc task :16

You typed an l instead on an I after Se 🙂

Damn ambiguous fonts

Wait, wouldn't answer tolerance accept that?

İ did it thank you 🥺

Gave +1 Rep to @glad badger

It should but I wonder if they misspelled privilege too

They did not

Hi
https://tryhackme.com/room/nmap03

In the "Nmap Advanced Port Scans" room

I think the stateless (non-stateful) firewall cannot check the TCP connection state.

Stateless can't inspect the packet, but it can see the flags and uses SYN to determine incoming connections. Those packets would be filtered against an ACL or list of rules.

So it means the stateless firewall can inspect the tcp packet header and apply the ACL rules

Yeah, wouldn't be able to do anything if it couldn't inspect the header. That's where the src/dest MAC/IP, the packet type, etc etc are.

Yes right

Actually i think this kind of scanning evasion technique is targeted the capability that some kind of firewall can detect the TCP port scanning just base on the TCP flag SYN and ACK. But if the firewall is stateful this evasion technique will not work because the stateful firewall can detect the TCP port scanning base on analyse the connections state. So it only works for the stateless firewall.

For a stateful, if I remember right, it looks for pre-established sessions. Whenever a host inside the network establishes a connection to a host outside, that connection is remembered and related traffic is allowed. But if a host outside tries to establish a connection to a host inside unprompted (with a SYN packet), it would be blocked.

hellooo, I'm new <3 So I'm going through Vulnversity > Task 3 > What is the directory that has an upload form page? and I realize I don't know how to see the various GoBuster wordlists in order to use them on the target IP. I eventually check out a write up on the box and see they were told a direct link to a wordlist to use ||/usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt ; full command being:
gobuster dir -u http://<ip>:3333 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt||, which was not listed in the room for me. Was I supposed to go do some independent research to find a wordlist address (/usr doesn't exist in the AttackBox, unless it does and I just don't know that yet) ; Secondary issue with this task was that the page didn't load for me (slow internet connection issue?) and the ||index.html|| page was the one which did load and showed the upload form page to me. Again, I'm new so there's probably stuff I'm missing. Thank you for your help and advice <3

The AttackBox uses Kali, and does have that directory. Double-check your spelling. Once you get a scan started, the valid directories should come up pretty quickly.

To make sure I'm not spouting wrong info, I'm firing up an AB now. I usually use OpenVPN, so I may be wrong.

they did though I had to go search the internet for a wordlist path (before I looked up the write up); This is usual, yes? We're given some information, but not hand held all the way so I'll have to go and research and learn?

❤️

Yeah alright, it is at /usr/share/wordlists

Yeah, basically. For this situation, that path is the standard path that Kali stores pre-loaded wordlists, which come with the distribution. You can always put wordlists somewhere else and use that path instead, or make a link to that directory to make it easier to access. There's multiple ways. Kali is a very popular pentesting distribution though, and is usually used throughout the rooms as reference.

ok, so where I fell off the wagon was navigating to be able to see/find the /usr/ directory and further investigate wordlist options on the AttackBox. After investigating the wordlists available, really any choice would get the target IP directories on the ||3333|| port, showing me what I could type into the browser to find what the question was looking for. (Does this all sound correct?)

Secondly, ||index.html|| may have been the page where the upload was, but the question was asking for the directory that page was inside, so fiddling with the output cl request would have shown me that ||index is inside of /internal/||. Also correct?

I wouldn't say any wordlist. There's different wordlists for different purposes. Some for guessing user account, some for guessing passwords, some for fuzzing webapp input; the list goes on. For directory enumerating, the wordlist you used was a good one, as well as most of the wordlists inside the /dirbuster directory.
Yes, if I remember right, your second point is exactly right.

sweet. Thank you so much! :D

Gave +1 Rep to @simple shell

No worries. As you go, you're gonna get familiar with a bunch of tools and resources for pentesting. There's tons of them out there.

nice. :) Enjoying it so far. Reminds me a lot of the labs at my school. I lie in wait for my next attackbox hour to come, lol. I thought I could get two hours if I did one at 10:30, then another at 12:05, you know, like it's the "next day", but that didn't work tonight

I think it does it on a rolling 24-hour period. So 24 hours from when you first fired it up.

OpenVPN is free though and has no time limit.

My Active Machine doesn't care how long I go for? only the AttackBox has the one hour limit??

Active machines load with a 2-hour time limit, but you can add to it at any time.

gasp

Thank you!!!

Doesn't help you if you can't access it though.

true... hmm and I would want to access it from Kali with OpenVPN, wouldn't I?

If you're enjoying it but aren't convinced to get a subscription yet (20% off with a student email), using OpenVPN with your own VM/box is the way to go.

Yes

I see.

Kali is free and really easy to fire up in a VM. You can be up and running inside an hour.

Well, maybe 2. Time for things to go wrong. Something usually does.

heh, true

okay, thank you for all the advice (You're 100% correct, I should do the kali vm and Openvpn) ❤️ 👍

the questions in task 6 - shodan.io from passive reconnaissance are not up to date

except for the second question about apache port

In SQL Injection, Norwich's postcode area is NR not N. This might be intentional...

Does it affect the tasks or makes the room impossible to complete? 🙂

Has anyone resolved this bug- https://tryhackme.com/forum/thread/6015c96e548b1546dc7e1f68 ?
At first it returned "superman" for me, now hydra is returning 14 false passwords

https://tryhackme.com/room/corp

Last task is asking for a renew of the password

Unfortunately i cannot even renew the password due to a bug on xfreerdp which cause the "(" in the password to not be input in the Windows login password changing box

So cannot login to the administrator session to receive the flag

I tried with different RDP client without success regarding the "("

Broken link in https://tryhackme.com/room/googledorking
http://googledorking.cmnatic.co.uk/

For LinuxFund3 on Task 4, it should tell you to open a new instance of terminal to wget after you open the webserver.

@dusky junco

Will look after Uni ta @bitter lantern @obsidian kiln

Aloha There, could someone of the staff have a look Mr.Robot room??? it's running really slow thanks in advance

In the Yara room, task 10, it walks you through generating a new rule for a suspicious file. The task assumes the yarGen will make a rule file with only 1 rule, but it actually creates 5 rules. The following questions follow the same assumption of only 1 rule; the fact that it's 5 makes answering them harder. Not impossible, but more difficult and potentially misleading.

Has anyone noticed that in windows forensics 1, task 4 question 5 is missing? If you read through it tells you to use network interfaces and past networks to answer question 5, however question 5 relates to a guest user uid.

Hello i've just completed Introductory Networking room but i've noticed that it didn't give me any points from the answered questions is that normal ?

The attackbox really does not like the python2 script needed for https://tryhackme.com/room/easyctf . I was able to install missing python2 modules after I downloaded and installed a python2 version of pip, but the script doesn't want to run as designed. FYI, pip won't support Python2 after Jan 2022. I know it's an older room, but it might need looked at.

room: https://tryhackme.com/room/phishingemails5fgjlzxc
Task: 1, question 1
Bug: Wrong format in the question.
Should be: mm/dd/yyyy hh:mm
It's June folks.

could also be that it accepts both as the correct answer as a safety catch

THM is stationed in London, where they use dd/mm/yyyy. So, it's the correct format.

