#general

Just leave everythkng accessible to groups

https://tenor.com/view/tommy-wiseau-oh-hi-mark-hey-mark-gif-17296134

Test it, and you will see it works

Probably some hidden stuff in the source of bash

Maybe they have checks for binary name?

It would be an easy check in C you know

argv[0]

if possible take it to dms

can someone help me with some homework? its not network topologies and im having trouble understanding </3

https://tenor.com/view/water-pov-cat-gif-21660003

https://tenor.com/view/water-pov-cat-gif-21660003

:(

https://tenor.com/view/water-pov-cat-gif-21660003

there

to get embed perms you need to be hacker rank

i know </3

im just never on here

thank u for the reminder fr tho

I was about to fall asleep in the doctors examination room watching youtube videos

Just now

It's gotta be the chair

intended

HTB gives auto-pwn to the author

After the first 3 solves

but they give autopwn to htb first
when you make a box you have to submit an autopwn of the box with the writeup

How to autopwn DarkCorp

thats the real question 😩

hi @burnt bloom can i dm you?

i dont recall reading this on the machine submission page

👁️

i am sure abt the writeup maybe autopwn thing is a myth

autopwn is a myth

Some creators come up with an autopwn

so they can try and assure those extra money for "QuAliTy"

sure sure "quality"

we on same page then

What is autopwn supposed to be? A script that assures that all relevant information along the way is present?

autopwn is an script that automatically pwns

autopwn basically pwns the machine boot to root

gets u the flag

thank you for coming to my ted talk

so if autopwn works it means machine is working as intented

most of the times

Thats what i said

Except if the machine is a Medium box named Hacknet

we need more boxes like rope2

hello

hi

why cant i connect to instance to xfreerdp in academy

?

Let me check real quick

I dont know

Please be more verbose

Hi guys

I heard the us goverment is shutting down

Has that happened yet

i was doing windows fundamentals , there was a task to connect to xfreerdp. i tried downloaded the openvpn key and connected , it shows connected but when i try to complete the task by connecting to xfreerdp it says i am not connected as well as when i ping the host it says host not found. i was connected when i was doing other exercise

My bank charged me $60 for only having $5.
Now I have -55 dollars.

Vpn issue i guess, restart the academy instance and try again, if doesnt work redownload vpn again

i did it three times already

so i came here

i was ask to do that last time it did work but today its not working

lucky dude

what else can it be

I shall remove it before my boss sees it

u can report unsolicited dms to mors

MORS

https://cdn.discordapp.com/emojis/809400222002315355.gif?size=96&quality=lossless

😭 I have put ask for before dm and still

https://tenor.com/view/monkey-monkey-dancing-orangutan-monkey-dance-happy-monkey-gif-12702179649294906179

Disqualified

https://tenor.com/view/jake-crying-gif-15896901980625544793

literally every server im in

@willow storm

at least u pinged me specifically

:P

Lol

feels special

@lilac cipher Learn something bruh

U aint special

r u?

No

hello how long do challenges points take to be added to profile?

completed a 10 point rev but still same points

about 10 milliseconds

why is my final score still 0?

and challenge owns graph didnt increase

although challenge progress did

https://tenor.com/view/monkey-conduciendo-gif-24377638

this is the third time i am really frustrated

why the vpn shows connected but i cant reach the target machine

it will happen more times

ping harder

if u gave the bank a world, it should rob the man, cuz the gun was robbed by the man

thonk more

.

Helloooooooo

hello

ok gyuys me going to try hack me

this is frustrting i am unsubing htb

bye

.

LinkedIn is evil

To understand the creation, one must first understand the creator

Code your own boxes, give yourself short term amnesia and hack them again if you wanna be a pro hacker

Just ask Gemini 2.5 Pro to do boxes for you

don’t please

yeah before that i need to learn

i guess there is a process

world was better before AI 😞

i dont want to get the flag or solve boxes i want to learn the process

that’s the right way

and this freaking vpn is killing me

Bye

in what ways?

Let me ask ai why this is

Irony

Indeed

TOUGH

Bloods took longer back then

https://tenor.com/view/demon-cute-gif-18252118

@grok is this true?

the fear that everything ends up being ai generated, people not really thinking for themselves anymore

obviously im trolling, overall the world is still better with ai but sometimes i get those thoughts

the classic psychological bias of « it was better back then » too

@woeful cosmos is this true?

Wait, people thought for themselves before AI?

