#general

Nice one. It's always fun having a small computer around to do cool things with

yuups... though it kinda sucked for hacking stuffs as shadow realised quickly

u listen music from the cli/

yes why not???

Well I'm sure you can do some fun things 😛

u ever used spotify-tui

the pyra will definitely be able to do some fun and cool things

doubt that is allowed by spotify tos

also no

shadow prefers to own their music in drm free formats

meaning flacs or mp3:s

yes that means it takes up a lot of storage space

but also means playback wherever and when ever

without internet

same

Although I use plexamp

shadow mostly uses bandcamp when buying music

their selection of formats to download in is nice

nice

Is shoutcast dead now? lol

what's that

some media streaming software

Also shadow it seems that spotify TUI allowed according to spotify tos

cuz it uses api

thank youuu

Gave +1 Rep to @glass nest (current: #19 - 390)

ah okay then

still don't have the data cap to stream from spotify

will stick to music files

cheaper in the long run

ye

@sharp citrus

why ping botto???

botto not answer

lol

Hey whos pretty confident in blue teaming and could help me out? i think my network has been actually hacked...

IoC:s???

what gives you the idea your network's hacked?

I would recommend you redact the IP's

before sharing logs

this was all the "hacker"

nobody i know of

you know what... dunno what the president is for following the rules when it comes to this kinda stuff... hopefully @shell nova can pipe in

yea lets wait for hydra

yeah but linking to a hackers ip might make people do bad stuff towards said ip which gets everyone in trouble

I need some help with a CTF for college, is anyone available for some help please?

uhm @shell nova may want to take a look into this

We don't help with active CTFs

Why are you scanning stuff you don’t own?

oooh jabba works as substitute hydra for this

nvm i was just looking for help

reporting the ip to authoritis and the isp/vps service provider would work

thank you

Gave +1 Rep to @sand trench (current: #4 - 1633)

doesn't make sense

its localhost

hope this is a joke as that is not something you do

That's not the address exposed to the internet. That would be the external address of your router 😄

Depends how your network is set up. The 192.168 address space is not routable on the open internet

Apple innovation is wild.

Haha just a bunch of stuff that allows you to do experimental things and work stuff in the safety of your own network

ip blocking is not the best way to go about blocking threats....

Are you going to answer my question?

ala see the pyramid of pain

Sometimes it can form part of a precautionary response. Typically an admin might block domains, ip ranges, whole country/region ranges even to reduce exposure from some sectors known to be problematic. Of course, you can't block everything. You can whitelist in a lot of instances

also has anybody here ever reported a CVE?, may have found one

That's normal practice for any routing device on the net

true... shadow was just stating there is higher levels of blockage that causes more pain for the adverseraies

Of course, many levels of precautionary action you can take to reduce your attack surface and control traffic flow

Ta for the reminder lmao.
Recently took my perimeter firewall out of double NAT but forgot to block internal ranges on WAN. Knew I was forgetting something

I wasn't planing on doing something illegal. Somebody invaded my privacy so i looked further into it. This guy had a bunch of malware hosted and thats how far i got with my knowhow. I still don't know if any of my devices are infected but i dont think its wrong to ask for help if needed even if nobody can help me.

You accessed a server you don’t own after actively scanning it without permission

But weren’t planning on doing anything illegal

im not right. but this guy isnt either i dont know what else to tell you

Yeah I don’t care about what they’re doing

Doesn’t justify your actions

but you care what i do?

Admitting to it in the discord server, and involving members of the community in your crime? Yes. Yes I do care

welp time for shadow to just go sleep

beep boop bye

yeah right. as if I was asking for help to take over the server.

You admitted to accessing a server you don’t own in a public discord server with federal agents

This conversation is over, if you have any problems, please report it via the steps in the rules

oof

I really should get some sleep but instead i'm eating skittles

Looks like I missed something spicy.
Why can I not have an Ozymandias (ala Watchmen) wall of monitors and be able to track them all?

☕

u like skittles?, they are too chewy for me

skittles are tasty, but they are not as good as starbursts

I used to get skittles and starburst out of a refrigerated candy machine, they were awesome.

Yea, but they had no tropical ones 😦

aren't skittles just mixed ones

There's at least 4 different packages denoting 4 different flavour combinations I can think of.

Yea, OG, sour, wild berries and tropical

And then you get that layer of flesh that sloughs off of your tongue.

send --help

sounds like bs to me

sour good

Then I always end up asking myself, if I eat this, is it canibalism?

depends. were there any witnesses?