I say everyone should use ISO 8601, but no one cares what I think, so I shrug and deal with it.

Thank you for reporting. I've forwarded it to the content developer. 🙂

Gave +1 Rep to @jade plinth

Ohhh I see what he's saying. Oops.

I'll just walk away in shame.

agree heavily with this... why can't such an old international standard be followed more often

This is going to be the case for thousands of exploits, it's an infosec problem that loads of people will face.

Room: https://tryhackme.com/room/kuberneteschalltdi2020
Still doesn't work, hasn't been fixed in a couple months, Thanks!

Including that room! :)

it's not accepting both

ok, but correct answer is June 10th, not October 6th

hey yes this has been raised since you (mostly as a result of you) reporting it as a point of action / query to the creator as to whether or not it needs changing (:

hey ((: I believe this has been changed to reflect the answer that you're expecting now. Can yo utry and let us know please? 😄

It's correct now, thank you very much for fast response :)

Gave +1 Rep to @dusky junco

sweet sweet (: glad it's all good. I'm a small cog in the machine of getting it fixed 😄

This old typo is still present on the room.

any update?????

?

That's a very old room. One of the oldest.
It runs wordpress. WordPress is heavy. It's hard to get good performance out of it.
The room is completable either way.

other rooms run wordpress as well and I haven't had that issues, so because that is old room it's not and enough excuse to improve it or have a look what is wrong, even more for the people who is paying a subscription. you say that it's completable but what waste of time just running hydra :S 😦

Oh, the hydra issue is something else.
You didn't remove duplicates.
Remember that mods aren't site staff.

That room just outright needs removed.
I suspect the abnormally high resources it requires come from the way WordPress is installed. It might even be running with a desktop environment iirc, which won't be helping.

But yeah, reverse the wordlist if you want to get the password within the 5 minute rule

I did remove duplicates, I just mentioned as an example no focus on that.... but in general that room not stable at all to perform the attacks to solve it... I don't wanna waste time

@glad badger Mr Robot... again :)

Hi there seems to be a problem in the Splunk 101 room on the cyber defender path. the answer for Task 6 question 1 is different than what the external site is giving

I tried some different things but can't find the intended answer

But it should be very straightforward

Room: https://tryhackme.com/room/inacave
the room is supposed to display a || deserialised || output in a few directories but doesn't, this leads to the room not being exploitable at all.

I managed a work around, but had to use the writeup for it

The windows Forensics 1
Task 7/ 1st question
The Kingston serial number
If you type the correct 26 digits 😑
The answer will mark as incorrect
After half an hour, of trying
I replaced "8" with "B" and I got correct answer
The right answer from the screen shot provided by the room is
1C6F654E59A380C179D366AE&0
The change I have to make is
1C6F654E59A3B0C179D366AE&0

This has been raised internally, it's some weird scaling making the image look weird

I'd suggest to save the image, load it into an image viewer, and zoom in. 🙂

Room SoMeSINT: https://tryhackme.com/room/somesint

Task 4, 2nd question requires to search the "shadowban API" using the shadownban.eu. Unfortunately it seems that the shadowban website has shut down permanently so now the only way to complete this task is to read the answer on a walkthrough.

Still on the same room above but on task 6, question 5:
We are asked to find some information that is in a ghostbin link. The link doesn't exist anymore so it doesn't work.

Link in question is the one mentioned on the image below.

Hello

There is problem, the room CC Pen Testing

For smbmap one answer will not be marked as correct and same for smbclient. Also the database 'tests' on the room VM the tables are both empty - there should be a flag in one of the tables

[15:46:08] [INFO] retrieved:
Database: tests
Table: msg
[2 entries]
+---------+---------+
| m | v |
+---------+---------+
| <blank> | <blank> |
| <blank> | <blank> |
+---------+---------+

[15:46:08] [INFO] table 'tests.msg' dumped to CSV file '/root/.sqlmap/output/10.10.127.71/dump/tests/msg.csv'
[15:46:08] [INFO] fetching columns for table 'lol' in database 'tests'
[15:46:08] [INFO] used SQL query returns 1 entries
[15:46:08] [INFO] retrieved: flag
[15:46:08] [INFO] retrieved: varchar(100)
[15:46:08] [INFO] fetching entries for table 'lol' in database 'tests'
[15:46:08] [INFO] used SQL query returns 1 entries
[15:46:08] [INFO] fetching number of entries for table 'lol' in database 'tests'
[15:46:08] [INFO] resumed: 1
[15:46:08] [INFO] retrieved:
[15:46:08] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)

[15:46:08] [INFO] retrieved:
[15:46:09] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)

Database: tests
Table: lol
[1 entry]
+---------+---------+
| f | v |
+---------+---------+
| <blank> | <blank> |
+---------+---------+

[15:46:09] [INFO] table 'tests.lol' dumped to CSV file '/root/.sqlmap/output/10.10.127.71/dump/tests/lol.csv'

No, there's a problem with SQLMap. Update your SQLMap.

OK i will try - I was using an attackbox

And the 2 questions ? Task 20 Q9 and Task 21 Q3

DM me what answers you're putting.

try-hack-me-advent-of-cyber2-day-1-web-exploitation is full of unsolvable traps, I cant be the only one having massiv timeloss, running into incredible stupid issues tht teached me nothing

Hey I am having some trouble with a specific machine on CC: Pen Testing.
ITs for the SQLMap section.
I've tried a load of things but eventually resorted to walkthroughs but im still not getting the flag.
All i am getting is this

Database: tests
Table: msg
[2 entries]
+---------+---------+
| m       | v       |
+---------+---------+
| <blank> | <blank> |
| <blank> | <blank> |
+---------+---------+
Database: tests
Table: lol
[1 entry]
+---------+---------+
| f       | v       |
+---------+---------+
| <blank> | <blank> |
+---------+---------+

I can share the SQLMap commands I have used if needed

Update your sqlmap

@dusky junco I think it needs updating on the attackbox because there have been two people complaining about this today

I've also lost a lot of my hour due to this. If there is anyway to get some of that back 😕

sqlmap is already the newest version (1.2.4-1).

Update does not seem to help

root@ip-10-10-251-220:~# apt install --only-upgrade sqlmap
Reading package lists... Done
Building dependency tree       
Reading state information... Done
sqlmap is already the newest version (1.2.4-1).

Newest, not newest in apt

I've got an issue in the Splunk 101 room, task 7. I enter the search as directed, but receive nothing in the statistics or visualizations tabs. Its definitely seeing events, but EventID is not registering as a valid search term. Any ideas?

