#general

Im here all week

I done called her the greek titan Dione

is this rizz chat

winter

No need channel yet

onions are not rizz

New

elite knowledge

You know it

onions get you all the m'ladies

My first message here was 2022

Last when?

who knoes

2100

my last message here will be, she liked my onions

and then I perish from exhaustion

i was told cheese also works

Try petald

Its a daemon

I don't do daemons anymore

Ok

Hello. How can i talk to see about the founder badge?

The who?

who

whooo

*who

whhho

https://tenor.com/view/hi-there-hi-whats-up-head-roll-lets-dance-gif-438022142684575365

why am i gambling with this person, they reply once every 9 messages

it's like they cherry pick which ones they answer to

I know why I bother I don't know why they do not

I’m having an issue with ProLabs VPN (EU and US servers). Has anyone else faced the same issue and found a solution?

What issue

https://tenor.com/view/hhhhomeboyyyy-kings-dark-tidings-saga-by-kel-kade-bedroom-schizophrenia-watermelon-gif-21562324

Vro be less specific so we can just answer: no

erm hello my potato is generating anime

again?

did you nuke the potato or what

I can't connect

I keep for youuuu

is anyone interested in my netlify web site

should I post it here

Clap, cla clap

cla, cla clap

drinking tin can sprite all summa

doing it the way I want ta

Who let the dogs out? Who who who who

What's up folks?

Checking for bad blocks (read-only test): 38.81% done, 3:19:34 elapsed. (0/0/0 errors)

I'm running a badblocks test on my drive to see what's going on. Why the zpool degraded due to incorrectable errors

Hi chat

Tough work

I reckon give it to gawd to sort out, that always works for me

owwwwwhhhh mahh gawwwwdd

gawd has solved so many HTB boxes for me, I just pray and bang, the box opens up

I think I

I think I'm running out of karma tho

it's good when U eat pure distilled cheesus

networking is so boring

save me

you are running out of karma

do wot I did and giv up, all hope is lost

lmao nah

i need it

:c

does ur smiley face have a moustache?

is this reddit

or is it a #sadface

how tf can u see that as a smiley face

see thats exactly what i did to learn and i wanted to tell them to do that but its one of those days

shes tired

lol that sounds weird

wtf

theres a very high chance a lot of people have had one of these in 2022

i like how AI just agrees with everything I say

*that's a great idea

do real life humans help their women sleep

*that shows growth

Im not a real life human

me neither I'm a gawd

yes

ok so im not insane yet

oh i crossed that bridge a long time ago

I would react with a lol emoji but

im not too behind you

my favourite is when they break ur leg and punch u in the face as *treatment

"we had to do it, he was the Hulk"

"he bumped it on a wall"

every injury by the state is a bump against a wall

Hi

What's the yapping around here

oh don't mind me i'm just insane

i need to be locked up

and this stupid Scrimba site doesn't stop for the challenges it goes straight to the solution

Enough yapping for now cya

bye i'm gonna go so you can have fun with your budz

sup

Yes

Yo like thia conversation happened 2 days ago

But yeah you just start doing something

pants: on

Install windows

Thanks yay

https://tenor.com/view/stinky-gif-13519820042153273676

No

https://tenor.com/view/monkey-gif-3952880752940159135

Edible

https://tenor.com/view/creepy-hamster-stare-watching-you-cute-gif-17721600

we see the edits

@lime trout Found something for you. Ear protections!

Who up

hi everyone, are CORS issues normal in retired machines ? I just started the Heal machine and I got that issue, I even tried to restart it

Down

hey im doing a ctf for like 5 hours and i got nowhere can somone help me pleaseeeee😭

Tuff

Soft

Vro ghostping monkey

He gets berserker

Ask

who do i ask

I didn't wtf

You type a question here

xd

yes this works just like chatgpt, but a bit more sassy

const readline = require('readline');
const FLAG = process.env.FLAG;
process.env.flag = FLAG;

console.log("unary-only sandbox\r\n");

const purifier = (code) => {
    const allowed = /^[a-zA-Z0-9_/\s;!().+\-*]+$/;
    let codeForChecking = code.replace(/\/\/.*$/gm, '');
    if (!allowed.test(code.trim())) throw new Error('BLOCKED');
    const mathOnly = /^[0-9+\-*/\s()]+$/;
    if (!mathOnly.test(codeForChecking.trim()) && codeForChecking.length > 10) throw new Error('TOO_LONG');
    return code.trim();
};

const rl = readline.createInterface({
    input: process.stdin,
    output: process.stdout,
    terminal: false
});

rl.on('line', (input) => {
    try {
        const sanitized = purifier(input);
        const vm = require('vm');
        const result = vm.runInNewContext(`(function(){return ${sanitized}})();`, { console, process }, { timeout: 1000, displayErrors: false });
        if (result !== undefined && result !== null && !isNaN(result) || result === 0) console.log(result);
    } catch (error) {
        if (error.message === 'TOO_LONG') console.log("Can't handle that much math :(");
        else if (error.message === 'BLOCKED') console.log('Nice try !');
        else console.log('What are you doing ?');
    }
});```

i have this script im trying to escape the >10 character limit 
the most we got is 10

https://tenor.com/view/imostergolfra-gif-25274972

Vro that's not typing a question. That's giving me a code to review without context and asking me to fix it

tf you using js for?

