#general

if a company bought a civic for a worker its gotta be some type of money laundering business not a fucking chem lab lmfaoo

for attack vm for hacking: kali linux
for easy to use linux install for general useage: linux mint
for full power linux that can basically do everything: endeavour os

kali linux WWWW

did u analyse novichok in a lab

well it sounds cool. but that ride is escorted with police and other ppl with no sense of hummor

Would try both lets see what I fits me best

+rep @sand trench

Gave +1 Rep to @sand trench (current: #4 - 1809)

cant tell nothng i do and so

so that kind of questions is even not need to ask

ok

will I be targeted for asking u

well hope you don't lol

what is your favourite chemical reaction with things like magnesium or gallium???

😂

lol good

u seen rainbowish fire

magnesium is cool in general. galium i dond do much

when adding different chemicals

but making smoking and flash flares is cool

Ight bruh chill out

galium plus aliminium is cool

oh yea

spagetiii

it makes the aliminium act like wet cardboard

What’s bb

Oh breaking bad

meth is just dumb shit in general

make poprocks in the lab instead

^ the candy

also we don't allow talk of drugs here so please refrain

we extract clear form of coffeeine. and damn it hits hard lol

but discussing quicksilver/mercury is fine as we have our favourite moderator that is named after it

be careful to not inhale to much of that

Just don't breathe it in

oh yea HG is bad bad to ihale...

ON OSIRIS:
SPOILER ALERT!
I've substituted the old masterkey with the new one, then when i go and use it to decrypt the blobs around:

||C:\windows\temp\CQDPAPIBlobDecrypter.exe --master=9F9C0C578D5546FD08834375F1443E5B55400BF93EEA53CCE3BECA8690BBEFCD547B4EAA8E9B092D3D5C8D37842EFB46D874AB9A2EA852B0966EBA9AA8B20298 --entropy=DE135B5F18A34670B2572429698898E6 --blobfile=C:\Users\chajoh\AppData\Roaming\Microsoft\Protect\S-1-5-21-555431066-3599073733-176599750-1125\BK-WINDCORP --outfile=C:\windows\temp\BK-WINDCORP.txt --golden=C:\windows\temp\DKM.pfx||

There's something wrong with provided masterkey, try again!
CAN somebody give me a hint about it? please?? these CQDPAPI* tools are getting me crazy xD
why this output:
There's something wrong with provided masterkey, try again!
it doesn't seem to me that there is something wrong with it...

study, learn, ask questions... dont get in any legal trouble at any point or anything

nop

Let's keep room help to the appropriate channels please

bro is a multi tool

• 9999 rep man

I have a joke

well shadow used to work with programming cash registers

we do have cyber internal team and airgaped servers. also hdd/usb that is only maked for us. and when we use them they need to be in one place all the time. if some is missing it is no fun

and before that had a bit of learning electrician things and before that had a few bits of learning to be a medicinal tech person

Do you know who's lab is that?

Bromine

sad

fucking loser

ik what bromine is... not sure what you ask exactly

stupid little fucking loser

hey be nice

bromine == scary chemical

:mute: cartiisnthere#0 has been muted.

sorry

this is your first warning

holy meeps a slur word usage

well most of this was unpaid internships... the electrician part was part of shadows gymnasium years

tbh from all work i focus in nature dangerous thibngs that can be used to make cure. like poison plants, animals and so on

https://tenor.com/view/keanu-reeves-eexcellent-party-nudes-gif-9315456

I recommend read the #rules or else your time here will be very short

Bro is NOT sorry 😂

well yeah for school stuff to learn things here... hence unpaid internship... it is normal

and required 15 weeks of said internship for shadow to pass the exam in gymnasium years

so you are reverse engineer but chemical

right

well you are here, try THM

kinda

thm

None of them strong fundementales.

one of best "jokes" for us... You must wear glows while work in lab
the machine:

hehe

wee woo wee woo

still if you work around equipment that makes x-rays please use protection or stay out of the rays range

the google cyber cert is pretty basic, you can get the same info on THM only advantage is the discount on the Security+

are u allowed to share it tho

learnt the hard way what over exposure to x-rays can do to people from hearing horror stories from poorly managed hospitals

indeed. but that kind of machines even can't be power on until closed and so. but you are right

hence why its only useful if you need a discount on security+

it is common machine for PSD

ahh well

well there isn't do X then Y to learn how to hack for some it is Do Y and learn X and Z and for some is do H learn B and do A and you need to find what suits you best

or you can read up what happened to old mr and mrs röntgen

if you wanna learn why x-rays are dangerous

i.e what happened to the inventors/discoverers of x-rays

how much discount

pre-security is a good start

Man’s life isn’t completly isolated

lot's of accident in history did go wrong while ion radiation... sad indeed... but at last we did learn a lot from them

