10 mins
#koth-voice-chat
slim surge
soft beacon
Who wanna join a quick KotH challenge?
wanton sandal
me
slate jackal
!docs verify
proud frigateBOT
TryHackMe
soft beacon
GG to 4cid for the Panda challenge
If you're here, feel free to tell me how did you privesc'd the box
vapid storm
anyone doing a koth right now?
tired lark
I just was
It was my first time, I didn't even know how to interact with the private IP until 30 minutes in
night hemlock
Anyone want to play?
small hamlet
What terminal are you using?
sinful nest
What terminal are you using?
fish
I customized a little the settings that xct uses
small hamlet
Thanks!
sinful nest
xD
radiant quail
Anyone wants to play?
https://tryhackme.com/games/koth/77761
I wanted to replay this machine, i will be glad if someone could join
radiant quail
https://tryhackme.com/games/koth/join/fdc09accd9a66a795e7f81ef
I wanted to play Hackers machine, thanks for helping though
brittle stirrupBOT
Gave +1 Rep to @slim surge
slim surge
I wanted to play `Hackers` machine, thanks for helping though
want to host a private one ill join
radiant quail
want to host a private one ill join
autumn schooner
any
autumn schooner
any leads ?
slim surge
there's a way in on 80
autumn schooner
okay
river basin
Hello
night hemlock
@slim surge gg locking down h1 medium
slim surge
<@485135593249177610> gg locking down h1 medium
gg
void dust
@slim surge dont beat us to bad 🤣
slim surge
<@485135593249177610> dont beat us to bad 🤣
ill make it fun 
void dust
ill make it fun <:blobfingerguns:658062473617866753>
hope its a linux box cuz i dont know windows very well
slim surge
hope its a linux box cuz i dont know windows very well
🤞 yea me either
void dust
🤞 yea me either
can you join vc after so we can talk about the box when it is over
slim surge
can you join vc after so we can talk about the box when it is over
i would but im bout to head to bed, gotta work in am
compact pagoda
radiant quail
I made a script to detect those players before joining matches,
if anyone is interested, please PM me and improve the tool together
wooden garden
Not too sure about the rules for koth, so I'll cc @neon river
radiant quail
Not too sure about the rules for koth, so I'll cc <@267010557889085440>
thanks, i'll be glad to know
brittle stirrupBOT
Gave +1 Rep to @wooden garden
slim surge
If anyone's pty got spammed by this Detrew guy, pls help report
I don’t think spamming pty sessions would be against the rules to report a player I mean it’s basically the same as https://tryhackme.com/room/redisl33t you could always just use -T flag when connecting through ssh to prevent someone spamming your pts. Or connect to machine without ssh and just don’t stabilize your shell . We have a few tips and tricks to help maneuver in an unstablized shell and edit files using sed.
Feel free to dm if you want I can share some of those tricks with you
radiant quail
I don’t think spamming pty sessions would be against the rules to report a playe...
I see, thanks a lot for the info
brittle stirrupBOT
Gave +1 Rep to @slim surge
slim surge
No problem
sinful nest
that's a cool terminal
i3wm
radiant quail
cool thx
radiant quail
Are you bravosec?
Hi
radiant quail
Are you playing koth now?
yea
compact pagoda
@sinful nest did you clsoe all ports
sinful nest
<@745672959804571742> did you clsoe all ports
?
I'm the one asking
you were the one who killed the machine lol @compact pagoda
compact pagoda
no
sinful nest
send me your terminal output
compact pagoda
yes
sinful nest
click reset
right hahahaha, lol
compact pagoda
@sinful nest Are you on sftp
sinful nest
<@745672959804571742> Are you on sftp
ah ?
no
btw @compact pagoda this box doens't have connect from external internet
sinful nest
Where are you hiding lol
I'm not with hidden processes and not using rootkit 😄
?? @compact pagoda
compact pagoda
No, I seeing where you are by deleting files
sinful nest
I ? wtf 🤣
Last thing, don't blame me for the things you do like breaking the box in this game, that's not cool, own up to your mistakes 😉
compact pagoda
Last thing, don't blame me for the things you do like breaking the box in this g...
I swear I didn't do anything during mid game. I just deleted files at the last 2 minutes
I just saw the nyan cat, and closed my terminal
Also, @sinful nest do you ln -s /dev/null .bash_history
compact pagoda
I was trying to see who enters directory using that. It works usualyl
sinful nest
ah ??
gilded sparrow
compact pagoda
@sinful nest You are using rootkit
compact pagoda
systemd?
sinful nest
no
compact pagoda
I can't edit king.txt you are not using a loop I assume?
sinful nest
I can't edit king.txt you are not using a loop I assume?
neither
compact pagoda
Something to do with this ```type=SERVICE_START msg=audit(1691375918.470:3819): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=kothh comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
< type=SERVICE_STOP msg=audit(1691375918.471:3820): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=kothh comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
< type=SERVICE_START msg=audit(1691375918.471:3821): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=kothh comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
< type=SERVICE_STOP msg=audit(1691375918.673:3822): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=kothh comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
< type=SERVICE_START msg=audit(1691375923.720:3823): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=kothh comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
< type=SERVICE_STOP msg=audit(1691375923.721:3824): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=kothh comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
< type=SERVICE_START msg=audit(1691375923.721:3825): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=kothh comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
< type=SERVICE_STOP msg=audit(1691375923.922:3826): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=kothh comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=?
wrong?
compact pagoda
Not this? Intercept Syscall Write from /root/king.txt.
This technique is very advanced using LKM ( Loadable Kernel Module) that is, at the kernel/ring0 level, me and F11snipe use it, basically if you try to put your nickname in king.txt, nothing will happen and the nickname of who is using the intercept syscall write will remain, as this file is being intercepted.
