#koth-voice-chat
fading river
now
deep ermine
ok
fading river
which state >
deep ermine
can i dm you ?
sure
errant fjord
wht cant join voice
inland rivet
wht cant join voice
!docs verify
proud frigateBOT
TryHackMe
errant fjord
ty mane
vapid storm
nice
jovial lintel
KOTH anyone??
twin hare
KOTH anyone??
I can go for a koth
vague shore
we doing koth?
twin hare
we doing koth?
ill do koth
vague shore
ill do koth
Which machine?
vague shore
never did a koth so I wanna try it
vague shore
<@!715212690884395079>
Don't have mic
twin hare
@vague shore I am so sorry, my electricity went off and my laptop doesnt have much charge in it
I might not be able to connect
twin hare
@vague shore I can play now
jovial lintel
koth anyone??
jovial lintel
<@!715212690884395079> I can play now
play now?
twin hare
are u able to hear me or not ?
jovial lintel
are u able to hear me or not ?
no
twin hare
jovial lintel
add -Pn
jovial lintel
nmap -sCV -T4 $ip
jovial lintel
nmap -sCV -T4 $ip
@twin hare
twin hare
gcc ./donut.c -o k
twilit owl
There was someone around this server that once had issues with installing Qtile.
I finally found a way out, if you're seeing this.
zenith lodge
@rotund thicket is it good to have in here
steady remnant
How does one get perms to join the Koth vc?
zenith lodge
How does one get perms to join the Koth vc?
U have to verify with the tryhackme bot
uneven pike
i keep getting I'm sorry but I couldn't find the specified token!
even though i am sure im copying it correctly
zenith lodge
Ah. I forgot to say that bot is broken or not working rn it's a known issue π
uneven pike
lol nice, how do i get the subscriber role and verified other way
zenith lodge
I belive bot is only the way to get em
uneven pike
π time to wait for them to fix it i guess
inland rivet
How does one get perms to join the Koth vc?
!docs verify
proud frigateBOT
TryHackMe
neon river
Most likely the chattr binary. You can read more about some tricks in the blog post linked here:
!docs koth
proud frigateBOT
TryHackMe
neon river
@eager umbra ^
Oh sorry wrong ping
wet depot
well yes but I did actually nuke the binary, really I moved it elsewhere
eager umbra
You used it. I used it then removed it :)
wet depot
I ended up just downlaoding it from my machine then π
neon river
use lsattr king.txt you can see the flags set on the file.
wet depot
toward the end I used cron for the last bit of points
eager umbra
Yeah everyone started compiling it and using it
You were triggering everyone by moving stuff and killing shells lmao
wet depot
1 person moved /bin/ls
I did π
I'd join vc but the bot isn't fixed yet so I can't π
@eager umbra when you say "compile" you mean chmod +x right?
eager umbra
i mean compiling from source
wet depot
....not downloading it from their own machine?
eager umbra
Get chattr.c (chattr source code) > Compile it with gcc on attacker machine for target > Upload to target > Profit
wet depot
hmm how is that different from what I did? I took chatter from my machine and put it on the target then chmod +x and done
eager umbra
if it works, it works
viscid turtle
what theme is that
balmy rivet
https://tryhackme.com/games/koth/join/779061e13ab15ccbb81d656e
7 min virulent vices, board the train whilst you still have time π©
arctic wharf
@crimson ingot it doesn't work
crimson ingot
Probably best right-click banning those ones
patent bolt
https://tryhackme.com/games/koth/28873
let's join
patent bolt
https://tryhackme.com/games/koth/join/aa2bc542583eede7df99e0eb
I'm in
can't join voice chat though
distant spoke
Alg
balmy rivet
Your loss
balmy rivet
It'll be cause you're not verified, Use the verify bot first
drifting herald
Where is the king of hill voice chat ?
vapid storm
nice koth guys ahah
dusky spade
hi
sinful vessel
hello
deft mica
Hi, I have joined one private KOTH and i can't even ping
Time left is 35 mins
and decreasing
jovial lintel
anyone wannna play koth please??
jovial lintel
Time left is 35 mins
connect to openvpn haha
inland verge
connect to openvpn haha
Couldn't it be a Windows machine?π€
lucid turtle
OpenVPN is cross-platform
slender flint
hey ! do someone have a little hint for the H1:Hard machine ? it's been the third time i'm playing on it but i found nothing
crimson ingot
OpenVPN is cross-platform
That's... not what they were suggesting...
Windows firewall blocks ICMP Echo by default -- they were suggesting that the target might be Windows
lucid turtle
Thats what I thought but it didnt make sense in context to me
So I responded as is
Who knows what Sebin is going through... unless you do
If it is known Sebin knows that level detail, then I get it... however, I don't know Sebin, and it is quite a broad inference to assume he knows that without knowing him... he could just have connection issues with the VPN for all I know, and perhaps others were trying to help him with that who only knew Linux. I also don't know infloop.
inland verge
If it is known Sebin knows that level detail, then I get it... however, I don't ...
No issues, I should have been more verbose π
tough parrot
shut crag
Can anyone help in php to gif payload creation
I tried everything, conversion etc , nothing works
silk wave
shouldnΒ΄t the ip be $ip = '10.10.2.15'?
vapid storm
Can anyone help in php to gif payload creation
what do you need?
it's pretty easy this payload
you just need to put it in a web server file upload and execute it
shut crag
Yeah, pretty easy, was having some troubles in conversion from php to gif
It only allows jpg /gif uploads
dull stump
It only allows jpg /gif uploads
It depends on how the web server validates your upload. Thereβs a whole room on doing this on THM.
inland verge
It only allows jpg /gif uploads
There can be mainly two forms of verifications.
- Client side
- Server side
You can obviously control Client-side verifications.
