#general

they posted this on their LinkedIn

Yea but it's like 7€/year or something

Namecheap is good

What hosting service do you use

Tho tbh idk what I would do with a domain

ew

Cloudflare Pages and a VPS

I use Namecheap but I kinda want to try Cloudflare domains

Are you a student?

Hm ima look into it

As in

Uni?

i'm imagining that his clickjacking bug was actually on some random static hugo portfolio

No

I’m not

College/school with an educational email?

I’m in school yes

I got a free .ninja domain for a year

with Github Student pack

cloudflare is aight. i use them and route53

AWS?

they give you a free domain now????

Ja

Scrubs is there something you wanted to ask?

Yea, from Name.com

Interesting. I had no idea

I was going to suggest the Github student pack, you get cheap/free domains for a year with them

Oo

Bet

If you have an educational email

You don't even need an educational email, just some form of proof

For example I used a report card

Oh yeah!

I forget about that alot.

I used a screenshot of my grades

One message removed from a suspended account.

Wait is that how people make those super cool looking blogs with its own domain

Most times yeah.

well, sometimes at least

I wish Azure would add more software and stuff.

ew

azure

Although getting Microsoft Project and Visio for free is good

i have a serious dislike for azure lol

they make everything so needlessly annoying

wanna see what you're actually paying for?

well guess what

gotta use powershell for that

What could you do with a domain. Ik a blog is one of them

Website maybe?

can't even see a proper invoice without using fucking powershell for some reason, unless you want it abstracted af

I use my domain for my email. It's pretty cool!

@crude stump i mean, a blog is a type of website
but anything, really

i use it for email, portfolio, labs, personal cloud services...

I bought a domain from namecheap and connected it to cloudflare. I bought a VPS that i frequently use nowadays

Oh wow

i have an ipv6 range that goes ...:beef:beef:beef:beef:..

Wow

deadbeef

hm

could do that

Wow this student pack is crazy

There’s so much

And you get app Jetbrains products for free, which is great

English

English only in this server please @rapid merlin

I only know how to say table and lathe in Italian, sorry :(

no hablo italiano

Tornio

spinny wood

two good deals on the github student

is it pick one or the other or both

cause those are far from equal lol

Can get free .tech or .live domains

No, you cna choose as many as you want

that's pretty damn good then

You also get $100 for Azure

not worth the pain of using azure

free for a year too

@sick lance congratz on having the most reputation on the server now

yea I'm a happy person (not a Microsoft user)

Thank you!

Gave +1 Rep to @sand trench (current: #4 - 1703)

ironic ^

Hey Shadow! Do you still post about cheeses?

yeas

I haven't looked at the student github in ages, there's new things added.

I use this!

Me being a secret century college student just for the benefits

Just amazing social engineering if I'm right

What what is the price of the student developer pack. It doesn’t say on there website

Or I mean what is the after 1 year price

For the domain?

Yeah

And for the whole student pack

The student pack is free

The domain cost depends, usually below 15€/year

Oh bet

what? 😭

I'm the only Steam Deck user?

I’m one of the 5 PlayStations

I have a Ps3

did you try air?

In 68 votes, this not stranger

My dualshock controller is dying on me

why are those things so fragile

Gotta be the rage

Yeah

Crapy sony controller can't handle demon slaying on Devil May Cry

For what recent things?

the top comment

the patch is available on debian.org ;)

don't you mean https://fedoraproject.org/

Wow

Nope, Debian.org is right

-- sent from openSUSE Tumbleweed

This is very popular, I have friends text me to send them a modded apk

I need to try Fedora more, I switched to openSUSE and haven't had issues since so I don't feel like switching distros now

Windows, the window to your future in security
Imagine that in a commercial voice

https://tenor.com/view/kenobi-kenobaay-maul-darth-maul-kenoobi-gif-16056672

Hey, is anyone able to assist me? I joined TryHackMe and realised I had the incorrect name on my profile (spelt wrong) and it gave me a cert in that name. How do I get it to update?

Unfortunately you can't regenerate certs

😐 So now that I updated my account with the right spelling, if I pass another path will it show the right name?

yes the other paths certs will show the right name but this old cert will not

Proof that employer investment in that platform is being used by me, thats all.

use photoshop

I know the certs are not like a CISSP or Comtpia etc.

No probs, thanks all! Anyone know the font name?

or deal with the cert being wrong and explain to employer

(certiciation =/= certificate of completion)

this is a good reason tho

If only they had knowledge of what could happen..

ill just slap it in ChatGPT and ask it to find the font 😄
Thanks all and have a good one.

Literally all I joined for haha.

have you ever been in a business environment with windows machines??? they have extra "drives" as D-Z which are network drives... this is similar

oof

#room-help please.

Anybody got recommendations for TV shows that aren't that good but good enough to keep running in background to not get bored while doing something else

not dead yet

Alex Rider

vetenskapens värld....