Shocking revelations

unpopular opinion

Nice very nice

69

xAI is hiring penetration testers right now. Up to $440k/year salary. On-site though 🤢

@maiden escarp are you offering more?

I can't deny that

don't ping random ppl 😢

Then don't have an ai nickname

https://cdn.discordapp.com/attachments/680837693428465679/1405261893920231497/caption.gif

spotted @silk talon

Hey XBOW, fix my code

My mind was blown when I learned it was pronounced crossbow

Yes

HackTheBox is pronounced: PwnTheMachine

oh xbow seems impressive af

xbox?

“Hey xbow turn off”

hey homebrewer, brew

https://tenor.com/view/brew-it-palpatine-gif-3350184901994555953

Guys where can i learn hacking for bug bounty huntingg??

CWES

lol

is that a website or?

Guys there's still time to be a pioneer in GOAT farming

Start now or be unemployed

I ping <@&473760315293696010>

Hello

This is a certificate that hackthebox offers

Impressive

ohhhhh

Reply to my hello 😢

It includes a learning path

Zero Click RCE?!

meaning?

TIL

It teaches you

It's a full course

ohhh and its free?

$8 a month

if you are a student

If you are not a student it's $1 Million a year

or close to that

i am broker than broke people so any free alternative?

Or just do portswigger (free) and actually spend time bug bounty hunting (also free)

You can get discount if you use my username as coupon tho

Portswigger

Can confirm

To some extent... if im not mistaken you start with cubes and you can buy modules from cwes (those teach you the skills)

what is portswigger?

Another platform

Free Courses

ohh

If only there was an engine where you could search things

High quality too

I’d call that a search engine

Damn think about that!

In the hands of the right person

ohhh thanks guys ill try portswigger then

Cool idea, im thinking fox based theme on the app?

it would be so so powerful

Be like me, do 20 seasons
Get 500$ credit
And find a certificate which costs 500$ and get it.

Im 1/20 done

Bro?

like GPT?

Thats labs credits

I'm gonna cry if they don't accept my credits for certs

They don't

Credits are credits 😭😭😭

Cry now

No they're not

Stream it

I am sorry bro

Nooo

How can they

You could try selling your account

There goes your billion dollar plan

AFTER you have the credits

/feedb឵឵ack why u do thus

I don't even know what is a season

Like if you have $500 on HTB credit

you could sell that account for $1200

And people would buy it

Easily

🙂

Nah i like my username

Well then be poor

Already am 😎

Then just be rich?

Tbh if i stay here for 20 seasons
I'm pretty sure htb gonna just give it to me lmao
Just to shoo me away

anyone that has hopes to be rich by doing hacking?

Obviously

By doing it?

Oh you can get rich by hacking

But not in a

I shall not be sad for this credits revelation

i dont have hopes

two options:

• Black hat
• Sell courses

Remember guys

😂

Despair is easy
Hope is hard
And i like to stay hard

I am hard right now

if i could get to black hat level then what else would i need😂 but i cant-

Just buy money

damn i dont wanna do that

tbh if i dont make it ill js jump off a building

cant make money make the headlines💀

omg

The sheer amount of scarcity mindset in this group

ill give u $2 for $10

You guys gotta meditate more

i was working as computer operator in delhi i was hired by AWS hakata , Japan

i will need psycological help

its just luck

Nah

I'm just gonna buy myself a cake and eat it

oh yeaaa day after tmrw my bday

can i boost the server

Well no happy birthday for u
I'll be getting all cakes

yes i boosted another server i got tons of scolding

atleast a happy birthday would be good😂

Do it

from who

not this server another server

btw how to get that cool nameplate thing besides the name

I'm cool

and why have u written ssoosss

I'm ssooss

i think you need to buy it

yea no im gonna do this till i die if i can but dk if ill be able to thats all

how did u get it

tho i think ill die midway😂

i am in platinum nitro

wasting money in discord nitro

i didnt know there was tiers to nitro cuz im tht broke lmao

yeah just sub for a year you will get to platinum

ill try man but w a $0 budget its prob gonna be TOUGH😂

easy peasy leamon squeezy

lemme hold a dolla

it does man

it costs money for the qualifications ig man

ngl

see the cost of certification

i could pay 1000

but its way beyond that

@scenic maple this guy is everywhere 😭 I am scared

yea i would have to sell my laptop and take out loans from 4 diff banks

if you want to hit the compliance only doing this wont help i guess

As you should be

https://tenor.com/view/dexter-doakes-squint-stare-suspicious-gif-14432154109786838518

👀

is portswigger a learning website or tools type shi?

no idea

isnt burp suit related to portswigger

i think so

i think its certificate also cost around $100+

shit i need to download burpsuite again

for what?

the subtitles sound indian

why do we use burp suite

bug bounty

Burping

its a company that makes the best web security testing tool on the market
to promote their tool they made portswigger academy
they also have one of the most elite security research teams ever

😄

packet cactching ot whatever i forgot technical term

yeah i had a chance to meet albino wax

infosec dudes and dudettes making up weirdest names and stuff

is he a chad irl too?

so i cant learn from there orr there is courses also?

i was fan boying

What's a dudette?

