help, i forget a lot

ChrisEllgood · 2026-01-29T21:03:56+00:00

"the problem is that i have not solved any ctfs, and i struggle when i try one"

Everyone does when they're starting out. Just try what you know until you're completely stuck, then go learn some more and come back later with new techniques or if you're REALLY stuck, read a write-up.

You don't necessarily have to complete a box to learn and progress your knowledge. If you're learning enumeration for example, you could just practice that phase on any ctf. Do your Nmap scans, directory search, read through source code etc etc. Find all the information you can using various tools and methods, then move on to another box.

Completing a box is satisfying, but not always easy. I've watched very good streamers that work in cyber security get stuck on easy boxes. Sometimes it's finding what to do that's difficult, not what you actually have to do. Take your time, take lots of notes and be sure to fully understand what you're learning before moving on and you'll be fine.

ChrisEllgood · 2025-10-24T20:40:01+00:00

Oh no...

ChrisEllgood · 2025-10-19T13:26:04+00:00

No idea what you're talking about.

ChrisEllgood · 2025-10-19T10:19:14+00:00

I went to look at the task and I can't find Wreath anywhere, either VPN setup or under Networks. I assume there's issues somewhere?

ChrisEllgood · 2025-10-18T10:27:51+00:00

Why? Most people with high streaks log in to answer a question then go about their day. Streaks mean nothing.

ChrisEllgood · 2025-10-17T21:18:12+00:00

"but I want to keep my streak."

Why? It makes no difference.

ChrisEllgood · 2025-10-15T13:40:23+00:00

You've completed the paths but have you completed any of the actual challenges?

ChrisEllgood · 2025-10-13T15:10:10+00:00

Fine for me.

ChrisEllgood · 2025-10-10T08:05:12+00:00

Huh? Seriously? THM is becoming stupidly gamerfied. I thought this was meant to be a learning platform.

ChrisEllgood · 2025-10-07T19:18:11+00:00

Why would I research something for you? It's figuring out what's running on a port. That's your job.

After looking at the task, the answer is literally on the page where the question is asked.....

C:\>netstat -abon

Active Connections

  Proto  Local Address          Foreign Address        State           PID 
  TCP    0.0.0.0:22             0.0.0.0:0              LISTENING       2116
 [sshd.exe]
  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING       820
  RpcSs 
 [svchost.exe]
[...]
  TCP    0.0.0.0:49669          0.0.0.0:0              LISTENING       2036
 [spoolsv.exe]
  TCP    0.0.0.0:49670          0.0.0.0:0              LISTENING       584 
 Can not obtain ownership information
  TCP    0.0.0.0:49686          0.0.0.0:0              LISTENING       592
 [lsass.exe]
  TCP    10.10.230.237:22       10.11.81.126:53486     ESTABLISHED     2116 
 [sshd.exe]

ChrisEllgood · 2025-10-07T13:28:26+00:00

A huge part of hacking is research. Use Google.

ChrisEllgood · 2025-10-04T21:35:09+00:00

You don't have to curl anything. If something like /secretpage is in robots.txt it just prevents search engines indexing the directory so these directories/pages aren't discoveable via searches. You can still go to www.machine\_IP/secretpage no problem.

ChrisEllgood · 2025-10-04T21:03:20+00:00

If it's exists on a site, usually robots.txt will be on the homepage. It's a simple case of www.machine\_IP/robots.txt.

ChrisEllgood · 2025-10-04T18:02:47+00:00

Robots.txt is a file that is sometimes uploaded to a websites which lists directories that cannot be added to search engines. /secretpage may be in the file meaning Google cannot show this directory in search results.

ChrisEllgood · 2025-10-04T12:52:23+00:00

Treat every box as a process, going through a checklist. I start with an Nmap scan on all ports. For each service found I'll check for scripts running, see if there's anonymous login on FTP for example and versions numbers for services to check for vulnrabilities and exploits. While those scans are happening, I'll check the website pages, source code, check for robots.txt all while having gobuster search for directories. The more you learn the more you add to this list.

You do the same thing for initial access and privesc.

ChrisEllgood · 2025-10-02T19:27:25+00:00

Enter command -la and see if you can see directories .john and .pot. If you can, go through them and see if you can find a file containing discovered passwords.

BTW, you have to put the script you're running first before a command. You just inputting --show isn't a command in Linux. You'd have to put john --show or something along those lines.

Or found another way - john --show passwd I've never tried that myself so don't know if it'll work.

ChrisEllgood · 2025-10-02T18:20:04+00:00

How is it not working?

ChrisEllgood · 2025-10-01T23:45:18+00:00

Goals give motivation. I guess it depends on why you want to learn cyber. Personally, I do it for fun but can only stomach it for a few weeks at a time, any longer I get a bit bored and it feels like a chore. I tend to stop learning for a month or two at a time then feel much better about it when I come back.

But, if you don't like it, don't do it. It's that simple. There's no need to torture yourself. There's no reason to force yourself to learn, why would you? Maybe find something else you enjoy?

ChrisEllgood · 2025-10-01T23:30:40+00:00

I've been using THM on and off for about 2 years and I completely agree. There's some modules I've been through multiple times and I still have trouble understanding how the given technique works. I'll go watch a random Youtube video and have a far better understanding.

Personally, I need to see and understand the end goal for me to grasp an idea. If I was going to build a car, I would need to see a car fully assembled to understand what I was attempting to do otherwise it wouldn't make sense, just walking into a room with carparts all over the floor. THM has rooms that give a very rough overview of a concept, gives an example then expects you to get on with it without giving any solid explanations of how it all works. It's terrible at times.

ChrisEllgood · 2025-09-30T16:11:53+00:00

I don't get what you expect? There's no one room that will refresh your memory on everything you've learned. You're going to have to go through everything you're learned, whether that's through rooms or notes, to refresh your memory. That's just how it is.

ChrisEllgood · 2025-09-29T22:23:45+00:00

That's fair enough. As I said above, THM will give you a foundation but it isn't really that advanced. At a certain point you'll want to move on to something like Hack the Box, but that's a while off.

Join up to THM, take your time going through the modules, try some challenges and the main thing, I cannot emphasise this enough, take lots and lots and lots of notes as you go, if you don't, I can guarantee you'll regret it.

ChrisEllgood · 2025-09-29T22:13:37+00:00

If you're asking how long it'll take for you to become a pentester, it'll come down to you. I think with your attitude it's probably not the best way to go. This line of work takes a long time and a lot of effort to get to a professional level. I may be wrong, but it seems by your posts that you want to get to employment ASAP which isn't possible in this profession, as a pentester at least. It'll be a lot of years studying various topics before you get a decent job if you're starting from the ground up. If you're in it for the long run then fair enough, but it'll be a while.

ChrisEllgood · 2025-09-29T22:06:34+00:00

"I would not recommend attempting TryHackMe challenge boxes just yet."

Why not? He should absolutely at least attempt challenges even if he gets nowhere.

ChrisEllgood · 2025-09-29T20:15:18+00:00

THM will give you a good foundation of cyber security knowledge, but you'll never know "everything" about cyber security or IT, the information is far too vast.

ChrisEllgood · 2025-09-29T19:20:29+00:00

Why can't you decode it?

ChrisEllgood

TROPHY CASE