Read that ^ and finish the pentest + path in thm.

And check out a few different languages, log files, syntax.

They will help you drastically

When you say finish the path, I should be able to answer all the tasks right? Or remember all content

Thank you so much

I wouldn't say remember, but understand and took good notes.

guys i am confused when im trying to gain root access after finding the setImpersonator is enabled

Hey guys, hoping this is an easy one. Where is the target listed on task 3 of the Python for Hackers module? It doesn't provide one or is not directly listed.

Haven't used the site in a while. Forgot the start machine button at the beginning is how you launch your targets

For the owasp juice shop is anyone else having trouble with the acquisitions.md download to get the flag?

I'm 94% through the Pentest+ path. Most of what I have left are tasks that involve za.tryhackme.com (particularly the Lateral Movement and Pivoting room).

za.tryhackme.com doesn't exist. Is there any way to complete those tasks without using it?

usually they'll use the *.thm pattern - try putting a corresponding entry in your /etc/hosts to route those to your VM's IP

You mean, put "*.thm" in /etc/hosts?

No, /etc/hosts doesn't support wildcards, unfortunately (I have a dnsmasq setup to do that).

I meant [in recent boxes] they'll use malicious-sub.sus-domain.thm (and/or fake-company.local for some windows stuff) for stuff that is part of the challenge.
I have a hunch that the domain you listed is part of the challenge, so unless it's an OSINT room, you'll want to add an entry for that specific subdomain in your /etc/hosts file, pointing at the room's VM's IP.
(confirmed - I have some za.tryhackme.com references in my walkthroughs from the *ing-ad rooms)

Where is this pathway? I dont see it on the road map.

Is this what you had in mind? Doesn't seem to be making a difference

For some reason it won't let me attach image, but I put "127.0.1.1 za.tryhackme.com" under hosts

That's your local IP - what are you trying to access and which /etc/hosts are you editing?

I'm trying to access za.tryhackme.com. And I'm editing the file "hosts" under the folder "etc." Is there more than one etc/hosts?

so za.tryhackme.com is served by the room's VM, and you're editing /etc/hosts on your local (VPN-connected) machine? or the Attackbox?

also, all 127.x.x.x IPs are known as loopback adapters, so will link you back to yourself, not a remote machine

The /etc/hosts on the AttackBox

what IP should I be putting there?

the IP of the room's VM, probably

the only VM for this room is the AttackBox. There's some IPs mentioned in for the VPN configuration, I tried those and they don't work either

are you asking for a link? this is the challenge https://tryhackme.com/room/lateralmovementandpivoting

I'm saying I've placed the IPs of the VPNs at the top (THMDC, THMIIS etc.) in etc/hosts in hopes that one of them will grant me access to za.tryhackme.com, and none of them do

I figured that part out, but I get to the end of Task 3, it tells me to go into the t1_leonard.summers account, I use the given password for that account, and then it still tells me "Access is denied"

CompTIA PenTest+ learning path
https://tryhackme.com/path-action/pentestplus/join

This PenTest+ pathway allows individuals to practice the majority of practical skills required for the CompTIA PenTest+ exam. In this you will learn about:

. Industry standard penetration testing tools
. Identifying and exploiting different network services
. Exploiting web applications through today’s most common vulnerabilities
. Understanding Windows active directory and attacking Kerberos
. Post exploitation techniques (with Powerview, Bloodhound and Mimikatz)

CompTIA PenTest+ is for cybersecurity professionals tasked with penetration testing and vulnerability management.

:)

I have completed the path. How will i recive the discount voucher?

it should show up on the top of the LP page once you've reached 💯%

Hi, I need a little help in the Vulnversity room. I'm in the 4 task, and I passed the bypass file extension section and my file .phtml with the reverse shell has been upload at the server. But when I exacute the code with the URL, my netcat listener has no recive anything. And I don't know why and what doesn't work and what I'm doing wrong.

I can't attached some pics about my issue, but I really greatefull for any suggest.

You need to verify in order to send pics. Follow the link down below in order to get verified.

!docs verify

Done, I'm verify. Now attached the pics of my trouble.

In this pics, you can see that I'm connected correctly over the VPN. Also you can see the IP of the interface tun0 and the font sourse of reverse shell.

In this pics you can see the file of reverse shell is already upload on the server.

In the last one pic, is the error when I excute the reverse shell via URL

Good Day All,

I am having issue with my Comptia Pentest+ lab , Task 6 ( Networking Tools) of Introductory Networking. Somehow my " man traceroute " command is not working. The error which i am getting is "No manual entry for traceroute". I have tried to install traceroute in my linux box but it failed.
I would be appreciate if somebody will check and guide me accordingly. Also i have noticed that i am not able to install modules like Traceroute and Whois. Highly appreciate if somebody will help me out.

Hey (: Have you tried it few times more? And also, just after triggering it, netcat should catch the listener. But no worries, you can try this few more times and also if it doesn't work then you should terminate the machine and re-deploy it.

You could try starting by running "sudo apt update && sudo apt dist-upgrade" to make sure everything is up to date. Then trying to install those using "sudo apt install"

Okay so I'm at the end of the Pentest+ room and I can make my way through the rooms, but I feel like im seriously lacking a high quality understanding of how active directory works and all the enumeration process it goes over. Does anyone know if there is a good room or class for active directory? I feel like its such a foundational piece for penetration testing that I need to understand it in detail.

go to the active directory section of the Offensive Pentesting Path

Gave +1 Rep to @sinful spade

Is there a tool that automatically formats a hash into a legible format for programs. Copying and pasting from victim machine and manually editing so that it reads correctly feels like a waste of time.

Depends what the hashes are from

specifically kerberos hashes

If I may ask, which room and task is that asked in? (so I can update the question)

I added (answer in plural) to the question 🙂

Hello All, I am having difficulties with my Pentest+ lab. I am stuck in Task 7 (Exploiting Telnet ) in Network Services. I could not able to find flag.txt file. On command prompt it is showing me " /bin/sh: 1 fag.txt: not found" . I even tried with Cat command as well but the result were same ( No such file or directory exist).

" /bin/sh: 1 fag.txt: not found" - I think here you made a typo, so ensure you use the file name correctly and are in the correct location

Ummm... Is this thing on?

👀

I still can't see my discount voucher. Please fix this or reply atleast.

uhm above the button where you can download your certificate

Not Certificate, the voucher.

The blue bar above it

That's the problem. They need to fix

I have a blue bar above my certificaten download button wit the code

Yeah i can't see that.

did you try another browser? I don't know if i give you the code

did you try the tech-support channel?

They told they have a problem with it.

No worries i will wait.

Did anyone jump onto the PenTest+ exam after finishing this path? 😄

I wish I'd even known this existed when I wrote mine 😆

It hasn't been fixed yet @flint axle

Can you make sure you're following this: https://help.tryhackme.com/miscellaneous/redeeming-comptia-pentest+-discount?from_search=71821162

Yeah i didn't get the voucher.

Its been a month.

If you complete the path, you'll get a discount code that you can use on the CompTIA Pearson store to get 10% off the exam voucher. The discount is given to you automatically when you complete the PenTest+ path.

I didn't get it after completing.

I told to @thick flare too.

Mind opening up one of the modules and showing me the rooms?

Lol i didn't inspect element🤣

But Strange it happened to me only.

@flint axle

Are you a premium user? It should show if you've completed 100% of the rooms & have a subscription

Almost done with the offsec one

🤦‍♂️

Just passed my PenTest+ and I will confirm that this path was very helpful to me passing. I did each room twice and it paid off come exam time.

Hi, I am new to this certification, so my apologies if this is not the write question. Can someone please tell me if the voucher you get at the end of the certification can be used once or you can retake the exam with it?

It would be interesting to know if this path will be updated seeing as though a new exam is going to be out in Oct. Anyone have some info on this?

Do you take the exam virtual or in center

I took the exam virtually

Did you happen to use Jason Dion's test exams? Because I have an appointment for October 11 to take the exam. And I'm around 80% the first time I take a Jason Dion exam and the second time I'm between 90 and 100%. But I don't know if this is enough. I also have the official CompTIA study material + pbq's and I have a really good feeling about that. But from what I've seen in the other CompTIA exams I've taken, Jason Dion was always very close to the real exam.

