#general

by far one of the best talks there and the audience recognized it

what was the talk about?

unfortunately most talks were on AI by nepobabies

Add me in linkedins to have 1 more

Drone Pentesting

well, Aerial Assessments

add me on LinkedIn

Dm anyone

I already have you on LinkedIn

you do? 😮

who are you?

who do you work for?

literally sec+ as only notable cert type nepobabies

Yes. I’m your best friend according to LinkedIn

Why is every easy linux machine VIP except 6

LinkedIn knows

Retired content

So

active content is free, retired content is paid

no it doesnt

but only 4 easy linux machines if active

Why is retired VIP

Bro I just told you

solve these 4 first

and then conclude your further critic

ok

Do you know what a business model is?

it will give you introspection why are things the way they are

n

o

hh

It took me one hour to write the exploit for the thing I did

Best hour of your life?

I got hot chocolate

guys when was the last time yall wrote code on your own

Share please

I mean well yeah

i dont even recall the feeling

6 hours ago

define on your own

how many lines

50 or so. I’m working on a platform upgrade finishing things off

https://tenor.com/view/chocolate-gif-24394110

🥀🥀

Yummy

😎

a few months ago I wrote a little web scraper that was on my own, but I dont often write code unless I have an actual need Im solving

Do yall think i can do Pirate machine

I think you should shut the hell up and just do it

It's hard and windows anyway i only know abit linux

You're not shuting up that was the first step

thats whatsup

You can always try

whats the worst that can happen? you dont succeed?

https://tenor.com/view/crying-tears-elijahpetty-sad-happy-tears-gif-20527105

Just give me gif perms already

fail, fail, fail, success

hack more boxes and you will get perms

solve 4 easy machines and youll get it

its only hacker rank after all

4 multiplied by 80?

Im guru

not acting like it

real

undercover

https://tenor.com/view/crying-tears-elijahpetty-sad-happy-tears-gif-20527105

actually he is acting like it

see that's what i said

you are killing me brath

gurus are exceptional at buying writeups off telegram

add me to a group

https://tenor.com/view/shaq-timeout-gif-14206488599573217394

Noobs they're free in google

T

then why are you still skid rank hahahahah

Undercover

https://tenor.com/view/jgmm-cat-meme-ragebait-cat-think-cat-ponder-gif-7034802297606826390

Bc i found put yesterday retired machines dont mean shit for rank

Idk im just dumb lmao

the mask slips off

I have 4 solved and still need another 8%

oh no

then do some very easy challs, they are solved immediately

Chals give points , noice. Will do some after work

Im gonna try to do the easy linux machines

Yo my entire laptop stopped workin so i used what i know to fix it is that illegal

Just do it

And get a better pfp

I will do wingdata

whhat...

https://tenor.com/view/shaking-mr-robot-mr-robot-train-robot-was-it-you-mr-robot-gif-26818665

what do you think

is your presentation somewhere to be seen, brath?

i dont know

it will be uploaded eventually

bsides seattle

maybe

https://tenor.com/view/shaking-mr-robot-mr-robot-train-robot-was-it-you-mr-robot-gif-26818665

I'd love to see it

Yooo where did you find a video of me?

I def recommend it

Vro lock in already

I wonder if the recording will appropriately capture the shock when brath informed them that drones are in fact capable of carrying bombs.

Somehow that hasnt occurred to a lot of people

Im looked in

Uh is it

Yo can i program my bed or nah

it has a screen

maybe

make it a project

find out

be curious

Where do i get wordlists for ssh brute forcing yall

99/100 times if you think you have to bruteforce ssh youre wrong

skipping password doesnt work

On HTB?

yes

Htb only allows rockyou

its verrrry slow, and for challenge boxes the rule of thumb is only rockyou

Or custom if it's mentioned/hinted

Cries in PWK from 2023 or so

lol

so when brute forcing any machine thing from HTB the only wordlist is rockyou i should use

I strongly recommend looking at anything else on the box first. Brute ssh is last resort

I just got a shell on a box holy crap I'm rusty, and holy crap Parrot is awful

Like turtle shel

What stuff is it

?

Like start at the basics, have you nmap scanned the box?