You are https://chatgpt.com//

it has to do with javascript payload , and i need someone help explain unary syntax in javascript to me
im lost with it
i have a basic idea but nothing leads me anywhere

Unary or ternary?

unary

urinary?

Unary? +

The plus symbol?

yes

Vro I do whatever I want with my operators

https://tenor.com/view/bro-is-finished-cooked-finished-dog-closing-eyes-dog-with-eyes-closed-gif-8933440936102921947

im cooked

https://tenor.com/view/epic-embed-fail-ryan-gosling-cereal-embed-failure-laugh-at-this-user-gif-20627924

why would you need more than 10 characters

Exactly

I just joined htb's group what is happening :))

The context was here:

process.env.FLAG

🦗

no you don't need to refer that

we can't help with active ctfs @spice sparrow

Is it a rule?

I already have a few guesses of where that challenge is from

Ofc bruh

Which one

For active ones

Rule number

I'm listening to an old cube talk

Do not talk about fight club

unless you join my team

shhhh

Falcon almost read FFUF as fuck faster you fools

it's either infobahn or usd hacking night

Thats not what it stands for?

From now on it is to me

Vro i am back to sleeping at 2 am

Vro fix yourself already

Right right i ma sleep good night

Vro stop ghost pinging that much please

@mystic harbor

https://tenor.com/view/waschbär-raccoon-durstig-thirsty-drinking-gif-16027972

thank god for the beta

so much easier for me to read the articles

instantly makes it easier to focus

Hey if anyones free i wouldn't mind getting some help in #modules

I just forgot to respond cuz it didnt pop in my notifications

does anyone know a good subdomain scanner?

something really good

Doesn't gobuster do that?

It's what gets promoted in the Starting Point boxes

ffuf

i meant a wordlist**

sorry

is there anything like 10000x better than seclists or nope

Checking for bad blocks (read-only test): 72.70% done, 5:51:33 elapsed. (2/0/0 errors) Found 2 badblocks I think so far

It's a 13.5 years old drive though.

I don't think so, if you find something please let me know

fs

i need to make my own cmd to directory scan subdomains and just ping it back and show results if it's protected by WAF or not

quicker and faster

Do you mean for subdomain enumeration/ brute forcing? Or did you mean directory brute forcing

ya i only know how to type <script>alert()</script> into every input field

I havent thought of looking for an automated XSS tool yet

i guess we could say just a good good wordlist but also a scanner

i found an unauthenticated download on the hypixel network im trying to submit for a bounty reward

For subdomain enumeration I would first recommend subfinder (with API keys set, duh) then passing the results into something like project discovery's alterx, which makes permuations based on known subdomain names. From there you can perform DNS brute forcing like normal with that list

If you just mean a wordlist for directory bruteforcing then go with assetnote's wordlists

Yeah, i saw subfinder on github im just trying to spend time creating a folder of all useful pentesting tools

I like the burp extension reflector, it has earned me thousands

o can u show me this?

unfortunate

rip

https://github.com/elkokc/reflector it's a bit old but works well. I am actually working on an upgarded version with burp's newer API

does it "pose any security risk"?

Well not really, just something you shouldnt access

but in this case, if they did upload sometrhing sensitive

it could become a compromise

all it takes 1 fault and rip

i got it

why is my VM pretty slow

:c

I also found a UUID spoof on an mc server and i got instant access to ingame cmds, and they had like old litebans on and i was able to execute sqlcmds for their db

show ur settings

bet

also whats ur computer specifications?

gtx 1050 ti i5 2500 8gb ram

owch

its pretty mid but eh

it should get the job done

i mean not the worst in the world for a pc needed to run a VM

yeah ik

i5 2500 should be fine

okay how much cores r u throwing into the vm

and ram?

2 cores 2gb ram

i had to run an AMD laptop from 2014 for a VM one point

could u perhaps throw an extra gig of ram?