Those who aren't dudes

https://portswigger.net/web-security

Is my dog a dudette?

first thing whats ssoosss

is she

It's boobs
Learn your characters

oh thanks man

nah i learned german

that is german letter

We aren't in geman server

ẞure

anyone get to meet dawgyg?

but it is a german letter🤓

The only difference between he and she is that 's' in the start

ßhe

Wenn du Deutsch sprichst, antworte auf diese Nachricht.

Hm bad use of Wenn maybe

i skipped classes after wie geht es dir🤓

wie heist du?

Does HTB have a estimated time on merch deliveries to the US?

F

Specifically the East coast

It's instant

yall using the N word in german

how u know my grade

I'm tryna rock a HTB shirt to a cyber conference

Htb ones are great

Better than parrot ones

can i have one too

https://cdn.discordapp.com/attachments/140129091796992000/1407322181301567538/image0.gif

im from nepal so i have no hope of getting merch

I'm planning to get 2 T and 1 hoodie

oof

After season ends so i can get 50% Obv

My rastalabs shirt is already kind of messed up from the dryer

The borders

how do we get it

?

Dude use a dryer

Did i participate in the recent events

this dumb country doesnt have any merch gng

Note to anyone buying merch the graphics crack on high heat

Oh nah, is it that kind of print

feel free to use my design

wdym

Did u*

https://tenor.com/view/water-pov-cat-gif-21660003

no why?

me when her

Just asking

aye aye captain

My cholesterol being at 134 is too fucking low

ima send this to my crush

i broke

its 50 euros to get it to the usa with a 50 percent off discount LOL

Think about the turtles man

oh wait

wrong context

how much to ship it to Singapore

?

Tariffs are cooked man

I need more cholesterol

HTB is german right???

Greek

whattttttttttttttttttttttt

U got the merch?
I don't really know much about prints
But i know there's those which u can feel like a thin film of plastic/color on cloth (bad) and there's those which u can feel the color by touch (good)
Which one is it

thats like 6000 in nrs

Yes

It's Greek

The former

To me it's 30% of my salary lmao

better to get a tatoo i guess

Ah welp, I'll hold off on purchase then

Their hoodie is comfy though

geez

didnt know that Greece had a culture like this (talking about tech)

i only have 5nrs- not enough for a tattoo

The hoodie graphic has held up better than the shirts

😢

i could get one ice cream tho

They don't

Its been getting cooler so i think i may start wearing mine more

Astrology

I spent 3k INR to get like 4 great Ts
And htb single one costs 3K or so

But with shipping and all, it's kinda fair just for a occasional

Maybe i can ask my friend to print it

What's hot for u?

where u from?

Is 45° C hot?

yes very

Anything over 80 degrees (i am english i burn easy)

lmao nobody suing you for that... do it

a lot

Golam said we can use his design

In freedomheit

can you cook egg on the road?

Hehe 20ish °C is kinda cold here

I meant copying the original ones

afaik you can print a htb shirt and wear it
u cant sell it but i am not entirely sure

before actually doing this ask support

Golam said yes

Dont do that lol

Well actually its not like india cares

thats actually a nice business idea..

imma sell it for $15...

Golam said it ✅

selling is illegal

Make sure your shirt says you're htb staff

bro cropped by ss

see this is why we cant have good things

it always gets illegal

guys whats the best bug bounty hunting method?- im confused which to learn

fight the power!!

F

I'll print golam on the back and 71 as number
Like those football players (the one which you play with kicking balls by legs)

Get a list of fortune 500 companies and find those with a private bug bounty program not on hackerone. Focus on those

wdym method.... it comprises of recon, manual hunting and a lot of stuff

https://tenor.com/view/looney-tunes-elmer-fudd-bugs-bunny-quietly-walking-slowly-walking-gif-17088875

no like sql injection and css type shi

talking about bug hunting.... I got my first CVE reserved yall

RCE

Yes css to rce is in the top 1 owasp

css has nothing to do with bbh

unless you are doing like a pwn thing

not the language-

:0

css 0 days go for millions

CSS is the best hacking language

So the people in general do know stuff

lmao, I barely type here

I write exploit in html

i meant cross site script is that useful?

