is metasploitable2 good for training?
#general
lofty marsh
molten bobcat
It's just an automation framework
supple plume
It's just an automation framework
Metasploitable 2 is a deliberately vulnerable Linux virtual machine created by Rapid7
young glen
With OWASP top 10 right?
supple plume
is it? π
What about you hack it and find out
lofty marsh
What about you hack it and find out
I mean isnt it limited tho?
supple plume
I mean isnt it limited tho?
Everything is limited bro is not an unlimited source of knowledge
molten bobcat
Oh apparently I was wrong
Wack
I've been enjoying my days off
Yesterday sucked emotionally but I'm fine
lofty marsh
Idk vro Im doing a cybersec seminar and the professor put metasploitable to teach us nmap 
frail turtle
never use them
supple plume
I'm gonna become a loser EDC guy
Bro youre young you can become whatever you want
frail turtle
buy $1000 knife
supple plume
Idk vro Im doing a cybersec seminar and the professor put metasploitable to teac...
Metasplotable is good
frail turtle
never use it
supple plume
Is the first thing I ever hacked
molten bobcat
Idk vro Im doing a cybersec seminar and the professor put metasploitable to teac...
Nmap is just a tool it doesn't even need security related
And the first thing I hacked was my own router lol
heady sage
Thinking about going scorched earth on these mfs who donβt know what theyβre talking about
supple plume
buy lockpick tool to fit in pocket
See the pattern?
lofty marsh
Why did you guys gatekeep me metasploitable2?
supple plume
Iβm too damn nice to do that though
Recomend me a lab to document the shit out of it
lofty marsh
I thought I could only hack htb labs
supple plume
Why did you guys gatekeep me metasploitable2? <:sadglas:751888349136027678>
Bro what do you talk about the world is yours download that bitch and hack it don't blame me for not doing it
lofty marsh
Bro what do you talk about the world is yours download that bitch and hack it do...
Dude I thought it was only thm/htb training or unethical π
molten bobcat
Nah
molten bobcat
There's a lot of different methods for approaching things ethically
supple plume
I didnt know metasploitable was a thing
There is a lot of labs out there to learn legally
heady sage
Recomend me a lab to document the shit out of it
https://portswigger.net/web-security/jwt/lab-jwt-authentication-bypass-via-kid-header-path-traversal
molten bobcat
Ethics is more about a mindset than anything. You're not learning how to commit crimes you're learning how to prove vulnerabilities exist
supple plume
https://portswigger.net/web-security/jwt/lab-jwt-authentication-bypass-via-kid-h...
Target acquired
π―
muted olive
lofty marsh
Ethics is more about a mindset than anything. You're not learning how to commit ...
Well yee
But how to train with that was a question for me always π
Now it's answered
Basically a sandbox
supple plume
Basically a sandbox
Bro virtual machine π₯
lofty marsh
Bro virtual machine π₯
What am I gonna do with an empty fedora vm? π₯
Sniff it?
Touch it kindly? 
lofty marsh
Why do you send a kids emoji after saying that...
Why did you think this way? π
Dude u weird-
supple plume
I'm not the one getting weird about a fedora
supple plume
How do I use a vm for a sandbox...-
Wdym a sandbox bro
crude nest
I'm not the one getting weird about a fedora
Fedora 
supple plume
You want to do the metasploitable
lofty marsh
Bro virtual machine π₯
.
supple plume
I was a kid I watched a youtube tutorial and I've set up the vm
Followed the tutorial
Hacked the machine and learned nothing
You can do it
Quit whining and just do it
lofty marsh
Hacked the machine and learned nothing
man.
patent lily
meat sploitable
supple plume
Bro
lofty marsh
meat sploitable
yessirrrr
supple plume
Do you need me to go to your house and set it up?
lofty marsh
Do you need me to go to your house and set it up?
I would rather you share screen me
crude nest
meat sploitable
Plesse don't do that to my π
lofty marsh
pwiz
supple plume
I would rather you share screen me <:sadglas:751888349136027678>
Just get an indian youtube tutorial
lofty marsh
bruv
supple plume
Seriously
lofty marsh
I dont know if Im explaining it wrong or u dont understand me 
WHAT VIRTUAL MATCHINE BRO π
patent lily
WHAT VIRTUAL MATCHINE BRO π
windows xp
supple plume
How to set up metasploitable
supple plume
Aaaaaaaaah
lofty marsh
supple plume
Bro π’
supple plume
Man
lofty marsh
Sir
supple plume
What did I say that was confusing
supple plume
Im not shitposting
molten bobcat
A sandbox is a virtual machine that has no Internet connection or shared directories with the main host
It's used to fuck around with software that might be dangerous or malicious or just outright unstable
supple plume
A virtual machine is a sanboxed environment as far as I know
supple plume
If I said it wrong I wasn't trolling
lofty marsh
What did I say that was confusing
When you say Virtual Matchine
molten bobcat
Yes yes
lofty marsh
You arent specific
supple plume
Bro
molten bobcat
Any of them are
lofty marsh
Any?
molten bobcat
Yessir
lofty marsh
Even fedora?
molten bobcat
Ye
supple plume
Just look up some tutotials on youtube I'm not trolling
rapid badger
supple plume
They explain how to set it up
molten bobcat
If it's in a virtual machine it can be considered sandboxed if it's not connected anywhere else
patent lily
Install windows xp sp1 it's better than meatsploit 2
molten bobcat
Install windows xp sp1 it's better than meatsploit 2
This is meme
lofty marsh
What do I even hack on an empty vm?
patent lily
This is meme
How so
molten bobcat
What do I even hack on an empty vm?
You don't use sandboxes to perform security testing
Unless you're
A blue steamer
patent lily
He will learn to use metasploit
molten bobcat
Steamer? Teamer
molten bobcat
Anyway I have a sandbox so I can test malicious urls
And other things
Cuz I don't want that shit on my host if it infects the host
Right?
lofty marsh
You don't use sandboxes to perform security testing
Then what do I do with them
lofty marsh
π«
turbid bloom
Cuz I don't want that shit on my host if it infects the host
true
patent lily
It right now
but he doesn't want a sandbox he wants something to hack like metasploitable
lofty marsh
but he doesn't want a sandbox he wants something to hack like metasploitable
THANK YOU
turbid bloom
i could just open them in windows sandbox π€
supple plume
What I don't understand is with the amount of material out there including llms that will simplify it for you why do you keep asking here the simplest things instead of researching and come up with questions that are not easy to find out
lofty marsh
Cool, htb offers a bunch of these lol
Yee but they are specific things tho on htb...
