#general

ya

tor

ok gotcha

good and uuu?

good

trying facts machine

I helped another student in electronics who wasn't as good at the math as I am

but needed seclists and this shit wasnt even lemme update

back when I was at university I needed tutoring and I have been working on electronics and in lab I just tutored this guy while I was working

to help him out

I don't know if a light went off in my brain

like I'm doing an electronics trade the understand hardware better but still

like it doesn't make sense that all of the sudden I'm tutoring other people

I mean its good but it doesn't make any sense

ya

what u studied at university?

IT

that's what my bachelors is in

and I minored in psych

which I was actually pretty good at too and I mean I did well in IT classes

but ya I don't get where the lightbulb switch went off

kind of weird

like I remember in early years at university I needed tutoring in comp sci classes

like what changed?

haha i feel u

I think my new anti-anxiety meds are starting to work but still

are the effects that drastic?

I mean it took a month to get this level of effect we'll see what happens

but ya

good but weird

anyway, so what have you been up to?

I wanted to do an electronics trade to help me understand hardware better

gonna supplement with some Udemy courses to really learn microprocessors or whatever

I also plan on taking a locksmithing class this summer

so I can do locksport

anyway that's most of what I'm up to

you?

Me back when I was in school, I was always with my head in the clouds, but ever since I started getting into cybersec and IT, it became my number 1 priority. Literally, no matter what time I wake up, I make my coffee and start studying… and I actually enjoy it lol

ya cybersec is amazing

I have hack the box

anyway ya

you seen How to Make a Killing?

the new movie?

its good

I loved it

I got a question

sure

For like jr cyber and just medium (Tier 2) stuff, What would you recommend

Kali or Parrot?

either

pick one and stick with it

Kali has more tools technically but parrot is better for maintaining anonymity and being stealthy while using the offensive tools it comes with. also, parrot has both general tools that every pentesting distro has and parrot exclusive tools, of which you can only get the newest version on parrot OS

so ya

but kali has the widest selection of tools

either one works

does that make sense?

It does

By the way, I also started buying electronics, and now the next things I'm planning to buy whenever I spot a good deal are a professional soldering station and a preheating plate. I want to learn reballing, repair circuits, and stuff like that, but I'm taking it slow. I still need to get more comfortable with the kernel before I really start messing with this hardware side

hope it helps

ya cool

I have an electronics kit I'm gonna fuck with this summer after I do some coursework

but ya that's cool that your doing that

So, parrot it's mostly like "Hey, You know how to do it so here are the tools but not many" and kali is, You know how to but here are some tools that would overlapp the others on someway

parrot actually has a lot of tools

hundreds

kali just has a fuckton more

who's parrot

Good luck with electronics and electrics my man

kali has more tools than you actualy need IMO

thanks

Studying mecatronics and let me tell you

They're NOT Fun

I think building stuff and tinkering is fun personally

That’s my opinion

But to each his own

i mean if u want anonimity just flash tails 🚶‍♂️‍➡️

Ya but parrot os has more privacy, security, and anonymity than kali and if you want a pentesting distro that also has tools for that too so if you want both forms of tools preinstalled parrot is better

Because your not gonna put hacking tools on tails

That’s the difference

Also parrot works better than kali or tails as a general desktop

But I personally for beginners including myself like kali

Parrot is probably better if you are good enough that its detrimental to use too many different hacking tools

That’s my take anyways

Because more skills > more tools

sure, but i mean, which project are u involved to such need ? haha

well, arguably Parrot is also for networking engineers and cyber security engineers and programmers

not just hackers

Finding happniess on the web counts?

You need a lot of tools

but also a hacker, even white hat, would care about privacy and want access to privacy tools for other stuff if they are knowledgable about online threats

parrot OS already has a lot of tools tho

it has more than enough

at least that's the argument

Including the one that may help me find happiness?