@rapid merlin just reminded me to order more sriracha

Oooh, anyone booked to go to Defcon this year?
Heard there was a big venue change.

venetian canceled on them out of the blue

forget where they moved to

sry, ceasars canceled

looks like they were able to beek the convention center instead

lol they're selling a shirt now that says UNCANCELED

Las Vegas Convention Center

I wanna go Defcon but in America

Apparently the whole conference fits under one roof in one wing

eh nevada isn't bad, but vegas is a mess

not a fan of having my shit dug through my some random hotel clerk without them saying anything to you

@near hawk I haven't been to one yet myself, been to one HOPE and that's it so far.

Been wanting to go to Cons since like 2005.
Missed out on Toorcamp.
CCC's events always look cool.

I probably could've managed to go this year, but I've designated a bunch of my vacation time to a visit with my parental units in March to go skiing in the rockies.

Are you trying to hack me! I heard about thiese "Vishing" scams on Fox!

It literally can't hurt to try, but just don't be surprised.

Honestly, I've been amazed at which accounts I have not lost access to over the years.

My Steam account, for instance, is from WAY back when your e-mail was your user name...
But my e-mail was from a private e-mail service that no longer exists, I ignored the accoutn for like 12 years, and was able to get it back somehow.

But they weren't a marketplace at all back then.
They were just a match-making server/co-lo host and Anti-Cheat system.

Even harder to verify.

No transaction histories.

Yeah, Steam is a lot more today than it used to be.

Marketplace
Store
Community Centre
Game library
Distribution Network
Anti-Cheat Vendor...

Guys I'm doing task 8 of soc 1 cisco talos and in one of the scenarios it wants me to open up a email and put the hash of the attachment with the email in cisco talos. so i finished it but i was curious what the attachment actually was so i put the SHA256 hash in app.any.run to see if anyone posted it there and they did, but whats different is app.any.run says its non malicious but the cisco Talos scan says it is malicious. so what is it?(or is it just meant to get flagged on cisco talos}

Do you recoken it is worth sending an expression of interest for a job while i am studying. Since i dont have the cert for it yet.

I think it makes sense to at least be on their database.

steam is like the one [practically a] monopoly that hasn't gone straight up evil

notable contributions to open source as well

and

LINUX

classic

Can I pay someone to hack my grandma? She is a real B

Well I am finally gonna go asleep after 2 hours of saying I will

$50 bounty on my grandma

shell never see this coming

eh @mossy river if ur here may want to see dis

Hello guys, I have a question about the streaks on Tryhackme
I recently lost both of the weekly streaks while almost getting the badge which is weird since I do them every day. May the algorithm work as like 24h from the last activity?
Also, how to the IceBreakers work...? 🙂

The day steam turns evil will be a sad day in pc gaming history.

ikr

Poor granny

So you could get your streak back. If you use the ai in tryhackme website you can send a ticket to a support person

I got one of my streaks back weeks ago

Heya @sinful moon guess which movie I just finished

nah

why

idk i kinda want a snack

popcorn

ngl that sounds like a good option

also time for me to get popcorn also

I need ur advise to

tho

Top gun maverick or Arrival

https://tenor.com/view/comendo-mastigando-gif-11079610887514586452

i actually haven't seen arrival

not much of a movie person

mav was okay 🤷‍♂️

https://tenor.com/view/comendo-mastigando-gif-11079610887514586452

https://tenor.com/view/comendo-mastigando-gif-11079610887514586452

@boreal scarab u ever broke vlc?

I don't even use VLC

https://tenor.com/view/comendo-mastigando-gif-11079610887514586452

hmm

i managed to break it somehow

Hi all! I am new 🙂 I see access to King of the Hill competitions, yet nothing else? Would be super appreciative of any tips to start me off! I have some pentesting experience (though still certainly consider myself a beginner!) and am new to this site. Thank you!

~Allie

How the fuck you do that

tried to mod it for some extra customization myself

with no experience

hy , i tried to much time bruteforce but didnt get the password can sameone have solutions Bruteforce the Administrator account's password!

which room are you doing

OWASP Juice Shop

I don't think there's even a brute force segment for that room

try one of the commoncredential lists in Seclists

Sub Chat

It's been a while

but did not working

show me ur positions tab, where the payload is put

Positions tab sorry

i forgot to say please

that is sir

in this case ur not even submitting a password

Use Hydra better

wait scroll down in the payload positions tab

ok sir

hydra -l admin -P rockyou.txt MACHINE_IP http-post-form “/admin/index.php:user=^USER^&pass=^PASS^:F=Username or password invalid” -V
Try something like this
Also read hydra quick to understand how it works

Yeah do this please

it says 1 payload position but i don't see it

hacking is bad

stop it

uhm....

thats the correct password

put the position on the password value like this: $admin123$

it isn't $

its another symbol

§§

it's a very weird symbol tbh

eh

for section

I Agree, i want to stop

but i can't

https://tenor.com/view/elliotalderson-mrrobot-cry-crying-ramimalek-gif-4835388

i never felt mr robot until now

now it's accurate

Just don't do drugs

AYO

i was just thinking about it

okay now that's a bit far

Hey, I bet you could solve a lot of his problems with a gym membership and a drug rehab program

imagine being world's top hacker but yet so lonely

you can't solve loneliness :((

you can download anything but a social life

you need a hug for that

What if I told you, you can.