Also your ip? 10.14.39.200
compact pagoda
Were you using the syscall write thing
sinful nest
cool
compact pagoda
Were you using the syscall write thing
?
restive kelp
@vapid storm Enjoy your king time, im out 🤣
vapid storm
<@456226577798135808> Enjoy your king time, im out 🤣
🤣 thanks
brittle stirrupBOT
Gave +1 Rep to @restive kelp
restive kelp
🤣 thanks
Curious tho as im new to KOTH - so king time is what gives you points the most after flags?
vapid storm
Curious tho as im new to KOTH - so king time is what gives you points the most a...
i think yeah.. im new too 😄
restive kelp
i think yeah.. im new too 😄
And you disabled write access to the king.txt file even if im root? 😂
restive kelp
Got you ✌️
vapid storm
👍
slim surge
And you disabled write access to the king.txt file even if im root? 😂
Probably a chattr lock.. google about chattr
sinful nest
sinful nest
restive kelp
Probably a chattr lock.. google about chattr
Yes did my research on the whole KOTH dynamic - thank you
brittle stirrupBOT
Gave +1 Rep to @slim surge
slim surge
Yes did my research on the whole KOTH dynamic - thank you
If you need some tips and tricks feel free to dm
sinful nest
median jolt
if someone want to join I'm here for some KOTH
https://tryhackme.com/games/koth/join/02b48410b6162e639b8308a0
empty salmon
bronze seal
cloud creek
@steel dirge .. aint it taking forever for the ftp bruteforcing?
steel dirge
no its anonymus login
cloud creek
yeah anonymous login initially, but for the user mcgrawford we need to bruteforce right?
autumn schooner
join
autumn schooner
username ?
untold quiver
username ?
ben.mert
autumn schooner
awesome !
cloud creek
where is the king.txt in "medium" machine?
slim surge
where is the king.txt in "medium" machine?
I believe it’s in c:\
vapid storm
whos in this game with me
wicked beacon
need to configure sound settings
radiant quail
@tall knoll https://tryhackme.com/games/koth/80128
@tall knoll 10.10.249.62
@tall knoll https://education.github.com/pack
autumn schooner
any !
autumn schooner
later
slim surge
@violet meteor
vapid forge
gg
idle falcon
does anyone tell me the right way to approach a koth challenge ?
vapid storm
uwu
sonic stump
uwu
Hey can you change your username please? We have a pretty strict no politics rule in this server
frosty hedge
Changed it for them. 🙂
vapid storm
Hey can you change your username please? We have a pretty strict no politics rul...
hey, can you verify me? i cant talk in #koth
proud frigateBOT
TryHackMe
sonic stump
no worries, you got it 🙂 you're verified now
sand path
!docs verify
proud frigateBOT
TryHackMe
ivory shore
vapid storm
Hi :3
untold quiver
Hi
untold quiver
Not for now, but thanks for asking and have fun or enjoy.
vapid storm
ok uwu
untold quiver
Okey
vapid storm
Ohayo
untold quiver
can i join the general room ?
Yes, of course.
pure yew
the voice is locked
untold quiver
the voice is locked
You need to do verify
pure yew
ok
hot fern
someone teach me how to play koth
haughty merlin
How to change my username on koth?
forest laurel
How to change my username on koth?
You need to change your username on your account.
proud frigateBOT
TryHackMe
untold quiver
Hey yall!
slim surge
someone teach me how to play koth
Here’s some good videos to learn from https://m.youtube.com/watch?v=wIDdrY-opPU
lime finch
Hi all
untold quiver
Hi all!
nova sigil
i like to see when people play koth its the best way to learn seeing others play. seeing how they approach things that a great way to learn
slim surge
i like to see when people play koth its the best way to learn seeing others play...
Check out #koth-voice-chat message
shell lichen
suggest me appropriate linux for pentest which won't crash every other week and which is stable os
untold quiver
suggest me appropriate linux for pentest which won't crash every other week and ...
Exactly, it is the Debian and Slackware
slim surge
suggest me appropriate linux for pentest which won't crash every other week and ...
Should be any Linux os all you need is the tools… or you could use something like blackarch, kali, parrot, etc…
fringe geyser
hello
pearl narwhal
Hi
ivory owl
who's trevohack?
untold quiver
Hey!
wanton sandal
who's trevohack?
Me
haughty merlin
hi
haughty merlin
hi all i broke my shell using while[ 1 ] loop how i can take it back?
winged bane
anyone there
Yeses
untold quiver
hi all i broke my shell using while[ 1 ] loop how i can take it back?
I wonder this too!
vapid storm
hi
untold quiver
how are you?
Fine, you ?
vapid storm
Fine, you ?
fine thanks, what are you doing?
brittle stirrupBOT
Gave +1 Rep to @untold quiver
untold quiver
fine thanks, what are you doing?
Just thm path 🙂 you ?
vapid storm
Just thm path 🙂 you ?
chilling with a easy thm ctf
untold quiver
chilling with a easy thm ctf
Yes, in same way. 🙂
vapid storm
yeah
wanton sandal
Hello
untold quiver
Hey, what’s your usernames on thm?