3.5gb?

i mean this pc im using rn is optiplex 990 which is from 2011 but i did upgrade the ram and gpu

ima try that

should be fine

throw an extra 1.5gb of ram

and also monitor how ur computer is doing on resource consumption

background apps u dont need, take it off

in the VM itself?

no on ur actual computer

does it affect the vm

didnt know that

had like 10 edge tabs open

background apps does take CPU, RAM

close that

edge is rly terrible

ik

idk why am using it

switch to librewolf 10x better

i mostly use brave

and it's privacy focused as hell

but i formatted my disk

brave is good too

tho

yeah

brave's fine

i justr like librewolf

what is librewolf

first time hearing abt it

it's basically a security hardened firefox

used for privacy

thats cool

might try that

https://librewolf.net/

go for it

bett

Awoo

have u done bug bounties before?

i dont know if it would get paid for finding that issue

@lilac cipher has submitted bug bounties

@lilac cipher i summon yu

what did u find

no fkn way

LOL

and they ghostyed that?

ngl bro i think u just got beamed.

does it still work?

no way

fkn dx the owner of the company and msg his number through a texting app

easy

say "hey bro! i found default creds now pay me please i gotta feed ma dawg"

oh

Hola folks

How's it going?

oh what do they pay in?

how to get banned from BB platforms

good just coming back to pentesting again

LMAO

kudos points is the best currency, it is immune to inflation

okay im currently using this fox

its kinda ugly tho

└─▶ sudo smartctl -a /dev/sdc | grep -E "Reallocated|Pending|Offline"
Offline data collection status:  (0x84) Offline data collection activity
Auto Offline Data Collection: Enabled.
Total time to complete Offline
Offline data collection
capabilities:                    (0x7b) SMART execute Offline immediate.
Auto Offline data collection on/off support.
Suspend Offline collection upon new
Offline surface scan supported.
5 Reallocated_Sector_Ct   0x0033   200   200   140    Pre-fail  Always       -       0
196 Reallocated_Event_Count 0x0032   200   200   000    Old_age   Always       -       0
197 Current_Pending_Sector  0x0032   200   192   000    Old_age   Always       -       2
198 Offline_Uncorrectable   0x0030   200   200   000    Old_age   Offline      -       44
200 Multi_Zone_Error_Rate   0x0008   200   200   000    Old_age   Offline      -       0

I'm trying to salvage a 13 year old HDD

Only 44 uncorrectable sectors and 2 unreadable.

My ZFS pool degraded so I migrated my data off the drive

sup htb people

now I'm doing a badblocks scan

I would do mhdd, but that requires me to reboot and I'm not doing that right now

MHDD is brilliant.

But badblocks is good enough

oh yikes

9 Power_On_Hours 0x0032 001 001 000 Old_age Always - 117029

13.35033 years power on time

WD Caviar Black 1001FALS

Back when WD made excellent drives

I bought two, the other one is fine

this one has a few bad sectors now

9 Power_On_Hours 0x0032 001 001 000 Old_age Always - 121601 Here's the other drive, almost 14 year power on time

5 Reallocated_Sector_Ct   0x0033   200   200   140    Pre-fail  Always       -       0
196 Reallocated_Event_Count 0x0032   200   200   000    Old_age   Always       -       0
197 Current_Pending_Sector  0x0032   200   200   000    Old_age   Always       -       0
198 Offline_Uncorrectable   0x0030   200   200   000    Old_age   Offline      -       0
200 Multi_Zone_Error_Rate   0x0008   200   200   000    Old_age   Offline      -       0

0 on all counts.

Just old age

i wonder if anyone ever got hacked through path traversal

Sure many

I assume

Not as common these days as it was 20 years ago but it still a thing

millions duh

i keep getting called that ion know my pfp trust

eh

ok

I was using LibreWolf but saw that they no longer release via brew, and a whole thread about how they're such a minor browser that their release channels will always be an uphill battle

Ah i see

Still somewhat common in places other than just the classic ?file=../../etc/passwd. For example I've still seen a lot of filename path traversal recently where uploading a file named ../test.txtmay traverse outside of the uploads directory

Right

Even at renaming files sometimes

Yeah any sort of file operation like copying, moving, or downloading would be a high value target

Sshhh adults are talking

Kids are joking

man I'm at the beginning of cybersec, just getting into networking and web , modules on HTB and CCNA. everybody is telling me to jump into CTFs and I don't understand nothing. should I do more modules and learning and then start again or do I just do CTFs with walkthroughs until something sticks up with me

or where can I find extreamly easy CTFs and challanges

PicoCtF

it's important to identify what area of cyber security you want to be good at. Be that DFIR, pentesting, GRC, good at CTFs, good at bug bounty, etc. From there, learn networking fundamentals (net+ level, no need for CCNA unless you want to), learn security fundamentals (sec+). Then consider signing up for a platform like HackTheBox or TryHackMe to get some hands on experience with offensive security (assuming that is your goal)

i cant redeem my giftcard
does the gift card have an expiration date?

