#general

So even if I sent you the link, it wouldn't work

yea sadly but i wouldnt mind some public ones u liked if you could share em

u got great taste

rn rocking this https://open.spotify.com/playlist/7qjSvgcy2seOnTMDvPFkyX?si=7896cefe767042b2

I got German, Spanish, lofi rap, rock, sad music, take your pic

rest are on Apple Music

German, Lofi Rap for now

Die türen are a vibe

I just listen to song once and if it sounds good like it

Bought premium and it wasn't activated but I received an email saying it is activated sent a ticket.

thats a recipee for a hell of a Liked Songs Playlist

Is the ability to change users pfp via click jacking a serious vulnerability

Nah

Low-medium impact

https://open.spotify.com/playlist/0JhI4OmwKyG8eEIZm2aIpg?si=13548cca316f4121

its German/ Turk

Its a state changing action right?

What's that

Hey can I have some technical questions?

state-changing requests, which refers to the type of request that results in data being changed from one value to another

I use encrypted Jwt for authentication

with RSA algorithm

The question is

I have no clue, sorry boss

Do I have assign each Jwt a different key pair?

Its ok

Yes

nah

It's fine here

Oh, sorry

The website ask the user to upload an image to win a prize but there's no prize and it changed user pfp in the victim site

two clicks to be precise

@crimson hedge No, you don't need to assign each JWT a different key pair. You use the same key pair for signing and verifying JWTs

The entire user setting page is framable

There's no protection for click jacking

Every page is framable

Thanks

Gave +1 Rep to @mossy river (current: #6 - 1176)

Click jacking and changing the user's pfp completely changes the vulnerability score

where should I put my token from thm?

Is p3 serious

@severe seal

I consider p3 to be serious

Doesn't need to be bot commands, it's an empheral response

Yeah

p3 is like medium

^

Gave +1 Rep to @mossy river (current: #6 - 1177)

okay. how to regenerate it because I already used my token

DM me your token please

Right so may be cause some annoyance at most

ahah

Click jacking is not serious tbh

Is it like sherbet?

I think so

Thanks y'all

Kind of

I'm not trolling homie

sent a dm

is it some good site i can see examples of code with CVE's that is published and public?

Exploit-db

CVE detail usually links to them if I’m not mistaken

Nope that’s the wrong website hold on

Nvd that’s it

Which one?

Does anyone know how to switch windows when in the AttackBox window???

Like I want to run WireShark while running the Terminal.
But when I use WireShark it takes over the whole right screen.
And if I want to view the terminal, I have to either move WireShark or shrink it.

Please and Thanks!!!

ahh

Are you in full screen?

truth

Yes and no.

When I use full screen, on that window, I still can't switch windows as I please.
WireShark still takes over the whole screen.

How can I view different windows and what I can't figure out on my own.

Hi,
can someone help me with openvpn connection troubleshooting

#site-support

it seems no one is there to support

Not now maybe

But in a couple of time

There is

okay thanks for the update

will wait for response

When did you E-mail?

Oh you don't need e-mail for that

He’s talking about the site support here in discord scrubs

Pretty sure atleast

got a revshell working from internal VM to an azure vm running metasploit as docker container!

@mossy river time to delete a message! /j

Boss, you need to chill

Thanks sir

the boss here is you

sire

Not old enough to be a boss

16?

boss is a little bit shy

20

oh

uhm

you can be a boss on discord atleast

nah

It would fit you Jared

i'm not jared

No

Jabba is Jared

jared is jabba

Im reacting on your message xd

Do you think so?

meow

:hammer: money_hmm#0 has been banned.

/wp/v2/users/(?P<user_id>(?:[\d]+|me))/application-passwords
any help
/wp/v2/users/(?P<user_id>(?:[\d]+|me))/application-passwords/introspect
/wp/v2/users/(?P<user_id>(?:[\d]+|me))/application-passwords/(?P<uuid>[\w-]+)

Interesting

?

Maybe you need #room-help ?

Looks to be WordPress. I don't think we can help here.

If that is true, no

Oh ur right

we have rooms on wordpress?

I don't think we do, that's why I mentioned it. Looks to be a case for the hammer from a glance.

Huh?

Unless you're saying that we do in fact have rooms on WordPress lol.

Of course we do, there's tons of rooms on WordPress. I haven't been actively competing on the platform and I know that lmfao

Forget I said anything then. Gotta find time to dive into those.

Btw who is #1 in points on the platform?

But first, turning pacemaker shell scripts into Ansible.

https://tryhackme.com/r/leaderboards

0day, but he's cheating by having found flaws and being rewarded with a permanent #1 place.

oh thanks you three

wut.

Dutchie in fourth

woo

can any mods help me?

someone dming me her with server invite

DM me a screenshot, please

If I were to change IP adresses and keep on connecting to the openvpn server, would I end up getting blocked? Are there any measures against something like that?

They don't, that's not true at all

wym change IP addresses?

