#general

how easy was it for you to find the download link under broadcom? lol

Very

it felt like it was nested deep away. even behind search.

oh i thought i did good 😂

.

Guys,

I'm doing creative room (https://tryhackme.com/r/room/creative) and not working access server dns beta.creative.thm, why?

Using FFUF arrive beta dns name.

Message: (We can't connect to the server at beta.creative.thm)

did u add the domain to hosts

#room-help

On the same IP?

yup

i couldn't find it

had to watch a vid to figure it out

Thank you!!! It worked!

Gave +1 Rep to @night prairie (current: #99 - 65)

nw

any one know how to hack a iphone?

For what purpose

I only know how to make it vibrate

msfvenom -p osx/armle/vibrate

@mossy river

Why do you want to know? 🙂

and this guy also 🙂

Catch a cheater

If you think your partner is cheating, just ask them, what you're wanting to know is illegal as it invades privacy and is considered a criminal activity.

Ok

I didn’t know

I’ll do that good advice but I’m scared I don’t wanna sound controlling

ignorance of the law seldom works as an excuse

don't hack devices of private folks, unless a security audit has been authorized

That is exactly what you're doing, I understand you're in a difficult position, but sometimes it's best to avoid beating around the bush and ask.

You'd do more harm if you hacked their iPhone and find out they're not cheating,

if you're wrong and can't "let it go", you will also end up (most likely) single/divorced anyway. Just ask and put it to rest

omg it worked, i am hacker now

Guys, let's not dog pile.

If a moderator is speaking to somebody about something illegal/unethical, stay out it.

repeat offenders will be muted in future. 🙂

Ok

https://tenor.com/view/tank-im-in-a-tank-and-you-re-not-gif-20408974

that sounds compliate 😂

Complicated fr

@boreal scarab i hang them on wall

Trying to install ngrok on kali linux and authenticate it , but this message appears

bash: ./ngrok: cannot execute binary file: Exec format error

any solutions?

How come you want to use ngrok anyway? 🙂

can you do file $filename

lemme try that , i am a beginner

then for sure there is more than just one error

might be ok to leave ngrok for future

Usage: file [-bcCdEhikLlNnprsSvzZ0] [--apple] [--extension] [--mime-encoding]
[--mime-type] [-e <testname>] [-F <separator>] [-f <namefile>]
[-m <magicfiles>] [-P <parameter=value>] [--exclude-quiet]
<file> ...
file -C [-m <magicfiles>]
file [--help]

this appeared

replace $filename with name of the file in first command

but i am so much desperate to use it now

Mmm new level

from your 2nd command i suggest you to learn more of basic before that

oh i need to re verify

Why?

yes

if you just trying to find a file, file will do that

Shoot how can I unverify? xd

ngrok: ELF 64-bit MSB executable, IBM S/390, version 1 (SYSV), statically linked, Go BuildID=HNr7-CBR19va7Qjnw7r7/pQtPKn0iCbKtNwgKBjlI/U8iwWnYDxJEh9uRjSTGO/vjJjiCmcnOUeHYLNDMhl, stripped

Why do you want to unverify?

Read wrong

To update THM level

i can tell you that you need learn more basic

just re verify

Mmm dont i have to unverify for that?

nop

Nah 🙂

It will update your level.

Ahh thanks

How did a curve line turn into a }

https://tenor.com/view/dumbo-sure-excited-gif-15304675

❤️

Nice

https://tenor.com/view/youre-a-wizard-hagrid-afirmation-magic-magical-gif-16533730

Thought you need to unverify or smth

That's only if you want to change your token.

i just want to solve this error "bash: ./ngrok: cannot execute binary file: Exec format error" it came when i try to authenticate it

google is u frined

Can I ask why you're wanting to use ngrok please, this is the third time 😄

this also yea

i did but coudnt understand

that's why i say... learn more of basic

sorry i didnt replyed you , actually i am testing somehting

Testing what? 🙂

umm gophish i guess

||bash commands|| =/

O

oh boy

Phishing is illegal, we don't discuss that in this server. 🙂

dont be angry for that

i knew it , thats why i didnt told ya

https://www.man7.org/linux/man-pages/man1/find.1.html

and that's why he asked

If you know it's illegal, why are you still asking?

That's just rude.

Fancy!

nah i am not tying to be rude , i am just testing some new stuff

Which country are you in?

sorry if u find it rude

my apologize

Phishing isn't something to "try" out or test.

I've already said it's illegal and I would appreciate you no longer ask for help in this server, this is a server dedicated and partnered with https://www.tryhackme.com where we dicuss Cyber security and ethical hacking in a legal and safe manner. 🙂

Are you trying to buy a subsciption or voucher?

alright mate , will keep that in mind for the next time

Thank you very much, and I hope you enjoy learning in here, 🙂

Gave +1 Rep to @cursive cave (current: #2083 - 1)

whats this for?

