noots on Elf McSkidy

It's actually starting to feel like groundhog day.

@quaint elm be proud of me, I did two pwn rooms today and actually enjoyed them

@lethal egret I am proud of you, very proud. (which rooms btw?)

And of course, congratulations.

brainpan and vulnserver TRUN

ngl it may only be basic but hell it's fun

Oh god, both windows pwn.

Apparently, brainpwn has windows pwn being a linux machine.

I never doubted you for a second @lethal egret

yeah it is, it's weird wine shit

But, that made me even more proud.

Good job. @lethal egret

Have a shibe of good job

popped a windows shell andw as like, literally nothing works wut

then realised the filesystem was linux

Yeah, that's the best part of the machine.

But, without a doubt, I am very proud of you @lethal egret . You came from learning ret2libc in one week to two windows buffer overflow in a day, that's progress.

@quaint elm how is u

As I was before, quarantined and pwning. You? @graceful coral

Quarantined and degening

lol

I'll prbly be degening until August

When I'm shipped off to uni

It's just like, one second you're bored and the other you realized you have 1000 ideas sitting in your brain.

Oh.

Eyyy @formal iron

How ya doin

ayyyyyy lad

v tired

But keeping healthy! how about yourself? @graceful coral

My head's hurting

But other than thay

Fine

owie 😦

New books have arrived

+10 the malware book

That's a lot of No-Starch

Is @meager compass dead?

Just read 'Cult of the dead cow' @latent stirrup Great book!

Not sure if you've read it but Kevin Mitnick - Ghost In The Wires is also a great read.

Cult of the Dead Cow is also in my pile at the moment

Hey guys, after installing Visual code i get update message, after updateting "code", i get this message when i try to launch Vc. Any suggestions ?

Does anybody ahve issues installing Empire on kali 2020?

I recently switched to Parrot, but i didn't qhen i was using Kali

maybe is just a network problem and failed to download some stuff. i'll keep trying

same issue in kali room. i think that the problem is that installer tryes to use pip and not pip3

specify that you want to use pip3?

ok. solved @olive sundial . the problem was in compiling and installing the M2Crypto module

Well done!

I was wondering, seeing that kali and parrot is debian based, wouldnt that be a best option to instal ldebian and install all the tool you need afterwards ? its not that you are using 100% of the installed tools anyways.

you can always install kali with a skimmed down version of tools according to your requirements @last marlin

its not that im bothered by tools, i was just wondering isnt that better having debian instead of debian based ?

not that i dont like parrot, just came to my mind

😄

loool

idk, it's personal preference i assume

sure, but that doesnt stop me from laughing 😄

anyone have any job experience of “junior penetration tester”? ..... how much experience and skill is needed? I am thinking to apply for internship

knowing networking basics is the single biggest thing you need to know

port numbers, protocols like ARP, TCP vs UDP

port scanning without normal tools is a good thing to know

how to interact with various protocols, ex. smb, ftp, http, https, snmp, nfs, NetBIOS

how to interact with people

port scanning without normal tools is a good thing to know
@urban crescent scripting using puthon?

*python

sure, or bash

echo test < /dev/tcp/ip/port

Thanks banana

np

knowing networking basics is the single biggest thing you need to know
@urban crescent I would always wonder what means having a basic knowledge ? HOw do i know do I have a basic knowlede or not ?

if i can ask you various questions about basic networking concepts, i.e. how could i find the broadcast ip address of a network, if I ask you about ARP poisoning, can you explain what an ARP request is as an immediate followup question, can you desribe the three way handshake, how TLS/SSL versions are negotiated, etc.

heres some interview questions ive been asked in the past:

Networking:
- Describe the 3 way handshake
- Without nmap and other standard utilities how could you determine a port is open
- Say you have a root shell, you see information that you believe will be useful for
  another engagement, however the shell is not stable and the file is too large to copy 
  and paste, without access to Netcat, how could you transfer the file?
- You see a service running on a non standard port, nmap does not recognize the service
  how could you figure out what service was running?
Linux:
- What distros do you use/deal with on a daily basis?
- You got a low privilege shell on a box, what are some of the first things you may do 
  to attempt to elevate privilege
- What are some other things you might check for?
- You notice a HTTP server running on a port that is only locally accessible, how might you
  access it? 
- Explain how a SUID binary works and how you could exploit it
- You have a custom SUID binary on a key production server that you have never seen before
  how might you be able to to use this to your advantage?
Windows:
- You have recieved a low privilege shell on a Windows box, what is your next step to
  elevate privileges?
- Describe how an active directory style network works and the structure of it?
- How familar are you with powershell? Can you provide some examples
Web:
- Talk about some web exploits you've preformed
- Talk about an exploit/vulnerability that you found insteresting
- Explain how SQL Injection works
- You're tasked to Pen Test a web server, give a rough high summary of how it looks
Other:
- How familar are you with automation, give specific examples of something you've automated
- What is your familiarity with docker (non exploitation).