Alex Rider got a tv show???????????

oh now I remember

Yup, on prime

I used to be all about his books when I was in 6th grade

hello 0day

engelska tack

the world of science... but it is the swedish tv program by svt

And 39 seasons, daymn

alternatively if you like murder mysteries midsummer murders is good

and has a huge amount of seasons

assuming you can find some place to stream it.....

for shadow just watches it on tv when it airs in sweden during summer

How are the last 2 seasons

Watched the first one when it released I think

Okay however I did what you mentioned and had it in the background whilst doing some study 😄

aye did the same

for the first season

im literally watching the last season

as we speak

not as good as the first two imo

which is a shame

guys, excuse me, i am using a VM and some tools are only found in the attackbox

https://tenor.com/view/coincidence-i-think-not-coincidence-i-think-not-the-incredibles-gif-5096707

such as the word lists

is there any public access to those so i can download it?

https://github.com/danielmiessler/SecLists

Connect via VPN?

i see i see

that's great!

thank you!

!

np

yeah seclists is the most commonly used package of wordlists

there is of course also wordlistctl

Guys, Who Play Free Fire?

You can find a lot in Github

Like this one, From the first search on Google
https://github.com/kkrypt0nn/wordlists
Looks useful

can you hack someones ip on chromebook?

#rules

@sick lance

https://tenor.com/view/hacker-gif-19996909

dudes got more hands then goro got

He left, although how does someone hack a IP, if so what would the result even look like

just Hack IP, not that hard.

/s

I wanted to ask so bad, but scrubz got upset last time I tried to engage them lol

also, i dont think he left, he still shows as sharing this server for me.

hack the IP so there is no IP 😵‍💫

^ has hacked the IPv5 and got away with it.

I need to pick that guys brain

IPv69?

my ip is super solidified offically unhackable as it is ipv5

We'll never be able to live through that

Nah ipv3 better

https://networkengineering.stackexchange.com/questions/28413/what-happened-to-ipv5

The Extraterrestrial took it so we never could

https://tenor.com/view/television-tv-tv-shows-exterminate-doctor-who-gif-18824276

perfectly alligned

Where's the Doctor??? Exterminate

https://null-byte.wonderhowto.com/collection/cyber-weapons-lab/
is this a good source ?

looks good to me

eh, it's full of questionable advice

Null Byte? They seem to have reasonable advice on their YouTube

At least when I watched it years ago

A lot of it is quite shady/unethical tho

That's a terrible site. If you don't agree to their cookie policy they don't let you use the site... Also they can't spell gadget. So I wouldn't spend any time on that site.

Yeah, like I said, it's been years for me. I did take a look at the first page and there is really only one that stands out as blatantly unethical, the rest kind of fall in the category that I would expect a physical access red team to have in their arsenal

Kody is an amazing resource without a doubt

tf is kody ?

bruh this is null byte

noice

Kody is the name of the guy on the NullByte youtube channel iirc

oh, can you give any examples please ?

good, that's wut I want tbh

the guy's name is "kody"

alr lol

ok so this is the most unethical hacking resource online, right ?

alr, so one guy write it all lol

ohk

my bad, I have no clue haha i just went on and saw some stuff thought would be interesting to explore , shady stuff too but thought be good to know about it atleast

ok so it's probably really good, more than I thought

cuz it's questionable, shady and unethical

I love it

I'm sorry he hasn't been posting videos for Two years ago on his channel
But I see that he is active on other channels, He do live every week Seemingly

Ah they left.

finally done with the dreaming room, took me like 6-7 hours

fun getting backl into it 🙂

Why is that good?

well it'll help us navigate and differentiate between bad and good advice

like unethical and ethical

It's nice to have a sandman themed room

so we know our limits

and don't get into any legal problems

really liked it too

Unethical stuff isn't welcome here though

yeah I didn't share any article or ask anybody to do anything lol, I just asked if the website is good or not

yeah it really challenged me

the shady and unethical thing is bad though

the "questional" part is fine

cuz it'll help us navigate the ocean of hacking ourself and discover things through hit and trial
instead of straight steps and instructions

that's what I meant

bad as in unwanted

unwanted is an understatement, most of the time unethical in these cases means straight up illegal

yeah like highly unwanted

unwanted in the society

in the world

unwanted legally

as I stated here

the website itself isn't illegal though, I believe
as the guys stated, it's questionable
if it was illegal it would probably have been closed by now

Unwanted in this server as Discord can just delete the server.

bruh

i just started the tryhackme course and something isnt working

the gobuster thing

it wont run the code

i open the command prompt and it doesnt recognise the command gobuster

C:\Users\Win10>gobuster -u http://fakebank.com -w wordlist.txt dir
'gobuster' is not recognized as an internal or external command,
operable program or batch file.

