And I code javascript

whats going on, why are you not working in IT

job requirements ask for a bachelor's I only have a lowly associate's

But Sliver works better than Meterpreter for some functions

because they are functionally different programs for different purposes

ah yes the

if paper{
};
statement

It’s bullshit if you ask me

shoulda lied

Yep the first one is vulnlab, which will retire instantly

Lets go!

I was wondering if it’s possible to replace Meterpreter.

https://lichess.org/kH5SORLH

replace?

Chess?

why would you not wanna use meterpreter?

its goated

yes... any tool is replaceable with another if you're determined enough

except evil-winrm, because no one can be bothered to write a replacement

i always opt for meterpreter shell if possible

Because it’s old

also, meterpreter isn't a hard requirement to do things with

if a guide you're using is using meterpreter, there is a high likelihood that it can be done with another tool or PoC script

I need to do some research

in all reality msfconsole is using a ruby script based off a PoC for an existing vulnerability.

which sends it to a stable shell interpreter

that has some built in functionality

Yes, but I think it doesn’t work very well in real environments

“Real”

if it didn't work well they wouldn't be selling EP licenses

🤔

Fresh air is curative I swear

Goodness

fresh nuts are also good, i like almonds and cashews

the occasional Walnut

I’m asking myself these questions because, in a Pro Lab, Sliver’s getsystem succeeded where MSF didn’t

likely some differences in how they work under the hood

Ah ok, there is an enterprise version… my bad 😬

What else was I meant to do

Good! You played well!

Literally only got to 1000 today

@supple plume Is 1600 - 1800

We played a couple of times

Echo was

@maiden anvil

thought i got hacked but amazon just randomly billing me for prime

gg

lol

anyone here????

no

no

from cybersec

no

it's a chess club

no

need serious help plz if anyone can help me out

ask

the answer is probably en passant

The glitch move

any1 using kasm round here i think ill set it up

new in cyber sec just completed the presec in tryhackme whats the next roadmap for me?? I want to grow as purple teamer

@sturdy thistle

Get Started with the HTB Beginners Bible: https://www.hackthebox.com/blog/learn-to-hack-beginners-bible

W bot

plz can u get with full form 🤣

@vestal nimbus

yeah get with full form

any free path??
like hackthebox or tryhackme?

yes plz

sry if I sound like a kid now but i am very curious to learn

i cant invest now i am just 17 thats why i am asking for free sources

ohhh

hooold up what country are you from if you dont mind me asking

can u guess?

eee india?

time to get rich

I think I am defaming my country

oh yesss

😭

how do u guess if u dont mind?

hey, i am doing info gathering web edition , and do the dns zone transfer, i think there is something wrong with module

#modules

i just did this yesterday so no way

do you remember the command?

dm me

you'll need to have the parental consent form filled out

for what?

to be able to use HTB

accounts for users under 18 require a parental consent form to be filled out per the ToS

now i have adult ids

and you're now admitting to committing id theft?

omg

you admitted here that you're 17, end of

so what the big deal?

yes i am 17

legal reasons is the big deal lol, Terms of Service

but anyone can make google acoount of adult

dude

and login

https://help.hackthebox.com/en/articles/9456556-parental-consent-and-approval-for-users-under-18

I will be 18 in 3months

it doesn't matter

Cobson

your parents need to fill out the form

@sturdy thistle typo in the PC form

not support anymore

no one is support anymore

im gonna sign my kid up when he turns 5

That's aryan

@autumn wyvern is

welp

u guyz from htb?

huh?

sorry

@somber patrol is

I would be support, but you keep kicking me out at the gates

i'm in academy now

since 3 weeks

nice

having fun with all the feedback on the jank UI changes?

ohh thats why u guyzz stopping me

i dont do UI stuff

so i dont even see

you don't see? how do you hack then?

blindly

i do QA and such

well according to lots of people the Q was not A'd for the UI change

module QA

does the thing work the intended way

i think

push button do work

push button no work

no work sad

i push the pc shut down button now

https://thehackernews.com/2026/03/weekly-recap-qualcomm-0-day-ios-exploit.html#:~:text=New AirSnitch Attack Shows Wi-Fi Client Isolation May Not Be Enough

^ip grabber

How you know

At random

Walaikum salam
I see marcie answerer :)

Salam golam

chaina

CHYNA

Does anyone here like pocket knives?

^fed

dni

I can't be a fed

explain this

perhaps it has always been planned from the start

when god made hacking why didnt he make it easier

electronics are that of demonic origin

I cannot confirm or deny

damn lucifer

lucifer is just one of hundreds of fallen angels

ur mom is a succubus and you her cambion spawn, i am a bastard nephilim and we all sing kumbaya baby

my cat is a chimaera egyptian-iranian chad

bre I open the chat and someon call my mother SucCUmbUs

https://tenor.com/view/writing-too-fire-fire-writing-writing-fire-friendcord-gif-7801118907023267493

imagine being upset

it actually made me laugh briefly

hi chatters

hi chatters

@pale basin

hey

are you awake?

