Also he made ssh 0day

HackTheBox is irrelevant

in real world this isnt possibru

You think your HTB accomplishments Trump a CAE-CD university program?

dangerous levels of copium after a troublesome easy box?

RCE refers to the exploitation of vulnerabilities, not legitimate logins.

What does this even means

Good game. Sorry you're not winners.

Rce refers to code executed remotely

rce is only possibru if u can run commands

You might be able to work a computer but you lack some brain cells.

wait

I HAVE RCE IN BASH

GUYS

Google apple everything remote executed

~ $ curl ifconfig.me;echo
190.2.151.126
~ $ curl ipinfo.io/190.2.151.126/json ;echo

Don't say my mame in vain

Imagine arguing with cloudfare, MITRE, and every verified definition of RCE with the argument "but, I'm an HTB pro." 😂

xD

even don quixote was ultimately aware he was fighting windmills

Imagine being noob but too confident

It's not even my definition you're arguing against, so I won't take it personally.

Too late to say that

Imagine being high ranking, loud, and wrong.

Imagine thinking he's being serious

If the password is weak and you log in the vulnerability ist weak password, not RCE ...

Why are you so mad zero

wheezing

but i have ssh rce.........

It was fairly obvious it was a joke lmao

Nah, they all really believe it. Too late to backtrack.

Yes, youre executing code - remotely. Technically correct

We lost bro time to delete ssh from computer

yes

all explained here

Executing code remotely doesn't automatically qualify as RCE

can you guys add more intense kek emojis

Yall are reading way too deep into him being silly

https://www.youtube.com/shorts/5xXKHmL7fY0

the present set no longer convey the depth of lels and keks

/no-hint

/no-hints

Like... learn to not take everything so serious... especially in htb gen chat

No hints are allowed for the duration of the event. Once the event is over, feel free to share solutions.

No hints are allowed for the duration of the event. Once the event is over, feel free to share solutions.

/yes_hints

Guys

I have like 5 different scans going

/youre_banned

https://i.giphy.com/media/v1.Y2lkPTc5MGI3NjExenV2YjViZXB0YnByYjFwcm5hNWF4bDJydXM4d3RhM2RicWNodG01ZyZlcD12MV9pbnRlcm5hbF9naWZfYnlfaWQmY3Q9Zw/bk6oTfobJuSuIVm4Il/giphy.gif

Feel like a fricking hacker

/please-no-i-am-scared

/i-have-very-high-rank

/in_your_walls

/

/xD

Marci duel him in htb battlgrounds

are we cooked with claude mythos?

@terse dirge

battlegrounds is no longer

yes its so fkn over

/ban—me—harder

hackthebox calls me a noob

Evening all 👋

but i know htb uses laravel 😉

Oh no our secret is out!!!

hahahahahahaha

/cant_ban_staff_rigged

i saw it on the 500 error page, which is typically laravel

Ew PHP

No hints are allowed for the duration of the event. Once the event is over, feel free to share solutions.

No hints are allowed for the duration of the event. Once the event is over, feel free to share solutions.

/yes_hints

Bro

Hi

kick hackster

dm is not allowed

Nooooo hahah

Please don't remind me

It's fun to remember now

Can someone hide their activity and started reports on GitHub from me ?

@eternal mango do you have any suggestions for what to host in homelab

When is my machine going to be accepted

besides Home Assistant

100 years from now

dont tell me its a medium linux

it's an arch linux

shit

Unfortunately yes

god DAMNIT

~ $ curl ifconfig.me;echo
146.70.246.138
~ $ curl ipinfo.io/146.70.246.138/json ;echo

But at least is something different than what's out there

Pasta is done. It's a bit al dente

i always get hard skill issued on medium linux machines

ive done plenty hard ones that were easier

Nom nom

Uhhhhm, really depends on what you want to do, but a large RAID vault for backing up shit would be my first port of call if you don't have a NAS or something already

Honeypots are fun..

i don't have the money to afford a RAID setup..