I didn't nmap scan.. it never finished by the time I had shell lol

not you lol

yes only ssh

doubt. Did you do all ports? Did you scan for udp?

there is no box that has ONLY ssh

wronggggg

WingData

it has a web server

i just did nmap -sC -T4

I know because that's where I have the shell lol

then you didnt do all ports

or T4 makes the vpn lose packets

doesn't it make it fast

what directory to add ip website thing

no, if you want fast, you use masscan. nmap will never be fast. also anything fast will also miss stuff.

i prefer nmap

if you prefer speed, you don't use nmap

mmmm

spank that htb infrastucture like you don't own it

you can make nmap fast but why, its strength is in accuracy(if you use it right)

🤔

how do i add website ip

to host directory place

It's a file

You edit the file

/etc/hosts

Yep

Remember if it doesn't end in / on Linux it's a file not a directory

I spent over half an hour disabling the absolutely horrible visual mouse thing neovim has, and it wouldn't obey standard .vimrc

ÿes

how did i unlock that cool y

🤔

im on the website now i added it to the list✌🏻✌🏻'

pretty sure everything developed after 90s is mistake

Nice work

so if im gonna scan the website with gobuster do i use rockyou here too

Tru

Now, can you explain to me why it works?

magic

https://tenor.com/view/alien-guy-thats-crazy-woozy-crazy-scientist-gif-8609893263374809391

And no, rockyou is the wrong list here

so rockyou only for brute forcing

It has passwords only

ohhh

ok

Yep

You would use different lists for different kinds of brute forcing or fuzzing

then im using dirb common.txt

I always used that for gobuster

Do you know what fuzzing is?

does the 2 hour pwnbox reset every day or na

no

mf left it open and slept

No

Unfortunately not

ah ok is the openvpn option free just requires a little technical work?

Yep

Fuzzing is providing input to something and seeing how it responds. You can figure out things about something based on how it responds to things

i found .htaccess i entered first i saw was " OMG! You got # r00t! " smaller text under "No, I'm just kidding :)"

ah ok makes sense

ohhh

so like if i talk to my cat and see if it meows back is that fuzzing

gonna try some sherlocks first wish me luck

Sure if you're going down a list of noises to see which one the cat replies to

That is fuzzing haha

good luck

finally had time to sit down and finish all the beginner models/courses over the last 2 days

thanks

Holla if you need help sherlocks remind me of my job

im doing it because of your advice 😄

Yeehaw

make sure to keep an eye out for any software names/ versions. Not all services require directory fuzzing to find something useful

" You have been blocked because you tried to do something funny to our platform. " sorry hack the box i didnt mean to literally hack the box🥲

Womp womp

Pro tip: Best way is to proxy it to burp to keep a good track of it

haha

Vro you fuzzed the website of htb or what?

there should be a public log for people who attempt to exploit the acutal htb site

so we can leave emojis on it and make fun of them

.htaccess

Alright so

Do not

Fuzz

Things

You have

No permission for

i didnt its the box and it was a joke written there

or machine

unless you want 3 hots and a cot

Roger 😄

instructions unclear, fuzzed your mum

Just making sure

too late already downloaded 403-auto-fuzzer.exe off github

" OMG! You got r00t!

No, I'm just kidding 🙂

You have been blocked because you tried to do something funny to our platform. "

its running now, says its "collecting files" ill update you all

https://tenor.com/view/monkey-skate-board-skate-orangutan-cool-gif-15021178819801542115

Ah the monkey posting, clásico

https://tenor.com/view/monkeyphobic-gif-22824269

Wait i gott ask in boxes not here

yo guys

yes this channel is for posting monkey

can anybody gimme some help on the pirate machine?

i guess im bugged

#1477363555241295962

thx

impetor is it ssh u used for WingData

He literally told you just few messages up

np

no

Yooo fri games👶

you're new so I will explain. we will not spoil any active challenge or machine by giving you the solution. we might somehow hint though as per the correct solutions. they are called "nudges", and you have to think them over.

also, I might post monke

In shorter words, this is not THM

Nudge what

I got banned from thm 3 years ago

Hey check your DMs

Are you like a secret thm bodyguard that will teach him a lesson

Ill check soon, im outside

I added fastfetch to my ~/.zshrc

best i am the mind my change

Yall what wordlist for ssh usernames?

none

you find users thru engagement

huh

take usernames that you found on the platform

i wanan try to brute force ssh idk what else

..?

thats like saying i will calculate all chess moves before making my next one

Wait, you’re not supposed to do that?

you can, its gonna take a while though

PikaBless!!!

