Resources on my website have been updated thoroughly, all VM links are now correct and I added a link to my SARCON talk: https://www.darkstar7471.com/resources.html
#resources
ebon valve
narrow hinge
thought i would share :https://www.hotukdeals.com/deals/certified-network-security-specialist-certified-by-network-security-cyber-defence-cnss-worth-500-expires-3152020-3463076
crimson thunder
^ is that any good?
gritty barn
It's a nice course @crimson thunder .I've personally done it
Haven't taken the exam though
honest dock
barren vault
https://unc0ver.dev/ -- iPhone 13.5 jailbreak & below is released
Also, in reference to what @honest dock said. I always send people to https://regexone.com/ to learn basic Regex. It's a great interactive & simple website.
honest dock
^^
white pivot
barren vault
https://aem1k.com/aurebesh.js/#_ -- Bypass Sanitation
shut ferry
im keeping that
ancient cypress
^
barren vault
wth is this?
spiral zodiac
?
barren vault
on my stream
ebon valve
odd quest
@shut ferry Kinda sketch to me
night holly
@shut ferry Kinda sketch to me
@odd quest definitely “full access to every course and practice exam”
shut ferry
I don't know, i've just reposted it
It claims the possibility to win a lifetime access of stuff
But then again, what do i know, i'm watching the gladiator
shut ferry
Yeah man, not a great idea. Some are legit but for the most part it's just a scam to get their products more known
Mmh, good to know then
arctic mist
shell hound
@narrow hinge Thanks for that! I'm curious if anyone else has taken the ICSI "Certified Network Security Specialist" course and could give feedback on it?
haughty dirge
I have started today and completed the first module it is mostly text based and a few short videos, there are hands on activities too, so far the course is alright @shell hound
shell hound
Awesome. I just enrolled, so I'll start it in the next few days. We'll see how it goes and if I want to take the exam or not
shut ferry
@narrow hinge Thanks for that! I'm curious if anyone else has taken the ICSI "Certified Network Security Specialist" course and could give feedback on it?
@The.Moodle#2136 just waste of time to me. Only boring theory. They don’t even included enough screen shot as well as video. They are just selling certificates and marketing their product (not education)
white pivot
https://github.com/D4mianWayne/roppy
Beta version but ready to use, documentation will be fully updated by tomorrow :)
ancient cypress
"the way of the console cowboy" https://www.youtube.com/watch?v=Lqehvpe_djs
odd quest
white pivot
Documentation is completed.
feral hawk
SQL tutorials needed
odd quest
@feral hawk sololearn
feral hawk
@odd quest haha Need fr 🥴
odd quest
@feral hawk huh?
Seriously. Sololearn has SQL tutorials
I recommend them.
They are free.
There's an app too.
feral hawk
@odd quest Thank you fr! Looking into it now
crimson thunder
@feral hawk https://igs.sqlzoo.net/wiki/SQL_Tutorial has some nice exercises too
feral hawk
@crimson thunder Thank you!!
forest dew
Hey. Guys do you know any sites similar to TryHackMe (like with a lot exercises) but more towards sysops, devops, admin etc.
?
obsidian oasis
just updated this, now it supports 32 bits, 64 bits, both Intel and AT&T syntax
also it supports Intel syntax with c libraries
https://github.com/newtonsart/vscode-assembly
gritty barn
Hopefully these are going to be beneficial for some of you
fringe spire
Thanks 😊
stone kraken
Hello! I'm a highschool student and ive been dabbling with hacking for the past couple weeks and i really enjoy it; only thing is ive hit a wall and dont know how to grow my skills. Are there any resources that help teach people the art of hacking? Thanks!
violet ridge
The entirety of THM lol
I’m a noob and just doing the challenges and reading the info and when stuck looking at walkthroughs to c where I’m going wrong or what to look for
stone kraken
Yeah im a noob too, all i know how to do is DOS, capture WPA handshakes, and boot people off wifi with deauth commands but thats it
Ive been looking for a group of people also intrested in hacking but where i live its not too popular
violet ridge
I suggest just looking at the challenges and seeing what ur interested in and having a go
If stuck ppl answer in here if ur not able to find out from the materials provided or online which for the most part u can
stone kraken
Alright ima experiment with the challenges then. Thanks dude!
violet ridge
Gd luck
odd quest
@stone kraken Do some walkthroughs first
violet ridge
Hey @odd quest
odd quest
👋
violet ridge
How goes it?
violet ridge
Oops
stone kraken
Well i havent really gotten the chance to do anything in THM yet
My OpenVPN isnt working
odd quest
stone kraken
Ight can do! Sorry.
ionic crag
ty
open roost
does anyone know if there are windows docker images that you can network together?
odd quest
Docker containers are Linux only wait what
light hamlet
@open roost you searching for this? https://hub.docker.com/_/microsoft-windows
odd quest
Ok so the host OS needs to match the container OS
IIRC docker on windows requires virtualization enabled which we can't do on AWS for a reasonable price
Maybe that's for running linux containers on windows though.
rain thistle
shut ferry
I have just start as a COMPLETE BEGINNER.Whats the suggestion for me?
worn kelp
shut ferry
Thanks @worn kelp
worn kelp
but If you don't know anything of networks, bash.... you should start in that point, http://cybersec-lounge.com/ check this out
shut ferry
Yeah ,Im a very beginner . But have knowledge in C, C++ programming knowlwdge.
What to write here?
crimson thunder
This is the wrong place for this
If you need help with a room you can ask in #room-help, and for problem with the tryhackme vpn, ask in #site-support
Where is that screenshot from?
shut ferry
TryHackMe Open and run the OpenVPN GUI application as Administrator
whole grove
ported my gtfo tool to golang
https://github.com/mzfr/go-gtfo
fierce vale
any good sources to learn assembly for reverse engineer!!!!!!!!!!!!!!!
shut ferry
Ooo ty 😃
dusk nova
@tribal walrus That compiled list of resources is awesome. Thanks for that! Do you have any favorites in there? Things that you think are better than others?
tribal walrus
white pivot
That wasn't in compiled resources?
Probably one of the best archive of write-ups and challenges.
@odd quest Send the message you were typing
odd quest
I didn't tab back to my game
dusk nova
holy hell
thats a lot
Hold up
Did somebody from UCF write this?
cuz HackUCF is the hacking club from that school, which is where I went lol
CODE BLOCKS OH NOOOO
fringe spire
@timber harbor /usr/share/wordlists/dirbuster/
That's most commonly used one.. Depending what your are trying to do.
fringe spire
you can download some from google?
timber harbor
am i dumb or i cant find any
fringe spire
Not familiar with arch but there must be something on the internet that would help.
red echo
Does anyone have any examples of using the PIL(python imaging library) in CTFs
shut ferry
Stego?
crimson thunder
@shut ferry are you asking for resources?
dusk nova
So does anybody know of any software that will aggregate all of your IOT devices and tell you if any of them need firmware/software updates? It's not quite a SIEM but Idk what its called. Is tehre something like this out there?
rustic forum
Hey guys what's up. I created a sub domain search automator utilizing crtsh and python. You can check out the tool on my github repo. Hope it might help you with your information gathering process
https://github.com/shafdo/subdomainFinder
hugging hugging hugging
tribal gull
So as this is starting to "take shape" I'd like to just leave this here, maybe someone uses it in a future project :)
More routes coming soon, I plan to update it with most publicly available routes and maybe some authenticated ones if admins don't have anything against it ;) (pssst @forest pecan)
https://pypi.org/project/thmapi/
https://github.com/szymex73/py-thmapi
forest pecan
So as this is starting to "take shape" I'd like to just leave this here, maybe someone uses it in a future project :)
More routes coming soon, I plan to update it with most publicly available routes and maybe some authenticated ones if admins don't have anything against it 😉 (pssst @forest pecan)https://pypi.org/project/thmapi/
https://github.com/szymex73/py-thmapi
@tribal gull I like this a lot - I dont see any reason why I can't add that in. "Build your own lab off THM API's"
tribal gull
I have a lot more to add, i have 91 routes saved in insomnia
crimson thunder
favourite Golang resources?
dusk nova
@tribal gull nice! An API wrapper. I made one for WoW once
odd quest
@crimson thunder gorillamux, gliderlabs ssh,
crimson thunder
Has anyone used this? I couldn't get mine to boot for some reason
https://raspwn.org/
storm ether
For box creators
Sym linking bash history to dev null on multiple users
for i in $(ls /home); do cd /home/$i; ln -sf /dev/null .bash_history; done
sturdy shell
ooh nice
obsidian iris
also find /var/log -type f -delete for nuking logs before exporting
topaz gulch
also
find /var/log -type f -deletefor nuking logs before exporting
@obsidian iris Watch that one.. some services really don't like their logs being destroyed. Learnt that one the hard waywithout a recent snapshot
I've yet to meet one that doesn't mind having the log wiped though 🤷♂️
obsidian iris
i did it on dogcat and also my new room and they're both fine 🤷
low ermine
nuking logs isn't a big deal because running services just create a new file/append to the same one if it's still there :p
topaz gulch
Hm, I managed to spectacularly kill a webserver doing that with my first box...