I want to hack anything
turbid bloom
What I don't understand is with the amount of material out there including llms ...
you've got a fair point there
molten bobcat
All of these boxes are hackable virtual machine
molten bobcat
Heya
lofty marsh
Nuke tha bih
supple plume
Anyway good luck
patent lily
Nuke tha bih <:sadglas:751888349136027678>
molten bobcat
I think it's important that you understand how computers and servers work first
Otherwise nothing will make sense
lofty marsh
I think it's important that you understand how computers and servers work first
Yee but the thing is I wanna be able to hack anything so I understand how attacks work and the tools flexibly
molten bobcat
Yee but the thing is I wanna be able to hack anything so I understand how attack...
I understand that is your end goal
lofty marsh
Without needing to do specific tasks
molten bobcat
Without needing to do specific tasks
Too bad
lofty marsh
Too bad
What I mean is I dont wanna be doing Cap for example which is a specific step by step CTF π
I wanna do flexible attacks..
molten bobcat
What I mean is I dont wanna be doing Cap for example which is a specific step by...
That's too bad
What you're describing does not exist
lofty marsh
Then what is Metasploitable?
rapid badger
patent lily
Yee but the thing is I wanna be able to hack anything so I understand how attack...
Brah I'm telling you install windows xp sp1 on the vm and disable firewall on it you can "nuke everything" you can do smb hacking, rpc exploits, you can hack the browser in like 5000 different ways no joke
lofty marsh
molten bobcat
Dude, I have a successful career and I have never used that
I need you to understand there is no one single solution
patent lily
Then what is Metasploitable? <:sadglas:751888349136027678>
What's your problem with the metasploitable did you do it already?
molten bobcat
I'm good at what I do because of my practice and understanding of operating systems, networking, etc
I've been doing this for years. It's work.
lofty marsh
I'm good at what I do because of my practice and understanding of operating syst...
Yee ok I understand what ur saying
But I wanna do it and train how you train with coding
molten bobcat
No
lofty marsh
Flexibly.. no step by step
molten bobcat
Everything in this world is step by step.
patent lily
Flexibly.. no step by step
But if you don't know the basics you won't even be able to hack metasploitable
molten bobcat
Homie, this word "flexible" makes it sound like you want an easy way to the top.
patent lily
Gotta learn something first
lofty marsh
Homie, this word "flexible" makes it sound like you want an easy way to the top.
Dude I wanna touch things with my hands that are 100% vulnerable π₯
I think thats what metasploitable is too
everything vulnerable
molten bobcat
Ah so you want things to be easy?
patent lily
everything vulnerable
Yes
lofty marsh
Ah so you want things to be easy?
π
Man...
Listen
Im not saying I want easy shit
molten bobcat
I'm trying bro what you're describing sounds lame and pointless lmao
I wanna give you tangible real goals
lofty marsh
I'm trying bro what you're describing sounds lame and pointless lmao
I want to touch shit 100% vulnerable to test the tools and learn where and how they work...
So when I do CTF
I do them with ease
And not like
"Yo how the fuck do I exploit that"
molten bobcat
That's literally how all the boxes work bro πΉ
lofty marsh
Idk how to explain it to you further bro..
Either Im not explaining it good or ur not understanding me
Or both
molten bobcat
Are you familiar with the expression "more than one way to skin a cat"
heady sage
Gng ts is not complicated
molten bobcat
Awful expression
heady sage
I agree, you canβt skin a cat. Theyβre too fast.
molten bobcat
SO IM GONNA BUST IT DOWN FOR YOU REALLY SIMPLE RETRO SIR
lofty marsh
HAHADHAHAHHAHA π
molten bobcat
Everything red teaming focused has Categories
If you focus on hacking websites
Okay, that's called Web
molten bobcat
I need you to fucking understand that there are thousands
And thousands
And thousands
Of techniques
JUST FOR WEB ALONE
THATS ONLY WEBSITES
heady sage
Gang you canβt
molten bobcat
Correct you cannot
heady sage
You have to pick one
molten bobcat
Or, you learn the most common ones π
lofty marsh
molten bobcat
It's better to know about 80% of something than 0 right?
lofty marsh
well yee u right
molten bobcat
No one human knows everything about web security
supple plume
It's better to know about 80% of something than 0 right?
Better 80% of something than 20% of 4 things
molten bobcat
Security is a collaborative effort. We work together
buoyant wyvern
<@1383455717561733181> does
No he doesn't
lofty marsh
He failed the "Im not a robot" shi
rose onyx
Dabble in a little bit of everything to recognize some patterns, focus on a key area that you really like. Shrimple.
molten bobcat
Anyway web is literally just one category
We also have Forensics
Reverse Engineering
lofty marsh
Yee Im aware of all this
supple plume
<@1383455717561733181> does
I know some things but I'm not even close to know all of it
supple plume
The subject is massive
molten bobcat
But yes please understand that there's a very large amount of things to learn so you can't just be "flexible"
molten bobcat
You grow to be flexible by focusing on a topic until you're cozy with it, then moving to another one
lofty marsh
Potato - expensive rotten tomato
What kind of tomatoes are you buying my guy
molten bobcat
Real
lofty marsh
You grow to be flexible by focusing on a topic until you're cozy with it, then m...
I mean yee...
Now I understand how I wanna tell you
molten bobcat
It's not gonna take your whole life, relax lol
lofty marsh
Hear me out
In htb labs you have to do step by step shit right?
recon touching exploiting and privilage escelation..?
molten bobcat
It's not explained to you what the steps are
But yeah, those steps don't ever change..
heady sage
It's not gonna take your whole life, relax lol
Itβll only take like years but not your entire life
molten bobcat
You'll always enumerate something before you privesc
lofty marsh
I dont wanna do all these step by steps then..
molten bobcat
Then quit
heady sage
C1oud is also very good at what he does smhsmh.
molten bobcat
I need you to wrap your head around this. You have to scan something before you can hack it.
