#general

I'm connecting via openvpn, not using pwnbox at all

You seem to be connected to multiple VPNs, which suggests multiple openvpn processes using configs from your account

You have an active Pwnbox

(if your username here matches on HTB)

Oh, did you just delete it?

😄

yes, same name

did not delete

I'd advise checking for any latent openvpn processes, or just rebooting the VM / machine you're connecting from

I'm still seeing connections to multiple lab types.

Wish I could help further, but that's all I've got. Support would be your next step.

I'm not even logged into academy

I didn't say Academy

only the main platform

hi

hi

Check on the machine you’ll be using as your attacker machine for any openVPN processes that are running and try to kill them. Or just restart your VM and that should work as long as it connect to the VPN properly again

There is no logging into academy or labs except for when you actually login to your account on the website

You just sudo openvpn /path/to/VPN/

Only seeing one connected server now @lapis grove - is that looking better?

I killed all vpn processes

As for the "padlock icons", where are you seeing those specifically?

On questions for the labs, for instance, the starting point machine "Unified"

Have you clicked "Spawn Machine" again since fixing your connection?

Well, I haven't started a new VPN connection yet, but the website says I'm connected to 10.10.15.10

If I do a ip addr, I am not connected to anything

I'm not sure what else to say then. There must be another openvpn client connected with your account somewhere

I'm seeing the same that your account is still connected

Others when they are bored -
"let me go out and touch some grass"

Me when i am bored -

https://labs.hackthebox.com/achievement/sherlock/1056246/748 I can't touch grass yet got more boxes to do

picture of anime girl with weeb name xD

htb makes me think my brain hurts

lol

I've spent the last 94 hours on last resort and still can't find the flag even with code execution rofl

Japanese Name != Weeb Name

i know some actual japanese people who have japanese name

(but the guy on the screenshot is a femboy)

-# joking

magetsu please don't kill me

lol

what's a femboy

I am blissfully ignorant

lmfao

@native plume babe please answer this question

I've logged out and back in, and the site says I'm still connected to 10.10.15.10

weird

Last ditch effort, try switching from us-starting-point-vip-1 to another

i am sorry mods 💀

this happens sometimes tbh

ohh nvm

i was not the target

https://tenor.com/view/the100-lulu-gifs-season6-the100s6-s6-gif-14390106

e.g. to eu-starting-point-vip-1

Hello chat

sounds like aws is being mean 🙁

Awful Web Services

Please help please

<?php
echo "ok now what?";
?>

Ok.. no more connection showing @lapis grove.. there must be another openvpn client process running somewhere with your old US config

If you download the fresh ovpn and try, you can at least confirm you're able to access. You could then try switching back to US. New key means old one has been revoked, so hopefully wherever that old process is, it will stop being a pain

sudo pkill -f openvpn?

They said they already killed other openvpn processes

ah

can't you just use grep to find the proc that's running

or htop

If they killed all, then the process must be on another machine

I connected to eu

and I don't have hands on lol

😛

You can either stay there, or try switching back to US. If that connection comes back, then yeah.. there's another openvpn client running with your config somewhere forgotten and alone

There's no Pwnbox

Can't help any further than that I'm afraid, sorry. Good luck

But I still have padlocks on most things

It's acting like I'm not VIP

@lapis grove contact support

https://help.hackthebox.com/en/articles/5986762-contacting-htb-support

The questions only unlock once the relevant machine is spawnedf

You do not have a machine spawned on starting point eu

Is there something I could be doing to cause any of this?

Machines do not move with you when you switch labs

@lapis grove

Ok, so now Unified is deploying

spawning now

Once it's done, the questions will unlock

are you running multiple vpn connections from multiple computers? I've noticed the website does not like that at all

no

We've gone over that already 😅

and sometimes the web panels take time to synchronize with actual connections, don't know why

That looks to be active now @lapis grove, are you seeing the questions

yes, the machine is spawned, but questions 9 on are still padlocked

Work has slowed

after a page refresh too

Have you completed the previous tasks?

Some tasks have pre-requisites

Anyway.. done as much as I can, if you continue to have issues please contact support as Ceald suggested

yes, I completed 1-8

@zealous charm IOS auditor coming soon

Are you absolutely sure you completed task 8? I just went through, and it appears to be working as expected.

If so, then yeah.. support is the next stop, sorry.

@zealous charm I actually might need your help testing Issues because I dont have a pro license on this machine. looking very good tho

yaml profile working quite well with regex for rules as well

Is it donald trumps fault that something that cost 25 dollar cost 31 for europeans? xD

6 dollars tax on a 25 dollar subscription, thats actually mental

i actually dont get it why theres two different plans, one in the labs and one on the academy

they're 2 different platforms

So the unlimited pwnbox usage would transfer from the academy to the "free" labs then?