#general message

If you want shadows recommendations it is in this order
#pre-security-legacy-path 
#974406074444685322 
#junior-pentester-path 
#878393611929129000 (optional)
#pentest-plus-path (optional)
#web-fundamentals-path 
#soc-level-1-path 
#soc-level-2-path
#security-engineer-path
#devsecops-path
#offensive-pentesting-path 
#red-teaming-path 
#791764435991658556

@topaz stumpif you want an exaple search for george hotz

example*

if avengers had a cyber team you will be there

asdasdasd

everyone read the rules

now

read the fucking rules

be nice mate

Gave +1 Rep to @sand trench (current: #4 - 1810)

i am

:hammer: cartiisnthere#0 has been banned.

ye

you sound very angry

google is owr best fren

Yes watch his stream and how he approaches to hacking

he doesn't stream any more but there is plenty or archieves of his streams

for someone who is starting out with the very basics, watching hacking videos aren't really the first step

https://roadmap.sh

^ can help a lot in teaching you what you need to learn

i think the best way to start

is doing

advent of cyber security

chrismas events on thm

very general

and beginer freindly

Those are not mainly hacking vidoes but would say infosec general I learnt many things from when starting out and if it worked for me not work for him after all it just suggestions for him with time he well figure the path for himself

yeah

Welcome to Razer!

Hey do u guys think tht in the future jobs as an programmer will get less or worse payment cause of ai

Im new to the IT stuff, I thoaght programming is a part of cyber sec?

nope

learn more new things if you wanna be safe from AI/LLM:s taking your job... worst case senario you are more knowledgeable and better at learning but lost your job.... best case senario you can get a higher paying job and have learnt a lot of useful skills

the hard thing is, I dont know what exactly to focus on cause there are so many important and "interesting" things, and I just dont know where to start

pic what you think sounds interesting and start there

I feel you. I’m torn because I really enjoy blue team but I wanna branch out to red teaming.

let your brains interest lead you

red teaming can be legal to right? doesnt have to be illegal, some companies pay to get attacked

We don't do illegal hacking here at all

red teaming and pentesting is generally always legal until you break contract or attack things not owned by the people that hired you for the job

ninja james can elaborate more

its super interesting and i like it but it just lacks clarity like the questions they ask are hard sometimes

i dont understand the terms at all

oh also heavily recommend taking notes in a note taking app or on paper

didnt help

why would i take notes from an explanation i dont understand

Thats why I askes view questions above, isnt it neccesary to know how to write code to do an attack ?

it is

https://open.spotify.com/track/3QRM0qZB7oMYavveH0iEqx?si=h_6ODutBR6-DtZnKuvsPJQ&context=spotify%3Aplaylist%3A5i68x8C2pFAIh5LkKkhO6e

in web hacking you can use coding to hack

nope a lot of tools already exist where you need no programming knowledge to use

you can code your own attacks

but in general you need to know how a website is built

or an app

if you ever want to hack it

jabba do you have that link ready for if programming is required for hacking ready???

yeah thats true

can't find it

but like

lets say

i want to make a phishing link

that takes coding right

...

phishtool == easy gen

what the hell is a SCADA attack?

theres a phishing making tool

??

what is that

An attack on a SCADA system

What are you gonna do with a phishing link?

its for an exam

at my school

:))

i love ur name

im just using it as example bro dw

Industrial stuff

front end == what the user sees on websites
back end == what the server is running and databases and stuff that the user does not see for websites

yes thats what i mean

ohh

front end and back end basically only makes sense for websites

but youre trying to get access to the back end right

as a hacker

not always

give an example when not

i have this Idea in my head, imagine u learned 2-3 year with a lot of focus many different prgrmming languages and can do a lot of stuff and out of a sudden a fckn ai comes out, where u can just ask, write me exactly the code to do xxx...

Front end would be the face of a website rite?

cross site scripting

yea like the ui etc prob

Where’s the fun in that though?

anyone here that has completed a bug bounty?