Rep

Imaginary

lines?

Just shows how much you “helped”

Try a voucher, IIRC India has issue with subscriptions.

Wdym lines

https://tryhackme.com/subscriptions

It's just a rep point when somebody says thanks, or along the lines.

o

Thanks uppers

Gave +1 Rep to @teal spire (current: #2083 - 1)

See

Yk what would be sick

A cybersecurity museum

does bletchley park count

Gave +1 Rep to @sick lance (current: #1 - 2309)

Happy hacking friend! 😄

Never heard of it

Let me see

iirc, it's where gchq started and where they broke the engima code during ww2

they do tours and shit now

That’s sick

Sadly it’s in the uk

miserable piece of earth

Oh

actually it's been sunny past few days, not too bad

mixed with a bit of rain and northern lights

All I know is if I ever go to the uk, I go see the countryside

Morning

how do i add an hour to my attackbox? got a box that said it will expire soon and if u close this pop up it will add another hour but it didnt

It's 8pm and I just woke up

did you at last sleep ok?

scroll to top, there is button that says Add 1 hour

cool thanks, still says 14 min though

Gave +1 Rep to @quartz fog (current: #1043 - 3)

refresh the page

yeah, slept 10 hours

that is great then

14 hours to little bella

I am making breakfast
Pizza!

TIL Most typical Internet users will never see 1e100.net, but we picked a Googley name for it just in case (1e100 is scientific notation for 1 googol)

why is there java in my webserver

lasnight you was talking with dolph with something about java

kotlin

some issue you have or smth

my android app

something yea

there was nice pack of java/kotlin books on humble

I just read the source documentation if needed, don't need books

what's app about ? work or public

work

ah

Kotlin is great

yeah, love kotlin, hate java

Java is stealing all the good parts of kotlin anyway

but I got a working app! I am happy

just need a lot more functionality

fell free to share to test it 🙂

hah, no

the public can't use it 😛

https://tenor.com/view/dead-panda-panda-dead-tired-sad-panda-depressed-panda-gif-10362692796597490493

oooh... finally... my bolts are arrived

first reason: I don't want to doxx myself
second reason: it can't be used without a specific device

binded also to ip and so?

no, as in, it's based on a specific thing, can't go into details

fair

@chilly veldt I DROVE TANK!

drove or drifted?

what kind of uneducated potato allowed that

Drove!

you should have drifted

aaa finger revealed...

That right stick was a bitch. Left was fine

OH NO!!!!

I had to raise my arms just to get into the tank. Couldn't put one in then the other

fat

Broad shoulder

If I was fat, I wouldn't fit into the tank, period lol

aham... big bone's

https://tenor.com/view/tank-im-in-a-tank-and-you-re-not-gif-20408974

im a fish
https://www.youtube.com/shorts/F5y4ytMDTPM

and even worse https://www.youtube.com/shorts/iAo37Y014bM

When I finish my 8 week long course in Python what's next find a another for advance stuff Or just continue to improve?

is up to you

how good you wish use python

Super advanced level for pen testing and cyber security its his dream job

programing is not must for cyber. it does go with it if you wish to make things for cyber and so

you can start making things that you wish in same time as you learn

to learn more of how to

That's why I have this website for it

And premium when I start to work

that's all great yes. go with course and do expend when ypu leanr something. make sure that you understand

if you like to read. humblebundle have packs of python books quite often

Bro i need help

I'm interested in windows stuff on the website I want to learn how to protect my Windows from any threats

Which module shall I use for insert python code into picture?

To fight hackers you need to be a hacker yourself

that's ok. just if you wish to protect you need to know how attacks is happened and understand it

Poor fish

Not true. Plenty of blue team folks (SOC Analysts, etc), who have never been on the offensive side and manage just fine

It definitely helps to have both sets of skills (and that goes for jobs on both sides), but it's not essential

@livid nexus might this two books can catch you interest

nice

Mhm I'm intrigued

How is everyone doing?

slept for 10 hours, been awake for 2 and is incredibly tired lmao

Good I'm starting work in Monday

i have more in area of python but i can't dm you. and wish not to spam here

PDF where?

you can buy them on humble bundle iirc

or amazon

Im not from the us

this. there is pack of python quite often. as i said before

humble is pdf all books

@sand trench cheese

you can still buy them from anywhere in the world

if you buy the pdf version

Couldn't, dual control. So if I went off course the real driver took over

skill issue

hiii

I sent you a friend request

Alright, you tell them that you're taking it off course, not get kicked out and have military personnel there lol

got it

They got a Stug III there, that thing could MOVE

deal, I mean I do have friends in places

whats the best way to encrypt sensitive user data in a database in js? like whats the most secure and up to date library?