I did a few of exams and IMO his exams were harder than the actual exam. I was getting around 85% of his exams.

first or second try?

I passed on the first try

i mean the jason dion exams 🙂

Because once I've seen a question I won't forget it soon :p

O! his exams I got around 65% the first couple of times. I sucked big time on the 2nd objectives and after I fixed that I was good to go.

Ok thanks that gives me some confidence again 🙂

Gave +1 Rep to @open moth

Yeah if you are getting in the 90% range I’m sure you will crush the exam. For me the fear of the exam was worse than the exam if that makes sense. Sec+ 601 was harder than Pentest IMO.

ow ok i passed that one on the first try

then I will leave the appointment and I will not reschedule it. Thanks for the info 🙂

Another bit of advice, make sure you know the programming languages, nmap flags and how to remediate exploits. My exam was pretty Ruby and Python heavy.

I think I've mastered that pretty well. I just have to take that exam. And then we'll see. I hope it works and if not, just one more time. Thx

Gave +1 Rep to @open moth

Ok

Let me know if you have any other questions.

Vale

I would like to get a certification in the area

Pentest+ is a good one

The exam is practice or only I shall answered the questions

Passed my Comptia Pentest+ exam today.

Congratulations 🙂

Congrats!

congratulations! I wonder how I'll do it next week

..

does anyone know how to use the until switch for nikto?

If i try numbers (x) or time (xx:xx) it doesn’t work

Passed my Pentest+ exam today 🙂
Its a freaking awesome feeling!

So now A+, Net+, Sec+ and Pentest+ certified!
Thank you TryHackMe for the great resources.

Congrats!!!

is it better to use apps in their terminal or gui; or does it not matter? ex: nmap vs zenmap.

It dosent really matter but imo it's easier to do everything frim CLI

Zenmap is very deprecated

Ah. Didn't know that cuz I never use it lol

Did you pass it just by studying on tryhackme?

Or did you study using other resources?

No, the exam is much more than just the practical part. But if you study all labs well, it will be very useful for the exam.

If I may ask, what did you use when you first started with rooms?

Right now I'm studying DNS

And I know nothing about Linux

So I'm thinking of avoiding using Kali, which is what everyone has told me to do

I've really used everything. Jason Dion, Total Seminars , 3 books and some official study material.

For pentest+ you really need Kali or parrotos.

Yeah but when you are a beginner

Yo7 should start with something like debian

Ubuntu

So I'd first get down the basics of linux

And then go with parrot

You know TryHackMe got really awesome Linux fundamentals rooms?

Yep I do

I might be studying them tomorrow

Hey fellas, in the Attacktive Directory room, it has me enumerate the users and the admin user has no pre-auth required and dumps the hash. From the hash, it wants me to use hashcat and hash type 18200 which is "Kerberos 5, etype 23, AS-REP" and the hash starts off like "$krb5asrep$23$user@domain.com" but the hash that was dumped starts with "$krb5asrep$18$svc-admin@SPOOKYSEC.LOCAL" which would suggest that it would be "Kerberos 5, etype 18, AS-REP". But since there is no such format with hashcat, I switched the 18 with 23 and had no luck. Do any of y'all have some insight on this?

check https://hashcat.net/wiki/doku.php?id=example_hashes and you should find what you are looking for. Changing that hash will definitely not work. You have to find the correct format.

hey i'm taking pentest+ vv soon. any tips that you would give me to crack it?

Make sure you can read scripts. (doesn’t matter which language) You don’t have to be a programmer, just be able to read and understand what’s happening. Also make sure you have knowledge of web application hacking. I noticed that they really went deep into this. so all kinds of SQL injection, cross site scripting, cross site request forgery, dom-based xss, ect. And also how you defend yourself against this. I have answered many multiple choice questions by crossing out three answers. Every time they ask a question you think of a certain answer, but of course its not there :p. Nmap, Metasploit, hashcat, hydra, ect of course. And the important OSINT tools. It’s a really tough exam. (but very practical)
Make sure you have as many resources as possible. The more CTFs, labs you do the easier it is on the exam. I’ve really seen very few questions about RoE,SLA,ect.

thank you ❤️

resources you would recommend me to read? @tidal hinge pentest+ pathway in thm before exam, any other resources?

I've really used everything. Jason Dion, Total Seminars , sybex pentest+ (book + practice questions) and official CompTIA labs + certmaster)

rightttt 🤝

@tidal hinge how long wud u suggest me to prepare before taking it

depends on how much experience you have with the study material. it is easier for some than for others. I did A+,net+,sec+ for this. But I'm not saying this is absolutely necessary. But it did help me. (all fit together perfectly)

oh right

😄

like any approx duration?

I can't tell you it all depends on your experience.

Got the pentest+ back in may, definitely the hardest comptia test I have ever taken

Yup same here

what other ones have you taken to compare it to? @wind plinth @tidal hinge

I only have sec+ and just trying to do another one since I have a lot of spare time currently

A+,Net+,Sec+

It reminded me of the CySA+ but geared for the offensive side

Do you have interest in CySA+?

CySA+ got me my current job (partially)

Do you think CySA or pentest should go first, or does it depend on the direction I want since they are different

It depends on what you want to do. I'm currently a blue teamer, so CySA+ helped with that

ok cool

Yup but i need a break now lol. I die A+,Net+,Sec+ and pentest+ in 1 year so now iets relax time

my experience is threat hunting which is sort of in middle so I am trying to see what I should do next

oh damn xDD

But CySa+ is the next one. But i do that one in the coming 3 years lol

Pentest+ hasn't helped my pivot to Pentesting yet. Currently in PWK. HOT TAKE: comptia tests are essentially vocab tests. Shows you can talk the talk.

Some jobs want to see if you can walk the walk

Ohh I see, so they cysa and pentest are still vocab and not as handsy as ceh and stuff

But it did open a door to an interview

interesting thats good!

It depends on what version of CEH you are talking about. I feel CEH is a vocab test. I hear there is a practical version of CEH now. Haven't taken it.

Oh interesting, i wasnt aware of that

For me its TryHackMe now. And some none official hands-on course on stationX

Yeah I started tryhackme like 2 days ago to get on some tools and stuff

Tryhack me is awesome. I learn better by doing, and I'm in the industry. There is always something to learn.

the companies I have experience at use in house built stuff so its imilar but not the same

Yup hands-on that's what i like

well thanks for the insight, ima hop off yall have a good day 🙂

Quick question: If I complete this CompTIA pentest+ path is it enough to take the pentest+ exam? or does this path just cover some topics on it as a supplemental sort of thing?

I'd say, do that path and get a pentest+ study book. Skim through it and then decide if you're ready for the test or not

hello i have question iam unable to crack hash through john Using default input encoding: UTF-8
No password hashes loaded (see FAQ)

the error i am getting is this Using default input encoding: UTF-8
No password hashes loaded (see FAQ)

the command i used is john id_rsa --wordlist=/usr/share/wordlists/rockyou.txt

You need to do something to the key first

Hey everyone,
I planned to finish this room use cbtnuggets to learn all the rule and regulation parts of the pentest+. After just going through the exam outline and having a genera understanding of everything on there. Think that’s a good enough plan to pass?

Can anyone help with this error? Do I need to update the CL?

how many test exams did you take? I would read a book. Video training, TryHackMe + lots of test exams. For CompTIA exams it is always important to do a lot of exam questions before the real exam.

DO NOT use --force under any circumstances.
Don't use hashcat in a VM. Run it on the host.

Ok, I used force once the regular command didn't work

I'll run it on the host, Thanks!

Gave +1 Rep to @keen hornet

I’ve sat for A+ and Network+ before, years ago. Got it, thank you.

Gave +1 Rep to @tidal hinge

Hey guys

In authentication bypass#

In task3

Where I can find the username and password please ?

You have to brute force it, like you already trying. Make sure the valid username file has only 1 username per line and not the status codes in it as well.

Ok

Hi guys there’s anyone tell me what is the tools to brute-force or password-cracked of Facebook and Instagram??

-ban @pliant linden Asking for tools to attack Facebook and Instagram accounts. Ban appeals are by emailing bans@tryhackme.com

🔨 Banned blyth3 A4dr3w#2695 indefinitely

Hey, anyone know of any new pentest+ practice exams that are out?

