@scenic maple

check my site - added a start page

I see

The iq of the temperature of the room

@sturdy thistle want to see the big shark tooth i found this weekend at the beach?

oh yeah sure

dammit paint

new record worlds largest

noice

thats all of the ones i found

poor shark

without teeth now

poor shark rich paint

aight bed time

ikea tomorrow

meatballs

looks good

nu uh

stay up

no choice

@sturdy thistle

(i am attempting to make sure youre too sleep deprived to make your way out of the ikea maze) @sturdy thistle

i missed these guys...

yare yare

AN UNSTOPPABLE YOUNG LADY

i remember when every asian was fighting to be like THEYRE NOT FROM US BLAME THE OTHER COUNTRY

peak times

Eating some nuts now and watch Netflix

hell yeeeee 🔥

i've been binging final space recently

trying some cachyOS here

can any body get this xss in here ?

function check($input) {
    $whitelist = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789;"/';
    $result = '';
    $len = strlen($input);

    if(str_contains($input, '<')){
        return false;
    }
    if(substr_count($input, '"') > 1){
        return false;
    }

    
    for ($i = 0; $i < $len; $i++) {
        $char = $input[$i];

        if (strpos($whitelist, $char) !== false) {
            $result .= $char;
        }
        else {
            return false;
        }

        if ($char === '/' && isset($input[$i+1]) && $input[$i+1] === '/') {
            if (strpos($result, '"') !== false) {
                break;
            }
            $result .= '//';
            $i++; 
        }
    }

    return $result;
}




function remove_all_whitespace(string $s): string {
    return preg_replace('/[\p{Z}\p{C}\s]+/u', '', $s);
}



$name = remove_all_whitespace($_GET['name'] ?? "Guest");

if (!check($name)) {
    $name = "Guest";
}

?>


<h3 id="welcome"></h3>
<script>
document.getElementById("welcome").innerText = "Welcome, <?=$name?>";
</script>

Wall of text

fluff reference

Why do you do this to me I'm with my phone here

https://klipy.com/gifs/read-23

xD

where is this from? 🤨

Same

a local ctf in my country

I believe there could be some client side template injection that leads to xss

But I'm with my phone

Check throughly the $name variable

but the whitelist only allows the normal chars and ;/ and a one "

Wouldn’t it be cheating if we solve it for you

cant you bypass some blacklisting of characters?

cant even use proper syntax highlighting in discord, you get no help from me

Idk please don't tease me with this questions it's after midnight and this keeps my brain turned on 😩

it's just for edu like these kind of challs https://x.com/AmirMSafari/status/2020569860472750512?s=20

just the alert will be the solve there is no flag in it

Still

Imo if you can’t solve it and ask for someone else it’s cheating

we dont want to solve it for you
we want you to solve it yourself

lookup xss filter bypass guides specially portswigger and payload all the things

my point is it's not a competition it's just a chall someone dropped and the writeup for it will be there tomorrow so if i did solve it or not i will not get any benefit but knowledge

so then wait for the writeup if you cant figure it out, golam gave you a pretty good idea on where to research

Or wait until the writeup was published

chill guys you're right i know, it's just the chall tickled my brain so i was wondering if any of you have the way

then start tickling the challenge not us bro 😩

I watch Netflix

Solve it on your own

enjoy mick

Now I feel the urge to turn my pc on and solve it

No

NO ECHOES

BAD

Or I get you banned

golam helped plenty

they told them where to look

horse water drink

I need to start watching something to fall asleep to

Too much coffee today

ask mick what he's watching

ezpz

I watch something specific at night

this sounds

No

one last question don't you think the hint lookup xss filter bypass guides specially portswigger and payload all the things is really broad like it's a custom filter no something famous

It's not what you think

read this https://owasp.org/www-project-application-security-verification-standard/

I just dont know how to say it correctly in English

all filters are gonna be custom, and have you done what he said yet?

tinker around see what works

but if i tell you exactly what to do then its the same a giving you the writeup
what you need to lookup is

• what chars can you write
• what chars cant you write
• then from the stuff i mentioned look up the payloads that you can use based on step1 and step2

Im watching superstore

I usually warch youtube channels that narrate some fictional niche creepy pastas

valid point tbh

okay thanks alot mate have a good night

Ive tried nothing and its not working!!

reddit story reading bot

I used to do that but tbh most are lame

I came here to hack, not read ~ cinzinga 2025

BC top 10 btw

CHINGA

Best name ever

aita for stealing my neighbour's cat after he abused my hamster's favourite comfort character?

