#general

And check your sources

it's a 87 lined create view statement

deb https : // http.kali.org/kali kali-rolling main non-free contrib
deb - src https : // http.kali.org/kali kali-rolling main non-free contrib
must be in the sources.list

apt-get update && apt-get upgrade - try this as well

@steel aspen

Hi

'ello

Anyone else a fan of Rooibos tea?

Im sorry but no

You should try it

My mother drinks that

It smells fruity and its nice

Or maybe you dont like it given that fact...

I guess?

Nah idk

Just

Honestly, I swear that OneNote is the best thing that Corporate work has taught me

Is it meant to have a ~ at the end of file name

Im an OneNote enjoyer, yes

Uhh

let me check myself

Oh wait, my kali can't do that too

This is stupid

It looks like this right now

Mine has the ~ at end of file name and if I change it, it's no longer dark green

It's been a long time since I hopped on THM until the other day. I forgot I was already level 8

Well

I juts fixed problem

My problem

I mean

I could not do that(Update my kali)

Now I can

But it wasn't a problem I actually was searching the solution to

Give me a screenshot

OneNote is pretty great. A few years ago I discovered Obsidian though, and man oh man, it's incredible

Give me a screenshot of the sources directory

If I can ill help you

Yeah I have obsidian too

But OneNote is just like

Copy paste screenshots

Modify text like in MoS word

While obsidian can't do that I think?

yup, much more visual

Try Windows logo + Shift + S on your keyboard

Obsidian can embed images, but text formatting takes some CSS screwery, and you don't have as many options out of the box with regards to images and stuff. But they serve slightly different purposes

cat /etc/apt/sources.list - do this

ah oke

That works too

Let me look at it

do nano /etc/apt/sources.list

nano /etc/apt/sources.list <- do this

And give me a screenshot of what you see

Thanks, im gonna try that too

Gave +1 Rep to @warm latch (current: #2054 - 1)

I feel dumb

let me help you

@steel aspen

Do this: nano /etc/apt/sources.list

Put a new job REQ up for my team, if anyone is interested

What is it about?

You'd be working alongside me, for better or worse

Infosec engineer II on the cybersecurity defense team

Oh hey weet

Is it Intern/Junior level?

Oh shoot, hey Spore!

Be careful about including non-kali repos in your apt sources list. It's a really great way to break your system

After that?

Press Windows logo + left shoft = s on your keyboard

This applies to all debian-derived distros (ubuntu, kali, et al) https://wiki.debian.org/DontBreakDebian

And give me a screenshot

Noooo unfortunately. Gotta have some level of experience. But even if you don't have a ton of cyber experience, if you are driven and hungry to learn, throw your hat in the ring anyway

Go buster won't install

I am interested

You see the deb repositories right?

Just goes to save it

greetings everyone!
nice to meet y'all
i'm new over here
started tryhackme since two days and i'm considering switiching to premium

My resource list looks like this:

# See https://www.kali.org/docs/general-use/kali-linux-sources-list-repositories/
deb http://http.kali.org/kali kali-rolling main contrib non-free non-free-firmware

# Additional line for source packages
# deb-src http://http.kali.org/kali kali-rolling main contrib non-free non-free-firmware
# deb https://http.kali.org/kali kali-rolling main non-free contrib
# deb-src https://http.kali.org/kali kali-rolling main non-free contrib ```

Umm... the new AWS cloud learning is £100 per month??? Is it made of gold?

What the

Oops

No, of AWS. AWS isnt free yk

Let me fix that

Do you know how much AWS costs to run?

Awsome #start-here

Please edit this to be a source code block instead of using the markdown......
```bash
content goes here
```

Yep, still not sure the cost is justified though surely

on tryhackme?

Yes, just did that. Apologies, I have rarely done it

So you'll know why THM have set the price as they have

I can only imagine THM and HTB's AWS bill. I know for the SANS SEC565 class I did, our labs were probably $600/student for the week

https://tryhackme.com/r/attacking-and-defending-aws

@steel aspen

Did you do it?

What? it's still £329

it says 329 for me

yep 329

For 3 months access

Or 100 per month, billed annually

No that's per seat

I only want one seat

It's only for business the annual

okay, so i don't get access to everything if i get the 12 pound per month premium subscription?

I mean it is Amazon

Only the AWS path is exempt.

