fr

even the llm started laughing

It is realistic, misconfigurations are the leading causes of breaches

it goes

Marcie I think youre misunderstanding

Perhaps

ye marcie

im not hating

im just saying theres a limit to where you can teach the ways

Exec() in a profile picture is brain dead

theyre beginners and if they teach them this shit then imagine what would happen

later on

lmaooo

Im just referring to file upload exploitation in general being realistic

not saying a misconfiguration or anything. Hes saying literally the code is

system('python3 account_pfp.py')

they trying to upload python shells on a static site

lmaooo

for sure

or not even that a literal image my man

If thats in your code, you deserve to get hacked

usually theres a step 2 at least

ye ye for sure

and funny thing was they were not even python pfp, literal images

jpegs lmaoo

idk if thats as bad an an endpoint that is literally just executeSQL?sql=

which Ive seen in a real application

nah the executesql one is wild, they go, ayyo you want a mssql shell, i gotchu

wasnt mssql but yeah

in theory

not literally

it was pretty funny though. Still unfixed:/

dam

devs are pretty interesting these days

I did some research and the devs were literally some college graduates that made the app before they got any actual software dev jobs and got lucky enough that it makes enough money they havnt needed to

same place that has a capt cha that is purely client side

as in no parameters ever gets requested to any server. its entirely self contained javascript

so theyre stored within the js too

wow

the only captcha Ive seen that is mathematically proven to waste peoples time without a single once of bot protection

very interesting

not stored. the js just adds the disabled tag to the login button html until you solve the captcha

oh you talking about captca , when u said capt cha i didnt get it so i thought you were talking about something else

I have a tamper monkey script that just clobbers it so I dont have to do it at all

yeah phone trolled me

i read a article the other day about captchas, most of the time they just check your time to complete or your mouse movement to prove youre human lmaooo

they got no real way to verify you actually doing shit right, the good ones prob do

yeah captchas are generally pretty bypassable. I was just stunned by this one doing utterly nothing

theres a number of other issues Ive found too

fuckin 7 times

lots of 'only an admin can do this function -> inspect element delete disabled tag hit submit -> action successful!'

the worst one for me was when i was a kid and that stupid ass rob*** captcha

dam server banning robl**

lmaoo

thousands of users 😭

ye its pretty wild what we can do with just js

and what it can also do to fingerprint a lot of browsers to later identify

i dont know much about forensics but read stuff about it

I think theres also some deserialization->rce in said app but the context seemed risky to test for so I never bothered.

wait u talking about the react one

no

the db stores some php serialized objects. Normally you cant just add an object directly but refer to the executesql endpoint above.

Test and prod share the same env though so if I fucked up the payload itd bring down prod and I didnt want to risk that

ohhh

i seee what u mean

ye ye def, cause the wrong thing gets deserialized and executed, and next thign you know

the whole thing crashes

yup

and since the payload lives in the database....

it gets deserialized on any query ?

not sure if thats how it works but idk

presumably yeah, wasnt risking finding out

oh

i mean usually its not necessary unless the object is needed or referenced

but ye

yeah there was high likelihood thatd be a frequent occurrence

possibly yeah

so youre a senior dev right ? or a soc analyst or some

nope I do data recovery

Im trying to transition roles though

id like to do more pentesting or appsec work

see what i mean when i said if beginners are taught this way what would happen 😂

they'd go to r/masterhacker

dude said iguess, bro himself doesnt know why to do that lmao

my weeks project has been testing my friends homelab setup. Unfortunately(for me, not for him) his setup is extremely solid so Ive now devolved into checking some of the more obscure applications he uses and seeing if I can find a cve for it lmao

guys is the academy working for you?

i am getting 504

lmao

nah its down for me too

hmm weird

Same^^

Back now

Must've been the wind

@obtuse fern dont let the haters own you, be the happiest person you can be

and this can be said for anyone here

Also dont hurt people emotionally I think

@alpine pumice go nuts and revive the chat

Remove the s

you have a garbage game collection

https://klipy.com/gifs/cat-meme-40

😀

I've been busy

you mean pre existing cve or completely new cve?

new

youll never find bugs without trying to look for em

Typical THM user tbh

You just be new here. I thrive off spite.