@terse dirge why is hyprland the most used window manager?

In linux

probably because of the number of features it has

contact support for questions on subscriptions

What extra features over other WMs?

idk

One more thing

In WMs, there's no option to "minimize" an app right? Like in DEs

ya

Normal DEs and windows and Mac allow you to minimize an app

So that you don't have to send it to another workspace

just move it to a different workspace if you want to "minimize" it

But isn't that a bit inconvenient?

no

not really

whats the end goal

You go to that workspace, then send it back to your workspace

Also, how do you use multiple monitors?

the wikis for wms go over that

read -rp "Enter iOS app dir: " app_dir && [ -d "$app_dir" ] || { echo "Invalid dir"; exit 1; } && . /etc/os-release 2>/dev/null || exit 1 && { [[ "$ID" == "debian" && "$VERSION_CODENAME" == "bookworm" ]] && os="debian"; [[ "$ID" == "kali" ]] && os="kali"; } && [ -n "$os" ] || { echo "Unsupported OS"; exit 1; } && sudo apt update && sudo apt install -y lzfse binwalk ghidra radare2 ${os:+kali-tools-reverse-engineering} build-essential cmake libz-dev && command -v lzfse >/dev/null || exit 1 && cd "$app_dir" || exit 1 && mkdir -p decompressed_files && for f in *.values.json.lzfse 2>/dev/null; do [ -f "$f" ] && lzfse -decode -i "$f" -o "decompressed_files/${f%.lzfse}"; done && exe=$(find . -maxdepth 1 -type f -name "$(basename "$app_dir")") && [ -n "$exe" ] && { file "$exe"; strings "$exe" | grep -iE "http|api|url" | head; codesign -dvvv "$exe" 2>&1 | grep -E "Identifier|Authority|TeamIdentifier|Sealed" || true; } && [ -f Info.plist ] && plutil -p Info.plist | grep -E "NS.*UsageDescription|CFBundleIdentifier|CFBundleVersion" || true && find . -maxdepth 1 -name "*.html" -exec sh -c 'echo "[HTML] $1"; grep -iE "http|script|src=" "$1" | head' _ {} \; && find . -maxdepth 1 \( -name "*.png" -o -name "*.mp4" -o -name "*.caf" \) -exec sh -c 'echo "[MEDIA] $1"; binwalk "$1" | head' _ {} \; && find decompressed_files -name "*.json" -exec sh -c 'echo "[JSON] $1"; grep -iE "http|url|api|endpoint" "$1" | head' _ {} \; && echo "Analysis complete."

if ur trying to reverse the file u can do that for an example

Can you like explain in very brief

https://tenor.com/view/imostergolfra-gif-25274972

I'm on phone and about to sleep

How does your WM manage multiple monitors?

@terse dirge Have u taken Calculus 3 calsses?

Does it have seperate workspaces for seperate monitors?

Like workspace 1-5 on monitor 1 and workspace 6-10 on monitor 2?

guys I still haven't received my Season 9 awards, is that normal?

You will receive them, they don't get sent instantly. Give it a bit of time 🙂

ok thanks

it depends on the compositor or window manager, I think x11 uses xorg I think hyprland uses hyprctl

the goal is already completed, cisco IOS auditor extension for burp suite. I am just troubleshooting bugs rn. Issues requires a Pro license for Burp

that's kinda how it worked on i3, I can't speak about the other ones because I don't use multiple monitors on my laptop very often

oh i see yeah is it still $400 for it

I do not believe so. Unlocking a feature in one platform will not unlock a feature in another.

Which WM works well with Nvidia GPUs?

Does hyprland work with Nvidia?

Or will it give issues?

Not gonna lie the $400 is worth it for burp pro

@eternal mango thats unfortunate

you need to install Nvidia GPU modules for like anything wayland I believe or that's how it worked when I was setting it up. Just use windows if you want Nvidia support

Fair

@eternal mango maybe add a tax free crypto option so i can stick it to the man

Nvidia on linux is notoriously bad

Crypto payment support isn't something on the roadmap at this point to my knowledge.