The ones I used and recommend are Jason Dions. They mentally helped me prepare for the exam and simulate taking it.

what Jrod_R87 recommends + sybex pentest+ practice test

@tidal hinge any way we can get links to those pinned in this channel? 🙂

https://www.udemy.com/course/comptia-pentest-pt0-001-exams/

https://www.amazon.com/CompTIA-PenTest-Practice-Tests-PT0-001-ebook/dp/B07SPV83N2/ref=sr_1_2?crid=3REENTVU62H1W&dchild=1&keywords=sybex+pentest%2B&qid=1635531184&sprefix=sybex+pentest%2B%2Caps%2C145&sr=8-2

here are the links but i don't have permission to pin a message.

https://www.udemy.com/course/comptia-pentest-pt0-001-practice-tests-4-exams/

Thank you! 😄

Gave +1 Rep to @tidal hinge

but I think the best technical training for the exam can really be found at TryHackMe. Only the exam is more than the technical part alone hence these exams. You really need this for questions about reporting and documentation, RoE, SLA, NDA, social engineering, lock picking ,etc,etc,etc

I agree with @tidal hinge. I did the TryHackMe Pentest path twice and it really helped me. I highly recommend practicing with nmap, Python, bash, powershell, and ruby too. My exam had a good number of Python questions.

Thanks for TryHacMe Discount for PenTest+ Exam and now I passed the PenTest+

Congrats!

were there many cryptography questions on pt0-002?

Thanks!

Gave +1 Rep to @open moth

Hey guys, can you help, please. I’m stuck on task 4 content discovery

Give more details

They are asking me to find the path of the secret area that can be found in the given link

And I clicked on the link and it says we can’t connect to the server

guys

need help on something

where's the source code shown on the 2nd ss

https://gist.github.com/CMNatic/af5c19a8d77b4f5d8171340b9c560fc3

Comments section?

anyone available who completed attacktive directory?

11

https://dontasktoask.com/

That's a nice link. Imm nab that from you

Pretty sure I yoinked it from Muiri and other mentors/mods seeing them post it, so go right ahead

Ah makes sense lol

Hello all! I'm currently working in the Attacktive Directory and using AttackBox and I can't install any applications needed for the room. When I try to install Bloodhound and Kerbrute I get the error message on AttackBox "Unable to locate package"

I think you can get these tools from github

oh, i'm sure, i just find it odd that i'm unable to get AB to execute such a simple command. if i try to install anything i get the same message.

I don't believe those two tool are in the repos which is why it can't find them

If this happening with any install command then it could be a separate issue

Hey 👋🏾

hey hey

On the Django module's CTF. I'm confused, do you need to git clone the django code, run it locally (whether in AttackBox or your own machine) and then modify then look for a bug somewhere? Or do you connect openvpn to the machine, and then somehow get it to show up in browser (confused because then we dont have access to fix a bug in the code/configs).

This is the one by @civic wraith

you need to connect to the provided machine

the github repo is for the programming part, made to assist in debugging

@pure cliff (pinging just so you see it later)

, needed to ssh

i treed to add the a****accouint to the remote users group but both user accounts i have access to cant access users and groups

Hello people. Will the course be updated for the new Pentest+ Exam?

Likely not for a while

gonna see when they retire they old exam

might just push through and grab it fast

I passed the beta exam. Study nmap syntax and output, and know your web vulnerabilities and how to fix the code with a vulnerability. That's probably 30% of the exam, including the pracical.

https://www.youtube.com/watch?v=ey5tjmuHbCQ

Has anyone tried using the PT+ discount code on CompTIA? it's giving me an 'invalid code' error.

Or does that only work for the PT0-001 exam? I'm trying to use it on the PT0-002.

In this regards, what is the expected level of python skill would make me pass the Exam?

Know and understand the basics. Variables, loops, arrays, error handling, conditional statements, I/O, operators, and basic flow of what a program looks like. This goes for powershell, ruby, and bash. My exam was heavy with Python, but yours could be heavy with Ruby or Powershell. My exam was also PTO-001. Not sure if I need to mention that yet as I’m not aware of if PTO-002 is out of beta and an option to select at this point.

In general, you don't need to know a specific language. Yes, Python is on PT-002, but the questions really aren't hard. You're given a 30-line or so script, and asked in a very general sense why the script would not work, or why it was written poorly. Any structured language experience will help with those questions. I don't know Python, but have knowledge of PHP and Perl. In my opinion, PHP is far more important on the test, as the practical exercise is exclusively in PHP and OWASP. This includes recommendations on the best practice to fix a PHP vulnerability. Make sure you know your OWASP and how to resolve PHP input-based vulnerabilities. I passed the PT-002 back in June as part of the beta, so your mileage may vary.

Thats understandable! So the exams can varry in between languages? Is there a chance I could choosethe language for mine?

Understood!

Thank you all 🙂

yup it works only on the PT0-001 exam

idk if the path would be enough for the exam though

any recommendations?

Hi

Nope not enough.

hello guys, may someone kindly please help me in the subdomainenumeration task 6, i have failed to answer the question close to one and a half weeks

Hey, I had an issue with the attacking Kerberos room. I was trying to use hashcat in the step when using kerberoasting with impacket, buto keep getting an error that says “zsh: illegal hardware instruction”. What do I do? Thanks

Don't run hashcat in a VM would be my first bit of advice

Hello, currently doing burp suit task 6 and don't understand what it's saying.
I'm not sure what VM and what site it's asking me to go to. Could someone help me please?

The target machine attached to that task. It's the green button with "Start machine" at the top right corner of it.

I've done this, but I don't understand what it's asking me to do. It could be something really simple and I'm just not seeing it.

Which question of that task are you on?

It's the part where it says return to your Web browser and navigate to the Web application. I dont understand what Web application it means.

Ahh figured it out. I was reading it completely wrong.

It was simple.. click the actions tab 🤦‍♂️

hello

I can not access in this

Anyone else have issues with getting bloodhound to work on kali? I think it’s a Java issue but I can’t really find anything online about it.

sweet

But yes bloodhound was a pain to get working.. PM me if you still need help

Hello, I'm stuck on attcktive directory. Task 7 Administrators NTLM hash. I entered the answer and it says it's wrong. I started doubting myself and googled it. My answer is the same Google is giving me. I then watched a YouTube video of some entering the same answer I did they get it right my is wrong. I don't get what's going on.

Did you copy the answer from online, or retrieve the hash yourself?

I retrieved it. Wouldn't work. Then I googled it as I believed I had the wrong answer. I watch a YouTube video of someone retrieving the same hash I did and theirs worked my didn't.

hi, is the The 10% voucher apply to CompTIA PenTest+ (PT0-002) Basic Bundle??

hey, anybody has time for a quick question about phishing emails 1 room?

will there be a new code for completing the CompTIA Pentest+ pathway as the code expired yesterday?

Doing the attacktive directory room. Stuck on task 4 for enumeration with kerbrute. I'm using userenum but it's asking for the -d switch and the full domain address. I've run an nmap scan and looked over the output from the -sV information it gave me, and I also ran enum4linux with the -a switch and majority of it seems to be denying me. Just poking at it with a basic Anonymous login with smbclient, and it states login successful, but then states: tree connect failed: NT_STATUS_BAD_NETWORK_NAME.

Not sure what I should be looking for concerning this.

Alright, finally got it to work. /etc/hosts definitely needs editing to do this.

Hi all I was hoping to get some help or advice here. Working in the VulnUniversity room. All is good untill I try to execute the reverse shell. I get this message: WARNING: Failed to daemonise. This is quite common and not fatal. Connection timed out (110) Yes I have the correct IP set up in the file for my tun0 and correct port on nc. I've googled and found others asking about the same problem but no real solutions. Does anyone have insight on why the payload isn't executing and not sending anything my nc will pick up?

Payload is executing just fine, just not reaching you.

Check your firewall

windows is going to be the death of me, but I appreciate the opportunity to see where I need the most help. I'm going to have to review this material again and compare it to what options were taught in SEC560

Is it necessary to have a system/laptop with higher RAM for hacking

@icy mesa Do not ask the same question over a large number of channels. It is spam

2022 10% discount code https://www.pearsonitcertification.com/promotions/10-discount-code-for-comptia-certification-exam-vouchers-139799
"PEARSON10" for anyone don't want to click on the link

I am having issues with hydra question 1.. I am getting 15 correct passwords but none of them login to the web account

That usually means Hydra can't detect success/failure from what it's seeing.
Check your command again.