Feed me your hate

It’ll replenish my tanks

https://tenor.com/view/skeptical-futurama-fry-hmmm-i-got-my-eyes-on-you-gif-17101711

hey how do i start, i am a free user and i just signed up

Get Started with the HTB Beginners Bible: https://www.hackthebox.com/blog/learn-to-hack-beginners-bible

doing this completely free is possible?
or at some point there is a requirement to purchase

for academy, you won’t be able to ALL content for free, but u can do quite a lot of them for free
for labs, u can only do active machines and challenges (not sure about other stuff in labs)

So is it still worth to spend time on this as a free user?

or should i think of at least spending in the future

if u are starting out, continue with what you can with free content (in academy, they use cubes as a currency, and free content would mean content that give back all the cubes u spent to get access to the content after u complete it)

yes I read about it

but, if u want to unlock more advanced stuff in HTB, you will at some point need to spend money

But basics can be done for free right?

yes, a lot of them

the Tier 0 ones

are all free

alright then i will first stick to basics, then explore what i am really interested in before paying.

sounds good 🙂

to be honest i thought there would be a way to farm cubes by giving tests or something

nope

if there were, HTB would be out of business lol

true true

thx for the help ;D

no problem 🙂

@sharp shuttle if u ever became a millionaire can i live in ur mansion

ill be that one random dude who is fun to hangout with

I want to always be laughing like this guy on the left

24/7

365 days per calendar year

but even more insane looking

like this

at all hours of the day

just imagine my face like this while I'm shrieking "ROTFL!!!"

Time to hack

https://klipy.com/gifs/american-psycho-patrick-bateman-eJF

guys I did a network engineering

I got a vpn goin as an access point

https://klipy.com/gifs/plink-dead-chat-plink

omggggg

that's really bad

when I open my account it tell me

💘 Swipe Right on OnlyHacks
Valentine's XSS Special

what is only hacks???!!!

is it like onlyfans but for HTB?

wtfdidyoujustsaytome?

real

omg CJ

where you been buddy?

all we had to do was follow the damn train

Bro chess.com fuckin sucks. I was beating this guy and he was almost lost literally like -3 eval, then he stops playing for 5 minutes straight and proceeds to play the top stockfish moves 10-20 times in a row. Like if you cheat at chess you're literally an inferior human being and you absolutely suck at everything you do.

busy doing cameo for gta 6

Play with me I will beat you every time without cheating

people actually do that? lol... when I played (which is a loong time ago), that wasn't as much a thing. and who cares about losing that much

Quite. I'm mad

guys i have figured it out

Losing in chess sucks but cheating is just embarrassing

once you get a bit further and you play stuff like blitz games against actual masters, you will lose a lot. that's besides the point. what you learn from those games is what matters

do you guys like jobs ?

Yeah

I liked Steve Jobs

if i offer a job with a reasonable payment will you like it vs a job thats fun, interesting, has equal payments and fair for all according to their work, pays decent not very high and provides good life

bascially a job that doesnt feel likr job it feels like doing something good and worth it

The worst job culture ever

Losing at chess does not suck

It can be enjoyable

getting caught after cheating is the most embarassing

Yeah cheating is trash

https://old.reddit.com/r/analytics/comments/1r4dsq2/we_just_found_out_our_ai_has_been_making_up/ sounds likea comedy goldmine, shame there aren't more details

Retro left

Eh

You have too much ego and shit

Appreciate your weaknesses and fix yourself

How do you appreciate a weakness

Understanding how it was produced and how to avoid it after the game is over

"sorry I lost to stockfish yeah I will use that as a motivation to become better at chess than an engine"

I sometimes play the best move too

Playing absolutely ass, then pausing for 5 minutes, then playing the best moves in a row till winning is not natural

Well just report it and move on

If they find is cheating you get the elo back

Why do you spend time thinking about it

Mental energy flushed down the toilet

Bro I'm not as evolved as you to be all matured and shit sush

That's the cutest thing I've seen today

Welp that's no more chess for another 3 - 4 months again

perhaps you should play blitz, because it's harder to cheat (effectively) there

I'm too slow for that

https://tenor.com/view/yoda-star-wars-gif-7807401677966294286

I be making moves with zero deapth

It is totally normal to suck at chess at the beginning

I'm so happy and proud I configured and set up a VPN server with wireguard

I've been paying for years

Network engineering is the bane of my existence

Yes but how many games in total?