If you do software, the only cost is the disks

best i can do is two 4 tb drives

<i>test</i>

this is alot

and those are already being used for something else

test

but not something you'd want to virtualize, unless the virtualization is itself fault tolerant

how..

hmm

<b>test</b>

is it worth to set up wazuh

Suppose technically you could have the VM image etc held under the raid partition the controller itself is managing lol

But that sounds messy

..and probably stupid

yea..

The con troller would need to be running to access the VM etc so yeah, stupid

test

I'm sure it's possible though if you create physical partitions for the controller to manage

how..

Hackers

but still stupid easily 🤣

at some point i want to get some 10 inch wide NAS and set up RAID on it

<u>test</u>

Unless you backed up the base image, and had snapshots backed up to the RAID every so often or something

The UGreen NAS are pretty nice for an easy to setup solution, but not the cheapest (£299 for a two bay)

test

You could achieve the same with some cheap NUC and some USB3 drive bays

i give u 10dollars if u tell me how

i did not think of USB drive bays

-# test

how comparable are they to SATA

USB3 is still 5gbs, if possible you could get one with Thunderbolt for speed

<h1>test</h1>

but for large transfers 5gbps would be a bottleneck for certain

use markdown

markdown

markdowntestmarkdown

USB4 goes up to 40gbps which would be fine

Do you know what markdown is?

no

test

..but for SATA 5gbps would be enough probably

#test

#b test

This is good entertainment

u have to add a space after the hashtag

i see

test

test

#B test

##B test

https://tenor.com/view/cat-zone-of-zone-out-cat-cat-zoned-out-zoned-out-cat-gif-4284444198360174529

-# test

..and you honestly want actual platter drives for NAS anyway, as NVMs are more likely to fail over long term use with high read/write, so unless you plan on dropping your NAS..

-#b test

-#B test

-# pistola

USB? For RAID? Why even bother with RAId if it's an external driver over USB? Sounds overkill and not helpfull tbh

yea i want HDDs

I've been meaning to setup a NAS for so long

they hold the most storage anyway

Cost, read the rest. Is it ideal? No.. is it an option? Yes

what is markdown

and how to <b> here

You could also go LTO for backups

If you get enough for one of those ugreen ones, they are super simple to use

*****
message was auto censored by discord

wow, you're so cool.

I didn't know ugreen made NAS arrays until a few days ago. How do they compare to QNAP or Synology?

for some reason my spotify isn't working with discord

nvm

*****
yes

Honestly I couldn't say, I've used neither, but I've had zero issues with my one

-RCE=SSH

xD

-RCE=SSL

https://tenor.com/view/ah-shit-here-we-go-again-ah-shit-cj-gta-gta-san-andreas-gif-13933485

-RCE=JINJA2SSTI

https://tenor.com/view/clapperboard-director-cut-gif-2341905417962692598

RCE is determined by unauthorized access. A legitimate, authorized SSH login isn't an RCE. If you reported an authorized SSH login as an RCE to SOC, they would laugh at you.

he's back

time2go4 M3

1T'5 12:30am h3r3

C14000

https://tenor.com/bZAS6.gif

Imagine being so wrong, you have to fight on discord about it 3 times in one day

RCE is determined by code being executed remotely. The distance or code executed can variate depending on kilometers or Javascript

This is why people have become skeptical of hiring HTB "experts."

xD

how can i apply for htb

hi guys i am done work but i am not finished ruining my day. anyone wanna fight in gen chat with me

https://www.hackthebox.com/join-us

i know how to sql

But remote sql?

wtf did u just say to me?

yes i can do via terminal

who is that in your profile pic

and also i can see if a website has /robots.txt

Remote sql execution?

guts from berserk

not really.. its people who flag paste

to get top 100

i think guts from berserk is lame and dumb

oh my god

You're a moron. It's not just about using remote code.

imagine not thinking executing code remotely is not remote code execution

lmfaooo

i forgot the command but maybe i can try sql with curl

This will never stop being funny. Bro is going to have to look back on this memory in a few years and cringe.