:D

well, if you hate hacking you won't find happiness with any hacking tool

so either you like it or you don't

that's the thing

That's how life works

ya so I would say a better tool is to be able to recognize the difference between something you like but struggle with and something you hate

for the former, don't give up. for the latter, don't waste your time.

got it?

because you'll be miserable if you waste your time on something you hate

That's part of learning, If it doesn't work, You don't care untill you have done it

SIR YES SIR 🫡

right but eventually either you'll learn to like it or you'll just hate it

yes, some people can learn to like stuff

like giving things a chance is important too

but its also good to recognize what you actually don't like

because if you don't that is what will kill ya

see my point?

your welcome

I do

That's called "The gates of darkness" bc you don't like them but you go anyways to sentence your own destiny

ya

anyway

I'm getting tired so I'll talk to you tomorrow

I'll be on here after boxing when I am doing Web Proxies module

good night everyone

Sounds good

Goodnight!

lol, gn brothdair

gn

So u dont love me?

Sorry this was ment to go into the dms

everyoje loves you sweetie

Tryna convice my ex to get back w me after I cheated on her

Life

why get back when you already have a better baddie

Like bro just cause im married doesnt mean I cant have a gf

absolute cinema

This girl needa chill

ofc, remember in the old times those kings used to have like ten wives

each equally loyal

Ikr

That reminds me of an insta reel

were you present yesterday ?

Lemme find it

Yes

see one more advantage of stone age era

https://www.instagram.com/reel/DTneFkxEqnc/?igsh=NXFsbWs1NXB4OHhr

See

Yeah except more chances of std

my autocorrect is broken, pardon me 😞

Rip

xD

So how's the hacking going

good

Look i fighred out learning linux and windows first is far more important

i wasnt rven getting the terminology, so i learnt them as well

Damn u doing hack the box academy?

What cert or path u doing

no no, i will do htb when i get into college

its my final year at school, in about 3 months or so i buy htb

because htb is $8 with student id

Damn

So u a innocent baby

Thats gonna bloom

Fresh rn

Yeah

https://tenor.com/view/dog-dance-husky-dance-dog-dance-fun-gif-4784425400772020802

people told me hacking has lot of grinding

Facts

I wish i started young

If I started and grinned at 16

Damn

Id be so far

its fine, i have lots of free time, look i were to spend so much time on games why not do hacking instead

Facts

yk, even i am starting late, its not related btw but some kid, hes 15 or something learnt coding didnt go to any school or college got company offers and is earning 6 figures

he is so young

Ywah

There is a guy ik

Like 17

With some certs

Working at Microsoft

Kinda jealous bro

https://klipy.com/gifs/dancing-dog-ai

xD

AAAAAAAAAAAAAAAAAAAAAAAAAAAA

why be jealous, look speaking from a capitalistic mindset, whoever proves to be worth the investment is provided a role in the company

thas how im feeling now

with 50 tools open and still not going anywhere lmao

You must see your own worth, regardless money is a trading facility in day to day life

Yeah I should be grateful for my job

Hoping to accomplish more in the future

All my material desires are amply satisfied in a short paycheck why bother spending more time and energy on some 6 figures

ofc some people have genuine curiosity of becoming rich and having that luxury, but its short lived, it wont take an year or two before the dopamine falls back to baseline

its no problem, the best thing to do today in my opinion is to be comfortable in our purse

CJ is saying facts

just curious

@rugged sentinel HOW DO YOU DO IT BRO?
how do you have blood of every single box there is out there 😭
Teach me your ways sensei.

morning

gm

gm

now I have power armor ho ho ho

whats up htb

greetz to the channel

coffee in a bit

im jealous

tis late here

Hi chat

what it do famalam

https://academy.hackthebox.com/achievement/60/112

i sell him flags

first szymex, now opcode, business is good

XD

His secret: He hates Linux

*also him blooding linux machines *

tryhackme is making so many useless certs rn. sec0, sec1, ...

They’re like college degrees

There’s the good and the bad

But the good is pretty obvious

soon, I guess they'll make a cert if you are able to turn on your computer and navigate it.

coffee time now

Pictures... I'll wait

nah recently i suck really hard at the art

Cos you need the pressure of someone waiting for it

I only have 2 bloods 💀

I suck at latte art when it's my own coffee but then suddenly have really nice art when I have to make one for a customer

Ahhhhh! There's a big ball of fire in the sky!!!!

