Hello guys can anyone point what am i doing wrong ?

hash7.txt is : Jocker:7bf6d9bb82bed1302f331fc6b816aada

The terminal output after the command :

john --single --format=Raw-MD5 ~/Downloads/hash7.txt

Using default input encoding: UTF-8

Loaded 1 password hash (Raw-MD5 [MD5 128/128 SSE2 4x3])

Warning: no OpenMP support for this hash type, consider --fork=4

Press 'q' or Ctrl-C to abort, almost any other key for status

Warning: Only 3 candidates buffered for the current salt, minimum 12 needed for performance.

Almost done: Processing the remaining buffered candidate passwords, if any.

0g 0:00:00:01 DONE (2024-05-02 18:51) 0g/s 800.8p/s 800.8c/s 800.8C/s jocker1904..jocker1900

Session completed.

Any help will be appreciated ! Thanks.

Hi everyone,
I just completed the first 3 rooms of Windcorp Series.
Im actually stuck at Osiris one.
I found a walktrhrough that say to use a RubberDucky script to have access.
I tried but my nc doesn't show any connection.
Any hint? ty a lot

Hey everyone so i just started the pre security pathway, and i will gladly welcome any advice or tips from anyone. Bit of background i actually tried computer forensics back in university 2015 but never really liked the theory side of things. I love how thm uses a practical approach. Also i have a basic background of programming too. Ultimately i have a strong desire to learn and found out i actually do enjoy learning a lot. Thank guys advice and tips are welcomed.

https://preview.redd.it/76cd9v248vxc1.jpg?width=680&format=pjpg&auto=webp&s=9202e832e06f59f220dbf4255b6165fd85bcd075

I completed the linux fundamentals 1 a few hours ago and wanted to move onto the 2nd part of it. However, whenever i try to go to access it, it redirects me to the "why-subscribe" page. It is supposed to be part of the free tier and yet, is inaccessible. it is the same with the 3rd part. I tried accessing other rooms and can join them normally. I had my friend try to open it on his laptop with his own account and he couldn't open it as well. Is this a bug or have the devs forgotten to update the tag from free to paid?

https://reddit.com/link/1choj1j/video/meruv7zsytxc1/player

Hi Everyone,

I just wanted a suggestion on the order I should do all the learning pathways and for outliers such as AWS maybe in a different group?

Like to say Thank you for your response.

Hi everyone , so in a couple of days I am going to buy my PNPT voucher , I am in middle of PEH course

I wanna know any good labs execersises that you guys can suggest that could be be helpul for this exam in THM or HTB ,bascically I consumed good amount of knowledge in hacking but I dont have any hands on practicde and also any PNPT exam tips are also appreciated .

Is TryHackme demo website (ACME IT support) down today?? Waiting for any heads-up if anyone faced issues. Thanks in advance.

So I'm new to cyber anything (I do know what an IP is and does, lol) and I heard about THM so I signed up, paid the sub fee, and started using the site. My problem is that when I'm going through a room, I get frustrated because not only am I not retaining the information, but when I check a write-up for the room to cushion the learning curve, it will give me information I haven't even learned and it confuses me. I just did the "Pickle Rick" CTF and was having a HARD time. I genuinely did try to figure it out on my own. After checking the write-up, there was info and instructions that I had never seen before, the path didn't teach me all the content listed and that's where the frustration comes in. After a 42-day streak, I feel like I'm not learning anything relevant whatsoever and now I don't have the motivation to continue. My path was intro to cyber, pre-security, and now complete beginner. The question is what did I miss?

EDIT: For everyone saying do the intro paths, I have, I am doing them in order. PR CTF is at the end of the complete beginner path and all I was saying is that some of the writeup info given was not taught in the path itself. THANK YOU to all the respectable people that made this a teaching moment for me. I appreciate you all.

Ok so basically i am doing some ethical hacking course thingy and it wants me to use kali linux. One of the options is to get a dedicated system. I thought 'wait i have a raspberry pi around somewhere' and maybe i should use this because it would be more useful and potentially more powerful (or so it says). The problem is that my raspberry pi has only so far been used for some easy python coding and i dont know if it can run linux. Should I try?

Hello,

I'm a really big fan of THM, the system of streak, points, learning paths, modules, etc...
Is there a wordpress theme could I use to get website looking like THM website ?

I don't want it for a serious website, just for fun to create my own fun education website.

Thanks,

best

This is a good path for free accounts that are just getting started. https://tryhackme.com/r/resources/blog/free_path

msf6 auxiliary(scanner/netbios/nbname) > run

​

[*] Sending NetBIOS requests to 10.10.60.245->10.10.60.245 (1 hosts)

[*] Scanned 1 of 1 hosts (100% complete)

[*] Auxiliary module execution completed

msf6 auxiliary(scanner/netbios/nbname) >

i have tried diff methods , but ti is now showing ouput , in any module

Ok, I had 4 friends on THM. I tried to add a fifth and it said I hit the maximum amount of friends. So I removed one who hasn't been active in over a year. Try to add the other person and get the same error as before, but now I'm down to 3 friends instead of the 4 I started with. So I'm asking, is there really a limit of 3 or 4 friemds?