Hey, is same.
humble herald
wanton sandal
Hey, is same.
wanna play koth
celest basin
Ya
untold quiver
wanna play koth
No thanks, not right now.
brittle stirrupBOT
Gave +1 Rep to @wanton sandal
proven notch
somebody wants to play koth?
untold quiver
quite
haughty merlin
Hmm
austere ice
hello everyone here i am trying to educate people about patching the system vuln in KOTH game my network are not work well today so also my vpn work slowly thus why i take long time to get into the game sometimes i reset a machine twice. Sorry for that but my advise is that don't delete web folder go and correct the vuln code from that web files and fix it to do that is just like delete the website because of bugs that not true our goals is to learn how to fix that vuln not to shutdown server or delete the web folder thanks and sorry for everybody i bothered @austere ice
untold quiver
Okey
sand remnant
untold quiver
<
iron needle
Hi everyone~ There have person want to play KOTH after 7min
untold quiver
O
barren marlin
@ivory shore GG's you won off of 5 pts just realized i won. anyways ggs
untold quiver
ggs
ivory owl
somebody used iptables to block me lol
untold quiver
yes
ivory owl
@winter mauve This you? https://imgur.com/a/ex7RJa3, https://pastebin.com/Eaif4zzS
ivory owl
thx. keep up the good work. just don't screw up the box lol
winter mauve
thx. keep up the good work. just don't screw up the box lol
Oh shit did I
ivory owl
kinda need /etc/passwd
winter mauve
Very true lol, I have no idea what to do, to patch vuln's
What chmod did u do to make king.txt xrwxxxxxxx
chmod 600?
ivory owl
i didn't chmod it. google chattr.
wanton sandal
somebody used iptables to block me lol
aren't you the same person redirecting tcp traffic on port 9999 to your ip and port for king?
ivory owl
a misunderstanding of the rules on my part 😁 . I didn't prevent everyone else from accessing the box.
vapid storm
anyone down for some koth?
haughty merlin
anyone down for some koth?
Let's roll
vapid storm
XD
well do it in the morning for sure
or later in the afternoon if your still up for it
vapid storm
Let's roll
im free right now if you area ready
untold quiver
Okey
humble oak
hi
untold quiver
Okey
chrome topaz
koth anyone?
barren marlin
KOTH any1?
humble oak
hi
gleaming spruce
hello
digital whale
@sick panther 😦
sick panther
@ivory shore what was ur pts i couldnt find it
ivory shore
<@118749350795935744> what was ur pts i couldnt find it
I usually avoid using any pts or stable shells 😉
sick panther
socat
sick panther
@crimson notch
crimson notch
<@1086902593550303302>
see this.
check your error.
btw im not root anymore.
all my processes were killed a while back.
sick panther
ooow
sick panther
yes
crimson notch
you are using netcat command wrong.
check that.
and you can't read /root/root.txt lol.
crimson notch
no it was in the crontab
fr ?
crimson notch
yes.
vivid crane
hi
crimson notch
is the host down
were you asking me.
the box easy was up when i was there. after i lost shells i was gone.
flint ginkgo
Hey. WhatsUp Guys..
sick panther
Hi there
haughty merlin
Hi KoTH player…
humble oak
hi
vapid storm
Koth anyone?
haughty merlin
Play some learn some
haughty merlin
wow... windows box on koth is really goods
grand sparrow
Hey. WhatsUp Guys..
wasup
grand sparrow
wow... windows box on koth is really goods
wtf
digital whale
@candid fable Did u make the txt file?
candid fable
<@814949924998611023> Did u make the txt file?
yes 🙂 who else ?
candid fable
GG
digital whale
GG man
heady siren
Somebody wanna play koth and vc?
flint ginkgo
@crimson notch how to posible this.
But I'm getting angry! 
crimson notch
<@1086902593550303302> how to posible this.
But I'm getting angry! <:blobknife:6...
you'v just changed the pass of shifu. ig there are many other routes to hop in.
flint ginkgo
how to change medium machine password.
vapid storm
do u need a openvpn to participate in koth if so where do i get the key?
untold quiver
do u need a openvpn to participate in koth if so where do i get the key?
There is no a special vpn file for koth as far as i know, i guess the general vpn file for thm is enough.
mossy tulip
Someone is up for quick KOTH?
haughty merlin
nice one @ionic junco
are u want to tell me how you change permission of king.txt so i cannot write on it ?
look like added user king are you ?
untold quiver
Chattr +i / -i king.txt ? it is does / doesn't work for you ?
haughty merlin
Chattr +i / -i king.txt ? it is does / doesn't work for you ?
Nice one ... file permission not changed, but it's my fault ... i write crontab to execute every minute but with wrong path 😅
* * * * * root echo "my username" > king.txt <== this should /root/king.txt
untold quiver
Nice one ... file permission not changed, but it's my fault ... i write crontab ...
ок
haughty merlin
Hei @wanton sandal where you put the chattr ?
wanton sandal
Hei <@1005685758356619284> where you put the chattr ?
i removed chattr
i use a custom binary
haughty merlin
nice to play with you ...
wanton sandal
gg
wanton sandal
i have no clue on privesc... can you tell me
dm
sudden topaz
Is it allowed to close the ssh port on a koth machine?
violet meteor
Is it allowed to close the ssh port on a koth machine?
As long as there is another way onto the box
topaz ridge
@flint ginkgo Okay for delete the chattr, but not the wget binary 😡
vapid storm
hi master @topaz ridge
did u have any clue on how to use the rsa keys?
i tried like 20 variations of 'ssh -i' and even just 'ssh production' but it said 10.10.27.182 closed on port 22
topaz ridge
@vapid storm I don’t know, i was gone to eat. Do you want make a private game to test ?
vapid storm
<@456226577798135808> I don’t know, i was gone to eat. Do you want make a privat...
uhh sure
u know my username?
topaz ridge
I send you a pm
vapid storm
yup
wintry nest
hi
untold quiver
.
pale yarrow
hi
wild mist
hi
I would like buy tryhackme premium I need a body for discount if there is someone who would like to buy pls text me.
humble oak
hi
compact pagoda
What are your guys most sophisticated tools you made or used in koth?
humble oak
hi
shy bough
how do voice chat to koth user playing with me ?
you cant on the website, but you can on discord
rain cliff
you cant on the website, but you can on discord
Thank you for your reply!