Next cat aill name it thingthinga

get a bigger cat so you can protecc

what you need is a capybara

please paint me blue

What you need is g0blin beard

i wassss asking for a hinttt not the straight solverrrr chillllll

i just want to be covered in blue paint

If you spent the same amount of effort in just trying to solve the challenge as you did asking for a hint in here then you would've solved the challenge by now

How long has HackTheBox been around for?

The actual website.

Before you were even a thought

I doubt its that old but yes

But yes

got you're point but trust me it's not that simple or at least for me
like what do you mean how can i get xss with no . or ` or () or " or '

When is Hack The Box the movie coming out?

Just search for blacklsited char bypass

try it

Idk but we can gather some weirdos here with a camera quickly

Keep trying and researching

literally paste the chal in chatgpt and be like, "help pls"

wait i seeo now lol

its innerText

bro could've asked the same question in google or chatGPT or LLMs

there is no xss

What about what I mentioned?

unless u get out of string

my favorite is when somebody at work would come up and ask a question, and the first thing i do is google it right in front of them

what did u say

.

i did but literlly told me there is no bypass for it xD

hmm could be

no { or < or %

I'll just try to suggest the most complicated method possible.

@lunar kindle stop lying and start using hex-strings \x00

.

Goooooood evening

Yooo chat my portswigger lab just solved itself 😂

This way it’s way too hard focus on the modules, you guys are funny

i google then click first link, and if it answers their question i chastise them

did u lookup burp xss cheatsheet as i said? and payload all the things

which challenge is it

I'll be less funny from now on sorry

i swear i did

sometimes its a get request solve
so if you were fuzzing or let burp ai do it its possible

why you lyin?

Or you can just

guys

Say the name of the challenge

the writeup is tomorrow

Instead of pasting it here lmao

let's just let them wait

Its going to be what I said

OSCP wolo 🤔

youve said where to look

it is 12.19

hush

damn you have the whole source code and havnt solved it?

youre right but hush

it's inline script

<h3 id="welcome"></h3>
<script>
document.getElementById("welcome").innerText = "Welcome, ";heremate//";
</script>