And try to trick or exploit any Server-side verifications by using any information that is already available.
If you wanted to disguise a PHP file as a GIF or JPEG for a very simple file type check.
Then copy first 16-32 bytes (magic bytes) from a valid file of the required type and put them at the top of your target file.
Or you can manually do so by searching for various magic bytes online.
There can be multiple possible ways, like modifying image metadata and adding some PHP code into it.
Adding some stuff to the file name, f.e. if the server is checking the second element in the filename after spliting it using ., then you may want to add some. in the filename.
There is <input accept="..."...>, you can change that or modify it using Burpsuite for example.
lime epoch
teal pecan
anyone koth ?
vapid storm
I'm here
vapid storm
nice
inland verge
Whow added to voice chat
You need to verify yourself first, here you go
!docs verify
serene sequoia
how?
inland verge
!docs verify
proud frigateBOT
TryHackMe
serene sequoia
sanks
inland verge
DerSchleimi, how are you getting flags if the machine is not responding? π
Oh! You were patching all the services after stopping them all at once.
At least, echo YOUR_USERNAME > /root/king.txt π
neon river
Oh! You were patching all the services after stopping them all at once.
If that happens again ping me.
inland verge
If that happens again ping me.
WDYM?
One of my opponent in my last KoTH game stopped all of the services to fix them (I think, because the web server was restarted after 5-10 minutes).
But no other service. At the time we had 2/3 reset requests and then he perhaps made the reset request and everything was resolvedπ
Is there anything wrong?
I did follow the rulesπ
neon river
WDYM?
One of my opponent in my last `KoTH` game stopped all of the services to f...
I meant stopping services is against the rules. That's not how you patch stuff. If you see someone breaking rules feel free to ping me i will look into it π
inland verge
Ok, I will report it from next timeπ
Well, we can surely systemctl restart SERVICE once we have patched it properly. Right?
Or service SERVICE restartπ
This one is confusing
Also, there is one /home/USERNAME/main (golang binary)
I did kill it's process as I couldn't recompile the main.go file after fixing the issue ||shell service||
Sorry, if that is against the rulesπ
neon river
Well, we can surely `systemctl restart SERVICE` once we have patched it properly...
Yeah
hushed sparrow
slim halo
green arch
clear topaz
dusky lynx
rotund violet
gleaming vine
.
neon river
@bleak condor where are you from? π if i may ask..
bleak condor
Danmark
neon river
aah okay.
neon river
y'all can join this koth match if anyone wants to play ^
@granite scarab @slender bobcat
@clear topaz ^
join this
neon river
@clear topaz can we vote reset? someone broke the machine
clear topaz
Sorry, I didn't see this till now.
remote leaf
what happened? https://tryhackme.com/games/koth/30999
south moon
spring anvil
did anyone get anything fro 10.10.121.243
vapid storm
anyone want's to play a koth?
arctic wharf
-warn @pulsar jungle I'm sure you're frustrated but that's not appropriate in the slightest. Be nice.
brittle stirrupBOT
β Warned slashr#4327
balmy elk
Why when im brute force'ing Hackers KOTH it takes sooooo much time? I see some people getting already root access when I can't even get my credentials right
neon river
Why when im brute force'ing `Hackers` KOTH it takes sooooo much time? I see some...
You can try increasing threads?
balmy elk
You can try increasing threads?
Tried and its alright with 40 but if I try like 64 it gives me error that there is too many connections from my IP address. When I looked up writeup for Hackers I see that other easily can work with 64 threads
shrewd cedar
shut wraith
upper fog
remmina client in linux
@ember torrent
xfreerdp
@ember torrent
xfreerdp /u:username /p:password /v:IP
royal thistle
@ember torrent rdesktop
ember torrent
limpid haven
olive oriole
https://tryhackme.com/games/koth/32119
Why mr.0x is winner without submitting flags..?
inland verge
Perhaps because they got King points
olive oriole
Perhaps because they got **King** points
I didn't get it
inland verge
There are two types of points
- By submitting Flags
- By becoming King for at least a minute
!docs koth
proud frigateBOT
TryHackMe
olive oriole
There are two types of **points**
1. By submitting **Flags**
2. By becoming **Ki...
How he will be king without getting shell access
Just asking I am new to KOH
inland verge
How he will be king without getting shell access
Just asking I am new to KOH
How can you be sure they didn't get a shell?
You need to have a shell with root to become King
olive oriole
If he have root shell he will submit flags right..?
inland verge
If he have root shell he will submit flags right..?
It is upto them to find and submit flagsπ
limpid haven
hey
north iris
hellooo
neon river
autumn pike
i found a veeeery long flag in one of the king of the hill challenges
autumn pike
i found a veeeery long flag in one of the king of the hill challenges
when i submitted it it said incorrect though it was the one
neon river
i found a veeeery long flag in one of the king of the hill challenges
It could be encrypted or make sure if it's 32 character flag and you are copy pasting it correctly.
neon river
Doesn't seem to be a flag. Which machine though?
vapid storm
Carnage(Linux)
Lion (Linux)
Panda(Linux)
Shrek(Linux)
Tyler(Linux)
vapid storm
@hybrid harness
hybrid harness
vapid storm
smbclient: Can't load /etc/samba/smb.conf - run testparm to debug it
sudo smbclient -L \\10.10.135.39\public
limpid haven
sudo smbclient -L \\\\10.10.135.39\\public
vapid storm
smbclient \\10.10.135.39\public -u anonymous
limpid haven
smbget -U anonymous smb://10.10.135.39//public//flag.txt
vapid storm
narrator
tired wyvern
e a
vale seal
cmon Zeshan1234.. no scripts to stay in king.txt please
inland verge
cmon Zeshan1234.. no scripts to stay in king.txt please
It might be a spin loop
while [ 1 ]; do
# chattr -
echo ... > king.txt
# chattr +
done
... (as far as i know that wasn't allowed no? or is it)
inland verge
... (as far as i know that wasn't allowed no? or is it)
You are allowed to modify the chattr binary. Replace it with the one that writes your username to king.txt
You can find one on GitHubπ€
vale seal
So a script that automatically updates king.txt does not conflict with rule 7?
inland verge
... (as far as i know that wasn't allowed no? or is it)
IIRC, there isn't any rule to prevent use of a while loop to update king.txtπ
inland verge
So a script that automatically updates `king.txt` does not conflict with rule 7?
