pastel sierra
#koth-voice-chat
tropic bolt
molten mirage
I'm gonna join
strange umbra
with an idiot @surreal elm
molten mirage
Hey let's go to a different discord server
surreal elm
invite link?
molten mirage
Sure
strange umbra
vestal anchor
Anyone got tips on H1:meduim?
strange umbra
thats sad
strange umbra
send flag pls
vapid storm
send flag pls
@arctic wharf sorry to ping you
dawn sentinel
hmm
vestal anchor
metl just use the while command then you don't need to make a script. For example: while :; do echo metl > /root/king.txt; chattr +ai /root/king.txt; sleep 0.2; done 2> /dev/null &.
this will also run it in the background
upper fog
I cannot confirm if that flag is valid, but, please avoid posting flags in public chats.
@surreal elm ^^
vestal anchor
me neither it's a hard box
upper fog
Still, Again, don't post flags, regardless they are valid or not. Also, please ping koth-staff for stuff related to King of the Hill. Or in general, pinging mods who have online status is usually a good idea. @vapid storm
molten mirage
Still, Again, don't post flags, regardless they are valid or not. Also, please p...
Indeed
vestal anchor
vapid storm
rly ;-; treeent
vestal anchor
Its normal. Your not allowed to view other users home directories as a normal user
vestal anchor
than someone changed the permission which is not allowed btw
vapid storm
yha...
vapid storm
that's intended ig...if i remember correctly
vestal anchor
you can still get root
vapid storm
ik , i get root
vapid storm
treeent... u win Nice !
hazy crystal
@rocky jewel !!
ruby pier
than someone changed the permission which is not allowed btw
nope
ruby pier
you are in rbash and not in bash. the difference between these two is that rbash is a restricted shell
also you can get out of rbash
upper fog
hi
I am coughing more than I am talking
You guys already in a game?
I see Alex playing Hogwarts
3 minutes to gooooo
lol
vapid storm
H1:easyπ
upper fog
LOL
vapid storm
I thought it would be hard or medium
upper fog
Ok no while loops
Oh I got access, but got late for a while. Did you patch that serv3?
yeah, I wasted quite some time on it
lol
yes?
Uh lemme check
No, nothing unusual
ruby pier
yeah is my connection
vapid storm
no it was rosedrop
upper fog
oh ok
yeah
long time ago
lol using pwncat, nice idea
those bits in lsattr arent real
that's just file system breaking
-suiad won't work
uh, I am not watching your stream.
yeah, no while loops
that's the file system breaking and adding multiple attribute bits on the file
my code is hammering the file. VERY badly
vapid storm
@ruby pier ig you found his script long time ago
upper fog
which?
vapid storm
am not sure though
upper fog
Here's a free hint so you don't waste your time
I did this cp /bin/bash /var/.history/.../vim/./shell
vapid storm
I did this `cp /bin/bash /var/.history/.../vim/./shell`
i knew this
vapid storm
Holmes the output of lsattr? is that random?
upper fog
arey I told you, those bits/flags on king file mean nothing
yeah
because the code I am running is writing in king file with 300+ threads
so lsattr get's confused as hell
fsck? no
yeah xD
You are using bash to write in the file
I am using C
destroying that tty21 file was a smart move
I don't have a pts
the one that you just killed was pspy
/etc/thread
that's pspy
uh, I got root from that sudo NOPASSWD
systemctl restartServer
that's what I used to get root
then planted backdoors
that is one of the scripts
vapid storm
that is *one* of the scripts
1?
vestal anchor
upper fog
I want to, but I gotta go, will play later :)
dull maple
How the hell you don't have a pts
scenic vine
Sure
jovial lintel
@scenic vine I was telling him to do linux fundamentals
jovial lintel
Sure
send your tryhackme id
@scenic vine I didnt got tryhackme premium am I good for koth?
scenic vine
I can make a room
jovial lintel
cooooooooooooooool
First time playing koth
sure! sure!
@vapid storm private shoulbe be good think so
whats this .