No thts terrible

companies dont care about fun

but everybody has access to the front end right

will not happen

You should be working to improve yourself.

yeah i agree

i know how to code

Thts the problem I think its terrible tht people who didnt learn 1min programming can do the same stuff u learned in 3 years thts demotivating af

yeah

I mean look. Ai picture generator can’t perfect hands well

yeah they always have some mistakes

some deformed face or sum

let shadow introduce you to F keys and numpad

They can’t though

A) ai is really bad a programming
B) the code has to exist for them to be able to get it
C) they don’t understand it and can’t maintain it
D) there’s a lot of tools out there already like sites that help you make websites

well yes and no...

If ai was really that advanced you would see people loosing there jobs left and right

So do u think it will be more like helping the programmers to get an easier time ?

and not replacing them

that is what it looks like to shadow currently yeah

Mhm

Right know its not the case but for someone like me who cant assess the situation, it could be different in 3 years

i just dnt knoiw

I mean idk how accurate is but ai can also be used for debugging. Pointing out where something went wrong

He got a victory royal

It’s a discord quest

Idk if you can still get it

Anybody got headphone recommendations?

logitech g pro x

https://discord.com/quests/1252352602092339400

Denon AH-D7200

Kind of a broad ask, what are your restrictions and usecases

Beyerdynamic DT 990 PRO are good too I've heard but they are 300 ohms so you need an external sound card that can drive them

Im a Fortnite Tryhard AMA

xD

headphone or headset???
wired or wireless??
frequency range???
power level???
frequency curve?? i.e bass or trebble heavy or more balanced

I think you can get the DT 770 in an 80 Ohms edition that regular devices can power

sennheiser????

Why does this do this

Bluetooth headphones

?

You see the space

what space

thoughts on sennheiser headphones???

Bro

hahahahhaa nope

expensive and bad

Yeah they work great

cap

ayyy same

Never had issues driving them

aiming to start universty this fall

Sennheiser is medium, but expensnive

I like how you can get parts for them too, starting to wear out the headband after like 4 years

nice

Thts no hate but is it possible tht discord is the palast of nerds ?

I've been using Denon AH-7200's with an Objective2+ODAC soundcard for years now for both music listening and gaming.. absolute banger combination

the clarity

Hii

I just put speakers in my kitchen

If you haven't, highly recommend

10284 d

lol

i use airpods

thats bout it

my demands for audio quality would make that too expensive

I've been meaning to

kekw

Wowy. Among hardware enthusiasts.

shadow loves their mid range sennheiser headphones

they're fine

https://tenor.com/view/chill-deadpool-gif-11858180377241607198

yeah

they're fine, but if you look at something like B&W in the same price range, you'll be blown away 😄

paid around 100 usd and got something equal to sennheiser hd600

1000% recommend, I just got some cheap bookshelves and a class D ran off a cheap DAC. Really impressed.

Makes doing dishes so much less pain

Eh just any type

Wanna try out new types

Yeah, there's a little Bose portable that I like. Will probably just get that

I get the choice in my kitchen between a dishwasher and a dryer, so I'm choosing a dryer

yeah... after having worked a year and being on sick leave because of mental health issue and after having to study up to get basic uni reqs

This

It sounds pretty good and battery lasts a long time

Now i know where the moneybunny is 😂

6,6

‘

1888 mm

I think he is on the rocks again

they grow em taller in northern europe

we gotta be taller to get more sunlight

💀

Matter a fact

sad jellyfish strikes again

197cm

moose is tall of course

I'm not from euro though

Reggae? 🤔

Oh okay I guess I see it

https://tenor.com/view/spongebob-squarepants-spongebob-sandy-cheeks-photosynthesis-gif-4526738

Would say ...thats the question about the sunlight deficite. No photosynthesis

They can't grow in the north

elaborate

According to my calculations

can be corporate websites and behind login screens and things

so there is a way to make sure nobody can play with the front end

dev sec ops

?

and regular maintance

Guys how do you think you should split your time between ctfs and finishing rooms? I was thinking of finishing the red teaming path and spamming ctf and when I feel like I need more knowledge on something do rooms/ courses on that specific subject

Do you think it's a good strategy?

Because I also wanted to do the cpts from htb

do what you feel like but try and not over do it so you burn out

lmao, my old car is for sale

do you still own it or did you sell it??