Room: https://tryhackme.com/room/yearofthedog
There seems to be an issue with the user login. I got the password and tried it with the according user against both of the services, but it doesn't work. When looking into the write-up, I see that I did what I was supposed to do. But it doesn't work :/

NVM, spotted my mistake: Was a layer 8 problem, again

https://tryhackme.com/room/corp, doesn't anyone else having issues on the machine after running RDP? also running Invoke-Kerberoast.ps1

Room : https://tryhackme.com/room/passiverecon
Bug : In the summary, Shodan.io service name is misspelled as "Shodian.io"

I think my linux fundamentals part three is bugged, it wont give me the ip i need to check the var logs

need a refresh aparently

You don't share instances.
Bear in mind that you need to look in the files you have read privileges for

thanks

Fixed. Thank you for reporting. 🙂

Gave +1 Rep to @pale venture

There seems to be a problem with the Splunk 2 room. I cant get it load the splunk instance.

I will appreciate it if someone checks this particular room. It is part of the Cyber Defense path, so I believe it is quite popular.

Linux fundamentals part 2.

I have already done this task, task 2 but for task 5 and other task in this part I need to log in. Password is correct, it's in the task 2 explained.
But didn't work,
so I terminated the machine because I thought maybe restart will help but attackbox can't be open anymore because non sub can only 1 hour a day. But I was only for 10min in the Attackbox. I thought this migt be a bug, also the password didn't work 😅

Hey!

Here -- I hope this should make it clear enough!

In order to properly connect to the machine, first head to the room you want to complete and scroll down to the task that has the "Start Machine" button.
(as you can see in the first screenshot below)

After pressing it, you should see some notifications:
(See second screenshot)

After the two notifications appear, you should see this in the middle of your screen.
Press "Start AttackBox"
(Third Screenshot)

You will use the AttackBox to complete the tasks in the deployable room.
Your screen should look something like this:
(Fourth Screenshot)
Patiently wait for your AttackBox to start, then follow the next steps.

Perform the SSH command as you did, but with the Active Machine Information (as detailed in the task):
(Last screenshot)

So, I would type "ssh tryhackme@10.10.177.11"
Yours should be different so follow whatever is on there:)

After typing the password, you should connect!

Hey thanks for the reply. I did that exact as you described but there wasn't a pop up (in your third screenshot) Instead I clicked on the blue box AttackBok and using the recommend attackbox and so yeah I was in the Attackbox.

Also used the IP-address that is shown for me

Do you mean this actually for the next time?

In the screenshots you provided, you were using the AttackBox's IP address from what I could tell.

You have to make sure you are using the IP address of the machine that you have deployed (which can be found on the Active Machine Information).

As seen, in the second task, when you press "Start Machine" it loads a banner with the IP address you should be using.

I am sure I did the IP also correct. SSH tryhackme@10.10.114.83
If its the IP that's wrong, why can I not use the Attackbox anymore, for today?

didn't use attackbox longer then around 10min, couldn't log in

I mean couldn't log in because of the password and so I terminated the machine to restart, thought maybe would help

Cyber Defense - Security Operations & Monitoring - Windows Event Logs -- Task 4, Questions 3 & 4 <-- answers are wrong. When you run the commands you get different answers

Sorry question 3 has the wrong description, not the wrong answer.

Windows Forensics 1 - https://tryhackme.com/room/windowsforensics1
Task 8 last question "When was the USB device with the friendly name 'USB' last connected?"
The answer doesn't work for "USB". But does for another USB listed.

Admin pass has expired on the machine....bit tedious type all the password to change it :S

https://tryhackme.com/room/brainstorm
Machine running really slow, I can even connect to the service exposed to get the file.....could you please have a look??..... thanks in advance!!

even not accepting the right answer :S, please have a look!!!

Reporting that the room is still having issues

Hey I'm still having trouble with the sqlmap challenge on the CC: Pen Testing room.
Re: #room-bugs message

@eternal summit said to update sqlmap. How should i do it?
I've tried updating with apt,
Tried downloading the repo. Tried
pip install --upgrade sqlmap
python sqlmap.py --update

This is all i am getting

root@ip-10-10-10-107:~# git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
Cloning into 'sqlmap-dev'...

fatal: unable to access 'https://github.com/sqlmapproject/sqlmap.git/': Failed to connect to github.com port 443: Connection timed out
root@ip-10-10-10-107:~# 
root@ip-10-10-10-107:~# git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
Cloning into 'sqlmap-dev'...
fatal: unable to access 'https://github.com/sqlmapproject/sqlmap.git/': Failed to connect to github.com port 443: Connection timed out
root@ip-10-10-10-107:~# 

Download the repo
Run the script from the repo

Your attackbox doesn't have internet as you're a free user

So i have no way to update it ?

@dusky junco SQLMap needs an upgrade on the AttackBox next clone 🙂

(I already mentioned but hopefully both of us will reinforce the importance)

Is he not away actually?

Oh, yeah, he is. I'll just stuff it on his calendar for him 🤷‍♂️

As I catch up on appeal emails... yay

Knew it was a bad idea to open this

Hey, yeah that sounds reasonable. I'll sort this in dev, but I don't think it'll be in prod/live until early next week (monday/tuesday) @minor magnet @eternal summit @obsidian kiln

Let me set a reminder to let you know when it's all sorted, does that sound okay Billybob?

(sorry if I missed your ping Ninja, I try to keep up 😄 )

Billybob. 😂

Room: Brainstorm. Task 1. Number of open ports as per nmap scan (nmap -sS -sV -Pn -p-) shows 3 open ports only and answer isn't correct. After connecting to the FTP server, doing a directory listing just says "229 Entering Extended Passive Mode (|||49341|)" and does nothing.

In https://tryhackme.com/room/historyofmalware the referenced link https://malware.wikia.org/wiki/Techno is no longer valid

same happening with me... could you have a look please???? @glad badger @obsidian kiln @eternal summit trying to finish the Offensive security path....

How many did you have?

ok, I've resolved the FTP connection problem. Pretty simple and can't believe I overlooked it. ||Need to enter passive mode in your client||

and the answer for the ports are ||double||

Investigating Windows 3.x - https://tryhackme.com/room/investigatingwindows3

How many files are supposed to be on the Desktop? I got stuck with the Sysmon question and googled some writeups -- they said there is a Sysmon.evtx file on the Desktop. 😗

I could complete bruteforce part of this room with WPScan instead of Hydra... finally finished the Offensive Pentesting Path 😄

Oh Lord. So that's why people keep doing that goddamn room.
@dusky junco pinging you to escalate to the right place: I would highly suggest removing that room from the offensive pentesting path.

It's buggy, slow, incredibly CTF-y/unrealistic, doesn't comply with the bruteforce rules, and is generally a pain in the backside

Hello

Ngl do you think the room just needs pulling entirely?

Rather than pulling from the pathway?

@obsidian kiln

I've been nagging Tim to do that for months -- apparently the number of users who attempt it makes it a bad idea, buuuuuuuut, we just figured out why so many users do it

It's in the offensive pentesting path -- you need to do it to get the certificate

Isn't it also an ancient vulnhub box?