Which channel should I use?
shy bough
Thank you for your reply!
Which channel should I use?
you can use the KOTH vc
rain cliff
you can use the KOTH vc
KOTH channel is locked.
Why is this?
shy bough
have you enabled it in the id:customize @rain cliff ?
tough hawkBOT
rain cliff
@shy bough @forest laurel
Thanks! I verified !!
brittle stirrupBOT
Gave +1 Rep to @shy bough (current: #2050 - 1)
frozen wing
How do I talk with my people in KOTH?
untold quiver
You need to be verified. /DOCS verify.
tough hawkBOT
tough hawkBOT
@gusty pebble
alpine pagoda
damn u can go support
glacial laurel
@alpine pagoda GG D:
alpine pagoda
<@1205843974561206292> GG D:
Gg
glacial laurel
@sinful nest Did You Manage To Get Flags? 👀
sinful nest
<@745672959804571742> Did You Manage To Get Flags? 👀
yeah why?
sinful nest
You Didnt Submit? It Showed 0
yes, for me it is not necessary to submit flag, when you are in king
glacial laurel
yes, for me it is not necessary to submit flag, when you are in king
Wait, If Someone Becomes King You Can Become King By Using Stashed Flags?
sinful nest
Wait, If Someone Becomes King You Can Become King By Using Stashed Flags?
yeah you can win, but this only works when you have more points than the person who has king, so you score the flags****
glacial laurel
*takes notes*
slim surge
Wait, If Someone Becomes King You Can Become King By Using Stashed Flags?
no... you can still get points using flags if someone else is king tho.
modest magnet
Ah man... think i was too slow trying to get SSH
vapid storm
who's down for koth?
spring prism
I play koth for the first time in months and someone decides to disable ssh smh
coral holly
untold quiver
lol
inner holly
@dr0p
What a cheater
resetting machine since you where kicked out of the machine
@staff
tough hawkBOT
tough hawkBOT
TryHackMe Socials
inner holly
You'll need to email support 🙂
never do anything
gg zzzzzz super dirty game
resets should be deleted
timid leaf
Played first KOTH ever and lost due to some minutes. Got root only after the challenge was over. Manual enumeration took time, linpeas was so fast. Bad luck (._.). Any suggestions to a new KOTH player?
sinful nest
Played first KOTH ever and lost due to some minutes. Got root only after the cha...
Hey, here you will find several tips and tricks for koth, both for defense and attack: https://github.com/MatheuZSecurity/Koth-TryHackMe-Tricks
timid leaf
Hey, here you will find several tips and tricks for koth, both for defense and a...
Thank you
brittle stirrupBOT
Gave +1 Rep to @sinful nest (current: #133 - 51)
tough hawkBOT
TryHackMe
clever panther
How can I join voice? :(
brittle wasp
sorry I have no mic or headset
mossy tulip
How can I join voice? :(
You need to verify yourself first
tough hawkBOT
acoustic dirgeBOT
There are no URLs in that message.
sharp crescent
testing
iron lion
testing response
rough gate
true
slim surge
<@291298445048676353> Good game, definitely gave you hard time. 😄
What... 0day on KOTH 🥳 ...
Would've been a good game to play... 😩 I missed it.. lol
sinful nest
What... 0day on KOTH 🥳 ...
This is priv match
gilded breach
This is priv match
Oh yea @slim surge, it was a priv match. 
slim surge
This is priv match
Yea I figured it was, only see 0day and Simon. I could've still jumped in tho 😞... Maybe next time 😂
final acorn
I don't play that much, let's see.
Yahh you can call me when you play
gilded breach
Yahh you can call me when you play
Sure, It was fun playing with you. 
final acorn
Sure, It was fun playing with you. <:thm:635113348756799518> <:TryFlagMe:9077851...
Ohh really 👽
final acorn
fireworks?
Let's see ,
final acorn
I will send you a join link here
gilded breach
let me finish the game.
gilded breach
I will send you a join link here
wait for 10 mins I guess.
final acorn
wait for 10 mins I guess.
5 minutes
gilded breach
@final acorn Make a fireworks private one.
queen pasture
❤️ 
tough hawkBOT
TryHackMe
final acorn
<@1076185973458735104> Make a fireworks private one.
Bro i was so tired, can we play the next day please
gilded breach
Bro i was so tired, can we play the next day please
why not, I'm not good at it. 😉 (don't root it).
final acorn
why not, I'm not good at it. 😉 (don't root it).
Ohh okk
gilded breach
<@1139104164136366110> i challenge you to a koth match
why not akhi, you still gonna win. 
alpine pagoda
<:pepe_heart:1193241522129354895> why not akhi, you still gonna win. <:kek:88999...
Maybe maybe we wont know xD
gilded breach
Maybe maybe we wont know xD
rough gate
;=;
hazy shoal
im waiting to play my second KOTH... EVER. Like, im new to hacking and all and have practiced a bit and i did my first KOTH yesterday, and i looked at the recent matches today and the winner in all of them was Ch1. I join a match, im waiting for it to start, guess whoes there. Just me and Ch1. Ch1 seems proffessional, i am new o hacking...
I wonder who will win???? (Definitely not me 😅 )
hazy shoal
(I bailed out, they patched everything too fast
wanton pilot
(I bailed out, they patched everything too fast
i just did koth today and ch1 just pwned the root in 1 min i think he is using autopwn script ...
hazy shoal
i just did koth today and ch1 just pwned the root in 1 min i think he is using a...