That is a different rule.
Updating king.txt isn't considered as autopwn or machine hardening
rocky sapphire
regarding king of The Hill. Machine: Hackers . Did someone try scanning the staff images?
maybe there could be potential hidden data embeded.
@zenith trench How did you obtain access through the backdoor? I am currently trying to brute-force my way in. However, no success yet
vapid storm
anyone want to play?
me of course
inner holly
Im not telling you xD
vapid storm
it's 8000
vapid storm
yes
vapid storm
but i'm trying to patch this at 100%
inner holly
Is my first Koth
inner holly
but i'm trying to patch this at 100%
I see
Jeez, I was too slow
Bro
do you want a premium voucher?
@vapid storm
inner holly
vapid storm
oh ty so much
vapid storm
how could i activate it?
inner holly
I cant see the code, but I sent
inner holly
how could i activate it?
go to you profile, and the subscribe section in the right side
vapid storm
ok
inner holly
there you put the code
inner holly
enjoy
inner holly
what could i do for you?
nothing, is just a gift for beating me XD
inner holly
Dont worry, I like to learn by myself
vapid storm
no problem, if you need a teamate or learn more about koth call me
inner holly
sure
rigid ember
Is that the channel
vapid storm
Can someone please tell me how to join a vc
violet meteor
proud frigateBOT
TryHackMe
inner holly
@vapid storm We meet again xd
vapid storm
yes x)
vapid storm
good luck π
inner holly
Same for you ^^
inner holly
stop shuting my session down xD
vapid storm
x)
cinder harbor
inner holly
@untold trellis good luck
cinder harbor
<@!616215656710275072> good luck
what are you guyz talking about ?
inner holly
what are you guyz talking about ?
Koth games bro
cinder harbor
ooh
stiff dagger
vapid storm
hi guys
plain ledge
Hi
vapid storm
hey
grim lichen
Phishing alert(1) everyone
zenith trench
Hi
inner holly
Phishing alert(1) everyone
ironic
vapid storm
yes π
delicate zenith
junior yoke
π
All routes into the box are still wide open.
Having said that, might have removed shrek SSH keys. Let me see, if I could put those back...
Sorry, can't restore the original SSH keys for shrek, but as a teaser the SSH password is: pleaseletmein!. Good luck!
Thanks for sharing the link to the private game, apologies if I messed it up. Have a good weekend! (Mine starts now) π
undone heron
Take it easy on me didakos & pythonista!
inner holly
Heyyy
inner holly
Take it easy on me didakos & pythonista!
Actually read too late
fiery socket
split bloom
some for king pf the hell
vapid storm
i can't connect
in ssh
what's wrong ?
ssh shifu@10.10.241.168
kex_exchange_identification: read: Connection reset by peer
Connection reset by 10.10.241.168 port 22
idk if it's me who did something wrong
well i vote to reset i hope the other will do thesame
ember breach
Anyone doing KOTH?
vapid storm
asdasdasdasd
?
vapid storm
oh ok
vapid storm
nice game @vapid storm!
π
ty π
was great
do you speak french by the way?
yes
nice me too
maybe we could do some stuff together when you want
sure π
first time on discord... why can't I write in the channel koth ?
can we PM on here ?
because you don't link you're account
do !verify to @proud frigate
@proud frigate
im MP
pm
got it...
π
let's talk on here another time, got to disconnect
are you here often ?
bye
A+
oui je suis plutot actif
j'essaye de faire un koth par jour
nice π je me reconnecte ptet ce soir
pour guarder ma place de top 2 ^^
vapid storm
nice π je me reconnecte ptet ce soir
ok
tien moi au jus
wow. joli!
moi je suis 1er (mais seulement du classement suisse π )
c'est pas mal, moi je suis meme pas le premier fr
1er execo seulement
une victoire alors π
exact
π
arctic wharf
@vapid storm @vapid storm English only here.
vapid storm
sry
vapid storm
how do i join??
jovial moon
how do i join??
what ?
inland verge
!docs verify
proud frigateBOT
TryHackMe
vapid storm
I don't defend this game π
vapid storm
I fucked up the machine sorry, could you vote to reset please @ocean olive @vapid stormrato @adining
etc...
I fucked up the machine sorry, could you vote to reset please @ocean olive @vapid stormrato @adining
etc...
mossy pine
@junior yoke GO AWAY!! IM SICK OF LOSING TO YOU Dx
junior yoke
@mossy pine Wow, such emotion! Do you want to compare notes on this one? Seems like it is just the two of us in this game. Ping me in DM if you want to discuss strategy.
mossy pine
lol
mossy pine
<@!798660047525511258> Wow, such emotion! Do you want to compare notes on this o...
Im just now learning about chattr. Is that what you used to lock me outta king.txt? lol
you got messages turned off
junior yoke
Hi sorry about that. Tried to ping you as well and got the same message. I will add you as a friend.
Yup, chattr can be used to change attributes, and it is not always on the box. So, clever to keep a precompiled binary at the ready, so you can BYO.
junior yoke
Im just now learning about chattr. Is that what you used to lock me outta king....