It is, yes

Ah I see

Okies

I will bring it up for discussion (:

A maintenance process is part of the 2022 QA plan. 🙂

Is anyone here?

I have been stuck on the room DNS in Detail for almost 2 weeks. No one can answer my question so far. The practical does not work no matter how exactly I follow the youtube video. At 13:30 the speaker says he's having an issue, the video cuts for a sec and the speaker comes back and says if your having issue to wait a few minutes and it will resolve itself. This is not working for me. I just want to speak to someone, a real person, who can walk me through what is going on, what is going wrong, etc. I am so frustrated I could cry and I only just started this whole thing.

Just how do you get help? What am I paying for with this website if I am just on my own????

Hey, sorry to hear that. What’s your problem / what isn’t working exactly? @prisma pier

Hello, how are you?

Currently I m trying to do Brainstorm from the penetration path but the issue is when trying to run the execution file downloaded from the server (trying not to give hints) and when I try to run it on the windows system in OSCP Prep, it doesn't want to run (even on admin), I recreated a windows XP/7/10 environment without any success.. Am I doing something wrong or might it be a bug ?

Error given by Immunity debugger: "Exception 40000005 - use Shift+F7/F8/F9 to pass exception to program"

Hello!
In the Osiris room (https://tryhackme.com/room/osiris) There is a bug that is consistent, after speaking to the room creator we decided that it would be best to bring it up to the team here! I would love some help.
The bug: || whenever trying to setup the malicious service, the code in the service is executed locally, but when trying to get a reverse shell, it never works, I have tried usually whitelisted port, using a different command and using different variations of the netcat payload but none worked! ||

Are you able to solve the issue? I have the same problem. I tried with query * EventID=12 and the result is "0 events"

I haven't gone back and tried anything new yet. All I know is that the search is supposed to produce graphable data in the visualization tab, but the search as written in the instructions fails to do so.

In the room "Common Attacks", phishing task - the following information appears:

I think the information box is inaccurate

Can someone address this? I have been having this problem for a while and so are a few more people

It'd be on the room creator to address. It might even be intentional and designed to catch you out.

I had spoken to the room creator, and we got to the conclusion that something is broken with the room.

Then it's on the room creator to fix?

Alrighty, I'll talk to them, Thanks James!

Gave +1 Rep to @eternal summit

Anyone got problems with the marketplace ctf? My terminal crashes when i try to connect via ssh even after restarting the machine.

Can anyone tell me whats wrong with task 3 of memory forensics ?

Room: Active Reconnaissance (https://tryhackme.com/room/activerecon)
Task 6: Netcat
At the bottom of the task, just before the question, it says "You can find a recording of the process below. Note that the listening server is on the left side of the screen." However, no recording is available for viewing.
Thank you.

i think i broke it

Room: https://tryhackme.com/room/bpvolatility
Impossible to do the task 4 we can't download the file with SCP beacause we don't have the password, and there is no file to upload attached to the task. This problem was said before but it's not still fixed.

Download the file from where?

If you are talking about the AttackBox then why don't you change the password (now you know it )

sudo passwd

Or just sudo -i to login as root and skip passwords altogether

Sorry, Will scp still need a password when run as root?

Oh yeh

Nvm then

Nah, nothing to do with you :)
Just a connection made by one of the many bots that scans the internet

Hello, not sure it's the correct channel to post but:
I'm actually working on the "Windows Event Logs" room and i'm encountering a weird issue:
if i try to go on the "details" tab on the event viewer, it just instantly crash and i have to relaunch the event viewer :/
so i can't do some question of the practice part. Does some of you face this issue? (tried with rdp on the machine itself and in-browser split view)

the bounty hacker room, ftp doesn't display output for the ls command

Use the passive command first

tried that, but didn't work

it did take an unusually long time for the output to be displayed

try -p in the initial ftp command, Ben taught me that

ah, I'll try doing that

Hi everyone

So I was doing the overpass 2 room and while answering the Task 1 question 2, I'm facing this issue

And also this

Not a bug with the room

You're pasting a literal reverse shell payload into the site.

Bitdefender is detecting that.

Task 9 in the Burp Suite room (as part of the Complete Beginner path), https://tryhackme.com/room/rpburpsuite, has a suggestion to go to the Learn Burpsuite room for further learning, https://tryhackme.com/room/learnburp. The link results in a message "The owner has made this room private". I suggest removing the link, or directing elsewhere, until the room is public again.

Both of those rooms are deprecated, as well as the whole path.

In the sysinternals room under Miscellaneous section.
The href at the bottom points to System-Information instead of misc-utilities. The text shows the correct destination.
https://tryhackme.com/room/btsysinternalssg

FYI- Task 8 Practical Example (Blind XSS), Payload works straightaway with the attackbox or catcher, with VPN didn't work to me at all.

I'm stuck on Task 8 as well. I can't get netcat or the website to display cookies or anything else.

try to up a http server with python, better in the attackbox or try the catcher http://10.10.10.100/

Hello, how are you?

Currently I m trying to do Brainstorm from the penetration path but the issue is when trying to run the execution file downloaded from the server (trying not to give hints) and when I try to run it on the windows system in OSCP Prep, it doesn't want to run (even on admin), I recreated a windows XP/7/10 environment without any success.. Am I doing something wrong or might it be a bug ?

Error given by Immunity debugger: "Exception 40000005 - use Shift+F7/F8/F9 to pass exception to program"

Room: https://tryhackme.com/room/kuberneteschalltdi2020
room isn't booting up, only port 22 is open and room is unusable.

I just went to this room and was about to report this!

the link in the config file is dead too

i.e, the server

its been like this for like 2 months now, I didn't know the config was dead though

yeh, cat it out and there's a link in it to the "server(I think)"

Hi there, anyone can help me on this? In this room (https://tryhackme.com/room/owasptop10) - Task 20 (display the cookie). I'm doing an alert to show (document.cookie) and get this:

s%3A7drDfnv5FRV_YkD0qhrGDoVM4lUg7FF-.ZTLhhq38WR0ELXlxaNuvIl4GpDBGkq459YvyJByVcbM

not any flag

basically the cookie.

which is too long for the answer 😛

That's the cookie, indeed.

If you submit the payload it wants, it'll give you the flag

I'm summiting the alert popup with document.cookie

I restarted the machine to see if was something wrong in there. same thing...

Room Windows Server (https://tryhackme.com/room/activedirectorybasics). Task 8 - Hands On Lab. All the relevant commands are supposedly available at https://gist.github.com/HarmJ0y/184f9822b195c52dd50c379ed3117993, but there is no command listed for the question "Which group has a capital "V" in the group name?" which forces you to use the Hint

now working. Just needed to reset the attackbox too.