Oh, nvm it's just sunny

how many certifications do you guys have

0

Oh

in a year, hopefully 2

1

3 hours to get on Welcome to the admin panel of your site.

i have 3 i think

great

BTL1, eJPT and CRTO

Just the 1

Cap

I was thinking of pursuing some certs, but then I see the prices. Perhaps CJCA will be my first... or second, if I count electrician license.

Bro's got so many he already lost count

lol

You got the wrong person buddy

teach me too

arigatou senpai

🥺

also you have 3

Says the guy that barely touches the season boxes

for now

my bucket list has getting a blood in it

although thats one night of sleep gone

Hades blood when?

only blood will be my own 🤣

@sturdy thistle there seems to be a distinct lack of coffee pictures

it's behind a paywall

Opcode has 3 bloods, 3 of them were esssentially him figuring out the exploit before the machine

Or was it two of em

No, only one 💀

other 2 were just him being a chad

Facts was pure luck because I didn't put version number when searching for exploits

Oh that’s right

WingData was the predictable one

@dense turtle please don't spoil active machines.

oh

ok, sorry

Got excited after almost 4 hours of attempts lol

If I wasn’t in cyber I’d probably do audio engineering

If I wasn't in cyber I'd be a VFX artist

Also just realized: damn that vuln has a public PoC now? At release it was just a disclosure

You just got to wait a few weeks

Some nerd posts the POC

Lmao I need to start looking at disclosures and posting POCs for em

That would be funny

******** root had public PoC a day after release 😆

https://tenor.com/view/captain-america-yeah-i-know-get-up-gif-20904784

the repo has 3 weeks

Oh look at that, Facts is over 3 weeks old

lmao ahaha

I would love for someone to make a box where user is binexp

i thought it was much older lol

31 jan i see

loool

Random topic: did trump kinda destroy the nsa

Lol

Well, there's Fatty but I can't remember which part was binexp

I’m so mad imagine waking up out of deep sleep for a vishing scam and now I cant go back to sleep

https://app.hackthebox.com/machines/Retired
Try it out. That was really fun

opcode when you need that next flag

🤝

i gotchu

Hello

sup wojak

Can you guys help me to become a main character from a npc role

there is only one main char

and that's @austere sinew

Ok ok but

World needs batman not batwoman

we have batman too, it's @austere sigil

👀

so we fully covered

I can be both you wench

Ok baddie you can do anything 🦊

Ill do your mum

https://tenor.com/view/pride-pride-flag-lgbt-lgbtq-lgbtqia-gif-1093076978594796471

My mum is from Thailand you will be finished in 2 minute

ok, stop

Fiiiine 😔

Ok

https://tenor.com/view/sesame-street-rosita-guitar-music-musica-gif-25747134

None of my CVEs are public yet 🙁

NOOOOOO

amgery

i bet it will take another 30-60 days

Life is a cruel journey

Guys I made the cybercrime reporter laugh “what’s the point of being unemployed if you dont get to sleep in”

in what?

double badumtsh

I have chairs

Sofa

Garden hammock before a storm blew it away

Ok now I'm just trying to legitimis my poor attempt. I will stop

(you know I won't)

LMAO

In deez nuts

Im not sure if I got you or myself there

But

It was just the best moment for it

It was such good sleep no less

Stupid vishing scam

Now I have to get up and be a functional human being

thats kinda the point, high success rate when seepy

MITRE?

Still MAD

the heck i know

Vre

brbr

Prpr

On my first real pentest this week haha

Htb trained me well

Good hunting!

Thanks! Managed to score a high on my first morning

So super pleased

Sweeeet

@supple plume kubernetes time!

https://klipy.com/gifs/pulled-pulled-away

me when hungry

brath, you should learn kubernetes

i did my time ceald

i did my time

no thank you

but did you automate deployments on it? 👀

if i have to look at kind ever again i might lose it

yes

troubleshooting that monster was practically hell on earth

lmao even with using chatgpt or claude for fixing issues it's like "idk gamer" quite a bit of the time

yep, no doubt

im prepping for my workshop so no time to even consider it

yes you will become john container

I really wanna move absolutely everything in the cyber range to kubernetes but been getting push back on it because of "but we need VMs" fun fact, you can run vms in kubernetes

and in docker

https://www.redhat.com/en/topics/virtualization/what-is-kubevirt

Porta john 🥀

Heheheh

Haven't touched Kubevirt in years

Curious how it is now

time to get root on the new machine

I had a dream... of everything in HTB being a container

🤣

It didn't happen

It's called challenges

That's not everything

6.7k stars on github, it's either really janky or really good

and I wrote the challenge containerisation implementation

at least the original one

Yeah it's still well maintained

I mean cloudflare uses it so it must be gud

Definitely worth checking out

I might set it up to check it out then tomorrow

I was just concerned about whether or not the k8s overlay and management would be able to handle the amount of workload