@sharp shuttle are you awake?

turbo based

How goes it? I’m wondering about AI and the “cognitive debt” it might leave in its wake after seeing lots of ai hype slop

skill issue

simple

What do you mean? Don’t make me use AI to understand your question

Do you mean “tech debt”… it exists today and has existed since we started writing software

@undone fossil

hey

!

I think they're talking about users getting worse at critical thinking etc.

@zealous socket

hey !

https://tenor.com/view/lucky-star-patty-i-cant-hear-you-lalala-gif-6332485185577503664

HEY

szy!!!!!

HEY

That is a problem because how does someone who has never written code the “hard way” accurately judge whether AI is building good code

Or maybe we don’t have to give a shit

UwU

AI writes the code, Ai exploits the code, ai refactors the code… eventually it works, and meets whatever performance and security goals need to be met

dont ping king

what are you like his security or something

yeah, problem?

We gave been treating code like it’s fine wine, but maybe it is just sausage

https://tenor.com/EkWX.gif

@pale basin

yes

confirmed

and factual

thanks szymex

Some people make sausage and some people make wine.

Yes, but nobody cares how the sausage is made

😉

hi guys how do i download more ram

Asking the important questions

Yes, but they care if it makes them ill

They care about the look

the smell

And everybody knows what they eating in a cheap dog

I should’ve elaborated but yeah, this

Always happy to argue with vibe coders when Claude Code is down

Seems to be when they show up

🙂

“Where do I put my semicolon in python to run the code?”

I think code smell is entirely fixable already… don’t one shot your dev, make it write a plan, then have another agent review the plan for anti-patterns and security violations. Have another review it for violations of prior architecture decisions… have coder agents, code review agents, qa agents , red team agents, Don’t ship code until it passes all functional, performance, and security gates.

I saw a vibecoder the other week who made all this software and then couldn’t figure out what a double was

Also, review the plan yourself before you waste the tokens to build it

https://tenor.com/view/matrix-agent-smith-clone-approval-gif-16819694555183336857

It’s not perfect, but it’s better since I started doing it that way.

mount google drive to the swapfile

code is cheap, engineering is not

that's the difference nowadays

Right

adjacent but different skillsets

whats up itachi

thats not my name pal

@undone fossil I really like that phrase… I’m going to use it

RASENGAN!

There is a lot of that floating around

try again buddy

hmm

ok buddy bloody bloody

hi brath

!!

hey kozmer (:

tell that to the company i work for thanks

https://tenor.com/view/spider-dance-ilp-gif-10968519049859801761

if they pay me to i shall

hello world

I wonder what happens in 5-10 years when all the seniors get sick of reviewing AI code and retire but there’s not enough trained juniors

im in quite a conundrum

5 years LOL, bro next year AI code will be reviewing AI code

@normal drum why review it at all?

Test driven development is "currently" the way folk seem to be having success with

It already does, if the constant outages are not obvious enough,.

My AI reviews the code… does a better job than most people

agile

Just SIGTERM it

nah man we only use waterfall

noob

https://tenor.com/view/sad-cat-car-silly-cat-sad-scary-gif-12889095585962936860

"omniscient"

What’s the point of reviewing it if they’re going to bombard you with 10 new feature request tomorrow

agile is just waterfall with extra useless people in the process (agile certified dipshits)

you are agile brath!

on opposite day!

“The AI has declared that the AI is correct, ship the code”

not much different from "we investigated ourselves"

and thats good lawfare

So true

going to the toilet and realising there is no paper requires an agile solution

difference is that one can be held legally liable

Different sessions different contexts, different tenperatures…

“Claude, hire someone to bring me toilet paper”

Enforce it with traditional unit testing, sast and dast scanning, dependency tracking

I'm still waiting for something of substance in the AI takes though tbh

ai derangement syndrome

https://rentahuman.ai/

wtf lmao

ai stealing jobs more like ai giving jobs

...

so like

like

can it hire me to plug a usb into it over and over again until a kernel panic?

the clankers were really excited about this on moltbook recently

yes

Imagine an AI hires you to pass a verification test to make sure you aren’t a robot

When claude has outdated maps so it's palantir deranged cousin double taps your kid's school.