Currently at school so once school is done I get home. At school I connect to the WiFi and then openvpn. Did that a couple of times already. Same at home

You can't connect on the same tunnel on two different devices if that's what you're asking

No I mean if I were to connect from two IP adresses every day (not at the same time), could that get me blacklisted or something?

No

Okay, good to know

I don’t think that would ever get you blocked

Was asking since my OpenVPN connection just completly stopped working. I've been banging my head against the Keyboard for a couple of days now but nothing seems to work.

Maybe try to download a new config file?

I tried each config file for each country

#site-support send a screenshot of your OpenVPN output </verify:1174352727451652214>

alright

Did that

still the same thing

Hello Mac, can you elaborate on what this means?

I tried all the different servers. Eu3 was the only one that worked and since that has stopped

Well, seems like I'll need to look at my PC settings. Maybe thats the problem

Oh that's actually a good idea. I'll do that

You can, for THM?

But you have to do with the regular servers

So they are slower

Please do not suggest this

We do not suggest that you chain VPNs and suggesting to bypass country or service restrictions is (potentially) illegal.

A restriction is there to restrict, not to be bypassed

wut

You need to use the OpenVPN service to connect to the TryHackMe OpenVPN servers

Yes.

https://tenor.com/view/saint-seiya-anime-prey-gif-10575984

Gitlab/Jenkins servers down again on cicdandbuildsecurity. Please vote for reset.

link

#ci-cd-and-build-security if it's a network and it's shared, you can't guarantee that you will find someone on your network

Yeah, state your subnet would be best

10.200.3.0/24. Jenkins is up but Gitlab is still down.

I meant in the channel.

Hello all

hii

Hiyaaaa

I need help logging onto my Remote Desktop 💀

Hasn’t been allowing me for days

And I googled ways to fix it to no avail

I’m in desperate need of a meal plan

👀

breakfast, lunch and dinner is a solid plan

More specifically the meals on the plan

I'm sure you can google that

Didn’t ask you to plan it for me smh

Just a statement

Well I've sent you one since i'm such a good friend

@mossy riverWhat are your goals with the meal plan?

Bulk

Dr. Mike Israetel on YouTube, I'm assuming you're training too?

I know what I need to do

But a lot of my meals are planned on a whim

Need to properly plan a routine

how do I send images

Eh, you don't really need one if it gets the job done

@thorny helm

One of your worries would be gaining weight too quickly maybe, I dirty bulked for a while, would not recommend

Need to use a different email from my tryhackme account since I use my personal one for discord and my school one for tryhackme

I can’t gain weight

Get the token from the account you want to verify

It’ll happen eventually but I’m just riding it out atm

I know it's frustrating, but there's a solution: eat moar

Nothing I can do, my body will slow down naturally

Until then, I just have to ride it out and do with what I can

ok anyway where do I report a glitch

#site-bugs

#room-bugs

I'm not sure if that's possible, but I think it is possible for weight to stagnate for a bit I think? Due to waterweight not budging

Your body’s metabolism will slow down. I have other health problems that reduce the impact too however

You can ‘force’ it to slow down but I wouldn’t recommend it

Makes sense, but I'm inclining towards the slowed metabolism being not significant enough, also the health problems sound rough

Just live your best life. Eat as well as you reasonably can and keep active.

Just live your best life
so demanding 🙄

Live your most average life

which room do you advise for learning to write shellcodes and make buffer overflows?

what are the main skills needed?7

https://tryhackme.com/room/bof1

thanx!

exactly what i am looking for

Wdym?

This room teaches you some of the skills you asked, Assembly, CPU Registers, BOF

https://tryhackme.com/room/x8664arch
https://tryhackme.com/room/x86assemblycrashcourse
Should also help with the fundamentals

Hiya DrG. How're things at THM towers?

All good thanks, how are things at Esqy towers?

Gave +1 Rep to @glass nest (current: #19 - 398)

(In my mind, THM offices is like a Transylvanian castle)

Living the dream here. Researchin some cool camp gear I can try to make from wood

Doc wanted to ask if the giveaway are physical books or ebooks?

Physical, second hand 🙂

cool

I've read them, so might as well share the knowledge

I heard good things about Coutdown to Zero day

I'm a big fan of 'the history of hacking' type books. Kevin Mitnick, Cliff Stoll etc.

Stuxnet amazes me, I've watched the Documentary 3-4 times, read the book, and they also discuss in it "the hacker and the state", never gets boring

I will probalby add the hacker and the state to a future giveaway, just want to see if my dad wants to read it first

Have you seen 2600's big book? It's called 'A hacker Odyssey' with tons of articles from since the mag started. It's amazing seeing 'New stuff' that is basically common knowledge or totally obselete now.

What's your take on Lockbit 3.0 getting shut down by the FBI and Lockbit's ability to put up new backend so quickly?

2600 can be VERY hit-and-miss. Some articles are all about a specific make/model of elevator system, but others are more general

Never heard of it, will have a look

Was released... Maybe 7 years ago, I think?

Haven't read too much on this topic, so no take :p

It's like hacking in a time machine

Dex, I only heard about it yesterday. But I've been focusing more on my workshop for the last few weeks, so not surprising

It's pretty new. Not much information is out there besides the site the FBI took over and the release of decryption keys.