I had a solid probably

but we moved on from that experiment

whaaaat ms is one of the vendors????

ok if this is literally what every cloud platform uses then it is good

🤣

and overly complex

Ok time to tell infra to reformat all the dcs

Nah it's not too bad

Once you get your workflow to import and manage images, and your base yaml to spawn and primitives to etc etc etc

already have my workflow automating docker compose to helm chart and building docker images

IIRC it supports thin clones too

heheh

Well ok, not broke, don't fix

But at least worth reading over it. It's a pretty cool project

How often do employees deal with stakeholders in an IT job?

It depends

Lower tier ones probably don

don't often

But management would a lot more I'm guessing

In my last role, from the get go I was encouraged to engage with stakeholders in planning etc

Whether that be general manager or shift

But not all companies work like that

In HTB, I try to encourage people to see my door as always open

I really have to get better at talking and communicating and not jumble my words

But people got their own shit to do rather than speak to me

🤣

It's an important skill to help encourage people to slide in to

Active brain all the time means I forget what I'm saying or where I was going with it then I jumble words and lose track of the conversation

But yeah, really depends on how the company is structured, and what the culture is like I guess

Know that feeling.

Wouldn't be too bad in my country I guess, small population

To write my thoughts with pen and paper helped me a lot to fix that

Archaeologists would be pondering my scribblings for centuries to come

Yeah but if I'm put kinda on the spot to talk to a stakeholder, I'm bad at trying to get the words together

(my handwriting is only decipherable by luck)

But I agree

Yeah I'm surprised I passeed any exams at school due to my handwriting

When I did courses, was in college (briefly), pen and paper, notes, useful

Got a little notebook somewhere from some crypto course

I have one question , does silver or gold subscription from Academy unlock the Machines or these are 2 different subscriptions?

...I need another crypto course to decrypt them

different

subs

Time to lock in

Hopefully not too many stakeholders in a small country, less chance to having to talk to a group of people. Business meetings is the thing I'm really not looking forward to. I'm bad with crowds 🤣

But being a small country with not the best IT stuff, means a lot more responsibility I guess

They're there to listen and engage with you. Maybe that doesn't help, and yeah building up that confidence takes time, but you will get there.

Im gonna find a meme

Ok, what about lets defend?

I thought we had that conversation a few days ago

Oh I can't add pics. How do i verify on here>

You need to be of Hacker rank in order to embed 🙁

Ah yeah. Haven't been able to do much recently, been doing another course.

yes, we must make a self hosted cloud platform! 🔥

Post the URL, someone else will repost it

https://www.verbub.com/i/291649/the-point-i-m-trying-to-make-the-way-i-explain-it

it would be nice to make a hackthebox competitor and wait for them to buy our project for a few millions

Yeah that's me talking on the spot lol

I remember being asked to stand up and sketch out a project we were working on

10 seconds later it looked like I'd tried to draw a gingerbread house with an octopus on top

Someone else took over the drawing

Sketch out, like draw? or just write ideas?

Drawing for me is completely out of the questiom

Yeah like a flow diagram, how components would hook up etc

make it only about kubernetes security tho

Host it on 127.0.0.1:8080

I'm trying to get the most of all these years of web development...

I should install kube armor on the cluster tbh

not working here

why not 0:0

kubernetes will be perfect for a web dev like you!

unnecessarily complex, works half the time, but works amazing

Just like <applet> tags

@eternal mango How long did it take you to find it easier talking on the spot?

g0blin was fantastic last time at the cube talk

need a tad more confidence and then its even better:)

I mean, I've been in that kinda role for quite a while, but it certainly took years to build up that self confidence, to present myself and be able to put forward my thoughts in person

This is gonna sound dumb but is there a link for that?