Will there be a new thm code?

Has anyone done the compTIA pent test+ exam?

I intend on trying my hand at it

Huge problems installing bloodhound, and after to much fiddling i think I have the wrong content in sources.list hiw to i know what I wanna have active in there?

Oh I manage to fix it myself i think ^^ i had some bad stuff needed reinstalling

I did it a few months ago. What's up?

Was there a limitation on the ressources you could access? Could you just google stuff?

During the test?

Yes

Sorry for the delay lol

It's a proctored exam, like most certification exams. No resources whatsoever except whatever is in your head.

Wtf I took a mock exam recently, how am I supposed to remember everything by heart lmao

Uhhhh. Studying.

Yeah I'll have to actually put effort lol

I have an awful memory for acronyms and things of that sort

Practice, practice, practice. Of the CompTIA exams I've taken (and I've taken almost all of them), PT+ was the most technical and "hands-on" in that it tested you more on how to do something than rote memorization. So THM is a great way to prep for it.

But yes, effort is required. As it should be for a certification from a body as well-recognized as CompTIA.

I did do the compTIA pentest + path

I didn't find it that difficult but then I don't go straight from memory lol

Do you have any good study ressources?

Jason Dion. It's what I used when I tested.

Thank you

Hi everyone ! I'm testing what i've learned on a very small website (with the admin permission) to get my hands on.

I pass the story of my success and failures but now i want to try if the backend, who's old, has any issue.

To do that i used a nessus scan without success. Then i tried to use the http version with metasploit to look at the PHP version of the website and look at if there is any known vulnerabilities (the website has like 20 years old so it should).

My problem is that i just get the info that this is an apache server..and nothing else. Do you have any tips for trying to figure out this ?

Question for anyone who's taken the Pentest+... is it necessary to learn the full name of acronyms? (ex. I understand what OWASP and PCI DSS are, but do I need to know what they stand for literally?)

Nah, should be alright. I don't remember stuff like that coming up.

Thank you

Gave +1 Rep to @feral tulip

I attempted the beta version shortly after I passed my security+. I will be honest with you that was the only exam I never studied for because I felt I wasn’t ready but my friends believed in me that I’m always nervous taking exams but they know my success capabilities. So just know nmap and it’s flags. Next will be general structured questions about rules of engagement and some scenarios question but with security+ experience going in you will be fine

@hushed vessel thank you yeah I've opted for getting my network + and security + certifications first, just so I can truly be ready and also because it's important

Gave +1 Rep to @hushed vessel

Sounds great. My recommendations are to watch professor messer on YouTube and Mike Meyer on udemy. Also get Jason Dion his simulation questions are 90% close to what you will see on the exam day. No pressure but I’m confident that you will pass the exams whenever you decide to take it. Through my school I can help you register sybex test banks to access practice questions for both the network+, security+ and the PenTest+

How much practical experience would you recommend as opposed to simply book knowledge? I don't much at all working hands on besides practicing the last month so I'm conflicted about how much time to devote to my book and memorization as opposed to working with tools on Kali and THM

To be honest, I didn’t read for the PenTest+ at all and I’m not joking when I say that. However, I guessed maybe reading experience from security+ played a huge role in me passing the exam and the reason is that you might be given a question about identifying a vulnerability and the best method to remediate it. For example you might be given a code that uses MD5 for hashing password and then be asked how best to fix the code. So far Tryhackme and Hackthebox experience were my only tools going into the exam and if you master and solve some of the boxes you should be able to pass the exams

Also is more about know your tools and when to use them. They don’t really care about the tools flag duh except for nmap. 8 out of 10 questions will ask you nmap flags

I took it a couple weeks and failed it. If you've taken a Comptia exam then you know how funny the questioned are going to be worded.

I haven't yet but I suppose I'll have to face it lol

Thanks!

Gave +1 Rep to @hushed vessel

just took and passed Pentest+ 002 yesterday, if you guys have Qs you can shoot me a dm
https://i.imgur.com/Ye5WoYd.jpg

off the bat tho id highly recommend knowing nmap switches by heart, web attacks and mitigations (XSS, Rfelected XSS, CSRF, SSRF etc) and know basic pentest tool capabilities and usages (burp suite, hydra, jack the ripper, aircrack/wifite etc)

Just finished the Pentest+ path and got a voucher code for 10% off. However, it looks like it's a 2021 voucher. Wondering if there is a 2022 code?

We're currently working on renewing this. 🙂

Thanks @edgy tulip

Gave +1 Rep to @edgy tulip

@remote egret i bought my voucher 10% off through professor messor, in case that coupon doesnt work you can do that
https://www.professormesser.com/discounted-comptia-pentest-plus-voucher/

Hi, the steps in the Active Directory rooms are easy to follow. Would this still work in an uptodate Windows company network (Win server 2019/2022 and provided admins did not make a config error) or did MS implement new security features to stop such attacks or to detect them early?

I'm doing task 5 of Attacktive Directory and it says use impacket's python script called GetNPUsers.py but I can't find that where they said it would be

nevermind found it

I'm on task 6 of Attacktive Directory

Reconnecting with SMB1 for workgroup listing.
do_connect: Connection to 10.10.163.161 failed (Error NT_STATUS_RESOURCE_NAME_NOT_FOUND)
Unable to connect with SMB1 -- no workgroup available

that's the error I get

It shows me the available shares

but doesn't stay connected

What command did u use? With the -L flag?

Try: smbclient \\THM-AD.local\<share> -U <user>
And then type the PW

and for THM-AD you substitute the IP or edit your hosts file

AS-REP roasting maybe isn't as common as CTF boxes might make it seem, because that is a non-default setting, but the Ticket-related attacks, Kerberoasting, etc. are all fairly realistic if you're not keeping a good job of monitoring/configuring your environment.

There are professional pentesters here that can probably give you a more detailed answer, but the magic of Active Directory from an exploitation perspective is that a lot of it is abusing features of AD rather than finding some off the shelf exploit in a service.

Microsoft has bragged about Windows Server 2022 having more security features, but I haven't read about it yet, so I wouldn't know

@signal gull thanks

Gave +1 Rep to @signal gull

Does anyone know where I find the Machine IP for nmap task 14?

Nevermind

Is the pentest+ path still more or less just as relevant for the new pentest version?

if we pentest in company unpatched bug bounty, and we find a bug, do we still get paid?

Please do not spam the same question across multiple channels.

If you are patient, someone will likely answer in a channel where the question is relevant (ie, not this channel)

my bad, thank you

Hello, I am currently in the Attacktive Directory Room on Task 4, trying to enumerate the users using kerbrute.
The command I am using is
kerbrute userenum --dc <IP> -d <IP> Usernames.txt
however, it returns multiple red KDC ERROR lines, like this one:
2022/02/11 18:22:10 > [!] 2000@attacktive.local - KDC ERROR - Wrong Realm. Try adjusting the domain? Aborting...
I am not sure what this means.
I have tried adding the Machines IP as a host to /etc/hosts under the name attacktive.local to no avail. Could you give me a hint as to what exactly I am missing? I have tried kerbrute version 103 and 102. I am connected via openvpn to the tryhackme network of course.

That’s not the right domain

You should be able to see it either via enum4linux or script scans using nmap

this little snipped gave the best results for me :)
nmap -n -sV --script "ldap* and not brute" -p 389 <IP>

i got my pentest+ thanks to this path 🙂

looking for study budys to work on ejpt together

What work did you do asided from the path to prepare?

Thanks, how emberassing. Obvious mistake. I managed to solve it. 🙂

Gave +1 Rep to @tacit rivet

Hey is anyone actively pursuing the Pentest+? I’m looking to find someone to study with. Scheduled the exam for April 2nd.

Hi all, I have an issue in the Room "Post-Exploitation Basics". I can get the .zip file with the Invoke-Bloodhound JSONs included and onto my local system but when I try to import it into bloodhound, I get either a bad JSON error, or it says its unzipping but all file progress is NaN% "file created from incompatible". anyone knw of a fix?

hello, how did you manage to get the file onto your system ?
I am using
scp Administrator@<IP>:C:\Users\Administrator\20220216023248_loot.zip ./loot.zip
which gives me an unsuccessful command.