wth does that mean

Its 1 hour later in spain

rip

no oscp at this time of night

All good im unemployed

I'm on break from work

mood

Oh I see

get some good sleep later on wolo

i said i will what some just askedddd

yk it helps a lot

bro just ask chatGPT it's literally giving the right answers

When's Hack The Box the movie coming out

I know how to.solve it

wes anderson is currently taking care of the stopmotion

dw

I just realized

see it's the way that you asked which threw everyone off, you didnt mention what you tried, you didnt search up what the others said, and the way you were like what xss works would have given up the whole challenge. there wasnt a lot of effort on your end which is why everyone is reacting the way they're reacting

````I've confirmed the filter bypass (// early break, $name retains full input, // in JS comments trailing ";). That part I fully understand. It's the execution of the actual cookie theft with the restricted charset that I cannot figure out. 🙏```

cluade

bro the movie is gonna be so good

Naa this is different.
I was working on the bypassing 2FA authentication lab.
I accessed the lab and was just messing around trying to find something interesting. I'd create an account login and move from page to page then log back out.
After about 2 mins of messing around I get hit with the Congratulation lab solved message.

I was confused and thought the lab was broken. So I closed the browser and started the lab again and it was still there.

So I checked the solution and apparently what I called messing around was actually the way to solving the lab 😂😂

pasted the code in base free gemini and got exact payload too lol

I know how to do it

some ban c1oud

https://tenor.com/view/made-by-clown-gif-4428586269206149108

And I decided to gatekeep it

https://klipy.com/gifs/cat-cats-150

You do realize he can technically claim a mod role if he wanted to...

i don't have to prove it to you but i have spent like 3 hours on it really trying and again i said i will wait why are you taking it personal guysss

You actually do have to prove it when youre looking for assistance

I took a look with my phone for 4 minutes and I figure it out

No gpt

I also realized I made a joke

will i guess i have to study more client side

Also it's not HTB anyway so we aren't allowed to help

It helps

No hints are allowed for the duration of the event. Once the event is over, feel free to share solutions.

Y'all should really start making your jokes clearer, it's really hard to convey tone in text, this is why when I joke I always end in a laughing emoji

context clues

mb

how to ask for help:

1. Describe problem
2. Describe steps done to solve it.
3. Describe roadblocks
4. Describe how youve tried to get around roadblocks.

When you receive help:

5. Describe how you implemented the help
6. Describe what results you got vs what you expected.
7. Correlate new data with the roadblocks. Did new roadblocks arrive? Old ones change?
8. Repeat from step 1

Too complicated

Just and over and over the same question

Kiss

tf

Im putting my phone away

Personally I just: Gimme answer in exchange for k-pop baddie gifs

Or I yap more

dude has a chat only for himself in OSI

nait nait @sturdy thistle

https://stackoverflow.com/help/how-to-ask

They removed it, so now it's everywhere

Ah that ping

lmfaooo poor guys

Also interestingly, the above is also an effective strategy when trying to get AI to help you too. Just verify as always.

Nahh they asking for it

Almost thought u say like stay here

Just replying to ceald 1 year ago

When do we pin something like this

A bot command would be best

My first pin

why is that arm so strong

dude has premium emojis

Im laughing at the pins

Just saw my message that was pinned...

who tf pinned that?

lmfaoooo

omg

hmmm i tried it now its actually easy

got js execution without asking ai

Aright time to sleep

🍿

but what now

Now you spent the night awake

Now u explain me how u did it

Gatekeep it

escape the string

That looked weird

sleeping like he pays the bills

bruhhh

preferably in the form of a spoon in my mouth

I'll get to see my cat next week

https://tenor.com/view/humm-miam-gif-7752014409153192480

same bro

does he want to see u tho

This is my cat

he a jojo char

No

https://klipy.com/gifs/jojos-bizarre-adventure-jojos-bizarre-adventure-diu

Ai cat

Based of my real cat

nah bro he's real

he looks like that

Man

I put my phone away

Don’t ping @austere sinew

Same

Busy sleeping

echoes

wait

Same @austere sinew

Quick

WHAT

I wanna k ow

STOP PINGING ME PEOPLE

Quickly

what

Ok

ok

say

SAY

WHAT IS IT

Say it

.

.

.

Got ya

SAY WHHAAAAAAT

take a look

.

.

Got em

right

What what

both of you

What

my evil cat

im just gonna

fight you

both

keep in mind

Ok

