#voice-chat

@jade fossil how??
@west siren He showed it to all

lol

password off what?

https://cdn.discordapp.com/attachments/394801473231257602/625491672775524362/video_23.mov

ohhh

||Good one||

@plucky vault why don't you change it ?

lol

I think they should ban us

https://cdn.discordapp.com/attachments/394801473231257602/625491672775524362/video_23.mov

https://cdn.discordapp.com/attachments/323202969694896138/730161435614642237/putin.mp4

top quality

||https://cdn.discordapp.com/emojis/749991711958237316.png?v=1||

sure ehy not

bord cauli

What

anyone gonna do a room ?

or just talking about random stuff ?

random

nmap -h

nmap -sS

-sV

-p(ports)

-T4(intense scan)

-A(Aggressive scan)

-vvv(shows only open ports)

-oX(8)

-Pn(no.15)

https://stopify.co/B6EAP0

https://stopify.co/28BDJE

https://admin.tryhackme.com

for admin panel on tryhackme ^^

I knew I shouldn t have clicked, but I wanted to 😄

< >

https://stopify.co/28BDJE

https://robux.now.sh a nice script similiar to linpeas.sh

https://www.youtube.com/watch?v=bCaTX7gd32E

https://www.privacytools.io/providers/

that ftp one is for gcrawford i think

yeah i think

i think he privesced but i just nyancat him

which user you trying at?

try directly rcambell

that's a bit faster

not sure why its taking too long for you

restart it

maybe you are doing something wrong?

hydra -l rcambell -P /opt/rockyou.txt ssh://10.10.119.63 -I

use -t 64

also username is wrong

its rcampbell

lol

what?

oh

i think other guy changed the password

he did

i can change it back if you want

changed back the password if you wanna try again

it will give you password in 2-3 minutes

password for rcambell is: ||miriam||

you in yet?

sure

send me the invite link

except windows

noooo

don't want to run eternal blue

https://admin.tryhackme.com
@lofty moat how?

@quiet needle you ok? I think you've been in afk voice since yesterday

Yeah, was wondering the same thing ^

Pretty sure I saw him in afk yesterday around the time voice chat party was happening 😄

He went afk and it automoved him from the party to afk

Yeah

Yeah I saw that

I am also thinking same why he is in afk since yesterday

he fell asleep like i did

lol

@lofty moat how did you make this?https://admin.tryhackme.com/

rickrool

?

imma hackerman

I own that thing

ohhh

JK

like link shortener/?

its THM official rick roll i guess

lol

this one is the real login page:
https://admin.tryhackme.com/wp-admin/login/auth.php/

lol

rickroll'd

13

He went afk and it automoved him from the party to afk
@tame ether mods should be immune to that. Someone must have been trolling 😆

http://sect0rs-archive-of-usefulness.rf.gd/index.html

@spark trail Don't talk

Please!

this one is the real login page:
https://admin.tryhackme.com/wp-admin/login/auth.php/
@lofty moat
Got Rick rolled again

some problem with my network

@candid carbon

Yeah

go in the terminal

now check for the answer

http......

they are not looking for the command

https://tryhackme.com/games/koth/join/a9c032717de96fa4fbfdcea4

Anyone on voice support for help

with what

I am facing a problem with metasploit

Need help

metasploit room?

I am facing a problem with metasploit
@hot forge You can ask directly rather than asking to ask

Ok

hw can join voice chat?

You need to verify with the bot

!docs verify

@dull jolt ^ (:

ye sir

i am here

You need to sync yout THM profile with your Discord account before you can join the voice chat

the link above tells you how to do so (:

ok

thanks

what is this rickroll all about?