I have a Bachelor of Business Management with a minor in Psychology from UBC but now i want a career in cybersecurity. I’m particularly interested in roles such as Incident Response, Penetration Testing, SOC Analyst, and Cloud Security. I have strong self-learning discipline, good problem-solving skills, and a solid understanding of technologies. I can dedicate a minimum of 10-12 hours per week to learning new skills and I’m ready to invest in whatever is necessary to improve my skillset and success rate in my future career.

Should I go back to University for another degree in cybersecurity or computer science? Or would self-learning online using websites like TryHackMe, OffSec(.)com, HackTheBox, and Coursera (Google and IBM certificates for example), and then doing home labs and projects for resume building, be enough to land an entry-level job in the industry? What would be the most effective path for someone with my background and goals?

i wonder, because recently i renewed my subscription and hit the bump - i use attackbox - and non of the machines required for tasks works - i cant do burpsuite and owasp chellenges , because the sites doesnt work....

so my question - is Tryhackme still working and valid source of cyber knowledge and training or just abanodoned project ?

Hello,

I have an issue with connecting to the VPN servers of tryhackme

Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.

Note: '--allow-compression' is not set to 'no', disabling data channel offload.

OpenVPN 2.6.7 aarch64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]

library versions: OpenSSL 3.1.5 30 Jan 2024, LZO 2.10

DCO version: N/A

OpenSSL: error:0480006C:PEM routines::no start line:Expecting: CERTIFICATE

OpenSSL: error:0A080009:SSL routines::PEM lib:

Cannot load inline certificate file

Exiting due to fatal error

I regenerated my certificate and switched servers, remove & purged openvpn, still doesn't work, and ideas?
Thanks

Recently I noticed they redid the search page and there is no longer a filter to hide the rooms you have already completed. You can see only the rooms you have completed, but that's not really what I am looking for. I use to just log in, go to search, hide completed, and go in order. Is there any way to filter out the rooms you have already completed now?

So I want to do this path soon and im mainly doing it for the part about different types of evasion.

For the AV evasion, would u guys recommend knowing c++? I know a little, I know how to inject shell code in a process and DLL injection but that’s just abt it. No knowledge on the NT windows api, syscalls nothing that I think would be necessary to build something like an encrypted shell code loader.

Anyone got good resources to learn a bit more on this topic? And to practice with c++

Really enjoy all the content, the different levels of difficulty, and the variety of material. Hands on makes the learning so much more effective and fun.

Hi, this is my first post, I will try to be as detailed as possible.

I am doing this lab to practice y skills:

https://tryhackme.com/r/room/windows10privesc

The first step after the creation of the reverse.exe is to initiate an smbserver using smbserver.py in the kali machine so using this command(the one in THM):

sudo python3 /usr/share/doc/python3-impacket/examples/smbserver.py kali .

[sudo] password for kali:

Traceback (most recent call last):

File "/usr/share/doc/python3-impacket/examples/smbserver.py", line 21, in <module>

from impacket.examples import logger

ModuleNotFoundError: No module named 'impacket'

It does not work.

I asked chat gpt for help, it told me to create a virtual environment:

python3 -m venv myenv

source myenv/bin/activate

pip install impacket

So I followed the instructions and installed pip install impacket and pip install six but I have still the same errors...

sudo python3 /usr/lib/python3/dist-packages/impacket/smbserver.py kali .

should create it but is not working this is the error message I get:

Traceback (most recent call last):

File "/usr/lib/python3/dist-packages/impacket/smbserver.py", line 45, in <module>

from six import b, ensure_str

ModuleNotFoundError: No module named 'six'

by using this command I can see where is smbserver.py located:

locate smbserver.py

/home/kali/myenv/bin/smbserver.py

/home/kali/myenv/lib/python3.11/site-packages/impacket/smbserver.py

/home/kali/myenv/lib/python3.11/site-packages/scapy/layers/smbserver.py

/usr/lib/python3/dist-packages/impacket/smbserver.py

/usr/lib/python3/dist-packages/scapy/layers/smbserver.py

/usr/share/doc/python3-impacket/examples/smbserver.py

so by changing the path maybe I could resolve this but no, this is the other error I get:

sudo python3 /usr/share/doc/python3-impacket/examples/smbserver.py kali .

Traceback (most recent call last):

File "/usr/share/doc/python3-impacket/examples/smbserver.py", line 21, in <module>

from impacket.examples import logger

ModuleNotFoundError: No module named 'impacket'

No matter what command I use the errors keep coming:
sudo python3 /home/kali/myenv/lib/python3.11/site-packages/scapy/layers/smbserver.py

kali .