@cosmic pendant this your area of expertise?

what data types are going to be stored?

its basically just a json with all the user's data needed for my website

The problem is the key management, not the encryption

passwords shall obviously be hashed and solved

yes ive done that

its all on the server so surely i can just keep it in a file

https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html

But, where is your key. What is your threat 🙂

what encryption does the server have as well

https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html

the threat is just someone accessing the database and reading the data, not accessing the whole server

okay, read those over 🙂

cheers

DES

DES NUTS

hah gottem

rot 13 lol

https://tenor.com/view/scream-run-away-gif-23892939

like microsoft

wdym

I mean, gotta keep the server encrypted as well, don't want people to read everything from the server directly if they got access to the hardware

it'll be hosted on an ionos vps

yup

encrypt the vps

cool ill do that last

best to do it without any data on it

looks at TrueNAS
looks at VM that's encrypted and on a separate VLAN with no intranet access: Kalm

cause otherwise its going to take up a lot of resources

looks at AWS bill after encrypting our SQL server

https://tenor.com/view/not-stonks-profit-down-sad-frown-arms-crossed-gif-15684535

I think it was like a $700 charge or something cause we had to encrypt all our servers

@chilly veldt

Me on right

tanky

Very

ok so as the data is only in the database, should i put the key in the filesystem of the server (cuz i dont feel like paying for amazon kms or azure key vault)

so, let me ask you something

How could someone get to teh DB and not be 'on the server'?

sql injection

but ive already prevented that

so idrk

So, isn't the real threat, that they get on your server

true

and then access the DB as they please

and if the key is on the same server....

what are you preventing... really

yeah

so at that point theres no point encrypting just the data

on the database

There may be other threats that makes sense, but yeah....

THis is a very common mistake I see people make (not that it is a mistake here, but)

yeah i can imagine

Oh, I was repping the THM hat when I was driving

im using sequelize to access my db so when im tryna search the database using model.findOne({ where: {username:username} } and the username comes from a user input, is there a way you can inject code to access the database?

no idea!

That's out of my realm there 😄

Is it in Jabba realm?

Or maybe Jayy?

also would anyone happen to know the average length u should hold auth tokens for in cookies?

until reload

if you don't choose to "save me"

yea but if u choose to save me

Bruh I literally can’t get myself to remember what each of the osi layers do

Only one I really got down is transport and physical and of course application

9 hours

personal preference of course

any insight on how to tackle imposter syndrome?

not looking for some deep psychological analysis. I know yall are not doctors.

trying to remember a quote I read

Does anyone know where your router pulls your mac address from?

Acknowledge that it is perfectly normal to experience, and move on. Learn in bite-sized steps and improve daily. 🙂

Roses are red
Violets are blue
I'm really lazy
And you are too
?

thank you again for testing those adapters fo rme

Gave +1 Rep to @boreal scarab (current: #30 - 252)

You're very welcome!

Depends, on a DHCP system a device will provide its MAC address in a request and ask the router for an IP

so i change my mac address in linux, or windows doesn't matter for my wifi adapter.

i do the comands to view the mac address (its changed to whatever I say)

if you spoof mac address with software it is OS dependent

Why though?

i then go into my router to view the change. it still shows original mac address even after a router restart

i love you

it's usermode based isn't it

wdym

it's all registry changes for spoofing

it doesn't actually take effect at lower levels

so when it's requested, the original pulls

no, that's not how that works

Any reason you're changing the MAC?

no

Then why?

anti fingerprinting?

Against what exactly?

my router?

It's your router though?

yeah

maybe i don't want grandma to know i'm connected

and i wanna look like a samsung tv

@lone thistle might know

aye @mossy river managing to lift my body weight with 3 sets of 8

now what should i focus on

oh boy

legs

Just curious about how it's working is all

aye I can skip that

no

you can't

it's in my networking security book about ways hackers hide their identies/traces online

MAC addresses are hard coded to the chip, you usually use driver level software to change it and using a non-standard mac is not advised and isn't going to do much in the ways of fingerprinting

What you're doing is illegal

no no no

Websites can't pull a mac address though

What're you trying to do?

Hey it doesn't say what the attacker is trying to do. It's just giving common ways that attackers hide their idenities when doing malicious activities.

Example 1) The attack uses a VPN to mask their IP address.

Example 2) the attack spoofs mac address to mask their network address when breaking into a local LAN

it's just generic bs

I think the question was more about what you're trying to do

i'm in the pentagon as we speak

and i need your assistance

lmao

https://tenor.com/view/univac-old-computer-vacuum-tube-computer-mainframe-computer-gif-15703441419802553808

the local starbucks wifi is under attack!

Trolling much?

no i'm literally just trying proof of concept crap

try vpn = masked my ip

changed my mac = mac not change

How often do you guys look back at the osi model

changed my hostname = hostname changed

I suffered from this last year. Personally just taking like a 1-2 week break helped me

but why? we can't help you without understanding why?