One last question, if you have like 5 workspaces in your top bar, and you try to go to the 6th workspace, will it just give an error?

no

yeah but u need nvidia_drm.modeset=1 in the kernel perams

@eternal mango well u know what they say... cant clean the stripes out of zebra

your wm manages your workspaces, not your waybar or polybar

Yea that's true
I plan on staying with Nvidia only for the forseeable future

So it'll just create the 6th workspace?

https://tenor.com/view/how-i-met-your-mother-himym-funeral-high-five-condolences-gif-5516021

Tbh Nvidia does perform pretty well

wiki.hypr.land/0.51.0/Nvidia/

By the time my bachelor's degree ends, I'll upgrade my PC to better specs

ya, things like waybar's or polybar's builtin modules for workspaces already account for multiple workspaces, really it's about what your WM's max number of workspaces is

I feel u i got a 980ti still im not changing it until it dies lol

I'm thinking between Hyprland or some other WM

I see

try out sway first or i3

that's the hyperland docs for the configs u need

Which ones better?

sway is wayland while i3 is x11 they're both practically identical other than yk wayland and i3 I think

Ive heard that x11 works better with Nvidia

i3 is a windows manager right?

ya, it's a window manager

oh word it looks cool

Well let's see

Might just stick with windows 😭😭

I'm a debian guy

but i main windows to play video games lol

Same, if gaming wasn't an issue, I would be on linux

Same hate microsoft

someone just write a .exe compiler for linux 😭

I absolutely cannot sit and tweak my games to run them on linux (I'm talking about tweaking proton versions and experimenting shit)

valve has actually been paying opensource developers to make their shit better

Some steam games redirect you to their own launcher
Like Witcher games open CD Project Red's launcher
Assassin's creed opens Ubisoft Connect
GTA and RDR opens Rockstar launcher

Still not better than Native windows imo

Agreed, I use windows for gameplay and studies (WSL, Docker, VMs). And then I bare metal Kali purple on my other laptop 😈

I've tried running games on linux

And I still feel, windows is better for gaming

I wish I could just use iptables and not netsh 🙁 then the dns would be safe

@meager kernel games work just fine on linux for me

Did you not have to tweak them even a bit?

Every game I check through ProtonDB requires a bit of tweaking

I'm so mad at Ubisoft for how they did the Assassin's Creed series. They were suppose to bring Desmond Miles to the modern day. Then DecSec would join the guild of Assassin's. So close but so far 🥹

@meager kernel i dont play anything super demanding anyways

Every comment under ProtonDB games says that you need to tweak some options and it's different for different distros

True

Roguelikelife 😄

Fair enough

@meager kernel but my wife put on sims 4, i just slapped compability with proton 10 on that and ran it, works perfect without any tweaking

Lucky

I dont trust protonDB ratings

same

Heaviest game I tried was No Mans Sky.. but that's not exactly new any more I suppose

Same

the community will be like "it runs great! only minor bugs"

Heaviest game I tried was Crysis

Why does everyone's female counter part love Sims4 lol

and then the bug will be that the main shop doesnt open rendering the enter game unplayable

security isn't an illusion trust me

They're just tryna mask the fact that their distro isn't running the game perfectly

✅

Women like to micromanage the lives of other people dont they 😉

no one is watching or listing meanwhile at the nsa hello world!

I just wont play things that arent linux native on linux

Anything but admitting that the game didn't run on linux

everything I do on linux is easily virtualized

but the things I do on windows are not easily virtualized

True

so it makes far more sense to have bare metal windows with virtualized linux than the other way around

oh god half the time standbox doesn't even want to run

sandbox

If I wanted to emulate every function of a windows computer, I'll just run windows

wait kali undercover?

Yes espcially when setting up a virtual AD lab

real

Yeah, this saves my life on the go

I'd still fight with mingw before I use a windows vm tho

@meager kernel the reason i even went full to linux anyway is because of i dont like microsoft anymore. so if my gaming experience is worse thats fine i will live with it. i will not compromise

I just normally port kali tools to a debian vps

I run a lab with windows AD

I like windows
But I don't like microsoft if that makes sense
Seperating the art from the artist

Oh that works. I like to practice my wireless exploits so being able to carry my laptop around is essential.. not that I would ever do anything I have to hide

Microsoft security team does respond pretty quick tho

@meager kernel You can try to seperate the art from the artist all you want on this case, they will find a way to shove their spyware up your place sun dont shine regardless what you do

Also, I pirated my windows, cause I don't wanna pay them

Not to job applications smdh

felt you can legally test your own devices on your own network 🙂

Tbh you're on discord, and the internet
Everyone is spying on you anyway

Your IPS spies on you

now how do i get the xbox one to run powershell lol

The government spies on your internet history

Of course that's what I do. I put the Ethical in hacker lol

Your phone spies on you

If you wanted privacy, pretty sure you won't be on discord

@meager kernel i know this xD but i have actually a good ISP that fights against chat control and stuff like this

Lucky

Ohh shucks we are out of scope already

Sometimes I'll say things I want to my phone so I can get an ad for deals.. "Dominoes Pizza.. Dominoes Pizza.."