?
vale belfry
vestal anchor
ruby pier
@vestal anchor don't reset the machine randomly
vestal anchor
Yeah my bad. I completely forgot this machine has all the ports very randomly So I though something was wrong.
vestal anchor
jovial lintel
https://tryhackme.com/games/koth/join/ffb3124868b0a0445c196cb9 (22min)
can I still join ?
vestal anchor
yes
jovial lintel
wait comming
violet heron
GG i had no backdoors
GG
vestal anchor
tall narwhal
@ruby pier bro i need some help in ctf can u help me
vestal anchor
ruby pier
GG @vestal anchor
ruby pier
oh ok
violet heron
vestal anchor
nooo its windows
vestal anchor
OMG windows again
upper fog
I wanna say 'why you guys hate windows so much' but same mate, same.
vapid storm
Which one you find easy?
violet heron
Offline
that windows machine you can pwn it in 5 minutes
if you are speed running ;))
vestal anchor
Yeah it was medium
violet heron
And what about for defending?
vestal anchor
alex pls change passwd back.
vestal anchor
btw how did you know it so quicly?
vestal anchor
to be honest I have no idea how to exploit this.
I see .bash_history is a SUID file but what do I do with it?
upper fog
I have no idea which machine you are doing, but if that file is SUID and you can edit it, then you can just change it to a bash script to give you shell
π€·ββοΈ
upper fog
nothing you can do afaik then
vestal anchor
upper fog
which machine is this?
vestal anchor
panda
upper fog
user?
vestal anchor
shifu
upper fog
Someone trolling you maybe. Not sure, but I don't remember seeing this in panda
π€
@neon river you online? remember something like this?
I don't ^
neon river
<@!267010557889085440> you online? remember something like this?
nope
violet heron
i removed both suid files
and i don t know why
it s showing him that
was || and ||
neon river
what is that output of?
vestal anchor
Its from linpeas
ruby pier
Did you checked it with ls -l
neon river
i removed both suid files
removed suid files or removed the suid bit from those? π
upper fog
I think someone made the whole folder suid
vestal anchor
I think so but I really have to go now thanks for the help tough
violet heron
removed suid files or removed the suid bit from those? π
suid bit
@vestal anchor
I left you a way
for root
vestal anchor
I already left because I had to go to my grandma but I will beat you next time (:
vestal anchor
I can play again in an hour
vestal anchor
How are you always that fast. My rustscan wouldn't even display the ssh port until a few seconds ago
vestal anchor
I'm giving up. I can't find any other exploits
My computer is to slow for this box. rustscan doesn't show anthing only port 22 and 9999.
eys
yes*
violet heron
rustscan -a ip
only this
and then will show u the ports open
wait i will do something π
vestal anchor
I did that but my pc is just very slow
alex what wrong?
also doing king of the hill with alex
lilac spoke
?
violet heron
no sry not you
ruby pier
@upper fog this is the moment of true
ruby pier
yep this is the only way
ruby pier
I hate this machine
violet heron
=)))
ruby pier
im running 96 tries per min
upper fog
π€ π
upper fog
i m still waiting on brute force this
you push the threads too much, you essentially kill your chance of getting connections.
your own threads makes the machine unavailable.
violet heron
i reduced the threads now
upper fog
i m still waiting on brute force this
really doesn't matter what system I have. Only 3 variables here, wordlist, threads and the victim machine.
violet heron
i m asking did you changed the pass for the user ?:)) to know if i m doing this for nothing :))
upper fog
Oh no no, I didn't change anything
violet heron
thank youu :))
upper fog
π
violet heron
upper fog
Whoever's look reverse shell that was on 1234 , if you are confused why it isn't working anymore, please DM π
upper fog
<@!580609268261191680> let's do another machine
sure
moral of the story Dont use generic reverse shells
ruby pier
https://tryhackme.com/games/koth/join/797cec7084ce329d78b4e3ad (22min)
join this koth
neon river
damn that's one hell of a conversation going in there
violet heron
vestal anchor
I went as fast as I could and still way to late.
upper fog
tbh, I was probably the last one to get in the machine.
I got in serv3 first, but the priv esc was already patched.