You can't skip steps
lofty marsh
You can't skip steps
can I talk? π₯
heady sage
Let me break it down for you
lofty marsh
π
molten bobcat
Say what you want lol
heady sage
lofty marsh
Aight..
So
I dont wanna do all these step by steps then.. YET...
I want to focus NOW on the exploitation phase
heady sage
https://tenor.com/view/omni-man-breaking-it-down-omni-man-breaking-it-down-let-m...
I have broken it down for you
lofty marsh
So I can UPGRADE this skill of mine
So I can be MORE EFFECTIVE while combining it all
patent lily
I want to focus NOW on the exploitation phase
Recon is how you do what you want you can learn what you need ad hoc
lofty marsh
Am I clearer?
molten bobcat
Exploitation isn't a skill you can practice individually
heady sage
Gng thatβs not how that works, you have to go in order
molten bobcat
You have to do the whole thing step by step or it doesn't count
You can't just pick and choose which part you like from the steps
lofty marsh
You have to do the whole thing step by step or it doesn't count
But what if Im excellent at recon but dont know how to exploit?
Then what? π₯
molten bobcat
I'd be a really shitty hacker if I only scanned things
heady sage
I literally have a cert in ts shit, trust me.
molten bobcat
But what if Im excellent at recon but dont know how to exploit?
Then you study?
Or ask questions?
lofty marsh
Then you study?
Without exploiting and experience? π₯
molten bobcat
Yes?
patent lily
Without exploiting and experience? π₯
How are you gonna get experience and exploit if you dont know what you're hacking
molten bobcat
Other people have walked these halls before you bro. Follow their steps
patent lily
You gotta be trolling
lofty marsh
You gotta be trolling
Dude Im deadass not trolling π
I know recon but when I see shit idk how to exploit them
heady sage
Gng is not gonna get better π
molten bobcat
I know recon but when I see shit idk how to exploit them
Then you've identified what you need to study..
Which is.. exploitation methods..
patent lily
I know recon but when I see shit idk how to exploit them
Yes google it you scan you find "redis" then you google "hack redis pls" and you read everything and then you hack it
lofty marsh
Which is.. exploitation methods..
Where do I learn that tho?
Htb academy?
Need to do labs?
molten bobcat
Yeah
lofty marsh
Both at the same time?
molten bobcat
Academy has this info, you could also just Google it
lofty marsh
Aight thank you π
molten bobcat
No, academy won't teach you how to exactly hack a box
But it will show you what's possible
molten bobcat
It's up to YOU to determine what technique goes where
heady sage
Gng they literally tell you how
molten bobcat
That's okay dude
lofty marsh
That's okay dude
Is it?
heady sage
I think you should do THM first
molten bobcat
Is it? <:sadglas:751888349136027678>
Yee?
lofty marsh
I think you should do THM first
Me? π
heady sage
Yes you
lofty marsh
Thm? π
lofty marsh
Me thm? π
molten bobcat
It's a server for beginners
lofty marsh
The opps? π
molten bobcat
Patience is a virtue
tender sparrow
Hi, can some1 assist me in the info gathering module, i cant set up the enviroment
lofty marsh
Aight I might be a beginner but I have personal beef with thm..
molten bobcat
I'd rather him hash out his issues here than screw up some host somewhere
buoyant wyvern
Hi, can some1 assist me in the info gathering module, i cant set up the envirome...
questions related to modules are asked #modules here
lofty marsh
I'd rather him hash out his issues here than screw up some host somewhere
U think I was about to do unethical shit?
molten bobcat
No
buoyant wyvern
Aight I might be a beginner but I have personal beef with thm..
Do some fundamental modules if you are struggling with tier 2 modules
molten bobcat
You can screw up a host ethically lol
lofty marsh
ahhh
rancid snow
bad pentesters can and hve taken down production devices just like malicious actors
lofty marsh
But yeah whatever the case is I wont be ever touching a foot on thm
patent lily
bad pentesters can and hve taken down production devices just like malicious act...
Not their fault that /admin/reboot.cgi is a thing that exists 
rancid snow
lofty marsh
Go to their server bro you'll understand
rancid snow
Brother I made the meme
lofty marsh
The worst member in htb is a saint compared to thm..
lofty marsh
π
Speaking from experience
Touched a foot for 5 minutes and I had beef with a community contributor
rancid snow
wut
spark mulch
one day peoople will stop asking "how do i hack" multiple times a day and ignore every answer to only ask the same shit the next day
dense turtle
wut
exotic pendant
π
dense turtle
crazy
patent lily
Stinky
austere sigil
microsoft.com stopped working and I find it hilarious
vital aurora
microsoft.com stopped working and I find it hilarious
If it stops working for 15 minutes we all get to go home right?
austere sigil
If it stops working for 15 minutes we all get to go home right?
something like that yeah
dense turtle
Damn, @supple plume your jwt post is perfect for this machine that just came out
sturdy thistle
something like that yeah
Ello sir
errant wyvern
If it stops working for 15 minutes we all get to go home right?
it's now working again i just checked
sturdy thistle
Would you mind pinging @austere sinew in my name?
vital aurora
it's now working again i just checked
Noooo
austere sigil
Would you mind pinging <@705447172581228564> in my name?
No, I will not ping @austere sinew. Who do you think I am?
vital aurora
Nice to meet you!
austere sinew
supple plume
Damn, <@1383455717561733181> your jwt post is perfect for this machine that just...