Echo echo

Yo bro whats up

thats more like straight up trollin

you already got told thats not the way

Let him be fool mated

is this something youre serious about learning or are you some loser wannabe just wasting time larping?

man i never understand this

people turboyapping

instead of actually engaging

exactly

learning

I do 50/50

Did i

Yap yap yap

But idk what else to do

which means you are lacking in methods, so its time to take a step back and learn on academay

"Queen e2"...

I swear i will study more this week, finally assembled my desk

If takes takes takes then takes and takes

thats where you expand your horizons instead of doubling down on something you already learned wont work

"Im just going to castle.. idk what is going on"

Bald man send me chess req

BAHAH shit made me laugh

You would get disected

"If takes takes takes then takes and takes"

Bro trying to summon errolson hugh

ssh is extremely secure, its rare that attacking it directly is going to be the route. Both in real life and especially in challenges.

You already found a web service, ergo the likelihood that the route will be related to the web service for a challenge is extremely high.

If not the default domain perhaps a subdomain, application found from directory fuzzing, or even the main app itself.

Are you keeping an eye out for what software youre seeing? noting versions? googling information about them?

Maybe there is a password stored in a PowerPoint presentation note

Bro is going to hit you with the "too much text how am I supposed to read all of that"

I hope he does, then Ill know not to waste my time any further

That part was obvious like 3 days ago 😄

I was busy 3 days ago

whats the username

FAH

jahhaha

nice how are you enjoying it?

Not last part just scanned gobuster and went to the "/" but nothing weird or really much

a LOT of hacking is simply observing and then researching what youve observed

The easiest boxes are usually IDing software, checking version, checking for CVEs for it, and then finding PoC code for the cve and fiddling with it to work.

I dont see versions or anything i just got 7 "/" i wnet on each and its either nothing or idk htb that jokes about finding root

its boring but like 80% of easy boxes have that pattern

Have you just like LOOKed at the website

like with your eyeballs

yes i tried to inspect but its to messy

so what

i just had to expand the box

im gonna inspect eachj

Like not even that, do you see any signs of a web application being in use?

i stopped cyberjunkie from hacking the brutus project dont worry guys

your days are over hacker man

that sherlock took me long enough to feel ashamed of my knowledge so im gonna go study more models

is there a parrot hack the box edition?

Should be the one in the screenshot. I believe it was renamed with the release of Parrot 7.1

https://www.parrotsec.org/download/

ah alright, that's why i wasn't finding it thanks

is it a good sign if i am stuck in one box to 6 hours

pirate?

I mean thats kinda their point

Being beginne friendly, showing more HOW to approach the whole process

WingData

I Wonder how I will handle medium boxes

I know

I was explaining it

But thats not going to happen soon

i started working on this at 8 PM and now its 2:35 AM

Og ok i didnt reqd the whole thing mb

But yeah

there are a few things you need to pay attention to

I have been stuck in WingData for two hours i think im almost there but im stuck and idk in what even

Some modules help extremely with figuring out stuff for a beginner

Two hours is nothing

Keep that in mind

But Wingdata is ranked easy

i get that i need tar, i tried every tar possibility none worked

Easy is not literally pwnable for a complete newbie in 10 mins

Objectively it is easy

is it? i thought is medium

i was almost at the finish line hours ago

I think i almost solved it i found allot but im stuck and idk what in even

ask for help in #boxes , someone will be willing to chat with you. give them what you got so far and they will help you pivot to next step

i dont even know

nah its easy

Try every idea you had

I have thats how i thnik im almsot done but now im lost and since im new at this idk what in

sherlocks are mad fun wtf

the privilage esclation is a problem, thats what got me stuck till now

I confused it with Interpreter

how is there a demand for cybersecurity employees everything about this is so much fun honestly

the knowledge is where it falls clearly, yall some psychos for sure when it comes to this stuff 😭

its a slap in the face to programmers for sure too, i thought itd be easy coming into this scene with programming experience

it is

Is wing an active box?