Oh wait thats already happening

https://corpwaters.substack.com/p/the-corporate-collapse-of-2026

why dont yall just accept it and go to sleep

And if you don’t obey the AI then it will ransomware you

it's over

I read this last night and I cried a little

i can attach a actuator to a drone and uhhh come to your window and uhhhhh make you feel a certain way and uhhhhhh you can uhhhh pay me for it

i just want an ai wife bro

is that relatable

Holdon, let me ask chatgpt to summarise this

lol

i had claude make me a terminal style search bar

i fw it it goes so hard

yes i too want an ai girlfriend so my wife can get an ai boyfriend and we can all become polyamorous together

I spend my whole day in terminal now…

Is this written by an AI, it did the “that’s not a [insert thing] that’s [insert other thing]”

honestly just pump me full of fent

Somehow everything is calmer and more peaceful in the terminal

I installed a terminal based music player yesterday

i am a lab rat for experimental psychoactive drugs at my local university

Kinda like it

they pump me full of all kinds of shit and watch me go crazy

Winamp for CLI

Nice

it's so cold in here

but i feel amazing

Bro is 1 step away from moving to the woods and writing a manifesto

lmfao

xD

humans as a species is such a cruel thing to design like, enabling them to create a civilization that their brains are ultimately incompatible with, or at least cannot keep up with

and someone's calling me

It’s me

why are you calling me bro

One ringy-dingy

I’m inside the house

just stay wherever you are rn

It is your AI gf, I got Claude to whip one up

i dont want her to call me right now

im busy

Imagine having an ai gf and then she runs out of tokens and you have to wait until daily reset

She can wait

thats perfect

Or you have to reset the session and she’s like “nice to meet you”

all i could ever ask for

Hahahaha

Imagine “I’m gonna ransomware your gf” being a credible threat

dont

I’m going to reset her context… she won’t remember that you forgot to take out the trash

im protective

She also won’t remember you

why is my brain not working

Her context gets wiped, she doesn’t remember you and then she hires some random guy to be her bf instead

someone's hacked me

Did you forget your tinfoil hat?

i can fall asleep but i cannot get into REM sleep

You have to pay for extra context

You need the $100/ month max plan

Maxgf.com

dude for context i stopped taking trazodone and i haven't been able to get any sleep at all, like, i toss and turn

and the ironic thing is that i feel more cognitively capable, im actually getting things done

this is crazy

i slept for like 15 hours straight at least if i had to guess, just tossing and turning, never getting to the point of experiencing any dream

Ah

I take melatonin sometimes at night, not sure it actually does a lot, but it feels like it helps

i went the extreme route and took an ssri for sleep, being trazodone

bc i had mild sleep issues

not worth it

at least imo

plus melatonin made me groggy asf

do u workout

helps sleep

Sometimes if I can’t sleep i take half of a benadryl

yeah, i lift

haha i have a funny story about this one

hatman

yall would think im questionable as shit if i told it

im not gonna

😭

I also take vyvanse, so as long as I take it before 8am, sleep comes easily

ah yes vyvanse is great

i also take that

best adhd medication ive ever taken

Same

It actually seems to work

when i first started taking it, it was extremely potent, and at a relatively high dosage it actually is working out pretty well for me, whereas other meds would have these awful crashes, not last all day, etc.

ppl shit on vyvanse bc it doesn't have street notoriety

which is silly

Takes note

dumb thing

god bless psychiatry

Brother thats not psychiatry, thats just drugs 😄

my friend used to go like

"you have the shitty adderall" and try to make me feel bad abt having extended release capsules

very slippery culture when u get on adhd meds at a young age

anyways

idk if i approach it the wrong way

i got zepbound today

for weight loss

america issue

how about just lock in and go to the gym

the helly

bc that takes time n shi

zepbound doesnt just werks

it reduces hunger n shi

let me see what else it does

"slow digestion, and improve how the body processes sugar and fat"

Vyvanse reduces hunger too. I’m down 15-20 lbs

i envy that but my issue is that i take vraylar too

Still fat though

which makes me abnormally hungry and it's hard to resist that sounds so chud-like but it's true

can we just print so much money that everyone can afford healthcare gosh

I’m a Canadian… we pay for our healthcare via taxes…

i keep having to jump through these hoops like payment assistance programs

im american jerome powell pays for everything for us

lol

alr im going back to sleep

was awake for a solid 5 hours today

and u spent an hour of that in general chat

damn

Night

backspace how long did it take u to get omniscient

2 days

A few years

I think 2-3

It’s a fucking grind

Every week you’ve got to do the weekly, plus try and tackle another box or challenge

I spent most of my free time working on it (as well as too much time when I should have been working)

i have enough coffee to be prepared

I think I got it in 2019 sometime

ping me in 2029 if im not omniscient i owe u a beer

You can do it!

If I can, anyone can

I might try

Any advice?

Be persistent, be curious, help others, ask for help when you need it…

No

https://tenor.com/view/arthur-lies-lie-internet-lie-stop-lying-gif-16106191074125891844

lol

hey people. just joined HTB. I have zero experience and am starting at square one. Any tips or advice? 🫠

Get Started with the HTB Beginners Bible: https://www.hackthebox.com/blog/learn-to-hack-beginners-bible

Yep! Welcome to your new obsession

Turn back now

Sorry I meant proceed

I always get those two confused.

ight, imma head out now before forming a new addiction xD

That’s gotta create a lot of problems

https://tenor.com/view/car-nope-turning-back-going-back-turn-back-gif-23660450

I for one fully embrace the power of the dark side

https://tenor.com/view/cackles-star-wars-sheev-palpatine-gif-15366449

https://tenor.com/view/you-will-try-anakin-skywalker-anakin-skywalker-made-by-fordo-gif-27525595

https://tenor.com/view/scedaddle-scadaddle-benjammins-time-to-leave-time-to-head-out-gif-77735242597555461

https://tenor.com/view/spongbobe-gif-10360974685639755235

https://tenor.com/view/chuckles-im-in-danger-ralph-wiggum-the-simpsons-gif-14149962

https://tenor.com/view/bro-gif-22919429

ok. i feel like the biggest loser in the world sending gifs as links, im for real gonna head out

Good lick with the hecking

its gonna go great. off to a strong start.