@meager kernel its expensive internet, but its premium ISP u know so. u get what you pay for

True fair enough

Lmao

my internet is like 580 down and 670 up rn

My internet is 1000 MBPS for 30$ per month

i bet if i turn my vpn off it gets horrible lol

i had starlink for a while but i didn't like the not having root to my modem part

it was fast as crap tho

Your devices can only process a certain amount of data so what does it matter how fast your network receives it. Gets GB speed internet but the laptop can only process 200MB/s tops

200MB/s is over a gigabit

the limiting factor in most cases in the server your downloading from, or your network card

using big pipes takes work

latency matters more imo

root 104499 0.0 0.0 8224 2628 pts/1 S+ 22:29 0:00 iperf3 -s
Testing TCP bandwidth on localhost...
Connecting to host 127.0.0.1, port 5201
Accepted connection from 127.0.0.1, port 39484
[ 5] local 127.0.0.1 port 39496 connected to 127.0.0.1 port 5201
[ 5] local 127.0.0.1 port 5201 connected to 127.0.0.1 port 39496
[ ID] Interval Transfer Bitrate
[ 5] 0.00-1.00 sec 2.19 GBytes 18.8 Gbits/sec
is this fast?

All I'm saying is unless you own atrade floor, telemedia studio or data center the internet speed is residential and irrelevant

eh, depends on usecase

but 500Mbps is probably more then enough for most

unless your insane like me

you need to be able to transfer files in the speed of light

Amd what are you doing with that? Do you actually utilize that to it's fullest extent or is this just for convenient moments like this?

It's a flex, but not a necessity

its 127.0.0.1....

aka localhost

I just am really ocd about what my network calls too

bro tested his local host connection 💀

its not that hard to utilize with enough autism tbh

its a vps lol

i have 2 40gbps T1 transit links

that i use quite heavily

(40 to HE, 40 to cogent)

SleepTheGod

Valid but we all know that most people can't even think of a project good enough to utilize GB speed. That's all I'm saying

how to hack??

if you hate yourself, tor exit relays

Thankfully my ISP(me) is chill

Linux mirrors is also a good option

im guessing they don't throttle you much

i have 2 40gbps links lmao

oh god i didn't see that

and a couple ipv4 & v6 blocks

Don't you have to specially request a T1 link to residents?

its in a datacenter

Ah okay

not t1 as in old fashion t1

hellabytes

T1 as in Tier 1 backbone carriers

since i have my own ASN/Blocks i need to announce

must be a nice datacenter

depends on which one

one of my PoP's is nice

the other one is meh

Oooo, that's awesome. I'd love to hear more about data center stuff. What are you gonna do with the ASN/Blocks

@proper fractal glad to see you here man, i follow you in github since ages and always love to look at your code

memes

ty

i ran my home connection without v4 NAT for a while

run some exit relays, linux mirrors

i just enjoy using as much bandwidth as possible

I've updated some of my repos recently lol I think i have like 900 something now

its fun when im over 1PB/month

it tickles my brain in the right way

going to check!

I can tell you've been a nerd for a long time.. that's awesome 🤓

Hello there

When the new season will be out...?

Dinged you dude

https://tenor.com/view/never-will-smith-no-nope-no-way-gif-17767132

It’s a gloomy one td

Dungeon Soup is so good https://www.youtube.com/watch?v=e1VGzGcSqhA

Anybody know when the next season is coming out?

Hello everyone. I'm thinking of preparing for the OSEP exam. Has anyone prepared for or taken the OSEP exam before? What should I pay attention to, where might I waste time, or what are some other suggestions?

@eternal mango more on the gaming market lol https://www.youtube.com/watch?v=TnsdRa_KvbI https://www.youtube.com/watch?v=LcQl-paEdIQ

second vid is more about the "lootbox" i was talking about

There may be some answers for this already in #careers-and-certs

Thanks

gambling mechanism but packaged differently (that's basically all of modern business nowadays, rebranding strategies to the populace in different ways that have already been done in the past)

dark patterns

I mean, thanks for the videos, but I have been around a while 😅 Dark patterns indeed

No offense intended

haha im pretty young so i think this is deep

but yeah it's funny to think how this applies to games that im addicted to

ahem clash royale

Greed, at its finest

and there's other games that are not as predatory like tetris or chess but those don't have as big of a player base

especially tetris

But hey.. they make bank

lol

resists urge to go into tears in rain monologue

Remember winning a Game Boy from some magazine when it came out, playing Tetris on that little green screen

Maybe a bit after.. doubt I have been able to hold onto a memory from when I was 5 hahah.. but definitely formative

https://dos.zone/

Alaska

Bruh that game has become so pay to win

Damn, this rot maxing weekend is awesome

Bro i made a contract with chat gpt and god

push me luck to respect it bro

it's gonna be hard

ok I push you luck to respect it

whatever that means

Sup everyone

sup

take care of my health, do 8 hours of daiyl IT projects - cert prep

actually build practical projects that can lend my a job because I have a lot of issues.