@steel aspen
In case you come later to check instruction:

1. sudo nano /etc/apt/sources.txt

2. Make sure the below code is present inside sources.txt:

# See https://www.kali.org/docs/general-use/kali-linux-sources-list-repositories/
deb http://http.kali.org/kali kali-rolling main contrib non-free non-free-firmware

# Additional line for source packages
# deb-src http://http.kali.org/kali kali-rolling main contrib non-free non-free-firmware
# deb https://http.kali.org/kali kali-rolling main non-free contrib
# deb-src https://http.kali.org/kali kali-rolling main non-free contrib

3. Ctrl + O <- Saves what you inserted into the file
4. Ctrl + X <- Exit file
5. sudo apt-get update

What is the aws path even about

What makes it special

so i'll get access to everything else apart from the aws?

You can look at the path.

Yes

Ok, AWS, business and educational rooms are exempt.

I have been a long time supporter of THM, but I'd need to see some value before I spend that kind of money on it

Imma go grab a hotdog

Brb

Nobody’s saying you have too baro.

On the flip side, nobody is expecting you to pay for it, it's an optional purchase.

Okay it's letting me update properly now

Hopefully machine doesn't break lol

I understand I don't HAVE to, but I wanted to lol

Hm interesting

what are inside business and educational rooms?

Thank you

Gave +1 Rep to @near hawk (current: #67 - 96)

Rooms excluside to that business or school.

Some business and schools have rooms create don THM.

But they are private rooms right?

For you users, yes.

Or does every business have access to every business room?

No.

Like are there public rooms for only businesses?

Does that mean I can install go buster via cli now

No, they're private.

ah yeah

Cos the tar gz files are annoying

i suppose if i'm planning to be a pentester in future, just a premium subscription would do for learning everything i need?

Yeah, bare in mind, 75-80 % of THM is actually free.

Thank you, worked

Gave +1 Rep to @oak river (current: #826 - 4)

Premium is definitely worth it man, best investment you could make for your career

Scrubz can you confirm the file up top with the Kali stuff? Does it all look good?

I'm glad I could help you

Community Service is important

I've just shut all my machines down. lol

Well I guess it's working good enough for me 🤣

If it breaks, it breaks

Yeah

By breaking we learn

As long as whatever breaks is not critical or important to us

A virtualbox image - Go ahead and break it as much as you want

@sick lance thanks bruv
why did the bot flag me for spam lol?

Gave +1 Rep to @sick lance (current: #1 - 2148)

It's fine. The changes is to edit the channels available for the kali repo. it's not bringing anything crazy in. I would still advise you to do some reading on the debian upstream about how apt works though.

anyone see this error before? trying to brute force a pop3 password in hydra. after ~2 minutes this error starts spewing. I was thinking hydra was broken so I found the actual password, and put it in a smaller word list and it worked. im assuming the error is coming from dovecot, but not sure what I need to alter in hydra to fix it.

POP3 PLAIN AUTH : -ERR Disconnected for inactivity during authentication.

thanks for the feedback
would you say tryhackme is enough in providing with all the learning to begin in a career of cybersecurity or at least land a job as a pen tester or smth?
or would i need extra stuff along with it

Yeah I need to learn about the different package naangers n what they do

Possibly being a new account an posting multiple times.

Recommend any blogs?

The official docs would be good.

That's probably a good idea lol

https://www.debian.org/doc/manuals/apt-guide/index.en.html

whoops!

Not always 🙂

I wouldn't say it's enough, but it's the most concise platform available for specialised knowledge. You'll still need some practical experience, so try building a home lab and get yourself into any IT job to handle real world situations

one of the things i noticed about thm is that there's a lack of programming tutorials on it
(i know it's focused on hacking/cybersecurity mainly, but isn't programming an important part in that field as well?)
so that arises the question, how much programming do i need to learn from other sources and to what extent?

Python scripts yes, coding not so much unless you want to become a security engineer

for pentesting?

I think its mainly scripting thats prevalent in the industry

unless you're getting into maldev / rev engineering

Pentesting is mostly scripting.

Yea unless you wanna write your own tools or so

i'm a bit out of depth here
how does scripting differ from programming?
(i used to think it's the same thing until 2 seconds ago (i'm a beginner in computer science stuff))

Scripting is just building a small program to automate tasks, whereas programming would be building out a whole application

scripting is usually done with higher level languages to automate tasks

got it!