I can answer a lot of that, that's quite nice to know

yup

you should pin it

it's proper handy @tropic lava

thanks a lot

@urban crescent thank you man, that is very informative. Will def. work on that.

also. state your projects that you do out of work

THM for example

employers love this kind of stuff

or anything else that you work on in your free time

i landed a job, purely on my out of work knowledge of security

realy ? I would always see those kind of question, as somehting like, writing a software. Might be lack of good English, that sometimes I understand not fully when i read English

def gonna state that now 😄

yeah, anything really that you think it's worth mentioning

Yeah anything relevant out of work should be mentioned. I always mention things I'm learning in my spare time and my work for a cyber security charity. Employers always really like that tuff

THM is a great thing to mention

especially if you contribute to the platform

any CTFs you do are also worth mentioning

Being able to teach something is generally accepted to mean that you understand the topic very well

Even if you do writeups and throw them up on a personal site

They like that in interviews

they like it for you to spoil the fun for others?

nah I'm just joking 😉

I don't show flags

Yeah I show the method but I explain it too

well yeah.. there's a difference.. I've seen some really bad writeups which was just essentially "I'm showing i did this"

which just... isn't really insightful (not even for the writer)

I like to think
"Would this help me"
If I list off 5 commands
do this then this then this
etc
That doesn't help anybody

you should always include your way of working and explaining commands (or the way an exploit works) when making a writeup... it shows about you:

• that you know this kind of stuff
• how you work
• if you're good at communicating (in written)
• if you're good at coaching (with your explaining)
  which could be things a interviewer wants to know about you as a person

Yeah we're agreeing here, I'm just not good at explaining what I mean clearly

What are you doing, why are you doing it, what does this achieve.

I know @graceful coral I was just trying to enrich your answer 😉

I appreciate it 😂

❤️

As long as somebody understands my nonsense

....something about soulmates.... but I don't want to jump the gun

We need to keep it PG
"Just good friends"

friend with benefits? .... the benefit? I just enrich his ..'nonsense'

Will the mods give me in trouble if I say
"Good pentesting buddies"

just some other general advice

always keep your resume updated.

Be a real human is my interview advice. You can be as technical if you want but if you show up at an interview an antisocial little goblin nobody is going to want to hire you. Ask lots of questions, crack a few small jokes within reason. They can teach technical but they can't teach a good attitude

Does it helps if you say, that you got alot of friends working in this field?

I would say no

Unless you have a friend at that company. In which case they would have referred you

No

@cobalt spruce they'll probably ask you if one of THEM needs a job

kekw

Hmm if I would hire somebody, I guess I would acknowledge the fact that a person is a part of the comunity in the field he is working.

being part of a community doesn't mean being friends with them...

you should show you're part of a community.. by participating

also

so show what you have done (in that community)

bring copies of your resume with you

it shows youre prepared, they'll be able to reference things on it, and it can help give you some talking points

I would say list accomplishments on a resume as opposed to general duties at a job

also, keep the length to 2 pages unless you have a legitimate reason to expand to 3 or more

If you've got no experience or 1 job I'd say keep it to 1

But after that 2 is a good rule

Is it hard to land a job if you know stuff?

its hard to land an interview

What about agencies?

even more difficult

they're dead set on bachelors

Only reason I'm getting a degree

.. doesn't it really depend on where you're from?

here they are SCREAMING for it sec people

Depends. Working in helpdesk it's easy to get other helpdesk interviews but when you're trying to take a step up can be harder
Recruiters are basically the worst but hard to avoid them. The job I'm starting in 2 weeks was through a recruiter so sometimes it works out

in the states, you need a degree to get a job at an agency or else your app wont really get reviewed

what about certifications?

Also getting a degree in my spare time while working full time. Experience always trumps it but having a degree will never hurt you so good to plan to get one at some point

certifications rarely help, im stacked cert-wise, everything that the DOD wants, but because I lack a degree, my apps get passed along

Certs are more about the knowledge you can get from them if you actually study and don't cheat the exams
They don't always meana lot

you can fill the gap of degree by having certifications can yuo?

certs should suppliment formal education, professional experience, and personal knowledge

You'll never be hurt by a degree

Also getting a degree in my spare time while working full time. Experience always trumps it but having a degree will never hurt you so good to plan to get one at some point
@graceful coral Agreed.. I started working a programming job before getting my bachelor in software engineering.. the experience is actually all that matters but it's a good thing to have the papers to back it up 😉

Associates degree or batchelors? @urban crescent

@graceful coral oof my debt

currently finished my Associates

I'm currently being hurt by a degree

Sorry, goverment pays for my degree

same

about to switch majors from Cyber to Business since I can't stand formally learning about cyber anymore

I wish we had cyber mayors...

no you dont

I'm doing cyber but that's only because I already work in IT so I've got experience. Though I'd at least do a degre I enjoy

ok.. I dont.. 😦

Government "pays" for my degree

if you enjoy writing 4 page papers about nmap, sure

and enjoy doing metasploitable, sure

My THM sub does all the teaching though

Government "pays" for my degree
@tropic lava You're right, government doesn't charge me for my degree I should say

but ill tell you it gets old really fast

I'm exempt from half the modules due to previous study lol

@urban crescent tbf I did the same for my bachelor in programming.... I had 4 years experience before doing the degree... it was too easy.. I did everything 'to good' (and with that I did a lot more thinking/ writing about stuff than my classmates)... too much time wasted

for a lousy piece of paper

its a huge waste of time

what about if you focus by being task oriented assasin, is it a way to go ?

I do agree.. but here.. they just NEED that piece of paper.. it's really weird

in a legal way i mean

what about if you focus by being task oriented assasin, is it a way to go ?
@cobalt spruce What do you mean?

ill tell you this much

by doing TryHackMe and other CTFs

you're already better off than half of the people in my degree program. You're formulating your own methodology, knowing and learning how to properly use tools, and so much more.

yes... mindless bots.. 'just doing what i'm being told' for getting that degree... being assertive (and doing CTF's) helps ALOT more than just being a generic run of the mill degree holder (at least for their first year)

@graceful coral I mean master one thing, and sell only that thing. In open market such as Upwork, Fiver not sure about the platforms yet. And gradually expand your portfolio of service.