Howdy hey are fighting now

both of you are a plane ticket away

Try

i shall have this information used maliciously

Invite me to fight ya

Hellen Keller was not real

i need to visit china

i can make my way to germany and spain

Vro despawn

i am in prime location to torture you both

Or we come to you

even better

just ban wolo already

Ryan will protect me

a fight in my homeland

Oh this antisemitic asshole still here lol

(Hopefully)

shut it

but u arent fish

Who is antisematic

i will just

uh

i dont have a threat

What

but no one can save you

planes

I can

Somebody said “this antisematic asshole is still here”

It must have been the wind

You are a plane?

Who knows

wdym where?

i can be

i can learn how to fly

nyoom

On the ground

To the floor

Hit the floor

Npc walks away with arrow in buttcheek (skirim ref)

My English sucks

My German sucks

Learn Hebrew

I think it's funny, how you think you're being clever.

Yeah? What about it?

Somebody has to be the best

guys does yall hear something

Are the best

True

nah bro

I can hear my tv

keep it to yourself

dw

it sounds like

a failed troll who never got much love as a kid

either that or the wind

Is this the silent punishment?

Oh

True

For expressing my opinion?

Wind it is

I had chicken salad for dinner

yummy

Nice

Took picture?

i had souvlaki

Nah we ordered it I didn't make this one haha

wasnt that good though

Did u took pics?

I don't take pictures of food I didn't cook myself

Guys, how can I learn how to hide ptrace?

sometimes i wonder how blind people are happy sometimes i dont cause they dont have to read chat

Blind people touch grass more than us

true

W ALBUM

WDYM ALBUM

damn it's so windy today

Bro

BRUHHHHHH

This guy doesn't know what an IP address is lol

Shut up, thanks

@pale belfry

@austere sinew

good album

What the hell did I do? I’m a paying member of this community

souvlaki is a food you dingus

All I know is it burns when I P

yk bro, just introducing you to some peak

i audibly cackled

You can pay however much money you want that doesn't make you immune to the server rules

^

What rule did I break? Did I say something offensive?

guys the wind is smelling like poop

full of it actually

Following moderator instruction is a server rule

He asked you to shut up

Because every message of yours so far has been a troll

Engage with the community honestly or get the fuck out lol

I offered help for CPTS

I am

cloud when are you gonna apply to be a mod

You that this is cheating

I already was

sigh

And I hope you get punished

No… for studying

People got very very pissed off that I enforced the rules lol

idk i woulda banned "theadmin" by now...

Help somebody study for CPTS is not against the CPTS rules

You didn’t say that

If I was a mod I would be a bad one

So keep your trolling away

real

you used to be a bad one in chaos

I'd appreciate it

dictator wolo

I feel like everybody is attacking me for nothing

the second i stopped modding there the server became 4channy and everyone was too uncomfortable to type there

i wasnt the problem in that server

DUDE IM KIDDING

😿

I'm not a fan of the antisemitic dog whistle comments either

Like "Hellen Keller isn't real"

That’s not antisemitic

All of these excuses are paper thin and so is your personality

Damn this is cyber bullying

Hardly

I am trying to move on and you guys keep causing fights

Why can’t we all live in peace

If you think someone saying you suck on the internet is "fights" you're mistaken lol

Just stick to rules

Change yourself for the better

Or someone will remove you from the server eventually

thats why its called cybersecurity

One more hour left of work

Also.. bleh. I've been chosen by management

I want to work at an MSP for the rest of my life

https://quack.pics/u/53089dfb-4b43-4e7d-baa6-66d49776e243.png

I do indeed need a mentor

1 month ago I went on a rant to assert my dominance. It clearly worked

Everybody remembers me as the best hacker in here

Well

clearly worked in a fast ticket to the white padded room

choose cyber mentor you will get more emails than your family everyday

You're currently remembered as a "douche" so sure it made an impression alright

The hard truth is that you are just annoying us

You wouldn't be the best even if you were alone in the world

Everybody enough bickering

What is everybody’s favorite color

mentor deez

hi cloud how are you?

I'm alright

@austere sinew rescue me

Having my tea and a smoke

Waiting on the shift to end

run away....

RUUUUNNNNN

I can’t run in bed

Would be awkward

THROW THE DAMN PHONEEEE

Run harder

Poor iPhone

Okay bye

gngn mick

Cya chat

better late than never I guess

Im staring at my phone

finally got like half of my CI CD pipeline in gitea actions workin