Xss

Xss rarely pays out

Oh i think that's why they say xss instead of css
To avoid confusion

i use notepad to hack ppl so dont expect that fancy shortform

Im still sitting on a few reflected xss simply because the owners do not care

why does gpu libraries break changes in version upgrade guys, should it not be backward compatible?

I reported a stored xss on a chatbox.. mfs were like, this is third party and closed it as out of scope

lmao

you should always read the scope

bro got swindled

If you report that on my project
I'll reply at 3am with reflect deez ....

https://youtube.com/shorts/BEPBNrqSVWY?si=7v0nriQzwTGcvp8H

Imagine getting ride from an apex predator.

Wow u are credit to a more secure world

Fortunately i don't have any project that has bugs

what do yall do to find bugs?

dude, the website was in scope..after I reported it, they mentioned that the chatbox is out of scope which is ridiculous. its like saying HTB is in scope but the support chat is out of scope

Sqlmap

That has to be AI or somethin

@scenic maple

and it works everytime?

and greenbone openvas

ghauri better

No but its easy

whatttttttttttttttttt yall relying on scanners for bug hunting?

how much did u earn from dat

Yeah openvas or nikto also

I don't hunt 💀
I shitpost

if the literature in scope describes it they cannot deny but if your understanding of scope lacked something then they will surely make it an excuse

yeah exactly, they didnt wanna pay

lmao

If you tell me your setup, and where to start
I'll put it in my todo and start doing it

I get nothing from bug bounty because its saturated

I'll get 4 AI and slop everywhere

i had always wondered humans ride horses what do cats ride

I just got my burp and terminal loll

I'll start with curl project

jaguar it seems

i never trust automated scans

im tryna freelance so isnt bbh the only options?

Well burp is the tool I'm most familiar with

Compared to other

Tools

I guess, cats are the real OP?

burp confused the shit out of me

i still use zap

https://tenor.com/view/giga-gigacat-cat-mewing-mogging-gif-12429734670640119345

i dont know what is burp

Wow capybara

😃

caido

burp is the best... I dont like caido and zap

i only know zap

I use fartsuite

zap is shit. looks pixelated

i hate burp cuz it confuses meh

they are genuinely very op tho https://www.youtube.com/watch?v=es5aPICeXOU

maybe i am used to it

I'm running on 2 coffees and a monster energy right now. I'm dead

Yeah but someone said it's saturated
So idk if it's worth going there 😢

sheep is for sleeping

Rookie

guys isnt bbh the only freelance option?

1 more wouldn't hurt

they said bbh is saturated not burp

well, its like development.. too many people but, if you are good at what you do, you make it

You can freelance as a developer
Make shit code
Ask them for freelance Pentest
Find bug
Ask for freelance dev (persona 3)
Fix shit code
Triple profit

look at this mans face and say that again

u sound rich lmao

oh... my...

Edited

bro if you can setup isms team and compliance documentation you may have another job as well

Cuz Pentest don't fix

but i see you are searching for easier path so i think you stick with bbh

https://tenor.com/view/patrick-bateman-calling-gif-22091641

Ok guide me to start somewhere
And i might try my skills

im searching for money

blud said easier

Reposting cuz why not

bro you dont need to 9-5

slayy

Man i got distracted and forgot to finish my job

9-5 is the thing im tryna stay away from so ig i should take my chances w bbh

I'll do it tomorrow ig

sure thing

You think bbh works for 2h and call it a day?
I'm pretty sure they spend more than 9-5

yoooo you got that cloudflare setup haha

give it a try but to fully depend on it i dont recommend

but idk how to bug bounty hunt

Did someone say bbh

ye

I have no security.txt 😭
Why u poking me

Ironically this was just in my mail lmao

You can tell me about details

I'm customer team

okay!! slides login credentials

tell me what u used to find bug

phone

and google

Anyways can I dm u

I got memea

Memes

tf u mean phone!!??i cant find w laptop and this guy found it in phone

this is like losing to a 6 yr old in chess

😢

He hacks smart toothbrush with his phone

I was kind of bored and not at home so I was poking around

is there a burp for phone

step by step tutorial now plez😂

🤔

didn't need burp but also, you can probably get it if you get kali nethunter maybe?

step 1: give me your credit card details

/jk

You got those stuff in your phone?

i dont have rooted phone

I was just searching for a specific kind of thing

nah

what did u use?

sure

tools from where?