Start with the beginner stuff and see how you like it

i'm just doing B.Tech CSE (1st year) at the moment

That new room seems fun

Nice. Yeah, build a strong foundation. Cyber security is a never-ending life of learning

hello can someone explain this better to me

unsigned char new_bytes[3] = { 0xDD, 0xD8, 0x90 };
for (int i = 0; i < sizeof(new_bytes); i++)

i understand that if i is smaller than the sizeof new bytes add a 1 to i loop kind of but i don't understand the new_byes[3] = { 0xDD, 0xD8, 0x90 };

can someone explain this better if they have the time please? Thanks in advance 😄

are you familiar with arrays in C? @undone sorrel

i understand a tiny bit of arrays with python and stuff, but it still confuses me a bit

i read the array in learncpp but this one confuses me

i think i've got some notes on array from my college
if you don't mind me dming it, i'll be happy to take pictures of it and send it to you

if you could, that would be amazing 😄

thank you so much brother ❤️

no worries
gimme a few mins

take your time pal

that line basically declares an array called new_bytes with the data type 'unsigned char'
you should be able to understand what an array it, if you can go through my notes

so if for example
new bytes had 4 values in it like it would have to be
unsigned char new_bytes[4] = { 0xDD, 0xD8, 0x90, 0xDC };

yeah

I just figured out how to get linux on my school computer

How so?

why do u even want to install linux on your school computer

i dont, i just could if i wanted

I would advise you to not make changes like that to your school issued equipment and hardware. I know of a couple of students who were expelled for hacking their chromebooks.

Yep thats not allowed under our tech usage policy and risks expulsion

@gritty fern and PLEASE do all the school technicians a favor, and DONT drop your chromebook. We will be pissed off that people treat chromebooks like a toy, and their property.

Not saying you do that, just saying my peace lol

I see people throwing them all the time at my school

Ontop of that. NO STICKERS!

2 day detention for stickers at my school

Those kids have a special place in my heart..... the burning depths, I hated those kids

lmao

https://tenor.com/view/newspaper-gif-18150652

😭

Not at you, those kids lol

yeah ik

poor cat

:(

He threw his chromebook

Piece*

peece

Tomato tomaato.

I'm over here trying to figure out how I'm going to setup a cell service booster in the basement...

Valid

Some basements get no cell at all

Yah, headache, good news is. Nearest cell tower is in the back

Bad news is, multi million dollar house, so no drilling

And you need a booster still?

Nah, got a booster. Demanding instructions, so no idea how they want it setup

I see i see

The booster needs to be at least 2 feet away from the indoor antenna, and the outdoor antenna needs to be 50 feet horizontal or 20 feet vertical from inside antenna

lol

Welcome to my dilemma

then use a sledgehammer

https://tenor.com/view/mansion-game-playing-video-games-games-gif-13568082

^me routing a cable

Mr bat wants to play

https://www.youtube.com/shorts/G5q0VvTCYEI

that is pretty neat

wow kiterunner is great

Mr Bat doesn't play nice

@crude stump

He doesn’t

Mean Mr bat

Wait berries did you work in IT for the school?

Very short amount of time

How was it

Bet you it kept you occupied tho

With all the broken stuff

hiii!

Dude.... the amount of chromebooks I got back with like "I just dropped it" and it was OBVIOUSLY thrown

💀

im now Level 9, how can i update my role on the discord?

I think the leveling up is still glitched

But you can try

Try to re verify with /verify

still glitched i think yeah

i'll try tomorrow or in some hours

xd

0x8 is a nice colour anyway

but scrubz you green now

I know. 🙂

0x9 isn't a nice colour imo

aaaaaaand one of the room test rooms for this week completed

hello

ello ello brobot

trademarked

unless brobot can prove they have a trademark shadow is not gonna honor it

Hey y’all I’m BroBot

🤨

Oh no, you've conviced me otherwise

https://tenor.com/view/not-gif-4797021

there were a couple nice ones in the low ranks ngl

That looks like that one panda pokemon

looks like it'd grill up nice

😭

All he saw was me failing to use sql

Ahhh, back to coordinating with my old boss for this client

Sneaky guy

so many roo things

but none are kangaroo:S

Top 5 Sinco

Pulling a muscle in your chest hurts like a son of a bitch

Like right under your ribs on thr right side. Painful as hell

how do you even do that

you sure you did not break your diaphragman

that would effect breathing i think

gotta love custom fan speeds and modes

When I was training for a marathon and decided to go from 21k to 30kilometers

I though I had a heart problem

It was that much of a pain or an odd pain

#room-hints 💯

Is it normal for the terminal to be a bit laggy when typing commands once you've established an ssh connection?