I sold it back in feb

but the new owner just put it on sale

Ahhh, always nice to have off July 4th

https://tenor.com/view/usa-4th-of-july-funny-4th-of-july-4th-of-july-weekend-happy-fourth-of-july-gif-22212186

Exams are almost done

Please goddamn finish it already

So i can get back to cyber security

@sand trench any rules for drinking on a weekday with tomorrow no work?

part of the rooms on it is yes... so it is on all paths.... but definitely worth to do only the free rooms if you can't afford a subscription

Yeah but do you think it's a good strategy?

sure the variation will be nice... also do ctfs on hackthebox instead of tryhackme if you find some that sound interesting

not that shadow has heard off

Thx

Gave +1 Rep to @sand trench (current: #4 - 1811)

https://tenor.com/view/fill-a-glass-and-down-some-mead-diggy-diggy-hole-the-hobbit-dwarf-dwarves-gif-13883593916056960135

@mossy river you up for a quick giveaway of vouchers??? have 5 new 1 month vouchers to give away

I would like to add 1 more too

nice heap

I think people need more than i do

if you have a long weekend, learn some linux https://www.humblebundle.com/books/linux-for-seasoned-admins-oreilly-books

there is a button in #community-announcements if there are an active one

It'll probably be in #community-announcements once Jabba gets in touch

i.e they use the tryhackme bot to handle giveaways

hence why need to contact admin or moderators

@boreal scarab my old blue honda civic is on sale again

guess the current owner got tired of it or something

Why do you have those

The one that was wrecked?

well not spent any money on tryhackme for a while so had some extra saved up and decided to give back to community

Interesting

Do I go mead or beer? Shadow, Bella, whatcha think?

Beer

Need some scandanavian input

Come on, is that a question?

yuups

Which i am

no, the pretty one

Which part?

🍀 beer is for the winners

mead is the more scandinavian alcoholic beverage but bear or ale works too

it needs to go through inspection next month and he hasn't fixed anything on it

hahahahaa

Yes

Actually nvm I though central europe was still in the definition

this beauty

Sweden, Denmark, Norway

What I'm having rn

finland and iceland as well

not finland as finland is apparently not part of scandinavia for those interested

Buy it back!

under nordic countries sure under scandinavia nope

hmmmm

Pineapple frappe?

it's not that pretty anymore

Wtf did the owner do to it?!

some of it was from when I owned it as well

drove it in the winter

Civic is such a W car

Pina colada

so a good like 3000 USD in rust on it, ABS, some exhaust and support arm needs to be fixed before end august

No alcohol?

bro is majestic

Rum

she really was

Welp, goodbye 10 grand

yeahhhhh

Mmm

some cleaning and some modification

a beast maybe

?

I have to wait for weekend

😭

Shouldve bought something stronger, this is so sweet

she was a burnout master

ooooh shadows orden ogan cd arrives tomorrow

YAY

now figure out where in sweden shadow lives based on the package travel time from germany to sweden

I thought that said "ordered organs" for a sec

sweden maybe

Somewhere in Sweden?

You stole my joke :<

https://tenor.com/view/shocked-surprised-gasp-what-cat-shock-gif-635629308990545194

no you did 🙂

well shadow would not advertise their black market buying and selling of organs

I'd never do that

whats a creator-lounge role ?

access to channel for help in building and submitting rooms to tryhackme

For people who try to make rooms

aw

i had the idea to create a room once about encryption

dammit, not fast enough

Whoopsie

can i make it true

Yes but queue is a bit long

heyy guyssss

you did it again lol

M2J2+FJW Gothenburg, Sweden

bro really used osint in real life

(Its not even close)

Gave +1 Rep to @chilly veldt (current: #7 - 851)

you can thank me for trying

Gave +1 Rep to @topaz stump (current: #2119 - 1)

but still didn't have the chanse

to compete over the verify

you made my day

https://tenor.com/view/gato-pato-cuticuti-lucas-cini-lobotomia-gif-3686397967126460950

Fire

WATER

Earth
Wind

https://tenor.com/view/fire-anime-last-airbender-aang-avatar-state-gif-14658802

joker

batman

🤣

Caught me off-guard that, realised it's because it's connected to a router upstairs which is acting as an extender

Pixel phone makes it funnier

wait 192.168.0???

Exactly haha

Our subnet's .0 instead of .1

also yeah phone connected to ethernet is unusual

It seems to be quite common in the uk, do you not use .0?

I saw at a few places

(Not in the UK)

well nope

huh

most people use .1

shadows home network is setup weird hence it is .50

You can configure it, no?

yeah

interesting, most of the networks I'm familiar with, at least in the homes is .0, some firmware defaults to .1 but for instance I'm using .0

shadows dad set it to .50 for some reason

I might have a weird setup myself soon, we've a virgin media router which will be getting fiber soon and I'd usually have it in modem mode but I doubt the R8000 firewall will be fast enough for gigabit

anyone experienced with xdbg debugger i have problem with ui

What problem

So I'm thinking, if I put it in modem mode without setting it as such (disabling everything I can except firewall) then the virgin media router can do the firewall stuff because it's rated for gigabit fiber and then I can go to gigabit on the other routers (which act as access points and one as a dhcp) without a firewall on them

in table at bottom i have columns 1)address,2)value,3)ascii,4)comments instead of value i want hex column representation do you know how to change it

Hola

@devout palm mind if i dm you a question?