You need to work for it, like everything else

It's not going to be handed to you

Put in the work in therapy etc.

not always the case tho, he was doing larger stuff in his opinion that's why

that's also the case yeah

But generally unless you're a big vigilante criminal, there's a solution

he went to therapy, it didn't help
they also stole his dog

the one he already stolen before lol

let's not talk about mr robot here it sounds very illegal lol

it's just a show, but I'll respect the rules if it doesn't allow that

rules are just suggestions

sorta like that geneva thing

Almost broke my TrueNAS... phew

what'd you do

how do i change my password on the website

i forgot it

https://tryhackme.com/forgot

thanks

One app decided to fail midway through, and I couldn't remove it, then another app was updating and failed, restarted so restarted TrueNAS.... now my share is borked...

welp

would it have helped if it was dockerized

Fixed it

Had to turn the shares off and on again couple of times

The apps are dockered

you broke your nas by breaking a container on the nas

damn

https://tenor.com/view/your-boy-got-skills-young-dylan-i-got-skills-i-can-do-it-im-capable-gif-23487366

https://tenor.com/view/it-problem-phone-call-have-you-tried-turning-it-off-and-on-again-gif-17823069

Hello.

Guys, tell me something.

"something"?

How can I learn hacking. : )

Goodmorning everyone. Is there some website for wordlists of hidden pages/passwords I can use when pentesting or do you make them yourselves?

take a look at #start-here, it's got some useful info

Wait a sec.

I have some questions first.

Can you answer them?

depends on the target. sometimes custom makes sense, sometimes premade makes sense. i've got wordlists from a few dozen long to half a TB, lol

kali comes with the SecLists wordlists preinstalled, along with rockyou

depends on the Q, ask away

Right.. that actually makes a lot of sense. Thanks man!

if you're using kali, the wordlists command will actually take you to all the preinstalled ones and you can dig around

What are the possibilities with hacking? I mean based on shows and stuff... What is actually possible and what is not?

Oh cool! Will check it out. Thanks for helping!

Gave +1 Rep to @molten sky (current: #89 - 70)

...?

ehm
i mean, a lot of us use it as part of our job

Man how many possibilities are you typing? : 0

Um... Like?

trying to think of a way to answer that's acceptable for thm, lol

You can answer me in DM if you want to.

Have sent you a friend request.

a lot is possible, but it's far from mr robot hack the planet in 15 seconds

a lot of prodding and a lot of paperwork for some industries

What is prodding?

poking and things and seeing what might break

Far from means not possible?

I see...

the speed at which the guy develops the exploits, my god

I've not seen the series but I have just started with it. I mean, I have seen the first episode and man the way he destroyed Rohit.

Yep, but remember he's a very unhealthy individual to emulate, personality-wise

I've gained interest in hacking.

I figured that much.

But the things he's doing are holy.

I want to learn.

https://tryhackme.com/hacktivities

Go here, pick an easy path

I'll, but first at least tell me what the possibilities are.

The world is your oyster.

read the website owo

There's a perfect room for that 😉

What are you trying to achieve in the end?

https://tryhackme.com/paths
This will give you a good enough idea

I don't know. Maybe hack a wifi. LOL!

I mean for now. Maybe that will be my first milestone. 😂

Illegal things will never be worth it my friend

I mean my own.

To learn only?

What should I do then.

Any Best Resources for Learning Networking

@wanton furnaceHi

if it interests you, look into the paths, there are fields like infosec, red-teaming etc.

Let me see then.

https://tryhackme.com/jr/introtonetworking

I'm really grateful for whoever added SSRF onto THM.

I had trouble self-learning.

@glossy portal BTW Shei... I just want to know, is it actually possible through?

Wifi hacking?

Yes, there are many ways

Any Videos on Youtube Or Course

"intro to networking walkthrough thm" search on YouTube

Thanks

Man there are no paths whatsoever.

It's only loading and not showing anything.

@glossy portal, I need some here over here.

are you on mobile?

Yes, it opened.

Now tell me something. I am pretty much unaware of the things mentioned there.

Tell me which path to follow.

Suppose I want to be like Elliot.

😂

pick one and stick to it, from here, consume cybersec media etc.

I don't know, you suggest something to me. @glossy portal

Pentesting

Ok, thanks.