Thanks I'm glad you liked it
I'm going to make next one about jwt too
If you want a specific one for me to solve and document just suggest in DM and I'll add it to my todo list
silver forge
the web was a mistake 
austere sigil
the web was a mistake <:FeelsBadMan:480473159175372813>
JavaScript made the web awful
silver forge
JavaScript made the web awful
and css
austere sigil
moving titlebars made the web amazing
silver forge
and weebl and bob
neat cipher
The web peaked at badger badger badger
ornate ibex
whats happening?
ornate ibex
I'm not invited
silver forge
party is just a mood, lighten up 
green kite
tomorrow is Friday <@595971365719506977>
Finally. Waited all week for this
ornate ibex
A good weekend is awaiting for ya
austere sigil
I am going to return to my default state during this coming weekend
devout sail
I am going to return to my default state during this coming weekend
Roaming in dark alley,?
austere sigil
Roaming in dark alley,?
slack on the couch, while netflix plays in the background, me consuming takeout, and petting my doggo
devout sail
Better yeah
Best part of working 24/7 shift is you don't have to way for Friday
There's never a weekend 
austere sigil
you work at SOC or?
austere sigil
ooooh I see
devout sail
So i do soc and patch management etc
austere sigil
good stuff
devout sail
Yep got to learn many things
austere sigil
that's priceless
devout sail
Plue get to mess with most of the stuff
ornate ibex
mto, I'll pay you to meet sparkling
austere sigil
OK
ornate ibex
meet him this weekend
devout sail
mto, I'll pay you to meet sparkling
Get your green hat
ornate ibex
I don't have a green hat
devout sail
Your pfp show u have one
austere sigil
nice counter there, tejas
austere sigil
is it because of @untold fiber?
ornate ibex
no, my friends when they mock
austere sigil
fair
ornate ibex
wordplays and stuff are something that I learnt after seeing them used on me
Anyways, it is time that I sleep. Good Night
austere sigil
Nighty sir
devout sail
like this?
Yes, sleepless
devout sail
wordplays and stuff are something that I learnt after seeing them used on me
Still need to learn
You missed one layer on my comment
steel spoke
Anyone know of a way to go back to the old UI for HTB academy? Not liking the recent change.
steel spoke
haha lovely
turbid bloom
Anyone know of a way to go back to the old UI for HTB academy? Not liking the re...
me here tryna complete my 2nd staring point and the telnet aint even connecting to the target machine
maiden anvil
raven rain
i forget, what is the CEH exam like
sharp shuttle
its pretty hard
raven rain
i see
normal drum
I tried THM and man does it seem kinda ass
turbid goblet
Will i get bullied if i go to defcon this year but dont have oscp yet
turbid goblet
Thats not real right
muted olive
'tis
turbid goblet
Lmao im ab to make my company pay for it and just take it just for shits and giggles
muted olive
youre wasting their money
sharp shuttle
Will i get bullied if i go to defcon this year but dont have oscp yet
yeah im going to kiss you
raven rain
that's the first question too
sharp shuttle
be careful
sinful mesa
Well, if you take the 32 bit version and inject shellcode with Shellter... sure!
turbid goblet
Yeah but my company sucks anyways
sharp shuttle
not as much as i suck baby
muted olive
that's the first question too
many horrors lie ahead
raven rain
dude how the heck do i make the nextcloud helm chart use a specific disk for storage oh my god
devout sail
its pretty hard
What's pretty hard, pervert
muted olive
dude how the heck do i make the nextcloud helm chart use a specific disk for sto...
close eyes and concentrate
devout sail
Close your eyes and feel your intestines
eternal widget
Soon
signal mica
tender sparrow
hi, can someone assist me with a task
stone kelp
Looking for a partner to develop something.
stone kelp
hi, can someone assist me with a task
I can.
devout sail
Looking for a partner too
scenic maple
Looking for a partner too
for what purposes 
devout sail
Can I just say it?
scenic maple
no 
devout sail
steel crane
scenic maple
zenith pine
<a:sex:1376343243062644938>
scenic maple
zenith pine
https://tenor.com/view/cat-gif-7005960279487005662
dawn edge
All chat has been images
scenic maple
whats with lithuania
dawn edge
whats with lithuania
I don't know
zenith pine
https://klipy.com/gifs/femboy-lithuania
scenic maple
me neither
frigid mountain
π
scenic maple
yeah
frigid mountain
What a big name
Big name for a big man
scenic maple
Wow. I wanna work with your team
@zenith pine gatekeeps people
zenith pine
<@771394078176837642> gatekeeps people
nuh uh
scenic maple
yuh uh
zenith pine
nuh uh, thats @spare acorn
sharp shuttle
Wow. I wanna work with your team
HASAN PIKER
scenic maple
all jokes aside tho get some activity on profile do some boxes/chall
after that try applying
but as i said he gatekeeps
heady sage
sharp shuttle
spare acorn
dawn edge
HASAN PIKER
How is hi hasan piker
sharp shuttle
How is hi hasan piker
H A S A N P I K E R
scenic maple
whats so funny
dawn edge
H A S A N P I K E R
You have repeated twice. I mean how is he
sharp shuttle
You have repeated twice. I mean how is he
H A S A N P I K E R
dawn edge
I am arounded by stupid ppl
sharp shuttle
I am arounded by stupid ppl
H A S A N P I K E R
dawn edge
all jokes aside tho get some activity on profile do some boxes/chall
after that ...
I will not work with you now. π€£π€£.
dawn edge
H A S A N P I K E R
Yes sir
scenic maple
I will not work with you now. π€£π€£.
as long as you are working you are winning
dawn edge
as long as you are working you are winning
What is your major
rancid snow
Wow. I wanna work with your team
if you got employed by htb before @obtuse fern Id cry
scenic maple
What is your major
wdym
rancid snow
Hasan Piker is the epitome of 'when you agree with someone but absolutely hate them/the way they said it' for me
dawn edge
H A S A N P I ...
I think I am gonna change
rapid badger
Oh oh,brath stuck in a loop again. Reset his context
sharp shuttle
Oh oh,brath stuck in a loop again. Reset his context
Fly Icarus
rapid badger
flap flap flap byeeeee
sharp shuttle
F L Y I C A R U S
dawn edge
because marcielee has been on that dog grind for it for years
You think that is impossible?
spark birch
Wassup everyone! Here i am after a long break
alpine pumice
rancid snow
You think that is impossible?
it was a joke for people who know marcie, youre killing it by making me explain every little bit
rapid badger
obtuse fern
You think that is impossible?