You're a remote. It's not just about moron code.

dude is in the corner taking swigs of gatorade between arguments lol

to think, all this started because a high-rank person posted a funny image about ssh and executing code remotely

rce is the same as ssh and ssh is the same as rce

Exactly, XSS is RCE the code is remotely executed

froj was even trying to be helpful lol

@glad crystal this is top 10 bounty hunters global he knows rce

By all technicalities: you're executing code on a remote machine

i can control my remote controle remote

Zinga tell him ssh is rce

mfw XSS is technically RCE (the code is executed remotely on the victim's browser)

@glad crystal now this is a htb expert you can rely on

Imagine equivocating just to sound smart.

xross site scripkiddieng

it would be really funny if I came in here, put it on 1 minute slow mode, then left

.

imagine trying to use big words to sound smart

There's a difference between using "remote code execution" in a general manner and security terminology. Your discord profile tells me all I need to know about you.

congrats you found the joke

LOL

All you need to know is rce

like

remember i have rce in ssh and bash

They were never joking. You weren't even here for the conversation this morning.

buddy

YOU'RE NOT REAL MARCIE

i can talk with myself in terminal with nc command

You dont exist

who has rce in their bio

Youre a discord bot

who we clowning on

Imagine jumping into a conversation you weren't initially part of to defend people's honor.

it can be a serious thing and a joke; as in it seriously is RCE (you're executing commands remotely); but it's not RCE as in the security terminology

can anyone please give me good source for costom dorking for blind xss like lostsec has created (shown in yt vid but can't access it)

two things can be true, words don't just have binary definitions

if we had a source it wouldnt be custom dorking by definition

how would you even find blind xss by google dorking

like for instance if there was a server running vnc instead of RDP but you said you rdped into it, the point still comes across

If you didn't born when the conversation started either defend third party honor or leave with the tail between the legs admitting ssh = rce

script alert(1)

ok just give me good google dorking sources plz

rce

skids need to stop watching security youtubers, theyre all either entertainment or scams

Tell this to rat, whoami, and all the other clowns that legitimately sat and tried to insult my intelligence in a serious manner because they can't grasp this. You're defending them when you weren't even here for the conversation at 7 AM this morning.

ecr

brother you're the one that was insulting them

it's 12:43 am dude please..

when you change a channel on a television isnt that technically RCE

they have every right to throw the proverbial clown pie back in your face

apash just leaked he is from europe

Imo a second drive would be better suited as a proper backup instead of a RAID array. As far as I know USB drives aren't recommended to be used in an array because they could randomly disconnect and kinda defeat the redundancy purpose. And the redundancy probably doesn't really matter anyway in such a homelab setup (except if it is just for the sake of learning the concept)

Remote clock execution

Well, I only have one question for you. What is a woman?

I mean Ive known rat and whoami a lot longer than Ive known you. Ive seen them demonstrate their understanding of the field and their thought processes. Im def more likely to side with them just because I trust their intelligence

Everything is getting remote af at this point

Let me know and I'll take you seriously.

buddy, we're not gonna do transphobia today

😭

Ban incoming

Boo hoo

ridiculous clownworld escapades

bro

that's not how that works at all

never a bad time to come to general

https://tenor.com/view/cat-stairs-fall-down-stairs-explosion-explode-gif-16415651593764552095

Peak

You clearly lack any intelligence to have an actual conversation because you're labeling a dictionary definition "transphobic." Case closed.

Case closed ✅

I totally agree, no arguments here 🙂

Brath knock some sense into the back of his head hammering ssh = rce explain and make him remember

This discord server is a joke.

you do realize there's multiple definitions of the word yeah? not just one that agrees with your narrow minded view of the world?

we still have RCE in ssh and bash 😎

not you

there's also multiple dictionaries

id rather not get involved on this specific topic

Whatever you tell yourself to sleep at night.

xD

you know what fuck it

staff can shout at me about it later

Yeah, do it.