Trying to scp from target machine to attacking machine like this:
scp .\20220216023248_loot.zip <User>@<IP>:/home/<User>/loot.zip
gives me

SOLVE:
for some reason, I managed to ssh into the machine and everything, but in order for scp to properly work, I had to manually start the ssh service on my attacking machine like this:
sudo service ssh start
confirm successful command with
sudo service ssh status

I bought the bundle from comptia that included the epdf and read that. You dont really need to do the TryHackMe labs if you are only in it to pass BUT the Try Hack Me labs actually get you on the keyboard instead of just multiple choice. Good luck

I'm doing this room and I just got the same thing, fresh install of bloodhound and neo4j

Maybe helpful info here? https://github.com/BloodHoundAD/BloodHound/issues/516

I tired it one more time also with no options but no luck

Same issue here, getting the BAD JSON FILE error

"note: On some versions of BloodHound the import button does not work. To get around this simply drag and drop the loot.zip folder into Bloodhound to import the .json files"

It only worked with drag and drop for me

Thanks for replying, drag and drop gives the same error message as well

Gave +1 Rep to @zealous fjord

just passed the ejpt. I feel that this course very closely relates to what you need to learn for the ejpt. If anyone wants to study for OSCP together please feel free to hit me up. Looking for noob friends like me.

Awesome! How hard was it? Did you learn something significant?

INE offers free labs with their starter pass and the're on par with easy or maybe medium rooms on thm but the're beginner focused really, so not that hard really

After you get your pentest+ I’d say you are very close to being ready.

True haha

can you use google translate when taking the test?

I really don’t see why not.

You should ask beforehand

oh ok thanks

Gave +1 Rep to @warm shoal

good day,

working on attactive directory and i cant seem to run secretsdump.py from the examples directory. SYNTAX i am using is ////secretsdump.py -dc-ip 10.10.14.222 spookysec.local/backup@10.10.83.85//// and the error i am getting is ////pkg_resources.ResolutionError: Script 'scripts/secretsdump.py' not found in metadata at '/usr/local/lib/python3.9/dist-packages/impacket-0.9.25.dev1+20220218.140931.6042675a.dist-info'////

i just figured it was needed is the first ip not needed?

oh sorry no that was an old try from yesterday with a new ip my bad that isnt the issue though

this is the second time i attempted this room i just auto completed and didnt replace both ip

doing it now

@fading tartan thank you i will keep working on this today after work

Gave +1 Rep to @low monolith

I'm in https://tryhackme.com/room/rpburpsuite and using THM attackbox. I've followed all steps up to "Return to your web browser and navigate to the web application hosted on the VM we deployed just a bit ago. Note that the page appears to be continuously loading. Change back to Burp Suite, we now have a request that's waiting in our intercept tab. Take a look at the actions, which shortcut allows us to forward the request to Repeater?" and when I do this part my web pages are just loading like normal.

I just figured it out lol I had to re toggle foxy proxy. I guess it had turned off when I reloaded the page.

If anyone is currently studying for the pentest+ and would like to correspond feel free to DM me, I'll be taking it in a couple months and would be nice to have someone to message / maybe practice with

im surprised the mobile isnt really part of pentest+ I looked for it

anyone is pentesting the mobile apps?

Yeah, people do.

There are roles dedicated to it as well.

people in windows intrenal room task 4

What default setting flag can be used to reallocate user process address space?

what flag is used i tried everything i know from Micosoft docs

right now I am trying to resolve a list of subdomains into ips, and massdns resolves most of the domains into CNAME records which is to be expected, I can rerun masscan on that a couple of times but any idea of how to do that more efficiently?

https://termbin.com/izq6u

Testing with CNAME records present + suppressing CNAME record output https://termbin.com/qx2a
(Cleanup: sort -u outfile.txt ...)

It's not PAGE_TARGETS_INVALID / PAGE_TARGETS_NO_UPDATE? I'm not sure if I understand the question exactly

Hi ! In active directory basics we have a sheet to use to find the commands: https://gist.github.com/HarmJ0y/184f9822b195c52dd50c379ed3117993

But all the commands we're using next or not in this sheet (they are given in the hint).
For example we use Get -NetUser -SPN (..etc)

And the only example i can find with net are LocalGroup and with SPN it's with domainUser.

It's pure deducing then ? They are no exhaustive sheet ?

Hey guys, I'm getting stuck at Nmap module,
specifically this question:

Note: The answer will be in your scan results. Think carefully about which switches to use -- and read the hint before asking for help!```
My intuition is telling me that it's getting filtered by a firewall, so there are response but after a careful testing/reading manual, I couldn't solve it. Or am I getting it the wrong ways?

Nmap is giving you the reason in the scan result

Nmap 🤔

Yes, I'm I did it but I'd feel that the question very confusing at that moment.

Did you ever figure this out?

whats happening

Any advice on how do you know when to run a script to get a reverse shell?

@torpid lance any indications of RCE when conducting your enumeration? I do THM and then I get to a point where I get stuck and revert to walkthroughs and see people pulling these scripts from GitHub and run them. But I am like how do they know to run that “script” or what did they see to elevate privileges etc…!?

Yup! I do the same thing. It’s just leaning more on the priv esc, RCE, scripts when to know to use them

Funny you mention Wordpress. I just did a machine on Vulhub today. Got stuck and watch a video it was reverse shell for 404, but I never would of know that!

Just started getting more into all of this ethical hacking this year. So I guess learning curve

Yup, I have plenty of experience, I do those just to do them. Also getting familiar with the different tools switches what they do and when to use them

yes, I did. I'm just saying that the question itself is getting confusing

I can't seem to get the loot.zip file to import into bloodhound on Post-Exploitation Basics -> Enumeration w/ Bloodhound

Whenever I upload it, the application gives me a "BAD JSON" error

Tried dragging the zip into bloodhound, no dice either

I think I found the issue. groups.json didn't format correctly when generated

I couldn't figure out what was causing it to fail

Hello I'm new here

Idk anything

Anybody can help?
Dm

#start-here

It depends on the metasploit version you are using, I think this room was made with the intention to use msf5 instead of msf6, but I can understand the confusion

./kerbrute_linux_amd64 userenum --dc 10.10.7.156 -d spookysec.local userlist.txt

I was searching for answer, seen your question. I solve the issue by above. hope it will be helpful to the next person

Hello all, Im on the attackive directory room and I'm having issues when running GETNPUSers.py. When I run "/usr/bin/impacket-GetNPUsers spookysec.local/svc-admin -no-pass" I get the error message saying [*] Getting TGT for svc-admin
[-] [Errno Connection error (SPOOKYSEC.LOCAL:88)] [Errno -2] Name or service not known

And it doesnt make sense because port 88 is open according to the nmap scan. 88/tcp open kerberos-sec Microsoft Windows Kerberos (server time: 2022-04-04 02:18:38Z)

@fading tartan hello, I have not added it to the hosts file. I’ve seen people do that, but assumed it was a preference. Should I always do that when working on a box?

I do it with some rooms, but I think a % of the rooms tell you to add it.

@spiral hollow ahh ok, I’m not sure if this one did or not, but I’ll add it and try again. What’s the method behind doing it? Is it so Linux can communicate with the box better? And you should delete it once your done with the box too right?

IIRC when you go to insertnamehere.thm, the host file will be read first, then the DNS server,

I'm sure the host file was used before DNS server was?

I sometimes forget to delete it, and creates a small problem when I go back and re-do the room because the target IP is different.

Hi, im on the attaktive directory room and im on the last task (submitting flags). i have to use evil winrm to get the flags by passing the hashes i found from the backup account. the problem is that i keep getting timed out when i use evil winrm. pinging the machine is fine and all other commands i have used till this point work. i have looked up write ups to see if i am messing up the win rm command but even copy pasting their answer gave me timed out. i tried many different machines since yesterday and everytime i updated /etc/hosts. if anyone knows what im missing or if knows an alternative to evil winrm please tell me.
the evil winrm command im using :

evil-winrm -i spookysec.local -u <insert user> -H <insert hash>

the error

Error: An error of type HTTPClient::ReceiveTimeoutError happened, message is execution expired

i did it :D

Yo, if you want to block out your name, I suggest you also block out that THM code on the bottom right hand corner.

oh good point

Sorry, I sent you a DM to make you aware faster.

now im not accidentally doxxing myself like an idiot :D

Congrats !!