Granted, there's a good chance I messed it up back then and just haven't bothered to read more into it 🤷♂️
obsidian iris
the find thing i posted just deletes the files and not the folder structure
if you deleted the folders that might have been what messed it up
topaz gulch
Uh... There is a pretty good chance that is exactly what I did 🤣
Funny, I haven't thought about that in quite some time -- I usually just delete certain ones and go from there
Thanks 🙂
crimson thunder
I was wondering too about the use of find instead of rm -rfing the thing. TIL, thanks guys
azure widget
didnt fully understand these attack when making attacking kerberos but thanks to these I kind of get it now hopefully these help someone
bloodhound handbook literally everything you could ever want to do with bloodhound https://www.ernw.de/download/ERNW_DogWhisperer3.pdf
tepid patio
For those that have done my Shodan room, this looks great https://github.com/ninoseki/shodan-dojo
agile citrus
which are the rules for this channel? can i share some copyrighted material?
topaz gulch
If you're sharing the actual material and don't have a license to do so, then no
If you're sharing a link to material which other people may obtain a license for, then yes
agile citrus
ok perfect, thanks
tender yoke
Hey everyone! I just started a new blog and wrote my first box write-up for vulnversity. Would love some feedback on it. Thanks! :)
https://fnginfosec.github.io/tryhackme/vulnversity.html
little sapphire
Dunno if someone could be interested. There are a lot of study notes about pentesting. Some of them are a bit dated, but usefull https://github.com/AnasAboureada/Penetration-Testing-Study-Notes/tree/master/enumeration
spiral zodiac
Found this somewhere on another discord: https://github.com/Ziani52/Enum_For_All
tepid patio
@tender yoke I like the design of your blog, but you have alt tags for images with no alt text. Please consider either removing them, or preferably adding alt text? 🙂 (PS. Alt text will increase your SEO) 😉
gritty barn
he likes pointing that out ^ lol
tepid patio
I @ the wrong person lmao my bad
odd quest
https://lwn.net/Kernel/LDD3/ Other mods, the book is licensed under Creative Commons share alike, as well as being sold by Orielly
Kernel module stuff
mental plover
https://wiki.zenk-security.com/doku.php => french website but very useful
tender yoke
@tepid patio Awesome, thanks for pointing that out! I had them as placeholders to add text in later, then totally forgot about it haha XD
Appreciate the feedback 🙂
odd quest
@wraith holly don't ask for people to steal content for you. This goes against the server rules.
wraith holly
@wraith holly don't ask for people to steal content for you. This goes against the server rules.
@odd quest ok sorry
tepid patio
@tepid patio Awesome, thanks for pointing that out! I had them as placeholders to add text in later, then totally forgot about it haha XD
Appreciate the feedback 🙂
@tender yoke No worries! If you ever need help with A11Y stuff, LMK. Not an expert, but I care deeply about it 😄
tender yoke
@tepid patio Haha will do! Thanks~
Be prepared to be pinged all the time lol. 
tepid patio
eh don't worry, I always have time to fix A11Y issues 😉
honest dock
https://twitter.com/UC_SOIT/status/1268968321455718400?s=19
gotcha
that's a really valuable thing ^^^
crimson thunder
@gritty barn can I register from wherever? is it all online?
crimson thunder
is that registration link broken for anyone else?
crimson thunder
@honest dock ty, went there myself but it was loading forever until you sent me the link lol
honest dock
lol
upper bolt
As I've been progressing on my journey in offensive security, my .bash_aliases has been growing. Mainly to save keystrokes and prevent errors. Here it is for your consumption.
(This is the first thing I've shared, please be nice.)
https://github.com/algernope/.bash_aliases/
(Pull requests accepted)
shut ferry
nice one @upper bolt
tepid patio
@upper bolt hey! Love using .rc files. If you're into saving keystrokes, maybe consider making some of them 1 letter long? This is in my .zshrc file 🙂 ```
alias m='sudo msfdb run'
alias n='grc nmap -p- -A -sC -vvv'
alias g='gobuster dir -w /usr/share/wordlists/dirb/big.txt -t 100 -u '
I will add a section with shorthand aliases, thank you for the suggestion!
upper bolt
👀
topaz gulch
I keep it in my bash aliases
cpro () { usage () ( echo "Usage:"; echo "cpro +anon|-anon|+time|-time"; ); if [ $# -eq 0 ]; then usage; return; fi; time=0; anon=0; timelock=false; anonlock=false; for input in "$@"; do case "$input" in "+time") time=$(($time + 1)); if [ $timelock == true ]; then usage; return; else timelock=true; fi ;; "-time") time=$(($time - 1)); if [ $timelock == true ]; then usage; return; else timelock=true; fi ;; "+anon") anon=$(($anon + 1)); if [ $anonlock == true ]; then usage; return; else anonlock=true; fi ;; "-anon") anon=$(($anon - 1)); if [ $anonlock == true ]; then usage; return; else anonlock=true; fi;; *) usage; return; esac; done; if [ $anon == 1 ]; then export PS1="$(echo $PS1 | sed -e 's/\\\u/anon/g' -e 's/\\\h/anonymised-terminal/g') "; elif [ $anon == -1 ]; then export PS1="$(echo $PS1 | sed -e 's/\<anon\>/\\u/g' -e 's/anonymised-terminal/\\h/g') "; fi; if [ $time == 1 ]; then export PS1="$(echo $PS1 | sed -e 's/\\\[\\033/\[\\D{%F %T}] \\\[\\033/') "; elif [ $time == -1 ]; then export PS1="$(echo $PS1 | sed -e 's/\[\\D{%F %T}] //g') "; fi; }```Mind if I add that with a reference to https://github.com/MuirlandOracle/linux-config/tree/master/Bash/Prompt-Alterations ?
topaz gulch
Sure -- if you add the reference. Free publicity 🤷♂️
You may find that one useful too if you're going for that kinda thing
That for the actual functions
upper bolt
My linux mint install likes the alias but my kali 2020 install doesn't ... 🧐 looking into it now. the error is something about unexpected end of file while looking for ')'
topaz gulch
There is every chance I copied it wrong. Lemme know if I did. Those have all been tested on Kali/Ubuntu and should be up to date
Which one isn't it liking @upper bolt?
upper bolt
Yeah it works great in mint 19
upper bolt
but in my kali it says source .bash_aliases -bash: .bash_aliases: line 2: unexpected EOF while looking for matching `)' -bash: .bash_aliases: line 90: syntax error: unexpected end of file
yeah
idk why it's parsing it differently ... yet 🙂
Ah, it does work.
spiral zodiac
cpro () { usage () ( echo "Usage:"; echo "cpro +anon|-anon|+time|-time"; ); if [ $# -eq 0 ]; then usage; return; fi; time=0; anon=0; timelock=false; anonlock=false; for input in "$@"; do case "$input" in "+time") time=$(($time + 1)); if [ $timelock == true ]; then usage; return; else timelock=true; fi ;; "-time") time=$(($time - 1)); if [ $timelock == true ]; then usage; return; else timelock=true; fi ;; "+anon") anon=$(($anon + 1)); if [ $anonlock == true ]; then usage; return; else anonlock=true; fi ;; "-anon") anon=$(($anon - 1)); if [ $anonlock == true ]; then usage; return; else anonlock=true; fi;; *) usage; return; esac; done; if [ $anon == 1 ]; then export PS1="$(echo $PS1 | sed -e 's/\\\u/anon/g' -e 's/\\\h/anonymised-terminal/g') "; elif [ $anon == -1 ]; then export PS1="$(echo $PS1 | sed -e 's/\<anon\>/\\u/g' -e 's/anonymised-terminal/\\h/g') "; fi; if [ $time == 1 ]; then export PS1="$(echo $PS1 | sed -e 's/\\\[\\033/\[\\D{%F %T}] \\\[\\033/') "; elif [ $time == -1 ]; then export PS1="$(echo $PS1 | sed -e 's/\[\\D{%F %T}] //g') "; fi; }```
@topaz gulch What does this do? From what I gather it's terminal PS1 stuff 🤔
upper bolt
Seems to only be it whining for some reason
tribal gull
@spiral zodiac look at the readme in that dir
upper bolt
anonymizes the terminal, adds timestamps
topaz gulch
@spiral zodiac That ^^
Lets you pick a combination thereof
Took a couple of hours to get working with variable scopes, but worth it in the end
tribal gull
the logging functions also look nice :)
topaz gulch
Figured there was something missing there 🤷♂️
They don't do tmux, which is a pain. Or rather, they do, but you need to log each pane differently
Very little you can do about that though, unfortunately
There is, I believe, a tmux logger plugin, which I may look into
spiral zodiac
This one I think: https://github.com/tmux-plugins/tmux-logging
topaz gulch
That one ^^
Oh, yeah
That does it by pane as well...