C:\Users\Win10>

thats whait it says

ouch, windows

ikr

go has an interpretor for windows right?

do you have that

no?

i just started

idk what to do

how did you get gobuster? straight from github?

i didnt have it so i searched for the download and fount their websitte and got it there

idk how github works btw

i dont remember any gobuster website so ima guess git

hold on a sec

on curse forge

i just went to see where i got it

Go to https://go.dev/ and hit get started or download or whatever --- that's the first step

you'll need go itself for anything based on go

aaahhhh that makes sense. curseforge is used as a mirror for a lot of tools

so its the problem?

yes/no. in this case you can actually delete the files you downloaded from sourceforge and ima get you set up the more standard way

just lmk when you have go installed form the link above

Shouldn't you be using the machine associated with this task instead of Windows ?

i dont have a mac 😛

nor a linux device

are you replying to sickb0y or me there

ok i downloaded the thing u sent

ah sickb0y

Click the "Start Machine" button. Once loaded in Split View in your browser, you will have access to a machine you'll use to hack a fake bank application called FakeBank. If you don't see the machine appear, use the blue Show Split View button on the top-right of this page.

him

please dont use your host machine

follow the instructions, you dont need to be doing any of this

where is the buitton?

THM has setup a ready to go environment for you

i didnt see that button

thx btw

aight now that you have go, you can install gobuster with this command

go install github.com/OJ/gobuster/v3@latest

you may be able to do it in the command prompt but powershell would probably work regardless

C:\Users\Win10>go install github.com/OJ/gobuster/v3@latest
'go' is not recognized as an internal or external command,
operable program or batch file.

whats powershell

what @shut hawk said is also valid tho. The Start Machine button he posted a picture of is for the target, but there's also a button to start an "Attack Box" which is just kali in your browser

im confusen ngl

@sonic python you are not going to get this working if you continue to try and use it on your host machine...please just follow the instructions

okie

click the "start machine" button

ok

ok its loading ig

is this room one of the fully self contained ones

and that means?

sorry guys im such a newbie

never done anything like this before

not a problem, just follow the steps

okie :3

no worries. do what Jayy's sayin here, it's the easier way for the other rooms too

ok

yes, and its the first room you do so the environment is setup to be as easy as possible including the DNS entry being put in

thx for helping both of u :3

here's what it should look like

ahh thought it was one of the normal vpn-able ones. been a while.

np

its working

@shut hawk don't know if we've spoken much tbh. what do you have the infosec dev role from?

anything i'd know or have seen

sth it looks like

Hashing tools!

Yep that's the one

thank you guys for helping im gonna go continue my course now love yall ❤️

interesting. think i've seen it pop up in places but haven't actually tested it out yet

it's still surprisingly working, haven't given it much love lately

My plan is to rewrite it in rust for the speeeed

> lately

* last commit one year ago *

rust would be interesting

been looking for a reason to learn rust myself but haven't found one yet

and that's from somebody else hahaha

lmao it is

3 years ago it looks like

I was 14 then

yeah i was still being a piece of shit at that age

Oh

question when people talk about creating their own networks / servers etc (maybe stupid) but I have always thought well a)does this mean they buy loads of expensive equipment b)do they still use an ISP to access the internet , c) how do they like decide the IP addresses and know whatsavailable.. like how does it acc work. My professor meantioned recently about creating a whoke entwork using pyhton and a rasberry pi and im just confuzled. any resurced would b cool to understnd sorry if this is off topic lol

probs won't do it anytime soon just curious , guess it would give u mroe security?

many typos

a) some people do, some people do it all virtually, some use cheap 15 year old hardware

b) yes

I appreciate a and b answers thank you haha

c) when considering ipv4, bogon (ip addresses reserved for local networks only) is 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16. IP addresses in these subnets will never collide with ones on the greater internet

10. is normally used in larger environments or mroe custom ones, 192 normally in homes, and 172 in legacy or virtual, but that's not a rule in the slightest just where they're most commonly seen by default (completely interchangeable)

so if you use an IPv4 within the private address range , they do not collide as in, if someone was using the same IPv4 elsewhere it wouldn't matter?

They're usually behind a nat

And can't be used on the public space

😩

ok thank you

clarifification succeeded

(This is what NAT is https://www.comptia.org/content/guides/what-is-network-address-translation)

Lol does compTIA block discord embeds

So the only option really is to use private IP home addresses, unless ur making a huge network then I guess you'd have to purchase some idk

yeah I know NAT , just not great at pieacing it all together sometimes

just near the end of my cisco practical networks part 2 atm and its good , I think i'd like to try and create a small network if i can in la future haha just so i know i can

https://blog.documentfoundation.org/blog/2024/04/04/german-state-moving-30000-pcs-to-libreoffice/

wheee

Is it normal that in order to achieve this task you have to "chmod u+x ./backup.sh", if i understood right, all the files in the /etc/crontab are already executable and work already, why did i have to manually make it executable for it to work ? i got stuck like 2 hours wondering why the script wasnt running lol

yes it is normal... the script is not executable by default... and not even root can run none excutable permissions file

In a real life scenario, if you were to find a shell script, and can leverage this vector, isnt it supposed to be an "already" running script, meaning already executable ?

btw thanks for the answer

Gave +1 Rep to @sand trench (current: #4 - 1706)

not really.. a lot of times you set up something temporary like a backup script... and when you no longer need it delete or make the script not executable and forgetting about the cron job running it

i.e it can happen in real life senarios a lot more often then you think

Do you know a good room to test payload through windows defender ?

sure some of the time it will be an already running script that you change to get control

Okay got it 😄 , thanks again !

no problem

hmmm not really... any of the recent windows ctf rooms would probably do it good enough

the problem is in real life senarios the windows machines have internet access which can help make them even more resistant to malware using windows defender.... so the rooms versions are slightly ham stringed

if you wanna play with amsi bypasses and that part of windows security shadow will point you towards holo though

assuming you can get a working vpn file and working network

A wild Muiri appeared!