Dont want to break tos

if you learned the programming languages that most hacking uses i suppose

yes

Ah well

I didnt learn a specific languaje

Be sure you enumerated wrll

Well

Fuzzed, dirbusted, checkrd requests etc etc for cwebapps

Not sure which system wing is

I learned programming so I can use any languaje

no clankers

pure RTFM and get things done

yea well you gotta still read docs for the language when the time comes to using that language lol

no big deal

thats learning the language tho

haha

its linux, the hard part is the privilage esclation, i dont know how people did it

but they are doing it

linux switch made me hate windows fr

i became a huge larp when i installed linux

it needs a python script

it says LINUX in the website

thats why im actually teaching myself this stuff because i hate it

which linux?

linux mint on my systems and kali linux on my pi 🤣

by systems my crappy pavilion laptop and crappy thinkcentre desktop

google it with the info u got from the machine , maybe u find something

damn, i have been using kali for a while now

i heard kali is better to move to after learning cybersecurity

azozi

my chaotic evil twin

so i will def switch main systems to that (well, i plan to haev better computers before i finish these htb/thm courses once i understand all the basics

i did but the guy who did the write up did show the script and most of the work because the box is still live

wow. hey twin

vro

do now switch to kali please

Writeups are forbidden for active boxes

what a coincidence

do not or do it now?

no

why not

i wanna be elliot brah

kali is not a system to use as a daily driver

yea i saw that, but what can i do now? i got the user flag

Yeaa i cant help much with priv esc, i struggle with it rn myself

i am using it

No clue, check processes, run linenum

sorry about that

ah so what it is used for

did u tried looking for cves? git?

like in what sense do people use their kali?

instanciate a VM run kali, get shit done

that's what it's meant for

ohhhh ok yes i have a kali vm alraedy for my vm just never used it yet actually

the laptop so shit it ran out of space on me mid download

had to clear space and ill run it back later

what are u using currently then

linux mint i never had to step into vms yet

just been using linux mint on my laptop and desktop as main daily os

ur just manually installing every pentest too? damn

yea, so i need to write a script that when it runs it creats a .tar, thats how the exploit goes. but now i have a graveyard of exploits that dont work

wait, why sorry?

it started out for simplicity, i liked how it looked, i liked all the offline software it has, for each educational topic, like theres physics software, electrical software, etc diagrams charts etc all that

it made me have the idea of just kinda using it just in case mass power outages ever happen, i always got some software i can rely on basically

i even took help from ai, which didnt help

then i started venturing into cybersecurity because well i tried getting back into programming on it after like years of not doign any but programming full blown applications and games arent really ideal for this exact system lol it was a $30 purchase from the thrift store

so i always liked the hacking scene from people like 0day i guess on instagram and stuff, and was encouraged to want to get into it for nothing but moral reasons honestly, the same things he does, one can only wish to become that influential and powerful 😄 and ive just been having a blast learning about it so far tbh

bro dm , i will try remember and help u in some way

use tarfile module

who needs modules? not me

it takes like 5 lines of code including the module for it to work

lemme dm you the code

s

can i ping u >_ name echo

dont worry guys, they dont work

im going full mid or feed for the rest of the year bros

https://tenor.com/view/reaction-meme-bro-is-just-typing-shit-gif-9725449460536908508

echo: reacting

im not a coder but if u want to

Just flexing in my face as i almost completed it

i think

the code is so long it cant be sent

https://tenor.com/view/bro-just-typing-shit-bro-just-typing-shit-gif-18336060238854257551

you couldve saved it for later

no way bro flexing AHAHHAH

Bro had to flex... /s

Great job as always

yeah great job

looks like my arm

wait wait

left arm to be exact

I coded the CVE for foothold instead of finding the actual RCE variant that night it was fun

For what

i will get there one day

🦶 hold

but for now

https://labs.hackthebox.com/achievement/machine/2305979/835

whats this

good job

quick question can you download the parrot htb box or do you have to customized it

@signal mica

foothold

they stole your fauvorite sticker

its my sticker now

What sticker

this

🔥

why now

come on guys, lets not flex off now

my brain hurts

wild

Yeah stop flexing on us

in 15min or so

oh yeah

#admin @azure wasp

Hello Dextro what is it

https://labs.hackthebox.com/achievement/machine/2305979/844

oh come on

Ok dextro

bro calling admin

Yes i am

I can call admin again

i am so high in the ranking that i am not even visible

I flexed enough for today

same

gn chat

No

.