Forgot that
Does essentially the same thing
spiral zodiac
There's also a terminator logging plugin, but I've never used it 🤷
topaz gulch
Also, ew, terminator
upper bolt
https://github.com/algernope/.bash_aliases/commit/f1b292c210ea76104d4d3e8d317283d459996e8e
https://github.com/algernope/.bash_aliases/commit/8effc7acc6997841ac4f0f8106fb7b1afb55441c
Thank you again!
icy marsh
i wanted to master pwn challenges in CTFs. Any route or like direction u guys can point me to? I always skip those
rapid aspen
arctic mist
azure widget
Seems sketch and the picture doesn’t even show a cracked hash it’s exhausted 😆
tribal gull
arctic mist
same performance as my 1070
Hashmode: 0 - MD5
Speed.#1.........: 20221.8 MH/s (65.80ms) @ Accel:64 Loops:512 Thr:1024 Vec:1
Hashmode: 1000 - NTLM
Speed.#1.........: 35724.9 MH/s (74.59ms) @ Accel:64 Loops:1024 Thr:1024 Vec:1
Hashmode: 3000 - LM
Speed.#1.........: 19972.5 MH/s (66.39ms) @ Accel:512 Loops:1024 Thr:64 Vec:1
vs
Hashmode: 0 - MD5
Speed.#1.........: 19846.3 MH/s (50.39ms) @ Accel:64 Loops:1024 Thr:1024 Vec:8
Hashmode: 1000 - NTLM
Speed.#1.........: 35199.9 MH/s (28.31ms) @ Accel:64 Loops:1024 Thr:1024 Vec:8
Hashmode: 3000 - LM
Speed.#1.........: 15974.6 MH/s (62.65ms) @ Accel:1024 Loops:1024 Thr:64 Vec:1
still better than my igpu
arctic mist
tru
night holly
https://github.com/jpillora/chisel/releases
Really good port forwarder/ socks proxy, if you need help for usage Ippsec has a tutorial on his youtube
honest dock
dusk nova
Any good resources on learning bypassing web security? Stuff a bug hunter would typically do? Not trying to learn for bug hunting specifically, just the techniques they use to do so
If that makes sense...it's early
arctic mist
depends who you're up against tbh, if they're cloudflare, you're whipping out zerodays
craggy onyx
@dusk nova Check out: The Bug Hunters Methodology by Jason Haddix https://github.com/jhaddix/tbhm
dusk nova
Thanks!
crimson thunder
Just got this email, eLearnSecurity is having a discount in red team courses until the end of June
fringe spire
Only if i could apply that to the eJPT exam voucher 😢
crimson thunder
Yeah you can't, but I'll think about buying PTP + an exam voucher with this
fringe spire
well now i am thinking to get the Full version for eJPT as i will be saving around 100$ excluding tax.. exam voucher gonna cost around 250$ anyways so its better to just get full version at 350$ instead
that way i would have a free retake and time for labs.. seems worth it
crimson thunder
Yeah but a lot of people here have said that the barebones tier is enough for the ejpt specifically, that's why I'm thinking PTP
fringe spire
Well i am planning to keep backup plans as well anyways 😄 but instead of PTP my plan is to start studying for OSCP on my own for almost one and a half year then go for it
spark hedge
has anyone tried this? looks like a cool project. I might start using this in tandem with linpeas
https://github.com/diego-treitos/linux-smart-enumeration
spiral zodiac
Hmm, yeah I've used it a couple of times.
craggy onyx
Always a good plan to have choices when it comes to PrivEsc. Compare the outputs between linPEAS and LSE and see if there's anything that one or the other does not catch.
odd quest
https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology and Resources/Linux - Privilege Escalation.md I'll keep linking this
spark hedge
the checklist is a great place to go when you hit a hall
dusk nova
@spark hedge I've used it a lot. I prefer it to LinEnum
LinEnum is too verbose for me. This let's you specify how verbose you want it
craggy onyx
PEASS is great. The accompanying site from the author is invaluable as well: https://book.hacktricks.xyz
shut ferry
https://twitter.com/UC_SOIT/status/1268968321455718400?s=19
Has anyone got any confirmation from them?
I haven't received any mail yet
wheat canopy
Has anyone got any confirmation from them?
@shut ferry Nope nothing yet even though it's been more than 48 hours
shut ferry
yeah
honest dock
same ^
I am pretty sure they only choose people from the same timezone
so they can have at least 90% online all the time
wheat canopy
Yeah that's what I was going to say. Living in the states sure have its benefits
dusk nova
@craggy onyx oh what a good book
craggy onyx
Also check out https://ired.team as it has very good Active Directory and Kerberos coverage
dusk nova
Omg
wheat canopy
just received an email for the Cybersecurity bootcamp, it's only for Ohio residents
gritty barn
i'm sorry guys :c
honest dock
it's fine
tepid patio
Don't worry! We were simply too good for them and they didn't want us to embarrass their students 
honest dock
^^
obsidian iris
crimson thunder
https://www.postgresqltutorial.com/postgresql-cheat-sheet/
a nice postgresql cheat sheet I found
tepid patio
Ciphey - Automated Decryption Tool using Deep Neural Networks & Advance Natural Language Processing. Something I've been working on for a while! Input encrypted text, Ciphey will decrypt it and give you the plaintext. Some cool features:
- 20+ encryptions supported (hashes, encodings, basic encryptions)
- Deep neural network for finding what the text was encrypted with
- Custom built natural language processing module for identifying plaintext
- C++ core, blazingly fast.
- 20,000 tests so it's mostly bug free
Coming up very soon:
- Better plaintext identifier. 99.3% accuracy on English, 99.87% accuracy on CTF flags - especially THM flags ;)
- Faster cipher detection module with much higher accuracy (a 40% increase in accuracy, 30% in speed).
- Multi decryption levels. Your input is base64 -> binary -> caesar? No worries! Ciphey will find it.
- Custom input into the NLP. Is your flag format noob{flag}? or something else? Ciphey will learn and handle it.
- And many, many more encryption methods.
https://github.com/Ciphey/Ciphey
crimson thunder
good work, can't wait to play with it
tepid patio
^^ if the pip version is significantly slow (my pip version is, >10 seconds to solve some things) try git cloning, that's much faster for some reason but I'm not quite sure why
bitter sequoia
Thank you very much @odd quest !
shut ferry
Yo thanks man
chilly parcel
sturdy shell
Looks tasty nice find
crimson thunder
@chilly parcel got it, thanks! about the second link, have you found a way to add it to your courses? because I clicked "enroll" but it doesn't show up in there with the rest of them nvm, got it
thorn ingot
Just a tool I created that I thought would help people!
Use it to monitor your connection with the CTF and connect with OpenVPN in one command!
Prevents you from having to constantly ping the box and is easy to use with tmux or terminator (very small pane)!
Please let me know what you think?
https://github.com/cybertheory/ctfmonitor
Moved from general at the request of @night holly !
indigo prairie
crimson thunder
recommended tutorials for bash scripting?
indigo prairie
no he asked for it on #room-help
old pagoda
Hi, y'all.
I have written a script that will do a nmap scan and a gobuster scan on an IP and will output in a folder of your choosing
This is just the beginning of my lazy-hacker pack!
https://github.com/zeMenno/lazy-hacker
If you guys have suggestions regarding scripts just create an issue and i will look in to it!
odd quest
@old pagoda Maybe make it recursive?
old pagoda
can you specify that?
odd quest
Not for gobuster, you have to automate it yourself
old pagoda
no i mean can you specify your question 😄
oh! i see what you want!
yeah if you can create an issue i'll look in to it it is bed time for me so i don't want to forget this haha
but if i eventually add more lazy scripts, may this be something that you'll use for example?
lean warren
Here is a fun way to practice css selectors https://flukeout.github.io/
sand schooner
haughty dirge
All free devnet cisco courses https://developer.cisco.com/startnow/?utm_campaign=startnow20&utm_source=email&utm_medium=welcome-devnet-startnow
gritty barn
Maybe this will help...
NahamCon Exclusive Offer: 25% Off EVERYTHING from eLearnSecurity w/ Code 'NHM-CON' https://www.elearnsecurity.com/
spark hedge
Windows privesc ps1 inspired by powerup
crimson thunder
does anyone have a good resource (article or anything) about actively monitoring and protecting your home network?
gritty barn
@crimson thunder go for nessus home on a VM and PRTG has a free version
it also depends what do you mean by 'actively monitoring'
you could also create an elk stack to monitor net flow
crimson thunder
@gritty barn maybe I didn't phrase it correctly, I meant I want a way to check inbound connections and see if someone is trying something sketchy. thanks for the suggestion, I have little to no experience with almost anything blue-team-ish 😄
azure widget
Sounds like something Wireshark can do
sturdy shell
pfSense, Suricata and Snort come to mind for that sort of thing @crimson thunder (:
crimson thunder
@sturdy shell thanks, I'll give them all a look
old pagoda
Just added a new script and a recursive function for GoBuster!
https://github.com/zeMenno/lazy-hacker
shut ferry
Any good password lists?
fringe spire
Larger list than rockyou? 👀
shut ferry
Bruh
I gotchu
that should be around the size you were looking for, right? @shut ferry
lmao better
but I need BIGGER!