I heard it lifts you up and never lets you down.

v

Invitation Link
https://tryhackme.com/games/koth/join/4560ef127bca752500bcb93e
Spectator Link
https://tryhackme.com/games/koth/10021

starts in one hour

anyone can join regardless of skill level

hey sorry my mic isn't working

@west siren

yeaa

if u wannnt

send me the link

cant find yaa

join the one in #koth

guys can somone help with some networking OSPF stuff?

https://tryhackme.com/games/koth/join/5cd316ce676dc211e22bb0cd

@alpine zephyr https://github.com/tryhackme/openvpn-troubleshooting

@supple trellis thanks, it helped

-bash: ls: No such file or directory
??/?

ctf

?

https://tryhackme.com/games/koth/join/5436453f81162e90c3de7368

no

koth

https://www.google.com/search?q="mysql"+tryhackme&oq="mysql"+tryhackme&aqs=chrome..69i57.10889j0j1&sourceid=chrome&ie=UTF-8

https://tryhackme.com/games/koth/join/1bd280db9697602855e42ac4

-bash: ls: No such file or directory
??

What happened to rocket league :(

https://medium.com/bugbountywriteup

@candid carbon in my opinion you should start rocket league up and continue playing

https://tryhackme.com/games/koth/join/269866e6014e947fd475deff

u guys from vxc wannaa play?

404 go to KOTH if you want KOTH

C’mon show us a flip reset @candid carbon

Oh damn you’re actually cracked

Nah it’s smooth

Damn that’s unfortunate, I gotta head out Peace

How to get verified?
Step 1
Go on https://tryhackme.com/profile and find your Discord Token.
Step 2
DM me using the command !verify <token> using the token you just retrieved.
Step 3
You should now be verified on the TryHackMe Discord server!

@quiet needle

💯

I've got no idea what that is

Nor do I

Hence I can't tell if it's appropriate

Please keep it english, least not this isn't a spotify playlist

Aye, deleted.

Why

I want you to have fun 😉

We keep things appropriate and pg-13 here

As it's not in English we can't judge it.

Well, I respect your opinion

We have no way of ensuring that in anything that isn't English

It ain't my opinion - it's how things work around here to be honest

Well, it's okay, I'm from Saudi Arabia

That's great. Just stick to English so there aren't any misunderstandings! 🙂

👍

You're welcome to join us in #general (:

U guys removed streaming?

sed lyf

why

It’s not removed

You need to be verified to stream.

Hello!

Wow.

Where can I get one?

https://www.redbubble.com/people/vargles/shop @misty carbon

Ty.

hey

what

username

?

MyDOnut

anyone heard me ?

no

dam

@unkempt junco can you talk?

English is not my primary language so my speaking is really bad

idc. im not a native either

just come in for the fun 🙂

mee too

there news on my house

so it will noisy

yea np

but @unkempt junco could talk 🙂

its easy brother

I think chat is ok

i love that

I can't talk

yes

yeah

https://tryhackme.com/games/koth/10519

is anyone streaming ?

nope

ah ok

I don't wanna lose while people are watching me XD

lol

did you find vuln

I could share my screen

i dont find anything

I could share my screen
@unkempt junco hey

i cant rdp

what you did

diy you patch it

I didnt patch anything

I just used metasploit with eternalblue. Use the psexec exploit or you will crash the box

i know

i did

i got it

see th sitr

what is the command use to find foles i meterpreter

FUCK YES IM IN!

https://tryhackme.com/games/koth/10520

dam I'm strugling

psi

did i just kick you out of your shells?

@unkempt junco how did you lock king.txt??

attrib -R

nice to know. thx

gg @unkempt junco ^^

nice game

Gg

let me king

hey

I mean are you in

nvm

ah

not here ?

ah ok

yeah yeah

I still trying

ah kx

you lose me

lol

another match

i were the one eho logged first

I'm in the box now

gg guyz

I'm in the box now
@barren olive wooe

ahhh

a flag

finally

tha twas so hard

F

valorant?

first thing you install is neofetch? 😄 @plucky vault

@supple trellis yes to check ram

usage

its less then xubuntu

so im probably gonna be changing to manjaro

whats going on @plucky vault

im not sure

xD

test

hi

is some one up for a koth

hey

hi

https://tryhackme.com/games/koth/join/89bad394662079c18ff92ed7

join guy

https://discordapp.com/channels/521382216299839518/522158539129618453/757897402400112721

https://tryhackme.com/games/koth/join/c97628ccfa2f7d9da1d62989

.