Yeah Idk but he’s top 6% he seems pretty good at it. Cheating in the game, but at least it would be good in the real world penetration tests
wanton pilot
Yeah Idk but he’s top 6% he seems pretty good at it. Cheating in the game, but a...
im in top 2% near of the top 1% and just to do a nmap scan on the machine take like 5 min for me, he don't need to enum the machine to pwn it x) or maybe he know all of the koth machine
hazy shoal
Idk then, I’m quite new to it
wanton pilot
^^
hazy shoal
What do you do then? Nmap scan then what? I use tmux, and in split screen do nmap and gobuster and then while that’s going look at the webpage and use inspect element and then go off of what directories are shown in gobuster and ports open in nmap
wanton pilot
after nmap if i see http i use dirsearch to enum dir , ffuf to enum subdomain , if there is login page default credential , sqli // if i see some service like ssh , sql i try some default credential like root:root , if i see a CMS on a webpage i search the version and if there is some CVE on it
hazy shoal
Ah ok, what’s sqli?
wanton pilot
SQL injection
wanton pilot
when you send the request on a webpage the server will do a SQL request like
Select user from users_table where users_table.user = $USER and users_table.password = $PASS
in sql the comment is --
so you will put in login this ' OR 1=1 -- -
so the request will be like that :
Select user from users_table where User = '' OR 1=1 -- - ' = users_table.user and users_table.password = $PASS
- = users_table.user and $PASS=users_table.password will be in comment
so the requesti will be always true and you will get the admin sessions
wanton pilot
I’ll have to focus on learning a bit of that then.
you can do the complete begginer its a great path to learn the basics !
hazy shoal
(I used to do a bit of programming in python, only basic stuff tho a few years ago so I can understand that relatively easily) the password check bit gets commented out so no password is required
wanton pilot
y that the idea
hazy shoal
you can do the complete begginer its a great path to learn the basics !
Ah ok I’ll look into it, thanks for the help! 😁👍
brittle stirrupBOT
Gave +1 Rep to @wanton pilot (current: #2182 - 1)
hazy shoal
Pretty smart tbh, can’t get around the password, just disable it
wanton pilot
Yeah Idk but he’s top 6% he seems pretty good at it. Cheating in the game, but a...
he just pwned the machine in 1 min x)
hazy shoal
Ohhh dang
Should probably report him.
I literally just stopped trying 20 mins into my match cus nothing worked as he had patched everything
forest laurel
You do realise that someo of the machines are pre-made images.
So if it's an older machine, they were already have auto-pwn stuff.
hazy shoal
You do realise that someo of the machines are pre-made images.
No, I didn’t realise, as I said before, I’m relatively new to this all
hazy shoal
So if it's an older machine, they were already have auto-pwn stuff.
Yes but surely they’re not allowed to do that?
wanton pilot
Y is not allowed
hazy shoal
@wanton pilot do you want to do a KOTH with me sometime? It could be today, tonorrow, the nexct day. Just whenever. Priv message me whenever you want to and we will do one if I am available. (Remember im new to hacking lol and i want to do KOTH as i found it fun - i have only ever done 1 match - and think it will be great for me to learn.) im also doing old KOTH rooms on tryhackme
wanton pilot
<@456829418116087825> do you want to do a KOTH with me sometime? It could be to...
Yes if you want !
grand sparrow
😂 i played 400 + games just im 9 level and i beat your a** doesnt mean i cheat level dont do anything in koth its experience
i was playing koth since i was level 1 which is almost one year ago and you just started i have keys for most machines and some machines just need a curl cmd if you dont know your way around a machine or those other noobs dont doest mean you accuse me of stuff
grand sparrow
I literally just stopped trying 20 mins into my match cus nothing worked as he h...
i never patch stuff no one can take king any way so i dont patch
wanton pilot
I didn't ask you to justify yourself, but 59 min of root on a game of koth means that you legit rooted the machine in less than 1 min.
grand sparrow
you guys should talk in the main koth channel so people can see your messages and i can see them too
wanton pilot
It may look suspicious, but if it's legit, well done!
grand sparrow
I didn't ask you to justify yourself, but 59 min of root on a game of koth means...
yeah i do that for most machines i save keys and i know easier ways on most machines
grand sparrow
It may look suspicious, but if it's legit, well done!
thanks
brittle stirrupBOT
Gave +1 Rep to @wanton pilot (current: #1451 - 2)
grand sparrow
you just need to save keys and experience with the machines
wanton pilot
on the machines that i have played the root was easy just a cmd and the user was juste in sql database
grand sparrow
what machine did we play?
grand sparrow
yeah food you littraly need one curl cmd to get a foothold
wanton pilot
y
for me it was juste sql database was accessible with root:root and there was a credential
and the root was only 1 cmd or smthg like that
grand sparrow
yeah you get ramen i know ramen noodles is the best is also the pass
wanton pilot
y
grand sparrow
there is also an http port that have an image in that image there is creds hidden for pasta
the httpport just serves the image and you use binwalk on it to get the hidden data
i looked at my notes its port 16109 idk if that changes
wanton pilot
ok your just a big tryharder x) sry i though your cheating
grand sparrow
and there is a hidden api that let you execute stuff as bread with one curl cmd which is what i used 👍
wanton pilot
and there is a hidden api that let you execute stuff as bread with one curl cmd ...
okok
grand sparrow
i saw this messages after alot of time not a lot of people talk here we have more discussions in the koth channel
https://discord.com/channels/521382216299839518/695343809726513292
wanton pilot
okok
grand sparrow
im in top 2% near of the top 1% and just to do a nmap scan on the machine take ...
use rustscan instead
grand sparrow
after nmap if i see http i use dirsearch to enum dir , ffuf to enum subdomain , ...
ffuf is the very fast you can also use it to enum dirs
wanton pilot
ffuf is the very fast you can also use it to enum dirs
i just discovered threader 3000 like 2 days ago is very fast to scan port too 🙂
hazy shoal
It may look suspicious, but if it's legit, well done!