WHY
I was joking that time haha
Haha
I'm trying to hack aliens, dude
they're a lot of aliens out there
Man at that point you'd just have to combine the largest ones out there
I'll do it. Don't tempt me. haha. thanks though 😄
gritty barn
your best bet might be moving straight ahead into 64 characters rainbow tables 
get ready for x petabytes database
tepid patio
hashcat 6.0 https://hashcat.net/forum/thread-9303.html
woven flame
Are there any resources on creating a room? I've got an idea in my head and I'd quite like to build a room at some point if possible.
spiral zodiac
woven flame
thanks guys haha @spiral zodiac @odd quest
odd quest
@shut ferry The room isn't accepting writeups yet, but you should probably submit it there first.
shut ferry
Okay thanks for information
But my friend have found someone made a writeup on youtube too
shut ferry
Okay thanks in advance
odd quest
@shut ferry Submit it as an official writeup and I'll review it now, as I'm approving them today
odd quest
https://blog.tryhackme.com/going-from-zero-to-hero/ Might as well link your source, rather than just stealing the image @queen wyvern
queen wyvern
I don't have the source sorry, my buddy on telegram sent me this. I can delete this tho
odd quest
Well, now you have the source
And you can share it with them
But also it's not in order, other than the waves
odd quest
It was written by a user, not an admin
old pagoda
Hey ninja 😄 I Updated my lazy hacker pack, and it got recursive gobuster. Itagged you in it, would you like to try it out? (since you suggested it :D)
odd quest
@old pagoda I'll be honest, I don't automate gobuster etc. You asked for suggestions so I gave one
odd quest
I can take a look once I get up
old pagoda
your call
vast patrol
Stuxnet Analysis: https://youtu.be/TJhfnItRVOA
Deep Analysis of Ryuk Ransomware
https://n1ght-w0lf.github.io/malware analysis/ryuk-ransomware/
Learn Golang
https://www.youtube.com/watch?v=75lJDVT1h0s
vast patrol
How to Reverse Engineer Software (Windows) the Right Way
https://www.apriorit.com/dev-blog/364-how-to-reverse-engineer-software-windows-in-a-right-way
sterile barn
Just a stupid Question , does it exist a list of all CTF available online ? Because i am searching some CTF games to get some training but it hard to find .
sterile barn
But most CTF are team play no solo ?
azure widget
yeah but you just be a solo team
or most ctfs have a discord where you can find other members to play with
vast patrol
Just a stupid Question , does it exist a list of all CTF available online ? Because i am searching some CTF games to get some training but it hard to find .
@sterile barn Indeed my friend, check this https://www.reddit.com/r/hacking/wiki/index#wiki_ctfs
sterile barn
Thank you very much because it was hard to find something suitable for beginners and most of them are ctf for teams and i don't have a team and enough experience to take those challenge 👍
shut ferry
Hey, recently I thought about completing something from elearnsecurity, I found out that PTS barebone edition is free, although you need an invite, does anybody know how can I get the invite?
wheat canopy
shut ferry
thanks @wheat canopy
vast patrol
Thank you very much because it was hard to find something suitable for beginners and most of them are ctf for teams and i don't have a team and enough experience to take those challenge 👍
@sterile barn no problem
vast patrol
night ether
really good short and concise AD videos: https://www.youtube.com/playlist?list=PLPDUz8KkxR5z2z84CJ1JyLXC9JgxkjPBk
arctic mist
Looks handy, thanks for the share ❤️
sturdy shell
Windows DFIR cheatsheet this is super neat: https://www.jaiminton.com/cheatsheet/DFIR/#
craggy onyx
That's my go-to page for DFIR @sturdy shell 👍
sturdy shell
I only heard of it today from twitter @craggy onyx but this would of been so good throughout my degree hehe - it's wicked!
v nice lil snippets for sysadmins too
gritty barn
oh damn that's cool
sturdy shell
Chev you'd love these
craggy onyx
Jai did a great job. Two other GitHub pages I frequent often for Forensics and Incident Response are: https://github.com/meirwah/awesome-incident-response and https://github.com/cugu/awesome-forensics
queen wyvern
https://www.ethicalhacker.net/register/
@wheat canopy Invalid CSRF Token 🤔
azure widget
bitter sequoia
Hi guys, some people asked me for ressources about assembly. I find this interesting on Github : https://github.com/wtsxDev/reverse-engineering
lean warren
I know everyone probably knows what gtfobins is already but I find running these commands as followed is a great way to find binarys to exploit easily for user privi escalation "find / -type f -perm -u=s 2>/dev/null; getcap -r / 2>/dev/null" https://gtfobins.github.io/
odd quest
@lean warren ❤️ https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology and Resources/Linux - Privilege Escalation.md
crude isle
Hello there Can someone here would recommend me a CTF only OSINT? i search few of them but i want to know if you know a CTF that is only OSINT
odd quest
You missed it, but there was a missing persons CTF
crude isle
Yeah but if there one that focues on OSINT like THM but for OSINT
crude isle
yes something like that thanks again and yes i miss that missing persons CTF but will be another one
royal jasper
Found this some hours ago, think it has a good explanation of the subjects.
river void
Nice. I saw this link but I haven't seen the video yet.
gritty barn
https://www.reddit.com/user/goretsky/m/security/new - The thread i usually follow on reddit
crimson thunder
@gritty barn thanks for that, I didn't know about most of those
gritty barn
no problemo
https://github.com/madbomb122
GitHub
madbomb122 - Overview
madbomb122 has 4 repositories available. Follow their code on GitHub.
https://github.com/nccgroup/ScoutSuite
GitHub
nccgroup/ScoutSuite
Multi-Cloud Security Auditing Tool. Contribute to nccgroup/ScoutSuite development by creating an account on GitHub.
https://github.com/nccgroup/GTFOBLookup
GitHub
nccgroup/GTFOBLookup
Offline command line lookup utility for GTFOBins (https://github.com/GTFOBins/GTFOBins.github.io) and LOLBAS (https://github.com/LOLBAS-Project/LOLBAS) - nccgroup/GTFOBLookup
https://www.specterops.io/resources/affiliated-toolsets
Research and Development | SpecterOps
Developed by our team, free and open-source.
https://www.varonis.com/blog/powershell-tool-roundup/
Inside Out Security
The Complete PowerShell Tool Roundup
A hand-curated list of 70 tools to power up your workflow.
https://github.com/six2dez/wahh_extras
GitHub
six2dez/wahh_extras
The Web Application Hacker's Handbook - Extra Content - six2dez/wahh_extras
https://github.com/wtsxDev/Penetration-Testing/blob/master/README.md#books
GitHub
wtsxDev/Penetration-Testing
List of awesome penetration testing resources, tools and other shiny things - wtsxDev/Penetration-Testing
https://github.com/thebleucheese/awesome-threat-intelligence
GitHub
thebleucheese/awesome-threat-intelligence
A curated list of Awesome Threat Intelligence resources - thebleucheese/awesome-threat-intelligence
https://github.com/Elemental-attack/Elemental
GitHub
Elemental-attack/Elemental
Elemental - An ATT&CK Threat Library. Contribute to Elemental-attack/Elemental development by creating an account on GitHub.
That's a few of my my more useful bookmarks
acoustic path
Found this some hours ago, think it has a good explanation of the subjects.
@royal jasper I tried to watch some of this last night, but the one dude doesn't really speak properly, and a lot of the time it's difficult to understand him. I'll definitely try and watch the full 10 hours of the next couple of weeks though. I'll use YouTube captions
arctic mist
ebon valve
honest dock
spiral zodiac
😮
wispy torrent
Can someone suggest some good links to learn LFI and RFI
honest dock
azure widget
The description sounds like an infomercial and I love it
sturdy shell
And now for the small price of a git clone, you too can have your very own Pwncat!
crimson thunder
https://www.jetbrains.com/academy/
Register before July 1st and you get all the learning material FOR FREE until January 1st 2021. I highly recommend it too, it's great.
sturdy shell
That looks really good! Nice find @crimson thunder (:
crimson thunder
@sturdy shell bro I can't take the credit. r/learnprogramming is saving my ass once again. just in time for my exams too 😛
gritty barn
just on the back of that @sturdy shell Jetbrains offer free yearly license for students
so if you still have your student email you can use it 😛
crimson thunder
@gritty barn how did I miss that, thanks
gritty barn
idk
google free software for students
and swap the countries on your google search, you'll find different applications
daring hull
Thanks for posting about JetBrains. I always can use more resources to help me with Python.
Definitely going to apply for edu
cloud token
rocky thistle
heady sierra
Are there any resources to practice advanced buffer overflow??
shut ferry
Are there any resources to practice advanced buffer overflow??