On Amazon? I have one too

Aws

No

Like 1000+

I have it on a completely different IP range than the local network and I'm so happy I got it working

VPN clients are on 172.16.1.0/24 and the local network is 10.0.0.0/8 (yes the local network is flat, we love dns and think vlans are socialist propaganda)

What's it purpose if it's inside your LAN? The traffic still goes through your ISP hence the same IP

It's meant for accessing internal resources easily that's the purpose of this VPN

Oh okay

you know what else is flat

the earth

Yes

Yeah I set up an entire wireguard server on aws so I can get better routing while playing online games

using vpns to play games is just making it slower

Maybe invest in better internet it's cheaper.

Nah bc my ISP defaults my traffic to Europe for some reason. I have to get a server in Asia then connect to the game via the server

This is free tho

Free teir

When it expires imma make a new account and get another free teir

oracle cloud has free tier that does not expire. probably has a site in the asia as well

nice ISP

They scam. They ask for $2 from my credit card for verification and say verification failed after they deducted the amount and never refund it back

I tried 4 times and lost $8

oracle may be technically inept, but I seriously doubt their intent is to scam. just saying.

hi

ok, today 3 prompts to claude and context is full ah well

I always forget that Oracle exists same with IBM.

oh I'm an IBM stock holder and the company is suuuperb.

What do they do anyways?

Like Amazon is online shopping and server hosting, Netflix is streaming, apple is phones. What does IBM do?

i tried 3 times to sign up and they take total ~1000 rs and no refund scam 😭 scam

IBM guys have black suits like the Men in Black, and they talk business.

seriously talking, they do cyber, custom hardware/software solutions, and consult the enterprise sector

if you need a private could they are one of the actually potential vendors

i think i learn better from HTB Labs than I do from Academy

I think they also have superb AI accelerators and innovation centers, which you can use as a client

Good it only took 5 months to be telling you that every day

sybau

... and we are not even at noon, and I'm out of claude code credits

You know you can use Gemini 3 pro for free on google IA studio?

what's the quota for the free like?

I don't think there is one

I haven't reached it personally

Instead of messing with ai we could be learning kubernetes and oauth for rancher

Who is rancher

doesn't look that good of a match for developing python code that has to run in my network...

does look pretty nice otherwise however

Kubernetes time!!!

It's a management ui for kubernetes

I HAVE DONEIT

It's like portainer but better and free

Some one did oscp recently..?

Did you install kubernetes?

NO

submitted my own coding challenge

Now why would I need kubernetes

Because. Don't you want your containers to be fast?

Faster than they already are

Better

Stronger

I use docker. I am simple

Don't you wish docker was faster?

And better?

🙂‍↔️

Don't you want to be able to customize it?

Kubernetes!

customization is overwhelming

You don't even need to customize kubernetes, just use k3s and add in your own features

Or don't add any

Speaking of kubernetes I need to make a home lab with kubernetes

@eternal mango @obtuse fern @scenic maple I submitted my coding challenge 😁

I need to buy raspberry pis!

Pis

gm

same

Speaking of raspberry pis I turned a Huawei smartphone into a DIY raspberry pis

raspbery piss

Morning

What

What

How did u use GPIOs

Installed Linux bare metal and used the flashlight connection and the power and vol buttons as direct connections, for everything else, I attached an Arduino nano and wrote a bridge so that the Arduino becomes an extension of the phone

🔥

good luck solving it if it gets released lol

you said i turned my smartphone into a pi

Have u just installed linux?

Not just installed Linux, It does everything a raspberry pi does

Have u ever used postmarketos?

If it is math I am going to vibe code it

No it doesn't work for this specific phone

Not the kernel

nano is slower than pi

So it doesnt

I mean...