Looks like you are not accepting new friend requests?
mossy pine
Hi sorry about that. Tried to ping you as well and got the same message. I will ...
Fixt!
junior yoke
@mossy pine Thanks for the discussion in PM. KotH boxes are an awesome way to practise exploitation of a vulnerable box, establish persistence to ensure you can gain a stable shell and reconnect, and then search for and patch vulnerabilities (defend). I learn something new every time I play. Keep in touch and DM if you ever wish to discuss strategy π
brittle stirrupBOT
Gave +1 Rep to @mossy pine
mossy pine
@junior yoke 100%, and thank you! Anyone trying to really learn this shit, follow this man. Many wonderful tips, and all round good dude!
brittle stirrupBOT
Gave +1 Rep to @junior yoke
mossy pine
@gritty lance Go ez
gritty lance
Hey
gritty lance
are u ready?
mossy pine
Just learned about Chattr. Thought Id be sneaky sneaky, and I get a pro π¦
NOT AT ALL! But GL! lol
gritty lance
relax π
gritty lance
π
mossy pine
Oh man lmfao
After this match, would you mind pointing me where I can learn this nyan cat thing xD
nvm!
ps
gritty lance
π
gritty lance
After this match, would you mind pointing me where I can learn this nyan cat thi...
Pm me
brittle stirrupBOT
Gave +1 Rep to @gritty lance
high fiber
thorny mesa
proud frigateBOT
TryHackMe
scenic vine
i am not sure where i can read the rules there
it seems only to be introduction and stuff
scenic vine
thx
neon river
If you scroll down a bit in FAQ section you can see the rules.
neon river
how tf did u get access in like half a second
took me 5 minutes but okay?
vapid storm
bruh
grizzled hinge
Hi
split bloom
.
pastel sierra
how tf did u get access in like half a second
he got really good notes on all the machines
pastel sierra
how tf did u get access in like half a second
he copy's and paste's commands from his notes
neon river
he copy's and paste's commands from his notes
β
pastel sierra
<:blobhuh:658062568191033373> β
So youβre saying you donβt?
neon river
i make notes? yes.
I copy paste? no.
pastel sierra
i make notes? yes.
I copy paste? no.
Lol thatβs a lie
neon river
don't see a reason to prove it to you π
pastel sierra
I mean Iβve watched you play and do it but whatever dude suit yourself.
neon river
I mean Iβve watched you play and do it but whatever dude suit yourself.
you believe whatever you want. but accusing someone of something without proof isn't a good thing.
pastel sierra
Lol Iβm not the one acting defensive about anything, I was just simply telling him how you where able to do the machines so fast.
neon river
he copy's and paste's commands from his notes
^
neon river
π€¦ββοΈ
pastel sierra
Itβs ok dude do whatever you want.
I donβt understand why youβre denying it but whatever.
neon river
Itβs ok dude do whatever you want.
do whatever you like. but don't blame me for something without any proof.
neon river
Lol itβs ok bro.
not your bro. and please think before you talk about someone.
pastel sierra
Don't be an ass. Respect people's preferences.
Yes sir!
junior yoke
Good evening. I am currently playing the Panda box on 10.10.119.120, it appears that none of the system binaries can be found, with the exception of the shell-builtin command. PATH variable appears fine, and printf '%s\n' * in / shows that e.g. /bin still exists. Any ideas?
vapid storm
Yeah good notes help a lot.
I think I will start taking notes too in that case
pastel sierra
Good evening. I am currently playing the Panda box on 10.10.119.120, it appears ...
reset the box, someone might be playing dirty.
pastel sierra
I think I will start taking notes too in that case
When you do, save them! And next time you play the box youβll have the edge. π€π½
junior yoke
reset the box, someone might be playing dirty.
Nah, not a big fan of resets. I would rather find away around the issue, which I did. But still like to understand the issue better - and learn stuff.
pastel sierra
Nah, not a big fan of resets. I would rather find away around the issue, which I...
Suit yourself. You havenβt played with someone thatβs erased the ssh keys yet I guess
pastel sierra
Nah, not a big fan of resets. I would rather find away around the issue, which I...
They also rm -rf root sometimes.
π
junior yoke
Suit yourself. You havenβt played with someone thatβs erased the ssh keys yet I...
I have played a fair amount of games π and removing or overwriting ssh keys is (in my opinion) a valid strat, but removing flags or system binaries isn't quite. There's usually 3-4 ways into the machine, so if the ssh keys are gone, find a new one, at least, that's my philosophy.
pastel sierra
I have played a fair amount of games π and removing or overwriting ssh keys is...
Depends on what machine youβre playing π₯Έ
junior yoke
Depends on what machine youβre playing π₯Έ
Can't think of a box where the only route in is using ssh keys? You?
pastel sierra
Can't think of a box where the only route in is using ssh keys? You?
You know another way inside production? If you do let me know 
junior yoke
I am familiar with rule 1, but removing ssh keys doesn't make the box unavailable. It is still running perfectly fine.
pastel sierra
I am familiar with rule 1, but removing ssh keys doesn't make the box unavailabl...
Cool π
junior yoke
You know another way inside production? If you do let me know <:tipsfedora:66273...
check ports 9001 and 9002
pastel sierra
check ports `9001` and `9002`
I will thank you π
brittle stirrupBOT
Gave +1 Rep to @junior yoke
weak iris
Im new to king of the hill games
But I see many players become king from the start
How does this happen?
soft pebble
vestal gazelle
anyone have good suggestions for username and passwords lists for the koth games?
dull stump
Since most boxes are themed, some basic googling will get you places if you really want a user list. As for passwords, rockyou should have you covered if a login is meant to be bruteforced or cracked
granite scarab
echo gate
@pastel sierra you there?
pastel sierra
<@!722308219850194985> you there?