Ahh ok. No doubt it'll be a hot topic on here in short order 😄

Most exciting thing in my city this week: someone found an unexploded WW2 bomb in their back garden, so 3.5k people had to be evacuated while the military transported it to sea for an underwater detonation 😄

Oooo, the Devsecops path has now released

Wait do they have a new infrastructure?

oh lol yes

didnt saw it yet

Just got the Ping. Blackout is on fire today 😄

I might have to do this path... since its kind of my job

can you give me money?

Only if its put towards.. well, You know what I want you to get 😄

no, do not ask for money here

Supposedly Lockbit_suupp (leader/spokesperson) put out a 1k word rant about not updating to the latest php and that's how they got caught.

yeah... Just readed it

interesting

and they are provoking the police to hack them again

Krax is here

I can see Krax!

Woah!

not see you around in about a month

I saw it on twitter first

you mean, you used your elite-level OSINT?

Glad to see u Esqy bro

Howdy?

Good to see you too. Any fun projects on the go?

Not sure if devsecops is for me, but I'll give it a go to say the least.

You might find it's the thing you've been looking for all this time

DevSecOps is a great skill to have

Learning programming

Zojja - True, but you are kinda biased 😄

What kinda DevSecOps?

Very nice, Krax. Independantly or at sk00l?

Independantly

Good job on staying focused.

So can we expect some awesome hacking tools from you? the next WoW?

I might have to become a subscriber again so I can do the entire path 🤣

Just to show us lot how it's done?

😁 Hope so

maybe

what kind of hacking is this? 😅

What flavour have you gone for Krax?

I've been doing lots of KodeKloud lately

I've only heard that a couple of times, Do you rate it Zojj?

its pretty solid, especially if you looking at DevOps stuff

but it isn't cheap either

Is that kinda codewars?

the million dollar question though - Is it worth it?

no, its a training site

Code training?

no, IaC, infrastructure as Code

interesting

Is there a free trial of it or anything?

looks like they have a week free trial

basic package is $12 a month, paid yearly

Although that with a 40% at the moment

yeah I have the Pro version

https://tenor.com/view/kitty-cat-hello-chat-gif-635688626936566701

Still, wasn't as much as I was expecting

my husband does as well (we don't share accounts)

Are you winning?

always

haha

oh which reminds me, apparently I'm a higher elo than him (chess), we don't play against eachother cuz we like being married 🤣

Hehe. My dads advice to my brother: Never play monoply with your wife

yeah I lost so many friends with monopoly

apparently Monopoly is the game that causes break-ups 😄

I play to win

Last game I played with friends was Pandemic board game. It's cool, cos it's more of a co-op style thing

Oh nice devsecops path ❤️

Once someone doesn't have enough money to pay rent and has to mortgage a property, I lose interest with the game.

no, let them mortgage everything, let me collect my monies

ruthless and to the point. haha

hmm going to do the new devsecops path

yes, come to the devsecops path

Peace out guys, have a good one, cheers

I need to finish the soc2 path before I start the new path.

what is devsecops?

I don't think I meet the requirements

same. I have many prerequisite skills 😄

I would need to pump myself up before starting it, but I'll scroll through the rooms first.

Are you a tyre?

Looks like I'm about halfway through the path. I should just keep going.

I'm more tired than a tyre.

Speaking of tyres, Formula 1 starts back up this weekend.

I don't meet the last 2

but still going to do it since its a small pathway

Seems interesting. Looking forward to it. I’ll do that next.

aye, does look intresting. Like... showing what the role actually is

This is a big moment, AIO. usually you are trying to choose between 2 things 😄

eh too bored atm

can't get more bored

Need to decide what to cook tonight

french fries?

Nah

Had some other day

rice?

Also had that the other day as well

Maybe a smoked salmon

woops wrong chat

my appetite is all wonky, I've been enjoying soup

soup sounds good for lunch

Beans baked upon the toast

you bake the beans on the toast?

You have time to eat 😅

Baked potato, chicken sweetcorn, peas and some green beans for me.

I love green beans in soup

"Soupe au pistou" is delicious, but has all sorts of beans

and here I thought french food was... not good

Pistou is like a pesto, which makes it even better

yeah, looking now at a recipe

ok gonna have to make this

I tend to prefer the Mediterranean diet much more than the better known French food, which is very rich and fatty.

what do you put in it? one recipe shows fennel and potatoes, another says pasta

On most recipes they include small pasta, and don't put tomatoes or tomato puree. But my grandmas recipe says otherwise, no pasta and some tomatoes/puree much better

nice, feel free to send recipe

I put Beans mostly, green, white and sometimes red. I also add zucchini

yes, zucchini is great in soup too

Top secret stuff I'm afraid, but let me try find it

You can also add a few potatoes if that's your thing

potatoes are fine, I'd prefer those over pasta

Yeah, pasta can be nice, but as soon as you find yourself reheating leftovers, it becomes all mushy

I shall DM it to you later 🙂

thank you!