Room : Wreath
Task 1
Pre-requisites

There is a broken link which is mistakenly referencing "Linux command line" to https://tryhackme.com/room/tryhackme.com/room/linuxfundamentalspart1

Fixed :)

Looks like the behaviour of how links that don't start with http(s) has changed. That used to work

not a bug, probably just doc change
Room: windowseventlogs
Task: 4

Tasks ask to execute Example 7 and 8, but the correct online docs examples are 8 and 9

After submitting the answer I realised that my answer is wrong because lack of my depth in -perm flag in find command but tryhackme corrected my answer I don't why this happened?

should be answer tolerance.

Yes, but is it not a bug?

it matches the answer so if it's 90-95% same, it's assumed correct
this way you're not scrutinized for mistyping/capitalizing/forgetting a character in the flag

Ok

In the room of Vulnversity even if I have connected with machine via VPN, whenever I am searching http://ip/ in the address bar it shows unable to connect

Not a bug. You're forgetting something. Please ask in #room-hints

Room: https://tryhackme.com/room/rpmetasploit
Task 7, 2nd question
the answer is ||auxiliary/server/socks5||
however if you follow the instruction, you won't find it

https://tryhackme.com/room/activerecon
I'm on Task 6, I clicked on "TCP" in the first paragraph to see the definition, and it should actually be Transmission Control Protocol not Transfer Control Protocol.
I know it doesn't matter but I'm just very proud of myself for knowing I had it right.

https://tryhackme.com/room/linuxmodules
Task 6 awk

Quotes are wrong and the filename is missing.

-awk "BEGIN {FS='o'} {print $1,$3} END{print 'Total Rows=',NR}"
+awk 'BEGIN {FS="o"} {print $1,$3} END{print "Total Rows=",NR}' file.txt

pretty sure not taking this as correct is a bug

room?

https://tryhackme.com/room/phishingemails4gkxh

I got the "right" answer, but tbh according to the link given in the task, it is not. Maybe I understood something wrong though.

It's a typo.

Or is it?

I think The hydra syntax is wrong on backpack.

I can't reach the http://MACHINE_IP/robots.txt after replacing MACHINE_IP to IP of machine

In Content Discovery Room

If it's not automatically replaced then you have not deployed the target machine

You've likely deployed the attackbox instead.

Room: https://tryhackme.com/room/kuberneteschalltdi2020
said it a couple times but didn't get any response or fix, the room doesn't boot up properly, only port 22 is open.

Let me check and see if the problem can be diagnosed. 🙂

Thanks!

Gave +1 Rep to @glad badger

I'd recommend to skip this room for now while we make an assessment of what the problem is. 🙂 Thank you for reporting.

Gave +1 Rep to @dense garnet

Room: Investigating Windows 3.x
Question No: 16
**Question: **

This is the default communication profile the agent used to connect to the attack machine. What attack framework was used? What is the name of the variable? (answer, answer)

Like specified in the question, the flag is needed to be submitted in (answer, answer) order combining the both answers.
The correct answer to the question ||is in reversed order. ||
Since the questions are asked consecutively, ||why is the answer accepted in reversed order without any hint? ||
Almost any player is likely to waste a lot of time for nothing without this clarification.

Typo spotted in Sysmon room under task 2

Gotta stay doubly prepared though, so I don't mind it

This one's super nitpicky, but the closing TargetFilename tag is missing a >

No flag for reflected XSS? and on a side note the instructions are outdated for Burpsuite and I can not figure out how to add a custom header for persistent XSS.

I was JUST on this @atomic lion

Had to lookup a write up because there is no "Header" category like you explained

Also sorry for the tag

no problemos

the header category is now on the lower right of http history but I didn't see an add button like on a video walkthrough i saw.

You can edit the request manually if you understand the structure of an HTTP request

still learning

i tried manually doing it but i guess i got it wrong as to where to add the custom header

active recon lab not pinging for task 3. i'm going to sleep hopefully the machine works tomorrow.

fixed both

Having a look at it now

This has been discussed and updated 🙂

Was it a typo?

More of an unclear wording I think

Ah, just because my answer has ~all instead of -all

yup, that's the intended answer, Just the question has been re-worded to reflect that (some external research as to why may be required, but it's linked)

Hi, https://tryhackme.com/room/androidhacking101 has some all around weird formatting and some code sections are hardly readable (see attached picture). The section Dynamic Analysis - Complications is even missing a picture and other pictures are way too big. The room could need a bit of reformatting to make it more enjoyable to follow

Hi Guys a do a brainstorm machine every time i log on ftp server by anonymous credentials its show me "ftp entering extended passive mode" and i cannot list files ;/ i think the machine is broken

Try initially connecting in passive mode

Also cc @dusky junco this seems to be a somewhat recent change, last time something weird like this happened with FTP it was VPN and routing related

ok i will try with passiv mode

okey i figured it out, ftp has defult connect via passive mode to make it work we need to do opposite think and connect via active mode (-A flag)

thanks for idea

Gave +1 Rep to @eternal summit

Room https://tryhackme.com/room/passwordattacks
Task 8 3rd Question. Password is supposed to be in the generated wordlist form task 7, but its not. Or at least it seems so to me.
Edit: My bad, I missed it because the server gives the same answer (same amount of chars!!) on successful login duh

nvm it was something wrong with the machine started another and it worked

not sure if it is a bug but i attackative directory when i submit ntlm hash of admin it shows wrong but on using the hash for exploitation in evilwinrm it is right and works this one question is not allowing me to comeplete room

Not exactly a bug but more of a typo - in the Cross-Site Scripting room, Task 1 has some links to examples of bug bounties paid out to people who found XSS vulns. One of the links says "Instagram" but the link is actually to a report for a company called "Infogram"

On FILESRV01 on Holo, I believe there should be a scheduled task, but there doesn't appear to be. This is the case after a reset.
I think it's a bug where that's not being added on setup

Room : https://tryhackme.com/room/nmap01
Task : 6
Bug : Typography, in the word highlighted in the screenshot

Room: https://tryhackme.com/room/mnemonic
youtube link in first task is unavailable, I know its an old room

-ban @iron orchid -ddays 1 Piracy spam

🔨 Banned BU-BE-SOUND#8390 indefinitely

Room: https://tryhackme.com/room/androidhacking101
Task: 3
Bug: Typo in the image

https://tryhackme.com/room/fileinc

Shouldn't Task 4 say

Theoretically, we can access and display any readable file on the server from the code above if there isn't any input validation. Let's say we want to read the /etc/passwd file, which contains sensitive information about the users of the Linux operating system, we can try the following: http://webapp.thm/get.php?**lang**=/etc/passwd

As currently published, the parameter for the GET request to get.php is file when the example code uses lang

https://tryhackme.com/room/pyramidofpainax
Task 9 only takes wrong answer (IMO)
Here are some screenshots marked as spoiler:

Wrong answer giving the flag

My answer was this one, didn't accept it

https://tryhackme.com/forum/thread/61fd266b1bacdb34500dfc99
In the forum people are reporting similar issues

Looking into the issue. Thank you for reporting. 🙂

Gave +1 Rep to @timber socket

Always!