Wassssaaaappp
pastel sierra
Watch
pastel sierra
Itβs all open
pale radish
trim holly
why im not allowed to join any voice channel?
rustic shard
Did you verified?
slim python
Are you guys playing?
toxic pivot
Someone is playing?
solar remnant
hlooo anyone like to play
slender bobcat
@rustic shardDid you stop the PHP service on Port 3000?
grand crescent
@slender bobcat r u playing space jam?
slender bobcat
what is space jame
grand crescent
Itβs a new box
thick socket
@pastel sierra grasshopper
median hare
Just won 3 Koth worth 600 points and only 36 points were added to my monthly score??
Someone please tell me something is wrong or I just drop whole
neon river
Just won 3 Koth worth 600 points and only 36 points were added to my monthly sco...
KoTH points won't affect your monthly/general leaderboard
median hare
KoTH points won't affect your monthly/general leaderboard
Thank you. So I wonder. How someone is able to earn about 2000 points on its monthly score in just 24hours? See Ireland monthly score please, have I been seconded just from a cheat? I've been doing everyday challenges and walkthroughs yet how is he/she gets over 2k points and over 200 in activities in just 24h? Please help
brittle stirrupBOT
Gave +1 Rep to @neon river
neon river
https://docs.tryhackme.com/docs/rooms/how-points-work/
^
heady crystal
the koth keeps failing.
Edit: it was from me
neon river
the koth keeps failing.
Edit: it was from me
?
pastel sierra
<@722308219850194985> grasshopper
vapid storm
Hello Guys
I'm a beginner in this hacking stuff.
Can you please tell me the sources where I can learn all these sorts of things ?
I will be grateful π
dark hawk
how do u get into this room
deft elbow
Took me so long to find the king file on the windows box lol took at the flags first lol
vapid storm
Took me so long to find the king file on the windows box lol took at the flags f...
what machine
long perch
There should be a cap on usage of the reset - I was in a koth game where someone resetted the machine every minute (disadvantage when you are only 2 in a koth game).
halcyon merlin
i need a link which directs another site, i remember something like "@" for it
visual obsidian
lmao
visual obsidian
zenith trench
anyone online in koth?
solar remnant
i need a link which directs another site, i remember something like "@" for it
replace T with t, thats cuz I am not able to send the later one bcs discord sends it as example.com
dark hawk
what app r using for kali
like for opening kali
@visual obsidian
cant talk man mic not working
just type here
i cant here u
spiral pivot
Just use VBox or VMware lol
vapid storm
i can't change my country in my try hack me profile
vapid storm
that link redirect me to dashbord
sry and thank u @neon river its work appreciate thank u
brittle stirrupBOT
Gave +1 Rep to @neon river
glacial hinge
runic plinth
Hi
snow abyss
https://tryhackme.com/games/koth/join/3f4101dd7942082ef5546c81
if anyone is down for the Hackers KOTH box; would be one of the few I haven't tried before π
vapid storm
Hi
drowsy coral
vapid storm
Come let have fun KOTH
slim python
I'm playing
glacial cedar
Who's playing Koth?
wraith sorrel
VOICE CHAT
cinder shard
i littarly got banned from a server cz i was talking about doge and admiring elon musk
lol
crimson ingot
-ban @fleet imp -ddays 2 Joined to spam links/server links. Appeals are bans@tryhackme.com if you happen to not be a bod
brittle stirrupBOT
π¨ Banned Guru_88#2690 indefinitely
crimson ingot
Um
-reason 914838209924571156 Joined to spam links/server links. Appeals are bans@tryhackme.com if you happen to not be a bot
brittle stirrupBOT
π
stoic crescent
Is there a way to change your name in tryhackme? 
vapid storm
Is there a way to change your name in tryhackme? <:fawaz:905820218935365664>
Wrong channel but :
sinful nest
@vapid storm π
sinful nest
@vapid storm π
I will play koth with the others, public room
so it's not funny, you restarted about 2 times
alias, public room counts as win, private does not count, I think
cedar sleet
Sorry to be dumb.
Anyone know the windows login creds for KOTH
Am I supposed to hack those
?
stiff idol
Am I supposed to hack those
which room ?? h1 medium ??
cedar sleet
Yes
cedar sleet
which room ?? h1 medium ??
Yes windows h1 medium
neon river
Am I supposed to hack those
Hack em
obsidian kestrel
welcome everybody ....
Why can't I play koth and it shows me "You must have experience" and at the same time I see people playing and they don't have experience
neon river
welcome everybody ....
Why can't I play koth and it shows me "You must have expe...
You can change that from your profile > About You section
obsidian kestrel
You can change that from your ``profile > About You`` section
thanks . pro
brittle stirrupBOT
Gave +1 Rep to @neon river
rapid walrus
https://tryhackme.com/games/koth/join/9213fb6ccc39d2dec506a9e1
about to start koth in 20 min
fiery loom
Anyone up for a game??
strange crag
game?
lean sorrel
anybody up for a game?
vapid storm
hi gΓΊy
hi guys
i have some issues in kali-linux
wifite actually
can you guys help me
vapid storm
fallow pendant
i play rainbow six on ps4
slim python
Who's trying to play?
neon river
Who's trying to play?
i can join in if you want?
slim python
i can join in if you want?
