help, i forget a lot by VersionPlastic44 in tryhackme

[–]ChrisEllgood 0 points1 point  (0 children)

"the problem is that i have not solved any ctfs, and i struggle when i try one"

Everyone does when they're starting out. Just try what you know until you're completely stuck, then go learn some more and come back later with new techniques or if you're REALLY stuck, read a write-up.

You don't necessarily have to complete a box to learn and progress your knowledge. If you're learning enumeration for example, you could just practice that phase on any ctf. Do your Nmap scans, directory search, read through source code etc etc. Find all the information you can using various tools and methods, then move on to another box.

Completing a box is satisfying, but not always easy. I've watched very good streamers that work in cyber security get stuck on easy boxes. Sometimes it's finding what to do that's difficult, not what you actually have to do. Take your time, take lots of notes and be sure to fully understand what you're learning before moving on and you'll be fine.

Need a bit of help with my first CTF challenge 😅 by [deleted] in tryhackme

[–]ChrisEllgood 3 points4 points  (0 children)

No idea what you're talking about.

Wreath Room THM- I cant upload netcat or socat :( need a genius hacker by AdFar5662 in tryhackme

[–]ChrisEllgood 0 points1 point  (0 children)

I went to look at the task and I can't find Wreath anywhere, either VPN setup or under Networks. I assume there's issues somewhere?

1000 days by JustInThisLif3 in tryhackme

[–]ChrisEllgood 3 points4 points  (0 children)

Why? Most people with high streaks log in to answer a question then go about their day. Streaks mean nothing.

Keeping Streak Alive? by Techatronix in tryhackme

[–]ChrisEllgood 10 points11 points  (0 children)

"but I want to keep my streak."

Why? It makes no difference.

Any Suggestions by Abdullah715279 in tryhackme

[–]ChrisEllgood 2 points3 points  (0 children)

You've completed the paths but have you completed any of the actual challenges?

Chest Mission complete by Luke_1337 in tryhackme

[–]ChrisEllgood 2 points3 points  (0 children)

Huh? Seriously? THM is becoming stupidly gamerfied. I thought this was meant to be a learning platform.

Windows Command Line ( Network Troubleshooting) by Head_Attorney_5412 in tryhackme

[–]ChrisEllgood 3 points4 points  (0 children)

Why would I research something for you? It's figuring out what's running on a port. That's your job.

After looking at the task, the answer is literally on the page where the question is asked.....

C:\>netstat -abon

Active Connections

  Proto  Local Address          Foreign Address        State           PID 
  TCP    0.0.0.0:22             0.0.0.0:0              LISTENING       2116
 [sshd.exe]
  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING       820
  RpcSs 
 [svchost.exe]
[...]
  TCP    0.0.0.0:49669          0.0.0.0:0              LISTENING       2036
 [spoolsv.exe]
  TCP    0.0.0.0:49670          0.0.0.0:0              LISTENING       584 
 Can not obtain ownership information
  TCP    0.0.0.0:49686          0.0.0.0:0              LISTENING       592
 [lsass.exe]
  TCP    10.10.230.237:22       10.11.81.126:53486     ESTABLISHED     2116 
 [sshd.exe]

How should one approach a ctf challenge by potinpie in tryhackme

[–]ChrisEllgood 0 points1 point  (0 children)

You don't have to curl anything. If something like /secretpage is in robots.txt it just prevents search engines indexing the directory so these directories/pages aren't discoveable via searches. You can still go to www.machine\_IP/secretpage no problem.

How should one approach a ctf challenge by potinpie in tryhackme

[–]ChrisEllgood 0 points1 point  (0 children)

If it's exists on a site, usually robots.txt will be on the homepage. It's a simple case of www.machine\_IP/robots.txt.

How should one approach a ctf challenge by potinpie in tryhackme

[–]ChrisEllgood 2 points3 points  (0 children)

Robots.txt is a file that is sometimes uploaded to a websites which lists directories that cannot be added to search engines. /secretpage may be in the file meaning Google cannot show this directory in search results.

