#general

which archinstall can't do

yeah

you might need to make the others smaller

@sick lance https://youtu.be/7inhRWxQMFk?si=CDZsCFdMP-bhFEAP

This sounds right up your alley

I watched that earlier lol

please don't tell me you are doing pentesting stuff on your main computer without a vm 🙏

oh God

@rapid merlin help

it does matter

bc pentesting often involves running sketchy stuff

including stuff from exploitdb

which wouldn't be the healthiest to run on a main computer

If you are going to practice pentest on AD, you will need 8GB for the AD vm

Another 4-8gb for the kali vm, and then etc

he said he is doing all his pentesting stuff on his main computer

no vms

Yeah, well… taking ur meds might help

Cauz thats insane

if you are running the software without isolation, malware can still access the other ssd

You idiot! VMs have snapshots

snapshots are easier in vms

you can still do that in a vm

that is how we all do stuff

Please don't call others an idiot just cause they have a different view than you

Kinda ruins the mood in here

Sure

yeah

we'll have to configure it later once you have the rest installed

Noted

you can continue

but why not use a vm?

I'm fairly sure keeping your stuff safe is a bit more important than "feel the same"

although I get where you are coming from

it can help by installing the qemu and spice guest stuff in the vm

so you can change the display resolution

so it looks better

where do you store it??

unless its not your main

"

The risk is that you are joining a network of people intentionally emulating malicious actors, often while using pentesting distros you may have spent minimal effort hardening.

The benefit of a VM too is that you can just tailor it to your workflow, save a snapshot, and reset it whenever you want, personally I’m pretty messy and do that just about every time I join a new CTF.
"

courtesy of a reddit user found from google search

what about logins?

single point of failure???

malware can steal session tokens

bank details??

private information??

some malware make you join botnets

but is it worth the effort?

just use a vm

also it makes it a lot more risky for you to join other organisation's networks

it is definitely not

especially if you have bills to pay

not the bank, moreso the services you use

just use a damn vm bro

if something goes wrong its as simple as rolling back to a snapshot

or deleting it

to each to their own ig

anyway lets continue the install

use a wm troll~2

I recommend swaywm or hyprland for wayland window managers

you can do the same on sway

since it basically has infinite customizability

sure

also take a look at hyprland

@rapid merlin what is your gpu

everything except nvidia has good wayland support

where would I post a question about a possible bug in a room? I've noticed a couple of questions seem to be in the wrong order.

prolly go with polkit

I use ly

mainly cause it looks coo,

hey @boreal gull you around? no idea what time zone you are

what was it?

are you sure your in te install media?

should try Linux From Scratch instead -- far easier

not chrooted or anything?

gentoo trollclassic_c

ngl i was tryna remember the word gentoo but just couldn't

it should be fine

it'll probably be easier if you do it manually

and just follow the install guide

it takes like 15minutes-30minutes to install arch linux manually

it can be shorter if you know exactly what you are doing

@rapid merlin do you want me to guide you?

how 😭

"who let bro in the kitchen?!?!?!??!"

do you want me to help you install in dms?

sure

I literally have nothing better to do

Carcharodon carcharias

Hey ya

Morning

oh god, it is morning

i gotta get to sleep

heyhey. anyone done the kubernetes hardening box just out?

cluster hardening is called

last line you have to answer what is the base64 of a networkpolicy spec

  PodSelector:     app=backend-service2
  Allowing ingress traffic:
    To Port: 8888/TCP
    From:
      PodSelector: app=replace-with-service1-label
  Not affecting egress traffic
  Policy Types: Ingress

But its always wrong. I guess because of spaces

if I reset progress to a room do I lose the points I got from it? doesn't really matter either way, just todays brain worm

hi

Is there a way to share individual badges as opposed to the entire webpage?

if being good at nothing is a crime, lock me up 2

Hey, please use #room-help for help with rooms

ah ok

Or alternatively, #1255175897464442952 for that specific one

you dont lose points but get no new points when answering question

Awesome was hoping that was the case, ty

Gave +1 Rep to @junior wraith (current: #2117 - 1)

@molten sky would you still love me if i was a worm 🥺

i guess not...

all these people call themselvs my friends 😦

they just love me cuz my human form

they are humanists

Aren't you one?

no

i would still love you if u were a worm

i promise

me?

yes

I wonder where that originated from

i just wondered

Gave +1 Rep to @neon river (current: #462 - 10)

i am now 😦

hey

Babe, wake up! Steam sales is online!

need help

anyone main in forensic?

im abt to publish a study ive done, need some feedback before

with all due respect to THM and its members, isn't this the wrong place to look for research sparring?