@heady sierra this maybe https://exploit-exercises.lains.space/protostar/
heady sierra
yeah thanks
daring hull
Cheat sheet for your Wireshark needs
https://i.redd.it/xna1fs2q1e751.jpg
tribal gull
placid steppe
fringe spire
uhmm @tepid patio wanna give it a try?
fringe spire
as you also have ciphey sooo.
solemn harness
Thanks guys
Yesterday I added some more hashtypes
To be specific 5, MD4 and SHA3-224,256,384 and 512
ebon valve
tepid patio
i might submit some issues
with open(wordlist, "r", encoding="ISO-8859-1") as FileObj:
``` <- this is a big problem with stegcracker too. i could submit a pull requestthe tool defo looks fancy, but I'm not sure about it's performance against something like john/hashcat
you could also minimize the amount of code by a big factor by reusing the same code for each type and just passing the hashing function as they all seem to have the same functions
tepid patio
add multi threading too
and for the word list, dont do a for loop since stegcracker does that and stegcracker sucks
odd quest
Add cuda support
tepid patio
@solemn harness let me write an issue for u with some stuff i think you can improve 😄
tepid patio
i submitted an issue 🙂
craggy onyx
Quite extensive resource on CTF and a methodology on vulnerable machines: https://bitvijays.github.io/LFC-VulnerableMachines.html
stoic stone
Hi everyone, is there any good resources for app pen testing?
Android and iOS (books or some links to paths) anything would be helpful
craggy onyx
iOS Penetration Testing by Kunal Relan, The Mobile Application Hacker's Handbook, by Dominic Chell @stoic stone
stoic stone
Thanks 🙂
upper bolt
You're welcome.
gritty barn
somber blade
icy seal
Is there someone who can share a good Surricata list for my pfSense?👀
craggy onyx
Digital Forensics and Incident Response. Great resource by Jai Minton. https://www.jaiminton.com/cheatsheet/DFIR/
shut ferry
Nice find
icy seal
Ty
naive lance
hello! can anyone sugest me a good cracker for steg passwords? Im not able to install stegcracker and john doesnt seems to work properly
tepid patio
Why can't you install Stegcracker? Would you like some help installing it? 🙂
azure widget
stegcracker is pretty much the only one and john you will have to use x2john where as x is what youre converting from
tepid patio
@naive lance if you can't apt install Stegcracker for whatever reason, and pip3 install stegcracker doesn't work, you can clone the repo and call python3 stegcracker on the repo 🙂 https://github.com/Paradoxis/StegCracker
naive lance
im gonne take some prints to show you
naive lance
sure!
wispy torrent
what are som good resources for BO from basics to advanced.
crimson thunder
@wispy torrent might be worth checking this out https://www.youtube.com/playlist?list=PLLKT__MCUeix3O0DPbmuaRuR_4Hxo4m3G
odd quest
https://www.youtube.com/watch?v=1S0aBV-Waeo - This is what gave me the basics of BoF and made it all "click" for me. At least the theory side.
shrewd quiver
does anyone have resources/techniques on bypassing conventional IDS/APS?
gritty barn
https://twitter.com/three_cube/status/1278078318923755520?s=19 someone wanted scada stuff
prime mantle
https://github.com/holmes-py/KoTH-counter
Dumb and dirty but works...
queen wyvern
tepid patio
https://github.com/s0md3v/Hash-Buster
@queen wyvern fun fact: that's the same hash code we have in Ciphey, except I edited most of it 🙂 For a similar project, BaseCrack looks promising although tbh I think CyberChef Magic does most of the stuff https://github.com/mufeedvh/basecrack
queen wyvern
@queen wyvern fun fact: that's the same hash code we have in Ciphey, except I edited most of it 🙂 For a similar project, BaseCrack looks promising although tbh I think CyberChef Magic does most of the stuff https://github.com/mufeedvh/basecrack
@tepid patio Ah. What's Ciphey tho ?
odd quest
Ciphey is my worst nightmare as a challenge creator
fringe spire
@tepid patio the issue i was facing is fixed?
tepid patio
@tepid patio the issue i was facing is fixed?
@fringe spire is that the download speed? it's fixed in version 5.... but not released on Master yet 😂😂
Ciphey is my worst nightmare as a challenge creator
@odd quest Soon CTFs will only feature RSA challenges
odd quest
I got a tool for that too
icy marsh
rsactftool
odd quest
https://github.com/adeptex/rsatool
https://github.com/Ganapati/RsaCtfTool
These are the two I use
vast patrol
crude isle
resources pdf books: bash notes for pros, linux notes for pros, linux all in one, explainshell.com is for explaining what a command does example: cd .. or ps aux | grep firefox
zenith flint
does any one have stuff on hacking with python
edgy plank
tools? or wut
night ether
if anyone needs help with subnetting, i put this together to hopefully help you subnet within 10 seconds in your head
let me know if it helps / feedback 🥺
tepid patio
does any one have stuff on hacking with python
@zenith flint Black Hat Python? Grey Hat Python? White hat Python? It's a book, I'm not sure on which hat it is, but it's one of those :p
Black Hat Python https://nostarch.com/blackhatpython
topaz gulch
@night ether I've always done it by counting bits -- strikes me as being less convoluted 😆
night ether
@topaz gulch counting bits is extremely tedious and difficult to do without writing down imo 👀
sour isle
not if you split them in chunks then it's pretty easy and fast
night ether
if you do it in binary you still only need to write down one octet but i’d rather count in decimal than binary 😅
night ether
idk i guess i find it hard to skip a power of 2 when counting binary in my head
lilac maple
hey i was wondering if anyone can share some resources on active directories, its a new topic for me and i wanted to know more about it :)
azure widget
any specific area of active directory youre interested in? @lilac maple
lilac maple
any specific area of active directory youre interested in? @lilac maple
@azure widget i wanted to know about it in general since its totally new for me, so something like concepts and stuff
azure widget
I got you
@lilac maple haha that should be enough to get you started if you need more I have more where that came from
lilac maple
omggg thank you soo muchh!!!!! i'll definitely let you know if i need any further help regarding this
gloomy geyser
Hey guys. Anyone here has a link to the vulnerable VMs from the book of Georgia Weidann's Pentesting Book?
Here is the SS of the part of the book. The red underlined link is dead, unfortunately
Also I think the torrent from the link "nostarch" is also dead. Anyone here know any alternatives?
tribal gull
the 7zip link is live
the torrent is also live
it's just their tracker that is dead
if you add a list of other trackers to the torrent it'll download just fine
gloomy geyser
if you add a list of other trackers to the torrent it'll download just fine
@tribal gull Thanks for the tip. I already did this and it worked
shut ferry
hello anyone know about the vulnerability in router during its boot up period?like how it can be exploited during that phase
tepid patio
What vuln? Do you have a CVE?
shut ferry
i don't have CVE right now but i heard somewhere that they can be exploited at that phase do you know sth about that @tepid patio
solemn harness
@tepid patio
You were the guy you wrote an issue for my tool right?
Well I have a question
I could reduce the time by multiprocessing 2 functions. But I ended up with almost 900 lines of code 😅🤣
How can I reduce that? I tried a class but I will end up with the same amount of lines lol
tepid patio
@solemn harness I would create an abstract class for all the crackers, and then build smaller objects using normal classes for each hacker. and then store the cracker objects in a list, and just multi process that list?
solemn harness
Well I multiprocessed the 2 functions. 1 starts reading the file from the beginning and the other starts from the end
And it works now, takes about 2s to crack a password which is at the end
So pretty fast I think. You know what, I will release it and send you the link
So you know what is going on lol.
odd quest
@signal ether I'll be real, just make a VM.
solemn harness
@tepid patio https://github.com/be1807v/test
tribal gull
@shut ferry on some routers they have a UART header exposed on the motherboard and you can usually read the startup log and sometimes even execute commands after bootup
solemn harness
That is what I got so far
tepid patio
@tepid patio https://github.com/be1807v/test
@solemn harness Why don't you create a Git branch for testing and use that?
You repeat this code a lot: python def readBackwards(): if hash_type == 0: if verbose == True: for line in reversed(list(open(wordlist, "r", encoding="ISO-8859-1"))): passwd1 = line.rstrip() passwd_h = hashlib.md5(passwd1.encode()) passwd_hash = passwd_h.hexdigest() print("Trying \"{}\"" .format(str(passwd1))) if user_hash == passwd_hash: hash_cracked = True print("[+] Hash cracked! Results: " + str(line)) endTime = time.time() deltaTime = endTime - startTime print("[+] Cracking finished in {}s" .format(str(format(deltaTime, ".2f")))) sys.exit() print("[-] Hash not found! Maybe
Try to put it into a single function, or use a class
if you do that, you'll save a lot of lines 🙂
solemn harness
@tepid patio
I updated the tool
And removed around 600 lines of unnecessary code 🤯🤣
Tag me and let me now if you like it or not. Hash detection is the next thing I will work on 😀
Now cracking speed is twice as fast. If the hash is in the front of the file, it will find it in 0.01 seconds
Ofcoars do this when you have time!