Not a lot of money in it

You'd be better off putting that time into studying to get a job than selling services on fiver

yeah, isn't really a place for cyber security services in fiver

because your first year on the job.. means you'll formulate your own methodology, knowing and learning how to properly use tools etc. 😉

plus, you're 100% putting yourself at risk

Learned more in my first 2 weeks about infrastructure than I did 2 years at college

@cobalt spruce you should look at HackerOne...

there's a ton of safety procedures that you need to have to protect yourself, which I know for a fact you'll be forgetting

I agree, I volunteer for a cyber security charity and all we do is advise people on how to deal with issues themselves. We don't remote on or anything because then you're at risk of something going wrong and getting in trouble legal wise

@cobalt spruce you should look at HackerOne...
What I wanted to say with this.. is that HackerOne is a place where you can find real exploits for real businesses.. so you'll master your 'one thing' and get some money out of it (sometimes, depends on multiple factors) and you can show that off as experience when looking for a job

@lavish iron would you advise any other platforms such as Fiver, Upwork?

... uhm, well I'm a noobie at this also.. but you have to understand that doing these kind of pentesting stuff could land you in a lot of trouble when the 'contract' (or as I like to call them 'the RoE' a.k.a Rules of Engagement) isn't clear and you end up doing something 'illegal'

so i'd stick to websites that KNOW what they're talking about (like hackerone) and read the R.o.Es carefully before trying stuff on their client's websites

Definitely not something I would just dive into

@lavish iron what if instead of pentesting, offer a service to building something. And afterwards upsell with the fact that you can pentest the thing you have built. Wouldnt you be able to avoid 'contract' trouble then? (hipoteticly speaking, I am a newbie too, but I believe there is people who would love to have for example networking setup in a business)

Network setup in a business is a lot more complex than you think
Especially if you have no experience

network architecture is very complicated, can confirm

I'm not trying to be negative. But I've got 2 years infrastructure experience and I wouldn't setup networking for a business solo

yes.. I agree

especially if you're diving into configuring cisco devices

My job lies in between development and admin.... it's pretty hard

ASAs are different than routers, and switches

@graceful coral I like when people are realisting, didnt consider you being negative.

i'd say developing enterprise stuff is less hard sometimes

i wouldn't attempt Fiver due to a ton of reasons

Old job was infrastructure and support
New job is infrastructure and security

-protecting yourself being the biggest
-hourly rate will be extremely poor
-you'll likely make minimal sales, if any at all

@cobalt spruce not to be an asshole but..... it just sounds like you need a bit more experience before going into the field (guessing IT in general) maybe start off with a few certificates

it's good that you're eager to learn and assertive in trying.. keep that mental state!

@cobalt spruce You're definitely on the right path attitude wise

@lavish iron @graceful coral well yeah this is my first week on THM, doing it as a hobby for my self. Slowly working my way up. 🙂

Thanks for the insigthful knowledge for sure.

Also it sounds like you'd create security flaws for yourself to give yourself more work

Mild conflict of interest

Also it sounds like you'd create security flaws for yourself to give yourself more work
@tropic lava Really good input actually

There's a reason you get independent people in for pentests

@cobalt spruce if you'd like some more info about certifications I'd suggest starting to look at comptia stuff..

CompTIA is a bit mixed

Mild conflict of interest
@tropic lava We have a saying for that here.. about advising your own stuff...

I did learn CompTIA + few weeks ago .

CompTIA is a bit mixed
@tropic lava Depends on where you start

Which +? @cobalt spruce

@lavish iron They're mostly for HR

their network+ is allright

If you've got any professional experience I'd ignore CompTIA completely
Except maybe sec+
maybe
If you've got nothing the trifecta can be good

for a starting position

I thought sec+ was a meme?

https://www.youtube.com/watch?v=2eLe7uz-7CM&t=10405s

this one

Ah A+

let me put it this way:
I passed CySA+ by the largest margin over Sec+ and PT+

I did a couple of the Microsoft MTAs when I first started
Again, good for the very basic fundamentals but not much past that

@tropic lava I agree when you're talking about higher stuff like their cysa+ and pt+

Cert I enjoyed the most was MCSA: Server 2016

CySA+ I enjoyed the most

I did a couple of the Microsoft MTAs when I first started
Again, good for the very basic fundamentals but not much past that
@graceful coral exactly what I wanted for @cobalt spruce to look into.. fundamentals

challenging exam, but not too challenging

For the 3 MCSA exams in total consumed about 4 months of my life

I am looking now to do CompTia Networking +, but meanwhile want to train on the machines THM offers, dont want to be stuck in 'learning mode without practice'.

Net+ is a majority theory

if you want something with both you should look at CCNA

yes.. except when you use wireshark or any of the commands daily .. it helps 🙂

https://www.youtube.com/watch?v=H8W9oMNSuwo&list=PLxbwE86jKRgMpuZuLBivzlM8s2Dk5lXBQ

looks legit. I guess I just changed my mind will go for CCNA now. 😄

Will actually be tackling the new CCNA later this year hopefully

im skipping the new CCNA since I hold R&S

not sure what I'm going to reup it with, probably new CyberOps

I have arch linux on 4 of my machines. Using linux for a year now, they break quite alot, and that way I learn alot by fixing them. Using linux everywhere I can.

Linux doesn't break often for me.

you might be interested in LPIC-1/2

I need to get some security certs
All mine are infra based

lol.. most of mine are for programming 🙄

My programming is rusty lol

im a jack of all trades

CCENT, CCNA R&S, A+, Sec+, PenTest+, CySA+, CEH, OSCP

How was Sec+ thinking of doing it for fun lol

My programming is rusty lol
@graceful coral as in.. you only do Rust development?😂

Think my list currently is
MTA: Server Fundamentals, MTA: Networking Fundamentals, ITIL: Foundation, MCSA: Sever 2016

@lavish iron More as in I could probably whip up a quick hello world and that's about it these days

everything microsoft?