Gave +1 Rep to @atomic aurora (current: #1323 - 2)

https://tryhackme.com/path/outline/jrpenetrationtester This one?

None of those

Please don't post giant blocks of text like that @wanton furnace

Those are Networks, which teach network pentesting not networking

so I don't Learn networking from https://tryhackme.com

You can

There's lots of content on it

But you were not looking in the correct place

so you please provide link for easy netoworking @naive violet

I don't have the website open and I'm not signed in from here.

Go to the search page and use the search box.

Thanks

Morning 🫡

You Late Morning 12 Hour 30 Minute Ago

This is how timezones work, yes.

Oh Sorry

Mornin'

It's actually 7am here 😉

Man it sucks to overlook the small stuff

Facts

Morning

@finite basalt how's hacking the EM space going?

Good morning people who have similar interests to me

👀

gotta love when you turn to youtube to figure out how to do something and the most coherent video is by a child

watching a literal child to figure out how to do the thing i forgot how to do

Hi guys, I'm a complete novice in hacking, I'm not looking to go through any type of learning, I just want to know from you, who have already used the site, to learn something, what I learn with my free registration, will I be able to do exercises like from pentesterlab?

I dont have experience with pentesterlab. Could you define more what you want to do?

like, in the module where I am, I am learning the basics about networks and many other things, however I wanted to know if in my account with free access, I will have access to more ''right'' content literally teaching how I can enter systems and servers, obviously for educational purposes

Yeah there are lots of free rooms

You can’t complete paths but there is a ton of free content to learn a lot.

there is a ton avaliable in the free rooms

therte is also a lot on youtube

Earliest I’ve been awake in weeks 😴

Class?

Yes :(

Woke up at 7am

Class isn’t until 10am, but I had to make sure I was awake haha

Have you been awake since 7? 😄

same

Hah, yes, although not happily

https://tenor.com/view/rise-and-shine-primefx-wakey-wakey-gif-7328728770450113624

I hear you

I slept in today, I got up at 8 😦

i can't. it's too dark in here

I usually wake up at 5.

Stop bragging smh.

Can I go back to sleep yet?

I really struggle with early mornings. I wasn’t always like this however.

From ages 7-15, I would get up at 5/6am, get dressed and sit downstairs until it was time for school

That’s more of a moral question. Can you? Yes. Should you?

I wish I was bragging.

It was a mad rush to get the child out to school.

Didn’t the other half wake you?

Real

Jabba, may I DM about a topic I wanna talk about?

👀

part of me whats to know the other is too tired to care

It's just a topic that is a little political, so I wanted to hear before talking about it to not break rules

Okily dokily

https://tenor.com/view/okily-dokily-ned-flanders-gif-13092937

did i hear political?

Writing for POSIX is a waste of time and energy

Hey people I don't know where this belongs maybe someone can point me to where I can get help. So in Network Services 2 Enumerating NFS Task if I do it with the attackbox everything works fine, but if I do it with my own vmware machine, I mount the directory and everything's fine but as soon as I ls in the mounted directory the terminal freezes up and I can't reach the directory from a new temrinal window too. Someone maybe able to help me or point me in the right direction? I am just using a normal Kali on vmware setup, haven't changed anything from the original distribution.
Thank you so much!

I have posted this in subs-room-help a few hours ago but no luck

Try #room-help

#subs-room-help is restricted to only subscribers so there’s less people around to help

i forgot that i'm not subbed anymore and was confused :/

Thats a pain

Nah man, we all slept in today.

thanks!

Gave +1 Rep to @mossy river (current: #6 - 1159)

One of those days

Gosh, you all must be exhausted

my whole stomach feels like I was punched like a punching bag by a boxer

Well, thats what you get for keeping in shape.

yeahhh, I worked abs yesterday

https://tenor.com/view/hello-chat-hi-chat-hello-moderator-by-chat-bye-chat-gif-25893636

wrong gif lol

Yeah…

https://tenor.com/view/kto-lbow-hi-hello-hi-there-gif-25347432

https://tenor.com/view/kung-fu-panda-oogway-accidents-there-are-no-accidents-destiny-gif-16270886

Hi everyone, am a Full Stack Developer, nice meeting you all.

I wanna ask question and I need you guys suggestions for the question... Am I free to ask here?

Go for it

my lecturer is pursuing a master degree course, he's about to build a project, a wide one, he called me and explain the project to me that it's a master's degree project not like school project that it's gonna be wide. the project is based on agricultural sector (Nigeria for example) and AI. as he explained to me he said, it going to be an application that'll predict what famer will do for his next plant, just like forecast since it's built with AI, like forecast predicting the weather if it's going to rain today or not, if it'll be sunny tomorrow or not like that.... he said, if the famer plant maize today following the AI app that's going to be build, the AI will tell him what to do next, maybe in the next 4 days he need to add fertilizer or wet it or do something else to it.