That's not a good method for testing AV bypasses because the definitions on any THM machine will always be out of date. By how long depends on the machine in question

Download an evaluation ISO if you need to test against defender

muiri comes in and saves the day and explains that the windows rooms are outdated by definition that shadow did not think to formulate in that way

You also won't get to test the cloud protection -- not, admittedly, that you want to test that until you're sure it evades anyway

+rep @pallid lotus

Gave +1 Rep to @pallid lotus (current: #9 - 755)

Thanks both ! You’re right especially for the version. I’ll fire my virtual box. Actually I wanted to test custom payload encoded multiple time to test evasion .. I’ll build the lab .

And again @pallid lotus saves the day 😉

Muiri saves the THM machines

Muiri has just finished building the initialisation system for the most complex CTF he's ever worked on, dropped in for 2 minutes, and is now going to bed

216 lines of docker compose and 10 containers, all for one bloody API lmfao

yeah that sounds painful

👋

good nighty nights muiri

Muiri should have the superman symbol instead of the top hat 😂

Wonder how many rabbit holes you put in it kek

It's for work. The training manager would murder me if I made it too sadistic

He's already talked me out of the original idea... that was all graphql and websockets

Well, seems like we will know if you don't ever come again here

Nighty night

Does anyone have a sleuthkit-4.9.0.jar they could send me? Ive tried everything including asking friends and chat gpt but it just wont install

Have you conducted a query utilizing your favorite search engine?

I found a similar issue on their forums and it seems like people walked through it and gave good advice.

https://tenor.com/view/dancing-duck-dance-duck-duck-ooontz-dance-gif-10943740227711557279

if everything fails read the manual, right? 😂

Pretty much

always read the friendly manual

shortened to ARTFM

anyways it is now time for this shadow whadow to go to the sleepity sloopity meep moop to the beep boop sleep sloop

ARTFM.... so soft.... sooooo soft lol. hi people 🙂

RTFM!!!!! O_O lol j/k (i grew up on this version, the trauma inducing one, lol. that would make you go crying to the manual.... haha)

I thought it was read the f...ing manual

RTFM= Read The Fine Material 😉

haha, nice i like it! classy lol

isn't it free and on their website?

Not the jar istelf

Just the installer

And thats whats not working

That the first answer I ever received when I asked something in a Linux mailing list. They told me read this and that, and if you have any questions come back, but just show your work, example, I did this and I got this msg, etc.

yeah, the nerds were serious back then, hahaha (i say that with admiration, i'm also a nerd, lol)

but i think it's great that people have actually lightened up. it's opened a lot more doors for people

but i admire the tenacity of the original hacker spirit

they were hard core, but they always pushed you to learn more, that mind set is almost lost, people nowadays ask very general questions and expect a point by point troubleshooting and a lot of hand holding.

yeah, i wholeheartedly agree

i think these days, you have to learn how to do things on your own still, mostly, but only at the upper-levels. muiri was actually talking about that the other day. basically, when there isn't google results for what you want to learn, lol

my point is that people nowadays not even google, just ask the question and expect a do a, b, and c kind of answer. I always say that today's mindset is "It's easier ask than do some research" 😂

yeah, 100%

it's a mentality shift

in the culture

I'm more a do your own research and point you in the right direction kind of guy

Google 'how to Google'.

Even if I know the answer, I'm not going to tell you, I'll point you in the right direction so you can find the answer, because in that journey you'll learn much more than if I would give you the answer, that how I was taught

I won at poker night. 😁
Good luck to offset my bad luck/stupidly.. then have my winnings to the hostess. She worked her butt off setting up. Was a beautiful setup and an awesome night.

I love poker, but I haven't play in a while, my poker group dissolved people with other commitments, some moved away

I'm hoping she makes it a thing. I do love seeing all my friends from that area.

Also, don't install it as root

Yes, forum post I saw said something was missing from the .deb though. Then said how to fix it.

Yeah Ben!!!! Lets go, you know that's true 😄

Hello guys, I want to ask if I found trust ID and account id and agent id and license key, does this pose a threat to the site?

I'm looking to begin bug hunting and have some knowledge in bug bounty, but I'm still a beginner. If anyone is interested in collaborating with me to kickstart this journey, feel free to reach out!

😄 how's it going toast?

Ehhhh, busy as junk... you know you know 😄

I know you're kicking butt though

You can utilize #bug-bounty for bug bounty specifically. To gain more knowledge in the space generally, #start-here is a good place to begin.

Is this in a THM room? What site are you talking about specifically?