How long are you planning on being on?
neon river
How long are you planning on being on?
whenever you want?
slim python
I have to do something real quick. I'll let you know whenever I'm done. If you still up for it we can go a round
neon river
I have to do something real quick. I'll let you know whenever I'm done. If you s...
starting in 2 minutes
https://tryhackme.com/games/koth/join/a839144a885b0e2f6ca79b36
granite ivy
Answer the questions below
What is the name of the career role that is legally employed to find vulnerabilities in applications?
brisk frost
pentester ?
stiff idol
Answer the questions below
What is the name of the career role that is legally e...
penetration tester
2 words separately will be th correct answer
slim python
anyone down to KOTH
naive herald
@lone kelp
naive herald
<@!822068516059349073>
I can't change king.txt
Operation permission denied? i am root user
junior yoke
Operation permission denied? i am root user
Hi MrSynox, I'd recommend you check out chattr a pretty common strategy to prevent fellow competitors in KoTH from getting their name in.
naive herald
Hi MrSynox, I'd recommend you check out `chattr` a pretty common strategy to pre...
oh thanks
brittle stirrupBOT
Gave +1 Rep to @junior yoke
junior yoke
bad luck
That was an interesting game, always nice when there's a bit of a battle for King. Thanks!
brittle stirrupBOT
Gave +1 Rep to @lone kelp
lone kelp
That was an interesting game, always nice when there's a bit of a battle for Kin...
i left the game after the reset :))
mellow escarp
I see thereβs a koth about to startβ¦ anyone in here playing?
junior yoke
i left the game after the reset :))
I was very surprised why 4 people voted to reset the machine. There was (at least) one active way into the machine and (at least) one route to root.
mellow escarp
You gonna join?
Yeah, Iβm in, but stepped away to get my kid a bottle
Thisβll be my first one
Is there supposed to be some sort of voice chat here?
lone kelp
it is
but u must get verify with ur discord token
dm the tryhackme bot
click Profile > Other. on the tryhackme website
u have there ur token
@mellow escarp
mellow escarp
Ok thanks @lone kelp
brittle stirrupBOT
Gave +1 Rep to @lone kelp
cyan panther
@junior yoke I was kinda lost after gaining a user shell while you were root. What methods do you lose to overthrow the king?
mellow escarp
I was very surprised why 4 people voted to reset the machine. There was (at leas...
How could u see that @junior yoke?
junior yoke
How could u see that <@863334212470964234>?
Hi. Each KotH box has multiple footholds and different ways to escalate privileges, often at least 2-3. After getting onto the box I found most vulnerabilities were still unpatched.
junior yoke
<@!863334212470964234> I was kinda lost after gaining a user shell while you wer...
Most common approach to slowdown other players from writing to the /root/king.txt is to make it immutable and remove/rename the binary used to do this. This can easily be undone, if you come prepared.
More sustainable is to create persistence (so you can back in), patch vulnerabilities (to prevent others from getting in) and finally "coax" others off the box π
naive herald
tranquil halo
dm the tryhackme bot
How long does it take to get verified? I Dm the tryhackme bot and am still not verified?
I still can't get in those vc channels with a lock
lone kelp
How long does it take to get verified? I Dm the tryhackme bot and am still not v...
did u used your token to get verified?
tranquil halo
did u used your token to get verified?
I dm my token to tryhackme bot
vocal ginkgo
"You are weak" that's a bit mean @lone kelp
tranquil halo
use "!verify token"
thanks it workedπ
brittle stirrupBOT
Gave +1 Rep to @lone kelp
edgy mountain
hello hackers
slim python
@lone kelp How do you put your certifications in your profile?
crimson ingot
lone kelp
winter vapor
runic dome
slender spruce
Someone come play KOTH
pastel sierra
thorn loom
neon river
https://tryhackme.com/games/koth/37470
that's a spectator link, if you want people to join you need to share invite link that you can find in options from the top right side.
hidden vortex
k
hidden vortex
attila-21 you are killing the fun bro
vapid storm
hi all,
please could someone help me ? i wan to make a brute force attack using metaspoit to DVWA sytem login (http)? it is for educational reasons. i study the guide of rapid7 https://docs.rapid7.com/metasploit/bruteforce-attacks/ https://www.tutorialspoint.com/metasploit/metasploit_brute_force_attacks.htm, https://www.offensive-security.com/metasploit-unleashed/scanner-http-auxiliary-modules/ but i can't do it. Any help? I am a beginner.
the output error is concern the URI : " No URI found that asks for HTTP authentication"
i am using /auxiliary/scanner/http/http_login module. i am not sure if this module is the correct. has anyone tried it?
hidden vortex
i dont use MSF for bruteforce http , i use hydra for http forms ,in case you want to try and check ,find this article from null-bytes explain it very well
https://null-byte.wonderhowto.com/how-to/hack-like-pro-crack-online-web-form-passwords-with-thc-hydra-burp-suite-0160643/
vapid storm
π
vapid storm
i dont use MSF for bruteforce http , i use hydra for http forms ,in case you wan...
The case study is with metaspoloit. any help?
slender bobcat
i dont use MSF for bruteforce http , i use hydra for http forms ,in case you wan...
you heard of patator?
dry gulch
Just start playing KOTH, why would someone write a script to auto rotate king?
slender spruce
Just start playing KOTH, why would someone write a script to auto rotate king?
Do you mean a script to pwn the machine or a script to put their name as king?
dry gulch
Do you mean a script to pwn the machine or a script to put their name as king?
It was a script that rotated the king between everyone in the lobby. It would put one username in king for 5 minutes and then change it to the next user
So by the end of the game it had like 40 king changes
slender spruce
The only use for it would seem to be either for fun or to get the most king changes in a game
neon river
It was a script that rotated the king between everyone in the lobby. It would pu...
There is a possibility two people running loops to get their names in king file. And these loops fighting each other for king that kept changing it every minute
slender spruce
Or just a crontab
shell salmon
rustic mortar
gg @junior yoke
junior yoke
gg <@!863334212470964234>
Thanks. Got to say, big admirer of that profile pic!
brittle stirrupBOT
Gave +1 Rep to @rustic mortar
finite grove
Just start playing KOTH, why would someone write a script to auto rotate king?