Needs more details. What gift card/from where? To what platform? HTB academy or main platform?

HTB Academy i guess
i got this gift card as a gift via mail

It looks like it's valid for both
To redeem this gift card, select a product from HTB Platform or a subscription plan/cubes from HTB Academy.

https://help.hackthebox.com/en/articles/5986762-contacting-htb-support

okay thank you

I really like the idea of readteaming/bugbounty hunting and I started with CCNA so I can gain some networking fundamentals, a certificate and maybe an entry level job as a SOC with the help of junior cybersec and SOC paths from HTB, and then leverage my way up to pentesting/redteaming

but for now I'm struggling so hard on unassisted CTFs and challanges

that is to be expected, it took me 7 months until I could do some ctfs. PicoCTF helps with learning, try not to burn out though.

Real life stuff is typically way easier than ctfs

But I do find myself using techniques and knowledge gained during ctfs in the day to day occasionally. You never know

The sands of time will try to reveal... the weakness of our existence it holds.

some really wise words lol

yea I guess I'll just continue with my learing and then start doing tracks on HTB

hey guys

just want to ask to spare myself some time if I am doing a mistake, is cisco packet tracer a good tool to use so I can learn network concepts from my cybersecurity junior analyst program?

Hi guys

Tame Impala

@undone fossil add me

hi guys, where can i ask for help. Im trying to use htb api

Htb has an API?

yes?

Oh I see, thx mate

You are a legend ❤️

Wheres my ruby rank

Red is such a nice color

It reminds me of her

Does any have any advice for this also, I've read, watched, and written notes plenty about red-teaming, but when i sit here i fail to apply my knowledge and just get stuck because the environment like having a updated tools and then the machine is old or even just little CMD problems, and those extra steps I fail to apply in real-time.
And also when reading walk-throughs, some people like to save NMAP output or even set rates or do NMAP scans differently should I adapt to those, or just keep them of acknowledgment and stay in my own learned path?

I havent been to a party in years and here i am with my cousin

connect to the wifi and capture traffic

you have to actually do stuff, it takes training (by repetition) to remember what nmap flags to set and what steps to take during enumeration based on various inputs and outputs

machines are rarely the same, there’s always something different about the results you receive

you just have to absorb many different types of results through different flag prompts and then naturally you’ll understand which flags to set for new future attacks

reading only gets you so far. you understand you need to set ports and flags and rates. but when it comes to actually applying, you need experience with all sorts of ports, flags, and rates, to understand what could potentially happen 🙂

it just takes time, not a few weeks, more likely a few months of solid repetition, day in and day out

use the terminal menus for tools, get familiar with how the in built menus look to do quick lookups on the fly

git gud at utilizing the tools documentation to find what you need

the constantly in use stuff you’ll memorize naturally, but get familiar with what is possible

attack the same machine many many times using different options, understand what works why and when, and what doesn’t work why and when

once you form a baseline in your mind, things become somewhat like autopilot, but you need to train yourself over and over and over again. You can’t escape the reps!

lot of text bruh

stop watchin videos and start doing

do da do doing!

Hellos

It's what I was looking for very good.

No different to fitness really.

Has anyone tried the beta 2.0? Does anyone know if they will still keep the note taking feature for the modules?

Had instant issues with 2.0 so reverted back to legacy.

I did not see the feature for taking notes in the module which is why I am asking

What issues did you experience? It seemed to work for me at least, very smooth and quick

would I just go with what I got, what about if I run into problems with packages to even machines, would it be appropriate to go back and watch the video then? Along side of me doing the machines?

Just a broken link for a module.

On my dashboard.

https://www.synacktiv.com/en/publications/lsa-secrets-revisiting-secretsdump

Nice read

regarding the outputs

yes

get in the habit of outputting your scans into a text file

when you attack a machine you should create a folder, it’s where you put all of your outputs and notes

when it comes to actual engagements, obviously you need to be careful what you leave behind, but nobody is watching your HTB machines. the goal is just to own it. this enables you to leave things behind and utilize them while you work.

get in the habit of turning your attack machine into a tool/notebook itself.

then learn to remind yourself to remove your traces.

this will teach you to not leave a trace over time.

yes, it’s more work, but, it’s the right sort of approach. these are foundational skills, might as well build good habits initially

Did you let the team know? They would gladly jump on it just let them know which module

Not yet...just signed up so working out how it all fits together. 😋

Nah im not here for that i dont even have my laptop with me

I would say jump on the paths and keep it consistent even when it gets hard.

https://help.hackthebox.com/en/articles/5297528-academy-modules-paths

👌

echo "yo"

yo

can i ask u something

https://dontasktoask.com

i already asked my question

🤯

my question was if i could ask a question

can i ask u something

u forgot question mark

Bro got some kid to run rm -rf /* on his only working pc, and thinks he deserves respect after that. I called him out on it. I said flat out, "You're an evil piece of shit for doing that to someone."