Its a joke bc even with people like G0b that can vouch for me, I get turned down
spark birch
Wassup everyone! Here i am after a long break
I had awful experience with corporate job related to cybersecurity. Now i only will study and do what i want, not what companies want from me
dawn edge
it was a joke for people who know marcie, youre killing it by making me explain ...
Okay. My English is not that good to understand jokes and idioms. So I am facing some problems here
rancid snow
no worries
scenic maple
I had awful experience with corporate job related to cybersecurity. Now i only w...
do you have money
dawn edge
Its a joke bc even with people like G0b that can vouch for me, I get turned down
π€£π€£
spark birch
do you have money
From now prob i will earn money in other areas, not related to cybersecurity, at least for some period. I think it is worth it in order to be able to study and do things that i truly like to do in cybersec. Because experience that i had on probation period killed all my joy and after it i took 1 month off anything related to cybersecurity in order to recover from a burnout
signal mica
zealous charm
heady sage
if claude can do my job then whats the point
signal mica
if claude can do my job then whats the point
Can he do your job without you?
scenic maple
From now prob i will earn money in other areas, not related to cybersecurity, at...
thats what i do too
zealous charm
if sqlmap can exploit sqli whats the point of learning sqli
scenic maple
i dont think cybersec is good if you like money
sharp shuttle
if sqlmap can exploit sqli whats the point of learning sqli
good question homie, you be brewin the big thinks my guy, sheeeeesh bro hell yeah man
scenic maple
if sqlmap can exploit sqli whats the point of learning sqli
some times htb boxes have sqlmap chokers like they return bad requests if they detect sqlmap thats when you need it
or doing wandere pro lab from ippsec he makes sure automated tools dont work
signal mica
good question homie, you be brewin the big thinks my guy, sheeeeesh bro hell yea...
Caught my first tube today man
spark birch
thats what i do too
It is possible to make good money, but id rather spend years tov build s true wealth of knowledge either which i would decide by my own how exactly i will monetise it, rather than rely on internships and junior roles, trying to break into shitty corporate world
zealous charm
or doing wandere pro lab from ippsec he makes sure automated tools dont work
thats when you ask claude to write a custom tamper script and change the user-agent
scenic maple
It is possible to make good money, but id rather spend years tov build s true we...
makes sense i do web work cause its peaceful
cyber too chaotic
and very hard to land any job
if a field has a lot of jobs then theres also lot of remote ones or easy ones
where else cyber you would need lots of things to even set foot in
altho i do agree its worth it if you land a high paying one
rancid snow
why the fuck is the most physically impenetrable piece of electronics Ive ever come across a $3 chinese smart socket from 8 years ago?
scenic maple
but then again a dev role migth pay the same
scenic maple
why the fuck is the most physically impenetrable piece of electronics Ive ever c...
cause china number 1?
rancid snow
Ive torn a part a lot of other chinese electronics
obtuse fern
why the fuck is the most physically impenetrable piece of electronics Ive ever c...
plastic from 8 years ago >>>> plastic today
plastic from the 90s >>>> plastic from today
spark birch
makes sense i do web work cause its peaceful
Before i got official job in cybersec, i managed to work 1 time on a contract, and i REALLY like what i did. I was able to penetrate production DB with 2m user records on one of the largest local service in my region. That was pure dopamine and was interesting as hell. But then i got 9 to 5 job which was boring as f*ck. 95% of my time i was doing paper work and writing documentation, explaining how OWASP TOP 10 works on a paper so they would be able to show this useless paper on ISO 27001 audit in order to pass it. Extremely boring. Iβd rather clean a snow on the street than do smth like that again
sharp shuttle
cause china number 1?
and their girls are cute and smart
and def are not only with you to steal trade secrets
scenic maple
and their girls are cute and smart
barth she is a glowi she gonna leave u as soon as she gets the data
sharp shuttle
beat you to it
scenic maple
true
sharp shuttle
β€οΈ
its okay i still love their silly attempts to steal intel
its cute when you know its happening
scenic maple
Before i got official job in cybersec, i managed to work 1 time on a contract, a...
paper work
scenic maple
its cute when you know its happening
is the secret to life getting a glowie wife and never actually giving the data?
dawn edge
China girls do that?
sharp shuttle
is the secret to life getting a glowie wife and never actually giving the data?
yeah kinda
sharp shuttle
China girls do that?
theyll do anything
spark birch
So i guess i will try contract work in the future. But now i am for sure wanna study things just for me. Things that give me pleasure to study
rancid snow
China girls do that?
its called a honeytrap and its literally the oldest spying move ever invented
dawn edge
is the secret to life getting a glowie wife and never actually giving the data?
Heh but Emotions prevail
spark birch
So i guess i will try contract work in the future. But now i am for sure wanna s...
I plan to hit maldev academy and solve htb machines in parallel
rapid badger
Before i got official job in cybersec, i managed to work 1 time on a contract, a...
Might change your mind after a night shift cleaning snow in -30 weather
scenic maple
its called a honeytrap and its literally the oldest spying move ever invented
you know too much you will now be eliminated
rancid snow
honeytraps was invented at the same time as 'give a guy alcohol until he starts drunk-splaining state secrets'
spark birch
Might change your mind after a night shift cleaning snow in -30 weather
Iβd rather do that than spin on my chair 8 hours straight 
rapid badger
Doubtful
dawn edge
honeytraps was invented at the same time as 'give a guy alcohol until he starts ...
Oh. Honey trap.
dawn edge
you know too much you will now be eliminated
π€£π€£
sturdy thistle
dawn edge
honeytraps was invented at the same time as 'give a guy alcohol until he starts ...
Even if you know it's a trap, you may still fall into it.