Hello 👋

Henlo

oh well, time to root publisher I guess

gawd i cant wait for the next advent of cyber sidequest

Good morning

Does anyone know of a wardriving project that uses, for example, 14x esp32 modules - one per channel - with guides on how to build it and the FW needed etc.?

morning

I have 1 esp32

me too

but that can only listen to one channel at a time

man.. my local version of "Door dash" to those who know that, has a campaign at my local bakery

50% off on cakes

I ordered this huge strawberry tart 50% off.. it's so good

it's normally like $20

got it for half

On sale so it tastes better

exactly

guys how can i check if a link is safe to open or not

if sus, don't click

if you wanna sneak peak, use https://urlscan.io/

my friend sent me a link, idk if to open or not

dunno either

maybe they wanna steal your discord account

You could also use virustotal and URL2PNG

i did it, but how to know its safe or not

try opening it on a device that u dont use

guys i think i have found a very bad and illegal site

what to do

can someone confirm for me

uhm

notifying the police or other authorities is probably the only thing you can do

don't go to the site, if you're concerned contact your local law enforcement as birb said

If it's a phishing website you can report it here

That's not great advice.

hi does this mean i can come back and reactivate it for 1 month without paying more than 14 ?

Ah Blackout is replying, I was about to ping them 😄

It’s quite a new feature iirc you can resume it but i think it depends on when you paused it e.g. if you paused after 10 days and resume after a while i think you only get 20 days left of it

I think that’s how it works anyway

But you won’t have to pay as you already paid for it

okay, thanks

when pausing account you dont have to pay and streaks get saved?

What is the point of spoofing source IP in nmap scan? the target will reply to the spoofed ip and you can collect response to analyze, sure makes sense, but why don't you just use the spoofed ip's machine to do the scan? What is the actual point of launching from machine 1, using ip of machine 2, to target machine 3? Why not just use machine 2 to scan machine 3?

good question 🙂

What happens if you don't have access to machine 2?

Then how would you even capture the traffic on machine 2 for analysis? The point is you have already access to machine 2 to collect responses.

Target is machine 3. You scan FROM machine 1 using, spoofing machine 2's IP. So when machine 3 replies to those packets, the responses go to machine 2.

Well, you might not care about getting the responses back to analyse

Another possible use of this flag is to spoof the scan to make the targets think that someone else is scanning them. Imagine a company being repeatedly port scanned by a competitor! The -e option and -Pn are generally required for this sort of usage. Note that you usually won't receive reply packets back (they will be addressed to the IP you are spoofing), so Nmap won't produce useful reports.

LOL

That's crafty.

Kind of a dick move too.

Try to implicate someone else. So then if you can spoof packets so easily, what makes the legality of portscanning viable?

You could literally port scan anyone openly/brazenly and then claim someone must have done it and given your ip as a spoof ip so I got the replies, implicating me.

So burden of proof is upon YOU to prove that I am the actual party who launched the scan

Spoofing only works in a minimal number of cases where certain conditions are met. Therefore, the attacker might resort to using decoys to make it more challenging to be pinpointed. The concept is simple, make the scan appear to be coming from many IP addresses so that the attacker’s IP address would be lost among them. As we see in the figure below, the scan of the target machine will appear to be coming from 3 different sources, and consequently, the replies will go the decoys as well.

I see.

So you can launch a scan, and then given dozens of fake ips to mix in, and try to hide your real ip in there hoping they won't be able to identify it.

Hobby project idea: a shell wrapper that intercepts TCP (and UDP?) packets towards a targeted machine, then replicates the command that produced those packets in n number of replicas (like how pspy works, the most recently run command is likely the one producing packets). Each replica has a spoofed source IP from the local network, given some list of ranges to pick from.

It would appear as if the machine is under attack by n machines at the same time while InfoSec will scramble to find the right culprit among the many fake requests.

Still though, if you scan all ports using mulitiple spoofed ips, the original ip will eventually get all replies, but they won't know which of those is actually you

I see

https://security.stackexchange.com/questions/48523/how-to-find-the-actual-address-of-spoofed-ips

Here's a discussion on it

https://serverfault.com/questions/381393/can-the-ip-address-for-an-http-request-be-spoofed
And another, you wouldn't be able to do it with TCP due to the handshake, which makes sense

There are ways to mitigate it using packet similarities

And handshake check

As Jayy said

Trying to share any completed room on linked in or etc. uses the exact same open graph information so all posts look exactly the same. The OG data of the actual ROOM should be used, instead of the main site.

Where can I give this feedback?