WTF is wrong with people.

There are some seriously evil and black hearted people online who only want to hurt others.

I don't even care if the mods in that server ban me for calling him out like that.

You can always DM a mod if you have a concern

nod

on the bright side, a very important lesson was learned in entering commands without checking what they do first

HAHAH why bro using linux without knowning the basic

How do you get to know the basics? By using something

yeah and rm -rf doesn't only apply to the main path? it applies to any, therefore its basics.

I don't understand your critique

You're blaming the victim?

That's not very cool, dude.

We should be helping noobs, not destroying their computers

nhom nhom

Too bright

That command doesn't work anymore. It's missing an option

https://www.youtube.com/watch?v=J0PZi_bCJPc I just randomly came across this. Kickass tune

Oh I meant to post that in #magical-tunes

who mains a linux distro without doing any research thats just nonsense

i use wsl.exe just to get the basic and if i ever need to just boot vm or dual boot

I can't dualboot.

I don't like it. I use VMs

I have linux as my main desktop and I run Windows VMs

Kali VM and a full VM lab, and proxmox even inside a VM for LXC container home lab

for learning network segmentation

sudo dd if=/dev/zero of=/dev/sdc bs=1M status=progress
645462491136 bytes (645 GB, 601 GiB) copied, 6192 s, 104 MB/s

not too much longer left. I was zero filling a HDD

Trying to see how much life the disk has left

13.5 years old WD Caviar Black drive, 1TB

I bought two of them. The other one is still fine.

Almost 14 years power on hours

SO I got an internship but they want me to sign a non compete and not get paid

Fuck....no

Damn

I would do it just for the experience

HELL NO

I would.

Seriously

What's your reason for not wanting to?

What's the internship for?

Do you have experience already?

What will you be doing?

yes

Or position?

Cybersecurity intern where they want me to develop cyber content

Fuck...no

I mean I did that at my old job but I got paid to do it

I wouldn't recommend it because there might be little to no expectations

Are they promising a job for after the internship?

nope

Is it for college/uni or independent company/org?

startup

Ya don't do it

https://tenor.com/view/hello-hi-hy-hey-gif-8520159980767013609

https://tenor.com/view/embed-no-no-embed-megamind-megamind-meme-gif-25261934

fuck off

woah~ calm down mate, it's all fun and games. It's the internet after all

Here's a list of ways to get embed perms: #general message

does anyone here have physical experience as a red-teamer like going to a facility if so I want to here stories

how many machines to get hacker rank?

I can't recall exactly but if you do all easy machines you should get it pretty easily

https://tenor.com/view/clash-royale-clash-royale-cry-gif-24486552

WD1001FALS-00J7B0, that’s one of the classic 1 TB WD Black “Caviar” (7200 RPM, SATA II, 32 MB cache) models from around 2008–2009.

Those were tank-grade drives for their time — double-arm actuator, high-end firmware, and real metal internals. They were actually rated for 1 million hour MTBF, which it clearly obliterated at 121 k hours.

13.5 year old drive, 13 year power on hours 121k, and only a few bad sectors

Not bad at all, WD. Not bad at all.

These days they make drives that fail after a few years at most

Im guessing these were military grade drives or just high quality huge company drives?

WD Black Caviar were built like tanks form the 2008-2009 era

I'm impressed these drives have lasted this long for me

Amazing

Doing a 0 fill on a 1TB

766188191744 bytes (766 GB, 714 GiB) copied, 7627 s, 100 MB/s

sdc 358.77 2.25 91313.50 0.00 17901 725279412 0 but iostat reports this

I think dd does an averga over the whole period

while iostat is more accurate

sleepy

Go to sleep!

Rest

Wake up and worship the holy box later

o great computer, my life to you!

dun dun dun!