I thought like when I type a command it's "typed" on my end, and only when I hit enter is it sent and executed, so I don't understand why there's "terminal lag"

it's not unbearable but there's about a half second delay or so and I'm just curious what the reason is

@fallen cairn Hey that's a private room, please don't ask for help for it here.
Contact the room creator or whoever gave you access

Yall

Msi G244F Esports E2 Gaming Monitor 24″ 180Hz IPS no HDR

Or

Acer Nitro VG240YSbmiipx 23.8 inch 165hz HDR IPS

not enough information

what resolution are they

Both are FHD

Getting FHD cz

I'm leaving this country in a year so I'm leaving it here

So I'm going budget

You got a monitor now? I'd just live with that for a year

No I'm asking which is better to get to live with it for a year

Cz like

One got HDR the other doesn't but idk if that matters

Where are the Impacket things on the thm attackbox

eh HDR is worth it

locate impacket

eh too many results to filter through

Where do the files fo when I use get through smbclient?

should be the working directory (directory the terminal was in when you started smbclient)

I will check, thanks

Hello

👋🏻

The problem was that I only used get [file], without doing get [file] [name of file on our machine]

Bro online

I'm online from 6pm-1pm : )

19hrs? damn

hey guys

i am recruiting for a uni project

and i need participants

No, we don't help with that here.

i mean this is recruitments

for assignment

not very formal tho

For protection of our members, Unless you have permission by our admin team.

ohh i see i see

sorry then i just need some participants hahaha nothing else

Then ask your people in your uni. 🙂

Yes.

i am, i just have some specific criterias and i wanted to widen the pool of participants

Hey, Scrubz said that we don't do that here. Please respect that.

don't worry, i am just responding, i am not negotiating :P

Yuuur

Wsp

master hacker

When updog doesn't want to install...

What’s up dog

Get it

An alternative to python server.

what’s ⬆️ dog

O

So there was a Data breach from one website. My physical address phone number email was leaked. Any tips what to do?

Python server like discord? Or a actual server that hosts python

Be aware of increased phishing attacks

Scrubz I've been snookered by maths

Like the http.server on Linux etc

ie python -m http.server

Can’t you change your phone number

How did that happen?

Like calling up your phone company

Building something, struggling to get the maths working

I will change it tho. And also change my email address

Not that's not like you, you're human after all!

Is this Radio work?

Yep, nothing is linear

algebra? calculas? addition?

You have to order Hoover Max Extract Pressure Pro Model 60 dust filter and move to Netherlands

Yes definitely

That’s kinda all you can do. I have a scam shield that is amazing

I can't even behin to imagine how I could help

Quick question about the rooms. I noticed that some rooms seem to be hard to Search for? For example, one of the THM blogs has a link to the CompTIA PenTest+ course, but when I go to search for it by name, nothing pops up. Is there a trick I'm not aware of?

Ohhh

It's a path.

https://tryhackme.com/path/outline/pentestplus

I've done the algebra
I basically have to find the closest fraction to a value, with constraints on the numerator and denominator

https://tenor.com/view/skeleton-dead-inside-happy-gif-9245119

https://tryhackme.com/path/outline/pentestplus

Thank you for the links! How do you find these paths?

@naive violet oh, the universal booster we were using, it works

Huh, neat

If you click the learn

Go to learn on the dashboard

Thats why I am getting a lot of spam messages on Whatsapp

Tbh is there even a app that blocks text message scams?

I only seen one for calls

Yah, not the one I showed you, we found one called WeBoost, very nice quality

Google Messages does

Oh, I see, there aren't that many paths to search through. Thank you!

Samsung phones have a setting too

There always one step ahead

iPhone doesn’t unless I just don’t know about it

It’s more of what’s inside of them

Gotcha! Thank you

Gave +1 Rep to @crude stump (current: #126 - 51)

You’re welcome. Also just a fyi some of the paths are subscriber only paths, so if you don’t have access just search up the topic of that path. There should be other rooms that are similar and free

I'm a subscriber, fortunately. I've been a bit of a bum, admittedly, just sitting on a subscription without doing anything with it, but I'm trying to get serious now that my "summer vacation" I gave myself is over. Currently doing the "complete beginner" path just as a brush up from what I learned in my degree

I thought it was the case that all paths contain some subscriber only content

That’s awesome

Hm

If that’s the case “all the rooms or only some”

Matty are you leaning towards red team or blue team

Uncertain at this point. I don't feel like I've gotten a lot of exposure yet to make a determination, but I feel like I enjoy forensics...though that could simply be because it was the last class I took. Red team is super interesting, but I'm not a youngin' anymore and I don't feel like I have the technical expertise to be the tip of the spear quite now

Yeah forensics is definitely fun

SMB was a bit hard to dig up in the last stages for an easy learning path

Had to sneak into a writeup

Forensics is amazing!