I just wanna know how it works is why

nothing more

nothing less

this comes from a feeling of a lack of confidence. increase confidence by providing value to other people,

It's also worth noting, these do not make you anonymous

I figured you have to do a group of things

Even changing everything does not make you anonymous

I was just wondering why the mac address wasn't changing in my router even though i changed it in windows

you can't change you mac

you can't change a mac, only spoof.

it's burnt into the chip

spoof != change

It's not entirely true, some server grade hardware is designed for changing mac

you cant actually change a mac though

some might

well yes, i know you can spoof/change hard serialnumbers/mac on certain lan devices through EEPROM

some server stuff will let you so that you can drop in replacements easily

I think Intel/Realtek but only certain chipset

That's not how

isn't that still a physical part replacement

no you can actually flash a new mac to it

so it's perm changed

even at bios level

In consumer hardware it's burnt in, you cannot flash a new mac to it normally

is not

i mean on bios lvl

i guess if you could write to the chip you could try and change it but that's way above anybody's average skill or resources

Source?

Oo this is perfect time to quiz me

for example, i flashed my realtek lan to all zeroes. and in bios it's all zeros

ill find the tutorial for you, one second

Bios level is presentation right or is it session

did it appear as all zeros on the network?

or did it just break?

it appear all zeros on my router

There will be hacky ways to change mac address but there's no real reason on consumer hardware

Imposter syndrome is perfectly natural and healthy. It just means you feel you don't know everything and you might be asked something and put on the spot. Just say you'll look it up and get back to them. Nobody knows everything. Lots of people know way more than I do. Work hard to make yourself better. That is all I know

Edit: Act like you know at least a little bit. Fake it til you make it; except when pushing to production. If you make a mistake, make it twice so everyone thinks it was deliberate

In fact, on your own network there's no reason to spoof your mac either most of the time 👀

So again I refer to scrubz as your port of call

Damn I might have that

Hello can I ask something

Speak away

Can I ask something I want to know

And of coarse I cannot find the stupid tutorial that I followed. That was on a chinese website

yeah the best way to combat imposter syndrome, is to realize if it goes away it's probably a bad thing because that means you might be over confident in your abilities. i think a little bit of honesty with yourself goes a long way, but the value you provide to others helps you to be confident in what you know, because people can validate that knowledge in you and rely on you as a result

?

Again, there's no reason to mess with it, just do your research into how communication works and it'll make sense, you don't need to do it practically and I'd advise not doing it practically for a multitude of reasons

What if I want my laptops mac to look like it's from the NSA though?

There's easier ways to do that

you trolling right ?

To who 🤣

Do you know many NSA mac addresses?

Yes, I don'tw ant it to look like the NSA

put a hacker sticker on the back of it

Yes

Who're you going to hide your stock mac from? Grandma who's never even acknowledged the weird magic internet box?

@crude stump can I hack someone phone and erase someones phone all data is that possible

So how would a mac address make you seem like you're from the NSA?

Op scrubs

Nobody, i'm literally just reading it out of my college textbook and wanted to do proof of concept

Even then, say they had acknowledged said magic internet box, do you think they know which MAC is your device?

Another one

hey James, idk, maybe grandma knows a thing or two.. not just about MAC and cheese

I'm not hiding it from anyone

Just wanted to see if it was possible

That would be illegal, and a massive invasion of privacy.

Why

My recommendation is don't fuck with things until you know how and why it works

Yes it is possible

And the only thing i've found possible was to write eeprom of certain LAN devices

@crude stump because someone blackmail my girlfriend

name checks out

Hence the me asking questions so I can figure out how and why it works

Know what happens when two of the same MAC address appear on a network?

Contact your local authorities.

Law enforcement

What scrubz said

https://ic3.gov

yes

You can read into that instead of playing with what you don't understand

Go on then

@crude stump yes I already did but I am helpless

Aside from reporting and ignoring.

That's all you can do.

If you decide to be a vigilante it will throw out the case and your guy will never get charged

Yes, i've googled how does a router pull the mac address. But don't understand, my my mac address says 123:123:123:123 in windows but my router shows the original mac address even though i've changed it

Let them figure it out. Taking matters into your own hands is one illegal and it puts you in even more trouble

The legal system has an order. If you try to expedite it, you will risk some error in the process and the guy will be let off the hook

You don't understand how networking works then, the router doesn't pull the mac address, the device tells it using a series of packets

@crude stump but he continuously blackmail my girl and he tell the girl he have something video of my girl

that's layer 2 not layer 3

data link = layer 2, there's no routing in question with the mac

@crude stump the girl already comited suicide one time

that's all switching

?