Are the Udemy Pentest+ videos/questions by Jason Dion worth it for PenTest+ 002?

congrats!!

i seen you have a 0x role do you work in crypto? @hidden notch

nah

Why don’t we have a security+ path?

If we can have PenTest+

It’s same organization

probably because of resources and time aspects

Ok thanks good point.

Gave +1 Rep to @true frigate

does this actually mean anything

does it has any value?

nope it does not really have any value

but reqruiters might not know that

It's better and safer to vouch for the skills you have learned from the path as opposed to trying to market the completion certificate as a real certification

The recruiters will look for the guy who has tryhackme certification?

I don't think they will be looking for someone with that, but it can be seen as positive if you list it in your skill development or learning section in your CV to show your interest and learning in freetime

Oh, yeah. Fair enough

what's the problem?

The syntax is wrong, IIRC you have to specify the ip in --dc 10.1.2.3

i also tried

Finally you had to add the ip of the machine to hosts

x

D

thanks anyway

hi, is there an issue with the learning path for CompTIA Pentest+ room? I have completed the Burp Suite module however it is still reflected as 91 unanswered (100%) I have tried refreshing, logging in/out but it still seems to be reflecting as undone, any advice?

#site-support message

aight, thanks! so i guess ive to wait for them to fix the changes

Has anyone else had the same problem?

I tested in my personal virtual machine, and also in the AttackBox.

And the problem is the same

Sorry I`m late but they are ok. Honestly this course played a the biggest role in me getting mine with the help of a youtube vid or two.

Brand new to the discord, but have been on TryHackMe for several months. I'm going through the OWASP Top 10 room and for some reason, some of the juice shop codes aren't populating when I've accomplished the necessary task

For instance: when downloading the .md files, it's not showing me a flag

Couldn't find the solution to this online, so I figured I'd ask here in case anyone else has run into this!

Hey, I'm going through the McGraw-Hill Pentest+ Study book paperback, and it comes with an online complete study course as well which lets you customize practice tests and has probably 5 or 6 preloaded practice tests with 85 questions each. The book cost $35 through amazon. So between that and the TryHackMe Pentest+ path, they've really helped. I've got my exam date set a month out currently

@static imp I’m reading the AIO, watching Dion course and doing THM labs. No date set to take exam.

I've also got a Udemy Course that I listen to as I drive to and from work

I learn best when I absorb things through multiple mediums

I like to read, listen and get involved in things for it to stick

Burp Suite, Metasploit, and Web Fundamentals have now been replaced with Burp Suite: The Basics, Metasploit: Introduction, and HTTP in detail in the PenTest+ learning path. 😎

anyone knows the problem

This is while uploading the loot.zip file to bloodhound

this is the result from sharphound, Is this stucked?

@fossil mica

Exploitdb, github are well known

okay, I just figure out why, thanks,,, lol,,,,

Hi there,

I am currently considering taking up some red teaming course work. What is the best place to start. I am look at offshore by HTB and throwback/holo by THM. Also will the THTP certificate by the cyber mentor be a a good fit for a start. I don't want to waste away the lab time when I started the course work. My currently red teaming knowledge only revolves around using kerbrute rebeus but not those advance concepts like golden ticket and sliver ticket. I also have good working knowledge of pivoting/lateral movement I have searched for a few coursework that are online, CTRO, CTRP, CTRE, and eCPTX and OSEP. The OSCP exam I had taken is the old format without Active Directory concept. Do let me know how well I can get started. I was also recommended to darkvortex but Im concern about the cost

Hi there! I'm currently on the Network Services room, Task 9 (Enumerating FTP).
The last "question" asks us to to see what can be done and I've been trying to run exploit that server with exploit/unix/ftp/vsftpd_234_backdoor .

But it doesn't work. Is this because of the version?

Here's the nmap scan result:

felipe@Hadaka-Jime ~ % nmap -sC -sV 10.10.91.211
Starting Nmap 7.92 ( https://nmap.org ) at 2022-05-12 20:55 PDT
Nmap scan report for 10.10.91.211
Host is up (0.21s latency).
Not shown: 998 closed tcp ports (conn-refused)
PORT   STATE SERVICE VERSION
21/tcp open  ftp     vsftpd 2.0.8 or later
| ftp-syst: 
|   STAT: 
| FTP server status:
|      Connected to ::ffff:10.6.17.107
|      Logged in as ftp
|      TYPE: ASCII
|      No session bandwidth limit
|      Session timeout in seconds is 300
|      Control connection is plain text
|      Data connections will be plain text
|      At session startup, client count was 5
|      vsFTPd 3.0.3 - secure, fast, stable
|_End of status
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
|_-rw-r--r--    1 0        0             353 Apr 24  2020 PUBLIC_NOTICE.txt
80/tcp open  http    Apache httpd 2.4.29 ((Ubuntu))
|_http-server-header: Apache/2.4.29 (Ubuntu)
|_http-title: Apache2 Ubuntu Default Page: It works
Service Info: Host: Welcome

Here's the metasploit output:

Here's the Metasploit output:

msf6 > search vsftpd

Matching Modules

Name Disclosure Date Rank Check Description

0 exploit/unix/ftp/vsftpd_234_backdoor 2011-07-03 excellent No VSFTPD v2.3.4 Backdoor Command Execution

Interact with a module by name or index. For example info 0, use 0 or use exploit/unix/ftp/vsftpd_234_backdoor

msf6 > use 0
[*] No payload configured, defaulting to cmd/unix/interact
msf6 exploit(unix/ftp/vsftpd_234_backdoor) > show options

Module options (exploit/unix/ftp/vsftpd_234_backdoor):

Name Current Setting Required Description

RHOSTS yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Usin
g-Metasploit
RPORT 21 yes The target port (TCP)

Payload options (cmd/unix/interact):

Name Current Setting Required Description

Exploit target:

Id Name

0 Automatic

msf6 exploit(unix/ftp/vsftpd_234_backdoor) > set RHOSTS 10.10.91.211
RHOSTS => 10.10.91.211
msf6 exploit(unix/ftp/vsftpd_234_backdoor) > exploit

[] 10.10.91.211:21 - Banner: 220 Welcome to the administrator FTP service.
[] 10.10.91.211:21 - USER: 331 Please specify the password.
[*] Exploit completed, but no session was created.

It's not vulnerable to that.

hello, I do my nessus room. I switched on the target machine and pinged it successfully, however when the report is done, it has only 11 INFO Vulnerabilities. What is wrong?

Hydra Room

Use Hydra to bruteforce molly's web password. What is flag 1?

followed the youtube darkstar tutorial and i'm still getting the same mistakes hmmmm

Make sure you are sending the requests to the correct URI, as of now you are sending them to /

@harsh tapir Please don't spam the same question over many channels. These channels in this section are for tryhackme learning paths.

you mean as in http://ip/

The path / within the webserver

oh Thanks for clarification @keen hornet

Gave +1 Rep to @keen hornet

why would we use hashcat64.bin instead of john in certain situations ? {this might be general question}

hashcat and john serve the same functions for the most part, but there's some differences in what algorithms they support
Hashcat also runs on GPU, John is CPU.

For many algorithms, GPU is much much much much faster

in order for hashcat to use GPU is when kali is installed as a main os system not as a virtual machine right ?