All room OG preview data looks the same.

how to hack facebuk?

oo yes thanks u

i already named my pc to anonymous

is seclists no longer in apt?

can`t find it

Depends on your repo

oh, i just realised Im on Mint lol thx

No it’s just a pause on the subscription, streaks will be reset

is THM thinking of doing side quests this year? for AoC

i use arch too (btw)

I don’t know

https://tenor.com/view/kmt-yeah-right-hmmm-really-gif-21502858

hello

u use gnome????

U take notes for CTFS?

y?

I just do writeups on medium for most of the CTFS I do

I mean i used to take notes for CTFS if i was stuck

to put it onto "paper"

ooooooo

syntax is annoying

u:/username right

something like that

https://tenor.com/view/arch-linux-arch-linux-gif-25380879

A friend of mine just signed up for THM, is there a way for me to refer him, or once he has his account its not possible?

Yeah pretty sure

Have they signed up already?

yeah just created before I could find the referral link

Refer a friend

@near hawk

Does the referral link work with someone buying premium if they already have an account?

Or is it new account creation and punching premium?

did this, apparently its just a signup link, no way to "link" a fresh account

Wdym link?

are u guys trying to add eachother?

Punching, purchasing same difference.

nah we are already friends, I was going to refer him so we got the $5 bonus when he subs but he had already made his account before I could find the referal code. I was querying if I could still refer him if his account had already been created. All good though, im sure Scrubz and Blackout will point me straight (:

Idkkk

on the referral thing it comes up on who signed up using ur link

yeah, I'm saying he didnt sign up via my link because he made an account before I found it (:

No, they have to sign up with your referral link to work

Shame, i mean has ur friend done any rooms, if not he can just delete and make a new account under ur referral

no worries, ty for the confirmation

Gave +1 Rep to @near hawk (current: #53 - 141)

Haha remember that old bug on admin.tryhackme.com, admin access to all users, cleartext passwords if my memory serves me right

someone should check it out

https://tenor.com/view/thanos-throne-gif-11749679

https://tenor.com/view/troll-dungeon-harrypotter-gif-5157432

https://tenor.com/view/do-a-little-trolling-we-do-a-little-trolling-pondering-hq-gif-23790988

https://tenor.com/view/ban-hammer-futurama-scruffy-gif-20750885

Hi all 👋

this guy might be hakcr

https://tenor.com/view/anonimous-hacker-gif-25488931

this is a video of him

I am a certified noob

Oh okay

Well Hi

Welcome to tryhackme

thanks 😁

Cool

Is there a provisioning time on the code once they receive it? my mate is getting an invalid coupon code message when copying it from the email they recieved

pong

They have 1 week to redeem are they putting it in the reddem voucher or when they go to purchase

Metasequoia glyptostroboides

I’ve removed that image 🙂

They are putting it in the purchase window and its returning "invalid coupon code"

after selecting the plan, but before entering payment details

wrong

chat

😂

This isn't a shell, homie

Good luck

No sleep for you

hey peeps, I started OWASP Top 10 room yesterday which is considered for total beginners, though I can't even pass the very first one that requires to run commands at [Severity 1] Command Injection Practical, is it OK to watch a walkthrough? how do I make sure I actually remember it all instead of just watching a walkthrough and answer the questions like a copycat robot?

The way I do it is I go through 15 minutes for each question if I can't get it, I look at the walkthrough, write down the process then complete the section then I clear it and try to do it without the walkthrough if I can't I rinse and repeat until I can. It's helped me at least. I hope that helps you.

thanks, that seems also a good idea, I thought of following a video (walkthrough) and then erasing my progress of the room and trying again by myself completely

Gave +1 Rep to @stark moon (current: #2117 - 1)

👍

also I went to look at this one, part of it is it might be helpful to know Linux to complete the room so possibly go try the Linux rooms to get some familiarity

so sometimes you might have to build up some foundational knowledge first

💯

hey

so there is a room in linux privvv about a kernel exploit

called CVE 2015-1328

i want to understand how it works but i can't read throught the code

Search it.

there are only showing you how to exploit

no one explained

did you search for CVE-2015-1328?

sure

i want to see how people exploit theese things

you wanna know how people find exploits or how they exploit them?

how and how

i think both

well how is a lot of dedication and work, sometimes things are by accident but often its by looking through the code or trying things (aka fuzzing) to see what might break

how they exploit them is with the code developed... sometimes you don't need code, sometimes you do

is there some sort of youtube channels who exploit and explain

thank youbtw

Gave +1 Rep to @tired peak (current: #15 - 487)

possibly, I don't know of any but also you said you don't understand code, that might be a first step

yup i need to understand the code

but the exploit is 200 line of c++ a lang i don't a thing about

maybe i need to learn it

https://tenor.com/view/shocked-surprised-gasp-what-cat-shock-gif-635629308990545194

yes, c/c++ are languages to learn if you want to look into exploit development

what do u do

what do i do?