I missed g0blin at cube talk?

think its on spotify

Thankfully I've been lucky with my employers, mostly

My previous one was great

and HTB oviously rocks

this is why u need me

But yeah, it took time.

Public speaking, sometimes I can do

I can clap with one hand

sometimes I crap myself and finish presenting a 15m presentation in 20 seconds

Trying to talk with everything happening at once and especially in front of a group of people sounds horrifying hahaha

But when it goes right, when you are presenting something you are passionate about

It's just like talking to someone next to you in the office

Full stack Web Development is harder than it looks

Something else I have to get past, more communication lol

specially when you get in big projects

I have a new respect for anyone who does it professionally

Yeah, if you're truly full stack it's a lot to keep a handle on, and be able to execute effectively

There's a lot of jobs here wanting that

and software architectures, solid patterns, gitfllow

I wasn't that hot on front end, but I could manage

It was fun

do I regained your respect?

I;m just looking for a helpdesk role at the moment

mueheheh

You always had it

dawwwh

There's a few helpdesk roles but yeah. I'm really beginner IT trying to change careers.

There are 3 people in this life I truly have a disdain for

Kinda funny cos it feels like I'm moving laterally going from my current job to helpdesk but at least help desk would be in something I'm passionate about

I didnt even know that doanl tramp name was john

Donald John (Wick) Trump

hey!

I was reading

My comments were not worth reading.

Uh

Have something to say?

https://tenor.com/view/jo-jos-bizarre-adventure-frog-fist-gif-11650164

Not to diminish your feelings but this isn’t the place

vro

0xVader talks every other lunar eclipse

let her talk aright

It’s alright

What

How often someone talks has nothing to do whether it’s appropriate or not

Im inclined to listen to him

Idgaf usually but man I just woke up and saw curbstomping and mentions of political figures lmao

Thank you, both.

Let's move on and eat beans on toast for breakfast.

I’m stunned that anyone would even do that

Don’t put beans on toast, are you fucking crazy?

weebix

how was that wombat cereal?

I don't like weetabix

It's like a building material

https://cdn.discordapp.com/attachments/588029217376043023/1475211387922813039/Screenshot_20260222_202315.png?ex=699ea36a&is=699d51ea&hm=c0b68e9660aa1fbe4eecf1e350b96832e35092bcb641a284a00fc828f66ebcb4

EWNO

you're crazy if you don't, scientific research has been done and that was the result. Sorry.

.

TOAST, NOT WEETABIX

YOU HEATHEN

British people amuse me

https://tenor.com/view/mr-house-gif-15022420011668474756

That's definitely not right

Buuuut

What did you just call me?

I know what you are

I'm totally stealing that image, printing it out and putting it on the window of the local cafe

I'm no Brit

whoami? Not echoesof

https://tenor.com/view/shaq-timeout-gif-14206488599573217394

Nah can't go to the restroom

.

chookity

https://giphy.com/gifs/mD4YyaprRnyRXXPKgq

Wondering if I get some old PC components and build some stuff for practise. Install Linux on them and have a small homelab lol

Btw I tried it an hour ago on the store and it smelled like burnt wood for some reason

I got the myslf

Sandlewood or something?

and something more like

Idk man I put a dose on my arm and it smells kinda weird imo

haha

I also put a dose on the jpg le male le parfum

THIS SHIT SMELLS GOOD BRUV

hey g0blin can I ask you for advice

You can, but I can't promise I'll provide good advice

What's up

idk if I should say here

can I dm?

Of course

WHAT THE FUCK IS THIS

your breakfast

NO

Brother that's british breakfast 💀

bri'ish

mate

@.serious rule break

one dot away from being muted

@bri'ishRuleBreak

its lunch

Do Brits put beans on toast wolo?

Yeah

Hello

Please tell me they aren’t bbq beans

But most countries do

Btw echo

any news with the team?

Another good thing happened for me

10h left

Got my offer letter

Today

Latin american countries, the middle east, just with different bread

WHY DOES EVERYONE CRUCIFY OUR BEANS ON TOAST

middle east loves hummus

on bread

That’s chickpeas, Im talking beans

@austere sinew @heady sage I got my offer letter today!!!