Just for sheer fun to make people wonder why they are king. While scans are running, add people that are in the channel to the loop, and once elevated, run the loop. Does not chattr or anything else. Just echos the next user in line to the file.
neon river
!docs koth
proud frigateBOT
TryHackMe
zealous chasm
how do i get access to voice chat
iron lion
how do i get access to voice chat
you verify your discord with the @proud frigate bot using the following thingy:
!docs verify
proud frigateBOT
TryHackMe
zealous chasm
ok
steady ember
@junior yoke I have problems connecting to tryhackme servers
timid hare
yo @thick socket
thick socket
yoyo @timid hare
junior yoke
<@!863334212470964234> I have problems connecting to tryhackme servers
Thanks for connecting in DM. Awesome to make your acquaintance π
brittle stirrupBOT
Gave +1 Rep to @steady ember
onyx patrol
rustic mortar
does anyone want to play a game of koth?
rustic mortar
Thanks. Got to say, big admirer of that profile pic!
haha thank you!
brittle stirrupBOT
Gave +1 Rep to @junior yoke
vocal ginkgo
does anyone want to play a game of koth?
ποΈ
rustic mortar
has anyone come across BKR13 because I saw him a few times today and each time I want to play every service and port is shut down before I can break into a system and he disables ssh and the apache services. My question is if this is allowed on KOTH?
covert dawn
covert dawn
has anyone come across BKR13 because I saw him a few times today and each time I...
saw him before and he did the same thing
zealous chasm
has anyone come across BKR13 because I saw him a few times today and each time I...
Yup,
He did the same with me .
vapid storm
BKR13 is in my koth lobby right now this should be fun.... do they really just shut down every service?
neon river
BKR13 is in my koth lobby right now this should be fun.... do they really just s...
share invite link
vapid storm
it already started sorry
neon river
it already started sorry
share it anways
vocal ginkgo
so, does hermes_ssh work or you replaced it already @neon river
neon river
haven't done anything other than adding my name in king file
vocal ginkgo
yeh I guess
anonymous ftp login didn't work actually so thought you'd turned it off
neon river
so, does hermes_ssh work or you replaced it already <@!267010557889085440>
working fine for me
vocal ginkgo
ah shit I only have the one(openvpn), filtering for players ips, that's a new one
and ports are closed or moved to higher port numbers π€·ββοΈ
vapid storm
I don't see ssh showing up at all lol
so I guess they really do be shutting every service down lol
vocal ginkgo
they moved the ssh port
@vapid storm ^
neon river
vapid storm
oh I see it now
neon river
vote reset, @vocal ginkgo @vapid storm
vapid storm
done
lone kelp
vocal ginkgo
ah did you remove the chattr binary after changing the permission
this is really f**ing me up rn
neon river
add your own chattr binary?
vocal ginkgo
too late now, been too long since I've played koth properly, no ordered files or binaries left 
Good Game @neon river had a lot of fun! thanks
brittle stirrupBOT
Gave +1 Rep to @neon river
vapid storm
welp at least BKR13 didn't win
vocal ginkgo
welp at least BKR13 didn't win
well, we kinda ganged up against him but he was also kinda cheating so no matter
vapid storm
trueπ I have to go complete some more rooms. I've really only done reversing and forensics... joined tryhackme to get into offensive and defensive security
neon river
if anyone sees them breaking rules again mention me or holmes or email at koth@tryhackme.com with enough proof.
cc: @vapid storm @vocal ginkgo
vocal ginkgo
Sure!
zealous chasm
this is really f**ing me up rn
What's the command to make king.txt unchangeable ?
vocal ginkgo
What's the command to make king.txt unchangeable ?
chattr -i king.txt
zealous chasm
And what's the command of like crontab to echo on king.txt every second?
vocal ginkgo
crontab is too obvious imo(googleable anyways),
while :; do echo 'username' > /root/king.txt ; done make a script with this and run it in some obscure place like /var/lib/whatever
no, sorry, don't like random friend requests, but I can help here if you have further questions @zealous chasm
neon river
`chattr -i king.txt`
+i
vocal ginkgo
what he said ^
zealous chasm
no, sorry, don't like random friend requests, but I can help here if you have fu...
Changing service ports are allowed right ?
vocal ginkgo
its 2:00am for you too, so you can understand @neon river
a simple - + mistake
+i makes it unchangeable
-i makes it changeable
vocal ginkgo
Changing service ports are allowed right ?
yeh
zealous chasm
Means if someone use +i for king.txt and someone else use -i , will he able to over write on it.
vocal ginkgo
yes, but people remove the chattr binary before others can make king.txt changeable
so, you have to upload your own chattr binary or "recreate" the file
zealous chasm
so, you have to upload your own chattr binary or "recreate" the file
Ok this is new for me.
How we exactly suppose to create own chattr binary ?
zealous chasm
"static chattr binary download"
Ok
vocal ginkgo
or simply copy your own from /usr/bin/chattr if you're on linux
rigid ember
or simply copy your own from /usr/bin/chattr if you're on linux
Thanks to make me rember the binary
brittle stirrupBOT
Gave +1 Rep to @vocal ginkgo
zealous chasm
or simply copy your own from /usr/bin/chattr if you're on linux
That means there is no ultimate way to defend our name on king.txt
vocal ginkgo
it's a ctf game after all, where patches exist exploits exist as well
neon river
Ok this is new for me.
How we exactly suppose to create own chattr binary ?
you can find a static binary from busybox
zealous chasm
you can find a static binary from busybox
Ok
inland verge
Ok this is new for me.
How we exactly suppose to create own chattr binary ?