So I tried to get in from another way. Hence the last. But surprised to see it unpatched though.
violet heron
yes =)))
vestal anchor
Demm I can't find anyway to get in there
Same I can't find any privesc
plain valley
upper fog
Did you guys tried looking for SUID binaries?
vapid storm
i can't reach the machine for some reason
vestal anchor
Did you guys tried looking for SUID binaries?
I'm trying but it has been loading for a while now
upper fog
@vapid storm the machine is on
upper fog
I'm trying but it has been loading for a while now
try the command again
vapid storm
So I tried to get in from another way. Hence the last. But surprised to see it u...
The game is still up?
vapid storm
Spectators link?
vapid storm
Oh okay
vapid storm
https://tryhackme.com/games/koth/24457
Thanks
brittle stirrupBOT
Gave +1 Rep to @upper fog
brittle stirrupBOT
8Ball <What-to-ask:Text>
Invalid arguments provided: Not enough arguments passed
upper fog
-8ball is robocop dumb bot?
brittle stirrupBOT
No
upper fog
-8ball are you a dumb bot?
brittle stirrupBOT
No
upper fog
-8ball you sure?
brittle stirrupBOT
Yes
upper fog
yeah
upper fog
Yeah
vapid storm
You really submit flags?
upper fog
I have root shell, so I don't know if the footholds are still active
upper fog
You really submit flags?
I can π€·ββοΈ If needed be,. but usually king points are enough.
that's one hell of a location to hide stuff
upper fog
What was it tho? you were using -p with it, was it a bash copy?
upper fog
yeah
vestal anchor
vestal anchor
I hate hogwarts. My scans are always to slow.
vestal anchor
vestal anchor
GG alex
violet heron
gg
spiral meadow
@plain valley whats up
dense solstice
plain valley
@spiral meadow got root
plain valley
Can't join vc rn my class is going on
spiral meadow
trying to break
spiral meadow
its a public key
violet heron
@pastel sierra hola
molten mirage
Any active games?
vestal anchor
neon river
@inland rivet go to the webpage
violet heron
thick socket
violet heron
vapid storm
@thick socket why not check first index.php
With that
Base64 convert?
You're in that directory
Check Laravel structure on chrome
Coz he already has the password in his notes
Yes I've
vapid storm
Check Laravel structure on chrome
I gave you something to read
You're on a right path
vapid storm
Btw there are around 4 ways to get in and Priv esc
As the name suggests H1:hard
I'll go off to bed... exams starting from tomorrow
north iris
Oof annoying exams
violet heron
please stop killing the shels
what is the machine ?
violet heron
yea if it s still killing shells you can t do anything only if you are doing so fast
spiral meadow
yeah i get the root he kills the shell
violet heron
you need like this if he didn't patched anything
tty
pkill bash
ps aux | grep tty
violet heron
that s how you can kill his shell too
i mean this is a fast method
but yea it s not nice to kill shells
spiral meadow
like rq i get root in 10
he kills me in less than 10
sec
rare cases i get root
spiral meadow
but yea it s not nice to kill shells
yeah
formal void
how does one change the permission to king.txt that root can't even edit it?
π
I was shut out!
formal void
yeah im watching your stream now π
inland rivet
yeah im watching your stream now π
ait the pressure is on
neon river
how does one change the permission to king.txt that root can't even edit it?
man chattr
formal void
Naughty im your biggest fan π΅π°
neon river
neon river
Naughty im your biggest fan π΅π°
You are from pakistan, right?
neon river
Lemme invite you to a server that you will love
vapid storm
@everyone sto resetting the machine please!
north iris
jeeeez
upper fog
that's, uh, an interesting name.
north iris
the wall thing with the chattr is interesting though XD
upper fog
interesting and dangerous
timid hare
anyone still doing koth?
vapid storm
@inland rivet I guess that tab won't work
inland rivet
thanks! @vapid storm
timid hare
reset machine?
vapid storm
reset machine?
You created a symbolic-link? Didn't you?
Or it was done by someone else?
timid hare
by accident xd
inland rivet
bro, what happened with the machine?
vapid storm
You created a symbolic-link? Didn't you?