But its cool

Is it that big of a deal

ive mate 8

if you have know how to do it, can you suggest me a way?

well

heh

good luck

thats all I'll say

It's math

I won't confirm nor deny this statement

It confirms it

Well how I did it was by using the stock android Kerbal and installing a Linux user space on it. In this case alpine Linux

And of course extract and get the drivers working

Bro you just did how pmos get prepared

trust me, it doesn't lol

Ye ik

I'm going to eat a donut rn, well see when I get to the challenge

HTB has to first accept it tho

Does it use the stock Kernel of the phone?

Is it available for the Huawei y5 lite 2018 (MediaTek MT6739 SoC)

Because you cannot even use the stock android kernel (even though you technically should bc this phone is compatible with treble) proprietary Huawei drivers won't work

Good luck

So you have to unpack the boot image extract the Kernel and build a user space and get the init system working.

I'm worried if they'll even understand it lol, tons of jargon

It's their job to understand it

i finally got my letsencrypt cert to work in my cluster

holy ares

so nice to see my longhorn dashboard on https

true

yipee

Goodluck

Same here, I’ve got four pending as well 🔥

AD is hard to do without any prior knowledge on it

There are two options:
Mainline => Use original linux kernel with configurations
Downstream => Android Kernel with some modifications

So can I use it for phones that aren't officially supported?

Actually there is no team that messing up with devices

Everyone port their own machines

my phone doesnt support it due to locked BLs and lack of drivers

Oh

Well you can just extract the drivers from the stock android itself

Drives are in /system/vendor and /vendor partitions

Get them and insmod them manually

it's quite tricky

because

i bricked my tablet/phone

Ohh

I just have access into bl

Yeah well I have BROM access so I practically cannot brick mine.

and searching for an exploit

Yeah

Actually i found a tethered script

but i need a perm access

still researching at my weekends

Cool

Try and find a Boot Rom exploit

tbh i think it's quite pathetic

I have to exploit my own device to take fully access

cant wait for the new machine

did half of the old machine but got stuck but learned new things

Hey uh, fellas. I need some help to connect the VPN server to my VM

you dont know how or there is a problem?

I mean, I dont know how actually

I'm on the Linux section

I mean

At the system information section

oh its pretty easy
download the vpn file that suit your location and copy it to your vm
on your linux distro type this one by one
"sudo apt update"
"sudo apt install openvpn"
"sudo openvpn /here type the path to your vpn file you downloaded"
on the top right your IP should change

Uh, I'm confused about the type path thing

Like

Am I gonna write commands like cd/Downloads or smth?

where did you put the vpn file? on your desktop?

Downloads?

type "Downloads/the name here"

Ok uh, let's go for DMS

sure

@warm ravine I'm glad you didn't give up yet. You may become a hacker at some point

I'm no longer the old person anymore

If I have something that I really wanna do

I wont leave from it

We'll see in a couple of years

Hey

Can anyone give me tips on how to reverse engineer a rust file?

Read it backwards

First learn how to engineer it then reverse it

ok what to do about the demon in my house now?

exorcize it

I LOVE SPENDING 2 HOURS FIXING INGRESS CONTROLLERS AND DEPLOYING A SINGLE APP!!!

absolute peak kubernetes experience

urmom

https://klipy.com/gifs/panicopipoca3d

Uh... @warped plank Yo someone just send a friend request to me, the account looks really new

I spent 4 hours building a chair

@bronze goblet thats the person who send it

me too

XD

Wait

Same person?

I mean

Did this Sally person send it to you too?

yeah

you will get used to them lol

Ok yeah throw bricks at sally

Yo we got a bot in this server aye

who are they?

scammers lol

people who DM you and ask you to hack ig?

aaahhh

not to hack only scams too

the problem they choose the wrong places lol

a server that literally teach ethical hacking and anti scamming lol

Mods here are doing much better than the discord's pathetic AI moderation

btw my account is new because am new

into life

Hi guys, in the cybercafé there's a system that tracks the games and applications on the device, as well as the user's account, time spent, and money spent. How can I run Kali Linux and Tor Browser on this without exiting this system?
BTW I pay money for cybercafé not illegal
And chrome is available in this

"welcome to Sally tech how can i help you"
bro what you mean you were the one to send a friend request

i want to know why there is some challenges labeled hard but they are actually easy

hhhhhh

there is websites that run it on their server and you can use them thro browsers other than that i doubt the cybercafe will let you do anything like booting from a USB stick or anything

depends on your skills

USB is forbidden so can i install kali or any other Linux distribution for penetration testing or ethical hacking

ask the owner if you can install vmware or anything similar , if no you can use the academy pwnbox which is parrot OS that you can use in the browser