Traceback (most recent call last):

File "/home/kali/myenv/lib/python3.11/site-packages/scapy/layers/smbserver.py", line 12, in <module>

from scapy.automaton import ATMT, Automaton

ModuleNotFoundError: No module named 'scapy'

Command 'kali' not found, did you mean:

command 'kalk' from deb kalk

command 'kal' from deb kalibrate-rtl

command 'ali' from deb mmh

command 'ali' from deb nmh

command 'ali' from deb mailutils-mh

command 'kati' from deb kati

Try: sudo apt install <deb name>

I do not know what to do, this is just the beginning of the exercise, it shouldn't be this way XD.

I just updated everything and force reinstalation.. HELP

The Pyramid of Pain i, totally broken. I tried to match the item but wasn't successful. I spent 20 minutes trying to answer.

Hello everyone as someone that doesn’t have any knowledge ( I know how to use a computer but I mean I don’t know things in depth ) but I’m really drawn into hacking , what would you say is the best plan ? Obviously I’ve started with the Pre-security plan , as soon as that’s done do you think I should jump on the pentest course or something else in between ? My goal is to learn as much as I can from thm and in the near future find a course or get some credentials to be able to get a job in this field one day . Thanks a lot !

I started the SOC analyst lvl 1 path a couple of weeks ago, I am almost done.

I read the comments about the platform in several forums and I still don't understand the hype of Try Hack Me. It is OK, but for premium I wouldn't say the same.

What I am writing is my opinion as a beginner without experience in SOC. Some people more pro or with experience may differ in my point of view.

Outdated material: In many cases when I am using a suggested app or going through some specific topic, I go to Google to research even more and most of the results are quite old, even older than 5 years ago. I get that feeling that I am learning old content and that the platform don't update the knowledge, the techniques, the apps, the concepts.
Just write the name of a room of Google and you will find posts extremely old. Probably the owner of the platform forgets that we want to learn about new concepts, tools, techniques, strategies.

Hands-on labs: Their virtual machines in the platform run as turtles. After loading Windows or Linux machine, you can go to take a nap and later make a coffee while the browser or any app you click is loading.

Topic structure: The topic order path needs organization. There is a sequential line to follow each topic, but from time to time they suggest you to learn a topic in another room first you proceed with the actual room you pretend to start. For example: You are about to start the step 3, and they recommend you, before you start there, to go through the step 6 first.

Content digestion: Their lectures make you jump like a frog from room to room. There are a lot of external links in each room that just take you away and distract your focus on the topic. And the reference links are for quite long and robust material that will take months to read and digest. It would be nice if they include a summary or the most important aspects from those webpages and include them in the platform, so one doesn't need to leave the room all the time.

Multimedia learning support: Forget some kind of video help or material. They are still using animated GIFs to show the pointer moving and showing you what you have to do. If you miss something, then you have to wait again the GIF to start.
The graphic support are blurry screen captures that remind me 15 years old websites.
If you want to spend 1 hour in a room reading a long text and watching static screen captures to finally get lost, it is better, to watch a walkthrough on YouTube.
So, watching YouTube videos is mandatory for beginners using this platform.

Saving time answering the exercise questions: Get prepared to write manually long answers that could be copied and pasted instead for saving time. Why? Because the answers from time to time are written in a screen capture. I don't see the point about writing manually never ending IPs or dates of the events again and again in the same room from a photo, when saving time is vital for learning the most as possible.

Copy and paste function: Prepare for not being able to type special characters in the VM that you can type normally in your local machine. And if you try to copy and paste for example a command that contains the special characters, that you cannot type manually, the Copy-Paste function does not work your local machine to the Windows-Linux THM virtual machine.

Line command apps rooms: The rooms for using CLI applications are very confusing. For example, Snort rooms. Tons of random information, commands, external links, that just make a beginner crazy. It would be better to extract the most important and useful information for basic purposes. If they know that this is a beginners course, what is the point of offering a content that they know one is never going to remember after 1 week.

Technical customers service: Take days to reply, and probably they will send you to their Discord channel to find help from other users.
I have written tickets with the description of the problem, the details and screen captures. Then they reply, asking me for description of the problem and screen captures. Something that I have already sent.
It seems they lack organization and order in that department.

***Certificate of completion: Once you finish the course and download the certificate. Make sure you have your real name written in your account settings before download it. I used Google account to login which not uses my real name. Once you download the certificate with the wrong name, there is not a way to change it. I read different post on Discord and the staff of THM just tell to use paint to fix the name. I cannot believe this, what kind of serious and paid platform would have not solution to fix such a thing?
How can I link a certificate with my nickname on LinkedIn like this?

OK, this is my review using the premium platform. I hope my opinion may be useful to others, specially to the TryHackMe company.