🥚

Don't leave us

help

We don't sleep anymore

is it day or night?

night 11:38 PM

its 3 AM here

and now it will time for suhoor

so no sleep for me tonight

03:00?

Warrior

yes, 3:10 AM

Tuff

kinda

gn vrrro

no

Guerrero

huh?

It's spanish

its a place, i think

one thing i gotta ask for the linux boys

please what is the snip tool equivalent

That also

I dont know

😭

i dont use snips

prntscr gotta step up its game

What did u just say

haha im a little slow dont worry

u called me a printscir

the darn button

and that i have to step up my game

prt sc or whatever

lmfaooo

i know im just joking

lmfao i butchered it so bad at first tho

prt sc dont even look like print screen tho 😭

thats just one of them things you grow up knowing automatically from touching a keyboard once

yo did ur guys schools in elementary school make u type with paper over ur hands

no

not mine

damn haha

yea

not to brag but

https://labs.hackthebox.com/achievement/machine/2547616/835

Target aquired
https://github.com/Dolibarr/dolibarr

Close to achieve 0 plain text

Why do you want 0 plain text

thats cool

wyd you just run it through obfuscation software or what how does that work

Im using a macro in asm

bcs if you run your payloads in plain text they can see your nuts

#

an EDR scanning the memory will spot the strings

have you ever used Linpeas yet?

for example

or any reverse shell with net cat?

all that is cool to learn and so but it all happens in plain text

Yes both

Well that show as a process

linpeas difficult tho

like if you check that with ps you will see linpeas in being run for example and you will see your shell

ideally you want that to happen in memory

but the good guys know their shit

wydm see my shell and ps

so they also have things looking at the memory

you know the ps command?

no

stand for proces show i believe

and is useful to look at what process are being run on the system

(linux)

ohh thanks

do you know the tool pspy?

no

oh you will be using it soon if you keep doing boxes

is basically like the ps command in steroids

once you use it you will see what i mean

you can see everything that is being run

Me when i see it

https://tenor.com/view/spongebob-crazy-driver-tongue-mrs-puff-picmix-gif-16142380471678342625

if I think a defender might actually be monitoring a box Im not running linpeas lol

exactly

compiled

Do you want to see strings?

is only simple xor anyway

but is a big step

xor = tor?

https://tenor.com/view/crazy-spongebob-driving-boat-spongebob-gif-9440391918673672650

eventually youll go down the rabbit hole of c2 loaders, beacon object files, and learning what real stealth is lul

That’s going to be the next phase once I get the courage. Disassembly, reverse engineering… I’ve played a bit with the registers, adding, subtracting, moving, etc., but I ended up leaving it for later to study properly.

cool talk at bsides about using windows transaction objects as an edr-evasive way to pass messages between processes on a system

no is a type of encryption

yes

tor is a protocol

yes

well a browser

Isnt that onion

no

the protocol is onion correct

no protocol is more correct

torbrowser came second

the tcp wrapper for tor was first

Is not onion the protocol?

I get confuse about it

onion routing is the type of technology that tor utilizes

ah ok

so yeah is a protocol then

ONIONS HAVE LAYERS

hello if there are any gov employees in here plz dm me and tell me where the UFOs are
please and thank you 🙏

interesting talk starting here

there are other onion routing protocols besides tor

many times i heard people say the onion protocol

theyre just not popular

Yes there are

Gonna make pasta for dinner

tacos for dinner

its Tuesday

Rigatoni has the letter T

were doing chicken tacos tonight

then I gotta do a one way video interview for a job application

Taco FRIDAY

Sesame Street ahh statement

Good luck

Bruh I want to make enough money to buy one piece cards 😭

which is hella annoying but I bet cuts down on number of candidates

All the manga arts

Smh

Spend ur money on better stuff

Like

No

red bull

Yes

Btw I changed infrastructure behind to prevent stupid mirror errors. Now everything is on serverless edge infrastructure. FK MIRRORS

reject red bull, buy torani syrup, la croix, and mio energy and make your own energy drink

just whatever you do

dont put that in a water bottle

the carbon pressure will cause a mess when you go to take a sip

dont ask how I know

doesnt bother me but I wouldnt say it on htb discord

Ive gotten in trouble before for saying certain opinions about substances

no way youre one of the Athena devs?