Sure go ahead

hey ive always wanted to ask this question when you are doing a CTF and you scan ports
for example if you see http port open that means that the machine is hosting a webserver over port 80

You mean the dump section?

done

Commonly yes, but it can be configured to do something else

yeap correct

Isn't there Hex section by default

it was when first downloaded but i did somehow something and it changed and I want to revert it back but I don't know how?

It doesn't need to be on port 80.

It can be on any. 80 is usually default and common for http

when i clicked on edit columns on dumb i dont found any hex column unfortunately or value and the rest that i have already mentioned

You can maybe try restoring the layout to default, don't know about that

Add to this, default is 22 for SSH, but you can change that to any aswell

If you scan ports, you're looking at the port not the service.
Nmap then (with the right settings) probes the port to find out what service is there.
You don't see an HTTP port open. You see 80/tcp open and it's running HTTP

The OSI model is really helpful here, ports are layer 4

Is coding skills needed for cyber?

'depends'

some jobs coding is useful, other jobs you'll never see code

hmm okay

so the host is just running an http service not hosting it ?

I know someone that has some python and uses it a bit forget which role

probably not I don't think, nothing serious anyway

Same thing.

did u create a room on thm ?

Many.

Python is used for exploit development for example. And for scripting too.

Worst would be is a client side xss but I feel like you'd have to exploit another vulnerability and find a way to override the date class, as far as I can think.
There's be a lot of ifs to attacking that sort of thing and the success/usability of it would be quite low if possible

Python is a pretty useful language to know

or typescript 😎

ty

nah, Date is a class built into js, it's running it all on the client

You can change the response but changing the request won't do anything to that footer

No. No user input.

It's all good, you'll gain an eye on what may/may not work as you learn

is there any tuto i got a great idea but i lost how to

Learn how to build and harden VMs first IMO

imo cyber security is like programming in that you learn the how but you develop a mindset as you gain experience and that mindset will help you learn how to approach things better and not fall into said rabbitholes 🙂

yeah, I mean it can be useful if you're spoofing a response to an application (if you're testing security of an application) but as far as web-testing goes, editing the response generally isn't that useful unless the response is used in something else

It can also be helpful if you're trying to understand what sort of data the client is receiving to help enumerate a system as well I guess, if it's like an API request or something

There's definitely reasons to do it but they tend to be part of a bigger picture rather than an exploit on its own

You can absolutely have an xss vulnerability that's used outside a CTF but in terms of responsible disclosure, they don't usually rank that high iirc as they usually require some sort of human error to actually run

How do you learn a coding language?

usually u need another vulnerability to fully exploit xss

Gave +1 Rep to @finite basalt (current: #97 - 68)

Like someone would have to click a link or something that used xss to embed a payload in the website or something like that, xss on its own isn't usually that big a problem, it's more things like stored XSS (or if an organisation is looking for it, reflected/DOM XSS)

take the tour to get afeel for the language, than just start practicing; google was all i needed. rust is harder lagnuage but a bit easier to learn bc the docs are always so good

*usually good

*almost always good

there are many different types of xss

some are useless and some arent

What do you mean by google?

not always, some platforms will detect a successfull xss and actually give a flag from it, it all depends

Sorry im trying to learn something new so if i ask too many questions sorry..

there are some good sites out there to learn coding, depends what language you wanna learn

if you take the tour then you already know a little bit about the language...after that, whenever ur run into a problem, u can just keep searching until u find the correct answer

learnpython.org is good for Python

np! keep asking!

What coding language should i learn?

what do you want to do with the coding language?

I want to start with python then lua

then why not do that?

well then there is your answer

Here is a list from Bella: #programming message

exercism is also a fun way to learn a language

its worth to mention that there are different ways of learning. as previousuly mentioned some people like comprehensive resources like books or bite-sized lessons like blogs or youtube videos. i prefer the hacky method of just doing and learning along the way with very little prior knowledge

I have this haha

:° ┬─┬ノ( º _ ºノ)

I read exorcism 😂

Anyone doing av evasion shell code room?