Then why did you boost it with nitro?

Son

Yeah, probably time for the ban lol

He's a server booster, paying for VIP+

😂

attack

don't worry i won't yell at you

Do me the favor because I already cant stand you dumb asses.

lol

i will add you and send you my SSH rce

don't worry

i'll never forget you

zerotrust, take a deep breath and lets talk about something else

Banned or left?

this is my favorite day

banned ig

lmao why did he take the hard way

he was fun

https://tenor.com/view/ban-lizard-lizard-button-gif-13618251668441936063

i enjoy the chaos
i don't think I had a stake either way

typical GRC

i was thinking about ragebait but he was real 😭

real bozo

thats 2 bans i witnessed

bet everytime he sees RCE in the future he'll be overcome with rage

he's gonna get a flashback

like, i'm not high in thinking that you were mostly just fucking around, even with the technicality that you have remote code execution

like... it was pretty fuckin obvious

buddy got shipped to /dev/null

It was all obviously a joke..

there is only one answer to this question

https://tenor.com/view/dracula-castlevania-sot-n-man-secrets-gif-20938855

rm -rf zerotrustwraith

Apart from the last bits (from them)

bro was a server booster too

tragic

https://klipy.com/gifs/hardpretzel-spongebob

I mean, he's gotten in fights with half the server, and staff already

we lost server funding

no more server tag

LMAO

a metaphor for htb general

the hills are always exciting

Like, this was just a matter of time lol

yes but he was a server booster

and?

who will fund the server now?

hopefully the goy learns to focus his knowledge and his efforts more judiciously in the future

@supple plume needs to buy double the boosts to make up for it

Be the change you want to see

it was 100% trolling, like an old troll from a few months ago, someone pinged me and this guy legit made me laugh, i thought it was ragebait at first but when i realized he was dead serious i just lost it and told him i had an ssh rce... i mean yeah, he's technically right, it's not a security related RCE, but he was saying it in such a serious way i couldnrt not send him my famous ssh rce..

just tell the server boosters to not talk or have any opinions

conserve

I just boosted twice, the lights will stay on, phew

i sent him a friend request but he didnt accept it

I'll buy some remote cubes when my machine gets accepted

nearly collapsed a lung when you doubled down

was gonna show him this

ahahhahahaah

my cubes are locally sourced

close one we would've had to host our staff in the street

anyway

Free range?

Grass fed

<command>whoami</command>
root

my qberts lay cubes

qbert is a real one

I pinged I remember everything

yesterday he fought me on something despite agreeing with me

I can spawn any stupid comment from months ago

Yeah, I tried to warn you lol

domain: Dumb ass shit

remove access trojan

.

34 btw

but how will the paypal guys give me my money

rat access trojan 🐀

HOLY SHIT I FORGOT THIS

I didnt

via crypto

It lives in my head rent free

you know what's funny

dude seemed chill for like 12 seconds and then he just kept fighting people lol

it's probably not even a contender for one of the dumbest things i've said

true

because some ppl dont care about discord

What's that thing

My first experience with him was him insisting that kali was a stable distro.

idk man i say about a dozen dumb things a day

So he must be from the alternate good universe where that is true

mine was him clowning on someone who was behaving even dumber

¯_(ツ)_/¯

Kali... stable? huh???

debian is based on kali

i identified him as abrasive and opinionated, but i like that type of person. i just think its important to self regulate and wear the right mask among whatever ilk you are hanging out with. Very dumb hills to die on.