Hashcat runs just fine on Windows

i have OSX 😂

https://hashcat.net/hashcat/#:~:text=Linux%2C Windows and-,macOS,-)

@covert sandal @versed nimbus Hi there. Did you figure out the problem with bloodhound. I've been stuck on it for a while now. Have you tried bloodhound older versions?

https://tenor.com/view/ffs-baby-really-oh-god-just-stop-gif-20490509

It turned out that we just need the older version. Thank you @hazy jungle

Gave +1 Rep to @hazy jungle

Yup, older version worked no problem

Yupp, it worked. thanks for the tip

Gave +1 Rep to @ashen surge

Hi. I'm having issues on the Attacktive Directory, Task 4, Question 2.
I'm trying to brute force with kerbrute and here are two examples of commands I've tried:

// executed command
kerbrute userenum -domain 10.10.193.46

// kerbrute output
2022/05/25 21:34:22 >  Couldn't find any KDCs for realm OMAIN. Please specify a Domain Controller                                           

// executed command
kerbrute userenum -domain 10.10.193.46 --dc spookysec.local0

// kerbrute output
2022/05/25 21:35:28 >  Using KDC(s):
2022/05/25 21:35:28 >   spookysec.local0:88
2022/05/25 21:35:28 >  open 10.10.193.46: no such file or directory

I'm not sure what I'm missing here. Any suggestions?

question... target MACHINE_IP am I supposed to see a specific IP in that spot on the site or should dns resolve that string?

im specifically at nmap - task 14 "practical"

nevermind figured out

it is a placeholder until you hit the green start machine button in a task... but seems you already figured that out so this is just if anyone else comes here and wonders what the solution is

yup thanks good looking out

Gave +1 Rep to @true frigate

Kerberos: hashcat never worked for me in task 4. Somebody having the same issue?

Hashcat -m 13100 -a 0 hash.txt pass.txt

I tryied too woth --force in the emd and didnt worked

DO NOT use --force

Tried too... didnt work

I am not saying it will fix your problem, but you should never use --force.

Please provide more detail than "didn't work"

I would like but cant put a picture in here

And task 4 of what room?

Kerberos from comptia pentest

The Attacking Kerberos room?

It tells an error separetor unmached about somes lines of the hash. And some error in red color about the temperature and naming my cpu

Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 31

Hashfile 'hash' on line 2 (this error until the last hash line file)(1AD4F6...195A8CF7FB83F0A913BD8E74CB3D4083): Separator unmatched

Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1

Optimizers applied:

• Optimized-Kernel
• Zero-Byte
• Not-Iterated
• Single-Hash
• Single-Salt

Watchdog: Temperature abort trigger set to 90c

clBuildProgram(): CL_BUILD_PROGRAM_FAILURE

error: unknown target CPU 'generic'
Device pthread-AMD Ryzen 7 5800H with Radeon Graphics failed to build the program, log: error: unknown target CPU 'generic'

• Device #1: Kernel /usr/share/hashcat/OpenCL/shared.cl build failed.

Started: Tue May 31 07:51:34 2022
Stopped: Tue May 31 07:51:34 2022

yay

Seperator unmatched is the first to fix. Have you checked the format hashcat expects from the hashcat examples page?

yay copie and paste

That does not answer my question

Copying and pasting from what?

in task 4:
Rubeus.exe kerberoast
the take the hash result and paste it into hash.txt file

That doesn't answer my question

Have you checked the example hash provided on the hashcat examples page?

in the page i can see just a result example.

What do you mean?

well.. a just copie the hash... dont know what else to do

when you put Rubeus.exe kerberoast there is a hash result.

just copie this.

I am asking about the hashcat examples page.

dont see an example on the page. link?

Go to hashcat examples page
Control F for the mode you're looking for
Look at the example hash structure
Compare to yours.

example of what exactly?

the mode is provided by thm

and is correct

The hashcat examples page provides example hashes for each mode

It shows the structure that hashcat expects

it allows you to check if your structure is correct

the mode its ok

Unmatched separator tends to mean your structure is wrong

Yes, but that is not what I am talking about!

The hash needs to be structured so that hashcat can understand it.

Do this.

and where is an example of this in hashcat pages?

Here.

seems ok to me, i compared and its ok

Hashcat disagrees though, and hashcat gets to decide if you're right or wrong.
Have you checked for newlines etc that shouldn't be there?

well i put the hash in the same line and the separeted unmatched error is gone.(strange cause in some videos i saw it worked eather a line or not) but still persist the cpu error

Ok, you're going to have to read guides from Hashcat etc on getting your drivers working. That's way out of scope for support here.

ok thank a lot anyway

The reason it "worked" when it was over several lines is because it wasn't over several lines. The editor was wrapping the text so that you can read it all at once rather than scrolling sideways. It's a setting in most editors.

aaaahhhh good point ok got it!!! thanks for the explanation. will see whats problem with cpu.

*gpu

error: unknown target CPU 'generic'
Device pthread-AMD Ryzen 7 5800H with Radeon Graphics failed to build the program, log: error: unknown target CPU 'generic'

Way out of scope for support here

But hashcat is GPU.

You need to sort your GPU drivers

it never ends hahaha

ivd solved the problem! now work fine with CPU!! thanks to all who helped me!!

Gave +1 Rep to @keen hornet

is the post explotation room just a repeat of the other rooms in the module

not really

it guides you on steps to take after you get a foothold and then what you do after you get the high level Admin account

Im stuck on Network Services 2 task 3. I am trying to figure out how many services are running on the target machine. Ive scanned several times with nmap but I never get more than 3. The task suggests that I use the -A and -p- tags but when I use those with this particular box nmap takes forever. After 40 minutes I felt that something was wrong. Is there something that I am missing?

Will give that a shot thanks.

Post-explotation Basic. task two first question said:
What is the shared folder that is not set by default?
the result is a share default ???

it is a very simple answer.... you kinda already typed the answer in your message

i know that the answer.. just doesnt make sense cause the question search for a NON default...

when the answer is a share default

hmmmm

yay.. thats another question... how can i know if is defaulta or not? i only saw e default share, proove the word share and work, but i dont understand

dont get it.. if C$ is a share, why share is the answer when the question look for a NOT share?

yay... and C$ is a share folder by default.. and C$ = default share

and if the question required a NON share default then C$ shouldnt be the answer.. am i right?

or is cause C$ is show that is the answer? cause C$ should be hide right?

ok... i think i get it... the only way i can understand this is cause C$ should not appears, cause is a hidden folder

In Post-Exploitation Basics Task 3 I keep getting "Bad json" error when i try to import my loot.zip folder into bloodhound. google just tells me that the folder is not created properly and that I could go through and manually fix the json which doesnt really seem like a solution. Has anyone else had this issue?

yuup a decent bit of people have had this problem.... use an older version of bloodhound

Okay thanks.

Gave +1 Rep to @true frigate

Im stuck on task 7 of post exploitation basics. I believe I am fallowing the instructions exactly but I never get a connection back to my device.

Hi, they have a problem in Network-based vulnerabilities/Network Services/Task 9 Enumerating FTP
When i use nmap to scan open port, i don't have port 80,
Please to check

is it supposed to have port 80 open???

Yes

pretty sure it is just supposed to have 2 ports open one of them being ftp

This is the case, FTP is open but port 80 is not,
I'm writing a blog and I have to take a screen of the open port! 🙂

have you waited 5 mins since the machine got the ip available???

as sometimes the services take a while to start

you could also try restarting the target machine

I have been trying to get this port for 3 days, yes unfortunately.

okay then maybe report it in #room-bugs

All right, it just magically appeared! 😄

Thank's @true frigate

???

🙂

ah so yeah just needed to be a bit patient and try again

which version of bloodhound would you suggest?

dunno actually ¯_(ツ)_/¯

It's all good. Thanks anyway.

Gave +1 Rep to @true frigate

Did you get around installing an older version of bloodhound? And if yes, what was it?

another good question is if the attackbox version of bloodhound is the right one for it to work

Yea, version 4.0.1 ended up working for me

Cool! I used 3.0.5. I'll give it a try with 4.0.1 as well.

GetNPUsers.py in AttacktiveDirectory seems to be a pretty common headache, huh?

just need to get down the format that works for you 😉

I'm assuming most of the issues come from not updating the hosts file, as that would make sense as to why it can't connect (doesn't know where the domain name connects to), but I assume using the dc tag with the correct IP also resolves the issue?

yeh, if you use the -dc-ip option you don't necessarily need to updates hosts but a good idea nonetheless

I suppose those unstated steps are to be expected once you get out of the easy rooms.

sighs Yup. Optimizing this post so it's easier to find, because that issue is not intuitive for someone whose using this to build towards the PenTest+.

So you either update /etc/hosts or use the -dc-ip flag

Impacket v0.9.21 - Copyright 2020 SecureAuth Corporation

[*] Getting TGT for user
[-] [Errno Connection error (SPOOKYSEC.LOCAL:88)] [Errno -2] Name or service not known

Cuz I mean when so many things out there make their first warning about using the right version of python or having updated Impacket, one can waste an impressive amount of time chasing wild geese.

yeh, but you learn about trouble-shooting which is more important in real life imo

Eh, well now I've contributed to the troubleshooting repo.