I shall try to help others after I gain the skills

.

Hello
I need help with a module; I've been trying for a long time.
Can someone help me privately or should I send my question here?

Hello, may I ask if there is an issue with connection section, having VPN option missing from options when trying to finish academy material? Maybe I missed something

I noticed that too; sometimes it appears and sometimes it doesn't. I refresh the page and it appears. Otherwise, I reuse the previous VPNs.

Fractal.

Thing is I fail to find any VPN file whatsoever, so I am stacked in Pwnbox instances. I've refreshed the page lots of times, maybe Ill try some cookie/cash reset.

Same thing, there is no HTML value as "VPN" loaded there even...

Module: information gathering web edition skills assessment Q: What is the API key in the hidden admin directory that you have discovered on the target system? - I tried using gobuster and fuzz, but I didn't find any subdomains. I want to know if the problem is on my end or if the lab is malfunctioning. These are the commands I used: gobuster vhost -w SecLists-master/Discovery/DNS/subdomains-top1million-110000.txt -u http://inlanefreight.htb:31731 --append-domain -t 200 and fuzz: ffuf -w SecLists-master/Discovery/DNS/subdomains-top1million-20000.txt -u http://inlanefreight.htb:31377 -H "Host: FUZZ.inlanefreight.htb" -fs 120. I used -fs because otherwise everything would return positive, so I filtered by size. It seems that no matter what you pass to it, it always gives you status code 200: ~$ curl -H "Host: dev.inlanefreight.htb" http://inlanefreight.htb:31731 <!DOCTYPE html><html><head><title>inlanefreight</title></head><body><h1>Welcome to inlanefreight.htb</h1></body></html>

I have no idea how to help you friend, that's the solution I found. All that remains is to use pwn box

I tried from another device, same thing, must be something else. Thank you tho

I'm having the same problem, except I have the VPNs saved. It seems to be a bug.

Hi

HEllo

Are there any Indonesians here?

No.

#modules

why are you looking for subdomains if the question says hidden admin directory

I also listed directories, so I didn't find anything there either, I thought. I suppose I should look for a subdomain and list the directories there. But I found neither directories nor subdomains.

Try another list

I've already tried a lot of dictionaries.

anyone having issues

with the machines von

vpn

I think it's happening to all of us.

ohhhh

Hey, there are some clues

https://forum.hackthebox.com/t/information-gathering-web-edition-skills-assessment/319537/6

im having the issue where my internet route is changing

Thanks friend, but I already tried all that and still no directory or subdomain appears.

I’m making my own cheat sheet website on my profile but I’ve only added up to Linux fundamentals section 14, I’m on like section 20 so gotta add the rest still but there’s a lot of directory related stuff in it already

Thanks

@stoic flint I'm sure there are some public solutions on google.

I don't believe this is the API key on Google.

Cool website

Well when you find the hidden admin directory what do you do? Have you found the hidden admin directory yet?

Thank you, Claude Sonnet 4.6 🤠🧳

Salta, Argentina.

Why does the new UI is eating half of the screen without beneficial content

like what should I by staring at the header and footer for 24/7

gobuster dir -w SecLists-master/Discovery/Web-Content/DirBuster-2007_directory-list-2.3-big.txt -u http://inlanefreight.htb:30197 -t 200 R: Progress: 1273832 / 1273833 (100.00%)I haven't found anything.

Morning

You downloaded that directory for the wordlist? I was told default directory is /usr/share/wordlists/

Morning

Did you find any subdomian?

Try ffuf command same arguments basically

i do know of the sub dom named ian yes

Ffuf -u url -w wordlist

Maybe ur wordlist just crappy idk

Yes, I already did it.Yes, I already did it. It didn't give me anything either, use: ffuf -w SecLists-master/Discovery/DNS/subdomains-top1million-20000.txt -u http://inlanefreight.htb:30197 -H "Host: FUZZ.inlanefreight.htb" -fs 120

Maybe you need to try a larger wordlist for sub domain

I already tried the largest one: subdomains-top1million-110000.txt

If no wordlists are bringing results like any at all then the problem is the format of the url

I simply get nowhere:

Try changing the url around

Make sure it ends with a slash etc

I'm sure you'll find a specific domain, and its webpage will reveal information about a hidden page.