Chat, little Caesars is the best damn pizza chain

https://tenor.com/view/cat-chat-cat-fall-hello-chat-cat-gif-24961178

ur actually nasty asf

fuck off

LOL

Yeah fuck little caesars

https://tenor.com/view/cat-cute-follow-me-gif-4273618567139914195

that shit's bad for you

unhealthy

orange ass pizza chain ts nasty asf taste like cardboard

I don't like fast food pizza chains

Deep dish is better than NY style

link in park? like from zelda? or is there a clickable www item in the park

https://github.com/charmbracelet/ultraviolet

Whoops! I cannot DM you after all due to your privacy settings. Please allow DMs from other server members and try again in 1 minute.

can anyone tell me about Neurogrid CTF, for whom it is ?

morning chat

uh oh my gf woke up, back to sleep 😴

Using arch with testing reposetories is like playing with fire. My system just crashed cause I have updated it

Just use void Linux instead

Use windows

@supple plume how are u awake

I'm working on my hacking skills before 7am

So u didn't sleep

that way some day I'll be the boss of the HR that doesn't even look at your resume

Then hire me

let me get myself there first

bitch you can help by not pinging my ass all the time

ceald is streaming game xd

@supple plume hello

I just triggered you again

I can't watch now but

@supple plume how are you

Lol

hi!

@supple plume do you mind being pinged

trigger deez nuts

only by that ass, you can ping

Well i need to ss that message where you said I don't get mad

you need to make me mad to have some use for that

Sorry, I'm not gay

Hmm 🤔

Teach me some hacking please, idk anything can you be my mentor

Nobody was asking that, no need to defend yourself

You can be gay

Vro yoy probably know more than me

False

Youre ranked higher in htb

https://tenor.com/view/senjougahara-good-morning-chat-gif-8205825995750531493

First one was better

There was no first one

That's only you

https://tenor.com/view/cat-cute-follow-me-gif-4273618567139914195

Good Afternoon

afternoon ? its 8:20am here

Bro finally discovered timezones

timezones ?

https://en.wikipedia.org/wiki/Time_zone

its also 8:20am on the moon right now

Mate, pretty sure the moon rotates too slowly to even have a 24hour time

u mean 23:59 hours

https://cubeskills.com/tutorials/the-beginners-method-for-solving-the-rubiks-cube/first-layer-cross

why is bro sending CFOP?

It's 0735 on the moon rn

no its 0835 on the moon

guys what are the ways i can get more cubes

speedcubes

Moon goes by UTC sorry 😔

?

Swipe your credit card

with magnets

im broke tho

Exploit your skills in the labour market for an income

@sick gate 0xwild thinks theres no 24hours on the moon

and he thinks theres something called timezones

He's kinda right

They just use UTC for the moon

one side has always light

and the other side never gets to see the sun

or never gets to see the earth

idk

moon has light itself , the sun needs light from the moon

i know thats what i mean

😆

@zealous charm sup! hey I would like to ask you, since you're a bug exterminator, would you say command injection nowadays is still somewhat present or not really?

guys so like i found out

you can get cubes

through

referals

just saying

that link is looking real shiny, i think you should click it

i found a way to get unlimited cubes

how

go to ur profile page where u can see ur cubes,

2. right click , inspect source code

change the amount to 9999999

bro is talking like a true hacker

How dare bro exploit HTB

dont tell them or they patch it

New discovery

ye

I know how you can get cubes

cheat code

-# by completing modules

||shh dont tell to anyone||

Or you can use photoshop

@mystic harbor or u just take ur ps2 controller and
L1, R2, R1, triangle, square, circle, left arrow, 2x right arrow, L1 + L2

this cheat code completes all modules

Why U judge that I only own a ps2

ok but i thought that only keeps your cubes you know the same or decreases it depending on teir

I mean jokes apart, Ofc you need to pay bro it's a course

ok

you spend money to get cubes; or you can participate in the current competitive season and get rewards

see, i was hoping for a answer like that

if something is free, u are the product

i like to be the product tho

😆

the best value is the monthly plans for cubes per $;
annual comes with writeups/guides to help those who are struggling

but annual doesn't give cubes, they're access based subscriptions

silver -> all t2 and below
gold -> all t3 and below
(both annual)

Dont give me ideas

finally someone who is explaining things i was supposed to have read in the intro

yes i agree, instead of buying junk food or fast food, buy a subscription that lasts for 1month instead of 2minutes

it's something you can easily find out by reading help articles

also general is rarely the place where you'll find people being genuine

if you wanted to ask a question like that and expect serious responses: #1024429874246590575

thats how it is in most discord servers

wait your a moderator

that makes sense

ok thanks

@rose crag noproblem

https://help.hackthebox.com/en/articles/5272936-introduction-to-htb-academy#h_6ac6f773e1

me being a mod doesn't exclude me from having my moments of trolling people

Nope freedom fighter

😆

i'm giving benefit of the doubt that you're either
a; a child
b; english isn't first language

let's stay away from world politics thanks

Ummm, Does me being a child

get me banned from said server

😭

how old are you?