I now need to get a working templating engine for helm charts for these docker images

Fine

Bye

Enough staring

@terse dirge GET BACK IN YOUR CAGE!

@austere sinew Why'd you let Ceald out?!

Noooo

https://tenor.com/view/dean-winchester-dean-winche-go-to-the-cage-jesens-go-to-the-cage-gif-24508065

yurrr

im knew here

obviously

Get Started with the HTB Beginners Bible: https://www.hackthebox.com/blog/learn-to-hack-beginners-bible

@gloomy yoke

You from the East coast?

thats hard

so the company that supposed to handle the discord ID scanning got hacked?

mb

The only ranked points we get came from seasonal machines right?
I mean, a seasonal machine after a week its just a normal machine and dont grant any points

yes

yes

the logic is hard to understand tbh

gm everyonee

I cannot contain the ceald...

sup

so basically

Interesting, so i'm changing my focus on machines since i'm taking many days to finish a bo

work 3 shifts and try ctf it's just sad lol

i'll def go back to vip

hostname
htb-hnoob6uhd2

why does it have noob ? 🤡😭

yoru rank

nah this is bullying

lol

😂

script kiddie isnt so walcoming also

is what comes after the noob?

it's whats expecting you

i'll try to finish wingdata today for a better role lol

bruh

welcome

Literally just do an active box, ez script kiddie rank.

bro saying that like it was nothing

buss down thotiana

Well after 24 hours of a box release you can just ask for hints on it...

thank you x)

where do u see classifications ? i just saw tiers

idk, im focus on get better, not worry about ranges

click on season 10 -> leaderboards

i think the rank system it's pretty cool to get motivated on the learning process

Season rank != platform rank btw. Season ranks are the bronze, silver, etc. platform rank is noob, script kiddie, hacker etc.

thanks guys

oh i remember sawing that on the htb post's on faq i guess

https://tenor.com/view/shia-motivation-gif-13565052

@austere sinew

@austere sinew

Do the exams have an expiration date, or are they lifetime certifications?

I believe they are lifetime

at least for HTB certs

bruh

    link/none
    inet 10.10.15.46/23 scope global tun0
       valid_lft forever preferred_lft forever
    inet6 dead:beef:2::112c/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::a48d:e468:643:443d/64 scope link stable-privacy
       valid_lft forever preferred_lft forever
alienware@pop-os:~$ whoami
alienware
alienware@pop-os:~$```

nice

you can make fun of me

😂

honestly, my linux box is named windows

as a joke

lmao

so you should be making fun of me

but whatever

The funny part is that I was expecting it to show something like noob@parrot lol

that's ok

If you need any advice just ask

I would be fine if a box was noob at parrot

like who cares

linux users give non-serious names to their device all the time

who fucking cares

I think I wasn’t clear in what I said, I was trying to connect to the Pwnbox, but I had only connected to the VPN lol.

https://lichess.org/YnYpLsiHzHWx

time to play cs2 and then finally go sleep

do u play cod

what is cod?

Call of duty

https://tenor.com/view/cs-go-gif-13721675797957922733

nope, used to play fortnite, but since on linux switched to cs

crazy how many cheaters in cs2

I'm having trouble accessing any web servers on my kali vm in the CTFs. Everything else works perfectly fine, I am able to pull headers with curl, I add the hostname to /etc/hosts, but I am unable to actually access the port 80 webserver on firefox itself

https://klipy.com/gifs/luffy4k-60fps

How started:

How is going:

What is it

Could be a favicon

An icon?

for example

What application are you using to create it?

gimp

Ok thanks

things that ia cant do 193389129012142

Hi HTB team, is there any issues going on with spawning machines??

I have to keep on changing the servers to get the machine spawned

lemme try for u buddy

which machine u trying to spawn ?

I am facing this issue from last day

send me link

u mean it's with all machines , or a specific one ?

It’s with all modules

Specifically Active Directory module

ah on academy?

i ll test now

Yup on academy

give me a sec

I have to wait for like 30 mins and then change the servers to other locations

which server you are on

am spawning one now let me check how much it takes

On EU4

@scenic maple codeforces has been hacked

Then i have to change to US 1-4

ngl it also always takes some time for me but not that long

Full compromise?

Shiiiiiiiit

maybe

it is definitely not good

Past days it was seamlessly working. From last day I don’t know what happened

they told everyone NOT to submit any code until it gets resolved

I never had that issue in academy before.

Source?

they posted an announcement (as a popup) for everyone

u can go to the site and see actually

Dang i missed it

u can still check it lol