You understand what I meant, yes the device tells the router what the mac is

Makes no sense

you need to report this to your local police station

@crude stump because of she is blackmail my girl that's why I request here can anyone help me

@mossy river

I'm right here.

ah sry

https://datatracker.ietf.org/doc/html/rfc2131
https://www.rfc-editor.org/rfc/rfc826

Stop playing with fire without knowing how it can interact with a network and start reading lad

Smh ralex

you can't change a mac address, again

Cmon man

I'd appreciate @crude stump and @golden timber to take a step back.

I'm learning this now

Got ya

this is not thing that is to talk here... ill guess

Yes I already told the police but in here our country the police is so very dumb

so when changing EEPROM data is that just BS?

And how do you feel about vomiting a Cyber crime?

It may work depending on the NIC but it's not designed for it

Commiting*

seems very complex to pull off if it's possible @lime trout

🤮

@sick lanceno I don't want to vomiting cyber crime but each cyber crime I want to help someone

https://ohlia.github.io/Wiki-site/wiki/Network/Intel-Ethernet-Network-Adapter-Flash-Tool-eeupdate/

it's very easy to pull off

Eitherway MAC addresses form some of the fundamental basis for communication so you shouldn't mess with it unless necessary, just read into ARP and DHCP using those links I sent previously, you'll learn far more than messing with what you don't understand

Hacking in to a phone, deleting data is exactly that though.

yeah maybe read about dhcp before changing macs. understand layer 2 vs layer 3, very important rudimentary concepts to get familiar with first

I agree

It's very specific to the adapter chip as you're essentially mimicking what the oem did when they coded it, that being said they aren't designed to allow rewrite usually

Instead look into the OSI model, ARP (RFC 826) and DHCP (RFC 2131)

Especially when it's a home network with 3 devices on it. Changing the mac to something that isn't correct could be devistating.

I've already sent the links which explain how they work

@sick lance yes I want to his phone hacked and erased all data of his phone so that he didn't have any video or something or my girl

Data link and network bam

It absolutely can be

yea but you know there's a gap when you think switching is layer 3 lol

If you end up with a conflicting mac it can lead to packet loss and all sorts

It's for that exact reason macs are unique

though I guess sometimes layer 3 switches exist

Well good news is, you can always eeupdate a different mac back to the original

limited routing capabilities though

What if its backed up to the cloud, still pointless

Yeah, that's what I'm telling you, its illegal.

If you continue to ask about this, I'll have to take action and temporary lose the ability to speak.

Yeah

Can you not?

is it on the internet?

Yeah but there's no reason to mess with it and actually if you read into EEPROM at all instead of blindly following instructions, you'd know there's a finite amount of writes for them

Ok I am sorry but I just want to try someone help

Sure

:mute: payloads#0 has been muted.

I'm urging you to stop messing with stuff you don't understand when it's not necessary or advised and there are well documented standards to read

You know how you learn? By messing with stuff

No, that's when they're not already documented

Mess with stuff, and read why it breaks

that's how i learn

Well then set up a sandbox environment and use VMs

Wait so why do both layer 2 and layer 3 say switch but mainly layer 2 switches. What senario would layer 3 switch

I understand fucking around and finding out but not when it's on a network with other devices

Are you thinking about the OSI or the TCPIP?

Switch with routing features, usually related to VLANs

Is anyone know how to create a bot then please send me script

A bot for what?

Osi

Cause with OSI layer 2 that'd be mac while layer 3 is things like IP

@naive violet control any device

:hammer: luciferchndpur#0 has been banned.

Oo

That’s why

I only had a quick glance at the conversation, but oh boy... The "burned in" MAC address of a NIC has nothing to do with the MAC address used in a network for layer 2 addressing. The former can usually (but not always) not be changed, the latter easily. That's neither complicated nor risky. Turns out modern phones constantly switch the MAC addresses they use to connect to Wifis for privacy reasons.

What

They literally are those addresses

They do that very differently

They come from proms

Differently to what? I didn't specificy a method.

MAC addresses can be local or universal and when set by the OS they are local and are identifiable as such, they also tend to use a particular series of algorithms which should reduce chances of a conflicting mac

This lad is suggesting arbritarily setting his own MAC address and ignoring the OS and NIC and not worrying about what happens on the network if anything goes wrong

All for the sake of learning if it's possible, when he could actually be learning how it would work and why by understanding the network protocols and models which make up the basis of communication on networks, that was the discussion

Eh it's flashing the NIC, it's more or less official

Not just flashing the NIC, he was also software spoofing

You do it on low level stuff all the time

Yes but not manually that's the important distinction

Yeah either works, just not a lot of purpose most of the time

Nah you do set them manually on embedded systems, like addons for arduino

Yeah but when you don't do it directly, you're not in control and also not doing it for the sake of fucking around and finding out

But you are

I never set mine on my arduino shield

Yeah you don't have to

It'll be pre done

My advice is more about not doing it when you don't need to

I think at this point, caveat emptor.
If you were warned and you break something, it's your own damn fault

well yeah but my concern is more for the others on the network

james squared

I've accidentally taken down networks before and I can promise no one in the house was impressed 🤣

lol simulate the service level agreement, put it on the resume

I accidentally had an ethernet over powerline providing internet to a switch along with an ethernet socket, it caused all sorts of collisions when they tried to send data through to devices on the switch until it took down the network and the router shit itself

oof

I didn't realise, I'd had the ethernet over powerline as a backup to my room because the ethernet went through my parents room so they could unplug it haha. I was a nightmare child when it came to tech

so did it just cause a loop?