I was joking 😉

Old job was a full Microsoft enviroment

Least I'm pretty dam good at PowerShell though so that's a positive

and there's a sneaky wee ITIL in there so not all MS 😉

I did Sec+ for no reason

oh yeah.. that's great for windwos exploiting 😄

just registered for it one night

so im not necessarily the best person to ask about a majority of certs

just registered for it one night
@urban crescent fucking jealous... I always have to study for shit like that... information flows right through me sometimes...

I'm on a bit of a cert break anyway
Spreading myself too thin lately

@urban crescent how do you normally study for stuff?

textbook, lab lab lab

Lab is the most fun

formally

ugh.. I hate textbooks.. I jsut can't get through them.. it takes for ever with me

plus like I said... information from books goes through my like I'm a sieve....

@lavish iron maybe skip the mcsa then 😉

yeah.. with a 6m/o daughter it's not the best time to study, hehe

Yeah studying can be hard while trying to keep a little person alive

formally
@urban crescent I'm not sure what that means

in a classroom setting

Classroom can be good, only if the business is paying though

oh really? does that help? I always think its a huge waste of money

a whole week in a classroom with an expert on the product you're learning definitely helps

But I wouldn't pay for it myself

yeah.. with the amount of certs i'd like to get.. I don't think my manager would like that either :p

Focusing on my degree and THM at the moment
4 months of intensive study puts you off certs for a while

.. yeah I had the same when I had my last year of school and working 40 h/w

Yeah man, really takes it out of you. And I don't have kids so can't imagine what it's like for you

well.. she was 'timed' really well! she was born about 2 months after I got my bachelor 😉

How many of you use firewall on your pc ?

Well my question is actualy, would you suggest having it on a normal pc, or not ?

Windows has one by default

@pseudo cobalt https://github.com/jmhobbs/terminal-parrot

thanks

is there a way to break from this, if optional caughts me?

Maybe.

c

@hearty timber Hi, please respect rule 1 for all of the members of this discord.

And also, keep it civil?

?

what wasnt civil ?

What did i miss ?

SQLMap hates me confirmed

lmaoo

update your apt repos bro

@young roost This is a 2019 install

oh rip

But the fact it's giving a local address means something weird is happening

Ah that's better

so apt update fixed it?

yeah, just funky that I got a local IP

Wait no I didn't, I misread that

it happened to me when i tried to upgrade metaspolit

i had to apt update

Yep

what do you guys think of eJPT ?

@olive sundial you just took and passed it, didn't you?

Yup

What's up

was it hard to pass ?

Not really. I mentioned a few times

But if you have a basic understanding of networks and you know how to do Blue you should be just fine

Other than that. Google is your friend

Waht does it cost 200$ ? or is that just a voucher ?

You get the course for free check #resources

The exam is 200 plus taxes

@olive sundial I assume this exam is easier than OSCP, right ?

Yes. That is very correct

You got 3 days to do it

sounds tempting

Same

I read the material and jumped into it

Just don't rush and read everything

It's not a ctf

Yea. Nothing eLS is CTF based like OSCP. It's more rounded and representative of real world.

OSCP is quite CTF?

Haven't done any real world scenarios so far so i can't relate

I read the material and jumped into it
@olive sundial I have requested "Penetration Testing Student"

waiting for mail

Coolio

That's for eJPT

Study it very carefully especially networking

I will do my best

When you need flags to win it's pretty CTF'like.

When I took eCPPT, there was only one "win" condition, and it was to gain root on the DMZ. But it's also made clear that it isn't inclusive, and that you have to find all vulnerabilities and machines and exploit them. While pivoting.

And routing traffic

eJPT is heavy on routing table stuff.

It wasn't for me lol

It's the same exam.

for everyone.

I'm not certain of that

Just differently worded questions.

I am. It's the same environment, with slightly different variations to the forward facing stuff.

Didn't find any routing info on the machines

Enough difference you can't just burn through it quick and retest.

I think you're overthinking it.

That's on eCCPT i think

Routing table manipulation was very much on eJPT

I didn't touch a routing table outside autoroute on eCPPT.

Might be. I've manually added my routes. Anyway, same thing

...

That's what I'm saying.

Just read every bit of the material that's the whole point

Sorry dude, I'm slightly tired and misunderstanding stuff

It's ok. 🙂

For eCCPT you need to create a report too. Right?

Yep

And still 3 days?

No. It's always been 7 days to exploit, 7 days to report from what I know.

Oh damn, that's neat

I'll definitely give it a go later through the year. It's a big financial commitment

Yea they don't promote poor health and sleep like OffSec. They give you a realistic amount of time in a realistic environment.

Hahahaha. That's good to hear

Worth a shot if i get 4 days to get my way through

Does it have any binex? I suck at those pretty badly

Or bofs

Exam has a BoF.

😫

dostackoverflow good

Yeah, welp, i always avoided that subject as much as i could

Bofs

Are

A myth created

By the

Government

Pars. Didn't you put one in cod caper?

Yeah @tropic lava

Occasionally you have to do what the government says

erm do aliases get reset after a restart if set using alias command1="command --i_want_to_run"

cause i just came back from been in windows and my metasploit alias has vannished

Yes

Add it to your bashrc or something if you want to keep it.

ahh right okay thanks

alias vpn="openvpn ~/NinjaJc01.ovpn" alias htb="openvpn ~/htb_NinjaJc01.ovpn" alias msf="msfdb start && msfconsole -q" alias cutter="/root/Downloads/Cutter-v1.9.0-x64.Linux.AppImage" that's what I have in my bashrc at the end

nice can you set system wide ones as in is there a bashrc that would be checked before local users one

??