Did you google is a funny name

It is it is

I have another "hacker" name that was bestowed upon me, but it's a little too close to home to share on here

business as usual then 😄

Fair enough

O

https://tenor.com/view/status-tired-dead-haggard-gif-11733031

https://tenor.com/view/hacker-hackerman-kung-fury-gif-7953536

@hot cairn @vocal gale @normal fable https://youtube.com/shorts/dhAP_X3Q-yc?si=cZ92RTtQqrz-NG6s

nice

We needa go

boils are good af but seing LV in the title makes me regret it existing before even seeing it

Yo, I've been craving crawfish recently!

haven't had a good craw boil in years

i used to have them when up in AB but i just haven't recently --- always meats when i'm up there lately

being [primarily] on the easy coast now it's hard to turn down AB bbq

Same, it's nowhere near the ocean or a large body of water that can support what they're serving.

@gritty fern I just saw your reddit post lmao

On programmer humour?

yea

probably then lmao

Youre in it

The orange markup

man o man

Went to one here in canada, it was deadlyyy

Heya @blazing granite u ever tried out a carolina reaper burger

tried one out today

I had a ghost pepper one that was kinda spicy

not unmanageable tho

guys i have a question hahaha, if i did a PR scan then i saw other machines, are those machines other people who are using THM?

if so, that feels creepy but cool hahaha

because i noticed those IPs are coming and disappearing

comes and go, not always on

An almost frightening 1.4 million to 2.2 million SHU making it the world's hottest pepper on the Scoville scale. That's nearly double the ghost pepper. Yikes! The Carolina Reaper is currently the world's hottest chili pepper.Aug 25, 2021

Yeah i remember that lol

I think Pepper X should surpass it now though

Yup, I tried the ghost pepper out before, handled it with ease, didn't expect the carolina reaper was that hot in contrast

waas tottaly wrong

where in can

Eh I ain't trying that yet no matter what

you might have scanned the thm network instead of the machine.

all you need is a lake, really, but vegas vegasfies everything and ruins it

How to catch on fire in one easy step:

Id say server communication but idk for sure what ur doing

i just used a /24 on the machine that they give in the website

just a -PR -sn scan

an arp scan

Never used an arp scanner tbh

So idk

Unless nmap is an arp scanner

i mean -PR is an arp scan

never used that switch

well @shell nova can probably best answer
that

Nighty night everyone

how safe is this

I've never saved any, should I start saving them to google?

it's the web thing

right?

Not safe

it saves passwords to browser

Please don't

It's so easy to read from😭

yeah but like why not

It's not stored properly in terms of encryption and can easily get accessed

Use something like bitwarden instead

delightful

Eh another reason(unrelated but funny), some people I encountered use google's password manager then print out thier passwords on a monthly basis

And then store the printed version on thier desks all the time where anyone can see them

in the Forensics room. If I was able to match the MD5 hash, but dont have a clue where to extract the OS from the downloaded file, where should i go back to in order to learn this?

Also, why does it download the file to my pc rather than the vm it has me open?

#room-help

ah thank you

Morning

Mornin'

not very safe use a offline password manager like keepassxc where it encrypted

not safe because they're stored in plain text and can easily be obtained by collecting browser data

you can easily find them in plain text in your file manager

Not plaintext, but decrypted easily

md5 or something?

They are stored with encryption, but they decrypt when logged in

Md5 is not an encryption but a hash

off topic, does anyone have a keyboard recommendation, I need a new one

What size

oo @gritty fern ur on r/ProgrammerHumor so is this server
https://www.reddit.com/r/ProgrammerHumor/comments/1c49y4y/guysineedbankhackerscript/

Hashed passwords work for the site authenticating you. They are not an option for password managers. Many will encrypt the data locally, but the key will also be stored locally unless you have a master password setup. basically if your computer unlocked or a cookie/browser Credentials

mechanical?

also what your budget

100 or 80, tactile if possible

my budget is whatever if its worth it

ah i see

number pad?

dont really mind if its there or not

check this out https://www.amazon.com/dp/B09YNQCQKR/ref=twister_B09YNR1MFW?_encoding=UTF8

Hmmm, Logitech g512 is pretty good, I got that at home and then I have a keychron k6 pro for 65%

i got some random 100% keyboard lol

g512 what switches

Gx brown iirc

Either brown or red, can't remember

im bored sooo, what browser do yall use?

i use brave lol, been using it for about 2 years now

edge

Chrome at home, Firefox at work

nice, i use brave for the adblocking and the semi good fingerprint blocking

that was a joke btw, nobody ever used edge for standard browsing. I only use it for this

i actually use edge for standar browsing for a couple of years now 😄

way better than chrome

you are not real

I also use edge at my other job

uses less resources, has greater features

it's not perfect but compared to chrome i find it way better

Especially when you're so integrated with Microsoft products

exactly

Has some good built in browser add-ons, but they can be a mess

lmaoo, cant u just use gpt 3.5 or something

yeah true but also some great features like read aloud and split view which are really great

vertical tabs nativaly created for it etc

bing has free 4.0

i used egde like back in 2020 for a bit because it was faster then chrome then i was switching though browser and starting firefox to now using brave