He also said that as i know we're going to collect data from various places in agriculture to train the AI, so AI will work very well and accurate, he also said that he also want it to help the economy as things are cost in Nigeria nowadays, instead of importing things in from other country.

What he told me to do now is to make research about it and i think about the agriculture too also.

Need your assistance, you can use your country as example instead of Nigeria

basically an ai farming app

Yes

Base the info from the same time last year. 2-pronged attack - Get weather info from whatever national weather service is in the country, and contact a farmer (Or farmers) to get yeild numbers as a proportion of field size. Surprised a Masters student wouldnt have already done this though/

Tho, it's my first time, he knows I don't have the idea of this, bc its wide, buh he has ant me to try...

the simple answer is - Step 1: work out what info you need. Step 2: workout where you can get that info from. Step 3: work out HOW to get that info.

thanks

Gave +1 Rep to @glass nest (current: #19 - 391)

hey

👋

Are you back UK or just happen to be awake?

If you just did it consistently you wouldn't suffer from doms anymore

i not back in the uk ahaha

in other words, work, work and work 😂

We don't want her anymore.

She abandoned her country for sunshine.

That’s harsh 😧

better than being frozen to death in -7 😂

._.

You're opinion 😉

your*

I haven't gotten a bsod in a while

No, I was right.

She's an opinion.

fair fair

Octopi!

I miss the old bsod they looked way more scary 😂

Are they raising a dragon? If not, I'm not interested.

😂

is there a way to check the last uptime before shutdown?

pretty sure my laptops been running for like a month straight 💀

i stopped putting it to sleep at night as well

probably not a good idea

Just left open?

just leave it locked, screen is always closed but it's connected to my monitor and still awake

You should shut your PC down regularly smh

It's a bad habit, it started when I used to leave my laptop running here and I would visit my family on weekends then RDP into it so I could do my uni work

Your electricity bill must be really high

I got an intel nuc running absolutely nothing 24/7 as well 😭

Got proxmox on there but no VMs ATM, had one for an MC server but we stopped playing

I'm in student accommodation and the bills are included in the rent so I don't have to worry about it

run hell diver servers

they need its

bad

Ah well that’s good then

:p

What's hell diver? I recall someone mentioned it here yesterday too

But yeah it’s not good for it to be on all the time

its new game

but they are having issues handling so many players

its a long q to get in lol

https://www.msn.com/en-us/news/other/helldivers-2-caps-its-concurrent-players-at-around-450-000-to-help-server-instability/ar-BB1ivyXb

Rip lmao

yep

lol

democracy

I remember I think it was either elder scrolls online or lost ark, but there was an event one time and the queue was hours long

yeah, screw that lol

new world had the same issue

I just wanted to collect my daily reward 😭

I don't hear new world mentioned anymore, did it flop?

yeah

end game was weak

they have problems balancing the pvp so people fell off

I met one of the devs once, asked him for a game key but he said no 😔

Game engine dev*

aww what a loser

I mean, understandable, it's a £50 game XD iirc

you would think they have pull to hand out free keys

but they are probably underpaid devs

being pimped out to the system

Tbf I asked him jokingly, I doubt they'd give out the game for free to some random guy 😂

Met him at AWS' Shoreditch office iirc

oh

how everyone doing tonight

Doing ok wbu

hanging like wet laundry

:p

trying to trouble shoot an elastic instance

Awww

https://tenor.com/view/cat-sleep-good-morning-gif-13197410096239821277

Morning!

morning

I’m still trying to recover from 4 hours of free drinking on Saturday 😂

oh shit

nice

what did you drink

Cocktails

sounds like a good time

It wasn’t the next day 😂

Me always on Monday

I'm a better chef than Gordon Ramsay, I'm a CyberChef 😎

rip

?

I’m interested dm me

Don't ask, you don't get.

i've been dreading writing unit tests since yesterday

but once i started it, turned out it wasnt that bad after all

👋

Sup everyone

Time for some THM Rooms

Not had a chance, my phone stopped working and that set me back so I've held off on it for now 🥲

Get a new phone 😄

i don't understand "payload" very well, so if i send a payload bash code to target, and its contents is "ls -la" then the target got payload that i send. And target's computer will "ls -la"?

i don't quiet understand this

<@&1174352727451652214>

que

Deleted -role eh...