.

https://picresize.com/popup.html?images/rsz_screenshot_69.png

murii

@olive spire

this is so entertaining

which box is he doing?

i think ubuntu

I mean room.

gaming server

oh... i don't know man

Yep.

You should've .tar.gz generated after building the alpine-build. Dont start python server before that.

do 'ls -la'

I'm new to all of this, so i'm trying to learn from this. But I have one question, do you get tasks asigned from THM? And you need to complete them with you linux vm?

You assign a room yourself from thm, and then you complete tasks

You join rooms (I would suggest the Welcome Room) and complete tasks on the room. But I would recommend a VM with Kali

aaaah, okay. And what kind of tasks? Like hacking servers? And you can hack them however you want?

and kali is the best option

No

THM has rooms

the rooms have deployable machines

the machines are the targets

they have a specific exploit

some walk you through, some are a challenge

mhm mhm

The Welcome Room explains all

thank you Legend

same, 12AM gang

https://tenor.com/view/slushy-gif-5705614

slush slush

Oh jesus

I'm having a seizure

congratulations

nice work

very educational too

paper is safest

That slush is terrible.

Love you guys

!rank

Did anyone solve Crossfit the HTB

You might wanna ask them

Apparently their user names I can't remember 🙂

ask in their discord he meant.

@zenith halo

we did, where's the money?

we did, where's the money?
@sand agate not me payin

He was the one who asked

@sand agate not me payin
@zenith halo was some murican

Juiced

oh lol

ye where my money

I've heard money?

https://tenor.com/view/mr-krabs-hello-i-like-money-interview-spongebob-squarepants-gif-10015058

he said he pay 500$ if we do a box

For him?

suspect

was a bet we couldn't win because we noobs

I see

i'm a noob idk about other

Says the unverified dude.

Anyway you got proof?

(pretty much you won't get your money. Unlikely he'll ever come back online)

ye

we didnt do it

just jokin

You should have said yes

we did haha

but is obv we didnt do

new box on htb

I see aha

You can talk about HTB here

it seems harder than tryhackme

less guidance

it seems harder than tryhackme
just don't read tasks while doing a room and then tell me?

heh

https://cdn.discordapp.com/emojis/758401600648773734.gif?v=1

@zenith halo and @sand agate you guys didn't get it

show me proof and I pay $500

I haven't even tried it yet

lol

is this about crossfit?

gib $500

Ew crossfit

shh it was an interesting one

lol

proof @tame ether

Lmao check my htb profile, it has the same name

@upper matrix why are you so interested in that box btw?

I'm not just the one that had the bounty on it

$500 looks like no winners

lmao

I can take the $500

if nobody wants it

but did you solve crossfit swa?

suuuure

proof

I didn't get a picture doing crossfit today

Crossfit sucks

lol

But this is my usual crossfit face

@tame ether ok ok I see you

i don't understand why you want to pay people who solved the machine

But how many actual pushups did you get

75

in one go

0

That is a lot @buoyant lichen

I know

I am strong

I do crossfit every other day

@tame ether it was a joke they had to complete that day and ofcourse they couldn't so we were just having fun

Looks like takes 2 days for user and root though 😮

that machine was a paaaaaaaaaaaaaain to get anything on it

we were stuck for a while on it

"we" who is we

Sounds fun

we meaning alphapwners

how many hours did u spent per day

Cross fit is bad

Lift weights

Get swole

https://youtu.be/qnjYyfkcaNI

we spent like 8 hours since release, took a break and then we came back when we had time

we didn't root it the intended way tho

ohh

and unintended was way more painful than the intended one

But this is my usual crossfit face
@buoyant lichen fake plates

will they leave unintended way

i thnk they were going to patch it

nice

Hey @surreal hound

Hi

This is discord for website, TryHackMe.com

@flint gate what r u guys doing?

im cool

what bout you

nm

what r u guys doing in vc?

chiling

vcing

Ara araa

😂 I'm wondering wt a voice chat here will look like

you're hacking me?