@ornate ibex maybe can help

it pops up

Mostly on eu servers i am having issues

How tho

I went on mobile nothing yet

just go to the site

huh

weird

i tested with UK took 5 min to spawn

I went to the site on mobile just now, immediately popped up

Maybe cause i am not loggedin

servers on academy are pretty slow and hell sometimes i have same issues and reported it before specially when they give u a jump kali lol nightmare ..

ohhh

maybe

Really. I don’t know what the issue. It takes eternity for me to spawn machines.

Nope went on pc still cantvsee

but here’s the thing, a new blog post came out

Can u show me urs

uhh

Gib link

I closed it lol

Yeah servers are sometimes super slow

its a popup

let me send ss

but someone says that they were the ones to send this message, not codeforces

but most likely just a troller lol

I mentioned tejas he might look into it

well, u can still do CSES lol

but what i usually do is i always check if there is a lab in the end of the module and spawn it directly before reading when i finish reading i find it spawned lol

I am doing that same way. But after finishing the content my status is still on spawning target

🤣🤣

nvm i fixed it

i tested now with eu & uk and it takes less than 5 mins

that weird because for me it didn't take that long

Still for me it’s taking a while .. 🥺

am on EU 6 UDP

Let me check on that server

@scenic maple new announcement lol

For now it's working fine on that Server. Not sure what was the issue..

i dunno i just dont see

Maybe tcp

weird

I always on UDP

hi all

hello, is there and admin or moderator here? i would like to open a ticket concerning an issues i found in the academy

hey man, sorry for the ping, can i DM you or can you tell me how to open a ticket about the issue i'm talking about in my previous message? thanks in advance

Sure

U killed the chat ⁨@scenic maple⁩

Again?!

Ye

🍨 for all who chat

I'm fixing my report

A bit of tlc

Sprinkle of screenshots

Have fun

It ain't too bad

Just takes some time and love

You got this

Of which I have plenty

1.5yo is pretending he’s on a phone with an electric BPmonitor

Hey guys, I create a simple Bash script to automate setting up Neovim and Tmux in Debian based systems. This is the X post: https://x.com/r0m3o_101/status/2025099498419356105?s=20 Try it and share your thoughts

Setting up nvim and tmux for me ? Thats too intimate bro

Just sharing my automation script in case it helps someone. No pressure.

Do some people not want to work in cyber security or IT but want to do bug bounty hunting as a side thing ?

yes

That’s me

Although I’m slowly leaning into dipping my toes in it

You do bug bounty hunting?

Does it take time on weekends for support to respond?

I do from time to time

Yes, support is less staffed during weekend

Half my report is done now

yay!

how long have you got to submit?

7 days

you got this boo

Only reason I'm stopping is because it's 3 am and I need sleep lol

yeah 😄

good night C1oudy

why does comtia think insiders are a bigger threat than phising when it comes to intellectual property

this whole cert feels like a joke

Morning

morning

@mystic harbor

box the hack

let's defend should be renamed to box the hack like mitigate the hack but hack the box

@mystic harbor

What are u talking abt bro

Hello how to access the subscription page I would like to subscribe as an individual and not a company

Academy or labs?

In labs just press plans and billing

the /billing endpoint on both platforms

U should be able to see vip+

i dont no. i have see the plan in https://help.hackthebox.com/fr/articles/7257535-abonnements-plateforme-principale

sorry it may have changed endpoints

it's /vip for app.hackthebox.com

this doesn't answer the question...

https://app.hackthebox.com/vip

there are multiple different subscriptions:
Academy has the monthly and yearly plans
Main Platform (Labs) has VIP+ and ProLabs

VIP has been removed, it is only VIP+ now, they dropped VIP a while ago

Ye

that article is from 2 years ago

Thanks when I logged in, I was always on the account page

Wdym? Did u get what u were looking for now or?

#📣-announcements message

they were on https://account.hackthebox.com instead of the labs or academy platform

Oh ok got it

When I went to any page I was not logged in every time and it put on the account page the link you gave me to go to the app and directly connected that's why I couldn't find it I didn't know the URL by heart and I couldn't access it via the links

Ok were u able to do it now after logging in tho?

about talking the talking about about

When I clicked on your link I was already log

What does 'hs" mean in hs.hackthebox.com

You have 20 seconds to answer

DANCE!

BOOGIE WONDERLAND

Yes

@austere sinew happy Bir... nvm