It's like one of the MOST notorious distros to break on update

This chat is 6 years old I tried scrolling all the way up but it would be super time consuming trying to find the stupidest thing

its okay hes been studying cybersecurity for 7 years and is the top 5% of the industry

he was struggling on this:

Cap provided a chance to exploit two simple yet interesting capabilities. First, there’s a website with an insecure direct object reference (IDOR) vulnerability, where the site will collect a PCAP for me, but I can also access other user’s PCAPs, to include one from the user of the box with their FTP credentials, which also provides SSH access as that user. With a shell, I’ll find that in order for the site to collect pcaps, it needs some privileges, which are provided via Linux capabilities, including one that I’ll abuse to get a shell as root.

im dead bro lmaoo

i like his picture of himself with the hood and knife

7 years?

i felt scared

I agree. he could have been a person to get on good terms with but it just wasnt meant to be

imagine getting triggered though because someone's bio says "they/them"

Bro said it was insulting to suggest he do academy instead of boxes even though he was struggling on starting point while using a writeup

no shot

It's Debian repo ist also called "kali-rolling" lmao ...

what part was he struggling with lol? that sounds like a near step by step guide

the whole box

with no writeup most people can prob do that box in maybe 30 mins

if you are 7 years deep in cyber sec that like 5 - 10 mins

I do get that SOME of the boxes are so old that you just breathe in their direction they break, or you gotta summon greg from IT to install an old version of a tool that works

I think that the starting-point boxes could use a bit of a tuneup (not like a full update, but bring them more in-line with modern tools)

oh last night?

i only cried twice on starting point

yeah he had the ssh priv key and didnt know to use it for privesc

my biggest thing is people using that smbclient \\\\ip\\share

breh

thats what this was all about

like just use impacket-smbclient user@ip

I aint gunna fault anyone whos struggling on a box but you do have to be humble about it if you are

are you kidding

ive taught friends who have cried many times on starting point

no

jesus christo

i mean, that's classic syntax

but lots of people use that tool instead of impacket's smbclient

they prefer the other one

smbclient also accepts // instead of \\\\

TIL but i will use that going forawrd o7

Well, his struggle directly preceded him arguing with froj and saying that froj should be fired

he was absolutely rabid about the multiple interpretations of RCE

lmao

fuckin

lmao

i need to go through a full course on impacket some day

how else can RCE be interpreted? it is in the OWASP

its globally defined

...u wot bruv

arguing with froj is a key indicator in stupidity, because froj is always right

#general message

just use impacket as you go, you will memorize the syntax, and its great because every impacket tool uses the same domain/user:password@target syntax (obv)

I got receipts

this is true

wow he was calling jord stupid

yikes as the redditors say

lmfao

RCE certification

he is the rce genius

i think jord has taught me more than anybody ive ever met in cybersecurity

shit did you just hack discord?

You guys forced my hand type shi

its possible

maybe just maybe he was thinking CWE

its just rce though

similar to how you would get rce via ssh

ssh confirmed

No... Keep reading lol

They tried to explain

i'd prefer not to, in fact, i don't know how to read, i'm just typing off vibes

Legend

Missdris

no one will beat out seadris's legendary coin status though

o7

I never knew seadris

Anyone still in touch?

i talk to him monthly

hes fine

Cannot believe I did that 🤣

i used to just spam ping him in different servers with some people

Awesome

he's one of those people who leaves htb server for a few months comes back leaves again

zero showed me that my r*tardmaxxing strat needs work

idk why people do that

i requested this image to be made into a sticker, this was my contribution to the server

heroes journey

https://tenor.com/view/we-dont-do-that-here-black-panther-tchalla-bruce-gif-16558003

leave and come back better

thats been my whole... ethic

i mean... no no i won't be toxic

im also a subscriber to the rwordmaxxing lifestyle

only approach to modernity that works

You can have a little toxic, as a treat

hello chatters

hello dumbass

sup just talking about you

i mean clearly it was his area of expertise

you dont know shit jord you think RCE means Remote Code Execution

dumbass

ffs

froj we were just talking about you

wonderful

Hey froj

you missed the ban

https://tenor.com/view/scout-gif-25786536

that frog guy

thinks hes special

(he is)

but

the audacity

https://tenor.com/view/jo-jos-bizarre-adventure-frog-fist-gif-11650164

oh he got banned

the arch guy?