Google it

just so i can set it in there so i can use it in both root and mainn user

fair

linux system wide aliases

thansk was jsut abotu to serach that now you said it sorry for askign liek i do just a really bad habbit i gotta get out of

hmm i for soem reason thoguth hackthebox wasnt a thign anymore admitted i havent checked to see i just had it in my head it was gone lol

@tropic lava i added te aliases i want to /etc/bash.bashrc but they dont seem to be working dose it require a service restart maybe and if so what service

Read the notes on that

@rocky quarry When I used to do IT support, I used malwarebytes and then hitman pro

@tropic lava thanks a bunch because my wifi kept cutting out and stuff and I just scanned with malwarebytes and found a bunch of sketchy exe files in weird directories so i'm trying to get rid of as much stuff as i can

Don't download sketchy exes

Game hacks especially.

I don't think I did

oh actually yea I did download half life alyx from iggames

most likely spyware from that site

guess I won't do that again

Too good to be true, then it is.

exactly

wow I had no idea how many google chrome cookies were collecting my data and stuff

something like 130 different cookies

guess it's a good idea to clear cookies often then

Or run privacy extensions and don't lose your login sessions

i'll look into that

alias vpn="openvpn ~/NinjaJc01.ovpn" alias htb="openvpn ~/htb_NinjaJc01.ovpn" alias msf="msfdb start && msfconsole -q" alias cutter="/root/Downloads/Cutter-v1.9.0-x64.Linux.AppImage" that's what I have in my bashrc at the end
@tropic lava Didn't knew you do Reverse Engineering too.

I do everything

badly

Badly?

A James of all trades

Mediocrely then

okay shouldnt having

Defaults !tty_tickets```
mean that once i run sudo in one terminator terminal  that every subsiquential one should need the password its seems to work for a little while but eventually ask me for the password again after a little bit but i was udner the impression after the first password request it shouldnt ask again untill all terminal windows have been shut/system, restarted

anyone know how to setup kali linux from offensive security for Hyper-V
It keeps giving me errors

?

what errors

gimme a second ill get the error

oop it works now

well done

the classic try to show someone and it works perfectly

it works fine for me

lol

i moved away from hyper v. I used virtualbox and now moved to VMWare

isn't VMWare not free

why isn't kali/kali working

root/toor worked

they have the version where you can run 1 vm free

i got the paid version

I use Qemu because I hate myself

lol

masochism?

I was going to get it till i saw

Qemu's for the cool kids

Vmware player is still better then virtualbox imho

ill get it on my next paycheck when i go back to work

better of the free tiers even if you are limited to the amount of VM's you can run

yeah

vmware player's a good way to get familiar before you buy @graceful coral https://www.vmware.com/uk/products/workstation-player.html

handy lil' feature-comparison table as well :^^

yup, i like my vmware workstation pro

I've got it just waiting for the kali install to download before i reset to use it

you can keep stuff in folders

and make it look nice and pretty

especially the sharing vm's feature

agreed ^^

it runs so seamlessly it's big pogchamp

yup, gotta love it

haven't used the shared VMs feature

as most of my stuff is local

has vmware workstation pro - can still only run one VM at a time on his laptop

looool

i can do 2 or 3 depending on the resource allocation

from subprocess import Popen, PIPE; p = Popen("passwd blah", stdin=PIPE, shell=True); p.communicate("Bleh"); p.communicate("Bleh")

would change the password?

Have you tried it yourself? @graceful coral

nothing seemed to happen

It didn't change?

I tried to make an account to ssh into the vps

from subprocess import call; call("useradd -g root linu", shell=True)

would change the password?```

Then?

I didn't sudo it

If you're interacting with IO operations consider taking look at pwnlib.

Or pexpect.

I know my mate ssh using root

I have access to one of his bot's eval command
he was like i bet you couldn't get into the vps and he said I could try so thats what im doing

gl with your OSCP both @tranquil bison & @lethal egret x)

They have OSCP today?

I know Optionals is impending, not sure when Mickat's (just going by status) is but I probably wouldn't get a chance to say on the day

Good luck guys @tranquil bison and @lethal egret

Oh.

thanks 😄

x))

stil in lab time 😄

need to issue an exam day still

ah! Hope it's going well so far nontheless

^

Get luck. Hope you pass.

Anyone using arch linux ?

I'm on the distro testing street these days 😄

woh. Student loans are now in forbearance until November!!!

what is that supposed to mean lol

it means no party till november 😄

stay indoors.

Severely offtopic, but does anyone have any recommendations for good horror games on steam?

If you'd like a horror game that's also hacker related, check out welcome to the game 2

Should I check out number one also? Or just 2?

Two is significantly improved but one is also a great game

Alright, thank you!

@formal iron @quaint elm thanks guys. 7 hours and I’ll be sitting down ready to start 😳

GL

Good luck.

You can do it.

howdy howdy

@olive sundial isn't Mordred that character from the King Arthur stories

yup

I've heard fate was like some weird historical fanfiction before

Is this true

fate is cool, trust me

Because if so I may watch it

as long as you start from fate: zero

so the correct order is fate: zero, fate: unlimited bladeworks, then whatever you want

there are like 7 series or so

but the best ones are the ones mentioned above and fast: last encore + fate: apocrypha

there, are different characters from the past like: Arthur Pendragon, Alexander the Great, Mordred, Gilgamesh

Aight but is Caesar in it

no

Bet

but there is Nero

;-;

Ok

That's fine

Does he still light half of Rome on fire

in Last Encore

can't recall his power :/

i think it was the colosseum

but at least he doesn't get backstabbed

So it is historical fanfiction?

not exactly

Does the show teach you latin

no

but it's a really good anime, definitely

@lethal egret are you streaming today? As Exam is tomorrow

His exam starts at midnight tonight iirc

What a weird time to start an exam haha

if he passes will he send pictures of his feet?