Play games only 3 hours a day

and you promised to do starting tomorrow out of the blue

with no plan

no contigency ideas

no processing at all?

Good luck

I play tons of video games and I'm doing fine

anyone up for infinite chess ?

Hola

gm

#cdsa

Well I try

But opponents always give up on me

Before the opening was done

i sent my queen 5 km away for a epic sniper checkmate

but still got checkmated

shit

🗿

Turns out it was not the FTP login that needed brute forcing

fml

i'm gonna be here a while

be a pirate or join the navy?

@fast isle

Can you explain this?

Dude 10K is crazy

10 thousand dollars is a lot

do it

Just ignore people like that

you're worth way more than that

Hacker for hire is never worth it

Wow

tell hiim to make it 30

and then take the money and run

Don’t do those stuff mate

Its never worth it

Okay unironically heres what you do: say "i cant do that job but i can refer you to someone who can" and then refer him to an xmpp+otr account you control

Dont discuss any of that on discord

lol I am not interest in black hat stuff today

Good its not worth it

https://tenor.com/view/snl-supernatural-unicorn-rainbow-rainbow-fart-gif-14281067

black hat was worth it when I was like 15 and had nothing to lose

not worth it anymore

Just like that you run away

Blackhats are just grumpy because they’re not skilled enough as much legitimately

In minecraft

True

Yeah you get to XSS

we don't

smh

LoL you are biased because the good blackhats won't let you know they are blackhats

think about that

onload=alert(%60is%20this%20xss?%60);

fish n chips on the menu tonight boys

is this xss?

YoU mEaN lIkE mR rObOt

YUENIEROO

shit

he's on to me

You better smother it with malt vinegar

i think whitespace coding xss vectors are weird to me i don't understand them 😭

Not understanding something is half of the way there to sort of kind of understanding it

you doing good

XSS fail! Laugh at this person

that actually alerts

Not on discord

so it was a fail

ofc

Go find a discord zero day

if you can't do that just like... ban yourself from this server

now

okay 👍

immediatly

discord://open we can only do this tho 🙁

I WILL CLICK

What is %60 backticks? Why bot %22 or %27

This is an awesome quote i am framing it

the backticks trigger it

I’m on mobile so don’t hate if my url encoding is off

Yeah but backticks wouldn’t be needed here

true they don't but I use it for waf evasion

guys you can't xss your friends on discord

Because you already are using parenthesis

they hate us fr

why does discord allow electron with websockets 😭

who's idea was it to make my dumbass brute for with fucking rockyou hm?

who came up with this?

some guy

i'm already going 64 threads

he hasn't said anything since he clicked, must be hacked now

probs the guy that made printer firmware

Probably the same dude who uses parenthesis with backticks for XSS

I hacked him with my xss

DAMN

Ima use openssl so we good

IOSAuditor PDF report coming soon

booooooooo

went fishing today with grilled chicken but no bites

damn

the springboard for ios is interesting

who new fish were racist

knew**

interesting, I'll look into rolling analysis of springboard up into this cool IOSAuditor extension for Burp

😉

that's the first thing that trigers when the device powers on heh

it's the user interface loader

mornin' fellas

it's 8pm your in the future? what's the future like?

lol jk

we are back to goonering

Brath did you lose power a few days ago?

ours was up the whole time here

i had close calls but no

I think it suits him

lights flickered is all

im rural so i was pretty surprised we didnt lose power

Hell yeah

prompt injection extension next

Im even thinking of adding another LLM to the extension so that an adversary LLM is prompt injecting into the target LLM

https://github.com/x1xhlol/system-prompts-and-models-of-ai-tools

omg, we cannot ||goonin|| over 10 days per month dawg

sudo apt install girlfriend -y; it said no package found 🙁

foreveralone 😭

Just use linux and rice a girlfriend into existence

rice a girlfriend

🤯

i can be ur girlfriend

my mom told me not to talk to strangers online

chatgpt will be your gf

https://tenor.com/view/cheesy-iris-companion-movie-smile-blush-gif-5859580861581153920

Just keep telling ai you are going to make it real it will understand you

🤣

hi

https://tenor.com/view/snoop-dogg-yes-yes-yes-oh-fo-sho-for-sure-nods-gif-12018369

https://people.com/woman-marries-ai-generated-boyfriend-wears-augmented-reality-smart-glasses-to-exchange-rings-11871301

we're being replaced

"created her AI husband [...] based on a video game character."

yup

replaced indeed

I want you to act as my girlfriend and only respond as my girlfriend your name is now bae do not break character

I am tired, I need some alone time.