Jabba borked something

DevSecops role incoming 👀

👀

</verify:1174352727451652214>

👀

</verify:1174352727451652214>

:(

Somebody Reboot Jabba.

verrerèify

https://tenor.com/view/bh187-spongebob-reboot-malfunction-gif-21500355

Does anyone know why secretsdump isn't outputting anything? I have extracted a copy of the SAM and SYSTEM files and am using python3 secretsdump.py -sam ./Desktop/SAM -system ./Desktop/SYSTEM LOCAL command but not getting any output

What are you doing?

I have a forensic image of a hard drive and some of the files are password protected so I am trying to extract the pass from the registry to see if the same password has been used for the files

For what though

Is this a CTF?

no its for uni

We don't help with schoolwork here

the work isn't assessed but ok i apologise

Not now, I think it will be in your end of module coursework or exam though.

I re verified, and I don't have a deleted role

We can't figure that out unfortunately.

DokiDokiDoki has been typing for a long time...

Hi, is there any room focused on covering tracks or logging security ? I have already done Windows and Linux core rooms or event viewer for Windows, is there anything else focused on a red team/pentest way ?

was looking for my english words, it's quite a long day 😄

I'm not sure a room is there, or I can't think off the top of my head right now.

Not sure if this is what you're looking for but maybe this module might help?

https://tryhackme.com/module/security-information-event-management

ok nevermind, I will look for security blogs or things like this, I think that it would be great to get this some day, something related to the cleaning phase instead of enum/exploit/post-exploit, there is already nice things about persistence 🙂

this one seems good : https://tryhackme.com/room/loguniverse, haven't seen before

Hey ya'll! Would anyone happen to know if there are Meet Ups or group practice sessions? I'm still very new to security but I want to learn with ya'll.

There used to be in #964299701581119538

Ah man. Do people here still gather for any challenges?

I have no idea, I don't use it. ¯_(ツ)_/¯

is this new?

The bonus points?

They've been they're for a while

Oh bonus points

It'd be nice if there was a point indicator of each question

can i have a question, what questions or topics are mostly used in techno quizes?

It would vary I guess

but waht are mostly?

No idea, they're all most likely going to be different

Standard points

30 for challenge

8 for walkthrough/info

Bonus points if specified.

6 points if walkthrough rooms are older than a month

Can I ask about ARP-Spoofing in this server? If so, which channel?

its more about the behavior of ARP on wireshark

You can ask here

Using Host-M, I sent an ARP REQUEST poisoned packet to Host-A (It had B's IP address and M's MAC address). This was a success and Host-A's ARP cache table was poisoned. It had M's MAC address assigned to B's IP address. However, when I sent this packet using Scapy, I looked at wireshark, and weirdly, the only packet that was captured by wireshark was from host B (Who is 10.9.0.5 (A) tell 10.9.0.6 (B)) but why is that? Why did B send an ARP request and how did it even know M and A were communicating?

How is it possible that I have credentials of a user and I can RDP into the windows machine, but when trying to SSH into the machine I get Permission denied?

Is ssh open?

The task is saying Copy these files into your kali, "scp" should work

and scp is part of ssh right?

im not sure how to check if ssh is open

I solved it by using meterpreter's "download" command, but still, im not sure why i couldnt ssh

What room you doing?

/room/credharvesting

Task 4

Unfortuntley I haven't done that room, take to #room-help

No worries

lets say i get a scam sms, and i want to investigate it cuz i think i can maybe learn a lot from it, but i would like to use a vpn for it (and ofc vm but i have that). what vm do yall use for things like this, btw it has to be free im not paying 💀

idc about the location as long as its a good safe vpn and it hides my actual ip

@simple valve I bought this is how they tell me the world ends

Virtualbox or VMware. These both are good virtual machines but if you’re going to be opening up attachments etc, you should create a sandbox so your vm is protected.

whats a sandbox

im using virtualbox

but i have the vm im more asking for the vpn

also ye it has a link

What was your scp command? Wouldn't you just need to specify the SSH credentials of your Attckbox or VM to get the files onto there?

im not sure how i would create a sandbox tho tell me more

It’s basically so your vm is totally isolated from your computer. It’s mainly used to test malware

how do you do that

If you can't, create a sandbox effectively, I believe you shoulnd't try.

Learn first

Wait so you use scp on the windows machine and send the file to your Kali? I was doing it the other way around 😂

._.

but i mean

oo how do u do that

i have this link

would love to see what it is

If you don't know what you're doing, don't interact with it.

Just report and move on.

</verify:1174352727451652214>

I am a God, not even Discord can contain me

https://tenor.com/view/shocked-surprised-gasp-what-cat-shock-gif-635629308990545194

👀

Anyone?

thats kind of boring how will you learn like that

how much harm can a link do

famous last words

XD

You learn by learning the fundementals and isolation first.

Do you know how many scam links there are out there?

but i know its a scam 💀

so i cant get scammed

I mean, you wouldn't like to click the link, don't have isolation and bam.