Gave +1 Rep to @hollow pivot (current: #51 - 137)

DevSecOps path 👀

cmn, you are so 20 minutes late

well, if anything, I've known about it and worked on it for a year 😛

Ben is like a wizard, always exactly on time.™️

woah new devsecops path!

I believe the term is #fashionablylate. Much like most blue teamers to an incident 😉 /s LOL

oh damn, throwing shade

ouch

https://tenor.com/view/hot-lick-finger-tss-burn-gif-1252811549799025262

gotta update the path order

shoutout all the blue teamers

Next path!

How to fix a printer

Soon™️

How about new path: cooking classes with CMN

May have to update our T&Cs that I'm not responsible for injuries though 🤔

i'm sure we can get it past legal

Room 1: Intro to Ma's Taters

whattya think, tim/QA? 😄

as a room tester I 100% approve

Really dumb question, But was was wanting to post a PSA for people who may be in the path for the Eclipse in the US in April, what channel whould you suggest I do that in?

This one.

Or perhaps #900675803891761202 🤔

PSA to the 7 people in there

8

That's higher than my friend count by 8.

oooh how to get the taste tester role?

Lol, yeah

https://www.foodandwine.com/how/how-become-professional-taster

Can't post in the latter unfortunately,

But anywho, we'll try it here:

PSA to all, Be sure to order your solar eclipse glasses if you happen to be in the path of the 2024 Total solar Eclipse! https://www.timeanddate.com/eclipse/map/2024-april-8 https://eclipse.aas.org/eye-safety/viewers-filters

I'll have to mark that down on my calendar

kek, much like blue teamers to default ssh creds on a public facing container image running in the pipeline 😉

I've burnt my taste buds before, so I don't know if I meet the criteria.

It'll be my second total that I've seen

yeah but if you put it as admin:admin then you don't have to write it down on a sticky note...right?

https://tenor.com/view/roll-safe-clever-think-ahead-reece-simpson-gif-14469436

can confirm that is what has been known to happen

Hay...

That's my password 😮

************

huh

hunter2 did that work?

yeah you're safe

I have a question for the THM admins. It used to be that when you completed the learning paths, you'd get a certificate with the number of hours that the path corresponded to. For example, "Junior Penetration tester, 64 hours."
However, it looks like that's been removed. Is there a way to get that back? I used THM to renew industry certs like CompTIA but it will only work if it lists the hours.

wait, comptia accepted thm as CE?

first i've heard of that, lol

Where did it say the hours?

This is what it used to look like

If you get audited not sure if that holds up, ngl

You know what, you're right. It wasn't on the certificate. It used to be on the page with the learning paths and then when you clicked into the path, it said the hours.

At the least, it likely isn't able to be used for 64 hours

yeah a certificate of completion and a certification are quite different

You can't even use SANS courses for that many credits

I called them before I submitted it and I think I also submitted a screenshot of the page with the hours.
I'll try to find that.

There's this?

Unless you got it in writing, them saying it's OK, I would be cautious

if you have it in an email or something tho 👌

I found it.

Yeah, if they audit you and you don't have it in writing all they have to say is "our representative was mistaken, please make sure you read our TOS and the acceptable CEU pages blah blah blah"

If the auditor is nice they can sometimes give a grace period to come into compliance, but it's not guaranteed

This discord channel won't let me upload the photo. It's greyed out.

Attachments are locked to verified members only

Thanks! Okay, let's try this again.
This used to be on the learning page screen and the hours would be there when you clicked in the path.

Gave +1 Rep to @shut hawk (current: #13 - 480)

When I submitted to comptia, I submitted that screenshot with the cert for web fundamentals.

It was changed up, the UI is undergoing another UI change, so when it is, all the rooms will have an average time to complete (if the room creator sets it)

IIRC I don't think THM ever told you how long you spent on the path.

How would it measure the time spent on a path?

Well, if CompTIA audits and rejects those, I have wayyyyy more than the minimum hours required between training that I've done, obtaining higher certs, and other activities.

I'd just stick to stuff that gives the credits.

I got my E-mail for the Android Forensics.

Same

well just so you know jayy bluring text can be reversed... replace it with black bars instead

Are you saying he doesn't spell his legal name with 2 y's ?

unless you're adding those black bars on an iphone

then they can be reversed too sometimes

I appreciate the concern, but its just a random google photo

...

welp someone messed up

anyways anyone wanna help shadow with were to place this new path in the path order???

here?

not sure yet because haven't fully gone through it

hmmm good enough

thanks jayy

The new DevSecops cert will have the new theme for me. 😄

+rep @shut hawk

Gave +1 Rep to @shut hawk (current: #13 - 481)

Is this helldivers2?

yes

Looks like Destiny combined with Battlefield.

It kinda is

Goty 2024

How is the game? Thinking of getting it, but I'm free-time strapped.

Masterpiece

Best to play it with friends

sad... no friends.

You could play with randoms

I hear the servers are usually full.