yup

i mean what feild

cybersecurity

i know

i'm a cloud security architect

sounds fun

have a great day

it is

you too

maybe

i'm not a fan of cloud stuff

well cloud is everywhere and hard to get a job that doesn't touch cloud

sounds like a blue team member

no, blue team is something specific, its design but also in order to design, you need to know how something works, how to secure it and how it can be abused

ofc

i think cloud is the last thing you need too know about

as a beginner

well there are a lot of things to know about, I dunno if I'd put cloud as the last thing... possibly exploit development would be the last thing a beginner needs to know

They cover it pretty early on at my uni, I think it was first year we had a subject dedicated to it

both a are the last thigns youll think about

nice fishs

ty (:

You're late

i sux yea 🙂

yo, In firefox while browsing websites it automatically redirected to this site like not for a specific website this redirection is occurring. it is occurring for all the website, to be honest i dont even know whether it is a redirection or it just opening a new tab. its so sus but dont know what it is, only occurring at firefox. Any help or info pls?

Do you have any browser extensions?

seems like an extension is hijacking your start up page or search one

cant cookies do that too?

yeah, i thought maybe because of that so reinstalled firefox but still occurring

Not by them selves

now there is no extension is installed

Do you have any adware software? Or software you don't recongise?

Does it do the same thing for Edge or chrome?

i don't think so because its occurring only on firefox

Are you on windows? I recall something similar happening to me when one of the windows lockscreen photos had clickable text on it, the next time id open a browser it would default to msn

yeah, Im on windows

What's your home page setting on firefox?

firefox home(default)

google search engine

is there any weird windows "Spotlight" text when you lock your PC?

What software have you installed recently? If any?

hey guys can you delete the token from another account i have please ?

better contact support about it

how ?

not that

No, this is a discord issue

You need to wait for a moderator to be online

okay thanks

tried no luck

bro i SWEAR

this whole damn time i was using the wrong vm and none of my commands was working.

nope, i did not installed any sus softwares as far as i know maybe a software called eye saver is my last installed software but i used it before it never happened , iam not sure whats the cause

https://www.eye-saver.net/
This?

or just get blue light glasses

Spotlights default with Windows. A few months ago, I had something similar: the photo windows displayed on my lock screen had one of the Chinese alphabets on one of the photos, which caused my homepages on Firefox to default to MSN and change the location and language to somewhere in China.

Once I removed windows spotlight from changing those pictures I no longer had the issue

monitor settings:

why does Eye Saver look more like a malware than a protection software for eyes 😄

i mean malware can look like anything

Not sure about the authenticity of the software, might be the case its installed some adware that caused it - or its something complete different. Either way, I'd recommend https://justgetflux.com/ - its the goto

why is that an app, doesnt windows come with night light or something

night light turns your screen like red

orange almost

looks stupid

its adjustable

still orange looking tho

Flux gives you a lot more flexibility over the in-built setting

I use the night light option for windows and I'm pretty happy with it

thats what RGB without B looks like

guys i need help, ive tried setting up openvpn but its not working. ive downloaded the config file and imported it, but i get this error:

Can you switch servers and regenerate the certificate?

I'm in love with your purple colour name 😍

purple is nice

my keyboard is purple on phone

#site-support please.

thanks lol

Gave +1 Rep to @warm bear (current: #731 - 5)

Heppy fluff

Is nice fluff

A fluffy fluff is a fluffy fluff.

A rose is a rose is a rose is a rose

https://tenor.com/view/fluffy-hug-hugging-pounce-panda-gif-5553499

Attack!

A heppy fluff is a nice fluff - Fluff

what pizza did you get 👀

Nice!

there's this chain in my country called La Pinoz and they have a 7 cheese pizza

it's just pure bliss

what the hell is wrong with my windows...

I'm watching a youtube video on chrome...I hit the windows button to see what apps are open, I hit it again, and it just changes to another app that's open...

hey scrubz did darek leave the server?

i have a question and i was gonna ping him but hes not there

Looks like it.

hm well i have him as a friend but idk if i should dm him

¯_(ツ)_/¯

i dont think that would be dareks chase

case

he prolly got a new job and doesnt have time

Not the first time they've left the server.

⛈️ rainy day today here

@sick lance See my ping last night?

No, I did not.

https://youtu.be/7inhRWxQMFk?si=CDZsCFdMP-bhFEAP
Thought this vid will be up your alley

Bought?