@inland rivet
timid hare
um reset the machine??
vapid storm
This happened
inland rivet
um reset the machine??
we need 1 more person
@timid hare you dont have access to /root?
nvm you have
timid hare
lmao plz reset the machine guys D:
inland rivet
this machine is a mess
inland rivet
@timid hare why is the king not changing xD?
timid hare
yo 1trick are u good at blue teaming?
inland rivet
i wanna play public since it gives you a win
inland rivet
but, if the backdoor is something advance i wont probably find it like i said im only medium good
vestal anchor
stuck dagger
π
stuck dagger
@upper fog haha you made an script or so?
upper fog
<@!580609268261191680> haha you made an script or so?
kinda
formal void
@neon river please do a live stream! would love to watch
neon river
<@!267010557889085440> please do a live stream! would love to watch
Already streaming but in a super secret discord
formal void
Can I please get the invite?
neon river
That server don't exist
formal void
lmao
formal void
@neon river Thanks for blocking everything....
brittle stirrupBOT
Gave +1 Rep to @neon river
neon river
<@!267010557889085440> Thanks for blocking everything....
huh?
you want to access root directory as gloria?
what that have to do anything with me?
Take a look at your screenshot?
and stop deleting your messages π€¦ββοΈ
raw grove
shut wraith
tropic bolt
vapid storm
@nimble relic
stable oar
-warn @dapper jewel Let's get off politics
brittle stirrupBOT
β Warned DrLiMengYan1#7369
vital elk
hey everyone
what can i do if someone spammed the wall and kept sending broadcasts??
neon river
hey everyone
what can i do if someone spammed the wall and kept sending broadca...
shell with no tty won't get those wall messages, you can also disable wall messages by using mesg n
vital elk
if a root is spamming the wall mesg n is useless at this point
vestal anchor
shell with no tty won't get those wall messages, you can also disable wall messa...
I have been looking in to this but couldn't find any way to get/spawn a non tty shell.
upper fog
Keep it to english please
ionic lantern
Keep it to english please
These are insults.
upper fog
Yeah I just google translated.
rocky jewel
Hey guys can anyone help me out on how can I change apache2 servers 401 page ?
rocky jewel
twilit owl
what is koth?
ruby pier
king of the hill
vestal anchor
yes, Its going to be interesting.
vapid storm
yay
vestal anchor
I gues I won
dull stump
yah
vestal anchor
dull stump
lmao
vestal anchor
but there is like 1 maybe 2 ways to get into space-jam I think, so I get it.
vestal anchor
yes but space-jam is the oldest box I think and I never found more than 2 ways in.
dull stump
ohhh
twilit owl
https://tryhackme.com/games/koth/join/1b786175f1e610eb3deee7ec (24min)
Is this a game?
vestal anchor
yes its called king of the hill https://tryhackme.com/games/koth
cobalt radish
random bridge
sharp kettle
any hint
tropic bolt
Who's on koth rn?
ashen rune
idk
vapid storm
@inland rivet can you send me your killallssh script?
yeah i saw that
LMAO
LOL
BRUHHHH
yeah it is π€£
lol exactly
@amber geyser hi
vapid storm
the php code looks something like this:
if(isset($_GET['cmd'])) {
$cmd = $_GET['cmd'];
system($cmd);
}
@rough moon
icy violet
vapid storm
neon river
@vapid storm you guys playing koth? π
vapid storm
no
neon river
!docs koth
proud frigateBOT
TryHackMe
pine vessel
this would be enough.
thanks
brittle stirrupBOT
Gave +1 Rep to @neon river
split fulcrum
vital elk
Ya got u
vapid storm
vapid storm
hi @pine vessel
zup! @pine vessel
sry bro i cant, im signing off now π¦ ima go to sleep
pine vessel
good night
ripe kite
vapid storm
split seal
hey i cant talk in vc, its locked. how do i solve this?
ruby pier
!docs verify
proud frigateBOT
TryHackMe
tight ibex
raven flare
Anyone wants to play ?
deep zephyr
@raven flareplay what
gray ibex
vapid storm
<@!386690794330914826> hi
mao
honest narwhal
hey, how do I join to voice chat?
proud frigateBOT
TryHackMe
chilly notch
Follow these instructions and you'll be verified
honest narwhal
@chilly notch thanks!