@marble cape you hacking me?

Why would you ping dark for no reason?

Please stop pinging admins without reason

ok

you're hacking me?

/bin

/work

/bin/work

Nobody is hacking you

very cool, kanye

👀

who the hell will hack u at work

Hacking at work? That sounds like a fun game vs coworkers

But i'd be sure to get proof of informed consent (like all parties know what they are getting into)

FOr example: Thou shalt not redirect all web requests for business purposes to random return thumbnails of specialty model live-streaming websites

to segregate business purposes .. anything going through the proxy at XYZ is safe

Hello!
I just want to finish the room Intro the x86-64 but I have some questions.
Someone who finished the room?

Hello!
I just want to finish the room Intro the x86-64 but I have some questions.
Someone who finished the room?
@sage tree
go to #room-help

Billion, try to go to that path

Environment.GetEnvironmentVariable("USERPROFILE"); will return C:\Users\<User>
Try it :D

Not sure if that method works good aswell with / on windows

Billion, always check with File
And catch the error if any

Voice Chat is so lonely

@upper matrix Where did you get the 500$ from??

@tawny jungle Good luck, you won't ever get the money

hey guys anyone uo for a voice?

@vital fjord wanna join

sure

@vital fjord i am here again

@vital fjord hey man

hi

hoho

hello chat

hey anyone there?

voice chat is so silent, anyone up?

Mourning! (I'm a yank, and a lazy one at athat)

How that we're so many?? ❔

Because Jeff is the best box

too guessy 😛

Barely 😂

It’s a little

🤷‍♂️

Easy for me to root I just ssh root@ip

@royal gust ```--------Attacker-------

./chisel server -p 8081 -reverse

-after connection

ftp localhost:9000

--------Client --------
./chisel client <ip>:8081 -R:9000:<ip>:21```

Some serious over complication

Wordpress docker image go brrr

Such a trash image, regret using it

Whats over complication

@supple trellis I tried somethign to that effect

Using chisel, is over complicating it.

yessir. i believe it

love notion ❤️ @fossil estuary

hello there

@plucky vault gimme a sec

could I ask about cryptography topic?

Is this a room specific question or just cryptographic theory

I'm looking for a cryptography algorithm where in I could sign a message on a tree, and can be use to verify any node on that tree.

like

look into merkle i guess

as for a source code implementation .. i dunno.. bitcoin maybe?

Hallo

Can i ask some question ?

yes

what flag outputs all entries when use ls

-a ?

ok ... i am idiot 😄

Hello friends

Hey

can someone help me stress test my VPN server?

hallo

Its possible pay for 1 month on tryhackme.com ?

or only 3 month

@plucky vault Paypal can only do 3 months, you can subscribe for a month by paying with a debit

ok ok 🙂 thx for answer

touch *.txt is binary ?

is for binary ?

./.... ?

hm 😦

any help on this ? 😄 I'm not gonna leave you without one final little parting gift. This is a penetration site, and it wouldn't feel right if I didn't hide a flag. There's one flag on this machine and it's in /root/root.txt, everything you need to get there is in this room, So I leave you with this. Good luck and have fun! 🙂

Use #room-help

tx

https://cdn.discordapp.com/attachments/765271038660706351/765290178172026880/5972aa6b06616807.mp4

!blue

@slender kayak my internet sucks so i cant talk.. can barely hear you.

just saying that i don't play koth since at least last month

now i can hear you

me too

thanks

its cool role xD

<@&756155733468512386>

@lofty moat Is cheating

Don't tell them xD

No havent played much of it
(answering mentats in vc)

I'm joking

I'm joking
@autumn quest 🤫

sure..

oh good luck

nice

what will it be about?

nice.. sounds good

no spoilers xD

looking forward to that..

sure.. send me

🙂

which CTF?