I get them from free /s

If you're doing RE, or creating an AV to look at behavior of viruses, ransomware, etc. $500 is cheap

IMO

They're the best kind!

heelo
guys i need some help
i cant connect tryhackme machine
beacuase openvpn doestn work
2024-06-30 11:43:17 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2024-06-30 11:43:17 Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2024-06-30 11:43:17 Note: '--allow-compression' is not set to 'no', disabling data channel offload.
2024-06-30 11:43:17 OpenVPN 2.6.9 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]
2024-06-30 11:43:17 library versions: OpenSSL 3.2.2-dev , LZO 2.10
2024-06-30 11:43:17 DCO version: N/A
2024-06-30 11:43:17 OpenSSL: error:0480006C:PEM routines::no start line:Expecting: CERTIFICATE
2024-06-30 11:43:17 OpenSSL: error:0A080009:SSL routines::PEM lib:
2024-06-30 11:43:17 Cannot load inline certificate file
2024-06-30 11:43:17 Exiting due to fatal error
some1 help me plssss

#site-support

😄

thanks

@shell nova u around by any chance?

Welcome!

Anyone knows if you can undo a correct answer?

Reset the room

but why

Birb, your brain still fried mush?

no, i pwned it finally

and got alternative root in #1256308408743628850

hey

hi

Good job!

faaaanks

Yo

sooooooo

shoiuld I have sushi for dinner?

👀

YAWN

that's a good Sunday thingi sn't it

To celebrate, yes!

exactly!

I apologize

https://tenor.com/view/about-what-abraham-quintanilla-selena-the-series-dulce-amor-whats-it-about-gif-21073026

#site-support

And YOU call me IE

I'm on MWIII

Or was.

https://tenor.com/view/sure-if-you-say-so-whatever-sassy-gif-16833750252917735958

Internet Explorer?

Yep, Scrubz calls me IE because I'm slow to respond

How the turn tables have... turned

What do you use IE for?

I don;t

To Install Firefox

It's a joke, since IE is slow

😂

https://tenor.com/view/confused-confusing-noidea-cat-gif-14787244675382286846

IE bad

Use the given pcap file.

Write a single rule to detect "all TCP port 80 traffic" packets in the given pcap file.

What is the number of detected packets?

Note: You must answer this question correctly before answering the rest of the questions in this task.
Cant get the right answer even if im sure i have the right answer, anyone can help?

Please don't post across mutliple channels, if you need THM help, please use the help channels.

?

Someone pinged me

Or I thought

kawaii

Waiting on food while having the biggest tiredness

Been laying in my bed ever since I came home at 8 am

to much of wotrk ?

rave

oh...

hey everyone

ello ello

yeahhhhh, it was fun 😄

whole weekend or just one night?

I just found out that disabling Kerberos pre-authentication for an AD user account makes it vulnerable to ASREProasting attack 😆
I mean who would disable Kerberos pre-autentication in the real world?
It's a suicide move

one night

@sand trench

got some OG Kristal and Truffle Gouda

do better

Shut

hhhhhhh

don't be mad

thank you

Gave +1 Rep to @boreal scarab (current: #30 - 276)

Better?

i don't think so

is that burrito 👀

omlette? 👀

nah

it's a technique

for melting cheese

https://tenor.com/view/buzz-lightyear-no-sign-of-intelligent-life-dumb-toy-story-gif-11489315

https://tenor.com/view/shrug-gif-25269231

cheese 👀

can't make it out from the picture you sent!

Boi

damn it he won

@boreal scarab congrats

What'd I win?

cheese fight

https://tenor.com/view/vote-cheeseday22-gouda-national-cheese-day-i-love-cheese-gif-25774008

https://tenor.com/view/steve-blackman-al-snow-wwf-cheese-head-cheese-gif-23932059

https://tenor.com/view/адіядорофеєва-попгрупа-smacked-hit-burst-gif-14779459

This channel is extra cheesy now

nah... 🙂

Leiurus quinquestriatus

scorpion, deathstalker

https://tenor.com/view/licking-failarmy-taste-it-yummy-delicious-gif-10486140191804653605

hey you all

good day

You have a good day too!

Looks like southgate getting fired after this game 😄

Cat.

Somehow England are still in

tone indicator?

Hm?

nah its a joke

Lol

cuz theres some pple that do like "/s" and stuff

btu nvrmind

@boreal scarab 3 ship's on the wall...

what do you intend to concatenate?

yeah exactly

i need a tone indicator

bigoof

https://tenor.com/view/pog-fish-pogging-currently-gif-2252544987340524926

does metasploit have web scanning

and like web vulns?

or JUST windows

that thing having a seizure?