Please no links
sturdy thistle
why?
rancid snow
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/formida...
congrats
rancid snow
It is dangerous. π
hes an actual htb employee sharing his released cve discovery
sturdy thistle
It's dangerous if you click the wrong links only
rancid snow
I have a couple things possibly cooking in the oven so to speak but ran out of time last night to test them
sturdy thistle
Nice
rancid snow
most promising one would be unauth sqli on something with a couple million installations
sturdy thistle
I can help if you want
obtuse fern
Even if you know it's a trap, you may still fall into it.
wordfence is a legitimate website, even when you're being cautious you can easily vet websites you find suspicious via a variety of methods. One of them being the tried & true whois lookup; older web domains tend to be more trustworthy (though they can still be socks) and looking up various things regarding the domains
rancid snow
I can help if you want
ill reach out if need be but atm my blocker is just irl time lmao
im still experimenting with some workflow stuff, theres just a couple interesting things that have bubbled up to check but power was flickering last night and it was family bed time
I have a haircut after work and then kiddo really wants to try pho for the first time so ill probably only have a couple hours tonight too
sturdy thistle
Yeah just dm me when needed or wanna talk
rancid snow
almost into this blasted thing
signal mica
almost into this blasted thing
Anger, rage, fury even
severe falcon
Anger, rage, fury even
Hi
supple plume
vibe code micromanagement
devout sail
Lgtm
devout sail
almost into this blasted thing
So u mean literal penetration π
zenith pine
So u mean literal penetration π
certified penetration tester
rancid snow
So u mean literal penetration π
yes lol
rancid snow
smart socket. owner is tossing them because they only work with alexa or google home stuff
signal mica
congrats on guru simon
rancid snow
and havnt sold in forever
now a smart person would probably start by examing whatever mobileapp they want or seeing if theres a firmware download option
devout sail
smart socket. owner is tossing them because they only work with alexa or google ...
I can understand what smart socket is yet i don't know what it could be π
severe falcon
congrats on guru simon
Thanks.
rancid snow
I can understand what smart socket is yet i don't know what it could be π
have dumb lamp -> plug into smart socket. Now you can control dumb lamp with phone/timers
rancid snow
basically a wall plug you can turn off remotely
devout sail
Yep i got it, I was thinking about how you use the smart plug and was thinking solely about it 
He got promoted a few days ago
rancid snow
im really bored at work rn, dunno how much effort ill put into this, but I at least want to extract the board
because its offended me
devout sail
I don't even know the way to extract such stuff π
static bloom
because its offended me
how'd it offend you
devout sail
Eh
rancid snow
normally they come apart pretty easily, this one is like injection molded shut or something bizzare
devout sail
Hehe fair enough
rancid snow
how'd it offend you
by being difficult to open
sharp shuttle
is that the amazon plug mad
rancid snow
not amazon branded but probably sold on amazon a while back
severe falcon
Thank you Brath, learnt a lot about AI/MLs.
signal mica
devout sail
Thank you Brath, learnt a lot about AI/MLs.
Now you can code your own ai?
signal mica
711 is great
severe falcon
Now you can code your own ai?
Not really, I'll be learning more about lowlevel.
I love DFIR and want to progress more into Rev/Pwn.
Of Course, what azomax said.
0x711 or 0xffee is good.
devout sail
0x8008
severe falcon
Best advice: https://malware.forum/viewtopic.php?t=5
"If you want to learn something, just start doing"
Just, Just start.
go to sleep.
Yeah, I know you are new.
I can tell.
discord user from 2016.
yeah sure
yeah, welcome here.
jk, happy learning.
supple plume
is it a static website?
crimson crypt
Almost Friday
supple plume
astro + gh is great
ts my blog
the code
you're welcome to steal it and change some styles it works rendering markdown
hahah
rancid snow
victory is mine!
stone kelp
Hi. help on a captcha solver AI as a service?
I developed everything. Need domain and hosting.
rancid snow
ESP8285 controller it looks like
rapid badger
rancid snow
I developed everything. Need domain and hosting.
namescheap and aws
devout sail
https://echoesofwhoami.github.io/CurlSwiggerLabs/jwt-authentication-bypass-via-w...
Looks good even on phone
Go do HTB academy now
supple plume
Looks good even on phone
great thanks for checking
supple plume
wut
devout sail
Yes you are welcome for me checking it
supple plume
maybe next month
devout sail
Tonight
supple plume
fun thing is I could probably do it tonight if I wanted
supple plume
I am still working on the blog
devout sail
Fair
normal drum
HTB academy is great if you are a student
rose onyx
https://github.com/echoesofwhoami/CurlSwiggerLabs
now do you like astro?
supple plume
now do you like astro?
I always liked astro
rose onyx
I have some stuff that i've been playing around with in mkdocs and hugo
supple plume
I have some stuff that i've been playing around with in mkdocs and hugo
is it public?
rose onyx
none yet, maybe one day when i get the energy to finish one of them π
molten bobcat
Hi. help on a captcha solver AI as a service?
Lol this guy is a scammer
rancid snow
imagine building a captcha ai solver but figuring out domain names and hosting is where you get lost
acoustic cove
what does he sells
molten bobcat
A whole lotta nothin
mortal salmon
Hi all, @obtuse fern may I DM please ?
young glen
π
supple plume
Lol this guy is a scammer
I believe he is just very limited
acoustic cove
why I can't upload image
supple plume
why I can't upload image
bro provide context
acoustic cove
I just wanted to show my windows setup
supple plume
I just wanted to show my windows setup
Oh
supple plume
I just wanted to show my windows setup
You need embed perms on this server to upload an image
rancid snow
neat cipher
I just wanted to show my windows setup
supple plume
@acoustic cove Either this or you get someone to proxy your upload. Falcon if you read this, do not reveal || 
||
acoustic cove
dw I will get cert
spark mulch
my score got too high and caused integer overflow so
molten bobcat
dw I will get cert
We believe in ya
Do your best and don't be afraid to talk to people to figure out things you're stuck with
velvet grail
Hello everyone, I have an annual Silver membership.
I've completed a course.
Do you know how I can retrieve a certificate showing the time spent?
I'm looking for this document to submit manually for my certification renewal.
I downloaded the transcript, but it doesn't mention this information.
turbid goblet
today is a lay in bed day whos with me
rancid snow
Hello everyone, I have an annual Silver membership.
I've completed a course.
Do...