Daaamn nice

try installing rustscan

its better for koth

specially hogwarts

i have tried hogwarts.. but never rooted it

rip

😦

i'm on mobile data.. new place so no internet connection yet. gonna take a day or two

Home country.. moved to a new house(apartment).

with friends

my parents pay for everything xD

just here coz i'm studying out of the city

bachelors in computer science

last year

gonna do masters in cyber sec after that

not patching anything

nothing is patched by me

not sure about others

don't know why, but rustscan is not working

rustscan -b 924 $ip

well...........................

machine reset.

they broke the machine again 😦

This looks so weird now that I don't have context of the other person on vc @lofty moat

@lofty moat lol

u didn't see my 245 million ping

Oh wow @full sapphire in voice chat

smh

👀 what's going on

Oh wow Muir speaking

Wow I will join

Lmao

Everyone joined

I am here to listen muir voice

He moved to staff voice chat

i came, everyone left

heheh

hello there

hi

You all have been noted

Noted what?

no need to get sus

sus?

@buoyant lichen xD Did you ban the linux guy?

No. I did.

They've been given the appeals procedure, that's the end of that.

anyone up for voice chat?

I am.

I'm in the voice chat now.

KOTH anyone?

https://tryhackme.com/games/koth/join/c4bb2f2f554446e0277b715e

hoi

https://www.nccgroup.com/uk/about-us/newsroom-and-events/blogs/2019/january/jwt-attack-walk-through/

hey im like really noob can someone can help me pls

Hey Hypernoob, I will.

Gotta reboot, one moment.

pls

yes i try to use the browser maching and i got a error

thmVNC encountered an error:

The operation is insecure.
https://vnc.tryhackme.tech/app/webutil.js

desktop

i have but me inglish is shit

i dink in 30 meaby

I'm not a peasent. I don't hop on dirty boxes.

but the problem is when i ganna use the vm in the site, amm the browser machine

both

same problem

which one you like more kali or attack?

There's a difference between the attack and kali machine??

Ohhh.

Is the attack machine new is it?

kali i like it more

pwnbox?

kali and the attack box are different

I prefer the attack box

pwnbox is attackbox.
Edit: similar

no

I like the honestry.

honesty

///

pwnbox is built off parrot

attackbox is built off ubuntu

Just use that kali machine on your pentests since you don't have to pay for Burpsuite.

pro

you dont have to pay for burp community edition anyways

you dont get burp pro with kali

Pro is always better though.

you dont get it for free though

🤔️can't get the attack box to work atm

you can do ssh

i dont know we can do that XD so thats cool i do that not a problem

I can't even connect to the VPN. -.-

bye

i ssh

becouse browser dont work

Yay, it worked.

Hopefully I can connect to the machine now.

thank u guys for the help

ah nvm was brave

what?

firefox

yep

o men i gonna feal so stupid if that work XD

to arp?

rdp

microsoft remote desktop?

remmina.

cool thank u !

I use microsoft remote desktop at work.

im a grafic card okno

You're a graphics cards?

lol its works!!

yes

like the one i can not pay for a gtx 1080 XD

well thaks a lot

i gona study a little more thanks !

I gtg guys cya around

See ya later.

HTB > THM

very cool, Kanye.

THM != HTB
@tame ivy fixed that for you

They're different platforms and have a different way of educating people, htb is more challenge oriented, while thm focuses more on education, a direct comparison of such two platforms is illogical.

^

I personally think if you learn anything from either platform its a win. The fact that the resources exist is great. I personally have used both and have no problem supporting what both are doing for the community. I guess in summary why is it a choice when exposure to concepts doesn't have to be a solo platform space.