Dont cry bro

the highest people does this on purpose so we fight eachother instead of teaming together, so they can get away with all the money and power

.........

if your talking about discords tos i am above that age

you still require parental consent per HTB ToS https://help.hackthebox.com/en/articles/9456556-parental-consent-and-approval-for-users-under-18

and English is not my first language

anyways

third

?

that's why i gave an a/b option based on your behavior :)

30

95

i never learned english in school, runescape and hollywood movies teach me english

my first langauge is tamil

last of the millennials

I thought tamil was mexican food

i dont think i should have said that with a server full of hackers

..........

TAMALEEEE

😂😂😂😂😂

either way; we still require that you've filled out the parental consent form to remain in the server

curl ifconfig.me

maybe its time to delete urself

curl ipinfo.io/IP_HERE/json

mannnnnnn, i should have just shut my mouth

u dont need mouth to type

SHUT YOUR FINGERS

😆

If you don't want to or can't get your parents/guardians to fill out the Parental Consent form. do you have any last words?

now you need your feet AND hands to go get parental permission

wdym she

bro chill

i can get the consent form

that one

Vro

just lie that u are 41y/o

lying at this point would just result in a ban anyway

lying is a bad thing

you trying to call me she and gay too much that means you're probably attracted to me

😆

yes

no doubt

I have to give my full name?

AND MY ADRESS

hhahahahahahahaahhaha

hahahahahahhahahahahahahhahahahahahahhahaa

please dont leak it here

plz do

just provide the credit card number

it's all via the support system. only staff see that information. none of the parental consent form info is seen by anyone EXCEPT staff

who does this form go to?

u can just put in the address: streetname 20

https://help.hackthebox.com/en/articles/5986762-contacting-htb-support

^

so you can see it

no

He is not an employee

it's not my job to view the form. the P/C article i sent earlier tells you how/where to submit the form

golom is back

good morning legend

why would u need to fill in a form anyway, dont do it

after discord losing my id i dont think my father is going to fill that form

but anyways il try to convince him

then they can get banned from the platform

also how much time do i have

henlo luke warm water enjoyooor

5 mins

😆

5 seconds, think fast! (this is a joke)

I understand but to follow the legal procedures we have to do what the law says.

Hi

we're putting him under pressure hahahahahahhaah

False

you have until the staff that handle this sort of thing wake up and get to it :)

Wassup Tejas

Learning stuff

wassup?

🫡

which is how long?

yes

😆😆😆😆😆

very informative

he is defintly a minor 😆😆😆

A bit bored since the malware campaign I was researching with some people stopped.

i don't know when they wake up, so i can't tell you LMAO

Until tomorrow morning. I'll be processing it.

can't you ask them nicely to continue

Maybe I should work on my edr and SIEM framework for a bit

the way you said that..........

sad, what kind of malware it was?

Lmao. Idk what apt is behind it so no

KongTuke malware

not much of research if you didn't even identify them yet

Someone said they wanted to eat sloth. Look out @silver forge

sudo apt install

As soon as I saw publications posting about a clickfix malware acting as captchas I knew it was over for that campaign

sloth have almost no meat on them, and they taste bad

There may not have been an apt behind it tbh. It was kinda short lived

I was reading about the new Crimson Collective last night I was trying to learn how they managed to get into RedHat but couldn’t find anything concrete just that they contacted DarkReading but DarkReading claims they never explained how

@west venture solth says..

Public feed says it went on for like a month

https://tenor.com/view/orangutan-hide-funny-grass-gif-12473035910100820179

Lol.

asking for a friend:
is htb more advanced than thm

yes

☺️

Chat, should I post the samples I reverse engineered on my blog? Obviously I won't include the IPs hosting C2s or the next payloads in the chain even though those IPs aren't up anymore

last night I dreamt of being a soldier in a Roman army, moving to a new war zone. our dwellings sucked so I picked the strongest largest men, and coordinated the building of encampments. I designed it so that we would dig 2 meters down, fell some trees for walls, and then put tarp on top and some stones as the floor. and oh, fireplace. when the first one was ready, we were so proud of what we had done.

I don't even think I got close to their C2s

bro is hollywood movie in his dreams

It was pretty cool reverse engineering the powershell scripts. It was a bit tedious tho because they were using invoke expression and xor operations.

what

I’ll read it

didn't get into battle though. but in reality you have to take care of the logistics first so it was more realistic.

when is part 2 ?

I couldn't get my hands on 2 scripts in the chain that would lead me to the C2 servers because by the time the IP hosting the script was public, it was already old or moved.