I've asked him before and gave me permission
But he said: don't quit the cybercafe's system

the vmware wont effect your system in anything mostly so its safe download vmware and linux distro you want for it

There is reborn or deep freeze as usual
So if I installed it, it will be deleted automatically after I finish my time

then there is nothing really you can do beside using the pwnbox on browser

mods'

Will USB stick effect in this system?
And can u give me links to wht I should install

the usb will make the PC boot up from it using the linux distro on it it wont allow the owner to control your time and monitor your pc

Will VMware be inside the cyber system?
Or it will quit

Forgive me bro cuz am senior

the vmware will be inside the system yes the vmware is an application that allow you to runa prebuilt linux distro so you will be using it like any other app on the pc but it have a linux system inside of it

nuh all good

And as usual it will be deleted when I close the pc

if the internet connection is fast its not that hard to setup you just download the vmware which around 300 mg and the kali image is around 4 gb in size

I know, but if I come another day, will I find it or will it be deleted?

@scenic maple

ID 931439814920765460

oh ask the cyber owner of the system delet things when its done it depends on them really

once my friend sent me this and i told them oh cool congrats , two months later i was talking to them on another platform just for them that their discord got hacked like few months ago lol

dont you want to make infinite money

i cant count them

so no point

dude what the fuck is purple kali

cooler one

i just scrolled down in the images page and found alot of things

what you mean offline installation

SSL sucks chat

😼

Closest I am ever going to get to "I hacked the fbi"

🗣️ 📢 🔥
https://github.com/echoesofwhoami/CurlSwiggerLabs

Hey guys, in the profile section of HTB, I can't seem to add any certification from companies other than offsec, GIAC, and EC-Council

free hacking scripts

happy valentines day @supple plume 💋

wil you be my valentine

@austere sinew

happy valentines day @subtle plover

PUSH PUSH PUSH

@austere sinew WOLOOOOOOOOOOOO

crumb away

Who?

Thanks

any hacking today?

sure new box new

WOLOOOOOOOO

@austere sinew WOOLOO

https://tenor.com/view/wake-up-dog-doggy-hooman-get-up-gif-4229210329433945821

@austere sinew WOLO WOLO WOLO WOLO WOLO

Bro the new HAL AI or whatever in HackerOne is straight up asking me to download exposed .SQLite files I was trying to report so I can confirm they have sensitive info. I am pretty sure that's illegal right?

Don't really do this often just wanna confirm

Later for sure

It's for a CTF. Trying to engineer it and reverse it is gonna take way too much time.

I'm stuck on an OSINT level now lol.

good luck

do we already have physical cert for CAPE?

Lmao it's 7am. Gn chat

Too much kubernetes

I got gitea and working ldap auth with authentik going and I fixed our ingress controller

Too much kubernetes makes ceald a tired pod

Thanks.

It has an mp3 file as an attachment 💀

good morning

So whos ready for new machine release?

I need to get back into hack the box

I always start for a few days and give up 😤

Why do you give up?

bro became green

i always wanted to be a ninja turtle!

does onion websites work the same as normal websites?

pretty much

the enumeration part tho you need to edit the tool script or most tools know how to deal with them?

you have to tone it down tho cause of bandwith

so like fuzzing it?

ffuf stuff?

yeah

well first of all you obv should be running it without permission
but even if you have it those sites arent able to take lot of bandwidth as i said
but if you want to do it anyway you can do it by proxying your request via tor

like install and setup tor on local and then pipe it through the proxy locally

but it is highly likely that the tor nodes will ban you

so i would advice agaisnt it

also it sounds very illegal now that i think about it

i see

-x is ued for proxy same for curl

thanks for letting me know

I'm getting ready for tonight's machine

my cancer cycle is going to release

A man who runs with aggression walks without dignity ~ Smaurai Jack

dude leaks groups are silly a group put on their site that they hacked a company and have alot of their info , just for the company to come out and show them that they hacked the wrong company that just happen to have the same name but its based in india

very cringe

funny thing they put the thing on their leak website then took it down like nothing happened

btw guys are rainbow tables any better than waiting for john or hashcat to try everything in rockyou file?