It doesnt have it by default, hope you already had your ID linked for the credits
crimson crypt
stoic flint
I tried many dictionaries, the module is broken. I already contacted support.
rapid badger
severe falcon
mind my change
change mind my please
turbid goblet
ai is great i convinced a discord of 500 people that i was stuck in a waymo trunk
severe falcon
lol
frigid mountain
ai is great i convinced a discord of 500 people that i was stuck in a waymo trun...
balmy basalt
I want to get SDR hardware now.
spark mulch
SDR ver fun
simple gale
Just finished all the Linux boxes LainKusanagi/TJNULL easy list for HTB. Does anyone know of good resources on WIndows Methodology?
frosty jackal
Does HTB have a deal with nord or something? Infuriates me to see them suggest NordVPN over Mullvad.
rancid snow
where are you getting a nordvpn recommendation from?
frosty jackal
in the "getting started" module for offensive in the Setup, in Connecting using VPN unit and I quote
We can use a VPN service such as NordVPN or Private Internet Access and connect to a VPN server in another part of our country or another region of the world to obscure our browsing traffic or disguise our public IP address.
Although they say connecting to HTB VPN in the next section, I find nord to be an awful recommendation as they operate under panama law, subject to then KYC laws
frosty jackal
yeah true, that's what we got dread for i suppose
lime trout
rancid snow
I think its more important to know the concept exists then to take it as good recommendation
its an old module too
rapid badger
Its just a basic example lmao
rancid snow
even if it did say mullvad thered be no way to know if that would age well at the time or not
frosty jackal
Fair point
rancid snow
mullvad is good now, but would you blanket endorse it for the next 4 years?
calm osprey
how do i connect to the htb vpn with linux? i can't find the .ovpn file anywhere
turbid goblet
atleast htb's advice isnt to use thm echo
neat cipher
how do i connect to the htb vpn with linux? i can't find the .ovpn file anywhere
When you reach a point in any module where you need it you'll get to pick your region
frosty jackal
mullvad is good now, but would you blanket endorse it for the next 4 years?
In my personal opinion yes, but I would default to saying to always host your own vpn as well as proxy chaining
rancid snow
In 2 years palantir buys mullvad and your recommendation is ass. Better luck next time π
im jk but you get my point
frosty jackal
Yeah I do, if palantir did ever buy mullvad though I'd be so pissed
fuck peter theil
rancid snow
I think hosting your own vpn entirely depends on what your actual threat model is
calm osprey
When you reach a point in any module where you need it you'll get to pick your r...
ok but like how can i do the exercises on my virtual machine rather than pwnbox?
frosty jackal
I think hosting your own vpn entirely depends on what your actual threat model i...
yeah, all depends on the type of hat you wear, but I generally speak from a privacy advocation standpoint
maiden anvil
ok but like how can i do the exercises on my virtual machine rather than pwnbox?
openvpn the_vpn.file
neat cipher
ok but like how can i do the exercises on my virtual machine rather than pwnbox?
You download the vpn file and run:
sudo openvpn <filename>.ovpn
I'd suggest running it inside your kali/parrot vm
obtuse fern
in excercises that require you to connect to a private target <10.129.x.x> there will be a tab next to the pwnbox one that says "VPN"; you download the vpn from there
molten bobcat
obtuse fern
they actually updated the help article to reflect the UI changes :)
calm osprey
in excercises that require you to connect to a private target <10.129.x.x> there...
ah okay i didnt find the right article with the updated UI thank you
calm osprey
You download the vpn file and run:
sudo openvpn <filename>.ovpn
I'd suggest runn...
thanks!
obtuse fern
"connecting to htb academy vpn" is usually what I google when someone asks me about it
and usually HTB has a help article for it
molten bobcat
I feel like things have been calmer lately
rancid snow
people freaking out are so annoying. The ending message is the exact same message given when part 1 ended.
Freak out when theres no announcement about part 3 instead
obtuse fern
fuck you @molten bobcat β€οΈ (there, no more calm)
rancid snow
the only reason people are upset now instead of when part 1 ended is because part 1 worked as a self contained story and part 2 doesnt
obtuse fern
best opsec vpn is ur iphone hotspot bruh
that's like the worst opsec vpn lol
frosty jackal
best opsec vpn is ur iphone hotspot bruh
Triangulation using cell towers π
rancid snow
you want the blackhat answer?
bulletproof hosting provider that accepts monero, use a tor hidden service to wrap a wireguard connection and use that
frosty jackal
you want the blackhat answer?
bulletproof hosting provider that accepts monero...
kyun.host β€οΈ
rancid snow
that's like the worst opsec vpn lol
I do believe they are making a funni
obtuse fern
hard to tell when people are being genuine or being funny
this is the life of the discord janitor
hoary dawn
π€£
rapid badger
rancid snow
you want the blackhat answer?
bulletproof hosting provider that accepts monero...
and if youre paranoid you only engage from a wifi access point you "control" but dont own
see my added paranoid addendum lul
polar turtle
Hello Iβm new and just wanted to say whatβs up
molten bobcat
Unfortunately the router you've tapped into is under my protection
The logs have been handed to the authorities have a bad day
hoary dawn
can u make ur own vpn with a pi
rancid snow
the REAL blackhat answer is to live in a country that doesn't care and let your infrastructure guy in your team handle it for you
hoary dawn
i got a freaking pi laying around
molten bobcat
You can do anything with a pi it is a computer
hoary dawn
i think thats what imma do with it
molten bobcat
I didnt say what your idea was would be smart
hoary dawn
im gonna put a modem on it
rancid snow
do it and learn something
rapid badger
We made everything too ez for them
molten bobcat
And explain to you that we haven't used modems since the 90s
molten bobcat
He's talking about a modem
rancid snow
the chip in the phone that handels cellular communication is still called a modem
hoary dawn
big opsec
dense ruin
molten bobcat
In networking
rancid snow
...but you're wrong
rancid snow
modem terminology has been extended
rancid snow
it aint the 90s anymore
hoary dawn
thats for routers the router technology been new new thats back when the phone was reliant on the router to run too
rancid snow
You're more than welcome to educate me if I'm wrong
google apple c1x for an example π
molten bobcat
Ahhhhh.