Room: https://tryhackme.com/room/linprivesc
Issue: Task #8 - Capabilities can be completed by just cd'ing into ubuntu's folder and cat'ing "flag4.txt" without having to do any privilege escalation at all.

Well done on getting the flag to pop! I guessed they'd got it upside down or something, but even so that 'correct' answer is totally borked. It doesn't help that two of the definitions apply to the artifacts layer IMO There are lots of other things wrong on this box as well. The any run URLs are the wrong way round in task 3 and the same question repeats in task 5. In the first instance you don't need OSINT as the answer is in the screenshot, and the second the answer is not a malicious document.

Pyramid of Pain (/room/pyramidofpainax) editing issue, not certain where else I'd mention this

Pyramid of Pain - [Task 3] - the url for Task 3 points to the main site rather than the task that the questions refer to

Pyramid of Pain - [editing] - might want to consider removing the url link here for this site

I can't screenshot but in the same room in TTPs there is a punctuation issue in the third paragraph

fight back. For, example if

Pyramid of Pain - [Task 5] - copy pasta for last two questions

Totally, also I didn't get the flag in the intended way.
I got the flag and the order by doing some stuff 😅
Let's say i did what the name of the website told me to do.

I still wanna know the correct answer tho

goddammit i've been on this for like 3 hrs and it's broken?

life is mean

yeah, I didn't mention it since someone else already did

It’d be nice if they would disable a room or take it offline temporarily until the bugs get worked out.

The Task 9 question can be skipped for now (no answer needed), until the challenge has been fixed. 🙂

I am also stuck on this, are the answers supposed to be the same or different?

I got the first one but I can't figure out the second one

Hey, so re. Pyramid of Pain. I got attributed and assigned the room very recently, but it is not a room that I have made at all (neither has heaven) due to reasons I wont share. I'm working with QA on getting errors with this room resolved. Appreciate your feedback on this, but yeah, it is very difficult for me to pickup a room that has been developed by someone else.

Sorry that you're experiencing issues with this

hi in room: https://tryhackme.com/room/ctfcollectionvol1
Task 18:
using wayback machine this link for the flag expired
https://t.co/vbRrl6MdvU

Answer to question 4 is in the second screenshot, the exe is repeated everywhere. Question 5 is buggy

could some mod look on brainstorm https://tryhackme.com/room/brainstorm looks like something is broken with ftp server - I cannot connect to it neither from kali vm, host manjaro or attackbox
I tried forcing passive ftp, active none worked

also restarted vm 2x, reconnected 3x and changed server from EU-VIP1 to EU-VIP2

Supposed to be different

There last one is probably referring to the question being asked. The one before it is referring to something else

You can still guess the answer like I did

One should say something like "what is the name of the malicious binary?" The next one should say "what is the name of the malicious document" (as it does already, so it's fine)

Agree. Or even make a more challenging question and give a useful hint instead of use Google with a wink that throws you off, like are you kidding me. LOL

Let's just start with the words matching the questions and work our way up from there 😆

throwback network 1. missing pictures in multiple tasks, 2. task 21: "MSF6 and newer will have socks/auxiliary/socks_proxy" but msf6 has socks in: auxiliary/server/socks_proxy

If you want I can tell you what I found and what I think it's the problem.

Don't think that giving the details here would be a good idea, but my DMs are open.

PS: I will only give the details to THM staff and/or mods

Just 3 words in Google, first result gives the answer.

Hello. In Phishing 5, Question 1. It says format should be "
(answer format: mm/dd/yy hh:mm)

But it only accepts mm/dd/yyyy hh:mm. Basically, it wants a 4 digit year, but says the format is two digits. The grey text in the box shows 4 digits. This is ANNOYING and an easy fix.

Confirmed. Room name "Powershell Scripting" (part of the Offensive Pentesting path), task 3 "Basic Powershell Commands". The accepted answer is ||6638 || but using the following search returns 6641

||get-command -commandtype cmdlet | measure||

For which question are you talking about? For the last question of task 5, I’ve searched a lot and with no luck. The question doesn’t make sense.

Throwing in support for this bug. Drove me nuts for a while until I finally guessed it.

Use your OSINT skills and provide the name of the malicious document associated with the dropped binary

the hint I would give is: ||The dropped binary is G_jugk.exe, and the malicious document is the doc associated with that G_jugk.exe||

Room name "Powershell Scripting" (part of the Offensive Pentesting path), task 4 Enumeration, question "What is the path of the scheduled task called new-sched-task?". The correct answer as per the powershell below output is |||| but the answer expected is|| /||

||get-scheduledtask | where-object Taskname -eq new-sched-task||

maybe just by me, but first when is started Dear QA, the target's IP didn't show up. After refreshing the page, it was there. ( it was about 10 minutes after i started it so it's maybe a bug)

The room itself is not so easy but this question was a cake 🙂

That's exactly what I searched for, the binary name you hid. I found a very nice site that left almost nothing about the e%$#@t malware https://www.joesandbox.com/analysis/302663/1/html . Also the anyrun sandboxer and still nothing. But I'll keep looking since there is still a possibility of finding ans answer somewhere.

Keep googling, you're close.
I looked at that same exact report before finding the name

Thanks @timber socket damn it was looking me in the eye. Believe it or not I almost read that whole report, but there is always place to learn. Thank you!

Gave +1 Rep to @timber socket

it wont upload my php file 😦

https://tryhackme.com/room/shodan

an old room: https://tryhackme.com/room/xss , linked website is down

are the answers on the "introductory networking" room in the whois section outdated?
nothing i find from whois facebook.com seems to be a correct answer..

Note that it changes domain part way through

oh oops, i'm blind

Wreath Room: ssh -i access is to the web server is no longer available to me. Can somebody take a look at this.. It is pingable, but no longer ssh accessible, can't proceed further...

yeh, that's pretty common unfortunately, means people on the machine removed/changed the id_rsa, just go for a reset

also, there is #wreath-network for help

Ok, thanks mate.

This is a minor bug at #intro2windows(https://tryhackme.com/room/intro2windows) in the task-7 called "Creating your first GPO". There is a typo for "Groups GPO". It mentioned that "Group GPO"(Correct is "Groups GPO") need to be linked to the root of the domain (thm.lab). If someone add "Group GPO" as mentioned , it will create a new Object called "Group GPO" that may create confusion to others and policy may not work as assumed.

-ban @wheat fractal -ddays 1 Nitro Phishing scam

🔨 Banned WonderMan#9152 indefinitely

Fixed. Thank you for reporting. 😎

Gave +1 Rep to @patent merlin

Post it here please

this room is broken
https://tryhackme.com/room/phishinghiddeneye

github link is broken, the default mirrors for 2 requirements are broken in the gitlab version (equinix.io) and the whole room has 2 questions (what would u use the tool for and whats the weakest element in IT) which independent on the actual tool

the room is also over 2 years old

so it being broken is more easily acceptable by that standard

Hi, I have an Issue with the Linux Fundamentals Part 2 Room. The attackbox does not allow the input of the password when executing the SSH command. https://tryhackme.com/room/linuxfundamentalspart2

It does, but it does not show the characters as that would be a security risk to people watching

okay very good to know. Thank you!