I see thanks for the i think warning or like heads up or answer

I have a question for you

I have an answer for you

ye

Ok so I have decided to start HTB fr now, any tips for newbie like me

how good are you at reading

Reading gets better

btw @high lynx your avatar pic is so cool

dudeee no way big fan, been using Athena religiously love the OS

& thanks

even got HackTheClown on yt to use it lmao

Really??? Im very happy that you like

havnt heard of Athena before. Whats the two sentence pitch?

I didnt know it

English is not my first language but I can read well enough to survive

ok im extremely confused

its a wonderful OS, great job to all of you guys

outbound provides credentials from the start?

Athena OS is born with a strong MISSION message... https://athenaos.org/en/getting-started/manifesto/

I just spent the last 30 minutes testing the login page

good, do lots of googling, try starting point machines w/ walkthroughs if youre a newbie and if youre willing to spend some money to learn htb academy is a great resource

is it secure? 👀

I can check btw for about $1000

Im a pen tester

@high lynx idk if you work mainly on offensive or defensive, but in the last days I'm thinking to implement in Athena a broader Blue Team/Defensive part. I want to make Athena as a SOC node in the user infrastructure. I'm creating something like this

can someone help me with stabilizing a shell

Im confused

What's this

Thnx and will, do, another thing, I'll use this server for my studies and nothing else, if i start trolling or doing some shit, plz tag mr 🍩, he'll help me calm down and remind me, not to troll here
Again thx foxy ❤️‍🔥

i have not poked at it yet THAT much

It is a concept Im developing (in Rust ofc) to make Athena OS not only an offensive OS (like the other pentesting distros) but also a real defensive OS oriented to bigger infrastructures

i might test it tmw but first willl focus on what the box expects me tod oo

diont want to waste time too much

but well that was confusing

Cool

i have not heard of athena tbh

whats going on?

#boxes

im going to sleep in few mins so jst wanted to chill before

if you have 10 min to waste, you can give a try

with a box

Good job vro, keep poking!

to start smth off and see if i can get foothold

do some testing before tmrw so i have smth to think about

Mainly defense but I prefer the purple team approach to things, if you learn both sides it enhances what you do in defense and offense.

Im currently job hunting but Ill stay up to date on this, so this would be integrated on endpoints?

ah I see velo in there ye, so you can deploy tools more easily on machines?

Your approach is the best as long-term investment in this profession. And yes, for services like Velo, Athena will work as a Velo server, and the SOC Analyst should drop the Velo agents on the endpoints where they are needed

in this way you have the control over all your infrastructure

thats a great idea man

Imagine also OpenVAS doing vulnerability scanning on your infrastructure, and Athena will be still the central point of getting vuln info to manage

@azure wasp are you in linux now?

why are u wondering

to tell you to use ps for first time

I was also studying a way to make Linux kernel in Athena based on Rust. There is an experiment on Nix, and the Linux kernel written in Rust, is VERY VERY FAST.... The OS gets a huge boost on speed, but it requires time to be implemented in production

hmm

ps auxwwf

ok

https://tenor.com/view/spongebob-car-laughing-insane-driving-gif-6446418458611330658

this is awesome 😄 any way I can keep tabs on this?

you made my day haha

prob the Athena OS Discord server xD

What I want to implement in Athena is this kernel https://asterinas.github.io/

other people : do htb for a jb
me : work a jb so i can afford htb

https://tenor.com/view/ai-dog-ai-baby-gif-16204723542852622

isnt vip+ $250 monthly

makes sense lmao, ill hop on it I dont use discord much but ill def keep tabs on this one

Thanks for your feedback

that sound more like yearly

$250
Per Month, per user seat

3 grand a year

no lol

Im not that rich bro

it says Enterprise
Tailored cyber readiness and workforce development solutions

$250
Per Month, per user seat

monthly and annual billing available.
Cancel anytime.

where is bro getting this prices lol

vip in htb

lab

no i think you may be confusing it with something else

wat blud wafflingabt

labs vip+ is 26eur monthly

he talkin abt enterprise

OHI AM

Ep you have to buy multiple seats

Thats for companies

Whats enterprice one

companies

if u own a company

It has everything htb has to offer

reg price like $20

What if i want it alone but im broke

pay $20

Its not just labs or acad
It's both + more

wait theres pay montly and yearly this is monthly "$25
*
Per month

No annual commitment, billed monthly.
Cancel anytime."