I had about 5 different ways of connecting to the internet in my room just in case I couldn't use one, they tried blacklisting my mac and I used another NIC

Yeah more or less haha

Holy moly.

discord has parental controls

Was about to say, scrubz is an expert

https://www.lifewire.com/discord-parental-controls-7629492

No, this would illegal

You can assign parental controls.

Or just ask to see them.

Gave +1 Rep to @golden timber (current: #127 - 52)

busy night eh scrubz, it's a nightmare being an expert 🤣

be honest with your kid is my opinino

not really

yea but the trust goes a long way

It's harder to not talk to your kid 🤣

^

doing things sneakily as a parent kinda ruins the trust

just my 2 cents

It also encourages them to go against you

I remember telling my parents, "if you put parental controls on my devices, it'll become my sole goal to get around them", they did it and I got around them

lol

When a kid has a will they have a way, just talk to em

yeah if my parents were just like, hey, we think you spend too much time online, touch grass, I'd much rather they do that then declare war and blacklist my mac, it's game on

Yeah, they tried that with me and I told my dad the next morning that I logged onto the router and unblacklisted myself and also used a separate nic to see if that'd work

lolo

I word for word said "you must think I'm stupid if you thought I wouldn't know you banned my MAC" - I was maybe 14

it's too easy locally

My parents didn't even try

Knew it was futile

yep

I then told him, I can use my wifi adapter, my other network card or tether to my phone, ooor I can log onto the router and unban myself. He said it was a password I didn't know and I told him I knew it, he didn't believe me until I one day entered it for my brother so he didn't have to get up

My parents accepted by the time I was 15 that it wasn't worth trying to stop me and that they just had to trust me

i bet that password was on rockyou

nah it wasn't

o

I got the 4 digit pin for my psp with custom firmware and a tool which would tell you it

well i bet the router was on port 80

my parents asked me how to

I got the generic password for most things by saying I'd forgotten the password for the antivirus when my parents left themself logged in on the admin account with the thunderbird email for themselves

it was back when trend micros password reminder literally emailed you your plaintext password haha

omg

Chat

sorry I was practicing lord of the rings on violin because it was in my peripheral vision

was always scared to practice so stopped playing two years ago but thought I'd bring it to uni in case I ever decided to get back into it

do you play any paganini tunes?

I've never been that good unfortunately haha

I'll have to try get some more practice and get good at it

hes a relative of ours...

true. even i cannot play it

I started playing in year 2 and stopped in year 11 but I only had lessons each week from year 2 to year 6, anything after was just playing in an orchestra each week and that was my practice haha

practice, get paid too 🙂

Nah it was a youth thing so no getting paid ;-;

I did enjoy it but I preferred it for the social aspect and when they started playing grade 7 stuff I was falling behind because I wouldn't practice at home because I was anxious about judgement

yeah, violins are picky that way, one flase move and screeeeech.

I always wanted to play violin tbf

looks like i missed the fun a lil while ago

Rate my password 1234567

hey...

it's just stars for everyone else
see ********

Ah

How?

Completely forgot

Magic

hola

|| if you're asking about the asterisks that part was a joke ||

So i started an entrylevel cybersecurity course a month ago but I kinda suck at time management

Are you a robot?

What?

hey same

well, the time mangaement part

Captcha

disboard verified me

say orange

👁️ 👄 👁️

Spot the stop light

ya know who has good captchas

Who?

is that even a person?

Let's not discuss cybercrime forums @molten sky

fair not to name em here

they do have good captchas tho

No

wonder if anyone else uses them on a more proper site.........off to the interwebs

It’s a monster

what do you mean by monster?

Scary mean

also hey @ James haven't seen that name in here in a while

This monster right here

Steals computers

Watch out

OP

rate shadows password:
correct horse battery staple

Very good

✅ 🐴 🔋 📎 (there wasn't a staple)

how can i fix this?
i tried adding ubuntu's sources list PLUS kali linux's sources list it still doesn't work

anyways shadow is gonna try for the sleepiest sloopity sleep sloop while the beep boop to the meep moop

oops

You shouldn't do this. They might not be as closely compatible as you think

why paper clip instaed of staple

Night shadow

then what do i do
ubuntu sources list alone still didin't find zenmap-kbx

no staples emote

look for ppa

You can follow this guide, but it might cause problems with your config, as Ubuntu nmap doesn't have zenmap any longer. Do this at your own risk

https://www.how2shout.com/linux/install-zenmap-nmap-gui-on-ubuntu-20-04-lts-linux/

Or just use nmap in a Kali vm

cause (there wasn't a staple) available in the emoji thing lol

Personally I consider any password I entered anywhere online but the service it's dedicated for leaked and not use it anymore. Making this service rather useless for me...