I was thinking about boats for transport

😆

ye no way i am giving that information ima just leave

one of my next classes in my degree program is report writing I'm curious how much it'll line up with the doc & reporting module (regarding writing a good report)

boats are great, but move better on water than on ground

come back in 5 years when you're an adult

4 but ok

ty, now i know how long to hold the tempban for :#

ok

chess how old R u

do you not know math?

15

if u are really a minor, like 15/16 , i hope u stick to cyber security as u have a lot of years to practice

no

https://tenor.com/view/he-has-a-wife-gif-25559895

https://tenor.com/view/zuko-thats-rough-avatar-soka-funny-gif-9847954

also focus on python and C language

and build offline websites with html,css, javascript and later php and sql

C is for boomers

https://tenor.com/view/my-job-here-is-done-bye-done-gif-14879937

Use rust instead to piss off Linus and the owner of ffmpeg

https://tenor.com/view/forest-gump-wave-hi-hello-howdy-gif-17500258755908763204

😆

he is walking on his treadmill rn

not sure if you're able to grab the info Tejas because the new system is weird

Chat, if you wanna rule the world just own the main repo for ffmpeg

which info?

i read that as ffmpreg... i need off the internet

user info for the platform, ToS stuff

Lmao

I can from platform admin panel

ahhh so it's just the discord bot that's borked when it comes to that stuff

Yes

-# #blame_Emma

But you can use #verification-logs channel

The sad thing is, the threat Intel I have is great but like it's not meant for getting new malware intelligence like if there's a new never seen before malware campaign (this is the exact thing I need ). It's more for investigations.

no ryan. but he said use that channel

it says i have no access

can you give me perms to use this channel too?

Yes ask big daddy or grandpa

but the usernames don't match the platform name, because for whatever reason it doesn't sync usernames

error_loading_message();

once an hour or so?

i've seen people in here that have been verified for days with non-compliant usernames

Am not sure anymore, ryan asked me to read the changes he made and I didn't yet

will read monday

LMAO

it's weekend, no push to prod pls

even if I made PR infra won't deploy without review

no fun

I told the people I'm working with for learning malware analysis to treat all public intel IOCs like IPs hosting malware to be dead/moved and to treat any sort of public news about a campaign as the campaign being dead or dying.

I have been using a laptop keyboard for a while now and my fingers started hurting. I switched back to Keychron,, and it isn't much

"this IOC is dead/dying disregard it if it's in our prod"

me who has been using laptop keyboards for years:
👁️👄👁️

I was using a laptop keyboard until 2024

Now I can't

I take keychron anywhere I go

Lmao thankfully I have a VM that's meant to be compromised being isolated from everything else

i am using a mouse with fast-scroll wheel since few months ago and i'll never go back

Oh shit i found out how they did it, crimson collective OKEEEE BYEEEE i have to read this whole blog now

fast scroll wheel for the recipe blogs that have an entire novel before the recipe

hahhahaa or the man pages

i just ctrl+f

true

i was thinking to switch to a laptop keyboard as i can type faster, whats wrong with laptop keyboard ?

i got one with separate keys now

i know grandpa who is big daddy

falcon?

flacon is grandpa

who is big daddy

khaotic

i see

i am gonna write it down

Yup

sinfulz and clubby are uncles

so that makes you a brother

Idk, am bad with relationship hierarchy

https://tenor.com/view/family-history-penguin-pudgy-lil-gif-16902098680276402819

Hello Tejas

Hello Golam

howdy

How are you

this much Ik lol

fine what abt you

I'm sleepy

sleep

couldnt find a better gif 😔

I should drive my car

Actually we're looking into some ghost rat malware.

dizzy driving is bad

and dangerous

Hopefully it's a single payload and not chained like the last one

That's why I will do it 😈/jk

calling 100

No

Bruh

"a guy on discord said he will drive while being sleepy, GO ARREST HIM"

Yes

😂

Why would you not post the IPs of c2 servers you found on a malware?

and here is legal name

Ayo don't reveal my name

why would I

its salman khan

its jeoever for you now

Nah I don't drink and drive like Salman Khan

💪

https://tenor.com/view/as-controversial-as-this-may-sound-seth-meyers-late-night-with-seth-meyers-controversy-this-may-sound-controversial-gif-20020434

some people fall asleep while driving

He and another person in Bollywood have got so many controversies that one is made into a film and the other is not yet made.

Who other

the other guy who had guns in his car trunk and was named to have helped in mumbai attack

Ahh

did lots of drugs

https://tenor.com/view/catdriving-serious-cat-driving-focusdriving-gif-14852106731598068518

I think all celebrities do drugs

i think all weak people do

well, we never know

it could be a smear campaign as well.

Rappers do

Yea they make their songs flexing on it

Yea fr

drugs = bad 2>/dev/null