brittle stirrupBOT
Gave +1 Rep to @chilly notch
proud frigateBOT
TryHackMe
vapid storm
helo
gusty wyvern
hi
sullen rapids
Hi
jagged axle
hi
ruby pier
hi
fickle ravine
@formal void i can't see your stream. It's still loading.
fickle ravine
@formal voidyou can use ctrl + cursor to jump your cursor either right or left on text. It's a fast way
formal void
/usr/share/seclists/Discovery/
go from here
/usr/share/seclists/Usernames/top-usernames-shortlist.txt
ancient ruin
tame yoke
GG to whoever I just played.
fervent sigil
helo guys i am beginer at hacking can anyone teach me
vagrant thicket
helo guys i am beginer at hacking can anyone teach me
Follow the learning path
native coyote
fervent sigil
@vagrant thicket can you teach me how to hack a win pc using kali
uncut grove
King of the Hill join fasthttps://tryhackme.com/games/koth/join/763d218da6e6b4490c9a4cf0
pulsar jungle
joined late lol
pine vessel
@uncut grove whatsup
uncut grove
No worries i solved it!
knotty atlas
half basalt
Hi
sand cedar
when khoth new room will be start
sand cedar
https://tryhackme.com/games/koth/join/3493cf2ceff0dd041434682b
when this koth will complete then play with me once again
prime sedge
frank nebula
Who's in for friendship and lot of conversations concerning about hacking
half basalt
<a:kongdance:662783165655416843>
Yes
half basalt
Who's in for friendship and lot of conversations concerning about hacking
Me,Me,Me ππππππ
half basalt
Hello
vapid storm
is the machine broken ?
i found rce on port 3000
but it gives error
i did machine_ip:3000?cmd=whoami
uncut grove
is the machine broken ?
i think you missed /
pine vessel
π
uncut grove
is the machine broken ?
ip:3000/?cmd=whoami
pine vessel
hey
uncut grove
your streaming bro awsome
pine vessel
no iam not streaming
vapid storm
ip:3000/?cmd=whoami
I did exactly that
And yeah, I talked to the other guy, he probably did the machine before too so he pwned and patched in less than a minute
trim steeple
hi
half basalt
Can I join in
dull stump
broke the tmux session oops
dull stump
https://tryhackme.com/games/koth/join/ebc2f2bf9de97a34b10ecb32
Iβd rather not with the unsolicited friend request
dull stump
You can use lsattr <file> to see what chattr bits are on the file
In the mid to end of the game, I set up a one liner bash script to keep putting my name in the file
vapid storm
ahh ya dirty boi
dull stump
I would have patched more stuff but then I accidentally broke my tmux session and forgot the whole point of tmux is being able to run multiple sessions
Or windows, or whatever theyβre called
I donβt like using tmux
vapid storm
me neither
agile sapphire
unreal
fleet coyote
wispy obsidian
vapid storm
me also want to play
vapid storm
some
languid kite
hi @pine vessel
pine vessel
hi
pine vessel
<@778545756708798474> vaffanculo
hahaaa
vapid storm
@pine vessel join voice
half basalt
Sweet mother of God
dull stump
young summit
fervent osprey
undone gorge
What game? @spiral karma
spiral karma
What game? <@106094485129162752>
Apex legends π
undone gorge
Apex legends π
Woah smooth. I like your game play π
Hello @simple cobalt
Nice to hear you talk π
spiral karma
Woah smooth. I like your game play π
:DDD
nocturne flower
yea i did
vapid storm
hey
drowsy coral
yohoo
drowsy coral
test123
sage spade
int main() { printf("Hello Everyone!"); return 0; }
violet heron
int main()
{
cout << "halo" << endl;
return 0;
}
crisp cloud
primal ember
Anyone for a match ?
weak sky
Anyone for a match ?
Sure!
weak sky
https://tryhackme.com/games/koth/join/e9f2ac0217739d6dde49258a
Same here, it's my first one too
I haven't made any progress, is there a VPN we're supposed to connect to?