Not anymore

They raised the capacity so it's fine

complete beginer (takes u by the hand)
pre-security (key concepts to have read at least once)
intro to cyber (totally optionnal)
jr pen (gets u into it)
offensiv (some practice break)
redteam (more details)
blue and others->

That was days back

is it worth getting? looks fun

Yea

Most fun I ever had in a game before

you do realise that complete beginner builds upon the fundamentals that pre-security does right????

yes but they wil do both, so they might as well start with something practical and not the boring one

I'll look into it. I'm pretty excited for FF7 Rebirth.

DO NOT AGREE

Me too, doube I'll play it though.

Too busy on CoD and Fortnite.

#974406074444685322 is the small practical practice break

When I have some time from hacking.

but pre-security fundamentals is super important to understand to have any form of foothold for practical practice

ok i forgot about linux fundamentals

sure

@shut hawk

Did you ever get the warp terminal to appear?

No, didn't look into it

then again you are free to make your own list and order of doing the paths.... shadow just has their way of doing it and sometimes ask for advice on it

I just started playing fortnite with my nephew. He's pretty good at it. He's terrible at CoD though. I haven't touched CoD since it's release.

no

I enjoy Fortnite, it's good for some mindless fun.

CoD I get more competitive at.

annoyed at discord for not supporting custom themes in their official app which means people break discord tos to get it to look the way they want

eh for shooting games shadow enjoys battlebit remastered

Emerald i sjust sad because they're terrible at it.

Eh I suck at fortnite as well, but I don't care

https://tenor.com/view/the-big-bang-theory-jim-parsons-sheldon-cooper-what-a-noob-noob-gif-5408039

Yup

I'll take my revenge in other ways

I’m crazy at fortnite

Don’t let me see you on the island

well not a lot of shooting games that can be played on linux

I need to pick up BBR

it is a lot of fun... sadly vain and berrise seem to have swapped game to play so got no one to play with right now

BBR?

Bance Bance Revolution

sounds about right :p

BattleBit Remastered

ah another fps

yeah

it works neatly on linux for now as it uses easy anti cheat with the version compatible with proton/wine

IMO the finals is the best BR game irght now

That’s a battleroyal?

Thought it was a 4v4

I tried the finals and couldn't get into a flow.

depending on mode, it's 3v3 or 3v3v3v3

Got me lol

Have i been inside too long or am i easily fooled?

it is a very good illusion

How often do u go out/exercise, Shadow?

Is there a room that teaches how to packet sniff and reconstruct a jpeg/png file?

Sometimes i do a room and im limited by my knowledge where im facing a problem or a solution i dont even know, is it bad then to watch a walkthrough?
If yes what should i do elsewise

Thanks for every answer

What are walkthroughs for then?

wait there is something outside that door???

You have a door?

I don't think so

i feel like i am cheating then

That's how you learn, don't feel like that's cheating because it's not

My first few CTFs I had to read writeups only

thanks a lot for the answers regarding my question

❤️

such a good community whenever i have a question i get relevant answers man

makes me feel not dumb and alone on ma way

dunno about the teaches part but guess it would be the wireshark series of tutorial rooms..... or spoilers for a challenge room || there is one of the advent of cyber 2023 side quest rooms that goes into restoring a video of a rdp connection ||

Try your research first, if no success, then walkthroughs are the solution, no shame, no cheating, this is how it works

I think the most powerful advantage of THM over other platforms is it's walkthroughs mechanism

Omg i completely missed the Advent series

I already built my "own methodic" how to approach, what to do first, check if needed etc but often i just ran out of ideas and then i just quit the room and then i think "i have to learn more" but how should i learn if i dont know what to learn xD if that makes sense.

But your and rixons answer makes totally sense

Hi is there an easier way/tool to crack a WiFi password without the need of using tools that require trying numerous wordlists and wait for so long until i get the password like in aircrack/ wifite?

if this is on thm boxes before you click on it shows what it needed in the box like xss and such

Which WIFI passworrd are you trying to crack?

@mossy river

Neighbour

I prefer to read the walkthroughs and not quit the room unsolved

I want that flag :))

yea wait for Jabba hes a expert at that

Aight

@heavy temple You know that's illegal right?

Would the "only For educational purposes" usage be a problem?*wink wink

So you do know it’s illegal

That wink wink though :))

I don't really need his wifi just wanna test tools and the known script kiddie method doesn't always work

But you’re aware it’s illegal right?

Hey guys, maybe a stupid question but.. how do I change the username I see when using cmd? I tried looking for tutorials but I can’t seem to find a good one.

:hammer: msl.7#0 has been banned.