Bro I've been installing the Kali software into the VB and holy shit I've been here for 1 hour man dammnm

that sounds like an excessive amount of time

there are #room-help and #room-hints if you need assistance

Yea I downloaded it before and it took me 20 min

I might restart it but idk if it's a gamble I'm willing to bet on

Is it still loading? Like the bar is moving or is it just stuck

It's moving just really really slow

It's not my wifi either

@rapid merlin As @finite basalt said when finding exploits like XSS the impact all depends on the application and how it works...for example, I recently found one that lead to arbitrary file read but that was only due to how the application worked

1 hour sound like a lot, I remember installing Kali in a VM with the ISO, not the ova file and took me if I remember correctly around 30 minutes 45 top

Yeah the first time I did it that's how long it took idk why it's taking so long now

Chess.com impressive

They should give you +1000 ELO as a reward kekw

damn, I just found an Instagram account of a minor doing dances followed by predators

Please report it to the Instagram

didn't either chesscom or lichess give you a special badge at one point

like report the account of her or report the predators? would Instagram actually do something about that?

No idea tbh

The account. It's against community guidelines.

Alright 🫡

what about the predators, what can a person do about them?

It's for subdomain fuzzing with Virtual Host. https://httpd.apache.org/docs/2.4/vhosts/

Report them to the authorities. If you mess with them, you might mess with an ongoing investigation

@rapid merlin I recommend watching a quick youtube video on what HTTP headers are and do

It'll respond with the default page

fundamental part of how the modern internet works

damn, I'm gonna need to learn how to report to authorities, I have no Idea what to do

Yeah no one is answering me

Is anyone here decent with opensearch?

It would iterate through every subdomain, which is not pointed to any IP in /etc/hosts in this case. So we fuzz the Host header to see if we can get different response from specifying different subdomains.

man ffuf

Not all the subdomains

Only the domain

Yeah. But just for this room. Subdomains might exist in real-life situations

You need to get the idea of Virtual Host and HTTP Headers generally

https://en.wikipedia.org/wiki/Virtual_hosting

Does anyone know how do you even start setting up something like MU-TH-UR 6000?

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers

Probably requires aliens.™️

A few weeks ago a saw something similar, accessing 4chan through ssh and following threads in a minimal UI

I restarted it wish me the best

I was curious, because the program seems simple, but I have no idea how to look for the implementation

Upon ssh login*

If it is a mainframe, it might run on AS/400.

Hopefully it is not written in COBOL.

Hahaha that would be a fun experience 😂

Thanks, that answers my question 😇

If you're unlucky you'd need parmlib cards and jcl to execute. 😄

And specify your DD space in cylinders.

I'm confused as hell, why does SMB use two different port ??

https://www.varonis.com/blog/smb-port

An RFC document is really helpful when learning a protocol.

TLDR: SMB runs on top of NetBIOS over TCP/IP (NBT), however SMB does not rely on NetBIOS for communication. NetBIOS is simply an API that other technologies use and is completely independent from SMB.

This is what got me confused !

alright gonna start looking that

Fire 😌

love scented cadles

For subdomain enumeration changing headers that's what I have

Cool

Honestly I think it's the best tool. It's 3x faster than gobuster and waaaay faster than dirb.
Burp Suite also has it use cases, and the rest of the tools in my notes only serve to real worl applications, not much use in training rooms

Mmmm cold lemonade

@strong flicker LEMON!

*cries in no more grapefruit

عرب؟

no

thanks

Gave +1 Rep to @slow helm (current: #733 - 5)

you welcome buddi

hello

lemon

hiiiii

https://tenor.com/view/earl-of-lemongrab-adventure-time-angry-gif-14747044

https://tenor.com/view/sami-en-dina-sami-dina-dina-sami-dina-en-sami-gif-15422575992980791421

@sick lance MORE FLUFF CLAN!

@strong flicker how is you? Long time no see

🍋

Guys when I use the man ssh command do I have to wait for all of the lines to load so I can continue or nah

load?

i think you scroll

if man has to "load" for a perceptable time, something is wrong lol

with the down key bind

^

no when you do man i think it load your terminal and you need to press down arrow key

to scroll down

Alright thanks

I thought it was loading but I just have to scroll I just realized that

Thanks

https://tryhackme.com/games/koth/join/0112c6c80830771b608b7cf7 i accidently joined koth game someone want play too??