I love it, but I feel like they should have told me what to do

In this case I did not what to do

And it's a learning room

Otherwise Im happy with the process

I mean turn the heat up, once I've learned how to cook at least

I'm optimistic about it, but like I said, I don't really have a lot of experience with anything, so it's hard for me to know what field I'm most interested in

I am a "forensics expert" and Security Analyst/Sepcialist
So of course I love forensics

I'd love to get some perspective sometime! Or even just some tips on good ways to dip my toes in

AAAAH

You work as that?

hi

yeah, I just changed job to be a SOC employee, where I analyze alarms, set up/tune detections and manage/respond to incidents

@chilly veldt thought we had a thread at some point but ~ apparently not ~

a thread for what?

DM I mean. Went to message and it was empty lol

can anyone help me for ctf ;/ i stuck on it

oh lmao

just a little bit help, after 2 years i lost my skills

was it you that I was talking about sherlock w before? i thought it was noir but apparently that was wrong

I know about sherlock yes

used it a lot before

probably was then
saw your name pop up here and it just came back together

yeee

was talking to noir about a PR I was dealing with and was met with strong confusion

ahh, yee

Spotify are trying to limit my power

discord has tabs?

This is Google Chrome

do you just have 17 different chrome tabs with spotify open

pff i can't anyone here for help

huh?

is it a thm room @primal thorn

How dare you think so low of me

Why you need so many?

M u s i c

does each tab make it louder

nope from 2017 random ctftime ctf

You having a remix party or something?

Was creating a playlist ahah

WAIT HOLUP

everybody type +:star: rq

Add a reaction?

I genuinely did not know about this

⭐

This is why I'm discord admin and you're not

That's an emote

shou've been me

u forgot the + u noob

Heh

It has very limited use-cases.
As soon as another message is sent, you cannot react to the one above it

come again

Jayy I have to rewrite a bunch of python code to c++

nice

L

get that performance

It would be cool if you could do +<number>:emoji: for accessiblity

tf are you both on about with this + thing

lose your sanity

oh my god

that was written with +:emote;

+3

why did nobody tell me this years ago

Message 1: Hello!
Message 2: Hi

If I type +⭐, it will react to Message 2, there is no possible way for me to add a reaction to Message 1 using the feature.

c++ kept telling me of for using too much memory ☹️

oh well, the numbers doesn't work

this is completely new to me

but the different emojies does

It's microcontroller code
Library support for a peripheral chip is way better with arduino c++ than the micropython/circuitpython libs
Difficult maths problem to solve otherwise

C++ doesn't do that. Your OS will if you leave danglng pointers, though.

checks out, are you using mbed?

It was when I was programming an Arduino, I think something to do with the array size being to large for it

Juun I found out why my stuff broke with my SQL calls

there was a count added into my SELECT statement

That's not C++ telling you it doesn't work, it's the IDE telling you that you don't enough memory on the chip for the code.

ahh okay, sorry c++ for the slander

i stuck on nosql inj ctf can anyone have time for help please?

My friend showed me a joke today which involved the punchline of "Because he can't C#!", and my friend asked me "What on Earth does he can't see hashtag mean" LMAO

This is cool though, what's the project for?

I've done some algorithms that took a 4GB array as an input, so I really doubht it's C++ itself failing to understand data that size

Have you tried checking the write-ups now that the CTF is no longer active?

i could't find any writeup about it

Pi pico. Peripheral is an si5351, i2c clock generator
The maths problem suuuuucks.
For a given decimal value, find the best approximation a/b
15≤a≤90
3≤b≤2049

What's the CTF called?

it was very simple but i trying about 3 hours :D

https://kslweb3.spb.ctf.su/2-7/ here the link the vuln was nosql

oooof. yeah, optimization like that is not going to be super simple

How many dp?

Can you send me the CTFtime posting instead?

You're already working at 1e-3 minimum
I can already guesstimate precision is gonna be awful, not sure how they're doing it smartly

Oh, no, accuracy will be awful
Precision maybe ok

its called "SPbCTF" but i can't find it task in events, i found it from teams and after from the team's site

Hey guys. Whatweb is not running in my kali linux, because of my windows firewall. Anyone have idea how to fix that?