Yeah I say the same, I was never accusing you @grand sparrow, just simply pointing out how it was suspicious, but as @wanton pilot says, if you didn’t cheat, then well done, that is some skill right there
hazy shoal
for me it was juste sql database was accessible with root:root and there was a c...
In food? I tried that it never worked for me on the food box…
grand sparrow
In food? I tried that it never worked for me on the food box…
mysql -h ip -u root -p then type root
hazy shoal
yeah food you littraly need one curl cmd to get a foothold
Dam, can you tell me?
hazy shoal
`mysql -h ip -u root -p` then type root
I always did that. Ah well must have had a typo or something. I’ll try again soon
What’s the curl command to get the foothold
grand sparrow
Dam, can you tell me?
i will give you a hint its port 15065
hazy shoal
Alright thx
grand sparrow
use ffuf to get the the hidden dir then explore there to find the hidden api
hazy shoal
What’s ffuf? Is it like go buster?
grand sparrow
yeah but ffuf is a lot faster
hazy shoal
And rusts can I’ve heard of but never used
hazy shoal
yeah but ffuf is a lot faster
Ok I’ll use that from now on
Guys I was practicing on the food koth room from the old rotations, is it the same as the koth room that’s in rotation right now?
hazy shoal
Ahh ok. I’ll practice on that then so at least I’ll have 1 box that I know I can beat
hazy shoal
https://tryhackme.com/r/room/kothfoodctf
Yes that’s the one
I’ve tried it but never got into the MySQL or anything, only did an nano
Nmap not nano
What’s the MySQL to get in and see the users that are like ramen and stuff
grand sparrow
for mysql the username is root and the pass is root
just do mysql -h ip -u root -p then type the pass which is root
hazy shoal
I could have sworn I tried that
Oh well I’ll message here in a bit when I try it and say if that worked or not
grand sparrow
or you can go with the approach of the img and get pasta creds
i
hazy shoal
or you can go with the approach of the img and get pasta creds
i
You can do that? What image?
grand sparrow
i think i remember you you played with me yesterday and you kept resetting cuz you thought i was patching but i didnt do it
grand sparrow
You can do that? What image?
img on port 16109 do curl ip:16109 --output img.jpg
hazy shoal
I promise I have never clicked the reset button, although in the intermission I did keep leaving and then joining again hoping it would be a different match without you
hazy shoal
img on port 16109 do curl ip:16109 --output img.jpg
Ok, what does the -O do?
grand sparrow
I promise I have never clicked the reset button, although in the intermission I ...
maybe its not you then
hazy shoal
maybe its not you then
Yeah I’ve NEVER clicked the button to reset the box
grand sparrow
Ok, what does the -O do?
i meant --output curl doesnt save the response by default so you need to explicitly save it to some file
then use binwalk to get the creds
hazy shoal
Ahh pls
Ok not please lol
Autocorrect
Il message here in a bit saying if any of this helped, which I think it will. Thanks for the help, sorry it seemed I thought you were cheating, I was just saying it seemed a bit suspicious. You’re very skilled.
grand sparrow
hazy shoal
ok. Im loading up the food koth room right now to try some of the stuff you told me
the room is ready, machine is strated, but im installing the stuff like rust and ffuf to try out. Ill add more time if i need. Im only doing it to try this all out
hazy shoal
never got around to even trying the room as rust wont install
how do i install rust? also im busy now so i wont be able to do it anyways until later
grand sparrow
install rustscan not rust for me it was just sudo apt update && apt install rustscan if this dont work and you have debian you download the latest .deb package from the the repo only and install it with dpkg -i packagename
hazy shoal
install rustscan not rust for me it was just `sudo apt update && apt install rus...
I’ll try the first command but when I try the .deb file with dpkg -i it doesn’t work
hazy shoal
install rustscan not rust for me it was just `sudo apt update && apt install rus...
when i do the first command it throws this error:
Error: The repository 'http://ftp.debian.org/debian stretch Release' does not have a Release file.
Notice: Updating from such a repository can't be done securely, and is therefore disabled by default.
Notice: See apt-secure(8) manpage for repository creation and user configuration details.
hazy shoal
install rustscan not rust for me it was just `sudo apt update && apt install rus...
also how do you make the command in the box there? its in a box in a way
sudo apt install rustscan
Error: Unable to locate package rustscan
grand sparrow
sorry. i was a sleeping let me send you the github repo
get the debian package from there and install it
hazy shoal
Yeah I have done that but how do I install the package? I’ve downloaded the .deb file from there already but when I do | sudo dpkg -i rustfile.deb |
hazy shoal
sudo apt install rustscan
Error: Unable to locate package rustscan
When I do that command it throws the error.