🤣

I still am not sure if they know it’s illegal tbh

They said wink wink

Pretty blatant and they're pretty evidently a muppet

That wink wink was so stupid :))

They might have a twitchy eye

Yes

https://tenor.com/view/wall-talking-talking-to-self-alone-lonely-gif-5869985

Get yer own safe

well it is a challenge room too so maybe not what you were looking for and it is rated hard for a reason

That bot name is TryModerateMe :))) cool

Congrats to the giveaway winners.

oh ey ralex won

Overcast ☁️ +2°C (-1°C): ↑3.1m/s: 87% humidity: 0.0mm: 1 uv: 1017hPa

Seems warm

Also wet

considering the amounts of lakes and rivers and stuff around here yeah it is wet

quick question regarding the meterpreter agent that you inject in a system

it says it runs on the RAM and it is not written on the disk

how it is that actually possible?

like, suppose you are downloading a file from the internet (which is the meterpreter agent), wouldn't that be written on the disk first?

look up ramdisk

yipee

I do understand that using an exploit, you can inject a process

that is understandable, but before you execute the program

disks are just really slow, cold, presistent memory 🙂

(not that that helps with the current question, but maybe for general understanding)

understood, thank you

my question was related to the fact that in the Meterpreter room, you needed to wget the file from another computer from the same network

and wget command will "download" the file which will be on the disk? isn't that right?

then of course, after execution, it might get deleted

but first the file will be on the disk not on RAM

that was my concern

yeah, that is correct

a good example is the eternal blue exploit

it never lands on disks as it attacks something already running

yeah that is fair

I was thinking of the posibility of downloading the agent from a web page for example

without exploiting an actual vulnerability

to be a bit pedantic, there's no reason why a file download MUST go to disk

what would you guys recommend to be the best modules for someone learning web exploitation for CTFs? intermediate level

#web-fundamentals-path

it is not like a MUST rather then a usually

right

most of the files will go to the disk

well, it depends

specifically, it depends on what tool you used to "download" the file

all shadows files go to floppy disks

that path is quite long, I was searching for specific modules which I can practice for a CTF in a few days

i disagree

hello fellow humans

downloading just implies the file is being pulled across the network

not that it must be going to disk

why do you assume we are humans, lol 😂

but again, that's perhaps a bit pedantic for the current conversation

u know ai is a thing nowadays 😹

ello other eldritch horrors

thanks for the answers

and, in that regard, memory is on disk in some cases

though to be fair, i'm not sure how SWAP plays in for fileless malware or similar

as usually you aren't doing anything HUGE enough for that

right, SWAP is a whole rabbithole

lol

200gb malware

haha

and fight agents

uncompressed 8k ransomware popup

gotta make it look pretty

opinion on games hacking? sounds very interesting for me, but at the same time it looks like a burden to learn it. Besides that, it is illegal

careful

Your last comment says it all 😄

Discord TOS has a specific "no game hacking talk" clause

so, perhaps better not to

ok, then I will type it again, reverse engineering ?

not really worth it. No end-game that I could think of which would be ethical. no need to even think about it

was thinking about the same

that is why I mentioned it is a burden

to practice it you will need to create your own software

https://tenor.com/view/matrix-neo-keanu-reeves-power-windy-gif-15235043

reference ?

the skills for reverse engineering and such are useful in industry, but that use case has no ethical end game for sure

Zactly, password chicken. Either way, Lets stay on the right side of the Mods 🙂

don't worry, not planning to switch sides, just curious about it

it's rolled into their "don't do things that violate intellectual property rights" part

https://discord.com/guidelines

Do not share content that violates anyone's intellectual property or other rights. This includes sharing or selling game cheats or hacks. For more information, please view Discord’s Copyright & Intellectual Property Policy.

the language has changed to be "don't share game hacks"

so maybe discussion is borderline

but i would still avoid it

If thats the case, it would be in the advanced channels.

agreed, the server rules apply as well, so if anything it may need to happen elsewhere even if discord themselves arent super strict

Anyhow! Vegtable Gyoza - Delicious or no?

I am not sure if the algorithm of discord goes through it all, tbh

It's not allowed here at all, as far as I know. Because of the TOS.

depends on the vegetables

The.. gyoza ones 😄

Vegatable Samosa's are a solid dumpling choice

i'm a fan of gyoza with leek in it, but usually leek is mixed in with pork or chicken or similar

so it sorta depends still

A solid choice of dumpling, or a choice of solid dumping

I don't think i've ever had a bad Gyoza.

so like, if you talk about it, you might get banned or smth?

aren't there red teamers for the gaming industry also ? lol

anything you say in messages or even in voice chats is subject to discord's moderation

(Or Esqy and Chicken change the subject really subtly)

lol

understood

Hello is there any ai that can help with my german homework xd?

i'm craving Gyoza, so It was all I had on my mind 😄

haha i always make sure i have some on hand

The one inside your mind, Daki 😉

you helped me a lot thanks lol

Gave +1 Rep to @glass nest (current: #19 - 399)

Honestly, I'm a Dim Sum feind. Also Sushi. And tapas. Anything thats 'Many tiny foods'

so theres non of them

It's like being a giant

Daki - Cmon man. It's your homework. to prove YOU know the subject.

Not to prove you can ask a computer.

Also, languages are fun

I mix cultures a lot, dim sum is good but can be time consuming to prepare some of the common dishes

german is not inportant

Pfff. Asian supermarket. Get it froxen, then steam to perfection 😄

Daki - Yes, it is. Many industries are HUGE in germany.

ok i will do my homework by myself(:

Motivated

You got this. German isn't all that hard once you get into it

Tamagoyaki is one of my favorites

What are those awesome octopus ball things?