LoL

i have firefox also as a backup

didnt even know that existed, I just use powertoys

yeah its natively integrated in it and works great

the only thing i use microsoft for is windows and minecraft

😄

for my laptop i refused to login into microsoft account and it keeps telling me i need to login

I don't even use windows most of the time, had to use it this weekend cause my Linux distro kernel panics

Speaking of, have to fix that

i'm a main windows kind of man, i know they had and have issues but i also think their OS and systems in general are part of the tech history so idk

speaking of browsers, which one should I use as my main one? I'm tired of chrome. Give me pros and cons

i never actually understood the "hate" on them

i went back to windows like 3 months ago because when i got this laptop linix broke twice, first time was my fault and the second time none of my function keys would work

I actually dont know anything about other browsers so yeah, help?

I just don't like it taking up 15% of my harddisk🤣

😄

but i been think of going back to linux because of how much windows takes up on resources

that's why i paid for another year of tryhackme because i felt something was missing, it's forcing me to use linux more

so yeah 😄

can firefox be customized

i do find it funny that windows made a blog article about how to install linux

yeah sure it can @wooden totem

yea they have themes

i find it funny that my state allowing ai to grade our work

lol

that's kind of odd i wonder if it's actually that evolved and capable of grading correctly

im sorta scared because if the ai mess up we fail the year

and who stoping it from someone typing in the essay part something to control the ai and it messes it up

when you think of it, it can't have preferences, mood swings like a real teacher could have while viewing your work, etc

so it clearly has positive outcomes but i'm sure there are negative ones also

like this for example yes

there doing to save money, there looking up to 15M-20M

yeah it's mostly used for this at least now, just to save money, they went to th AI wagon @lunar linden i know

what can we do, we need to adapt

and chat gpt is still being trained

i can so see ai teachers

yeah we are gonna end up there also not so soon i guess but yeah

yea it'll take time

the more digitalized and evolved the country is, the sooner it will be

luckily for me i'm from an eastern european country and things here arrive with 100 years delay

i'm joking

50

lol

if ai was grading me I would fail the last class cus I passed by 1 point which the teacher gave me

haha

real teachers have their perks also yeah

yea

an AI wouldn't understand that the 1 point could destroy your life, career, etc

yea unless someone trained it too lol

"spin to win"

event then it could be tricked

but so could a human also so yeah

tricky

random topic that popped in my head- what linux os do you prefer

unfortunately i don't have that much experience with them as i said i am a windows main kind of guy

used ubuntu and kali

that's kind of it

so kali i guess got used to it

ahhh, i used windows most my life since windows 7, but in like the last 1-2 years ive gotten into linux first ditro i used was tails and i was so confused then later i went to linux mint stop using windows and had my ins and outs i used ubuntu, kail, linux mint / debian edition, tails. and mess just a very little with arch

i used tails also for tor but have limited experience with it also

mainly for tor ive used tails for

want to try more distros anyways because it can be useful for work also will dive in more deeper this year

yea, but with my luck i ended up breakin something

i always break something that's how i actually learn 😄

i remember now the frustration when i first joined tryhackme, got a little lost in kali and everything

and had some experience with linux from the past and a lot of general technology and IT experience but still found my self a little lost haha

i was a little confused but a messed around with a bit of stuff before hand

yeah that's how we learn, we break and fix it, deleted 10 VM's until i got it right 😄

dont get me started on vm 🤣 i always break them somehow

what are these captchas

also it took me 20 sec to solve it cus I thought the cow ears were wings

it the eagel 👍

So I just bought some clothes for riding motorcycle in right, I just looked at my emails I got confirming they just packed my order, and it looks like they have messed up, let's see if I get double the clothes that I ordered

that be funny, i wanna learn how to ride one but i dont got 6K

It would be, cause it's 2 different sets, would be nice, one is with a black base color and the other is a white base color

brb lol

yeah me also i said i'm goonna wake up login to work and sleep a little more after but here i am 😄

im back gotta wait for the oven to preheat

imma have ai make 10 topics

ai is useless lol

i told gpt 3.5 to give me "10 convo starter" and it gave me this lol

Sure, here are ten conversation starters:

1. "What's something new and exciting you've learned recently?"
2. "If you could live in any era of history, which one would you choose and why?"
3. "What's your favorite thing to do on a lazy Sunday afternoon?"
4. "If you could instantly master any skill, what would it be?"
5. "What's the most memorable trip you've ever taken?"
6. "Do you have any hobbies or interests that you're particularly passionate about?"
7. "What's a movie or book that has had a big impact on you?"
8. "If you could have dinner with any fictional character, who would it be?"
9. "What's something you've always wanted to try but haven't had the chance to yet?"
10. "What's the best piece of advice you've ever received?"

i wouldnt mind building a pwnagotchi

is it just me or this looks so wrong

bro my laptop never gave me issue and now it slow windows is trash tbh

Elaborate further

which to room to do after pre security?

finish other paths that you dipped your toe in such as complete beginner, intro, web fundamentals.