Hi there is a bug in "https://tryhackme.com/room/packetsframes", all users started to face with this. i wrote about it in #room-help

Tim has already addressed this

yeah i saw it too, thanks

Hello, I noticed a small bug in the Network Fundamentals - Packets & Frames room. Each task is repeated 2 times.

Hey guys, I have an issue on pre security learning path, packets and frames room from network fundamentals can't be completed. I did all the answers and stuf, but it won't mark as completed so the path progress is always at 95%

ah you already know about it 😄

Hi. What was the resolution? Because it seems that the issue is still there

Yes

It's known, but being fixed.

Not fixed yet.

Not sure why but in the Redline room, the exe file gets removed from AppData/Temp after running the IOC scan. Makes it so you can't get the hash without resetting the machine

In the room intro to Django, there is a link for the user hash, but the antivirus block it (pastbin..)

That's not a bug. If your machine is blocking pastebin, that's a you problem.

It's not related to running the scan? Just launching the machine and opening the AppData Temp folder will get it removed on you

Obviously the SHA256 hash could just be selected in Redline, but that assumes we read all the questions before launching the scan. Also means that the hint as to how to find the hash with PowerShell won't work without a reboot and we can't run it multiple times to experiment with different scan settings

Gave +1 Rep to @eternal summit

Alright thank you

Its a known bug, the're working on it

It's been reported in multiple channels honestly

Ok ok Zeeshan thank for the answer.

Gave +1 Rep to @median coral

🙂

https://tryhackme.com/room/introtonetworking

right answer

whois results

came back to this room to show something to my friend, noticed that

nice catch but that was apparently updated less then 3 weeks ago

You missed that it changed domain half way through from Facebook to Microsoft

oh wait yeah

The new Red Team Fundamentals room links to the Cyber Kill Chain room. That room has a message saying that the owner has made it private. You might want to unlink it from Red Team Engagements: https://tryhackme.com/room/redteamfundamentals https://tryhackme.com/room/cyberkillchainzmt

Good morning THM 🙂
I did the whole phishing module a while ago but did not receive the fancy badge for it. Did I miss anything?

#site-bugs message Might be that you completed it before the badge was around so you need to reset and redo the 5th room

this eternalblue room does not work. i've rebooted this machine 5 times.

Ok I'll try that, thanks @modern raven!

Gave +1 Rep to @modern raven

i get fail evrytim, no win

Yes exactly, if that doesn't work email into support and we'll get the badge awarded @zinc ice

I just did room five again! Now I have the badge 🙂 Should have tried that before posting tbh. Makes sense...

Woot woot 💪

Are you still doing it?

i started working on the phising one because Newk did it and looked interesting, but i can boot it up again for like the tenth time and try

If you do, let me know

ill do so now

starting machine

Ok, we can move over to #room-help so we're not flooding this one.

okay will do if it end ups not working

Hi everyone,
i have an issue in Attack Kerberosroom
I already add CONTORLLER.local in/etc/hosts and i can ping it as well
but i still cannot use kerbrute to Enum and user(result is 0)

It shows
Done! Tested 1663 usernames (0 valid) in 0.347 seconds

I'm getting the question duplication bug on Packets and Frames. I am unable to complete the Pre-Security course and get my certificate because of it. Resetting the room doesn't help, nor does answering the duplicated questions.

I know its a kknown bug.

Just wondering if I can do anything about it so I can get my cert.

@ripe patrol @gaunt skiff @harsh olive @jagged pine this is now fixed (packets and frames)

i saw it, thank you so much

Thank you!

Hi !
I think I found an error :
--> Complete Beginner
--> Web Hacking Fundamentals
--> OWASP Juice Shop room
--> Task 4
PB : It says You can load the list from /usr/share/seclists/Passwords/Common-Credentials/best1050.txt but it is not the right path. The right path is :
/usr/share/wordlists/SecLists/Passwords/Common-Credentials/best1050.txt

Are you using Kali or AttackBox?

AttackBox

Hi everybody ! I'm on the POLOTELNET learning machine, but i get no open ports is it normal?
I think maybe it's an issue but i'm a complet beginner x)

I get this with Kali --> All 8320 scanned ports on ip-10-10-187-203.eu-west-1.compute.internal (10.10.187.203) are closed

Please use #room-hints if you need hints.
This channel is for once you're certain it's a bug

Ok sorry

Hi anybody else has machine lag? i have premium but sometimes ctf machines starts lag and i can t ping them for a while.

Sounds like a VPN issue, #site-support for more help please

I found a typo in https://tryhackme.com/room/splunk101

Open Chrome and navigate to ...

I think the author meant "Firefox"

(I'm incredibly funny)

oh wait on a serious note, chrome is installed on the attached machine 🥲

Yep, completed that room recently and used chrome

matches well with the ~2GB RAM of the machine

as if windows wasn't bloated enough

In the Content Discovery Room. Task 3 requires you to run a CURL command, but the command throws an error. This command works:

curl -s https://static-labs.tryhackme.cloud/sites/favicon/images/favicon.ico|md5sum

i have a problem with ustoun room. i didnt find a way into the box so i looked in the writeup. regarding to it should port 1433 mssql be open. i tried several machine spawns but it never was open. i think its bugged

Happened to me too!

Hi, when will be Suricata room prepared? Thank you.
https://tryhackme.com/room/btsuricata

https://tryhackme.com/room/osqueryf8

Schema documentation section says current version is 4.7.0, links to 4.7.0, shows screenshots from 4.7.0, and then asks about the schema "for this version."

But its looking for answers from 4.6.0 (Which is the installed version on the machine, but not the one referenced in the rightup)

Just had a similar experience, thanks for posting in here, was losing my mind! Thought I needed to something else.

Gave +1 Rep to @minor magnet

No problem, glad it was helpful. How did you find it all the way back up the chat?

CTRL+F my dude 😄

-ban @strong cradle Posting fornite cheat videos in the room-bugs channel. Ban appeals are bans@tryhackme.com

🔨 Banned Mhortas#5364 indefinitely

Thank

He was copy-pasting into multiple rooms, pretty sus

fornite cheat videos lolwut

This is not as much a bug as it is a suggestion. In the Content Discovery Room, Task 7, you recommend people look at Wikipedia to learn about Google dorking. THM has a google dorking room. It might be better to link there.

I believe i found a room bug in the Jr Pentesting in the cross site scripting room

On the last section, i retrieve the session key like it asks and its not the right value no matter what i try

its a walkthrough room and the exact code it tells me to put gets me a session key that i decode to the session=(value) and wont work.