Good luck, I always find division nasty to work with

Meanwhile I've got around ~month till my exams 😢

And what's the challenge called?

it's been so long since i've used something like that, i can't suggest anything thatm ight be helpful

Yeah I mean I just have poc code to handle a rotary encoder, an oled, and had a tiny bit for the si5351
It's not a biiiig deal to rewrite once my tooling is sorted

it have't any descrption its so simple mongodb injection but after 2 years rest i lose my skills

oh well, I should sleep, it's EID tomorrow

Are you sure the challenge is still online..? lol

yep

i reconised from them

What do you mean?

rotary encoders are dope

the platform of the challenge

I cannot access the challenge link you sent so I have very little information to go off.

I would probably recommend checking out more recent challenges? They should have write-ups too:)

how

It might be country restricted, are you located in Russia?

looks like that is the specific challenge

ohh i finally found it challenge platform

but there are also not writeup lol

Is it true it’s always rainy in Britain

no, just mostly

it kinda depends on where you are

but most of the time yes

I wonder why

the atlantic

and gulf streams iirc

Mountains also.

Thank you for having me in this awesome community.i am new here and I just joined the Tryhackme to learn some skills. Please I am new in IT and I want to get into cybersecurity. Can this Tryhackme help me to get the skills I want and for me to get a job with this skills am learning on Tryhackme. Thank you

Yes absolutely, THM has a lot of content. And approximately 70% of them is free!

Welcome (:

Thank you

Gave +1 Rep to @devout palm (current: #27 - 289)

VFO!

So I can go ahead and study it right?

Anybody got a idea of what I should even be searching for, something like to inventory it
Need to implement a QR code system which I will put on PC's then be able to scan them and get their relevent information such as id, specs and stuff

Yep! #general message Here is the recommended path by shadow

Thank you

Gave +1 Rep to @devout palm (current: #27 - 290)

just keep spinning and spinning, and you can't break nothing!

👋🏻

wasp heap.

The Network services are a bit hardcore in some aspects

I hate myself for looking writeups, but the machines simply dont do what is expected

A netcat shell ran on a telnet connection gives some error

But oh well

how do I upload an image here? I have a question

^

( need to verify to embed )

reaction time sub 80 second

atleast

270wpm

thank you

typing

https://tenor.com/view/crocodile-attack-surprise-attack-jump-up-here-i-come-the-pet-collective-gif-14154072

i type 1 letter on my keyboard

and then

boom

youve already

ndfdfjngfd

sorry im drunk

that'll be both of us soon hopefully

drinking is bad for you

!!

Jsjdhirishshd

Reached you AceS

Finally 0x7 too

if you drink enough to forget it's bad for you is it still bad for you

1 more rank

I’m actually 8

Oh

Well

Gon get yo

Hats off to you

Wow they added a new command thing

Grinding that knowledge

Okay but I need some advice

Oh wait

Apps and cmmands

The easy paths usually until now have been very precise and beginner friendly

./nimscan.nim

Pretty unnecessary on discords part in my opinion

There are some easy rooms that throw in some things that I have not met until now and do not explain the a lot

Like netcat and msfvenom

In this case should I check for msfvenom rooms and netcat rooms

Or do my own online research

Yeah it’s usually like that because they want to hit that it’s prolly in the next room

i can attest to that

The next room is Burpsuite

Has nothing like that

Never know it could be

Thankfully

There is a reverse shell easy room

https://tryhackme.com/r/room/introtoshells

Guess I'll take it in a bit

But im done for today

I am trying to do the network security room and I keep getting this error with the nmap command. Does anyone know why?

yes

MACHINE_IP

nmap and put the IP

Start the machine

Get the IP address

scan

Click on start the machine in your browser

Wait for the IP to appear

Copy IP

Replace MACHINE_IP with the IP of the machine from your browser on the page

oh snap.. thank you alot

i was getting frustrated

Were all here for you mate

No problem

When you see something similar in other commands

Except nmap

Know that it's a dummy word

I'm also a beginner so I would appreciate some basic feedback

So during enumeration stage

We mostly use nmap right?

After we discover open ports, we try to connect:

Often I guess we would try an ftp, ssh or telnet connection?

Definitely low hanging fruit but NMAP can be super loud if you run the wrong scan.

you can also use the service info that is returned to lookup exploits

https://www.exploit-db.com/documentation/Offsec-SearchSploit.pdf

You can use exploitdb's offline database and just keep it updated

You mean security measures would detect and block me?

Like IDS/IPS/Firewall?

Or a human resource that is sitting and observing the system?

Or what do you mean by that? I mean why would I care that I am loud if the machine does not have any security measures preconfigured?