It’s coming home 🏴󠁧󠁢󠁥󠁮󠁧󠁿

@gray sonnet can i dm you rq?

The first goal for england was just 🤌

sure thing

aight i did

heres the plan, i create a bad software and you guys gather all the CVE's

This gives me an idea

That sounds dangerous...

I may get fired for backdoors

But let's see how it goes

only if you're caught.

Exactly

For legal reasons, this is a joke.

IS IT THOUGHHH

It’s coming home, it’s coming home

Lol

yeah, its a joke 😉

How many rooms do i have to solve to get in the top 1%

Top 1% is based on points not rooms

Not all rooms give points

So how many points?

32143

I think Intro to Cross-site Scripting needs a bit of updating if I'm not wrong, the last challenge being Practical Example (Blind XSS), there's the written theory with pictures referring to </textarea>test but I did not see textarea anywhere in the code, the ID of the tickets that we create in the Support Tickets tab are wrapped in <td>test</td> tags

correct me if I'm wrong, the blind XSS payload still executes, though

#room-bugs if you think it's a bug 🙂

danke

bitte

Damn

That's just if the discord stat is correct, and not rate limited.

Of 3214315 users, (my bet it will be slightly behind).

Oh ok

Is anyone here an employed pen tester?

I do have pens at work

And i click them a lot

Same 😿 thats the closest iv ever gotten to being a pen tester 🎃

that's users, not points

And that number doesn't include users who are ellegible for the leaderboard

But you'd need points to but yourself in that bracket, rough guess without knowing the total users since it's no longer displayed.

I hate clicky tops, I prefer lids.

I used to get shouted at because I'd use a sharpie (the thin nib) to write out all my documents.

What I'm saying is they're asking for how many points they need to get, but you replied with the amount of users that they need to get above to be in the bracket 😄

Same difference 😄

No. You bad at math

Maths was on point, it was English that failed me.

I was shocked when you said 30k ahaha

English do be failing people all the time

I've 26,000 and I'm top 1%
Doesn't give you an exact number but it's something to aim for

Rank 7179 so if we assume you need to be top 20,000, I'd say level 12 minimum

How much time does it take to reach 1%?

Impossible to say

Difficulty is subjective so it's hard to know how long on average it will take everyone to complete challenges

No u

No u!

Used to, not for long though

If you have a specific question, just ask

2 years for my college's in-house security team

Hi Jay 👋

Mon' Georgia!

not too long after i left apparently, lol

Hey Verum 👋

rustscan has a link to the Fedora/CentOS copr under community distributions
have you spoken to that guy at all? I've been curious why he packaged it for the copr only and never pushed it to Fedora + EPEL proper

hola

How're you doing today?

🪱

yes or no

It's officially July here, and uni starts in a month

bouta go grab a handful of advil & tylenol and a jug of black coffee -- i feel dead for some reason lol

sick?

love is a construct

nah probably just my absolutely fucked sleep schedule if i had to guess, i'll probably be gtg in an hour or three

hope its an hour 🤞

search -f [file_name] taking so long... is it normal or its stuck? Even after pressing keys, I'm getting no response

Please don't promote here, especially drop shipping

it's alex

its me

whats up kid

long time no s

ee

nothin much hbu?

yeah

i thnik the sae

u learned some new ?

and btw do you like the boxx effect

plasma 6.1

Can i dm u?

Can i dm u too?

you can ask anything here 😄

yes

i instaled arch (btw)

yes a loit

btw if we can vc later that would be col

hell nah

ubuntu ftw

i love that purple kernel

I'd prefer you asked here

i just wnated plasma

the theme is also crazy

yo it's jayy

wait whos jay

can metasploit be used for web scanning?

or only windows related stuff

bro metasploit

is bigger than you thinkn

sure

So how did u get hired into a pen tester post? Like how did u apply for your job?

Bruh my role shows I'm 0x1 but I'm level like 3 now on thm😭

Unless there is no 0x2 and 0x3 etc roles

there is

i think you need to update

just reverify with the bot

it usually reverifies every 24 hours, but if you're in a hurry you can just reverify yourself

Alright

U know u can run it pretty much anywhere, right?

Are y sure

I got it through networking here, got offered an internship and from that, a job offer

Damn, who should i contact to get an internship 😿

Congratulations

Thanks 😊

you're working full time now jay?