Use john on your host machine rather than in vm to fully use your graphics card no matter what password list you're using

make sense

-x in curl is http methods iirc

Let me check

Oh method is -X seems like proxy is -x lowercase gaddayum

Hi everyone,

I’m a bit confused about the difference between Labs and Challenges on Academy x HTB. Labs seem to be topic-based (e.g., XSS), while the OWASP 2025 Path contains Challenges. What’s the actual difference between the two? Also, for CWES preparation, should I focus more on Labs or Challenges? I know there’s a dedicated CPTS prep path — is there something similar for CWES?

Thanks!

labs are full machines with an exploitable vulnerability while challenges are like smaller puzzles around a particular vuln

A challenge gives you a direct question or problem while a machine is more open-ended

Hello, i know this question are being asked alot and repeatable but may i know the roadmap for cybersecurity where i can expand myself on later on

Okay, thank you ! I guess I will focus more on the labs.

yw

I prefer machines

sup

Hi

hey guys
i kinda wanna make the transition from thm to htb but i heard that htb is not really the best option for begginers
whats yall thoughts about that?

just try and see for yourself

there is free tier stuff on both places

also btw asking here you'll likely get the opinion of the users of this platform that will likely be inclined towards this platform

HTB has gotten better for beginners

@sharp shuttle can you pick me up n drive me to the bus station

On hood?

i guess but i believe that everyone here tried both of them

played a bit more of that Infinite Arena Breakout game earned 5 millions

Hey fam.
I'm new Here, just joined in, I'm a beginner in computing and I really want to make it pretty well in this category.

Can someone be my guide please 🥺

moooveeee

is hacking timeeee

developing stuff

y remember me i need to vibe coding

to spend less time

kypanz activate second core to do parallel tasks

Happy valentine day

or, Melissa

my new vps is under attack

good, attacking makes services stronger

time to activate default passwords to see what the hacker does

this rememberme this video : https://youtu.be/40SnEd1RWUU?si=h-bXTqgMjOe-OLZj&t=10

🤣

"What is this talk of 'release'? Klingons do not make software 'releases'! Our software 'escapes', leaving a bloody trail of designers and quality assurance people in its wake!"

HTB profile is a portfolio right ?

Bugs are there only to build the character of the user!

Anyone running ParrotOS ARM in Parallels?

https://tenor.com/view/parrot-stick-arms-walking-makingmywaydowntown-gif-8033051

Oh fighting back??

the noob revelation

🏃 🏃‍➡️

Alright you win this time

https://tenor.com/view/tom-and-jerry-tom-leaving-tom-leaving-tom-sad-gif-7145580921896709502

I wonder if I could have trouble with HTB if I develop and publish POC of CVEs of active boxes

Any mod can help me with this?

Like i dont find decent POCs for CVEs when Im doing an active box and I want to develop one

Mods can only help with Discord server related problems.

Who should i talk to?

It's against ToS to post writeups for active boxes.

I know

But im not sure if a POC of a CVE is allowed

I mean it must be allowed

Its not a writeup

But

I want to be sure

That would reveal the attack path on an active box, against the ToS to provide writeups/attack paths/etc. for active boxes

Providing the way to solve a machine and trying to not call it a writeup is still a writeup

I understand

Ill wait when the box is retired then

if you mean develop POCs that happen to exploit something on a box that's fine though just don't do like

"here is the POC for thsi box"

if it's poc for cve whatever

If you have questions like this it's best to reach out to HTB directly on the website. Their support can answer the questions better than anyone here.

Ok

Thanks

If you mean publishing on github. That's fine, just make it focused on the CVE and not the box itself.

cofeee time

ready for the machine

yeah every time a cve htb box drops theres suddenly 50 billion new githib repos with new PoC for a ten year old cve with no mention of the box

anyone wanna be my friend?
https://www.chess.com/member/mario_dev

hop on minecraft 1.8

Nah

May I connect release arena via machines vpn

sup

o/

\o/

oi

sup

zero units of dumb

I need a new hobby

side quest perhaps

airsoft

unlikely

install arch linux

LMAO nope

it's not that bad

I like mine

why doesn't report cpu

wdy do you said nope xd

because I turned all the none your business off

bro knows his job

then why you shared the neofetch that just reenables the none my business into business

LMAO

btw

bro you turned off your computer 🥀

terminator

I wanted to see that 100 uptime days

do you bash script things?

how are you display the htb/target ip ?