tribal gull
Not working
Leaving sub rooms without the sub
from thmapi import THM
from thmapi.util import http_get, http_post, fetch_pattern
import json
# creds = json.load(open('./alt_creds.json', 'r'))
creds = {
'username': 'asdf',
'password': 'asdf'
}
t = THM(credentials=creds)
tmp_room = 'ctf100' # normal room
target_room = 'linuxctf' # sub-only room
def join_room(room_code):
http_get(t.session, f'/jr/{room_code}', res_format='raw')
def leave_room(room_code, tmp_room):
csrf = fetch_pattern(t.session, f'/room/{tmp_room}', 'csrf-script')
http_post(t.session, f'/room/leave', {
'code': room_code,
'_csrf': csrf
}, res_format='')
join_room(tmp_room)
leave_room(target_room, tmp_room)
leave_room(tmp_room, tmp_room)
To run this you need to:
- use python3
- download thmapi (
pip3 install thmapi) - fill in the credentials and change room codes (room code can be found after
/room/in the link
haughty dirge
how to set up kali on dockers --> https://www.beyondlines.net/linux-on-docker/
odd quest
For reference, I don't recommend this as the VPN doesn't work very well with it
ebon valve
gritty barn
shut ferry
lime dew
lilac maple
https://www.offensity.com/de/blog/just-another-recon-guide-pentesters-and-bug-bounty-hunters/
https://www.bugcrowd.com/resources/webinars/doing-recon-like-a-boss/
https://medium.com/bugbountywriteup/guide-to-basic-recon-bug-bounties-recon-728c5242a115
https://www.hackerone.com/blog/how-to-recon-and-content-discovery @shut ferry
shut ferry
Thanks @lilac maple !
lilac maple
np!
solemn harness
Hi guys! I want some feedback on my tool! Thanks! https://github.com/be1807v/Hash-Cracker
arctic mist
cool project. definitely worth adding to your portfolio/resume
solemn harness
And what can I add to the tool? To make it easier for you? 😀
barren vault
Looks pretty!
solemn harness
Thanks guys! I really appreciate it!
solemn harness
Lol 🤣
barren vault
hah
solemn harness
Should be fixed now
arctic mist
LM and NTLM are the biggest hashes you'll find aside from md5, so I'd prioritize adding them
solemn harness
I will add it
tepid patio
Hi guys! I want some feedback on my tool! Thanks! https://github.com/be1807v/Hash-Cracker
@solemn harness Learn Poetry and upload it to PyPi too 🙂
solemn harness
I was using hashlib and they provided just a limited amount of hashes
tepid patio
i am digging the colours
solemn harness
Now I found Crypto which provides a lot more.
Okay to summarise: 1. Add NTLM and LM 2. Add colors 3. Add hash detection
solemn harness
The screenshots? That's a website called carbon.now.sh
tepid patio
ohhh ok
azure widget
those are all REAL malware samples please be careful and properly sandbox them
river fractal
Can anyone point me to any guide/tutorial/video where I can use my GPU to crack hashes with John in Kali?
I've read and seen few articles and videos where the cracking with GPU is much faster but can't find a guide to use it
tepid patio
Generally we would install the hash cracker on the host machine, which automatically makes use of the GPU 🙂
Although I don't think John uses the GPU as much as Hashcat does 😛
odd quest
@river fractal you need cuda/opencl drivers, and then you just kinda use hashcat normally
If you need --force then you're doing it wrong
shut ferry
hey guys (mods) i have a question reguarding hacking with mac OS
river fractal
@odd quest Should I install cuda/opencl drivers on my Windows(host) machine and then running hashcat in kali(VMware) would work?
odd quest
No
Download hashcat for windows
There are builds
DO NOT run hashcat in a VM
Unless you pass through a whole GPU, it won't work
river fractal
Okay got it. Thank you soo much :)
I'll try this tomorrow and see how much difference I'm getting versus my VMware (Probably CPU)
odd quest
--force in hashcat can break things
It can skip over the correct password
Or spit out incorrect passwords
azure widget
I was just about to ask why my malware samples got taken down and then I realized there was a rule about that sorry y’all
flint scroll
raw tapir
Can anybody provide me with any education video from subscription plan? Want to check if I need it
honest dock
Those videos are usually a fully detailed walkthrough on the room
- sharing them with non-subs is prohibited
raw tapir
maybe at least a part of it? Just want to see how it goes
honest dock
not allowed, sorry
gritty barn
flint scroll
this is my video on how scammers scam newcomers especially into infosec field
i bet you will have lot of fun
https://youtu.be/bgigs-79suU
craggy onyx
BHIS is top in my book. 👍
jaunty pulsar
Wait you mean the book or the page?
odd quest
Black Hills Info Sec make a lot of good material
jaunty pulsar
https://www.blackhillsinfosec.com/a-pentesters-voyage-the-first-few-hours/
@azure widget Read this one and its pretty cool
azure widget
@jaunty pulsar That’s what I posted lmao
azure widget
Oh I thought you meant read that one geez these networks have my brain not comprehending anything
Very nice hope you learned something from it
round field
can somebody help me? please
night ether
@round field ask in #room-help
round field
already did thanks
broken berry
night ether
how come you create a gobuster directory within /opt but then install it with apt?
haughty dirge
dunno if anyone has posted this already. here is a giant list with pretty much all free webinars, courses, books, etc that you can find for free about cybersecurity in general. The guy has been keeping the list updated so we don't have to worry about accessing old stuff !!! https://github.com/gerryguy311/CyberProfDevelopmentCovidResources/blob/master/README.md
night ether
anyone got any good resources on bypassing aslr? or just any advanced binex explanations?
craggy onyx
@night ether https://www.corelan.be/index.php/2010/06/16/exploit-writing-tutorial-part-10-chaining-dep-with-rop-the-rubikstm-cube/
night ether
@craggy onyx awesome !! thank you tim :)
craggy onyx
👍
tribal gull
sturdy shell
@topaz gulch Do you have any good resources for learning bash scripting? 🙂
Would like to automate most of my box dev other then vagrant & docker compose
topaz gulch
There were some floating around, I believe Ashu might have a good one?
I tend to just do it from notes and memory now, having Googled everything individually to begin with
sturdy shell
Ah no worries
I'll have a look around (:
Thought it was worth an ask to see if there's anything you could recall being helpful
Hopefully can share some generic bash scripts for box dev in the near future
topaz gulch
Nice 😁
prime mantle
Just me or enum4linux is really hard to get started?
azure widget
Pay what you want 4 day Getting Started in Security with BHIS and Mitre Att&ck taught by John Strand
https://wildwesthackinfest.com/online-training/getting-started-in-security-with-bhis-and-mitre-attk/
Free event being held by Sans for high school and junior high students to get an introduction to cyber security
https://www.sans.org/cyber-camp?utm_medium=Social&utm_source=Twitter&utm_campaign=Cyber+Academy
craggy onyx
A great resource for Methods https://book.hacktricks.xyz
queen wyvern
I'll have a look around (:
@sturdy shell Once you do, it would be awesome if you can link me up too 🙂
sturdy shell
I gotcha 
white pivot
Anyways, if anyone wants to try out last year Defcon challenges,have a look at https://archive.ooo, they made some of the challenges online.
daring hull
I own Hacknet. It's pretty neat if you want Hacker Lite experience, but it's basically like the same gameplay loop over and over again. The soundtrack is cool.
It's using like 5-6 problems basically to do all the hacks.
haughty dirge
hey guys here is a list for those who havent read yet about the most "important web hacking tools" by hackerone
bright star
hey guys here is a list for those who havent read yet about the most "important web hacking tools" by hackerone
@haughty dirge thanks mate
queen wyvern
Send more 
shut ferry
gritty barn
There is also the metasploit unleashed
queen wyvern
^
tepid patio
RustScan - Faster Nmap Scanning with Rust. Are you sick of waiting 20 minutes for Nmap to finish? RustScan decreases it to 39 seconds for you. (A little something I built ✨)
+ Can scan all 64k ports in 26 seconds
+ Automatically pipes into Nmap (no more copy / paste)
+ Nothing else. **Only** job is to improve Nmap, not replace it!
spiral zodiac
🤔
It's in Rust 👀 I hate doing RE on Rust binaries, but let's see, should be pretty fast since it's Rust 🤔
topaz gulch
Rust is beautiful
tepid patio
@tepid patio You already uploaded to the AUR? 😄
@spiral zodiac yes ofc, AUR is best 😜 it should work (so long as I didn't mess up the checksums)
It's in Rust 👀 I hate doing RE on Rust binaries, but let's see, should be pretty fast since it's Rust 🤔
@spiral zodiac it is v/ fast but I'm using threading which is slow, and it also depends on what your machine can do
I get 26 - 40 seconds on my machine, but if you have to use fewer threads you get way less (I can run it with 1k threads tho tbf)
spiral zodiac
@tepid patio In the readme it says 64k ports, yet there are a total of 65,536 🤔
odd quest
tepid patio
@tepid patio In the readme it says 64k ports, yet there are a total of 65,536 🤔
@spiral zodiac ah you're right, it's supposed to be 65k 😅 it does do all ports, I just rounded down for some reason writing the readme 🤷♂️
queen wyvern
If I use this, will you use my pc to upload anime in the background @tepid patio 🧐
tepid patio
If I use this, will you use my pc to upload anime in the background @tepid patio
@queen wyvern of course, you're going to be mining AnimeCoin for me
spiral zodiac
@tepid patio Just installed rust_scan using cargo and shouldn't this be <ip> instead of <i>:
RustScan 0.01
Bee https://github.com/brandonskerritt
Fast Port Scanner built in Rust
USAGE:
rust_scan [OPTIONS] <i>
FLAGS:
-h, --help Prints help information
-V, --version Prints version information
OPTIONS:
-T, --timeout <T> The timeout before a port is assumed to be close. Default 1000 [default: 1000]
-t, --threads <t> How many threads do you want to use? Default 1000 [default: 1000]
ARGS:
<i> The IP address to scan
@tepid patio Just installed rust_scan using cargo and shouldn't this be <ip> instead of <i>:
RustScan 0.01 Bee https://github.com/brandonskerritt Fast Port Scanner built in Rust USAGE: rust_scan [OPTIONS] <i> FLAGS: -h, --help Prints help information -V, --version Prints version information OPTIONS: -T, --timeout <T> The timeout before a port is assumed to be close. Default 1000 [default: 1000] -t, --threads <t> How many threads do you want to use? Default 1000 [default: 1000] ARGS: <i> The IP address to scan
@spiral zodiac it's an argument so it doesn't have any flag, but I chose I because it's physically shorter. but for UX I should change to IP I guess 😁
spiral zodiac
🙂
twilit kraken
Does somebody knows some good website/youtube channels worth checking for electronics hacking?