Lol, oh. They actually do mention it in the following module.

I can respect Impacket being a powerful tool, but goddamn these scripts are causing me headaches. Getting a module not found error on GetUserSPN.py

I'm just... so tired.

You're running it with python2

But installing with pip3

This isn't an impacket issue, and impacket is written for python3

That's just the one I captured. I've gotten in the habit of just throwing every version of python at these scripts before I ask for help.

python3 same result

That's just the attackbox being broken with python, CMN is aware of that.

Use your own Kali

Oh, well then.

Thanks.

And just like that.

Lol, yaaaaay.

Does that code work, thought someone mentioned it didn't even tho they said they fixed it

I mean, it says it expired at the end of the year, so...

Unless the new code is 2022, and they just haven't updated the room.

Tim said it was extended

But I was just finishing the learning path to get a look at the AD stuff. I already passed my PT+.

With the same code

Might not work on the 002.

You wrote 3031

Whoops

Similar to the python sitution, the use of 2 or 3 does not appear to make a difference.

Neg on 2022 as well.

@edgy tulip looks like the extension didn't work

I would hazard to guess that if they did extend it past the end of last year, they probably applied it to the 001, and forgot to apply it to the 002.

It has to be redeemed on the Pearson VUE site. Did you try it there?

Oh, I actually was about to try it there, but noticed the note specifically said the voucher was for store.comptia.org

@edgy tulip

That's for the 002

Aaaand it won't let me test the 001 because it knows I've already passed it.

Let me verify for you if it works with the PT0-002 exam.

@static imp did you pass

Heck yeah I did

It challenged me for sure

Awesome @static imp !! What would you say we're your best resources that helped

Honestly I was doing so much but the best resources for me personally were this McGraw Hill Pentest+ study guide

And following along with the TryHackMe modules because you're actually putting it into practice

But that study guide also has a code in the back that gives you access to the totalsem testing hub which has awesome practice tests that you can customize per chapter and subject and even boxes and labs you can hack

I would read about 10-20 pages per day and follow along while doing the TryHackMe stuff

Woahh that's very motivating

Hello everyone

i am currently doing the nmap training hence had a query

Does the target (MACHINE_IP)respond to ICMP (ping) requests (Y/N)? When its said MACHINE_IP what is the question referring to?

you need to start the machine.

i started the maching

machine*

for the first answer when i pinged the attackbox ip it pinged and when i said Y the answer is incorrect

really strange

Are you pinging the attackbox IP, or target IP?

attackbox ip

where can i find target ip?

Where you pressed the green "Start machine" button.

so attackbox ip and the start machine are different?

Yes.

It's two separate machines.

cool thanks

Was this enough (+THM) to get everything done for the pentest+ exam?

or did you have to study from other textbooks too?

"Congratulations on completing the Pentest+ pathway! The 10% voucher code is ****, you can use this anytime before 31/12/2021. Please use this code at https://store.comptia.org/", 2021?

It's been extended, but unsure if the extension works yet.

When I checked about a month ago, it did not.

And I took the PenTest 001 using this learning path and Jason Dion's PenTest+ on Udemy. The same course also has updated materials for the 002, although I cannot attest to how well they or this path work as prep for the 002.

May I ask why on the comptia store I can only select 002?

Is it because 001 is not anymore sold or maybe it is not available in my country?

I hope so, it's like 35 bucks discount

They retired the 001 version of the test about two months ago. The 002 is the new current version.

The two things I mentioned were really the only resources I paid close attention to. There were other things I checked out along the way here and there of course to further expound on things, but those were the two primary

How do I use kerbrute after I download the repository

Hey I've been doing attackingkerberos, and having an hard time understanding the PTT method. The article never explains why one must look for an administrator ticket from the krbtgt when there are literally 4 other files with the same administrator@krbtgt-CONTROLLER.LOCAL structure. Can someone better explain this?

Been playing around with mimikatz due to the lack of explanation in the room, ended up breaking the machine a good 4 times and now it's throwing this error, "ERROR kuhl_m_sekurlsa_acquireLSA ; Handle on memory (0x00000005)", against the input, sekurlsa::tickets /export

UPDATE:
The Skeleton Key module on attackingkerberos doesn't even provide a valid example that I cannot confirm whatever I am reading as a learner. Is this normal? or did the machine break again? please let me know if anyone has an answer to this.

hey guys I am currently stuck at the owasptop 10 room: https://tryhackme.com/room/owasptop10
task 19. Can't find any credentials in the documentation for now.
I tried too look into every .js file I found.
I noticed I could access the note-taking page if I created a cookie named "SessionToken" and giving it any value.
However I am not sure this is the right path, an I am still stuck once here.

Any tips? Thanks!

found the answer! 🙂

care to explain what you did to find the answer for future reference????

maybe spoiler it too just in case

Wat? I'm sorry, is this ironic?

Why would it be ironic?

I thought spoiling room was a bad idea

oh shadow meant the spoiler feature in discord which is done with ||spoiler||

and the information of what you did to solve your problem can be helpful for helping others with similar problems

Aaah okay. Did not know that feature. Yeah sure I can do it

||The solution was not to look into the source code of the website, but rather google the title of the webapp/the website's name.
Then it leads you to its github page. It contains the information I was looking for||

nice

That was the source code of the webapp

The clientside code is only half the source code.

Ya

hi guys

have a prob

Abusing kerberos task

root@ip-10-10-255-20:~/Downloads/impacket/examples# python3 GetNPUsers.py spookysec.local/svc-admin
Traceback (most recent call last):
File "GetNPUsers.py", line 42, in <module>
from impacket.examples.utils import parse_credentials
ModuleNotFoundError: No module named 'impacket.examples.utils'

I don't know where is the problem

I think that's supposed to be run with python2. @rain creek

ok thanks but I tried it but not working$

the bloodhound , I tried to install it but not working

It's the attackbox

It's preinstalled, just need to use it correctly

Shouldn't download another copy of impacket for one

I did it but getting the same error?

What else can I do?

@wintry bone I think you're right because of the error message

But I downloded new one but still getting the same error

It is already present on the attackbox. You do not need to get a new one.

Thank you james for correcting me

Gave +1 Rep to @keen hornet

@keen hornet but where is the problem then?

I tried with the attackBox first it didn't work then I downloaded new one but still getting the same mistake James

*Same error

Do not download a new one

Ok

But first when I tried the first time it didn't I searched on internet so I saw other way to do it then follow the method didn't working

Ok, next path for me is here, woot

Hey there, on the Nessus challenge when I'm scanning the VM... the scanner said it was Apache version 2.4.25.... even the HTTP request responds with such, and I've waited to the end of two scans and none of that information changed.... by the room thinks that answer is wrong, does anyone have any insight?

I'm an idiot

I found it in a different vuln

thanks though!

good that you figured out what the problem was on your own... was just going to mention that there is another place to look

Now if I could only do that without asking first lol... Thanks :-)

I was also having issues, because I am also new to this, but I found if you are using the AttackBox you can look for the 'Impacket-Old' directory and go on from there, it worked for me. Hope it helps

Hi, I'm trying to install Nessus Essentials using Kali Linux WSL but am getting the the following error: (Reading database ... 335850 files and directories currently installed.) Preparing to unpack Nessus-8.15.5-debian6_amd64.deb ... Unpacking nessus (8.15.5) over (8.15.5) ... Setting up nessus (8.15.5) ... Unpacking Nessus Scanner Core Components... System has not been booted with systemd as init system (PID 1). Can't operate. Failed to connect to bus: Host is down

You can start Nessus Scanner by typing /bin/systemctl start nessusd.service

I have tried /bin/systemctl start nessusd.service which hasn't worked. I have read about the issue with PID 1 and systemctl when using WSL and so have tried /sbin/service nessusd.service start when I get a 'No such file or directory error'.

It seems as though the PID / sytsemctl issue is quite well known but I just can't seem to figure out what I need to do.

Thanks in advance.

i answered you in a different channel, however.

Do you have Nessus installed?

hey

Redeeming PenTest+ 10% discount voucher information:
https://help.tryhackme.com/miscellaneous/redeeming-comptia-pentest+-discount?from_search=90078916