Yeah. It was fun

based

i still dont quite know why

but i was reading you trying to help him last night

and he was combative

sorry froj we know he was ur friend

Was still going at it

was funny befoe sleepy

i was gonna say, is black arch even good?

i feel like kali or even parrot is enough

no?

as in not good

not as stable as kali

black arch when white arch enters the room

white arch when arch enters the room

minimal os w/bloat

Some people when the dunnin kruger kicks in they get railed up when confronted with anything even if it's stupid af

arch when mcdonalds enters the room

Cold temperature level iq type shi

it was a little fun when I played with it, but I wouldnt go back to it

https://tenor.com/view/debian-penguinbyte-arch-linux-winner-gif-15851855656801001960

reminds me of when i tried out debian 2 years ago instead of kali

took me only a day to switch back

i cant imagine having the low knowledge low self awareness combo
i'd just gravity myself from a cliff

~ $ whoami
whoareyou

you guys hack with os's? lmfao.. i only need systemd

Echoes

the best part of blackarch is just stealing the repo to install tools easier if youre doing your own arch setup

kali + i3 + pimpmykali 👑

xD

Remote?

you use systemd? i dont even hack

no, i do not need the osi stack, just straight bare metal. i use dip switches for my binary input

https://tenor.com/view/rush-hour-you-and-me-me-and-you-yu-mee-gif-6521388707144075848

~ $ whoami
idontknow

https://tenor.com/view/prehistoric-prehistorical-historic-historical-old-gif-8298093508311983078

You need to pipe it to echo

cat echoesofwhoami | grep balls

xD

Bare metal cloud specialist

TIL how older rotary phones worked, and that you could dial using the hangup latch

thats a good idea holy shit

~ $ echoesofwhoami
echoesofwhoami: command not found

that brings me from binary to decinary

sudo apt install echoesofwhoami

elliot mrrobot enters the cafe holding an analogue phone, you know you fucked up

I use pacman

The best distro ist the one you learn to customize to your liking 😌 change my mind

If you can get past the fact it's Mitnick, Ghost in the Wires is a good listen / read

i use macOS

I think it's just a case of environment tbh

might be unsafe, might want to use snap instead

xD

There is a bunch of variables

Has anyone see mythos doing ROP chains on FreeBSD? Is offensive security over?? lmao

For a uni student they're pretty well educated

https://movies.stackexchange.com/questions/39394/why-do-people-repeatedly-hit-the-phone-hook-switch-when-disconnected

have you seen the freebsd exploit mitigations though?

I only have seen smoke

it's really phreaking cool

It was only DEP right?

Goes into phreaking nicely

Hahah

i did:
echo "alias sai="sudo apt install" >> .bashrc

now i can sudo apt install everything by just typing sai

theoretical knowledge != practical knowledge

yeah p much

opkg snap conda apt install seclists

but also a case of their environment being students

theoritically i have a degree in physics

most of them likely dont give a shit, so someone like that is likely higher up in their class

etc. etc.

who knows, either way dont dump on them too hard ¯_(ツ)_/¯

I have an upgrade alias that runs apt update&upgrade as well as flatpak updates

ssh is theoretically a RCE if you think about it

nice

Yo wtf are you saying

Ssh is not rce

also autoremove and clean ?

my student:teacher relationship with jord is sassy senpai

no autoremove can be dangerous

my teacher:student relationship with brath

https://tenor.com/view/stewie-repetition-gif-25159664

owhh

jesus lolol

oh wait i forgot that gif gets very nsfw

was that george droid?

started as friendly ribbing and they escalated from what I saw
if you prick us do we not bleed, if you poison us do we not die? and if you troll us shall we not seethe?