I've been running recon on the IP provided, and haven't been getting anything back
neon river
Same here, it's my first one too
!docs koth
proud frigateBOT
TryHackMe
neon river
Give these a read. also the blog post linked int it. ^
weak sky
Thanks!
dull stump
@spiral wolf No unsolicited DMs please
spiral wolf
ok, I am sorry. I wanted to ask that could you start one more linux machine
dull stump
Np, it's getting a little late where I'm at, so not right now probably
spiral wolf
Ok
Could you please tell how you solved that like give a blueprint. I tried a lot but unable to get even 1 flag
dull stump
Hogwarts is a funky box. I got in via ftp, where there's a password protected zip folder with neville's creds
Crack the password using john and zip2john, and then use linpeas to search for privesc
There's a whole lot of things in the box, and I'm sure other people don't want to be spoiled, but that was the route I took
spiral wolf
It's not getting connected to ftp. How ever It connected via one port i didn;'t even remember the number, but it asked me name
dull stump
Use anonymous login
spiral wolf
I tried that but no use
dull stump
The port was also above 1000
spiral wolf
yes i guess something 1068 or something I am not sure
dull stump
ftp <IP> <PORT>
Username: Anonymous
Password: <LEAVE EMPTY>
dull stump
it happens
spiral wolf
π
When you are free, please send me the invite link
but please select only linux, no windows
I am not a subscriber, so I can't select machine. It gives random
dull stump
When you are free, please send me the invite link
I usually post links to koth games I set up in the server anyway.
spiral wolf
ok
spiral wolf
Anyone ready to play KOTH?
elder solar
rose sphinx
is there someone available for koth?
I'm down
wicked yoke
Sorry @rose sphinx for the flags kkkk
wicked yoke
GL @vapid storm
jovial lintel
anyone koth???
rare walrus
Sorry guys, cant really join right now! thx for the invite
wicked yoke
Good lock
wicked yoke
Machine lock...
limber valve
whos down fo a koth?
rapid rock
Me
ruby kernel
Who's beingd3v ?
inland verge
Hey there!
Can someone help me with ||secrets.txt.enc|| file for KoTH Machine - Hogwarts?
waxen ginkgo
someone killed the server
twin hare
is there someone want to play koth?
hello
I would like to join one, but its my first game
bronze grove
drowsy coral
hi
twin hare
I will play in 1 hour from now
drowsy coral
Hi
i think we should make approintment to meet each other, since timezone is littlebit problem for us
fading river
yes
fading river
I will play in 1 hour from now
now ?
deep ermine
@fading river there's something on port 3333
fading river
nvm
is yoour phhp sseid smae
same as mine ?
Cookie: PHPSESSID=7t16859pha7ce6sfplpgtrt0je
what kind of encryption could it be ?
@deep ermine
nc port ?
on prot 3333
right ?
deep ermine
nah
fading river
deep ermine
i have no idea currently
fading river
a folder
deep ermine
but trying to figure it out
fading river
maybe try hydra for bruteforcing roll ?
deep ermine
maybe
fading river
did you figured out ?
deep ermine
nah
deep ermine
did you figured out ?
u ?
deep ermine
ok
fading river
i said its a netcat running
what is it ?
after decoding it , there is something for sure
can base64 be converted to image or something
woooo
@deep ermine
loooook
base64 to file
password needed
can you bruteforce it ??
deep ermine
can you bruteforce it ??
will try
fading river
deep ermine
btw nfs look at that too
fading river
btw nfs look at that too
i have no idea what it is
fading river
noice
deep ermine
there;s file for ssh
deep ermine
know to use gdb ??
nah
deep ermine
np
deep ermine
mine first
fading river
yes
deep ermine
i got hermes ssh key
fading river
nice
deep ermine
lmao
deep ermine
π
fading river
2049 isnt hermes ssh
deep ermine
then
fading river
idk
fading river
2049 ther's hermes ssh key
its not working
deep ermine
same
fading river
deep ermine
good
fading river
where is website hosted
deep ermine
game finished
but how am i winner
???????/
u got flag first
@fading river
u r winner
fading river
i am always free
deep ermine
π
fading river
next match tomorrow ? <@!469881266628591636>
also ready for today
i am completeing this one now
deep ermine
ok
fading river
want ot complete ?