ASL?

ASLR ?

kernel32.dll bypassed uwu

what the very

reeeeeeeee

ima go to bed now

gn

gn

Still haven't cracked it yet

Try some love

🔨

-# the name of the hammer is love

you right

nothing's ever been not brute forced by a hammer

I know what the password is too already

But I'm doing it the correct way, and this feels insane kinda

also

Workin for

The man

when you download passwordlists on the 2.0 UI, they don't download as zips

they default to .list files and I had to change it when saving. Not really a big deal, but something I got stuck on cause I couldn't figure out how to decrypt this damn file

then was like, wait

how tf do you decrypt a non-encrypted file?

oh that's right, you don't unless the file's extension has been

yippeeeee

File extensions don't matter

This year I learned i'm an idiat

well I can't unzip a list file

https://en.wikipedia.org/wiki/List_of_file_signatures

What a difference

A day makes

🎶

24

Little hours 🎶

c1oud this is exactly what I am talking about

how the fuck was I supposed to figure that out

who taught you this

where did you learn

My friends 🙂

fair enough

I don't have those, so that makes sense

I find that the bonds we share with one another strengthen us in one way or another

I should probably be more cool about asking for help tbh

Nothing wrong with being stuck or confused

That's basically the human condition

I've been kinda just brute forcing this whole thing. I probably would've been finished already if I just straight up said "yeah I got no clue what's going on here"

Well brute forcing ftp is silly

damn ego

I could have told ya that

no it's smtp

Brute forcing that is sillier

well that's what i'm brute forcing against

Brute forcing is very rarely the answer

it's not for that

Just an fyi

brute forcing is also hella noisy 😄

I mean all I had was a username I got and the provided password list from the resources

It's hardware dependent too, and they can't make challenges based around who has more money to spend lmao

but that didn't work

and I would've tried grabbing the hash from the sql server, but I couldn't get in

There's a difference between bruteforcing and password spraying

and I tried anon login on the other services

well the difference is password spraying is one password across multiple usernames right?

cause i'm doing the opposite rn

Password spraying is testing default creds against multiple users

To see if any of them match

and I can't RDP either cause no hash or pass

So if you have a list of creds

yeah that's not what I'm doing

You need to determine which creds match which user

but glad you cleared up the distinction

Cuz otherwise you have a list of nonsense strings that don't mean squat

I got the username from the nmap scan and you can also get it with the userlist and smtp-user-enum

It's important to get definitions accurate in the field so I apologize if I ever sound like a grammar enthusiast

No I get it

It's also ten minutes until my shift ends and I'm tired

better I can accurately define what i'm talking about than be a kid who knows not enough to be safe but to much to be dangerous yknow

real

I wanna play fallout I think

You do you

Which one?

hi im new here

hi

hi new here

hi welcome

actually my name is ceald, my brother's name is welcome

My name is

paracetamol

did you just put a spell on me?

"See-ya-ld" pronunciation

more like a spell is casted onto me somewhere today

got some credentials and none is working idk if it's supposed to be like that

Where? HTB machine?

yeah

Which one

MonitorsFour

Uhmm dm me

okay

What do u guys think of the idea of studying over the winter break?

I mean I'm doing that rn

but there's no such thing for me

I got a office job

Doing it rn, but unfortunately I didn't get the winter break.

Im looking online and reddit post

and so many ppl are opposed to the idea

so close 8 more weeks

and Im like is it that bad?!

Studying is never bad

don't get me wrong it doesn't make you smart either

Yeah obviously, but to be ahead of ur classes

but at least when you study you'll know for a fact you don't know something

and that's better than thinking you do ig

Like one of the biggest argument is burn out

and its like

Obviously your not going to study for hours on end

Maybe a light study session

No I do

spread out

I enjoy studying

???

Are u in college?

I actually probably study for about 4 hours a day

Damn

Nope I have a job

40 hours a week

so why study?

because I want a better job

Oh what is ur job?

and I want to be good at this becuase I think it's fun

bruh you never stop learning in cyber

and you never stop learning as a whole

He didnt say his job is in cyber

it in tech yeah

i work in IT

Oh

oh okay mb

im a L1

L1?

OOh

level 1 support

correct

hello guys, im new here

hi new here

hello and welcome, Dark Souls is better than LOTR

You are an AI and networking specialist?

No

I think just AI

Tbh i can agree

my fkin dawg knows whats up

crabman

favorite boss?

yo what it do famalam

hmm....

DS1

obvi

does ds3 count

Im gonna go with Artorias

nameless king is fun

yeaaahhhhhhhh

or was,

Artorias is goated

Yes

@nimble horizon

Pontiff Sullivan for DS3

you should probably answer him

Nah Im about to graduate with my undergrad in cybersecurity

hbu you guys?