Not at the moment

ah, got it

You could try asking around in the #cyber-and-careers

Man u guys have it all set, i feel like a moron tbh 😿

Giving your general location (as in country) and a bit of background would help

Oh thats great thx bro

Nah, I feel you - it's hard, but if you be persistent and you're genuinely passionate about the field, things will work out I'm sure

anyone here with OSINT knoledge?

i got a peculiar situation

Just ask your question

lol

Thx a lot bro 😭

Gave +1 Rep to @shut hawk (current: #14 - 539)

someone in my school made an account to talk trash about everyone, but they dont say who they are

i cant strip the metadata right?

like theres nothing i can do

i think its my friend though

my distaste for anything canonical grows year after year

XoXo Gossip Girl

lmfao

yeah they are so inmature

but i wana spook them at least

stop

There's bothin you can do, correct.

Nothing

yeah i figured

guess i can see who they followed and kinda logic my way out

or, speak to them in an alt and see how they speak

Bothin

Bothin

There’s bothin you can do fluffme

Of course bothin is on urban dict

Sounds like something that would have urban dict entry

Welcome to freedom of speech

im going to find who they are

then do nothing with that info

il keep you guys updated

Please do not bring drama into the Discord server 🙂

We want to keep this a safe and professional information security environment:)

aight

fair enough

Nah i wanna hear more 😂

dm me

if thats allowed

Sure 😂

Is it possible to “upgrade” an old laptop to support NTFS?

What do you mean? NTFS was introduced in 1993 and has more to do with the operating system than the hardware.

Well my old laptop doesnt want anything to do with NTFS

Doesnt show NTFS drives on anything and wont load windows

From when is the laptop?

2013

Are you trying to use UEFI instead of a legacy BIOS?

Yes

It should come with the win os by default.

Yes but i reinstalled it on an SSD using my PC because the HDD failed

So, that's not NTFS. You need to do some research/diagnose that issue.

Both legacy and UEFI can use NTFS

Hm ok

Thank you both

What do you mean by "wont load"

Its a filesystem . Honestly, idk if it could be deleted/reinstalled etc. .

White pixels flash on screen for a couple seconds then i get “Windows failed to load”

In my little logic if the os can boot the file system is inbound the os. Except there is a way to erase it but idk it.

Wait, are you trying to insert a new drive without the old drive in there and expecting a boot? Or is this a fresh install where you're using the Windows ISO you got from Microsoft's installer tool? @gritty fern, sorry it didn't reply

it's not the best tool for that. There are far better web scanners available, use them instead.

@gritty fern can agree with. Yea, there a lot of variables. Ssd manufacturer, you just immigrate the old one cuz most you need another program especially for the current ssd and so on...

no sorry i don’t talk to distributors 😦

i stay away from the package management people tbh

too complicated for me to get involved with

@blazing granite WINERY!

With wine pairing

I got it to work, for some reason there was two WBMs on my SSD and the one i was booting was corrupted or similar

https://tenor.com/view/not-rickroll-spanish-inquisition-gif-24674060

Jfc. @blazing granite large group, loud AF for no reason, they are causing all of the noise and they speak louder and louder because of the noise... no courtesy what so ever

I wanna slap all of them REALLY hard

Any of yall know how to fix a “ this program or feature, cannot start or run due to incompatibility with 64 bit versions of windows”?

Tryna see if WOW is any fun

Are you using the 32bit version?

Yes but its on a disc so i cant just upgrade

oh well. i was considering pushing it up to the actual fedora repos but they guy didn't answer when i asked why he didn't himself ,-,

rude 🙄

can u just do it anyway or does he own it :/

ngl fedora (+ derivs) is pretty easy --- i ventured into deb briefly and holy fuck does deb make things so much more involved. noped outa that real quick

last time i touched package management home brew made me deploy a server in CI with some ports open to scan to prove the code works and now their CI takes a lot longer to run lol

more of a not wanting to step on toes so i wanted to give him time to do it first, but if i don't hear anything i might poach his specfile and do it myself lol

WOW has a trial that you can get from Battle.net

i support that!!

weird...... never tried to package for brew but the homebrew team came in and packaged sherlock for us,and it looked pretty easy. but then i investigated myself and it seemed not as fun

i think some of their approves are idiots who demand u do incredibly stupid stuff to appease them and others are normal

the guy that did our package was actually pretty great to deal with. we didn't even know he was doing it until a thread popped up talking about whether or not we want to officially support packaging, and the chimed in like hey we've already got one almost ready for y'all already

he was damn quick too. as soon as i pushed our package to pypi they started using that package for theirs

there’s a uni student named Harens who is cracked at packaging

@molten sky Dude, you been out driving?

..not today, no..why??

https://uk.linkedin.com/in/harensamarasinghe

i beg him to do all my packaging now hahahaha

oh hey another macports guy

I'll DM ya

may be because i don't do mac but i don't see many packagers for that anymore

i think brew is stupdi

stupid

lol i kinda agree

last i checked they have every package manifest installed on ur PC just in case u want to download it

and every time u install something it force updates everything else

i downloaded brew just out of curiousity to see if their package worked, and then immediately removed it

Oh cool!