oh nice, I enjoy answering questions

1. literally nothing, does basics of linux count? not that exciting
2. I would assume future isn't allowed, so current
3. I have no idea which day it is now, so Idk what specific for sunday
4. Cryptography
5. No travel for me, forgot every other
6. I like solving complex puzzles I guess, no passions
7. What does that mean, do normal people have a change of life if they watch a cool movie or something
8. I like dining alone, thank you though
9. Travel I guess, its too expensive though
10. "Don't overthink", goes without saying

Gave +1 Rep to @lunar linden (current: #2059 - 1)

its not centered properly/aligned

this would look better

Hi i am a THM user i am completing my jr pentester lab but i want to ask my answer is right instead of that its giving me error what should i do
Can anyone help me

which room, which question

ok let's do complete beginner

i have an IT interview tmrw, wish me luck!

good luck

Vulnerability 101 question is using nvd how many cves were publish in july 2021 task 4

#room-help

Makes sense, I don't notice it much

I am currently wishing you luck

me lol

1. nothing much
2. the late 1800s
   3 sit and do nothing all day
3. pentesting
4. idk, dont travel
5. not much im into tech that it lol
6. that hard ive watch alot of movies
7. idk actually
8. uhh that a great question
9. ohh depends on what if i can remember

No response guys my subscription about to expire thats why i wanna know can anyone tell me

good luck

Just be patient, somebody will help you soon.

Yeah i have patience alright waiting

Morning

Morning

first day in the office with new haircolor is always interesting

mornin

ohh what color?

Pink

sick. I love bright hair colors.

here everyone is going for corporate job instead of freelance nd bug hunting why?

its not sustainable

my guess is a forsure payday

bug hunting is kind of a gamble as you poke around a program hoping to find something.

so in bug hunting u don't get bug every day?

not at all.

some take weeks or months to find something

then you got to wait for it to be verified to get paid.

that doesn't sound cool.

how long it takes to get verified

thanks for the information

I'm wishing to do bug hunting as a part time income source

depends on how many bounties they need to shift through. I have even heard stories where the same bug was found but a day earlier so now it doesn't even count/

myb 100 or 200$ a month enough for me

Bug bounty isn't a viable income.

You could go months without finding anything.

if you're not looking to live off it, its a fun thing to do

You could potentially also get dupes which your report will just get closed out

Yeah.

Bug bounty is best done in spare time.

I wish to do freelance in fiverr n upwork and bug bounty at the same time hoping any of those works.

Bcz I personally don't like jobs bcz there are boses there.

and you have to listen to everything they say

just being myself

do as I wish

that's why I prefer freelance

Hello all!

If a web server is trying, but failing, to convert a string into a long (Java), and prints back the string that's failing to parse, can this indicate a vulnerability?

If so, what resources could I look up to understand if there is a possible vulnerability here? I still feel ignorant, as if I'm missing important pieces of the puzzle.

Example of output:
Failed to convert value of type 'java.lang.String' to required type 'long'; nested exception is java.lang.NumberFormatException: For input string: \"../path\"","status":"error"

Completed the Jr Pen Test, going though web fundamentals and red team next. Maybe I'll understand more after completing these.

From my understanding so far, these types of failures to parse could indicate improper input validation.

by the way I'm just getting started I almost completed the pre security module help me with your suggestions and wish me luck.

then you also have to remember you're the one doing all the taxes and everything too, making sure you're compliant, is trust worthy and build up a proper customer base

I will not use w11 I hate it ngl

idk whats bad about it

the UI changes

reading online, a bunch of people saying its better and a bunch of people saying its a complete dookie

W10 will have a subscription when it's EoL

It's a verbose error. There's not really anything more to it than that

It's not giving anything other than what you provided tbf

Yeah it's pretty bad

How relevant is getting the AWS Cloud Practictioner certification in cybersecurity?

depends on if you work with AWS or not

Let’s say you’re not, isn’t it still somewhat good to have this knowledge or would you not recommend this?

In case you need to work with AWS in the future of your career*

I wouldn’t say it’s needed if you don’t plan to go into cloud engineering but it’s good to learn it

Amazon has a whole how to guide on how to use it

Alright, thanks for the help guys!

A little basics of everything is generally cool to have

Saddest reality. I’ve seen cases of dupes that weren’t even actually a dupe. Scope is also an issue. Low hanging fruit is almost impossible to get on tight scopes, meaning a lot of time needs to be put in to find good vulns. VDP’s are a bit less competitive, but only reward is reputation and bragging rights lol

Right!

BBP/VDP’s are great fun though and pretty decent experience. I’ve learnt a lot from it, getting much greater hands on experience with XSS which we don’t see much in CTF’s for obvious reasons

VDPs are cool if they offer swag tho

I’ll take swag any day if they offer it

I’m yet to receive swags D:

I’m in Siemens hall of thanks tho, that’s cool

Are marketing clothings popular?

Did you see the subdomain takeover report to openai that got rejected because they “didn’t see the impact” as it was exploited on the testers subdomain lol

Same logic as you took over the admin account on our development server. It's no problem on prod.