Takoyaki maybe?

That being said, I would climb inside and live in a Char Sui Bao if I could.

takoyako are the fried octopus balls

tamagoyaki is the rolled omellot

Hmmmmm you got me thinking about making some okonomiyaki now 🤔🤔

Havent eaten that in years, time for some experimentation

food?
food!
food food...
food food food!!!!

shadow seems hungry

Is it risked to stream my CTF ?

it's as risky as any other stream

i mean people can see my openvpn ip

I saw some ppl hiding it

imo it's more effort than it's worth to hide it

food!?!?!?

food food

sometimes i wonder if this is code for something which i just don't understand yet.

generally that vpn ip will at worst get someone to be able to get into your vm... but in nearlly all instances nothing will happen if you share your vpn ip

mostly joke ¯_(ツ)_/¯

Hey, theres one question i seem to cant figure out

What language is best to learn? C#, C++, C, Java, Python, Ruby??

I would say so as well. Especially if it’s code. I’m onto you 👀

There's no best

Alright thanks

Gave +1 Rep to @sand trench (current: #4 - 1646)

Depends what for. If you're not sure, Roll a dice.

The question is more complicated than you think 😅

also if you notice anyone attacking your kali vm report it to staff and said person will get banned

Has a lot of “it depends” in the answer.

Also, if you learn 1 fairly well, most of the programming concepts carry over, and there are just differences in Syntax.

I know right, got my brain messed up ngl

The basics are largely the same

what is the depends factor based on?

The biggest difference in lagugaes are if they are object oriented or not. I prefer it, but some others don't

whats your opinion which language you think someone should stick to and elarn?

use case and how quickly you can make working code or if it needs to be compiled and more

Probably ricklang

C++ for general use, python for scripting, C# if you wanna develop an app

whitespace

this is where the 'it depends' comes in 😄

me want to learn assembly 🤩

What the software you are writing does. How fast it needs to be. System / hardware it is running on. And so much more.

BUT if you are only starting out, any of the ones you mention would be ok. Honestly though, I found C++ to be fairly straighforward. Python is really easy to learn

https://tenor.com/view/glootie-app-software-do-you-want-to-develop-an-app-gif-17182284

I actually wouldn’t recommend c++ for genera use. C# has better UI integration imo. And you don’t need to worry about memory.

Fair fair. I've only done a TINY bit of C#

But smart pointer etc made it easier. But debugging is still way easier in other languages especially for beginners.

has made a game using xna in c#

is rust hard to learn?

subjective

C# just supports so much stuff out of the box which you need to write yourself on c++

White tiger - honestly just pick one and go for it. C# is a nice option.

(based on what NeedSleep said)

But switching later from c# to c++ is fairly easy.

This protein powder is so good, it's like nesquik

having prior experience will certainly make it easier, the rust book makes learning it a lot easier

Just don't get FOMO. Everyone has their fave 😄

Thing is you'll find yourself writing stuff in many languages, just pick one to learn the concept, after that you adapt to your needs (i started with Python, ended up with C++ for Arduino and Kotlin for Android)

Python is almost pseudocode 😄

When you compare it to C yea pretty much

Just say what you wanna do and Python will do it 😄

i like the strawberry nesquik

but hey, we dont want to reinvent the wheel

Teachers: Don't write Python as pseudocode, it's not the same!
Me: Writes Python and gets the highest grade

just in general, pick one and stick with it. switching languages with different syntaxes (even slightly) will mess you up 😄
switching later is much easier. most of the languages share a lot of syntax.

This is exactly what this shake tastes like

You don't wanna define a variable type? Don't worry, I got you!

TBF python is basically pseudo code xD

https://tenor.com/view/sup-dawg-sug-nod-dog-gif-10032884340639555575

The one you like the best 🌠 Seriously, the general rule of thumb is to learn at least one scripting language (Python, Ruby, PHP, Node/JavaScript, Bash) and one compiled language (Go, Rust, Crystal, Nim, Zig, C, C++, Java, etc). Bash, JavaScript, and PowerShell (if you do lots of Windows stuff) are kind of unavoidable and you will have to learn them eventually.

it legit guesses for you lol

Y'all hate it when your project is finished.... but want to do a brand new project, yet don't know what to do?

Don't forget HTML

we talking programming languages 😄

Thanks this helps, thank everyone who replied

Gave +1 Rep to @lament mantle (current: #304 - 15)

Actually @glass nest . You gave me a good idea

Oh no, What have I done?

Well.......

I don't know, you don't know what HTML has done to NASA

Nah, I need to fix my trueNAS PiHole to allow me to access my router because it's using https now... but Asus wants to be Asus and be a TINY bit PITA

So I can free up that Rasp Pi currently as my PiHole to make into OctoPi for my printer

Oh sweet.

i don't say it is useless, just not a typical programming language

nice name PiHole

It's a joke homie 😁

But the internet is Srs Bsns!