@boreal gull pinged the guy one last time but this time in the public channel

wooooo

🎉

btw, we got ourselves the Sponsored OSS badge for our dockerhub images and it was actually pretty damn easy -- it marks your image as trusted content and moves you to the top of the list

pretty short application and makes ya look more "official"

That sucks, you go there to have a good time, and enjoy and that happens

@blazing granite I just wanna do this

Ugh

(Not really, just how I feel)

Like OMFG... shut the fuck up

stuff in EPEL really only gets there because a customer wants to pay red hat $$$$ to support it - otherwise, it remains a community project. That said, many of the tools that RH employees use are fedora + copr

Matt. You know better. No violent GIFs please.

I'm going to be honest, I did not know that. Sorry 😅

ok

can anyone decode an heavly obfuscated js for me

What's it from and what's it for?

lemme hit u up

anyone can maintain epel branches tho even if redhat maintains a bunch themselves
believe it or not just a quick fedpkg request-branch and then maybe a package review

check dms

I did not say you could DM me. The conversation can remain here.

epel is just annoying for some tools cause not all dependencies might be there
so you’d be in a chain of packaging your dependencies and their dependencies etc

ok so i wanna ruin they webhook

he made a weird thing and sent me it

now i wanna decode it

You want to ruin someone's webhook because they sent you weird stuff?

bro he got my info wym

We don't assist with vigilantism

@woeful lily please do not spam across multiple channels. If you think you have been hacked, please contact your local authorities for advice

Good Night, THM 💤

goodnight, mate :)

If you're US based, you can report it to the Crime Complaint Centre (ic3.gov), also check the us-cert.gov

check the cisa website. cybercrime complaint pdf file, they have resources for that.
cisa.gov

authorities what they gon do

bruh

Give you advice

them boys from turkey

open an investigative case, use their better resources, and shut down x or y operation taken by the bad actor(s)

uh what

like which?

@high mulch if you suggest illegal actions again you will be permanently removed

My apologies, didn't give any details, nor disclosed anything new, was just in the heat of the moment.

https://github.com/psiinon/open-source-web-scanners there are many to choose from.

Gave +1 Rep to @lament mantle (current: #281 - 18)

thanks

mind if i add you as a friend?

@blazing granite apparently their birthday... congrats, but celebrate somewhere else or shut it. You don't need to be screaming at the top of your lungs, then scream louder over the other girls in your group screaming because you're screaming... it's like a while loop

While screaming
Scream louder
End while

That end while has never come

yep, annoying af

Oh, also having ox tail for the first time

isn't EPEL the public version of the actual red hat subscription repos? and now that i think about it, I think EPEL naming was discontinued in favor of errata to reduce this exact confusion? I think i remember seeing something about that before i left

I thought EPEL was things that aren't in RHEL?

Hence, Extra Packages for Enterprise Linux

^

extra pkgs for enterprise linux

Unless, that's what it currently is and it was something different before

rhel repo is tightly curated but epel is more free

stuff that isnt frequently used enough for them to consider adding to the main

did you like it?

Oh yah, mainly bone though which kinda sucks

@crude stump what distro do you use

im considering switching back

i saw the darkness in installing packages without apt-get

Good ole Kali

can i see ure setup

I mean it’s the default

All the basic software and stuff

which one

installer, right?

Yeah

wait theres custom ones too?

Custom Kali machines?

custom images

whats the dif between kali purple and kali normal

additional tools

plus the theme is great

il go for purple then

i think kali

is for skids

so this one?

maybe try something you don't look a hacker using it

it's like a ninja showing off his identity

i think soo

or... its just the easiest way to hack since it has the tools pre-built

i think soo

choose what you makes it easier for you then

wait does kali purple have all the tools kali blue has?

yup and plus i think

woooohooooo

just finished this years season of doctor who

shadow

do you know if kali purple has all the tools kali blue has?

¯_(ツ)_/¯

Contact the authorities.

We cannot assist you with illegal activities/vigilantism.

@clear jackal do you know if kali purple has all the tools normal kali has?

sry to interrupt btw

Blackmail is illegal

report to the authorities

law enforcement, parents, etc

you absolutely can

if this person is doing illegal things, it is better for everyone that the authorities do the investigation

You can see the differences by reading the documentation or watching a few videos on YouTube. Purple is different in multiple ways, not just the tools.

yeah i just saw

wiat

because vigilante stuff can easily contaminate a case and make it actually impossible to get a conviction

its only dif by tools right?

what else is different