Malware central.

If you analyse every single scam link that you come across, you will be here until the end of time

well i would do it on kali vm

Uh?

What makes you think it would react in an a Kali VM?

apparently you cant 💀

@rapid merlin Are you fr?

You dont know threat yeti?

I think it wouldnt do anything in a kali VM cuz its made on windows

which is why i would click it in a kali vm

You don’t know the rules?

Don’t own it, don’t scan it

No not that scan way

wdym

It provides you a screenshot

whats wrong with that

Of the website

Don’t touch things you don’t own. It goes quickly from looking at the website to you breaking computer misuse

You don’t have any business messing with scam links

Report it and move on, you’re not Batman

I’m Batman.

IIRC scp can be used in both ways, but for this specific example you only have your own SSH creds, so you can't run the command from your Attackbox

I dont even know where i would report it

@blazing stone I can open almost any scam link and know how the website works, what malicious techniques and how to prevent other users from getting caught in the same scam. Do you want to know how?

Find a trusted source to walk you through it. But personally instead I would go to app.any.run which basically is a data base of all malware’s different researchers put. You can look up the malware and see it in videos if it

Jared, threadyeti provides you with a screenshot of the website. It does basicly the same as urlscan.io. Nothing illegal right?

Yes

i mean idk if its mallware its a link

and its clearly gonna steal bank credentials

I’m really glad you asked. I signed up and subscribed to TryHackMe premium.

TryHackMe is a great website and by subscribing to their premium subscription, I was able to get full access to their learning paths that guided me to understanding the fundamentals of cyber security

💀

Why do you need to open the website?

ive done somet things

but i mean a realworld thing is diff

What website? The malicious website?

It’s not

To know what it is

Yes

its curiousity

if i report it ill never know what it is

You dont. Thats why you use a website like threat yeti or urlscan.io

If you look at it, you might still no what it is, unless you know what you're looking at/for.

Curiosity killed the cat, satisfaction brought it back.

If you already know it’s not legitimate, you’re not going to be satisfied when you open it and see it’s legitimate

It's not exactly common but just clicking a link can infect you too
https://portswigger.net/daily-swig/drive-by-rce-in-windows-10-can-be-executed-with-a-single-click

Do you want to know a 100% foolproof way to not get scammed or hacked?

Disconnect your pc from the internet and put it in a safe

well ofc dont do anything but i mean

daaaaamn

A common prevention method that most cyber security professionals will teach you is don’t click on things you aren’t 100% sure you know are safe

Go live in nature with no tech around you

all good till the scammers start calling you

well still

Cyber professionals? Nature? Come on bestie

🫡

what if a 0day no click hits you or idk how it was named

where you dont do anything and your phone gets owned

Show me one

i mean yeah

well i see all these reverse engineering youtubers and stuff and it looks fun

o

then ur cooked

ok

very low chances to be the target of one

but

never 0

You mean something like pegasus?

yes

0.1% perhaps.

is that even possible

yes

It is. Most of the time targets are governments

fascinating i know

Possible but very rare

like the attacker just straight up sending their own entrance 💀

You asked a question I gave a valid answer ❤️ Bestie

That malware is very expensive. Not affordable for "normal" criminals.

fr

But I think that is something for advanced channels

Is it?

😄

its war level shit

I dont have experience. You?

Thats what i heard

If someone is targeting me with a zero click vulnerability, they have their priorities messed up

Yes.

/report

yes, but they're too valuable to be used on some random person
you'll likely only see politicians, journalists, etc. get targeted by those

i may be wrong but i recall reading about security experts being targeted too

Yeah 0days can be worth potentially millions of pounds, if you are a target for one to be burned on then you have far greater problems

didnt russia start offering 20mil for them?

actually probably best not to discuss it here

True

#exploit-and-mal-studies 😄

I know what channel you linked, but no access

:))

no access tho

https://tenor.com/view/let-me-in-eric-andre-wanna-come-in-gif-13730108

Y'all need to level up.

how much to buy 0xd 😔

Yeah... But im not hurrying more for that level. Just learn at my own tempo 😄

I assume you can speak more freely in there without worrying about discord banning the server?

or is that still an issue

Thanks I finally got it, It took me 45 minutes to figure out how to use scp

Gave +1 Rep to @hollow pivot (current: #51 - 130)

You can send me $20

You live and you learn 🙂

I can’t give you 0xD but I’ll take the $20

Yea, as long as you're not hinting at any blackhat behaviour, then more than free to discuss about it

Scamm

Ill give you a tip on how to get 0xD the fastest way possible

for $20

well im still curious as to what it is but i guess ill folow your advice 😦

I'd purchase a subscription with that money, much worth it than 0xD

it's more of a "we can vet whose asking the questions"

Personally I feel popular when I get a scam message

They all want me 🤩

must be nice 😦

Befriend your local scammer

😂

I already pay my landlord. Isn't that enough?