odd quest
Like maker stuff, or hacking hacking hacking?
twilit kraken
Since i'm pretty unexperienced in electronics i'd start with maker stuff
odd quest
twilit kraken
ty
odd quest
https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w there's some more hackery electronics stuff from LiveOverflow
tepid patio
🙂
@spiral zodiac did u have any bugs? just so i can fix them for version 2 😄
spiral zodiac
I'll take a more in-depth look tomorrow
azure widget
daring hull
Nice gonna check that out
tribal gull
Quicker way of leaving sub rooms. Works in browser
Steps:
- Open a page of a random room (must be a room as it grabs the csrf token from that)
- Replace the roomcode in the code below with the target room and paste it into the devtools console
const targetRoom = 'linuxctf' // Change this to the sub-only roomcode
fetch('/room/leave', {
method: 'POST',
body: JSON.stringify({
code: targetRoom,
_csrf: csrfToken
}),
headers: {
'Content-Type': 'application/json'
}
})```const targetRoom = 'linuxctf' // Change this to the sub-only roomcode
fetch('/room/leave', {
method: 'POST',
body: JSON.stringify({
code: targetRoom,
_csrf: csrfToken
}),
headers: {
'Content-Type': 'application/json'
}
})```Improved it for you
odd quest
**Quicker way of leaving sub rooms. Works in browser**
Steps:
1. Open a page of ...
Can you write one that lists as well?
Because kill = bad
Tracing back VM to room if you can
tribal gull
i mean you could just go to the site?
odd quest
The site doesn't list your currently running VMs
tribal gull
How to check what VMs are deployed where
Paste this in your devtools console
fetch('/api/running-instances')
.then(r=>r.json())
.then(vms =>
vms.forEach(vm =>
console.log(`https://tryhackme.com/room/${vm.roomId} - ${vm.internalIP}`)
)
)```
This will list the rooms with instances and their IPsany other ones i could quickly whip up?
Kill all running VMs
Go to a random room and paste this in your devtools console
fetch('/api/running-instances')
.then(r => r.json())
.then(vms =>
vms.forEach(vm =>
fetch('/api/vm/terminate', {
method: 'POST',
body: JSON.stringify({ code: vm.roomId }),
headers: {
'csrf-token': csrfToken,
'Content-Type': 'application/json'
}
})
)
)```Skidy pls steal these and give us the features thanks
tribal gull
If anyone has ideas for other utility scripts like these just ping me and we'll see if it's doable
maybe we'll get actual features quicker this way
odd quest
That has happened before, I've thrown code out there related to copy/paste
odd quest
ES6 >>>> jquery
azure widget
DEFCON Ham Radio Village is holding 5$ Ham Radio Exams and they’re waiving the fee for applicants under 18 if you want to get involved with SDR this is the time to do it
lilac maple
thinking to attempt for eJPT soon , do you guys mind sharing some resources?
ocean dome
The barebones was free like 1 month ago and tbh if you can do htb easy/thm medium machines you almost know everything you need
craggy onyx
@lilac maple Check the Syllabus on the site for eJPT, as it will provide an overview of the contents covered in the course.
lilac maple
Alright, thanks guys :)
proper atlas
https://www.udemy.com/user/cliftonlkrahenbill/
Free courses for two days from Prof. K, a Udemy instructor - simply apply the checkout code for the course.
Ethical Hacking - A Hands-On Approach (E4BF17164C5AF207AC7F)
Ethical Hacking - Capture the Flag Walkthroughs - v1 (3BB90D7566D114F8C5CF)
Ethical Hacking - Capture the Flag Walkthroughs - v2 (587C1468AEE603E1909D)
Windows 10 – Hands-on Training (7D875B0510F89805D921)
Microsoft Word 2016 for Everyone (795A04E730166A8186B2)
Microsoft Server 2012 R2 - Hands-on Training I (68B222C5F4665895BC01)
Microsoft Server 2016 - Hands-on Training I (79F556DC95BFE58A6DCD)
Microsoft Server 2016 - Hands-on Training II (E95DCA443C1E81D161A5)
Microsoft Server 2019 - Hands-on Training I (678FEE9F155299C7528A)
Microsoft Server 2019 – Hands-on Training II (E579D864E18672EBDAF8)
smoky crater
Guys you can check out the writeup that I prepared for DEFCON27 Advanced WiFi Exploitation Workshop for Red & Blue Team Workshop's CTF: https://medium.com/@anilcelik/en-defcon-27-advanced-wireless-exploitation-workshop-ctf-write-up-f787b0899256
haughty dirge
@proper atlas my man, thank you very much 🙂
shut ferry
To sus
tepid patio
ty 💞✨
worthy bay
hi people,could you recommend me some decent portalls/sites to catch up the latest info sec news,i don't use twitter 🙂 thanks
grim crown
The Ultimate OSINT Guide ! https://www.youtube.com/watch?v=OZnpULVHz4w&t=3s
proven bramble
Threader3000 now has Nmap integration. Get a full port scan and targetted Nmap scan on a target in less than 3 minutes. https://github.com/dievus/threader3000
Or install from the Pip repository
pip3 install threader3000
or
pip install threader3000
tepid patio
RustScan has 2 major updates (just pushed! ✨)
+ 8 seconds for full port scan, theoretical 1 second full port scan (but you gotta have a BEAST of a PC)
+ Custom Nmap arguments. So you can choose what Nmap does when you run RustScan
cargo install rustscan
This is more usable now @tepid patio
It looks good so far but it skips some ports sometimes with 1000 threads
tepid patio
It looks good so far but it skips some ports sometimes with 1000 threads
@queen wyvern The newer version doesn't use threads btw
queen wyvern
I will update it and let you know
tepid patio
😄 ❤️
tepid patio
It's in Rust too
spiral zodiac
🤔
tepid patio
Why the disdain for a Rust shell?
spiral zodiac
Performing RE on Rust binaries isn't fun 😦
tepid patio
Yeahhh
I also don't know how I feel about a non-C based shell experience
But the examples look sick
very promising
white pivot
Someone made checksec in rust.
Now, someone make pwntools in rust.
@tepid patio Rust pwntools, might be a good idea for next project.
tepid patio
Actually I was going to re-write some bruteforce programs in Rust, since that's where most of the speed will come from 😛
gritty barn
Mastering Malware Analysis — Here's another popular #cybersecurity eBook (510-page PDF) currently available for FREE download, only for the next 6 days by its publishers.
Download your copy now: https://t.co/AaGSNe7Nl4
@sturdy shell ^
sturdy shell
😮 @gritty barn you always find the juicy stuff
I think I had a couple of pages (a chapter or so) access to that during Uni
so really good find!
spiral zodiac
😮
gritty barn
Thanks
little shadow
guys I know all the basic commands of terminal I have basic networking knowledge and I am a complete beginner in cybersecurity and probably want to pursue a career in this domain can u guys suggest some good resources that would help me?
shut ferry
A really good website called "TryHackMe" where you can learn ethical hacking for free :)
cloud brook
@shut ferry that sounds awesome, could you link it?!?!
shut ferry
cloud brook
@little shadow
little shadow
@shut ferry @cloud brook Thank you guys
shut ferry
But seriously tho- as long as you go through the rooms with the intent of learning and practicing the penetration process, and always try your hardest to figure it out for yourself, you'll learn plenty about Cybersecurity in no time
little shadow
@shut ferry sure I'll give it a try
shut ferry
There's a lot of rooms geared towards complete beginners/students that run you through most of the tools and common vulnerabilities
Definitely get familiar with your tools, and the enumeration process, then you can use that as a foundation to more advanced topics, such as common vulnerabilities and exploit development, or server/webapp hardening and security configuration
shut ferry
TryHackMe is very well suited for beginners, just make sure to look at the big picture while you're doing the rooms, and asking yourself "how does this translate into cybersecurity" along the way
little shadow
you guys seem to have a lot of knowledge in this domain so I thought I'll ask
gritty barn
yeah, it's just slightly weird haha, coming on the discord for a specific website without actually using it, not trying to be rude or anything
shut ferry
Most of the time, if you know how to exploit a vulnerability, then that means you know how to patch it
gritty barn
yeah, you can start with trying some of the rooms first 😛 there is a lot of content available on the website and it's suitable for beginners
little shadow
@gritty barn lol Ik
gritty barn
this channel is designed for additional resources created by some of our members or stuff that they found online and it is possibly useful for someone
little shadow
I have 0 programming knowledge I hope it won't be a problem?