Most likely if its a loud enough scan- best example is my isp they will detect it if you're doing a aggressive port scan and boot you off lol

I think thats under IPS if i learned that correctly

Practice machines most likely dont have such stuff setup except like the harder ones probably

Talking about a real life scenario, but yeah either an IPS will detect malicious scanning based on a signature of your behavior, and your actions will be logged, or your origin IP could be blocked by a fire wall rule with a program like fail2ban

Could end up in a SIEM and flagged as high risk and then investigated

you weigh 400lb's??????

bulllshit

But more than likely depending on the target your ip would be black listed for a time

What weighs 400lb and lives in their mom's basement?

Reference from popular culture.

gotta squat yo ass

Wow just discovered you can add domains as a profile connection on discord

shadows old crt tv

Interesting

gotta lift your ass on the bench press fr

jkjk

Not really fat it's a reference from popular culture lol

https://tenor.com/view/cat-fat-fat-cat-standing-cat-standing-gif-10735767612654393346

https://tenor.com/view/shrek-puss-in-boots-feed-me-if-you-dare-feed-me-hungry-gif-18327021

lol

#room-help for things like this please

181.44m2 of Stachybotrys chartarum

?

taxi holding point alpha one via golf lima alpha

🤔

Oh

I thought that always been like that

idk tbh

it's not new lol.

Figured

either way its new to me

that's the point.

: )

you learning!

🤷‍♂️

https://tenor.com/view/popcorn-gif-14980450905264007240

Learning 🥳

How you do it?

meep moops time for shadow whadow to go for sleep sloops to the beepity booppity beep boops

It's not a GIF I'm looking for.

what gif you looking for?

If you look at what I was replying to. I was wondering how you connect a domain as a connection on your profile

oh oh, my bad.

thanks, I was about to do it

Gave +1 Rep to @buoyant tree (current: #151 - 44)

np

thanks 😆

Gave +1 Rep to @buoyant tree (current: #150 - 45)

Question, I noticed MSF venom payloads for the reverse shell use the nc command, does that mean the target PC has to have netcat installed on it for it to work?

netcat is typically on the system yeah

nevermind, there's other reverse shell commands too

is netcat on most linux systems in actual pentesting?

iirc yeah

I googled netcat and it turns out it's almost 30 years old

I thought it was relatively new, 2010-ish

I’m so discouraged I just wanna go home and sleep

But I have to do taxes

Gawd and I have to wash my car cause the birds hath much blessings upon it! >_<

so happy i'm not a grown up

taxes are so scary

a

For the room Windows Privilege Escalation, Abusing Service Misconfigurations, windows defender will stop you from completing task 5

I've never seen windows defender do something useful before. 😂

Naw it’s alright

What do we think about cybersecurity memes in here?

Love em

Just don’t spam :3

Putting them in conversation context is fun too lol

I thought Rust was a magic security fixed coding langugage!: https://www.bleepingcomputer.com/news/security/critical-rust-flaw-enables-windows-command-injection-attacks/

Tbh you can never rely on something that’s considered “safe” somehow people find out how to abuse it

I’m not very versed in the rust language but is it saying if the person didn’t properly escape the batch or exe, the attacker can inject arbitrary code into it?

Ncat is by the NMAP devs

@vocal gale Why aren't ya coming to Defcon this year?

defcon should be free so i can go

netcat is how all kinds of stuff got done on old systems haha

hot singles are in your area

💀

gonna start a roofing company called hot shingles

Yooo

That’s smart

I mean thats not what would happen but sure lol

i'm not even that old and what you just said aged tf outa me

How so?

not familiar with all the hot singles ads?

that was an interweb staple

Nah i know that

ah sounded like you didn't ---- we good then

Thats just not what ILOVEYOU.txt.vbs did

was like there's no fucking way it's been dead for that long

my god vbs

Yeah lol ive used it despite being very new to the computer scene

heya Verum

You do know what that’s referring to right?

https://tenor.com/view/hi-gif-5545306308765291118

You going to watch the fallout tv series tmrw?

i assume some high value collector one dollar bills are at the auction house

i didn't even know that existed until now

Hmm, its got a lotta hype with it

All the reporters who got early viewing have had positive impressions

Nah ILOVEYOU.txt.vbs was an exploit way back when that used a vulnerability in VBS that allowed it to execute system commands, therefore allowing it to infect, it travelled mostly by attaching itself to sent emails and masquerading as a love letter

relevant xkcd : geoIP hot singles https://xkcd.com/713/

Got a couple personal things and a surgery so won't be able to this year

oh shit i thought you were referring to the msg i replied to 😂

@boreal scarab next year for sure hopefully

Ohhh lmao

vbs was such a fun lil thing to mess with back in the day

haven't actually read a line of it in years

I was surprised you didnt know cuz it was kinda a huge exploit

just openedd my laptop

and now debating

wait i have a fix for this

eh I am okay with updates

just thinking If I should do it now or later

Nah itll still be updating in ~235 years

here you go

Never

why hyperlink

jk, its on another laptop

Although not my gaming one/main one

cause it runs hyperland

Ig i just get instantly suspicious when people send hyperlinks lol

normally i agree but discord actually tells you what it is before it does anything