Guys, I want to see my modem's traffic from my Mac with Wireshark. Will any Ethernet adapter work for that?

ive had autoremove accidentally remove shit I was using because it was installed as a dependency for something when I did in fact also need it on its own

Read about the phreaking scene, blue/red/black boxes Brath? Equally cool to learn about how they worked

nah it was a based open source greybeard

yes better manually

all i saw was systemd and HP lovecrafts cat name

yes

if you prick us do we not bleed, if you poison us do we not die? and if you troll us shall we not seethe?

https://klipy.com/gifs/fire-writing-2

Thanks

parody of a wiser man than I

i also got alias for uptime -p

what is it

I remember the terms being mentioned when I was learning as a kid, but was way too late for that

upptime

this is unironically badass

upt

dope af

the wire hilt

omg im in love

I thought you can only get these weapons in cyberpunk

thats some ork shit

RAM - randomly accessing musculature

i would put rainbow leds on it so when you go for the juggular you get a light show in the open mouth of the victim

😮

holy based

brilliant

Oh god damn, Marcie..

..Those messages were all meant for you

Somehow I thought Brath sent the message about rotary phones 🤣 They did not.

I’m almost ready to be active again on HTB i probably shouldn’t have taken such a long break in the beginning of my education im gonna have to refresh the hell outta myself lol

i was only suggesting to use a rotary phone for hacking

instead of a terminal

I know

I just read back and saw you didn't make the post I was replying to

oh yeah

The path is never a straight line

time to play warcraft 3

I’m gonna play some Xbox for a little yall I just booted up watch dogs 2 and I put it on realistic difficulty so let’s see what’s different with it

decimal = 0-9
hexadecimal = 0-9 + A-F

for me, it's crusader kings 3

<-- Diablo II

its okay, Ive taken a 10 year hiatus in my learning journey before.

also take notes 😉

im just waiting for someone to actually list a good game

yawn

Yea well it was for good reason I cleaned my setup and made it much more HTB friendly lol like I was saying yesterday or the day before I put parrot os security edition on one of my systems

Move on to PoE!

not a fan of paradox games?

I got PoE

But nostalgia!

And modding

im just having fun, fishin for a reaction

power over ethernet

im but a humble phisherman

All the mods just make it more like poe lol

Like median

I never enjoyed median

I like Brother Laz

I played his older mods

Demon Trip

Frojs teaching style is pulling out Microsoft paint

we all agree that the best game ever made is hit 2024 game, chained together

Speaking of Ethernet my setup now has Ethernet capabilities as well ayyyy I should go plug it up

fine I'll play a good game like overwatch 2 instead

My wifi slow as heck by the water

all the girls in that game look like the same person, like league, thats how you know its good

if ur trying to edate just play valorant

degenerate behavior

and you can see the character model's accentuated and evocative breathing so you know the gameplay will be top notch

i would never date a valorant player, and you know damn well why

☠️

"you play val?"

valorant sage mains are perfect wife material if you're planning on getting stabbed in your sleep

my little sister is a competitive valorant player

it could be worse

edating on vrchat

bless her soul

whos a good boy? kami is, yes thats right

heres my venmo

she was also running a hacked animal crossing twitch stream where people could pay to come to one of her 12 islands to get whatever item/money they wanted

now that i support fully

thats good busines

made a couple grand from it before nintendo locked shit down more

i remember helping my wife out by spending an entire weekend doing the...

garlic?

whatever the stock exchange is

and making her filthy rich

turnips

oh right

I can hack

prove it

you can hack? okay. what does coercer do

coercer coerces

coerce deez

ntlmv2 or http auth

it uses like named pipes and shit

https://tenor.com/view/jjk-jujutsu-kaisen-culling-game-hiromi-higuruma-judgement-gif-12649044637606500077

coercer? i barely know her

surprised they didnt sent their kill squad for that

coercer when linked up with responder

https://klipy.com/gifs/orgasm-cumming-1

responder? I barely know her!

mitm6 when linked up with ntlm relayx

theyd have to find her first

think hell play killzone with me?

she has better opsec than I do

https://klipy.com/gifs/tight-fit-1

🥺 👉 👈

quick, which categories does this fall under

what part?

this is pentesting

yea

https://tenor.com/fbCRY510WY4.gif

Oh so this is pentesting?