🙂

But need to test some of my devices on teh TrueNAS PiHole, before doing the DNS swap on the router

https://tenor.com/view/thats-what-these-tests-are-for-the-grinch-crash-test-jim-carrey-demo-gif-13447627

DNS... shudder

Yah.....

Fuck DNS

The cause and solution of so many challenges

https://tenor.com/view/dns-haiku-dns-haiku-tech-pod-it-was-dns-gif-27399037

is that a haiku???

I was waiting for the -Sun Tzu

Yes

Just went through the phishing module. i did not know open source framework like that exist 😄 explains a lot.

the gif didnt start for me for a while, and i was like, hmmmm very nice water paint painting, then it loaded ...

it is even worse if you have the auto animate off

BGP is also pain

stupid backbone internet

THANKFULLY I never had to deal with BGP

Riddle me this...... I can't access my Asus Router from my TrueNAS PiHole, but I can from my Rasp Pi PiHole........ I COPIED THE DAMN CONFIG

Yet

Noooooo, no yet. God please no yet

Yeah we had issues where our BGP was being rerouted "unnaturally" through China, whenever we're close to introducing a new product to the market.

i just ran some code in front of my manager before leaving work today, it didnt work, he told me to go fix it (I KNEW IT WORKED), i took my pc and left, tried when alone, it ran ... i changed nothing ... still a mystery

sounds like a normal day in a programmers day.

I broke it.....

Beerise, have you seen 'The Fly'? Just a warning for your teleporter

No, but I have seen the simpsons episode..... and played TF2 lol

If only building stuff was an easy as hitting it with a wrench...

Good ol' TF2. I miss those days.

No wonder why my computers never seem to work 🤔

Yah. Hat Fortress 2

All warfare is based on deception. Hence, when we are able to attack, we must seem unable; when using our forces, we must appear inactive; when we are near, we must make the enemy believe we are far away; when far away, we must make him believe we are near, Sun Tzu

Yup
-Sun Tzu

WOOOOOOO. Got my TrueNAS PiHole working now! LETS GOOOOO

how to start in the world of hacking?

#start-here

MW3 2011 vibes right there

buy a black hoodie

Black hoodie, always have it up, and wear a Guy Fawkes mask.

the only quote I know from Sun Tzu 😂 it's at the begining of the book if I'm not mistaken

GNU-rex is also right though. #start-here Is also a fine option.

Oh and use the Kali Linux wallpaper for your phone 😉

Remember Remember, the 5th of November. the Gunpowder treason and plot. I know of no reason, why the Gunpowder treason should ever be forgot.

https://tenor.com/view/remember-remember-v-for-vendetta-happy-guy-fawkes-day-the5th-of-november-gif-12829141

V for Vendetta is AMAZING

But do you remember, the 21st night of September?

1605 and people still remember 😂

https://tenor.com/view/september-earth-wind-and-fire-do-you-remember-21st-night-of-september-disco-gif-18346287

https://www.youtube.com/shorts/wY6k8jWi5Ws
I kmow of this version too lol

https://tenor.com/view/breezy-hacker-im-in-matrix-laptop-gif-22983973

The emotion sprung from it depends strongly on the context

I think I can cut my DNS on my router over to my TrueNAS instance now. LETS GO

Famous last words

'It's always DNS' - Sun Tzu

I thing these cables aren't necessary 😂

@glass nest satellite ground station fixed and recieving satellites 😎

Eyy! Nice!

step 1 done, whats next?

Whats next?

Looking to expand it and replace the antenna long term but that's a high effort project

He was joking about that lol

This is where you need your own hose

Next step, contact aliens

ik lol

hit the effing books 😂

Wolf - #start-here Is a solid step. Basically, Log on to tryhackme.com and start on one of the paths. Some are locked behind a subscription, but you can skip those if you don't have the resources to get a subscription. Most of the rooms (A term we use for the differen tutorials and challenges) are free

Become a expert haxor

More a workshop

okay, thank youu!

Gave +1 Rep to @glass nest (current: #19 - 400)

I meant house, but a hose is useful

Isn't listening more interesting than talking though?

Yah. Having a workshop for the thing you enjoy doing is like having a little slice of heaven

You on to somthing

Except that it gets messy as hell, and I've no idea how those youtubers keep theirs so tidy

hello guys

Listening with an SDR is way easier, cheaper, and generally more legal than any transmit

Maybe cos they are massive compared my single garage

i know it is not related to THM but is it safe to use protonpass browser extention on my hacking virtual machine? if it gets hacked is it possible that they access proton pass too?

G'd evening Chara

If they get your master password from your hacking VM, they have your master password.

Ayyyyyy cut over my laptop to my TrueNAS PiHole DNS and it's looking spicy. Lets GOOO

It's like the network issue was resolved and the floodgates opened 😄

Esqy, you worked with copper pipe before?

Connects laptop to TrueNAS PiHole

TrueNAS PiHole Blocks: ALL NVIDIA

so what should i do i have very big passwords and sometimes i need to access certain websites from my vm