Wdym

You consider everyone of your passwords leaked?

That the moment I would have entered a password on a service like the one you screenshot, I wouldn't use it anymore.

They say they don’t save anything you input but 🤷‍♂️

Says if only uses the password to generate a hash

What the

Fina and productivity

he means that if he signes up for x then that password is burned

ya

do you guys keep a file (eg csv) with all your password manager's passwords like in an external drive, "just in case"? Or nah?

There’s a imposter among us

i have one but not sure if it's worth the risk

cskills joined the cult day 1

in case i lose the drive somehow or something

It’s a cult?

I just remember it in my brain

you mean backups of contents or saving the master passwords somewhere?

I even keep a copy in a different physical location

backups of contents yeah

not the master password

backups yes, but they are completely offline and encrypted

stg

Uh almost like they already got your password lmao

nah... 🙂

was just thinking that i have 0 encryption on my offline backup drives also, lol. dont have bitlocker and never bothered with veracrypt

Got the original on SecLists lol https://github.com/danielmiessler/SecLists/pull/155

i use my sister photographic memory to backup my passwords. just in case.

i wouldn't use bitlocker just cause it's proprietary lol

what do you use then

veracrypt

/ luks / etc

'aight i guess i'll watch some vids

veracrypt for external bckp ssd, and luks for full disk on laptops

wonder what the practicality of using gpg would be

tbh i was also tempted to just upgrade to win 11 pro on my main laptop

it's only $100 or so

have you considered upgrading to not windows

😭

one day

@graceful thistle Check diff https://github.com/danielmiessler/SecLists/pull/155/files

the thought just popped in my mind since i'm moving soon, and i'll likely bring most if not all my drives with me. "damn, what if they lose my bag or something and someone gets their hands on my UNencrypted drive with a .csv file of all the contents of my password manager?"
and yeah i tend to be paranoid fml

encrypt encrypt encrypt

my boot drive is encrypted

encrypt everything

Don't ever use a password manager that stores passwords unencrypted.

what about android

That's a terrible idea.

with veracrypt my understanding is that every time i want to access the encrypted drive i need to open vcrypt and mount the drive correct?
I thought I could just click and put in the password lel

Modern android devices have full disk encryption by default

"disk"

android for the most part has encryption at rest by default but implementations vary manufacturer to manufacturer

mh i use bitwarden, but not sure if the contents file i saved is encrypted as well

bitwarden +1

could be, i forgot lmao

yeah it's great

in room : eternal blue
we can like "bypass" flag in last task, all flag link are in : C:/Users/Jon/AppData/Roaming/Microsoft/Windows/Recent
its normaly ? i think yea but its not a good idea

you can set some options. but most you need select and mount

I correct myself, Android does not use full disk encryption technically. Files are encrypted though.

IOS isn't either

😛

but yes, everything is encrypted with keyrings that is used to decrypt everything per app whenever you turn on your phone, though all logs, pictures, etc. is not encrypted if you were to extract information about the phone, only the services that are encrypted, such as signal.

this is a rather advanced topic though

Jfc... Not even 5 minutes in being in NJ, 3 fucking cars come close to hitting me and weaving in and out of traffic

welcome

Can I leave?

nah

https://tenor.com/view/shit-leslie-jordan-gif-11334450875675318506

just move

That gotta be a joke issue?

Right?

Hello, quick question, what are the ways to know the PSK when it is changed, I mean A plan after the hack in case the PSK changes, (With Knowing the password of the router)

I have heard about DDNS or enable WPS and save the PIN, are there other tricks?

that's gotta be a pisstake

wdym?

As in for persistence on a wifi network?

But family

family is not needed

Yeah

What sort of use case are you looking at?

Sorry, I didn't understand well your question

Why do you want to know?

For the same reason you ask questions of this kind, to learn, and to protect myself if that is possible

My question now becomes, can you explain what DDNS is and how that would be used for persistence? or the WPS code?

I'm trying to understand how this helps you

You can search through Google if you want to know this. This is available on the Internet. Do you want links to the explanation?
Regarding WPS, I think the matter is clear. You enable WPS on the router, choose a PIN, and then register that PIN. By changing the PSK, you can connect to the router via WPS with that PIN.
As for DDNS, I think it is best to search for yourself to understand more clearly

I understand how they work and the risks they mitigate, I'm trying to consolidate how that helps you prevent persistence

How do you intent to prevent a dynamic dns from being registered on a compromised network and how why do you think that mitigates the risk to the wireless access point?