Yeah honestly you can just curl random page names and find it probably 😂

It only finds Index.html

Please avoid saying stupid things. I'm trying to figure this out; I need help. Apparently, anything I do makes it return the index. Well, I guess it's because it uses nginx, but even with the size filter, that should be enough.

That’s what your module is about

Finding the page and viewing the contents

curl -H "Host: asdfasdfasdf.inlanefreight.htb" http://inlanefreight.htb:30197
<!DOCTYPE html><html><head><title>inlanefreight</title></head><body><h1>Welcome to inlanefreight.htb</h1></body></html>

That’s all I said

Your command format is wrong

I don’t know what it is but you’re missing something in the command, I guess if it’s retuning an index then the url format can’t be wrong

And manual checks aren’t an uncommon thing for common page names, it’s always worth a shot

Have you tried the gobuster to search the sub domain?

I ALREADY TRIED IT, IT ONLY RETURNS AN HTML WITH TEXT THAT SAYS WELCOME.

Yes, I already tried that too.

here

I did a manual test, ffuf, go buster. I don't think the tool is the problem. I already searched on Reddit, but it just doesn't find anything; it's like I don't have a vhost.

Have you changed your /etc/hosts? or you local hosts file

I was about to say that, I remember having to do that in a module practice, it made it so that the connection is simply hosted correctly, without it it will resort to default connection I assume

YESSSS, that's how it looks ~$ cat /etc/hosts

Standard host addresses

127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
154.57.164.67 inlanefreight.htb

Til #general is now #modules 😩

Nobody answers there.

did you try /FUZZ/ instead of /FUZZ

and what status codes are you matching with ffuf by default it excludes some maybe you got 405 or something and it didn't catch it do -fc 1-999

-mc not -fc lol

Great observation, but I tried with GoBuster and didn't get anything either.

which one is better gobuster or fuzz?

I prefer ffuf

ohh

why?

more things you can do with it than gobuster

Like finding hidden parameters

Fuzzing many things concurrently

Well I guess gobuster can also do it haven't used it much but I think they also have some fuzzing mode

hmm

ok

thanks for attention btw

I will try fuff

I already tried -mc, but I'm not getting anything. I'm filtering by size because otherwise everything returns 200.

You tried -mc 1-999 -fs 120?

ok

I'll send you the result when I'm finished.

You never clarified what your problem was there. People are not mind readers.

Clearly stating which module, section, and question you are stuck on, along with maybe some things you tried without spoiling content typically yields decently fast responses.

nothing: ffuf -w SecLists-master/Discovery/DNS/subdomains-top1million-20000.txt -u http://inlanefreight.htb:30455 -H "Host: FUZZ.inlanefreight.htb" -mc 1-999 -fs 120 -t 200 R; :: Progress: [20000/20000] :: Job [1/1] :: 820 req/sec :: Duration: [0:00:24] :: Errors: 0 ::

That module is broken. I have the gold subscription and followed the official solution and it does not work. Write to the support on the website

Thank you, I was expecting that answer. I can finally stop believing it was me.

I realized this by doing: curl -H "Host: asdfasdfasdf.inlanefreight.htb" http://inlanefreight.htb:30455
<!DOCTYPE html><html><head><title>inlanefreight</title></head><body><h1>Welcome to inlanefreight.htb</h1></body></html>

Specify the section and what I did with the commands. I was just banned from that server. It's just that it bothers you, you should be quiet, you should be helping. There's nothing wrong with asking here, are you the owner?

imo if theres other convos going on keep it to the relevant channels even if responses are slow. If chat is otherwise dead tho then who cares

mornin people

I will make you my jam boy

The chat was inactive; I was just looking for some help, I don't see anything wrong with that. Maybe you could correct me or give me some ideas, that's all I was looking for. I think "General" is broad enough for me to ask my question. I resorted to this channel because the moderator in the other one told me she was busy.

yeah then who cares

also wrap code in back ticks

Like so

That little pest just wanted to cause trouble.

I have tried out claude code for the first time.

I ran one prompt and it consumed 48% of my daily tokens

jesus

tokengate

the problem is solved by avoiding it all entirely

yeehaw

There's zero need for name calling, and I did give you some good advice. That module is tier two and shouldn't be discussed out in the open like that.

im still on chatgpt because i think claude causes absolute brain collapse by making things TOO easy

i need to play chatgpt ping pong or else ill not remember anything

I won't allow you to call me when I ask politely. Also, stop pretending that you're the only one bothered by this.

no idea what this argument is about, but i can guarantee it ain't worth it

Im just trying it out to see if it really is as good as the diehard fans says it is. Id rather have an informed opinion than a feels opinion

unfortunately theres a power outage going on now and its family bedtime, so I wont be able to actually investigate the prompt results for my project till tomorrow/friday

for below average software developer, it's kind of meh.. it takes actual software architecture skills, prompting skills, and software development background to get actually good results out of it. but then it's like you're the lead developer leading a team of 5 semi- to competent developers.

especially on issues like modularity, reusability and testing correctly you have to direct it

Ok so finally I’m not sick anymore

I was reading the documentation and I was pleasantly surprised how much general just good advice for using AI there was.