My phóne has 1gb space left
I ain't deleting memes to add apps

Google. I was google dorking stuff

bishesh go do portswigger
and cwes from htb academy

after you finish you ask questions again

*cwes

you already have the link for portswigger

cbbh free?

maybe he is trying to get old faster

what is cbbh

its not

get asked questions*

its a cert

yes

certified bug bounty hunter

now rebranded to certified web exploitation specialist

just do portswigger academy then come back

that is against the law of nature

i need recommendation on what to learn in portswigger tho thats wht i was asking but got sidetracked

CSRF

Get good at CSRF

1. CSRF
2. XSS

Then start doing Easy HTB boxes

learn everything there

except for clickjacking

in ~3 months you will be amazed with what you can do

Haiii

k

thanks gyz

Learn SSTI, rarely looked for and still very common.

Be my friend

hmmm alr

Ssti is such a fun little vuln

ive never in my life heard that from a guy

Sti is fun yeah

I've never encountered SSTI ever

Sad

not sti-

apart from two instances, one in a challenge and one in a box

I feel like it is as looked for as XSS

I once had a crazy friend who would beat other friends it they became my friend 💀

@late nova i think its better for you to look some videos of InsiderPHD and look for IDORS

And if you're a masochist learn advanced SQLi and XSS

Ever hear of:
XSS to register a passkey?
or
Automating Boolean SQLi filter bypass?

I mainly see it on applications with advanced email templating

You always see payloads like "><i>test${{7*7}} sprayed everywhere

alright any specific vids?

ngl would probably still work with just {{7 * 7}}

This covers CSTI too

bro i gave you the creators name

for me XSS is easier to look for tbh. Like, I don't know how to search for SSTI. Type {{7*7}} in every input field? I don't get it

Yeah just a nice combo of injection based vulns

lol alr

Gotta identify that there's a templating engine in use first

Basically. If you get 49 they are cooked

but before starting looking atleast give a look at OWASP top 10

in those cases I try html injection usually

Ohh

I dont think there are much applications these days that use template engines.. I mean its uncommon so

But not all templating engines work the same, and some have particular methods

kk thx

Now I use 7*7 for all my XSS alerts so that I feel like I got SSTI

If it is client side template injection the impact is the same as XSS

few days ago i got medical report from one of the big hospital in my city
They used php , and get the ID in base64 in URL 💀

i use 47*47 , someone in the linkedin told me to do that

then what's the difference between the two?

logitech x superlight is the best mouse ever

yoo what happened to that website called haktricks.. I think thats the name. its no longer indexed properly

https://tenor.com/bOnH7.gif

Sounds like a good learning opportunity!

But thats soo dumb i think they don't care

Indeed. ChatGPT to the rescue, one sec

CSTI = angularJS xss

you should use 0+1
cause 7*7 is a bigger computation than 0+1 hence we must save time by doing 0+1 and get ahead of other bug hunters
cause remember if you come 2nd no one will pay you

Well the thing is if everyone uses 7*7 then they'd just filter it out so you think there's no vulnerability

alr guys ima learn everything in 1 night cuz im a masochist

{{1/0}}

7*7 is only used because that's what james kettle published in his initial research

if you try to learn in one night , hope you dont run away from what you started

i wonder what it takes to make ground breaking research

those guys are goated

Hoe

wdym

it became too dangerous so it had to be put down

you know, there are polyglot payloads too

time, interest and zero chicks

https://tenor.com/view/tsapa-tsapistis-τσαπα-τσαπισμα-τσαπιστης-gif-23951476

maybe identifying supplychain

Tester: {{7 * 7}} outputs 49: You have an SSTI
Remediator: *filters {{ 7 * 7 }}*: Test again plz
Tester: {{ 7 * 7 }} no longer works, but {{ 7 * 6 }} does
Remediator: 👁️ 👄 👁️

#curl

Send 'eli5'

https://x.com/albinowax/status/1940062192726155563

And it will explain properly

RCE in client's browser as in? A sandbox shell?

but, isnt there an alternative?? like its been around a year I touched a box on HTB or any other platform and now I am back, everything has changed. I dont see hacktricks.. + HTB changed. No KOTH type shi

maybe they are diffrent i guess

i am not sure as i am still noob

i remember the cisco fix when they banned curl user agent to mitigate a CVE 😂😂😂😂

hacker can do bad stuff

https://news.ycombinator.com/item?id=19507225

thanks that makes it very clear 😂

was so fun

See easy to understand

https://tenor.com/view/blinking-eyes-white-guy-blinking-meme-what-huh-gif-26334322