That was one of the most dangerous malware

Yeah i accidentally clicked it and it showed fedora project

only time it's valuable is when somebody whitelists youtube.com on their client so it doesn't warn them before sending them to rick astley

never whitelist youtube

Why would you whitelist anything tbh

Just a possible security issue imo

Too lazy to hit allow

Prolly

eh i get it -- like if you're here helping with thm rooms all day some people might not wanna get prompted for every single tryhackme url

Ig

Maybe for THM id whitelist but prolly not

Personally I would never turn it off but to each is own

Im extremely secure

yeah i don't bother

i don't mind the extra click

Same

i do appreciate the option existing tho

Also saves you from accidentally clicking on a link

cause screw devs who don't give options

real

speaking of options actually

I made a command line tool that cracks hashes!

very proud

It does them systematically though so anything more than 4 characters is unviable

Nice job, nit a bad program to havw

and you can input either a hash or a plaintext password with switches

neat 🙂

is it a brute force approach or a more granular(?) technique?

Thank yee

Gave +1 Rep to @polar spoke (current: #158 - 41)

But four characters is extremely limited

building your own tools is always pretty fun.

Brute force

Completely

working on expanding a foss tool rn just waiting for some PRs to get merged

working on a better algorithm though to search only the most command format of pws

No wonder you say neat. Hash cat dev

it's nice when you can see something come out of your work

Is it dictionary based?

¯_(ツ)_/¯

Hydrogen did you make this on C

that's me. i made hashcat. || don't ask to verify tho i don't do that ||

lol

?

Really?

the hashcat dev was actually on here, but i forget who it is

You pulling my leg

i would never

Chicken

He’s the lead dev

Chicken

that's right

well, not lead technically

Given the inherent stochastic nature of the cryptographic hash functions utilized by the hashcat password recovery tool, and considering the computationally intensive process of iterating through the vast permutational space of potential password candidates within the context of a brute-force attack, how might one go about optimizing the time-space trade-off in relation to the granularity of the character set employed, while simultaneously mitigating the potential for collisions arising from the pseudo-random distribution of hash values across the range of possible digest outputs, and what implications might this have on the theoretical complexity bounds of the underlying algorithms in light of the asymptotic behavior of the hash functions under various input conditions, particularly with respect to the avalanche effect and its impact on the non-linearity of the resulting digest mappings?

just one of the core team

mah lawd

I see

I was waiting to ask the creator of hashcat that, now I finnaly found the person who can solve the question

I can tell when I'm not wanted lol. See you all later

my eyes just glazed way tf over

i know every single one of those words

as jargon filled as this is, it does actually ask a question i can answer lol

in that order? fuck if i know may as well be swedish

Mind if I ask what language you made it with?

i just realized you answered as well lol

😛

I don't even know what the question is, but props to you
Just gave Claude a prompt for creating this

it loosely asks "how can you optimize bruteforce and what impact does that have on collisions due to the nature of common hash functions"

the whole second half can be answered as "we don't care at all about the mappings/collision rate in the vast majority of cases"

also you weren't even talking before
do you just sit there, staring, waiting for someone to mention hashes or cracking or hashcat

the first half has a more nuanced range of answers

I'm everywhere all at once and nowhere at all 🙂

hmmm

Nope it guesses everything possible combination

C++, first language i actually technically learned

That’s sick

brb gonna go open a pr on hashcat that just adds my name to the readme

is that still a thing that happens?

LOL we had some stupid ones recently like that

recently 🙄

Ima learn C anyone know basic security programs I could make?

Did you accept them???

obv not

Password manager

Oo

Ima definitely write that one down

Thanks

Anti-priv esc? Maybe possible and if it is seems relatively easy to pull off

a maintainer just replied to me apologetic like so so sorry for taking so long to approve (it's been like 2 days) and the first thing i thought of was like my god people suck if you gotta apologize for that being too slow

I’ll have to look more into it

Write that one down too

Chat-GPT says its possible

I propose that we all now call "Chat-GPT" now be "Chat-Gibbidy"

Yea

spotted the prime watcher

Yes