this is yearly "$18.58
*
Per month

Billed yearly.
Cancel anytime."

but it says per month on that aswell

if you can afford it and you want to get serious about this getting VIP is the best you can do

Probably getting it some time

One is yearly

no

I can show in dms ss

https://help.hackthebox.com/en/articles/5986762-contacting-htb-support

Contact via here

Contact what

They will clear up all confusions

About htb subs

Htb support

I dont know what to click

He probably cant afford it xD

If reading public articles/blogs doesnt solve your issues

The link

Are they dangerous

PAHAHAHAH

You know you should stop trolling
That doesnt end well

No i wasnt it was just a added joke

Not Funny

Not even abit

No

Didn’t laugh

To be blunt, youre too much a newbie to be able to afford to make such jokes because people won't be able to tell if youre joking or just actually that dumb... because weve seen people actually that dumb

Whats the tea

Not much. Newbie is pretending to be an idiot, which doesnt work very well when youre ya know, a newbie

hi

because they could actually be an idiot in the end 😂

How did you figure

you tried to brute ssh

☠️

Wait but you can

That was me day 1

First box

ofc

weve all been there

U can but u need to be smarter

...as newbies

Using metasploit for it?

lol no

U dont brute force unless u have prior knowledge or hints leading to ssh

Without that

No.

Not worth the effort

A hint can be a password list of all the websites words

What is hints leading to ssh i found nothing and all i saw first was ssh not even the website even though i was told it wasnt ssh

Or domain policy

I actually know a decent ssh brute tool but it has a tendency to DoS low resource servers.

but realistically ssh accessible users tend to not have brutable passwords even with a good tool for it

Or password patterns

For a user

ohhh

no there's plenty of hints on the website of the box. you just havnt explored enough yet

I dont even know the box

But I know

but none of them suggest ssh lul

Its not ssh brute force

WingData

😐

even if htb wants you to bruteforce a user login. theyll give you a more brute friendly service than ssh

ftp?

sometimes ftp yes

ok

though with ftp its better to try anon login first

i do that

anonymous@ip

and skip password

question. I have been thinking about getting a new laptop this summer. I have a MacBook currently, but I have been getting frustrated with the os. I use a VM with Ubuntu for htb, but I am realistically thinking of just getting a Thinkpad or something and using Ubuntu as my main os. Is that a good move?

sounds good to me

I have a laptop not MacOS but i would

Who cant afford it

the one thing I like is the efficiency of mac hardware because i do a lot of machine learning too but ive been loving linux

macs are okay

its personal preference

I play with their guts too much to respect them

yeah i think my youtube algorithm is slowing shifting my preference to linux

I mean youre probably going to have to run a Linux VM regardless of what you do if youre going to be in the hacking space, so might as well go with a base that makes you happy

Ive been enjoying Zorin OS as a base for a hot minute

though some gripes are arising

if only qubes OS was more stable. Id mainline that again

Did You finish the box?

no

you get user flag yet

no

would you go to a gym with no electricty? that means the tredmil machines are not working etc

yes why not

https://labs.hackthebox.com/achievement/machine/2547616/835

Great work

Hey guys

Hello, Friend.

8 hours paid off

Bro sut the fuck up pls

So anyways

Classic elliot alderson line

Yup

🔥🔥🔥

Does anyone wanna partner with me? I'm 14 and currently building a C2 that's
Professional grade and production ready. It's more red team centered, and takes inspiration from empire. So does anyone wanna help me? I've already built the backbone. But I'm having a few issues with converting my python agent into a nim agent.

Delete

lol

lmao even

The entire project is mostly python, but I'm open to converting it entirely to C since I have knowledge in it, but I need them to carry me in doing that cuz I have 0 experience in coding tools in C. I don't want someone too old or too knowledgeable since I want this to be a learning journey

is there channel for AirTouch machine ??

I started learning C, a while ago. Still at the basics

Well I didn't specify that you need C. I was just saying that some people would be more comfortable with coding in C,

Oh

Are you interested in such a project?

I am sure there is someone, i have never coded anything in my life. Only some exploits

Well, you must know python right? Also the reason I need a partner is I need a new set of eyes, new ideas, new concepts, and more suggestions. And some help with errors WE have

I am down, although i need a day

Or two

To start working on it? And also do you mind me asking how old are you. (Take this to the DMs?)