Anyone watched Fallout?

It's not realistic, there no bugs or anything.

haven't watched it. I assume the story varies too much.

imagine the actor just starts noclipping lol

Just checked the actors. all them are pretty unknown to me except Moises Arias (Ender's Game)

So sad the subway worker said my usual and I said no 😔

Why not

Having meatballs instead

It's good to get out of your comfort zone ❤️

I can’t tell if it’s sweet that they know my order or sad that I come here often enough for them to know

latter

It’s just awkward because they don’t speak English so I have to try and explain a whole new sandwich 😓

I'm confused, aren't they trained for these situaitons?

Yes but I feel awkward having to repeat myself 😆

I got a challenge coin from a recent certification

Wow

Cool

I only got an email

casual flex

Congratz!!!

do you mean creating a solid profile with certificates?

Can any one share the structured path from basic to pro from tryhack me premium

Well being in India I accidentally lost my streak due to forgetting time frames and being busy lol

you can email support and request they reinstate it

Do the Linux fundamental rooms allow me to ssh into the machine on my own system instead of the attack box?

Didn't realize that was possible!

Yeah i made that post lol

Yo wassup

thankz, 3rd year in a row

You need to download config file from access

Are networking rooms on try hack me ask subscription to access them?

Ohhhh slaying!!! Keep it up 💪

yeee, probably not going to bootcamp again this year, but we'll see!

If they present you with the option to subscribe, that means said room/ network is exclusive for premium members

So could I skip them?

Meh not persee, you just can't access them if you're a non premium member

Ok

Also

1 doesn't, 2+3 does.

you know that moment when you work on something and test it and it actually works the way you thought

Yeah I've done that lol. I'm restarting. I'm gonna use attack box but now it's saying I've 3 machines opened even though I terminated them all

https://tryhackme.com/api/vm/running

Active: False

Wth it was running but I did terminate it lol

I'm from Bangladesh your neighbour country

Can you take some of this 106-108f temp over there?

This is the hottest place I've visited lol

North India right now ☠️

Our country is also hot now

Nuce and cool 7°C here.

forecast is 70 and sunny for today

Celsius

So far I prefer Kolkata to Jamshedpur

@sand trench Mind if I dm?

Jabba trying tog et in as many dm's as possible /s

I'm forming my own clan of 1337 hackers

😎 Hope I make the cut.

Hmm, I think I left your invitation in /dev/null ?

If you want to check, I won't wait up

you what they say "if you have to ask"

😦 we could have been friends.

Maybe 😦

you now you love me already

https://tenor.com/view/george-lopez-confused-unsure-eh-meh-gif-9297878

in which lvl of cyber security you are currently?

ill take that, still think about loving me

8?

8 or 9

me I'm -2

Interview in 2.25 hrs :/

Relax, breathe, you got this 😎

for what?

While you're here @simple wave mind if I dm?

Reverse engineering

Feel free to 🙂

Good luck!

Be the best you can beee, unless you can be a cat, be a cat.

I only know porpoise

That's "somefin" atleast.

🙂

Fun, remember 90% of the interview is about soft skills, sell yourself! make them know why they need to hire you! skills are great, but the sell will land that job every time. You got this. you are your best cheerleader, but we are all cheering too! Go Porpoise!

Thank you!

Remember, you're also interviewing them.

The “application” process was a CTF with write-ups so I guess they already know my skills… they had a hiring committee review my work then decided to interview me. I think the interview is to make sure I’m not a gremlin.

Gizmo is quite cute though.

https://tenor.com/view/gremlins_film-1984_films-gremlin_stripe-mogwai-cute-gif-27683100

Yeah I have a few questions to ask. I’ve studied the site and LinkedIn to see what they’re about.

I cant wait till I can post pics...I have great ones too

You need to verify your account with the THM bot.

They also required a clearance for the role which I have so… I think the odds are in my favor if I can be personable with the interviewer.

Good day, wonderful server.

There we go!

so @sick lance I was updating my profile while i was there, and it says my website url is not a valid url, any ideas what it is made about

Is this on the TryHackMe account page?

yes

for personal website

I'm not sure, as as far as I know that part of the profile is going over a fix? That's not accurate, sometimes you need to fill in the rest of the field with "dummy" data.

try https://www.[personalsite].dev

it did not like the slash...lol

So in a matter of time its JabbaClan vs FluffClan?

can anyone tell me I found this vulnerbility in the server cve 2020 14760 where i get the exploit or payload script and how can i patch this vulnerbility

Is that about a tryhackme room sir?

I want Jabba just for the name

Jabba the hutt

:))

Wrong jabba

Hello everyone

Hello

Can someone guide me to cybersec journey

where to start

i have development exp

#start-here

mainly php, python

Aw man the tryhackme bot updated my profile automatically

what did it update?

My level

Ahh

the pink colour is nice imo

I wanted to get a high level and it be a surprise

But it ruined me

Yea it auto updates after a day

is there a way to disconnect a discord account from the bot? I wonder if you could've done that

but you gave yourself away at this point lol