See my immediate instinct is to change the ID in this url from 19507225 to 19507224

bro can't stop looking for vulnerabilities... just because you can doesn't mean it's an IDOR

try do add '

ik but my hands go on autopilot

maybe u found sqli

https://tenor.com/view/calm-down-a-bit-calm-down-relax-gif-3234894596200294187

too bad they used double quotes in their SQL query

I am used to typing out <script>alert(1)</script> or ' OR 1=1 -- - in every input field I see

https://portswigger.net/research/xss-without-html-client-side-template-injection-with-angularjs

there you go

Nah

hear me out, replace that xss with: "><svg/onload="alert(1)">

Why?

GTFO golam, we only ask AI to eli5 here. No one actually wants to read the original post!

yall need cwee this is basic stuff

🤫

Where's your

i do

if it is filtered I usually do <sc<script>ript>alert(1)</sc</script>ript> before trying svg

Ever seen a website that filters out svgs? I've seen script, img, even p, not svgs though

nested payload is goat

i dont have a job so i might

Oh nice
I haven't done anything official other than CTFs
So used img
Will remember to use svg

Yes, but even if all tags are filtered you can still get xss with made up tags

Neither have I

altho if i do meet portswigger staff i would ask them why does their blog not have syntax highlighting and uses white as bg color

it makes 0 sesne

what if it encodes input? how do you bypass that?

oh yeah this too, this is funny as heck just using "><pwned/onload="alert(pwned)">

Yo

coal mines are fun and games until a robot does it better than you

you don't,

Hi ppl who are we roasting 🍖

im gonna js go into chess

Why not use this everytime then?

Because... made up tags don't work everytime

Why not

Don't want to sound needy, but is there a legitimate way to get some free HTB VIP? I'm trying to learn cyber security, but I'm not in the right financial position to subscribe, and wondered if there were programs or opportunities available

No filter issue

idk at least I don't

Also sorry if I can't do that in gen

There's a #giveaways active rn for VIP+ 1 month

There's a student discount for $8/month

for academy

Okay

VIP is for labs, which I'm assuming is what they want a subscription to

Usually getting an HTML tag in is the easy part, most JS events are what is blocked

I'll use

<if_u_c_dis_u_gae/onload="alert(if_u_c_dis_u_gae)">
So whoever is monitoring will ignore it

Do I have to be enrolled in something specific?

oh shi my brotha u in the same hole as me

Yeah 😭

You probably want to use onmouseover (or similar) onload will not work here

yeah there's honestly tons of ways, you can get it from seasonal rewards if you finish with a certain rank or placement, from giveaways, or in some ctf events where that's the prize

😋

It'd be awesome if I could understand that

yea im doing this rn😢

Im learning in general today
I'll remember these stuff

I know hats though

I'm tempted to make you two fight to the death for a VIP+ coupon

request smuggling still hurts my brain a bit

damn u more beginner than me

dont start with that lma

lmao

YOOOOO, that talk was legendary

I know

How to fix beginner: become not beginner

so i js wsted 15mins of my life

It's just a request inside a request

Real

using crlf right?

Beginners hear me out: you don't need to spend money to put the brain to work

pick topics from here
https://portswigger.net/web-security/getting-started
after you are done then do the rest

come lets be friends- hopefully learn together

I'm in highschool right now so TS is NOT easy

among other things, there's also the other way which is to upgrade protocols or swap protocols

nah man, we're only here to yap, not actually do the learning resources that have been recommended here hundreds of times

Bawlright

How old are you?

which grade- or year or whatever idk what they do in ur country

17

ya

damn

https://help.hackthebox.com/en/articles/9456556-parental-consent-and-approval-for-users-under-18

you should join this weeks cube talks to find out how to get started in cybersecurity

My dad works for Distribution Management

ITS A TRAP

Shit

🪤

I walked into that didn't I?

https://tenor.com/view/jeremy-wade-fish-on-fishing-gif-14304213

Everyone knows you get started in cybersecurity by giving a training platform money (this message was brought to you by a training platform)

is he getting kicked now or he can keep learning here?

:/

most of the time yeah, but some variants are just based on rule mismatches (TE CL, double CL, normalization) or on H2 --> H1 without any extra CRLF injection