Not the error in the message I just replied to from myself, but it throws an error
grand sparrow
what error does it say?
radiant quail
Yeah I have done that but how do I install the package? I’ve downloaded the .deb...
dpkg -i ./rustfile.deb
or dpkg -i <full_path_to_the_file>
otherwise it will search rustfile.deb from online repo list
steady torrent
GAHHHHHH
hazy shoal
dpkg -i ./rustfile.deb
Thank god your a life saver (o haven’t tried it yet, but that must have been what I was doing wrong, not doing the ./ )
brittle stirrupBOT
Gave +1 Rep to @radiant quail (current: #759 - 5)
hazy shoal
otherwise it will search `rustfile.deb` from online repo list
Makes sense tbh
hazy shoal
Guys i got it working turns out mysystem runs arm64 not amd64 so the dpkg with t he .deb file thing
that didnt work so instead i got it working by asking chatgpt and it said to try the docker method and ave me the commands to do and it finally works everywhere. Before i got it to work but you had to go to the directory
hasty plank
that didnt work so instead i got it working by asking chatgpt and it said to try...
it might affect the performance since docker is probably emulating x86 so what you could do is build rustcan from sources and this way you dont need docker
hazy shoal
ah well, it’s the only way that worked for me
runic haven
why is ch1 in every koth that i ever join?
plush kraken
https://tryhackme.com/games/koth/join/c756f101f884ce01c9ff7c47
anyone wanna join koth
starting in 8mins
@brazen hull
upbeat lark
what is koth ?
tough hawkBOT
neon river
oak nimbus
what is koth ?
osint 🥶🥶
loud socket
Is there is a king of the hill easy mode
sharp crescent
Why isn’t it giving us the target IP?
tall rock
How can i get in the vc?
solid lava
scenic shoal
you're in my game rn right? do you see an ip?
solid lava
you're in my game rn right? do you see an ip?
no i dont
i was going to play but i left
sorry lad
scenic shoal
yeah its taking a bit longer than usual i might just do my own
solid lava
yeah its taking a bit longer than usual i might just do my own
refresh the page maybe?
it never shows for me lol
scenic shoal
i've been, but its stuck on "scheduled"
I had this issue before with koth, even starting my own
solid lava
yeah same
grand sparrow
who uses this room 😂 dont we have another one for koth
forest laurel
who uses this room 😂 dont we have another one for koth
This is for the voice channel...
runic haven
what is koth ?
king of the hill
winter gazelle
@wanton sandal is this you in the KotH game? 😅
winter gazelle
yes Hackers -- 132024
@wanton sandal we were in the same game couple of times now you always destroy me 🤣
wanton sandal
<@1005685758356619284> we were in the same game couple of times now you always d...
hehe gg
wanton sandal
yes Hackers -- 132024
ah yeah i played tht
winter gazelle
hehe gg
how did you get in bro? 😅
brute forcing the weak password?
I tried but my hydra skills are not that good so far 🫣
wanton sandal
how did you get in bro? 😅
brute forcing the weak password?
I tried but my hyd...
i got in via the web vuln, n yes bruteforcing but i dont use hydra
winter gazelle
i got in via the web vuln, n yes bruteforcing but i dont use hydra
Okay 👌🏻. gg man
i still have so much to learn.. 😅
wanton sandal
Okay 👌🏻. gg man
i still have so much to learn.. 😅
gg, good luck
glad bramble
<@227236677960204288> 👋🏻
thanks friend
brittle stirrupBOT
Gave +1 Rep to @winter gazelle (current: #2104 - 2)
glad bramble
@winter gazelle yo can u reset the machine
winter gazelle
thanks friend
You are the next one i can't beat 😅
winter gazelle
<@1113143046884839525> yo can u reset the machine
All good it just took little longer to start 😄
@glad bramble my skills are not enough to get root on this machine give me a hint how you got in 😅
winter gazelle
<@1113143046884839525> yo can u reset the machine
I did already
winter gazelle
it's so easy
I started 1 month ago 😅 i am still learning
winter gazelle
www.tryhackme.com/games/koth132079 someone want to join?
glad bramble
try more everytime friend
winter gazelle
try more everytime friend
🫡
sage siren
Tenho Los Bro com tacos troco por uma lá grande
winter gazelle
@glad bramble did you close ssh?
Or was there never a chance to connect via ssh? 🧐
Oh my bad forgott to chance from the standart port to the actual one 😅
winter gazelle
@misty wharf gg
misty wharf
@winter gazelle game?
winter gazelle
Yeah lets go
misty wharf
it wassnt me but I know how it work haha
winter gazelle
What was happening?
misty wharf
login in ssh again then use -T flag haha
winter gazelle
What you mean?
winter gazelle
That shit scared the shit out of me
winter gazelle
you can hide your tty using -T
So you say someone saw my ssh login?
winter gazelle
when you type w or who, you'll see users
It only was in the ssh seasion so i should be save lol 😅 but scary
misty wharf
you'll learn that later but now try to learn how to hide haha
winter gazelle
I only 2 months in 😅
winter gazelle
you'll learn that later but now try to learn how to hide haha
I have to learn a lot more then that how i saw it 😂
winter gazelle
you'll learn that later but now try to learn how to hide haha
So yoz say if i had use -t by login into ssh that would have not happend right? 😅
misty wharf
the -T yeah but I dunno what other players do if they can still throw some troll on you even if you use -T
winter gazelle
Ok
wanton sandal
So yoz say if i had use -t by login into ssh that would have not happend right? ...
u can still find the pid using ps auxf n kill the shell
winter gazelle
u can still find the pid using `ps auxf` n kill the shell
Bro are you hunting me? 😂😂
winter gazelle
https://tenor.com/tpRD9cv3c3Q.gif
covert dawn
!koth
lapis drum
tiny glen
The same here. Connected successfully to my VPN file config but ping target machine is timing out.
winter gazelle
winter gazelle
The same here. Connected successfully to my VPN file config but ping target mach...
contact the tryhackme support
winter gazelle
Am i only the one who cant connect to the KOTH machine?
contact the tryhackme support maybe if enough people report they actually start to do something
tropic mauve
Am i only the one who cant connect to the KOTH machine?
I thought I was the only one
tropic mauve
contact the tryhackme support maybe if enough people report they actually start ...