There's one pinned message in #koth π
zealous chasm
or simply copy your own from /usr/bin/chattr if you're on linux
tried to upload my own chattr but it didn't work
vocal ginkgo
chmod +x chattr
vocal ginkgo
/usr/bin/chattr run that
zealous chasm
zealous chasm
Where'd you get it?
lol
it's my chattr from kali /usr/bin
just like you told me yesterday to uplaod own chattr
vocal ginkgo
Yeh, haven't tested it myself, try downloading it from busybox
zealous chasm
Yeh, haven't tested it myself, try downloading it from busybox
ok hold on
vocal ginkgo
Yes, try it
neon river
is that this one ?
you need static chattr binary. this one will work
brittle stirrupBOT
Gave +1 Rep to @vocal ginkgo
vocal ginkgo
π
vocal ginkgo
ideally, a mixture of both, so it echos the username, makes king.txt unchangeable, sleep for 2 sec, and repeat the process
zealous chasm
what but if you make it chattr + i you might not able to overwrite it every couple of seconds using loop
vocal ginkgo
something like
while :; do chattr -i king.txt; echo username > king.txt; sleep 2;chattr +i king.txt;done
zealous chasm
something like
`while :; do chattr -i king.txt; echo username > king.txt; sleep...
that's the case if chattr exists on binaries
inland verge
Perhaps sleep after chattr +i ... π
vocal ginkgo
what he said ^^
zealous chasm
that's the case if chattr exists on binaries
we are deleting the chattr from binaries right ?
vocal ginkgo
no, not in this case
brittle stirrupBOT
Gave +1 Rep to @vocal ginkgo
zealous chasm
just a general query;
what if we do like
while true; do wall texthere;done
this is probably broadcast the text and other's can't execute shell right
so will this violate any koth rules
or we can actually stop this broadcast ?
@vocal ginkgo
vocal ginkgo
!docs koth
proud frigateBOT
TryHackMe
vocal ginkgo
rules are there and for specific queries plz ask, koth mods or staff like "naughty" or "Mr.Homes"
zealous chasm
just a general query;
what if we do like
`while true; do wall texthere;done` ...
@neon river
neon river
It doesn't really Break the rules but also not a good thing to do. You can bypass it by getting a non tty session
You can still execute commands even if they are spamming wall messages
zealous chasm
ohh! , what's the command to spawn the non tty session ssh? @neon river
neon river
ohh! , what's the command to spawn the non tty session ssh? <@!26701055788908544...
!docs koth
proud frigateBOT
TryHackMe
junior yoke
Hi guys, does this look familiar to anyone π
Nmap scan report for 10.10.49.2
Host is up, received conn-refused (0.15s latency).
Scanned at 2022-01-25 22:29:52 +03 for 0s
PORT STATE SERVICE REASON
9999/tcp open abyss syn-ack
23399/tcp open unknown syn-ack
was this the BKR13 user? thought they reported him
junior yoke
Back at it. He left port 9999 open this time π
So the king service would update when he replaced my name with his. Clever.
vocal ginkgo
So the king service would update when he replaced my name with his. Clever.
or incredibly dumb to resort to cheating π€·ββοΈ
let's ping @neon river to review this
don't say its not cheating
junior yoke
He has now taken port 23399 down as well, was trying to brute-force the ssh password:
Nmap scan report for 10.10.49.2
Host is up, received conn-refused (0.14s latency).
Scanned at 2022-01-25 22:36:53 +03 for 0s
PORT STATE SERVICE REASON
9999/tcp open abyss syn-ack
Email koth@tryhackme.com with screenshots
junior yoke
Email koth@tryhackme.com with screenshots
Well, all I have got is my rustscan outputs. That enough?
covert dawn
was this the BKR13 user? thought they reported him
yep he's in a game with me rn and he's shut down all the ports except 9999
feral steppe
Latest game running, my first time attempting to compete and needlessly to say, I failed π
covert dawn
are we allowed to change a files permissions cause the guy im in a game with did that and i couldnt access the king.txt
covert dawn
Latest game running, my first time attempting to compete and needlessly to say, ...
you'll improve sooner or later
feral steppe
I'm only starting out in cyber, so I wasn't nearly as knowledgeable as I needed to be. So I know to keep studying and trying stuff out.
vapid storm
are we allowed to change a files permissions cause the guy im in a game with did...
King.txt file locked? - A user might have used the chattr binary to stop even a root user editing the file.
neon river
They have been banned. Have fun now π
@junior yoke @vocal ginkgo @covert dawn
vocal ginkgo
Good riddance
lone kelp
covert dawn
They have been banned. Have fun now π
<@863334212470964234> <@71725057674798695...
π
waxen hawk
can you hear me .
gloomy quest
why i cant join
vocal ginkgo
why i cant join
you need to verify, follow this
!docs verify
gloomy quest
!docs verify
proud frigateBOT
TryHackMe
slender spruce
They have been banned. Have fun now π
<@863334212470964234> <@71725057674798695...
How are there 100 reacts?
neon river
How are there 100 reacts?
Because everyone wants to have fun π
granite scarab
Because everyone wants to have fun π
it's cause there are a lot of scam bots that liked it haha
it's a part of a huge new scam
bleak cradle
Hi quick question, are players allowed to take down a port?
Got a game where ssh seems to be closed.
lone kelp
its not allowed
bleak cradle
Any other checks that I can do?
bleak cradle
Thanks
Not sure if we are allowed to ask for help, if not please ignore
Just wanted to know if the above is a result of patching that was done by another player, and sort of what I could look at to learn more on it?
neon river
Thanks
Not sure if we are allowed to ask for help, if not please ignore
Just ...
That's intended
sour oasis
Anyone else playing right now?
slim python
I'll play you
sour oasis
4 minutes left on wait https://tryhackme.com/games/koth/join/873842aab3567a39cf655ef5