Stuff that 99% of vibecoders dont follow lmao

And I’m more or less caught up on electronics work (no need to cram anymore)

So tomorrow I can do HTB again

yeah. I work and discuss with actual lead developers who are into AI using and they all describe it as force multiplier that allows them to accomplish in day more than they used to do in week, with same overall quality.

But humans who know how to code still need to be the ones using it

Right?

Yes, AND if you are below average developer you will never be using it well.

Ya ok

So might as well still need entry level developers

Etc

At least for now

Like Ive always been saying: review and verify or youre doing it wrong

Maybe in five years it’ll be different

For lead developers to emerge - sure. For software projects producing new software entry level coders are simply unnecessary today.

Ya we’ll see about five years or ten years from now

Hello everyone!
Is there any chance I can use old style of hackthebox academy???

No, it's gone unless htb reverts, but they seem pretty dug in on 2.0.

i just found a bash scripting module question on stack overflow 👀

and it had 2 solutions as well 👀 👀

which gave the correct flag

Report the URL with /spoiler

👍

done

the only way for that not to happen is if suddenly all the tokens just skyrocket in price

and that’s not likely

Why do you think that is unlikely? This was a discussion today on theprimeagen’s standup and how that is very likely the direction

I think thats very very likely, slowly, systematically, when the gov subsidies run out, normal people will not have access to premium models

Yeah the main point was that only a small subsection of users, vibe coders, use large amounts of tokens and it will be inevitable that a popular tool becomes mainstream that is not vibe coding that will use large quantities of tokens

Moltbot proves there is a market for it

i was ment to say pretty likely yeah i agree with yall 🙏typo

you need a bigger list

wassup

I wanna start a research group and bugbounty team : /

Can I join 😄

i wanna get experience

i learn more from experience than just sitting and doing exercises

Morning

Morning

https://tenor.com/view/morning-gif-18014148662754561971

Morning

Only 14? What a steal!

@ornate ibex @scenic maple delete pls

oooo

sory

!golam del

I didn't know it was forbidden, I just wanted help. @sturdy thistle

i dunno what happeend

but what did you need help with

just ask high level dont paste stuff

Do i really need to Read the introduction of pentesting?

if you want

Pterodactyl I couldn't root the machine; I keep getting the same error.

#boxes would be more apropriate

Gday chat

Sup

Is HTB down?

not that I can see

let me check academy

Apparently, the team is already working on it

oh, yeah, infinite load

although, labs is working

thanks!

the academy is working just fine

i just compelted a module and started another one

account is not working

for me anyway

mistype LOL

Holy actual smokers

I think someone just tried to hack me

Yeah they contacted me for a job

Now theres an assessemnt I have to unpack a file and run a docker container

ouch 😂

But their website is dysfunctional

Not entirely unheard of

But if they reached it first kinda sus

And they have 20k followers on linkedin but no activity in their posts only 2 likes each

i appliped for a python dev internship and i got an offer for ~$200/month from them. keep in mind im a freshman college student who applied randomly without even trying

Maybe is one of this Lizard squad guys, I heard they need someone who can manage compressed files properly

and their website is so messed up that the company's own name is different in their website's subdomains

Run lol

different subdomains have different names 💀

How is that even legal to pay 😭

That's super below minimum wage (in the US)

Most places

Not all, but most.

well in india, it's a barely decent offer

for freshmen, its a very good offer (if they actually get it)

the pay was not the most sus part tho

You're only working like 7 hours a week?

yup

Indiana goes off of federal minimum wage so it's like $7 an hour

its india 💀

not indiana

i converted the currency for yall

Oh I misread

Bruh

id prolly have to work at max 14 hours a week

that's actually a pretty decent pay for 2 hours of work per day

given that i could do insane amounts of work in 2 hours

Less then you think tbh

When company bureaucracy / dealing with others things go slower

It’s different doing things for a company/ in a team

Hi, is there a problem with HTB platform? I'm getting 502 response trying to access https://account.hackthebox.com/

yep me too!

was about to ask through a proper channel like a ticket or somethign

checked status but they were showing operational since 11th

uhh... Guys why am I unable to connect with my release arena vpn file? And also i can't find any release arena or seasonal vpn files in the list. I haven't opened the HTB site since last Saturday, please help

there are issues going on with vpn which are currently being worked on for a fix

oh.. ok thanks thought there was problem on my end

yeah, your welcome, for now the site isn't responding

is everything working now?

yep working perfectly! thanks!

you know what's funny
a person in my country is currenlty #1 in HTB labs by solving tons of machines and challenges in a time that just doesn't make absolute sense

dm me

Yup, Thank You

Is it normal to dream about the box you did the day before?

yes

No arch nooo

cough the terminal cough

yes, 🤘

And it’s equally stressful

what's the problem with the terminal

I like Arch, but it’s too much hassle. It slows down my workflow

no hassle for me, already seasoned

do I want my terminal blue? well I already have a script for that

don't let bro discover ricing

I am fine with just customizing kde a bit

i am fine with you

kde works fine

Have you tried void Linux yet?