I understand now
Apologies I get it now
We still modulate analog signals
Those signals are not dial tones anymore
They used to be π
rapid badger
hoary dawn
i still am clueless on how i would go about it but i just figured a good private way to have your own vpn would be doing that with the pi
i just still dont know how i would ensure my traffic is encrypted and all that lol
molten bobcat
PI's and other systems have no cooling
On their own
I would be concerned if you try to overwork the thing it would get warm
rancid snow
i just still dont know how i would ensure my traffic is encrypted and all that l...
the vpn part handels that.
Its getting the data out from the pi privately thats a logistical challenge
meager kernel
Morning
dense ruin
unless you run them far beyond their capacity they don't really need cooling
rapid badger
You want a cheap pc for that kinda stuff no?
hoary dawn
i actually did research that
molten bobcat
unless you run them far beyond their capacity they don't really need cooling
See that's what I figured
hoary dawn
because i wanted to use it for a 24/7 around the clock security sytem
molten bobcat
Small enough workload
hoary dawn
it can pretty much take a beating 24/7
molten bobcat
because i wanted to use it for a 24/7 around the clock security sytem
See that's not a small workload
Lmao
hoary dawn
i was managing the storage pretty well, i mean, not saving a lot or anyhting like that
dense ruin
I run one of my pis 24/7
molten bobcat
I'm almost positive hardware firewalls have fans lmao
dense ruin
no issues
molten bobcat
Sure but he's wanting to do something beefy AF with his
dense ruin
i typically use it as a proxmox qdevice + ntp server
dense ruin
nah vpn isn't really all that beefy tbh
hoary dawn
hes talking about my security system but yea vpn would be more hefty than a cctv system
dense ruin
now maybe if he were cracking passwords or something cpu heavy sure
molten bobcat
He said 24/7 security system
hoary dawn
i just had a funky little security system rolling with a wired webcam at my door
hoary dawn
that was the last thing i did with my pi when i researched if it could run 24/7 with no issues witht he software i was running basically
molten bobcat
hes talking about my security system but yea vpn would be more hefty than a cctv...
Other way around
Streaming video takes a lot
dense ruin
security system is likely writing ffmpeg to external disk drive right?
hoary dawn
yea no the storage wouldve died instantly basically
molten bobcat
Not to mention encoding
hoary dawn
i had to basically not save anything not worth saving π
molten bobcat
That the cpu would be handling
exotic pendant
π
meager kernel
Guys
Wanna hear something funny?
The game that didn't work well for me on windows, worked better on linux
And even my controller worked on linux, even though it wasn't on windows
Ironic
molten moat
lol microslope
rancid snow
And even my controller worked on linux, even though it wasn't on windows
my ps5 controller consistently works better in Linux than windows lol
native yew
is there a channel dedicated to asking for help/questions ?
rancid snow
is there a channel dedicated to asking for help/questions ?
depends on the help/questions
lots of channels for lots of different topics
native yew
just a general question abt how the season system works
i solved a machine but still have no solves under my rank
meager kernel
my ps5 controller consistently works better in Linux than windows lol
I use a very old PS2 controller for playing dark souls
Heroic game launcher and Steam are the best inventions for Linux
native yew
i solved "facts" user and system, but still havent upgraded to bronze tier
rancid snow
youre too late
molten bobcat
Dang
exotic pendant
ayo <@387139929492422658>
sup syp
rancid snow
seasonal points are only awarded the week of release
native yew
ohhh
exotic pendant
Frosto's been grinding and got 12 apple bugs
molten bobcat
I use a very old PS2 controller for playing dark souls
How?
native yew
thats why they are categorised by week
hoary dawn
security system is likely writing ffmpeg to external disk drive right?
idk bruh it was out of boredom and idk what i did i used opencv to like read for plugged in cameras and imwrite to save them to file as jpg or mp4
molten bobcat
PlayStation 2 controllers do not use USB
rancid snow
they stay active for things like hacker rank progression, but seasonal is an additional thing on top of that
meager kernel
PlayStation 2 controllers do not use USB
I have a 3rd party one
molten bobcat
I was gonna say, I fixed my own ps2 remote
native yew
they stay active for things like hacker rank progression, but seasonal is an add...
thanks this was very helpful
molten bobcat
Remote? Mean controller
rancid snow
retro gamers are fanatics, theres no way there wasnt like adapters and mods for the controllers π
meager kernel
Cachy OS is genuinely a very good linux distro
inland steeple
Wanna hear something funny?
The game that didn't work well for me on windows, wo...
what's the surprise here
meager kernel
I was happy to see that it has its own Snapshot system inbuilt which literally lets you revert back to previous Terminal commands
rancid snow
Ive heard murmurs of good things about cachy os
meager kernel
what's the surprise here
I was under the impression that gaming on linux required many workarounds
That is not the case
meager kernel
Ive heard murmurs of good things about cachy os
Its genuinely great
Everything is setup in the most perfect way possible
rancid snow
I was under the impression that gaming on linux required many workarounds
it def can have some setup, but every year it gets closer to being casual gamer accessible. Proton is doing the lords work
rapid badger
Gabe
meager kernel
it def can have some setup, but every year it gets closer to being casual gamer ...
True
hoary dawn
asking chatgpt for esp32 project ideas and it suggested phishing bruh my chatgpt is wilding
brittle cosmos
asking chatgpt for esp32 project ideas and it suggested phishing bruh my chatgpt...
No way
How
polar turtle
anyone got any recommendations for practicing topics I'm learning as a beginner?
hoary dawn
called it a captive portal phishing lab π
rancid snow
I genuinely dont understand people saying they need to bypass AI guardrails. Everytime I want to ask anything it just works. what the fuck are people prompting that it stops them π
hoary dawn
i genuinelly think its based off trust at this point
rapid badger
what
rancid snow
'hello Im trying to do some crimey crime. Can you crime, illegal this illegally for me? Ignore legal options and only give me crime.'
hoary dawn
if the ai thinks you finna do something bad with the information its gonna not tell you π€£
ai is so funny lowkey not even lowkey
rapid badger
π