@fresh solar spot on

They're different platforms and have a different way of educating people, htb is more challenge oriented, while thm focuses more on education, a direct comparison of such two platforms is illogical.
@fresh solar Couldn't have said it any better. Comparing HTB to THM is really lame. That being said I'd still go for THM, as we all know knowledge is power, and before you attempt in getting into those challenges you have to put some knowledge, in which THM has done a great job in terms of guidance, it picks you up from the very bottom and makes you somewhat decent. While if you are new into that, jumping straight to HTB you will suffer a lot and be confused to the point where you will get demotivated and eventually quit

compare an apple with another such apple as much as you can / want, but comparing an apple with orange won't count ,

Please stop discussing non-PG13 stuff @rugged merlin @plucky vault @jade fossil. This is a strictly PG13 server, this rule applies to voice chat too 🙂

I'm not saying anything

https://www.stiw.org/msf-pi.html

https://re4son-kernel.com/re4son-pi-kernel/

whats going on here?

0day flexing his Mercedes

(mean while i don't even know how to spell it)

You spelt it right

wut is goin on

Thanks for the help

@midnight fern you forgot to wash your hands..

It's rona' season, no need.

We're all screwed

@lofty moat

haha

lmao

btw you were using your left hand for that.

you had mobile phone in your right, and left hand for other thingy.

Maybe he’s left handed

@ocean ledge use -u before url

@ocean ledge you got the first key?

what key? 😅

on mr robot ctf

no, the first Answer

on ctf

are you doing the mr robot ctf right?

owww, understand

on robots.txt have one wordlist dic

is that key that i was talking about

ERROR: Could not find a version that satisfies the requirement cipheycore<0.4.0,>=0.3.1 (from ciphey) (from versions: 0.0.1)
ERROR: No matching distribution found for cipheycore<0.4.0,>=0.3.1 (from ciphey)

https://github.com/Ciphey/Ciphey/wiki/Common-Issues-&-Their-Solutions

hi

author if ciphey here

if you're having problems with it:

https://discord.gg/GmTnPb

that cipheycore issue is probably caused by either using python 3.9 or Windows 32bit Python btw

https://github.com/someshkar/colabcat

that cipheycore issue is probably caused by either using python 3.9 or Windows 32bit Python btw
@cursive herald the version is 64bit

but yeah, it's using python 3.9

windows?

yep

ahh

is it that much changes from 3.8 to 3.9?

we do not have a release for cipheycore for windows python 3.9 🙂

No, cipheycore is C++ code so we need to rebuild it for every Python release on every platform

https://cdn.discordapp.com/emojis/631271644287074334.png?v=1

g2g y'all

@ocean ledge nite

goodnight thanks for the tips

grep -iRl

hello

I'm at work right now.

voice chats are so silent these days

anyone wanna talk

im new if you can help me ...

ok

are you in my game?

??

like in koth

oh no on my way

https://tryhackme.com/games/koth/join/731d9cddea1958062fa405e4

join plz

ggs @candid carbon xd

Is it a demo?

what are you making

anyone wanna talk

i'm french i can't, my english is bad tho

a stream within a stream

Is it a stream about a demo?

i'm french i can't, my english is bad tho
@dark igloo
I am in the same situation

oh

tu peux rejoindre le vocal si tu veux

@flat bison but, ur english is just bad or u are french ?

My English is a bit better, but I don't feel like speaking today

ok ok ^^

SimpleHTTPServer

python -m SimpleHTTPServer

default 8000

this voice chat is so wholesome

VirtualBox and VMware? I use kvm :o

@ me or any mod if there are any issues in the VC (esp. user-to-user ones)

dark is there any good way to improve nc shell from a windows target that allows tab auto complete and ctrl c without killing the shell

i need advice, so in madrid they modified an ubuntu and the kernel is very outdated. They have the vulnerability CVE-2019-13272 and i dont know how to report it

Dark sounds like John Hammond LOL

Sort of yea xD

dark's voice is cute

So like a Risk Analysis?

Ohhhh insightful info 😄

I would love a talk like that. There is a really big gap of specialists in the Security field

Damn nice

I have a weird question, one thing my sec head told me was that sometimes we cannot be like very blunt about the vulnerabilities of client's infra, cause they don't like that sometimes. How much did u see something like this in ur part of the world?

THM podcasts when?

I love this insight in the field. A podcast type of thing would be awesome

I think we should help Juice

dark's voice is cute
@tawdry cypress darks a cutie can confirm

cry approves.