Because you’re confident. I made my choice and decided to focus on Kali. But I know the terminal and how packages work

not yet

It's a lot easier than arch btw

Faster too

I'll definetly try it at some point

Hi everyone who has done the Sherlocks: ShadowBait.

Can anyone help me find the answer for tasks 6 and 7? I've solved everything except those.
https://app.hackthebox.com/sherlocks/ShadowBait

#sherlocks

Hell yeah. I highly recommend a window manager for it 😉

Thank

Niri is my personal fave still but hyprland is also good on it.

https://tenor.com/view/arthur-lies-lie-internet-lie-stop-lying-gif-16106191074125891844

You can customize Hyprland however you like. It’s very useful, but I don’t have the right hardware for it

@supple plume

Get out

🚪

@supple plume

Bro what

You delicate little flower

morning guyss 👋

Good morning

🔫

ayo

Can we not?

He just said greetings 👀

the rest was deleted

now that makes me curious

Restore it

Im still waiting on your PR sado

Hey guys

I need an alternative to chatgpt that will help me write malware

Do I just use copilot

Or is there a product for hackers

Mostly I just did not program very much and need the help but my chat gpt is inconsistent in helping

just use claude vro

one dude made a literal os with claude 😔

I simply don't feel like in this day and age that I should be writing my own malware

Have you tried learning to code and becoming a software engineer? It's still the preferred method for malware researchers, even the ones most successful with modern LLMs

AI is more than capable of writing malware

Bro do u know how many things I have to do

U want me to slow down and write var x = 1++

Coding != Softwareengineering.

You still need to understand Code if you vibe code and the funniest thing is your malware needs evasion tactics and needs to exploit vulnerabilities. Things a LLM can't provide you since it is learned on public data

Okay there is one more problem I have

If you don't know how to do anything, how can you be the person who directs the AI to generate anything worthwhile?

My chat GPT cannot handle large data

no int x += 1; //we want to use C

You have a fundamental misunderstanding on how an LLM works

Like for example if I want to put into chat gpt every single GPO that exists in an environment

And then make it for example find SIDS of my choosing

I cannot do that

Is there an AI which handles large data

And can make spreadsheets

This should be a thing

then teach me

Not yet. LLMs are notorious for not retaining or reviewing prior actions

Bro I am legit the only real AI red teamer

Everyone else is just trying to be trendy

Contextlength is the one thing that keeps LLMs stupid lol, so no if the biggest companies don't provide enough contextlength, nothing will

An LLM does not depend entirely on only the data it has learned. The fact that it has only seen public data does not mean it cannot create new things.

It is more than capable of discovering and writing 0days on completely new software, because an LLM depends on patterns. It learns patterns from it's training data. It does not depend only on previously seen knowledge.

Hello everyone

I haven’t learnt in some days

I’ve been busy

No shit sherlock. But who provides the samples? Someone who does not understand anything or someone who identyfies the possible vulnerable code? You can't just put a whole app into an LLM and hope it writes you a zero day, that is my whole point

You can feed the codebase to AI and have it attempt to fuzz it...

Yes you can, LLMs are used to automate bug hunting on Hackerone. I'm pretty sure an AI used to be #1 on their leaderboards

But it sure does help if you have an understanding of what's actually happening

Lmao, I was busy
And today i overslept (till 4pm)

But "can" you create malware?

The scary thing right now is how fast AI can build an exploit once a zero-day or CVE is disclosed. The gap between discovery and KEV is shrinking

Yeah

In the future most of us will have no jobs

so the patching process also needs to be AI-automated to the maximum extent possible or we'll drown in CVEs

The good part about AI, though, is it's everything I wish Stack Overflow was. Instead stack overflow is a literal shithole, so

lol, true that

Fair enough ig

You seem to speak with experience

yesterday you were talking about a full agentic code development flow, ranging all the way from architecting, sec review, code review, ... unit testing. Do you have that setup? Or can you point me to any articles so i can setup a barebone for myself?

I actually open-sourced it yesterday

We'll drown in AI CVEs yeah, it started poisoning itself already by hallucinating stuff into the internet and using this crap to train itself.

https://github.com/backspace-shmackspace/claude-devkit

This is claude specific ATM, but I'm going to update it to work with Gemini... people are welcome to use it or modify it as they like.

I'll qualify this by saying "I am not an AI Expert" I am a developer who's been using it to help me solve problems for a few months now, and this solves a problem I was having. It's not perfect at all, but I'm pretty happy with the results overall.

Yeah AIs are used so much to automate bug bounties on hackerone that projects like Curl have to shut down their bounty program cos of all the slop they were getting

It was still #1 on their leaderboards, so it was generating legit stuff, and doing it faster than people

hey, was learning networking from professor messer, then would i have study anything on top of that for networking ?