Fuul

How woul….oh

OH MY GOD HELL YEAH

You’re not American

Today was a good day cause of this

This is our bean dish in the middle east

Btw

He ain't got no blickys bro

Felt like clarifying

Dm me rn

I am about to make montlhy subscription to academy and lab , are there any valid coupons?

CELEBRATE

hmmm

I did, in college

congrats

With one friend

Is it a remote job or a local?

Local

Ahhh congrats vro

Today I'll go sleep alot

wait are you in a cybersecurity college?

No

haircut and beard cut today

what kind?

Computer science

Oh that makes sense

I am in pure software developer

pic when

So is everyone here, basically

Thats the only thing CS equatesto

at least there's AI now

Mine has no theory it's just practical

Meaning I never learned networking there

All the networking I learned was from htb

practical is good

but not good enough

say this after you write an app inside a book with a pen

I still dont get why tf unis do this

My course is saying my country is really informal even talking with managers 🤣 not wrong though

What's the purpose

https://tenor.com/iT6gMPRoaCs.gif

You need to write programs by hand at least

And with Python its hard because my handwriting isn't great, so if the indentation is wrong, its an error

when i'm done

I'd argue only having practical is better than mostly theory

i look like a hobo now 😂

Ehh...

Kinda

and kinda not

Depth is good

Not just coding like a monkey

yall how to know what is fully free in htb like i see courses with only first few free then rest are locked

I think it's always better to pick up theory as you need it because then you know how to actually apply it rather than reading about it and not doing anything

Yeah both are pretty bad

Theory with no practical and practical without theory

The balance tho is good

How’s the cyber range

always go head first into things! Never go slow, you'll fall on your face but get back up faster every time

ehhhh, it's kinda just me and another person now sadly, everyone either got a j*b, is "busy" or just doesn't want to put any effort into the place and when big changes are wanted to be made it becomes a whole ordeal

now you know for next time

just selfie and gen an image with gemini to see how you look

Btw emma told me yesterday or today cube talks will be released on spotify

https://tenor.com/ge5ssA6NdBz.gif

we're kinda at a point where we can't add or make anything better other than the networking equipment because we're stuck on a gig up AND down. Also there are no vlans

2 new reports done

our servers are also very bad

hopefully 2 new CVEs

i hate waiting once im done submitting 😔

same

submitted web3 bug this morning

rust

I've been refreshing two PRs for those reports (I think I mentioned) I put in.. waiting for them to come back saying "the hell are these tests supposed to be!!!"

esp if it says testing will be done in 4-7 business days

But they weren't about to put the PRs in

🤷‍♂️

I haven't really been doing much HTB tbh. I really should get back to doing it instead of devops and kubernetes

I submitted a report to ZDI but I'm starting to regret my decision

i'm waiting since 20 days

Might withdraw

for 1 report

Any of you done ZDI before?

google accepted my report but they said they'll test later when their security team has a meeting to discuss

microsoft is still testing

meta is still testing

all of them keep delaying it 🥀

Google takes about 2-3 weeks from when the bug is added to the hotlist “to-reward panel”

they're just testing

impatience++

I think the panel meets on Tues/thurs, but I got my payout on a Friday

Is the HTB Academy wifi pentesting course the best one out there for now/

they probaby do all payouts on a particular day of the month or something

fuck

Btw I wanted to ask this from yesterday

python fixed two integer overflows

Are all boxes or hackings similar with Cap?

Same ideology?

unfortunately it might be better to just move on from the cyber range because I doubt they'll actually get new stuff and want to make big changes to the network.

Like do I always need linpeas and shit?

this is even worse

lmao

SINCE 16th OF DECEMBER

and i still can enumerate all user accs

No, not all machines share a common thread like that

cant you ask hackerone to reply faster

Sometimes a tool will be useful like Linpeas

Sometimes it will not be

is this the company triager or H1 triager

Aw man...

How am I supposed to remember all attacks?

like <script> on an html txt and shit like that

It takes a lot of practice to build up your knowledge of not only vulnerability types, but tooling, exporatory methods, enumeration etc etc

It's a very wide field

It is..