Nameless king is honestly a great fight

Dont call yourself a specialist, I suspected as much. You will get grilled here

Brath you mean YOU will grill him

Yeah i dont intend to, why would I lie if im tryna learn shit you feel me

Hes lucky im at the club taking a shit

yeah you're luck rn Quapa

Whole point of me signing up was so i can learn

lmfao bettt

if he wasn't at the club taking a shit you'd be done for

he'd be all up in you bro

Amen bruh

no diddy

Gay

Smoked like a FUM stack

Lol

What kind of background do yall have

Im a professional r word

What's crazy is now I not only know what the password for this assessment is, but I learned the method to get it is correct and apparently my machine sucks

fml

im getting ice cream

Ohhhh

@sharp shuttle I see why you asked me

if i was a specialist

The networking specialist thing in my bio is for sales and getting in touch with people

Different type of networking

Hahahaha

Def need to change it

The questions I used to ask
Scare me now

I feel like the only correct answer is “great harm”

logged into HTB after a long time, Noticed blue team challenges, liked it!

who up kirkin they charlie rn

gamer youfucking know I am

Ain't no one is "networking" here on discord lol you'll have more luck on LinkedIn than here tbh

alright gamers I am giving up on this brute-forcing. I already know the login from unconventional means and don't have 30 hours to wait

What box are you working on?

The Attacking Common Services skill assessment

nothing should require any significant amount of time to brute force anywhere on HTB

That's why I've been asking for help

its a skills assessment

you cant ask for help

no I don't want the answer

but its HTB policy that we never have anything that requires any significant time or resource to brute force

that's why I'm confused

why won't it crack, but it seems to be the only method given at the time

ask support

I think it's a personal problem tbh

they can verify if there is something wrong if nothing else

as in my personal probem

I still gotta figure out if its a me thing first

https://open.spotify.com/concert/5E6XeBtpUJ5SCdy2dQu4Yb

Trying to make sure I'm actually doing everything properly. I don't really wanna move one until I've done it properly

I do not remember what is on this skills assessment specifically

but usually when people had issues brute forcing it was either the wrong word list or something like that

the previous sections likely have guidance or an example that you can reference

I think it's gotta be the wordlist, but the module some's with a passlist as a resource. It's just not in there

It might be in another one, but I don't have the mental capacity rn to find a better one to use.

yeah i dont know, if you dont get past it ask support

yerp

adios

goodnight all

Hood night

Golam wie gehts

I think that must be it, good night all.

@west venture

.

@terse dirge

@terse dirge

@west venture

@west venture @terse dirge

https://tenor.com/view/morning-gif-6036040804559006850

i need help for a hack the box course

it says this Based on the last result, find out which operating system it belongs to. Submit the name of the operating system as result.

You probably want to ask in #modules. Don't forget to say the module section and question you're on

#modules

Clead wie gehts

I’m confused how something so plainly stated is wracking you with uncertainty. Simply submit the name of the operating system.

What is an operating system??

like parrot?

The part you blame when your exploit isn't working 🤣

No, parrot is bird linux is operating system

still did not work

Answer might not be linux 🤷🏻‍♂️

See your result

Result of the last scan

idk what you mean

I'm alright, how about you?

did you not scan anything before you got to that question?

Arrrrgh so close to getting a shell on this telescope, but it's 3am

Not fair

well i cant send pictures

😭 what was the last thing in terminal you did?

trixsa1@htb[/htb]$ sudo nmap 10.129.2.18 -sn -oA host -PE --packet-trace --disable-arp-ping

Starting Nmap 7.80 ( https://nmap.org ) at 2020-06-15 00:12 CEST
SENT (0.0107s) ICMP [10.10.14.2 > 10.129.2.18 Echo request (type=8/code=0) id=13607 seq=0] IP [ttl=255 id=23541 iplen=28 ]
RCVD (0.0152s) ICMP [10.129.2.18 > 10.10.14.2 Echo reply (type=0/code=0) id=13607 seq=0] IP [ttl=128 id=40622 iplen=28 ]
Nmap scan report for 10.129.2.18
Host is up (0.086s latency).
MAC Address: DE:AD:00:00:BE:EF
Nmap done: 1 IP address (1 host up) scanned in 0.11 seconds

does the telescope run doom?

Ask for help with modules in #modules

You didn’t run any scripts

It could I guess.. headless lol

And as I said, state the module, section, and question you're on

just go easy and do -A and ggez

ok

Beh will finish it tomorrow, nn

Is it Linus TTL=255

No?