I was downloading stuff from the huggingface, and it was interfering with something else, and I yanked the cord

with zsh

a few

I have hacked my terminal

yes

thats cool

with zsh, to answer

usable

I have a repo btw

can u send it to me ?

so regards bash, how more comfortable it is?

sure https://github.com/echoesofwhoami/echoes-bash-prompt

extremely

it has hacking scripts too

huh I was thinking about switching to zsh

like this shit is so impractical

I have three configs. common, bashrc, zshrc so just in case I need to swap around. most everything lives in common, very little is zsh

Hello, I am creating a firm in Slovakia that focuses on penetration testing. We are doing a deep research into methodics and tactics to use while doing these tests. Can someone here tell me more about their own procedure or reference some links, where I can find these things?

I update it often, I have not set any versioning tho, but to update is like the same oneliner that's used to install

Hello chat

leave me some gh star if you like it

No

Ill leave two

hey I started a blog today

super

Oh really?

whatcha bloggin

yeah CurlSwiggerLabs

https://github.com/echoesofwhoami/CurlSwiggerLabs

Nice

I gotta raise an issue on it

your issues are related to skill

issue and PR, instantly. gotta get that contribution badge

No I want to create a business based on penetration testing. In my country, it's not common and I think this gives me a perfect opportunity on market

Like farming.?

if someone sends me a good pr I may take it

cybersecurity

I'ma run sqlmap through websockets brb

you can start with experienced people to provide the service but I think u should first focus on getting the people and clients, penetration testers know what they are doing most of the time 😄

where's your super flex .net domain?

if you want to do a deep research on TTP I think you should have a specific goal of the research and kinda niche

I try to stay away from .net xd

The Toilet Paper

I found another nice IDOR

No bbp. But the company is considering it

https://klipy.com/gifs/cat-chat-cat-fall

🙋‍♂️

Watching kingsmen with the wife

This cutie is keeping me company too

yeah, my colleague has this covered, I'm here trying to discover some proceduries we can use so we can develop and expand our service

what a cutieeeeeeeeeeee

He’s snoring

lol

This one’s recovering from class

How’s everyone’s Saturday

super! yours?

Yeah it’s been good, thank you.

it has ended, but was pretty good

happy valentines

You too 💚

is it the one to my heart?

No, got a 403 there

I got a 404 there

But might be able to make it a 418

Valentines is overrated

im tryna make it a 500

Why? Should try to go for 200

Then a 201

Then in a few years 429

Do you not celebrate valentine’s day with your gf/bf?

No, it’s overrated. I don’t need a commercial day to make her feel loved

Ok

Gotcha

She knows I love her by the little things 😉

Ya that’s a good philosophy

Pre-heat her car when she’s gotta go to work for example

Ok agreed

Ya

Load the dishwasher wrong so she can yap about it

Ya ok

Wonderful

How’re you birdie?

Good I did half a CWES module a couple days ago. Yesterday had severe anxiety and wasn’t able to focus

Today I’ll finish the module

I’m celebrating my birthday today and tomorrow

Oh I am sorry to hear that. Did you get your appointment with that doc you were talking about?

Tomorrow is my actual birthday

Yes

OMG !!

Happy birthday in advance

Thanks

I really appreciate it

Anyway, my doctor prescribed zoloft more than two, soon to be three weeks ago

https://klipy.com/gifs/birthday-wishes-317

Thank you

I appreciate it

I hope it’ll help you

How old?

It probably will but I’m on a low enough dose that the therapeutic effects haven’t kicked in

I don’t want to say for privacy reasons

18+ experience

I’m absolutely an adult I’ll say that much

Yeah, you’ve got experience at being 18

Haha

Anyway I’m off to a concert with a friend

Enjoy!!