Lmao

Darkstar's talk starts soon

Dorkstork you need to finish the last requirement for me and @urban crescent

can you link it? @safe citrus

https://www.youtube.com/secarmy/live

@urban crescent

I've asked skidy to make an announcement about it

<3 sorryz just waking up

We just finished with a talk so he should be up soon

just completed nax room. how it's possible that metasploit, with the same options set, gave me 4 different errors and go straight at the 5th?

Different internal states?

Unreliable exploits?

i think the main problem was slow connection.

theres our beautiful boy

Ayyy

new emote time

😭 YT won't load

Lol new DarkChamp?

😔

Just froze on Dark

i can't even describe this face lol

Hahaha

Earn some cash - THM creators program

Earn some cash - THM creators program
@tropic lava If you have the skills to do it aha:)

Ouch, that hurt

Not @ you sorry

I mean

In general

You're a great dev

Shots fired

where's your Chad at @pale cove

what

oh

nice

Chad Gang

@pseudo escarp yeah gunna start in 40 minutes. Likely to stop at 11

i just took a pretty decent nap 😄

Have you guys tried this ?
https://cdimage.kali.org/kali-images/kali-weekly/

up to date distro

hmm i don't really see a point in these ones ^

as a penetration tester, you need a stable release which would not cause any errors/crashes during the work process

hmm i don't really see a point in these ones ^
@pale cove I must say downloading this made my problem with AMD r9 390 go away, I would normaly add line in grub to avoid that problem, but now I dont have to. and anothet thing, after fewsh install you would have to download something like 800mb updates, but now after install i had to download nothing, everything was up to date

but i see your point

hmm that's great honestly

I have heard python2 is no longer gonna be supported

it is not already

sweet.. less trouble with script i guess

it's still in use though

but everyone is trying to completely switch to 3d

would be nice. maybe its me roockie in python, but had to corrct script a few times cuz it was written in python2

I need to invest more time in it, wanna learn python

@lethal egret have a look at this. it might help you: https://craigunder-me.cdn.ampproject.org/c/s/craigunder.me/stress-free-oscp-report-making/amp/

Ah John recommended this in an older video of his

oki dokes ^^

Gunna just throw it all in joplin as I can do markdown and then export as pdf

good good

Thanks for the link tho man ❤️

no worries

saved it for the future )

i have more stuff to dump

HASHDUMP

nah, bookmarks

i like to call it 'Journey to Slough' reading

May someone help me with pip? It's giving me some errors and cant do use python to complete the room, have tried in google but nothing works

#room-help ?

Well, this is about pip so thought it shouldnt go into #room-help

pip/python

what's the error

Unable to locate python-pip

sudo apt install python2-pip

@graceful coral did you forget pip ran out of support

you need python -m pip i think

it says the same too

for which one

Depending on his distro

He may be able to find it in the repos

paradox one

what about : sudo apt install python3-pip

that will work, but we don't know the context

He needs python2

Not python3

riight

tried python -m download but says "ERROR: You must give at least one requirement to download (see "pip help download")"

https://packages.debian.org/stretch/all/python-pip/download try to download it manualy from one of them links below

python -m pip -r requirements.txt

Frankendebian alert

😄

ahtung

I'm serious

@olive sundial

Franken Debian alerts

its gettin serial

@past nymph give this guy the command to install with python the pip requirements

for line in $(cat requirements.txt) do python -m pip install $i; done

thanks senpai

for line in $(cat requirements.txt) do python -m pip install $i; done
@graceful coral MAssta

for i in $(cat requirements.txt) do python -m pip install $i; done
@graceful coral

My bad

I typed line instead of i

you pinging yourself

xd

well done sir

he is on the roll, roll with it 😄

senpai pooroodoox

well, i dont know what to do with it :)

ctrl c from here

ctrl shift v in your kali, in the folder where you have the stuff you need to install

?

have you tried pasting the command in your terminal

yes?

and what happened now

syntax error

prnt screen?

bash: syntax error near unexpected token `done'

Oh my b

for i in $(cat requirements.txt); do python -m pip install $i; done

There

That one should work

Forgot a semicolon

do its in "do"

What

You don't need a semicolon after do

bash: syntax error near unexpected token `do'

Do you not have python?

Try python2

Some distros don't make a symlink to /usr/bin/python

do i paste it into python 2?

No

It's a batch script

Bash*

Just run it in bash

Bashing it all over the place

Replace python with python2

well i do have python2 but keep getting that

No

for i in $(cat requirements.txt); do python2 -m pip install $i; done

Try that

Hoi, someone mentioned me

What dis

Hey guys, I was modifying my tmux.conf file and I'm almost done with what I needed to tweak. One thing is not working though , the switching panes with Alt key and arrow. I put it like so :

Switching panes with alt

bind -n M-Left select-pane -L
bind -n M-Right select-pane -R
bind -n M-Up select-pane -U
bind -n M-Down select-pane -D

I checked on different example and it looks like the same. Any ideas why it doesn't work ?

@past nymph I should ban you

But I like you, so I won't

🤣

Small warning @past nymph -- with the same nickname as one of the mods, you are going to get a lot of pings around here...