#koth you can see there

GASP GASP GASP air

https://tenor.com/view/cpr-cats-staying-alive-still-breathing-gif-13009935

https://tenor.com/view/first-i-was-afraid-the-office-michael-scott-steve-carell-cpr-gif-15325468

barely...

i.e do not hug neck

hug around waist

https://tenor.com/view/ghost-hug-you-feel-it-gif-5221482

anyways just gonna go get a huge "NAP"

hm.

weird.

@sand trench are you @sand trench ?

nervous laughter hehehehe

there is an odd lack of third person ness

wait, shadow's in first person mode now?

wait what

meep moop no shadow is still shadow and just having fun

yup you can't judge him guys

accept him

....

;-;

https://tenor.com/view/shrug-gif-25269231

I don't judge her, just surprised shadow's in first person mode

no

it was a joke

i'm not that ser

A shift from the usual third person mode

those lines did not need specified pronouns

this is an educational discord server, we don't do jokes

sure

*Said productivity jokingly

third person but for the wrong person

@rapid merlin your bio -- studying for a+ core 2

..what is core 2 now?

when did that happen lol

you would think you could be weird if your stuff starts speaking in you're second person mode

^ never doing that again

what

file explorer i think something you learn when you buy a pc

i don't remember that ngl, but i also didn't take A+ myself so just memory from researching it however long ago

just took S+ and ran

files and directories and folders is not something a lot of todays youthul computer and phone users know how it works sadly enough diyo..... it makes shadow feel weird at how computers will work

poke app

app work

good thing you have snapshots right

poke pokemon app for pokey pokemon poking other pokemon

https://tenor.com/view/moumik-hug-hug-taptap-gif-12415073493272629445

sounds boring

https://tenor.com/view/slap-gif-26436697

holy ping

@molten sky

aw

Hi @molten sky

thats sad

pong

hey everyone

hey

what even is that

https://tenor.com/view/cat-pong-catpong-cats-funny-gif-4777918

is that W11?

welp

good luck

not really tho

linux runs the interweb

anyways it is time for this shadow to try the ritual of lying in bed spinning around like a helicopter listening to beep boop while meep mooping for the sleep sloop

and was less a retort about stability more about i hate debugging windows programs lol

definitely not. my fedora and debian workstations crash way less often than my w11 box

the only time my linux desktops crash are when i do something dumb and cause it myself

same with servers

windows on the other hand

frankendebian applies to all distros

wait ----

fedora 👀

I did not break your windows 11, you have 0 proof!

just ask matt to operate your computer for a few mins and tada crash

I did it

my dev workstation for personal projects is f39 or f40, i forget which

wsp

@whole yew i'm a lil bored. what should i package that isn't already on the repos that you use

also, fc39 here still. i'm slow to upgrade cause i don't wanna close everything

that's a good question - maybe build an rpm for joplin?

and see if you could upstream it to rpmfusion?

at that point may as well just do the official repo rather than fusion

last i checked there wasn't a native package for joplin, it's all flatpak, snap or git

Can we get Trilium?

hm... license is compatible with the repo.. all typescript tho, so...node? ew.
I wonder if there's a reference I can grab to make it easier less annoying

trlium is maintenance mode now. community is deciding what happens next

yeah, it runs node for non-local user, it's an electron app if you run it locally

you couldn't pick a normal app could ya lmao, had to be electron 😂

what does maintenance mode mean exactly?

no feature merge

only security + bugfix presumably

damn my internet, it keeps going out for 40 seconds at a time randomly a few times per day

(i'm assuming)

info: https://github.com/zadam/trilium/issues/4620

man, joplin's release cycle is quick

you didn't say what kind of app....

Does anyone know if thm has any rooms for MacOs?

@whole yew would you say that joplin is a fine app to not be at the bleeding edge of?

(stable delays)

it's notes, so probably

never used it myself somehow

if it's being used as a team app, probably needs to be updated more frequently

i would imagine a weekly build would be fine?

while i read these build [attempt] logs what's a not electron thing that a sane person would use

kek

good luck

I'm trying to download Kali Linux on a VM and it's going by so slow like the installation on the VM and it's been frozen for a hot min now anyone got a lot suggestions of what I can do to fix or any vids

agh dependencies not available offline, would need to learn how to decipher the mess that is js/ts/electron/whatever and package those as well

the vm is slow, right
not the host

what mem & cpu did you give it

Mem like 20 sum I can give it more and cpu only 1 because my old laptop only has 4

Should I change any of the settings

you gave it 20GB? you sure you're not talking about 20GB storage?

ahh if you're calling storage memory I mean RAM here

but yeah regardless 1 vcpu might slow things down a lil bit

Oh ram

Lms my foult

do you know if your cpu is hyperthreaded or not

(4 core 4 thread or 4 core 8 thread)

(or 2 core 4 thread for that matter, lol)

Yeah it's hyper threaded

Dual

dual...core? as in 2 cores with 2 threads each, for 4 threads total

2

Yeah

ah damn nvm then, i was gonna say if 4/8 then bump that vcpu count up a bit, but yeah hard to do with 2/4

Yea

I just realized I only gave it 2gb of ram

That's prob why

I really want to get certified in OSINT

OSOCP??