Thanks guys

Ttyl

See ya

Getting ready for the seasonal

I hope all my team gets in vc

uhh

I might not LOL

@fossil sequoia can I send you a DM?

why not

its like

4 AM

I'll join ig

Oh yeah

worst timing tbh

you guys can help me tomorrow if possible

I'll try, but me getting sleepy

Yeah these nasty machines get released always at the same time

You can ask me always DM no problem

Have you checked my blog btw?

uhhhh

no

@cerulean bloom CurlSwiggerLabs!!!

Why is it not allowed to screenshare in the channels? (i am new here, just switched over from THM)

Maybe you need hacker rank to unlock perms

Ahh, okay xD

Yeah it works like this with embedding

THM has become so bad lately, the VMs are unresponsive, latency blows and rooms are just basic questions with almost no effort to find the flags

I have heard that

Why is it

Huh

What about the chat

From 1 to 10 rate toxic

8,8

Hahaha

I would say here is 1.7/10

There are so many randoms in there like femboys, people joining vc and meowing etc

Hmm

There is femboys here too

FUC...

What's wrong with femboys?

it's the femboy apocalypse

They're disgusting

Yes like we can respect LGBTBBQ but just dont shove it into peoples faces if they dont want to (No hate)

wut

I have one in my team and I am proud of him y'all can suck my ass

hell ya

NOOOOOO

i completed the jet fortress challenge and i got only 12 points for all flags is that normal ??? (on my profile points )

bro if someone is shoving something into your face you have the face in the wrong place

i never win points because i am noob

bru

maybe one day you can join my team

🤣

we are learning a lot here

spanish team ?

i wanna participate en ctf time

2 members are

but i dont have much time to spend

lot of work

hehe

connect with the work pc then

with secalca ?

🤣

it's dificult to find spanish speakers

nice pwnboxes on web

wdym

i dont know, decrypt

🤣

read it fast

lol the webpage said it can't find the machine

10 minutes later first blood will pop up

i started machine but nmap scan shows not a single port open lol

https://app.hackthebox.com/challenges/OnlyHacks?tab=play_challenge

maybe try udp or the machine is broken

nvm it works

or apply more force

I have now been trying to find a bug for almost 3 hours... sigh

user blood taken before i can even spawn box lol

same lol

xD

hacking in deploy

how are they starting the machine so fast, the page forces a reload once the machine is released then i just get stuck trying to load the webpage lol

once upon a time I had the blood for user for one box, but decided to take a nap. after waking up I realized what I had done

I had the hash there, but didn't submit

but was good nap

best nap ever

yesterday my domain email was spoofed. weird getting an email from myself, saying note to self, and also saying suspicious activity, user may be impersonating sender. First time this had happened in all the years of me managing my own domains.

anyways, be vigilant

also, naps are good

dmark/dkim/spif, use them

spoofing email addresses, if your domain is properly configured, is nearly impossible

I do. I had p=none like a noob

anyways, I swapped it and should be fine again. it wasn't a primary address, I use it for testing mostly, but, my fault is my fault.

kinda funny though. failed all checks, and still landed in inbox. my primary email gets filtered sometimes. but some rando sending me an email saying "hello" from my own domain= straight to priority 🤣

who's using omarchy ?

nope

but, because no opportunity wasted. I use arch

btw

well if it's "basically Arch"... do you have a question or are we just asking to ask?

oh, then nope. I will let you whisper into the void

https://tenor.com/view/whisper-whisper-in-ear-gif-1173647009616547334

to do is to be

• gigachad8520 rahimahullah

Any openSUSE users?

hopefully not

what's the point of streaks, it pops up once a week but I can't review it anywhere on the platform???

for continuous learning

is from the academy

okay, maybe I understand some of the points - why can't you see the streak data anywhere beyond a simple streak goal on the dashboard or when you complete an item required for the streak or are about to "miss" a streak... there's no historical view??

when you have the possibility to miss a streak you receive an email notification

about the historical view, not sure, thats gonna depends of how the streak are stored in the htb database

I'm in the files

could be just a strike counter of 3/3 or can be store all the streaks that do you do in the academy

but what i think maybe is just a counter that reset the sate when the week ends

now i am curious about it

ha, sorry

np

but is a interesting question, all depends of how htb is handle it in the db