I can see it 💀

how many times did i get hacked in these 4 days

ping @scenic maple

Like I said earlier, you might wanna check out some Fundamental Academy modules first, before jumping in to Labs

CJCA or CPTS?

pong

cj

what is this in? 👀

one of my repos that are in prod 💀

Start with the Fundamental modules, and move on from there. If you then want to move on to a path as a beginner, then maybe CJCA moving forward?

I was thinking about it and was doing CJCA to understand everything but then I thought that I was being a theory person without practical experience so I left the academy to do labs

will you pay me if I find another bug

Oh I already did that

you fix one vulnerabilty and 2 more shall take its place

its open source and i dont make money from it so no

There's a lot of practical exercises in Academy

h1 traiger

monetize it

F

I mean

Look at #boxes g0blin

publish it after its been 120 days

get CVE

ez

Uhh

I need to get on that grind but I don’t know how to stop writing Ctf challenges

Maybe I’ll publish some to HTB

You did that all, and you struggled with that problem earlier?

You might want to go back and go over the exercises again

No offense

Send me that submission link again @eternal mango I’m tryna see somethin

But that problem we went through earlier is something you would've encoutered in some form through that track.

volunteer at a cyber range and you'll hate making CTF challenges because people will ask about "personalized instances"

it sits at this state since 16th of december xD

I make web challenges

Which module was it tho..

You went through them..

move on to other programs

Do yall need web challenges? @eternal mango

i hunt wp plugins now

Man... I suck 💀

I'll go through them again

I don't know honestly

Submit it anyway?

I would say that the cyber range needs them but you should get paid for making them tbh

i used a CVE for this

I can forward you one I cooked up

lol

wdym

Cyber range?

ohlike you exploited a cve to get that bug

nah it's all good. The cyber range won't have another CTF for a long time

LMAO 3 more popped up
i am done with this

ye

What’s this bullshittery

javascript

is bro using codeql and dependabot for these

or actual people reporting

ya, it's a place where you can learn about cyber think like HTB but irl and with worse equipment and infrastructure

actual people report to the original repo

if you use those repos as dependeency then you get notif too

actual people or claude code

actual claude people

chat should I ditch ZDI

whatever this is - yes

claude is actually dope if they didnt have a limit 💀

vuln broker

https://tenor.com/bV4g1.gif

looks claude but i dunno

as a claude user, i say it's claude

nah

Good, the machine went past the 8-hour limit and shut down, I only had the user flag so far

looks human written

humanized claude skill

Btw @eternal mango where did you see me struggle the most? Because I think I was struggling with the tools most like linpeas

And what do you personally recommend me?

no space between the word and +

most likely human

well they wont paste it lol

they do write it by hand

me included

even if claude finds it

well thats not an ai report then

i was talking aboit copy pasting

what i am trying to say is claude may have found it and humans reported it

thats fine because it implies humans understand what they are writing

hopefully

but there is no way to know for sure who reported it unless you put in a curl bug report

CodeQL is a godsend for finding vulnerable patterns

I love cirl reports

Also @scenic maple Chrome is so based for parsing the Link header differently

https://www.conventionalcommits.org/en/v1.0.0/

Do curlswigger writeup on oauth :3 @supple plume

ok

which one specifically?

I was going to work on the blog today to set up the RSS so it's good timing

I also have one pending but I can do oauth first

is just going to be hell on earth to do it with curl

is the cpts exam straight forward

??

jesus..

Im watching soulmate by ippsec and he uses ffuf and nuclei instead of gobuster and burp suite and it's confusing

vro just use curl like the real ogs

Redirect_uri bypass to get a code

it is painful but you could emulate ffuf with seclists + bash scripts + curl

Hold up Imma dm

ok I'll write it down on my list I'll ping you when I get it done

also do you think the blog is good? understandable and such? any suggestion for improvements?

are you hunting chrome?