But $1,400

2C:12-10

Don't know if Offsec has a OSINT cert. lol

you can get as a permanent osint cert

C|OSINT, from McAfee Institute

pls no

McAfee.. ew...

i would pay not to have a mcafee cert

i would rather ceh

https://niccs.cisa.gov/education-training/catalog/mcafee-institute/certified-open-source-intelligence-cosint

https://tenor.com/view/gagging-gag-gross-jim-carrey-gif-13338718

oh it's real

i no like

GIAC OSINT (GOSI)

I met John McAfee once very colourful and interesting character 😂

That'd be one way to put it 🤣

You bastard.....

Most people would probably say "Nutso AF.." lol

Friendly guy, a bit nut 😛

https://law.justia.com/codes/new-jersey/title-2c/section-2c-12-10/

If you could fubar fubar then that would be ffuubbaarr... lol

it's surprsisingly lax tbh

f. This act shall not apply to conduct which occurs during organized group picketing.
also an oddly specific exclusion

Hey.. BTW.. I'm not interested in your advertisements.. so don't DM me with adverts. K thx. 🤣 (reported)

fr nobody here.. just venting.

you enjoy my adverts tho right

I mean.. well... yes.

I'm currently hiding from the sun... lots of outside time today...

guys i have a dump question

can you priv esc with /usr/bin/ping

guys what are u talking about

whenever i saw jun"s texts i don't get a shit

hping3 yes, ping no

Seriously.. bookmark gtfobins. lol

why does ping have suid binary in the first place?
can't ping send ICMP request without elevate Privileges ?

oh nvm a quick google search proved that it needs elevated privileges

i got it thank btw

Gave +1 Rep to @clever shard (current: #400 - 12)

Burp

I had to take a pic of my PC because it's funny rn.

is there a room to understand shared libraries and gcc compiler

Funny pc

its not a pc its a monster

just some water

lol

Cheetos in front of it.. and braided fishing line..

games and movies on top of it.. omg I need to clean

I don't understand Cheetosinfront of PC

I didn't pick up the bag.. Just left it there.. lol

I hope it isn't a openone

empty

and my pen cup.. because everyone needs a pen cup on their desk... lol

Man I wanna do some cyber security quizzes but I cant find any

ISC2 has some I think.. practice quizzes.. What are you trying to do specifically?

Mostly just choose a cert, then google practice test for that cert. You will find some.

When I was doing A+ and CCNA I think I used Boson.. but I think that costs $$...

Also that was like '08... so... lol

@molten sky so, that McAfee cert....

go on..

$1,400

pretty on brand

overpriced and ineffective

also presumably dosen't expire to impossible to remove

bru

just ran a hydra scan that took a long time on a wrong ip address

im so triggered

i fat fingered the ip address

i was like "god damn hydra is really slow"

man im back to THM after a 4-month break (||got a bit burnt-out||) wish me luck

i wish you luck

Question. In order to run a nmap scan you need to know the ip address. How would a pentester get a ip if it’s obviously not gonna be out in the open?

smhing my head shaking it

idk man

Oh ok

(is there a dark mode available yet?)

nah i really dont know

no, they want to impare our vision

(they are going to sell us glasses later, just you watch)

well they're succeeding fo sho

honestly yes

sometimes i need to step back from the computer, and im a kid

it's one big bubble isnt it

cant imagen what adults fell like

feel*

@jovial musk

yo

wsg

just woke up?

no

as an adult i can confirm that it makes you blind, especially if you sit in a dark (just as hackers should)

still did'nt sleep

3 AM now

brother get some rest

i woke up 16pm

i'm doing some CTF

i'm not satisfied with my levvel

mhm

i bet your eating chips and watching youtube

or hauling at the moon

nah i'm doing

you wait till no one is watching so you can do the very secret thing you do

Advent of cyber sec

i reccomend this room

dude im ass in general

uk i cant do anything rn

im close to 0x8 though

same

so ima TRY to do some easy ctf's

but like VERY easy