Even a Nigerian prince wants to contact me

Lmao

its quite a boring message

it supposedly from a bank, which i dont use, saying [insert bank name here], because of an update you need to verify your account, do this on this website: link here

XD

its obvioulsy just gonna grab your creds

Hi

sup trump

I got a ping from you

Ello

deal

https://tenor.com/view/ping-cat-ping-pong-gif-27640459

If there is an empty error in response to a LFI attempt whats that mean?

How do you know it's an error if it's empty?

Because without the LFI it says "Invalid input"

Still doesn't answer my question 😁

Then what is it

How do you know it's an error if it's empty?

What is telling you it's an error?

The error

time to say bye to my storage

Bye bye storage

Glad I got back into this

Started new medication that helps with anxiety and now I wake up at like 6am daily to spend an hour on here

is there a place where i can get a free linux cloud vm?

Free I'm not sure of, at least not one that lasts long. But it's generally easy to run inside a VirtualBox VM on your own machine.

its like 40 gb

Network Chuck showed a couple options but they were short trials

what GPU u running it on

Then it costs per hour

Sashimi from a japense super market. and real japanese soy sauce from Japan made the traditional way

is that octopus?

And Boba!

I do believe it is

Squid

Oh and octopus too

makes my stomach hurt not in the good way

Oh I love Sashimi

this looks AMAZING

i also love sashimi

Didn't realize it had octopus in it lol

youre living the high life

4070 rtx ti

It tastes amazing! Especially with the soy sauce I have

https://tenor.com/view/ikr-i-know-shades-on-sassy-fabulous-gif-16553973

pretty nice

This is the soy sauce

yuup it sure is

it's 2025

Can you tell me what it could be?

oh interesting, it's written in python

interesting

This isn’t a trick question, I’m genuinely asking a question

My dream vacation is visiting Japan

That octopus was quite good. Chewy but good

and of course, they haven't setup the requirements properly

Steamed rice cakes

I thought that because it is in the same place as the error but it is just empty

What’s empty

If it’s empty wouldn’t it not be a error?

I guess there could be no error but if there is no error then why isn't the LFI showing on the page?

Hold on what are you doing this for?

time to do the developer move, code the entire thing yourself

For LFI room

Oh I have no knowledge on that room

I reckon I could do that

eh might be time to do it

ah its using a conda envio

nvidia driver stuffs is nightmare fuel in coding stuffs

just pull a all nighter, hydra wasn't working for me a few days ago so I coded a version very very specific for my needs and built one in go

these are it's requirements

how did you even break hydra aio???

it has been stable for shadow for ages

and that is still using kinda bleeding edge with arch based distro

don't know how exactly but I managed to break it on the attackbox if that means something

huh interesting

then its installition wasn't working anymore

ah, did you install the latest version?

wonders when aio is getting 0xD

don't know tbh

may have done sudo apt update && upgrade

ok fixed, I just added pycryptodome==3.15.0 as a requirement and then monkey patched the entrypoint bat file

but eh its workin now

thats a easy move, u should have recoded it entirely.

why?

its the programmer move

😎

Also Jayy by any chance u know react.js?

I know of it

I don't have any experience programming in it

oh k

Gotta learn it

need course recommendatinos

yes!!

sign me up

i actually recently bought a bunch of javascript courses

i feel like i need to get better at web dev to get better at web hacking

eh I can read javascript like I can read go

It's not react but https://github.com/getify/You-Dont-Know-JS

but I can't write in it

React has a lot of weird idiosyncrasies. It's worth studying in-depth if web security is something you're interested in

eh don't need for web sec atm

Just for some work

gotta build websites

https://scrimba.com/learn/learnreact/

thinking about this one

Yeah that one's good

I've done that one, it'll get you going

https://tenor.com/view/japan-welcome-japanese-penguin-asia-gif-12578128734255361281

https://tenor.com/view/doge-dogecoin-samurai-ronin-bushido-gif-26524943

i want to try conveyor belt sushi

genius concept

I know there's a place in Japan for people who have a tough time with social anxiety, where they interact with people behind a wall

Yeah I saw a video on that

I think that'd make my anxiety worse

It’s a restaurant for introverts

https://www.vice.com/en/article/n7bgx7/japan-hole-in-wall-cafe-mental-health

It’s a cute idea

ohhh thats really cute

I wanna try all their vending machines. And even go up north, away from the touristy areas. Actually see Japan

i thought you talked to other customers through the wall?

i was confused

this makes more sense