Praise me in every blog

No complaints, just want more lab writeups

I’m fixing to

want to collab on chrome?

to get new CVE

Sure. I’d love to

@heady sage this one?
https://portswigger.net/web-security/oauth/lab-oauth-account-hijacking-via-redirect-uri

Yup that’s the one

🤔 https://github.com/SecureAuthCorp/oauth2c

I’m looking through our nasa report and damn i realized how overly complex our payload was @eternal mango

(was just curious if there were any "oauth aware" curl-like tools out there)

Heheh, it was a fun one

Wow what an interesting tool

I’m staring respectfully at the oauth htb uses

I will have to figure it out

You could also use a UI like Postman or hoppscotch

But then you don't get that hacker cred for using the CLI

🤣

..but you can get tests setup there

and then export to cURL, understand how to do it from those exports

Anyway, just some ideas

You do you at the end of the day 🙂

I will find the way to do it with curl through unnecessary pain

Trial by fire

💪

🍿

Hey guys,

Can I solve the windows ad, POwn and Co boxes (easy) on active machines to grind my rank?

I am just experienced in Web exploits and Linux stuff

you can do it

.

Active content will increase your ownership percentage and progress to the next rank

https://help.hackthebox.com/en/articles/5185158-introduction-to-htb-labs#h_c8dc2ec219

I know but did I really need the CPTS path to get in windows ad boxes and a other learning path for pwn, just to rank to pro hacker?

No, Academy does not increase your rank

The Academy and Labs are seperate. The Labs content increases your rank.

I know, but I want solve active machines.. I have no knowledge about the other categories like pwn and windows ad

Read the link, and what it says about what contributes to ranking

You can solve active Machines, they count to your rank

so do Challenges

There are different categories of Challenges.

@brazen bridge this is not the place for that.

Imo makelaris makes some pretty good web challs

Understood

Is it my name or the text I sent?

It's what you asked

how do you guys deal with websites that have cloudflare during directories listing?

you hope to god you can domain transfer

the problem is it need you to validate you are human

oh thats what you mean

they have lots of services that bypass those

but youd only use them during RTO

or...

bad actor activities

just give it a few months buddy

the agentic pentesters are going to obliterate modern security

manual enumeration it is then

(all part of the plan)

like this company have a bug bounty program but i feel like i am missing something by not being able to list directories

all of this AI stuff was really just to force digital ID

😄

thats pretty typical

AI suggested i use their original IP but it appear that i cant find it lol all i can find is thier cloudflare

did you enumerate their dns?

as in, osint

i am doing right now so far on the internet all there is out there is the cloudflare ips they used , and amazon servers too

thats kind of the point

cloudflare is used to proxy their content through cloudflare's servers instead of their own

yeah i figured out now , i guess i will keep looking

talking about ranks

How is possible Facts machine have 8500 user flags 8100 System flags and my global rank saying 928

global rank is different

thats depends on how many points you've gotten from like active stuff

great market potential here

for advancing defensive side

cant wait to capitalize on it

facts is active machine

yes

so shouldnt be at least 9K people on global?

You were even around when we were discussing that

😅

I was too focused in doing Cap lol

That rank of 928 your global rank, not your season rank

Your season ranking is showing as -, so I assume it will be calculated on the next full update

..unless there's a lower threshold for ranks to be marked for seasons

I'm not sure how that ranking portion works, as I didn't work on it

Hi,
Is the insane box Apt mainly hard because there was no indication for ipv6 usage?

it might be set to - cuz they didn't solve any of the machines in the season during the week for it to be added into season points

oki, thanks for clarifying

They've solver user for facts so far

yes i just solved user flag so far

facts was weeks ago

but not root.. perhaps it's not marked until both user and root are solved?

they need to solve a machine within a week of it being released

Aha well there it is then

😄

for them to get points

That explains it

yep

same for me too, cuz I didn't solve facts in that week

https://help.hackthebox.com/en/articles/7041927-introduction-to-htb-seasons

I had to prep for a big coding comp

.

What do you mean with indications?

Anything from enumeration that indicates that u need to us ipv6

Use*

There are indications from enumeration

I just don't think you've enumerated that bit yet 🙂

No I m preparing for it, I prepare for insane machines rather than go for it

Because I won't be able to do it alone due to lack of knowledge

Unless it's just alot of steps and basic

Like infiltraror for example

Or absolute

Well, I think I gave your answer 🙂

Enumeration is key

Mb

Can u provide an example

Check out the writeups that are available