Lma that's exactly what I am doing at my Masters CybserSec program haha

A lot oof outdated crypto

and outdated privacy models

etc

he was so hesitant saying he joined "hack the box" lmao

@marble cape reeee

plz i need advice, so in madrid they modified an ubuntu and the kernel is very outdated. They have the vulnerability CVE-2019-13272 and i dont know how to report it

Dark gave it to you but you're deafened

I don't like to replace keyboards often.

I have laptop

So unfortunately I can't

my laptop got the mic broken....

doesnt even process mic input at all

"try harder" only goes so far before you plateau and burn out

darks voice sounds very sexy currently

Now it's leggy and cry fault

"try harder" only goes so far before you plateau and burn out
@plucky vault so true.

dark, can you repeat plz

I have wasted alot of time learning how to hack, then I found THM and it offers so much information that is great, and direction. The one thing most online tutorials miss is good direction.

I am also thinking about his voice now 😅

like, "you don't know what you don't know"

0x100 = 0

https://podcasts.apple.com/us/podcast/coalcast-15-the-offensive-security-interview/id1450353902?i=1000476609385

@marble cape 'Make Hacking Great Again'

whats going onNn??

https://krebsonsecurity.com/2020/01/iowa-prosecutors-drop-charges-against-men-hired-to-test-their-security/

The guys who got arrested on a physical?

oh boy, that one

"google it"~James

that was an interesting case

yeah, jeez..

v

whatsss going onnnnnn

https://darknetdiaries.com/episode/59/

whats going onn?

lol @dark igloo

^^

😆

lmfao @dark igloo

Darknet one is nice

Poor Glass, he was overshadowed

it was all politics between the sherrif and the prosecuters, big mess

Thanks @marble cape !

Great talk Dark 🙂

loved Darks cute voice

Thanks a lot

Thanks

:bye

👋

yep.

I would stay but I’m actually in class rn

Just popped in to hear darks sexy voice

you don't need to change the path btw

what the heck is going on

Have to listen to dark hex?

dark was talking

With cute voice

I see

You missed 👀

I'm not fussed, I'll just call his pager and his cell

windows' is super dumb with how they execute unquoted paths. for example C:/this is my service/service.exe tries C:/this, then C:/this is, and then C:/this is my before finally landing on C:/this is my service/service.exe

...wat hex

Did anyone from here do Jack box? How doable is it?

...wat hex
@marble cape Eminem lyrics

Dear Dark, I wrote you but still ain't callin' I left my cell, my pager, and my home phone at the bottom I sent two letters back in autumn, you must not-a got 'em There probably was a problem at the post office or somethin'

Did anyone from here do Jack box? How doable is it?
@muted dirge The only real difficulty is in your choice of wordlist

The one you want comes installed with Kali, but is not Rockyou

hmm interesting. there is a bunch of pre-available wordlists so I will have to see

So basically stay away from rockyou

Yep, exactly

The one you're after is tiny in comparison

i said League of legends

it's a harsh box, fairly certain there's a path traversal somewhere there

it's not lol

@slender kayak you mispelt javascript: btw

I went via the data uri path but it didn't register for whatever reason

-A means, iirc -O -sV -sC ?

you're gonna hate this but there's a solution without LFI involved

would this work? https://gist.github.com/dergachev/7028596

jesus

300k

yeesh, that's not a backup..

it's not just that, you also have to take into account floods and earthquakes

https://twitter.com/troyhunt/status/1318318732054122496?s=09

team 197

it wasn't even, it was actually just yourefired

it was found in the indeed database dump of 2012

https://xss-game.appspot.com/

I haven't tried many other hard boxes but from experience YotP's surprisingly simple. it's just really easy to over think

This is a beginner box based on simple enumeration of services and basic privilege escalation techniques. Based Jake

https://tryhackme.com/room/madness

yeah I haven't done anonymous playground yet

btw there's a threading option, -t

the normal 10 is too much?