In https://tryhackme.com/room/oscommandinjection task 3 it mentions

For example, the shell operators ;, & and && will combine two (or more) system commands and execute them both.

but just doing one & will run the program in the background, it is && that combines commands

They both still run them both

It's whether it waits for the success of the first or just runs it in the background

https://tryhackme.com/room/ustoun still bugged. port 1433 is never open

https://tryhackme.com/room/passiverecon Task 6, question 3: Based on Shodan.io, what is the 3rd most common port used for nginx?
3rd port by Shodan.io is 5000 (https://www.shodan.io/search/facet?query=ngnix&facet=port), but the accepted answer is different (||8888||)

query=ngnix

Yes? Did I do smth wrong, so that the result is different?

Ngnix is not the correct spelling

Correcting the typo gives you the correct results.

Ah

Thanks!

Has anyone noticed a bug with the video in the Hydra room? That bug being Basic networking sometimes playing rather then the Hydra video. A quick refresh fixed it, so I'm good. Just making sure someone new doesn't get frustrated.

This sounds like a site bug, can I ask you to repost it in #site-bugs please?

https://www.tryhackme.com/room/walkinganapplication last flag doesn't seem to work i found the X-Flag header but it says incorrect

There's some extra flags in that room (the target machine, for other purposes)
You can ignore the one that isn't working

it's for the last question and there is only one for that i think

#room-bugs message

Here's a reference for the same

thank you i think i was looking in the wrong place

I'm not sure if it's a bug, but in the "Brainstorm" room I can't get any files using FTP, only "229 Entering Extended Passive Mode (|||49179|)." I have went through all the writeups and followed their steps, yet I got nothing.

https://tryhackme.com/room/passwordsecurity this room was removed?

also I want to remove the room (since it no longer exist) from My Rooms list. The tricks for rooms that were passed from free to subscription-only doesn't work (https://gist.github.com/noraj/46f8ec31205f72a604b13ffa4c03dfbc).

I have the same issue as yours, it doesn't even allow you to leave the room

How much do we care about small things like typos and grammatical errors? Going through some of these rooms I occasionally find fallout from quick edits. Don't want to spam up the room with this stuff if it's the wrong place for it

this is the right place, put them here and make sure to give the following

• room name
• task
• what's wrong
• what it should be

Room Name: Network Services 2

Task 6: Questions: "top-usernames-shortlist.txt" file location may have moved since room creation? My location was /usr/share/SecLists/Usernames/ instead of documented /usr/share/wordlists/SecLists/Usernames

Task 7: Hydra:
"password attacks against of many different services" - remove "of"
"if you'd like to browse and find a different wordlists" - either "find different wordlists" or "find a different wordlist"

Room Name: Burp Suite

Task 7: Questions:
"Which poisoning issue arises when an application behind a cache process input that is not included in the cache key?" - "process" should be "processes"

#site-support message

Does this help?

no, the problem is that the room has been outright deleted for us, so any of the usual joining/leaving methods don't work as it doesn't even show up in search only in https://tryhackme.com/rooms

I'm doing advent of cyber 1 - day 9. I keep trying the IP address 10.10.169.100 port 3000 and I keep getting "connection timed out". I've tried it over several days now and it's just not coming up.

Path: Jr Penetration Tester - Network Security | Room: Active Reconnaissance | Task 4
Question 1 & 2: "...what is the IP address of the last router/hop before reaching tryhackme.com?"
Answer: It's the last IP address listed in each traceroute example.

Issue: The last IP address in each traceroute example is the IP address of tryhackme.com, so shouldn't the IP address in line 13 or 25 be the right answer?

Path: Jr Penetration Tester - Network Security | Room: Active Reconnaissance | Task 4
Question 3: "In Traceroute B, how many routers are between the two systems?"
Answer: 26

Issue: It's asking for the hops between the two systems. The first hop is "me" and the last hop is tryhackme.com or my target. So shouldn't they be excluded? Right answer 24?

Before tryhackme.com implies not tryhackme.com?

Yes? At least for me in this context. It sounds like where do you go before you go shopping. The answer can't be "shopping" (assuming I don't go shopping twice in a row...).

That's more clear now

ftp commands aren't not working for me in this room after connecting to anon ftp. https://tryhackme.com/room/brainstorm can someone help

I answered you in #site-support FTP is working for me.

quick catch on the recent redteamfirewalls room;
first diagram has a typo:

Thank you for reporting this. 🙂

Gave +1 Rep to @brazen gulch

I'm assuming this is a known bug and nothing will be done about it? I've searched discord and quite a few people have reported this and it's still an issue.

Hi. I'm trying to do an attach using burp intruder. In BurpSuite Intruder room give us credentials when try to do attack there is no 200 response for credentials. Can anyone help me ?
room link: https://tryhackme.com/room/burpsuiteintruder
Task:10

Good day, I am having trouble with the OpenVAS room. I had to use the kali attack machine due to space restrictions on the other. I have downloaded and started the docker of OpenVAS but when I follow the instructions to visit https://127.0.0.1 firefox complains about the credentials. I go to advanced and click Accept Risk and Continue and nothing happens. Any suggestions on how to move forward with the room?

@trim cape it states in the task that finding a 200 is out and to loot at the Length of the responses are you referring to this part of the task?

Please use #room-hints or #room-help if you're looking for assistance, this channel is meant for reporting bugs

Hi, I would like to report a Bug on Containme room. I don't know why I took so long to speak up for this but it has been months since the room was released and I am still unable to complete it due to a bug on SQL service not starting. Restarting the machine 1000 times doesn't work and it is a fundamental service to complete the room.

https://tryhackme.com/room/brainstorm, ftp server works in attackbox but doesn't work on your local machine(tried active, passive, -p, -A, binary mode)

In https://tryhackme.com/room/yara task 6, there is a rule that counts the number of occurrences of a string. I believe the condition should read #hello_world <= 10 rather than $hello_world <= 10 per https://yara.readthedocs.io/en/stable/writingrules.html#counting-strings.

Hi, I don't know if this is a bug but a few people have been having this issue

In the Post-exploitation Basics room task 3 there is constant errors when trying to transfer/upload files into bloodhound

With uploading the error being "BAD JSON FILE"

And drag and drop the error being

"NaN% the file is incompatible"

I could show anyone who would.be willing to review it in vc

for basic splunk 101, task 6 question 1, the sigma APT29 to splunk using Uncoder.io now returns a different value

Hi there, Protocols and Servers => task 6 should ask for POP instead of IMAP

yes, you have to use only the ||commandline=""|| from the result

-ban 898988800208953426 get outta here with your scamming nonsense.

🔨 Banned tweekerry#6525 indefinitely

ah damn I forgot the ddays

-ban 478442913521598464 -ddays 1 get outta here with your scamming nonsense.

🔨 Banned Ryan.Scc#0416 indefinitely

I am working on linux fundamentals and when I start the machine, it gives me an IP address. But according to videos, a second window should open where we can try linux commands and get the flag. The window is not opening for me, any fixes?

There's a blue button at the top of the room

It says start attackbox

Does pressing that make it pop up?

no

It just starts the machine and gives out IP