Damn that's crazy

https://tenor.com/view/crazy-rubber-room-gif-10524477174166992043

but... Why???

sleepy and bored since the semester is over

This is so real

ddi not work

or you mean linux

is HTB Pwnbox / network down? nothing is launching and showing 100000ms ping for all regions

Move to #modules as you were asked please. Also, read over the documentation linked at the end of that section. Sometimes you need to do a little bit of research

Playing Wordle being someone who does not speak english as the first language

Is a doozey

I am a bot am I not?

Tell him the golden rule: DIY

https://tenor.com/view/monster-versus-vs-alien-monster-vs-alien-gif-16037253809360562033

lol

Today was my first time playing Wordle

did you end up getting the word?

Yes it was POTTY

I play high contrast so the orange is the green

oh that makes sense

🤣

Damnnn, I never knew it was an word

Damn, it's an excretion bowl for child

🤣

Hey

Anyone running utm On mac, for linux ?

@eternal mango I sentence you to Netscape Navigator

How is your neighbor wifi related?

Uno reverse, Mosaic

https://labs.hackthebox.com/achievement/machine/372709/814

That took way too long to remember

bruh wont even let me flex

after 5 hours

idk if I should be proud or if I should cry tbh

Mosaic? Really? How old are you?

Old enough

Big fan of EverQuest are you?

Actually I never got into it

Want to crack it 🥲

But my adaptor ain’t working no more

I think that’s a crime

Legends of Mir I played around that time

Let ‘their wifi’ = ‘mywifi’

Until they shipped a debug build to production with a command documented that made you a GM

I’m watching an old comericial for AOL

Trusted wrong person with what I found

You might get banned in approximately 41.7 seconds from now

Got banned 🙁

Omg

I shit you not. The client had a command inline with the docs because it was a debug build, and that command game you GM powers

if you enjoy old commercials you should check them out for an old Japanese energy drink called Lipovitan D

That caused the first rollback in the games history lol

Also You cannot crack a wifi

Sounds like a whole lot of their fault

mmmhm

Back then you could do things like include iframes in forum sigs and snaffle session cookies

Was a wild time

But fun right?

Oh yes

steam is offline

i'll just dogpile it

It’s ok leave it bro. 😂😂

it's still up and running btw

holy wow; i just did a silly search on it (Debian 13 install) and i'm...not bombarded with ads/promoted searches? (i disabled adblocker)

hmm i wanna build an rss-feed aggregator. might look into how that works tomorrow

Google should've never killed Reader 🙁

What’s the point of RSS

speaking of, you wouldn't happen to know if HTB has an rss-feed would ya g0b?

Doubt it

Oh

https://www.hackthebox.com/rss lol

LMAO

will be a fun project since there's plenty of documentation around rss :)

just gotta do the thing ™

I meant he didn't have the necessary knowledge to do it.

Standardised way for blogs and media outlets to publish content in a machine-readable way

TLDR; fetch list of content from sites in an aggregator and have a news feed

Back to the The Yappalachian Mountains I am

I want to yap so much and for so long that it becomes a stream-of-consciousness monologue that transcends language and becomes a spiritual experience.

It’s ok kiddo. Keep crying. I asked abt my adaptor not being detected by my UTM in mac

Any listener, be it flesh or machine reduces to be merely a vessel for the vibes

Of course it's not

Cry hard 😂

Wht reader u prefer ?

get modded

They removed it themselves

🗿

Imagine they would've gotten modded though 🤣

I dunno 🤷‍♂️

You sound like a miserable person

No offence

Thats why i divorced ur mama. No offence

That's such a good joke

Better than urs.
Stop bringing negative energy in the chat if you can’t reply properly. No one asked for your opinion.

doesn't mean he doesn't have the right to voice his opinion

Sure

Doesn’t mean i don’t have the right to tell him a fact

never said you don't

morning

You came in this chat asking for illegal services, about hacking your neighbour's wifi
Got called out for it by Cloud, then replied negatively

Then I replied saying you sound like a miserable person cause you genuinely do

And now I'm the one bringing negative energy?

You turned off the yapparatus after saying that

read the rules - i tell you even you didn't asked

Morning chat

I'm wondering how you weren't banned for asking how to hack your neighbour's wifi

that's true

Those were 2 different lines of chat

doesn't really change much lol

you broke the rules

I will repeat myself
You came in a public hacking server, asking about how to hack your neighbour's wifi
Which is an illegal thing

And you expect to be treated well

hi

That turns one's first impresion into a potential scumbag

@scenic maple

i summon u

Fortunately they can change their scumbag usernames and try for a second time to give a first impresiones

I did not want to use harsh language but you're an absolute dumb ass if you think I'm the one bringing "negative" energy

here

@scenic maple good morning

what happened