quintessentially bri ish

Had to use /gif because the default Discord GIF search doesn't keep the good stuff

penetration testing, not pentesting

yes, looks like an exposed pipe being targeted and penned for RCE

oh is that the cheat code? i am always dissapointed with the discord gif filtered stuff

So is not remote

sick til

/gif

Ive been bamboozled

https://tenor.com/view/machoman-flex-hamster-elbow-silly-gif-5245945

https://tenor.com/view/ithinkyoushouldleave-betrayal-betrayed-levels-noonehaseverseen-gif-22155357

Yo

yoo

I put parrot on a Pi today because I can't use VMs anymore, nice and simple

my privesc is so poopy man

...cant use vms anymore?

im noticing a criminal amount of youtube videos written by AI
the "it's not X, it's Y." and the other short form rhetorical devices are exhausting and unnatural to sit through

I remember when youtube was actually a legimate source for learning things

same

in respect to my whole PC being borked

There are still good channels for it but they try really hard to bombard you with nonsense

Unbork

after linpeas kernel exploits internal ports pspy64 and internal network interfaces im done

I've tried

is kernel exploits very common?

90% of privesc on boxes is just getting used to whats default normal stuff and what was added

I got introduced to HTB when I found xct's channel and thought the dude was a wizard

i ran linpeas but linpeas didnt flag it so i missed it until i copy and pasted the results into claude lol

linpeas should say like more probable

it didnt say anything about it

wait is my linpeas out of date or someshit

fk

Linpeas is more likely to give you false positives than actual issues

linpeas is good but itpl throw out a bunch of extra shit because its a maybe and itll look just as important as the actual super obvious path forward

I was using linpeas today and, it's probably skill issue on my part, but none of the "95% PE" flags seemed useful

if im running linpeas its because Im really struggling and scrolling is a good passtime to think about the issue but never actually gets me the answer itself

yeah idk ig im just not comfortable yet of what is normal vs what isnt

how many boxes i gotta do to get to that poitn

im 41 boxes down rn

https://tenor.com/view/200000-units-are-ready-million-more-well-on-the-way-gif-15836182220374518965

A customer is angry with me

so never

damn

They experienced an incident more than 7 days ago and their logs on their firewall only retain for 7

imma be real, I would figure youd get the vibe after 41 boxes

And now they're mad the logs are gone by the time they were ready to work on the issue

rip

sounds like a policy issue for log retention

$$$

i was still ass after 200 boxes

am*

Sounds like a successful test of log retention policy

yes but literally not c1oud's job lol

If there is a policy...

🤣

unlucky

Sucks they think that it's your fault if they dragged their heels..

if it makes you feel better privesc in the real world is usually either 1. completely unnecessary or 2. completely trivial

I think one of the biggest mistakes in HTB box guidelines is requiring a priv esc path to root

we get hounded over cost for 6 months log retention, and then have an incident that goes back 2 years, and it takes forever to pull anything out fo cold storage (and costs)

The email thread has them saying "I need to push this to next Wednesday" so the nails have been put in the coffin

it warps thinking and creates a ctf style mindset that had poor translation to real world adversaries

"we're disappointed in you."

Okay?

Bro I don't care

My job is to stop attackers

https://tenor.com/view/bart-simpson-the-simpsons-at-least-you-tried-fail-failure-gif-7859548

I don't give a fuck if you are retained as a client

orgs will do anything to shift blame

It's not my job!

Yeaaah.. that decision maker needs to be more aware of retention policies when dealing with incidents that are time sensitive..

Oh I informed them multiple days ago lmao

RIP

Same email thread

These people are dense as fucking osmium its marvelous

feature, not bug

are these the same people that kept asking for further and further back info for something

Yes lmao

lmao

THE VERY SAME

the irony

People will scramble and scrape

To blame everyone but themselves

When things go badge

https://tenor.com/view/michael-jackson-comendo-picoca-gif-9669437860846841235

meanwhile their adversary is like:

thats it, keep fighting each other

There's just no logs to examine

they seem like the kind of org who would only log denied logs anyway

Logging? What's that?