WHY DID YOU STILL PING IF THERE WAS A NEVERMIND THERE

how do i increase these points

Hacking active content

retired doesn't count right

because i remember it increasing whn i did retired

You probably misunderstood, it doesnt count. There is a link on htb if you search on google introduction to points. Find the htb website link it explains it very well

@austere sinew happy 51st day of the year day

@muted olive WHYYY

@austere sinew idk

@muted olive quit

@austere sinew ok

@muted olive like rn

@austere sinew ok sure

@muted olive stop pinging

@muted olive do not respond to this message

@austere sinew acknowledged 👍

wth

What do i see

And morning

@iron galleon

do you need to find the login page of worpress inorder to do RCE

I think more context is needed to answer this question

one of the machines ask is wordpress and it says i need to find username but i cant find a login in page so what is the point of lookin for username if i cant login in and its rce machine web

You need to think here what kind of tools are available to you in order to find where the login page may be located.

well i tried everything looking for hidden vhost subdomains directories but still there is no login in page for the wordpress they have hidden it i think but cant find it

How do i know which things to memorise and which to just take notes of?

hi there where should i start learning in hacking ?

try htb academy

or tryhackme

hello there sir are you already an experienced hacker?

I’m in the file transfer module. i’m seeing a lot of practical stuff like commands and tools and i find it very hard to memorise even a bit of them. So i just take notes of the tools and example commands of them and just keep in mind that there are many ways to transfer files that differ in operating system and in internet protocols.

@cerulean bloom Can I ask you something? Have you ever made dough in a bug bounty before?

are you guys an experienced hacker?

care to teach me or give me some tips please

Go study and teach yourself

All the materials you need are right here

which channel

go to the hacktebox website and sign up

okay thank you

then you open your wallet and put your money where your mouth is

Woah that was mean

i dont think it is! i buy vip+ because im a cheap mf and if i purchase something im going to make damn sure i get my moneys worth so i spend obscene amounts of time

Idk :/

Putting your money where your mouth is, is a self motivator

If you say so

I don't do bug bounties

not yet

What do you believe?

I think it came off a bit aggressive

Maybe blunt is a better descriptor!

Either way, not really positive encouragement

vre

male encouragement works better with a punch on the back of the neck

I see. thanks for your response.

this is how we got @meager kernel to rank up

Damn 😭

Hi @zealous charm hope u good. Want to really thank u for the advice u gave me sometime ago on starting bug bounty.
I started with portswigger and I love the contents. I'm learning a lot.

At what point will I be able to tell I've done the 70% of learning and it's time to start bug hunting

do you have the necessary informatino on /etc/hosts?

Do you know about resolving hosts

yeah, add htb target ip and domain wingdata.htb in your /etc/hosts then wait a couple of minutes for the browser DNS cache to refresh

Did u do starting point? How would your machine know where wingdata.htb is??

I never had to wait at all
Weird

Always add the domains/subdomains you discover in the /etc/hosts file

look it up, you can do things to not have to wait, but most times is not instantly

you can verify it instantly by running curl

That's host resolution

So you tell your machine, wingdata.htb is on this IP in there

guys, what's the difference between HTB and THM ?

because things work this way

This guy got nice icon decoration tho

THM sucks, HTB doesnt

Oh cuz the creator decided to redirect

what's your reason ?

I redirect on my machine too

I don't want y'all to use it with IP

just join thm and discover yourself, I shouldnt talk too bad about thm here, staff doesnt like that

cool

it depends on some things

Both good
You asking here so HTB
If you ask there it will be THM

are you using burp?

Yep

@dawn frigate If you can, try a month of HTB academy or HTB labs and see for yourself if you like it

exactly LOL

yes, important

I believe burp is one of the things that makes it delay

I recommend using burp always too, it will record all your requests and help you see more stuff

If you want an objective choice, hackthebox is more detailed to say the least

Weird name tho

burpsuite?

Burp

Yes

burp = burpsuite

i am hacking

blame portswigger

xd

Yes

You'll probably feel dumb, but dont get discouraged and just keep searching

Hacking what

heck yeah

learning how to fly mid air