I should do that too
@winter gazelle you're killing it bro🔥🔥
winter gazelle
<@1113143046884839525> you're killing it bro🔥🔥
haha thank you bro 🫡
brittle stirrupBOT
Gave +1 Rep to @tropic mauve (current: #3535 - 1)
winter gazelle
winter gazelle
unique raven
winter gazelle
what happend ?
empty dragon
turbid epoch
🤔
cyan copper
neon river
jk @neon river was first
@empty dragon
stoic harness
hacked
floral jackal
Man, you lot took forever to notice this new chat
violet meteor
I'll be honest, I subconsciously clicked
unkempt bear
anyone playing koth
twin crest
potent mauve
now more trashtalking 🙂
neon river
what is this
one more channel to ghost ping you
arctic wharf
boooo
frigid quarry
or the opposite?
neon river
You can't ping me if i leave the server 
undone gorge
novel marten
Yoh
iron hull
Good afternoon
0x9 lvl I'm not sure if your trolling
oh its krypto
make sure you are doing the download ON your attack machine
headphone charging right now. gimme bout 3 more mins
iron hull
You guys are still trying to connect
harsh wave
lost pine
unkempt bear
anyone up for koth
peak gorge
ye
fluid oxide
wait after the timer it will give us a ip
yeah we havce to wait
k
fff i know this box
its easy only\
yes it is
just use basic ohk
yeah the box is up now
peak gorge
ye it is
fluid oxide
just the basics nmap and msf
aynone knows how `to edit files in windows
goddamit i lost shelll
did u scan for scripts
yes
--script vuln
hmm
scan for all ports
for scripts
this is not good they should have given another box f
no i did it before thats why
crimson ingot
aynone knows how `to edit files in windows
@fluid oxide Windows doesn't do CLI editing in the same way that Linux does. Copy the files up, or use echo
If you're lucky you get a modified shell. cmder, for example, will let you use vim
fluid oxide
yeah then i used meterpreter to do that
in my first koth i was having just the nmap scan nthg else lol
i dont know wt to do next afte nmap scan
ig u got some vulns
iron hull
type == echo
fluid oxide
lol how many joined here
iron hull
copy con == cat >
fluid oxide
i dint change anything in box
warm fossil
Have mercy on us
fluid oxide
search for that vuln in metasploit
fluid oxide
yeah m17 and eternal blue are same
upper fog
ehem, Don't spoil the boxes, (I keep repeating this 🤷♂️ )
Let others try, it's more fun that way. :)
warm fossil
look for ms17
iron hull
@fluid oxide Never accused you of changing it, i said it COULD be patched, ialso said that EB is flakey, and sometimes even if you do it right, it wont work
fluid oxide
bruh i am not that good maybe i just entered the box and dont know how to patch it
i am searching for patch it actailly
warm fossil
bois iam in
fluid oxide
godddam howmany people here
i dint change any flags
or passwords
crap
juice do u know offline tv
noice!!!!!!!!!!!
ig ur thm username
peak gorge
^^
fluid oxide
juice u need to keep the THM username in king.txt
not ur dc name
u got this booi
does anyone know how to patch this vuln
peak gorge
gg
warm fossil
WOOO
fluid oxide
hmm
warm fossil
GG
fluid oxide
WP
peak gorge
was fun
warm fossil
i killed shells
peak gorge
oh ye u killed mine
fluid oxide
yeah he actaully kept the wrong name in king.txt
warm fossil
Again
fluid oxide
hmm once i playd with this guys @empty canopy he was the king only after 5mins lol
peak gorge
xd
empty canopy
@fluid oxide ohh i remember
fluid oxide
hmm yeah
empty canopy
@fluid oxide but this time im pretty busy i dont think i will be able to play neatly
fluid oxide
glhf
peak gorge
nice
fluid oxide
actaully i was also peeking that upload thing anf lfi
but cant find the file where it uploaded
fluid oxide
there are so many distractions in this box
wtf
bro juice i think ur got shell
bro i am stuck in this /bin file
lol
yes
bro same sitaution stuck in /bin
and where the hell are files being uploaded
did someone closed ssh
oh crap
lol somone is killing shells iguess
thick socket
fluid oxide
f this bin
peak gorge
xd
dreamy jetty
selling at a low price
black friday occasion
@thick socket you know whom to dm
@peak gorge change the payload
fluid oxide
wait how did u gethat shgell
peak gorge
python3 -c 'import pty; pty.spawn("/bin/bash")'
fluid oxide
ohh shit i was using python2
but it doesnt work
@empty canopy how did u get that shell from nostromo/
empty canopy
nope
charred patrol
lol why would i
dreamy jetty
joking 😄
charred patrol
i would just hook into the kernel and make the processes hidden by default 
charred patrol
i don't really have anything to say rn
charred patrol
dreamy jetty
cunning kestrel
.
vapid storm
lol
vapid storm
whats up
stark seal
@vapid storm hi
vapid storm
Hey man!
stark seal
@vapid storm it is much simpler than all that you are doing
vapid storm
Is SSH key patched?
stark seal
wordlist big.txt
@vapid storm http://10.10.39.138/_styles/?luck=id
there is also another more complicated way to get shell. The ssh shell
port 3333
@vapid storm
vapid storm
Thanks.
empty canopy
lol is that complicated
stark seal
is a hidden file in base64
@vapid storm reverse shell in python
didn't need the burp suite
good game
yeah
empty timber
spooky knowing that I'm being streamed
sacred vector
neon river
whaa-
what are you doing behind my back??
@neat night
wait wrong holmes
@upper fog
neon river
you still have lots of winnings pending, remember? 😛