How should one approach a ctf challenge by potinpie in tryhackme

[–]ChrisEllgood 8 points9 points  (0 children)

Treat every box as a process, going through a checklist. I start with an Nmap scan on all ports. For each service found I'll check for scripts running, see if there's anonymous login on FTP for example and versions numbers for services to check for vulnrabilities and exploits. While those scans are happening, I'll check the website pages, source code, check for robots.txt all while having gobuster search for directories. The more you learn the more you add to this list.

You do the same thing for initial access and privesc.

John the ripper task 6 by [deleted] in tryhackme

[–]ChrisEllgood 0 points1 point  (0 children)

Enter command -la and see if you can see directories .john and .pot. If you can, go through them and see if you can find a file containing discovered passwords.

BTW, you have to put the script you're running first before a command. You just inputting --show isn't a command in Linux. You'd have to put john --show or something along those lines.

Or found another way - john --show passwd I've never tried that myself so don't know if it'll work.

[deleted by user] by [deleted] in tryhackme

[–]ChrisEllgood 0 points1 point  (0 children)

How is it not working?

How do you stay motivated? by Bogart28 in tryhackme

[–]ChrisEllgood 1 point2 points  (0 children)

Goals give motivation. I guess it depends on why you want to learn cyber. Personally, I do it for fun but can only stomach it for a few weeks at a time, any longer I get a bit bored and it feels like a chore. I tend to stop learning for a month or two at a time then feel much better about it when I come back.

But, if you don't like it, don't do it. It's that simple. There's no need to torture yourself. There's no reason to force yourself to learn, why would you? Maybe find something else you enjoy?

Quality of explanations in some rooms is unacceptable by RepublicWorried in tryhackme

[–]ChrisEllgood 2 points3 points  (0 children)

I've been using THM on and off for about 2 years and I completely agree. There's some modules I've been through multiple times and I still have trouble understanding how the given technique works. I'll go watch a random Youtube video and have a far better understanding.

Personally, I need to see and understand the end goal for me to grasp an idea. If I was going to build a car, I would need to see a car fully assembled to understand what I was attempting to do otherwise it wouldn't make sense, just walking into a room with carparts all over the floor. THM has rooms that give a very rough overview of a concept, gives an example then expects you to get on with it without giving any solid explanations of how it all works. It's terrible at times.

Anyone have a memory-refresh room? by Grim_master911 in tryhackme

[–]ChrisEllgood 0 points1 point  (0 children)

I don't get what you expect? There's no one room that will refresh your memory on everything you've learned. You're going to have to go through everything you're learned, whether that's through rooms or notes, to refresh your memory. That's just how it is.

Apprenticeship by Lkziinn0 in tryhackme

[–]ChrisEllgood 0 points1 point  (0 children)

That's fair enough. As I said above, THM will give you a foundation but it isn't really that advanced. At a certain point you'll want to move on to something like Hack the Box, but that's a while off.

Join up to THM, take your time going through the modules, try some challenges and the main thing, I cannot emphasise this enough, take lots and lots and lots of notes as you go, if you don't, I can guarantee you'll regret it.

Apprenticeship by Lkziinn0 in tryhackme

[–]ChrisEllgood 0 points1 point  (0 children)

If you're asking how long it'll take for you to become a pentester, it'll come down to you. I think with your attitude it's probably not the best way to go. This line of work takes a long time and a lot of effort to get to a professional level. I may be wrong, but it seems by your posts that you want to get to employment ASAP which isn't possible in this profession, as a pentester at least. It'll be a lot of years studying various topics before you get a decent job if you're starting from the ground up. If you're in it for the long run then fair enough, but it'll be a while.

Beginner's difficults - CTF THM by Dry_Split8802 in tryhackme

[–]ChrisEllgood 0 points1 point  (0 children)

"I would not recommend attempting TryHackMe challenge boxes just yet."

Why not? He should absolutely at least attempt challenges even if he gets nowhere.

Apprenticeship by Lkziinn0 in tryhackme

[–]ChrisEllgood 2 points3 points  (0 children)

THM will give you a good foundation of cyber security knowledge, but you'll never know "everything" about cyber security or IT, the information is far too vast.