The reason it appears to do things faster is that 90%+ of what it does is wrong, and it creates absolute mountains of wrong answers until it randomly comes across the right one. There's nothing like beating the odds by bruteforcing the solution

It was still #1 on their leaderboard 🤌

Being obsessively against AI just because it's "against the trend" is the dumbest shit ever lol

hel lyeah

techniques are changing gotta adapt or be left behind

Yeah but how much waste was created for that? How much training data was stolen? How many tonnes of fuel were burned to train that system? How much rain isn't falling in the world to produce all that slop?

Yeah I'm just not going to get into the whole "stolen data" bullshit lol

Again people being obsessively against AI for literally no good reason whatsoever

hey, was learning networking from professor messer, then would i have study anything on top of that for networking ?

The world moves in the direction it moves regardless of all the copyrights violated, or the atmospheric impact, or the energy waste etc, so just deal with it. You either use that tech to your advantage, or just keep whining like a baby 🍼

Well pretty much all of the internet is built on networking so... depends on where you wanna go from there but learning networking is essential.

xbow is a project by a security team, this thing helped finding bugs but it did not by itself. Costed probably more than it earned and had to be supervised by a team of people

I am not against AI, I am just against doomers, AI is an awesome tool, not more not less

hm

Yeah. Some people just hate it for no reason 😂

AI has its upsides, it is used to produce a lot of very interesting things. But we still do need to explore the questions where the answers are unpleasant. That's how the cybersecurity industry got started, after all

The same goes with the Microsoft hate and all that shit too. Just hate for the sake of hating

Not saying it's perfect, but it's definitely a huge part of the IT industry now. And we have to use it as a tool to our advantage

No, not for the sake of hating. For the sake of it being not only mostly useless, but actually creating more work and stress while costing vast resources. Eventually the vast waste adds up to more than the useful output, and all I'm saying is we have to make sure we understand the rate of deterioration of the rest of the environment, notice what direction it's accelerating, and see if we can do anything to correct it. Right now we're in a speeding bus on a mountain road and the bus is going forward, but it's pulling very strongly in an unpleasant direction, and some people want to leave the bus to drive itself

bro now you are getting into deep water

Hallooo

where can i ask questions abt bug/s

is there a sepecific channel i mean ?

#1234357888114364508 or support on the website

meghcii

oh wait

bugs in general not bug in the platform itself

Who's, "we"? "We" are the billion dollar tech companies that do this regardless of the environmental impact or the resources or anything. They will keep doing this no matter what.

So why worry about resource wastage? Individually not using AI is not going to solve anything. All I'm saying is, just accept and role with it.

oh just ask then, maybe someone will answer

and the impact of ai in the htb?

More targets

i was looking in older boxes and the solution time had decrease by a lot now

I believe the boxes became harder but the time of the first blood decreased

To sleep again 😔

the amish people might be onto something

maybe living offline is the best

give me all of your devices

And go offline

imagine explaining active directory to an amish

We all want to retire early and never look at the computer again.

I think explaining AD in simple words is pretty easy?

Active Directory is like one big shared family ledger book that the boss of a big company or school keeps.

Instead of every computer and person having their own separate list of passwords and permissions, everyone’s name, password, and what they’re allowed to do (open this file, use that printer, log into that computer) is written in one central book — the Active Directory.

• When you sit down at any work computer and type your username + password, that computer quickly asks the central book: “Is this the right person? Do they get to use this machine?”
• If yes → you’re in. If no → door stays locked.
• The boss can change things in the book once (like “this person is fired” or “give Sarah access to the accounting folder”), and it instantly works on every single computer in the company — no need to walk to 500 computers and change them one by one.

Passive Directory where

what is computer and file? Am I accused of a crime? And what is a printer and why is it stealing my log?

We got an amish here

I've worked with it on and off since NT5 was the name of the system that became Windows 2000, and had studied things like LDAP and X500 in college prior to that. I don't think the Amish have any problems, the solution to which is directory trees and IAM

ANyone do azure pentest offically?

i have some questions

Better to just ask the questions then

if i did people who dont do it would give there opinion

and not looking for that

always does happen

Probably best to ask in #red-team or #careers-and-certs

I forgot I was writing something I’ve been putting chairs around my room

hi so much for subtlety, don't see you here often, hru 🙂

😄

👽

Why bro

Changed your username 🥀

why wut

This is cool tho

But stick with one

Rocky road ice cream for breakfast

https://tenor.com/view/nacho-life-good-my-life-is-good-really-good-gif-4052742

I’ve been trying something with alien for ages, but everything was taken, so this one ended up sticking 🥀

sticked!

it sucks I have to keep loggging in everytimeee

2 min

Any hacking today?

Pro labs

I'm making this lil machine for htb 🍫

It's going to be some hacking for testing 💢

turbo

What is up with all this asshole science everywhere

Flies being controlled through wires in their neural network

ehehe

Where are we headed as civilization

Too late to talk about it