gritty barn
you develop those skills throughout the time, everyone starts somewhere. but bare in mind you won't become a 1337 h4x0r in a week
Nor was Rome built in a day
gritty barn
some of them are, not all
little shadow
what about you?
gritty barn
i work in this field
little shadow
cool man
gritty barn
^^
orchid brook
guys, quick one
cloud brook
6!
orchid brook
i keep getting machine the message , undergoing maintenance of my machine
does that always happen?
odd quest
If you want help with rooms, please use the correct channels
This is not the correct channel for that.
little shadow
so I'll get back to you guys if I face any issue or have any doubts please help me okay?
odd quest
Long as you use the correct channels for it
odd quest
Read the channel titles. Read the channel topics. Read the rules. Then you'll be fine.
little shadow
Alright thanks!
barren vault
haughty dirge
https://www.youtube.com/watch?v=VL2bgatmIkc @wooden mesa thank you for that 🙂
night holly
https://github.com/ryanrohypnol/Reverse-Shell-Bash-Alias -- updated
@barren vault one line, REEE 😂
daring hull
69 lines minimum
night holly
To be fair, do you really want a multiline alias in your bash aliases?
@topaz gulch I just wanted to read it, really hard on mobile
topaz gulch
Also, I'm a sadistic bastard if you hadn't noticed 🤷♂️
night holly
REEE
topaz gulch
I make no apologies
tepid patio
Bellingcat season 2 poggers https://www.bellingcat.com/resources/podcasts/2020/07/21/the-bellingcat-podcast-season-2-the-executions/
tepid patio
This is one of my fave startup related things (not really infosec, but theres no channel topic strictly for infosec). Dropbox 1.0 release, some guy comments "you can do this easily on Linux with all these steps". When you build abstraction, those who do not need the abstraction will be more vocal about why it should exist, meanwhile the rest of the world uses the abstraction https://news.ycombinator.com/item?id=8863
Hacker News
jaunty pulsar
After testing Rustscan i dont recommend it
odd quest
After testing it, I do. Because what I scanned would have killed nmap
brittle cedar
The tool is in active development, what's the deal breaker for you @jaunty pulsar ?
odd quest
https://ip-api.com/ good fun to mess with, personally been using it to geolocate login attempts to my honeypot
tepid patio
@jaunty pulsar what don't you like about it? I can improve any aspects you want :)
prime mantle
After testing Rustscan i dont recommend it @jaunty pulsar
I'd support that too, IDK if it's just me, but I tested it 5 times on the same IP, it missed some important ports. (Maybe it needs to be configured specifically for every scan(?))
brittle cedar
@prime mantle Might be a matter of playing with timeouts, the default timeout is 1.5 seconds, so if the network is slow or the machine is overwhelmed you might have false negatives 🤷♂️
prime mantle
Yeah, figured, will try that too.
brittle cedar
Try to play with the batch size too, I think anything above 128 or 256 might be too much depending on the machine.
jaunty pulsar
@jaunty pulsar what don't you like about it? I can improve any aspects you want :)
@tepid patio It's the same than nmap (with flags)
spiral zodiac
Not really
jaunty pulsar
I'd support that too, IDK if it's just me, but I tested it 5 times on the same IP, it missed some important ports. (Maybe it needs to be configured specifically for every scan(?))
@prime mantle Yeah thts my point I replicate with flags, same speed mor ports
nmap --min-rate 4500 --max-rtt-timeout 1500ms -p- IP it takes double
but its pretty sure whats rutscan does
without losing ports
spiral zodiac
Copy pasting from that reddit post you saw in /r/netsec isn't helping your case. 😐
jaunty pulsar
Fact, I'm no follower of that subreddit, so you think i would be saying with out arguments, i actually probed it
Maybe other sources, yes
spiral zodiac
I never said you followed that subreddit, the command you posted is copy-pasted exactly from there and this is a fact, maybe read RustScan's readme before posting.
tepid patio
I'd support that too, IDK if it's just me, but I tested it 5 times on the same IP, it missed some important ports. (Maybe it needs to be configured specifically for every scan(?))
@prime mantle Hey! Theres new code (released a couple of hours ago) which would help with this. In short, the "fastest" scan isn't a one-size-fits-all, but rather something you have to base on your computer specs and ping 🙂 The new code should fix a lot of those issues (but not all, still working on that part)
prime mantle
@prime mantle Hey! Theres new code (released a couple of hours ago) which would help with this. In short, the "fastest" scan isn't a one-size-fits-all, but rather something you have to base on your computer specs and ping 🙂 The new code should fix a lot of those issues (but not all, still working on that part)
@tepid patio Awesome! will reinstall and try again
tepid patio
nmap --min-rate 4500 --max-rtt-timeout 1500ms -p- IP it takes double
@jaunty pulsar This requires a lot of technical knowledge though, see Dropbox. Back in 2007 it was easy to replace Dropbox with some Linux knowledge, read the top comment. It is always possible to replace the abstraction with the underlying project, hence why it is an abstraction. The question is, whether or not people would want to? RustScan's newest feature is to help you create the fastest scan for your machine. It would be a lot harder to automatically choose those numbers for your machine with Nmap on its own 🙂 https://news.ycombinator.com/item?id=8863
Hacker News
Why does the Python sockets module exist, when Berkley sockets have existed since the 1980s? Abstraction isn't always a bad thing 😛
Also note, this project is only like a week old? Nmap is 23 years old. It's hard to compare something brand new, still growing, to something that old ;p
indigo prairie
what is/where do I find devtools console ?
tribal gull
ctrl+shift+i
tepid patio
queen wyvern
Can someone suggest some resources for learning PowerShell in depth.
p.s. don't mention the tryhackme room
opal dew
Try https://underthewire.tech/ (it's like overthewire.org in that regard that it's wargaming)
azure widget
@queen wyvern the first thing to think about with powershell is not really to think about it as a language but to think about it just like you would bash as they are very similar https://docs.microsoft.com/en-us/powershell/scripting/learn/more-powershell-learning?view=powershell-7
haughty dirge
night holly
Ippsec has good stuff on Oracle padding attacks too!
noble wedge
Hello there, i m not sure if this is the channel for my question, if not i delete it.
A friend of mine is selling products from small producers and i want to help him by doing an ecommerce page like a shop with a cart.
Which technology would you recommend ? something like shopify, wix works well ?
the idea is to make something really simple but secure and precise
noble wedge
someone suggested me wordpress + woocommerce plugin
tepid patio
Shopify is good, it's what tryhackme uses for our swag shopppz
elfin geyser
just finished my new hacking blog, tell me what you guys think https://elbee.xyz/
night ether
just finished my new hacking blog, tell me what you guys think
https://elbee.xyz/
@elfin geyser looks really well made
i think maybe your team logo is a bit too large though
night ether
@elfin geyser also, are you hosting that yourself or on some vps?
because i see your little challenge thing, and i'm not sure what a hosting company would think about people dirbusting
elfin geyser
good call ill scrap that
night ether
maybe some manual enumeration if you still want a challenge
uncut jay
Hi friends, I'm looking for some structured material aimed at application security (books, blogs, udemy courses, etc.)
anyone got the goods? which rooms are best for diving deep into web apps and app sec?
shut ferry
https://github.com/0xRadi/OWASP-Web-Checklist I find this pretty useful
uncut jay
ohhh this looks really nice thank you
shut ferry
You can also look into OWASP's Juice Shop webapp if you want your own personal vulnerable webapp with a large variety and scale of vulnerabilities
It's a great playground/sandbox for webapp penetration testing
uncut jay
it has a list of challenges yea? or is it just a wild west do your best?
shut ferry
A list of challenges and even a tracker
It's like a miniature CTF all condensed into a webapp
uncut jay
awesome, ive heard the name but havent looked into it. Thanks!
shut ferry
You can host one for free really quickly with Heroku
Otherwise, TryHackMe has a sleuth of webapp based penetration rooms
uncut jay
yea i was going through the owasp top 10 one but it's pretty light
i think they have bigger rooms for each individual one though
shut ferry
Yeah, this one actually has the OWASP Top 10 all ingrained into it
I think somebody has a older version of Juice Shop on THM, but it's still basically the same
uncut jay
yea, this should be plenty to work with, much appreciated!
haughty dirge
hey guys I am interested in start studying about android hacking and exploitations does someone recommend any youtuber or website for me to have a look, I already started watching the hackerone videos related to it, thank you 🙂
shut ferry