Well, I've already answered this
But regarding how this can protect you, simply check the WPS on your router, and check the DDNS settings.

DDNS can be setup by any device on a network though, your router merely makes the process simpler by having the option (depending on device)

Well, of course it is necessary to monitor the devices connected to the network

It's also worth noting that disabling WPS does not always eliminate WPS vulnerabilities

If you wanted to defend yourself you'd be looking at IPS and/or IDS, so again I ask, why do you want to know about persistence?

But really, I'm still a beginner, I don't know well what this really means

Dynamic DNS is a service, any client can run it, it just tells the service that your IPs changed and updates their records, any computer can set a ddns client up

truly!!

wrong gif

https://tenor.com/view/drinking-booze-boozehound-wasted-alcohol-gif-23077846

there

There's plenty of cloud services which routers can be configured to talk to but there's also plenty of client based ones which will update DNS records for the domain provider so "disabling" ddns doesn't solve the issue. Furthermore DDNS would not stop persistence, it may allow them to stay on a network if the IP changes but that's it, if the network is still vulnerable that's how they compromise it. It also won't enable persistence to a wifi as much as the network itself

But when the PSK is changed, the computer will have left the network. How will the device know the new IP then?

Devices don't connect to wifi using an IP

Just when I get used to the new discord mobile UI, they change it again ._.

If your network is vulnerable or they already have persistence they may use your IP but if they're at that level of persistence they may well run their own DDNS client on an infected host or use a beacon to broadcast the infected network's public IP to the attacker

The point is that you're talking about preventing persistence when you don't know what you actually want to look at, don't bother with persistence, bother with keeping them out in the first place

Nah, more NJ legal, federal illegal stuff

Once the basics are down you can look at other stuff after, like your intrusion detection and prevention systems. The entire point is to prevent them from getting on and gaining persistence, if they do there's a multitude of ways they can get persistence, some depending on the vulnerability

Mitigating risks of persistence include mitigating risk of compromise and assessing your network and what avenues they could use for persistence, such as an infected computer on the compromised network

@finite basalt

Well, I think I did not understand well. Perhaps I should look closely at what you told me and use Google, because as I told you, I am still a beginner. There is no need to bother you with questions that I think will seem to you like beginners.

Well, thank you for your cooperation

Gave +1 Rep to @finite basalt (current: #102 - 64)

Is that something common? Running a ddns client on an infected machine?

Depends on the attacker

hehe

and the motives

If it's a generalised attack it's less likely, if they're actively targetting one network they may well, either way it was more about the idea that the ddns on the router is likely not that important especially as it's not usually configured by default and doesn't prevent an attacker using their own

They're more likely to have a bit of kit on an infected machine which sends out beacons which include data about the network including things like IPs, that's what most C2s do iirc

Ah okay, I was wondering which scenarios it would be useful for, using an implant with c2 makes more sense

been researching stuff all day and getting brain-fried

I mean there's better ways I reckon, like beacons

I feel like if you're trying to get persistence on a network most attackers are looking at using a C2

What you looking into?

Unless they're looking to run something like a botnet on your devices, I find it unlikely that most attackers will care about persistence which makes it easier for them to get caught, they'd likely rather be in and out

Ah I see, thanks for the info! @finite basalt

Gave +1 Rep to @finite basalt (current: #99 - 65)

Wait I swear I was #99

That being said I'm not the attacker and I'm still learning so if any lurker does pentesting and disagrees please correct me

Oh there's 4 of us

who wanna learn c++ w me

you never know nowadays lol
wouldn't put it past someone to open that legitimately

the replies enjoyed it tho

Oh that’s cool. So company’s that has different departments work on different vlans?

Or building

So I got my computer stuff but I’m confused if this one connector goes in this spot since it’s not labeled the same

Plug it in and hope for the best

Or on the safer side

Try to google different plug styles

Currently doing that

Tell you what, I love that I can call my bank at 3am. I appreciate that there's less staff so I'm on hold but they've fucking awful hold music 😭

I really need a new chair for my setup at home

my body sore from sitting in this all day

Hate that music

Like why can’t they use some actual good music

It's like fucking piano and jazz, it'll put me to sleep

and it's the same song..

apples got actual songs

cause they can afford the copyright

I love and hate virgin media's, they've got chandalier but it's quality is dogshit

Like it's funny and a nice change but it sounds awful because it's a phone

DMA no work?

wdym?

nothing

i need to read

Mans trippen

Swear

I was listening to my own music but I swear to fuck if I hear another round of this hold music I might need putting in a straight jacket

It's so damn dull, I want rock music or punk music

https://youtu.be/3NycM9lYdRI?si=FwlB-Yap9lbvynq7

There you go

They said it would be 6 minutes wait 14 minutes ago ;-;