😆

xd

❤️

im off topic

We noticed 😁

yay my senpai noticed me

jk jk

Who is that wanna be senpai ? 😄

version two point O ?

damn that looks kinda thicc

Huh?

the page

Should I be using duckduckgo ? I come a cross often videos on youtube talking about it

i've tried everything but i keep getting this

i've tried everything but i keep getting this
@graceful coral have you tried this :
https://www.ivobeerens.nl/2013/12/16/running-hyper-v-and-vmware-workstation-on-windows-8-x/

yep

@graceful coral You can't user HyperV AND Workstation

You have to pick one

Disable HyperV

yeah

I was thinking about that

ive done everything to get rid of Hyper-V

nothing it working

purge babe purge

https://support.novastor.com/hc/en-us/articles/360020676033-How-to-Enable-Hyper-V

Remove the thing through features

I did that

Reboot

same error :/

You're settling HyperV for docker?

I just got Win10 Pro last night and enabled Hyper-V in Windows Features

I just got Win10 Pro last night and enabled Hyper-V in Windows Features
@graceful coralhttps://www.iobit.com/en/advanceduninstaller.php?b1
try this one, I used to use this when I was using windows.

HyperV doesn't show up

have u tried this ?

Yeah

Ill just reinstall Win10

I have nothing important on my PC yet

why not try creat new user and delete the old one, mayv you have some left overs in tha user acc

I'll try

and if you are using win10, it has a feature to reset, you dont have to reinstall it, just like on your phone, you can reset it to default settings.

Thats like never worked for me in that past

it justs throws up errors and reverts changes

strenge, I been using win 10 before its release, and that think has never given me errors..

ive never had a simple time with Windows

install linux, maybe that will change

Anyone used zenmap here?

yeah, but steam doesn't run as well

Anyone used zenmap here?
@ebon pewter I have at the beginning, but now I just use nmap

@ebon pewter Do yourself a favour. Don't use Zenmap

AAAaight )

Trying to do blue, cant download kali rn cause im on a hotspot

Just tryna do a port scan

Then use the nmap exe for windows

greetings from my shell 😄

Help @formal sparrow

With?

It's not good to tag people and if you need help, try heading over to #site-support or any help channels.

Using nmap exe on windows

Ok robin

That's a Rule 13

What is

( #rules -- if you haven't read them)

https://hackertarget.com/nmap-cheatsheet-a-quick-reference-guide/

And btw, forgive me saying that, but if yoou have trouble using nmap, maybe its not a good idea to start with blue, there is a room dedicated to nmap

start with it

Yes

Im doin blue along with other rooms

I would recommend finishing nmap room.

cuz first thing you do starting any room is use nmap

Not with the zthlinux room

forgive me senpai.. 😄

Or most of the AoC rooms

im just a mortal who makes mistakes here and there

Don't worry, so's Pars

notice me senpai

Ask him about getting out of Vim

😄

vim vim vim viiiiiiim

(I trapped him in Vim last Koth 1v1 we did)

(and he's never living it down)

I don’t feel like using nmap rn

Tryna port scan with zenmap help

Lol

You have the gall! @formal sparrow

Rule 13 @ebon pewter

Muirland trapper Pars in vim?

Go read -- or take a break until you feel like reading

Yes @quaint elm 😁

Took him five minutes to get out

By which time I had the box locked down 😆

What did you do?

lol

Why u mad at me?😳

I don’t feel like using nmap rn
@ebon pewter thats one lazy atitude

Changed the default editor to Vim

In fairness, something else went wrong with it -- not sure what

@quaint elmhe likes to say he trapped me

I and 2 of the other guys from my CTF team played Attack and Defence CTF, we did rm -rf / on the top CTF teams of our country lol.

He didn't trap me

@ebon pewter because you're not willing to do the work for yourself. Hacking is 95% research and 5% sheer dumb luck

lol

I was attempting to use a suid exploit

Im just tryna learn this side of hacking

And trapped myself

Lol

Why u pressing me?

It'd been so hilarious.

https://tryhackme.com/room/introtoresearch @ebon pewter

Enjoy 😁

And no rash im not lazy

Do the research room

@ebon pewter He's not mad at you. It's just you keep asking for help. We are not backing off from helping you, we like to help but not unless you're ready to help yourself. If you're stuck at at first, try reading a write-up and follow it along, then do it next time without write-up.

And no rash im not lazy
@ebon pewter If what you say is true, than you are lazy, its no rocket science to figure that out, I have spent hours and hours trying to get one anser, and you are not feeling like using nmap ? what is that if not lazy ?

https://nmap.org/book/zenmap.html

and let's hope you are feeling like readin 😄

catched my eye

Lmao, I study daily(more than u guaranteed), and I asked a question nicely and u press me for no reason

"more than u guaranteed" how can you say that ? you dont even know me

Stop arguing guys.

^^

You cant argue with facts 😄

Not strictly true

But either way, that's enough

Yeah, but I don't see this conversation going in good way.

im done btw

Btw, is there some sort of nickname to address you MuirlandOracle?

Haha, mouthful isn't it?

like the joker would say : sometimes all you need is a lil puuuush

Like, for Paradox we have Pars, Sherlock's nickname is Dan.

Congrats on knowing more about nmap than me RashSec! Want a sticker?

I wont say no to that 😄

The accepted shortened form is Muri.
A few people have adopted other, less accepted versions 😁

Muri is acceptable.

😄

im surfing web, looking for book, to learn more about sockets in python.. any suggestions ?

Quit being lazy and research it urself

😄

https://bookauthority.org/books/best-network-programming-books

that is what im doing

@ebon pewter That is enough. Rash has been kind enough to stop fighting back, do us a favour and stop lashing out at him

How was I lashing out I said what he said to me

@last marlin im gonna read that one

let him be, he will get tired ) breaks and bones can break my bone, but words will never hurt me. Good old saying

O.o

Look at all y’all attacking me cause I just joined😂

Wdym @ebon pewter

That would be a matter of context, @ebon pewter

At least paradox doesn’t hate me

You are more than welcome, if you just see it.