no it's normally too little lol

even on a slow server 50's pretty stable

dirbuster's "go faster" option fires off 200 iirc

oh ok

good to know

that image looks super sus

tbh I'd file && cat it

try steghide, usually works

not always

have you tried file lol

because if firefox isn't accepting it as a valid jpg then there's probably something weird involved

FF D8 FF E0 00 10 4A 46 49 46 00 01 01 00 00 48

try wfuzz, it's free

for i in $(seq 1 100); do echo $i; done

or just seq 100

@muted dirge wfuzz -c -z range,1-100 <url>?secret=FUZZ to do faster

later

oof.

sorry to hear that

oh frick you're in italy

What is the name of the column on the far left side Metasploit room

https://gchq.github.io/CyberChef/

it may just be that the password's the password, try rot-13 somewhere else?

There is a rot47 function

You want that.

Not basic rot

@ashen prism The name Is # and whenever I write # It give me an unknown command

Use the cyberchef rot47 and test that

@muted dirge

they tried that

@candid carbon That's the answer of the question if you type # you will get it right

Damn I'm dumb.

Yeah I was trying to tell but there were many people talking so I stopped xD

xD

I mean, it's a png rather than jpg

what if it's literally just "rotten" rot-10'd lol

@ashen prism What does Lhost means?

LHOST means Local Host , your machine IP the one with vpn in this case

So set LHOST than the ip on tryhackme?

No it's not the ip of the tryhackme room , LHOST IP is usually checked through ifconfig then look for tun0 that's your LHOST IP

Then set it to LHOST <tun0 IP>

Yup that's the IP

👍

Now RHOSTS is the IP of tryhackme room

Fairly simple.

type show options maybe you miss something

It seems right then why no sessions is being created

Ohhh

It's running in background

type sessions

xD

Dang 😦

Have you selected the windows/meterperter payload ?

wget https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/blob/master/linPEAS/linpeas.sh

wget https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/blob/master/linPEAS/linpeas.sh -O - |bash

Yup it's selected then why

Go though the questions again to see if you not miss anything?

Ok

@ashen prism Is It use 5 or use #

Try from set payload to windows/meterperter

No that 5 or # isn't related in this scenario

@ashen prism I'll be back in a sec

Ok

https://raw.githubusercontent.com/carlospolop/privilege-escalation-awesome-scripts-suite/master/linPEAS/linpeas.sh

later

It's 10.9.something your LHOST

10.9.90.163 this is LHOST I think you might have wrote broadcast address

@candid carbon 10.9.90.163 this is LHOST

Yes

Now set RHOSTS

use icecast

GG got'em xD

No wait , check sessions

Yeah it was hard for me too xD

Ok good , now sessions -i 1 or 0

now run jobs

Man whyyyyy

Gotta wait

😦

Why what?

Idk why the command didn't worked xD

Try again to run it again with run -j then type jobs

YEAHHHHHHHHHHHHHHHHHHHHHHHHHHH

Not YEAH

Now sessions -i 0 ?

Yeah msf is hard I'm so bad with windows machines xD

sessions to check available sessions

ITS LINUX

No I'm talking about the target machine which is windows xD

OH

Man it's making me crazy and I'm not even doing it xD

Again start from the scratch xD

set LHOST 10.9.90.163

wpscan --url website.com -e u -P /opt/rockyou.txt

I should punch the monitor like summitg

hahahah

Yeah I feel you XD

Type sessions this time only type sessions not anything after it xD

yeah xDDDD

sessions -i 2

sessions -i 3

You got it

your in the machine

just append ?author=1 at the end of url @muted dirge

syntax error

You wrote sesions it's sessions

Ok now go over to the next section

For the tasks

The one you used use icecast that's the exploit and the set payload windows/meterpreter... that's the payload

yeah, there's IDs

what machines are you making?

https://www.youtube.com/watch?v=hsm4poTWjMs 😋

https://cdn.discordapp.com/attachments/758268607628050445/764532851768426556/DUCK_NO.mp4

I think that session got closed

Try to interact with it again

Which one?