Who is paradox

Oh nwm

What the heck

senpai, notice him 😄

Muri notice me plz

That you are @ebon pewter
Everyone is welcome here, as long as they follow the rules and be civil

Muri ignores me @last marlin

@last marlin im gonna read that one
@graceful coral looks good to you ?

Its kinda sad

You guys all buds attacking new guy😂

Im so confused what are you talking about smh 😂😂

@ebon pewter Dude, no one is attacking you.

Fr hahhahaahha

😄

buds, notice me

Im so confused what are you talking about smh 😂😂
@graceful coral Believe me you don't want to know.

LOL

Maybe its a bot tbh seen that type of bot before

REEEEEEE

Nwm its defenetly a human

https://www.youtube.com/watch?v=KqOsrniBooQ

I do not own any of this material

Rashsec and muirland dont like me

At least paradox nice to me

No one dislikes you here..

Haha i know u dont hate me🙃

Rashsec does tho

Pressed me for no reason

No one dislikes you here..
@formal sparrow I wouldnt be so sure of it, he can guarantee things 😄

Oh god, I told you guys to drop off that conversation.

^^ I second that

Play nice y'all

im really kidding here, but he is def taking it all to close

No disrespect will be tolerated by anyone

Let it go Surfer
Play nice 🙂

im not hating anyone.. really, i dont have time for that

and energy

Hating is taking energy away

Look guys, the time and energy you're wasting here arguing can be used for some good work.

Loving is taking energy away

Emotion less is best trust me

im looking for book...

and not being lazy

directing the energy to the right direction

Sir im broke i dont have any energy left please give me energy by giving me a good meme to laught at

Good, or subjectively good?

Like ultra good

Jeez

Lmao

Ha

That's actually not bad

^

😄

Im keeping that one

But why is the rum gone?

Quarantine...

Cuz fireee

I'm running out

I need more alcohol

I left all of mine at my dad's place

Bad decision

Oh you poor soul

Lol prohibition of alchocol sounds fun

Oof, no thanks

Alright, see you guys later.

Cya

Cya Robin

Bye robin

cya

bye bud

So about that beer you owe me

Hey @graceful coral -- you playing much Koth these days?

How many years under legal drinking are you?

(About five in Britain from memory)

going under 😄

Yeah played a couple of games few days back when dc was live

I was but i stoped drinking cuz its bad when you do it everyday on big scales

@somber flicker discord and tryhackme are separate. You set profile pictures independantly for each.

The only link between them is the TryHackMe bot. Which can't change your discord settings.

who does that upped tho ?! f--- wierdos

why offer course and then act hard up

@olive sundial can I DM you with a few questions about your certification path (as seen on your twitter) and ejpt?

sure

1 moment

try now

Massively off-topic, but I got this bad boi today

Only took me 6 attempts

... you killed a giraffe for that @cobalt thicket ?

I guess Jad kinda is a big Fire Giraffe now that you say it

yeah sorry.. I'm a runescape-heretic, I guess... not sure what I'm looking at 😛

same

https://www.amazon.com/Black-Hat-Python-Programming-Pentesters/dp/1593275900

Anyone has red this book ?

No, but the description looks promising

“extend burp” “windows priv escalation”

I was looking for a book python sockets, but I think this one will cover sockets as well

It has chapter where the author makes a netcat in python.

I have read it a bit, quite good.

but i see its not that new, is that a deal breaker ?

overall is that a bad thing that a book is few years old ?

Nope, not really.

maybe there are some changes, but i think it's worth reading

Art of Exploitation is quite old but it still holds the value.

So does the Practical Malware Analysis.

understood

https://www.amazon.com/Linux-Basics-Hackers-Networking-Scripting/dp/1593278551
Bought this one as well

after long research im glad with my purches

will be doing some reading tomorrow

I'll be going live at 1pm est at https://twitch.tv/themayor11 to cover BLASTER. I hope to see you all there!

I'll be going live at 1pm est at to cover BLASTER. I hope to see you all there!
@fading crown You mean the actual gun ? 😄

https://tenor.com/view/shooter-shootera-shooterb-gif-8352198

Anyone is interested in making use of WSL2 with Kali to get a full desktop experience without VM?
Got it working.. took me few days 😄

what kind of abomination is that ?

Dude, go on write a blogpost on it. @tight scaffold

Kali in WSL2, with a VNC connection? @last marlin

it uses vcxsrv

Nothing like a good ol' nationwide Virgin media outage

Again??

@cobalt thicket Fine here, but friends in Ports are ded rn

I feel bad for optional

Down in the middle of his OSCP exam

Oh yup

Oof, that's gonna be making his OSCP difficult...

Ouch

Let's hope he worked through the night and is done with the actual hacking aspect now...

I can't even get on the virgin media website now

It's back for some

@cobalt thicket >service status page

Going live now with BLASTER! https://www.twitch.tv/themayor11/

http://realnewsrightnow.com/2017/06/scientists-warn-pink-cows-verge-extinction/

😭

I can't even get on the virgin media website now
@cobalt thicket What is that ? some local provider ?

UK ISP

got it

UK wide

Only FTTP proivider in most of the country

Also Coax to the home DOCSIS stuff

RIP VM again @cobalt thicket

twice in 20 mins smh

I can get to discord but nothing else

Can't connect to voice tho

Ye

No Route reeeee

Can't login to Runescape

CoD mw immediately starts a download

sounds about right

Some apps from deepin are so sexy, almost makes you wanna test that distro