#general

i dont get the hate, whats so wrong about talking about distros

its constant

I haven't been hacking in a while, but I always kept a shell file with the full path command to launch tryhackme's VPN and added an alias for it to my .bashrc.

plus they each have there pros and cons

maybe there could be a dedicated channel then, idk

I'd suggest the following, if you want something that just works out the box without having to customise everything - but use what works best for you

• PopOS
• Ubuntu
• Fedora

Endeavours too

Most of the time....

i like PopOS

its pretty solid

oh thats smart

I hear PopOS is pretty solid. Never tried myself

I had a few issues with PopOS when I tried it, but nothing serious enough to scare me away from using it.

I just wanted to try what I'm on now (Nobara) because it's Glorious Eggroll's custom Fedora distro.
(The GE in GE-Proton for y'all Linux gamers.)

Hey guys any clue

no clue sorry

#programming maybe

Thanks everyone

does anyone use openCTI at their job? curious to hear how used it is.

Kali Linux is superior

Oh itd ok thnks for replying

not as a daily driver

Kali.. in a VM.. is good.

Oh okay. I’m new to Linux.

It's too buggy for bare metal daily driver.

I’m using it VM

Always remember if you only load the base OS in to your /dev/sda1 root partition, and use /dev/sda2 /home or some similar arrangement.
You can distro hop easily without losing data.
Still do backups blah blah blah, RAID is not a backup, etc. etc.
Always keep a hotspare...

Tedious OS

kali in vm is great

McDonald’s to pull me out of my hangover

yum

my magnesium and salt water tasted weird

but I need to drink it

Get a sausage egg and cheese biscuit for me please @rapid merlin

I'll be playing around with Qubes at some point in the next few weeks, but I haven't decided if I'm crazy enough to try running it on my main laptop yet.
It looks simple to me, having run SDN and Hyperscale scenarios, but I don't know how good it will be at GPU passthrough and thel ike.

That’ll never taste good 😂😂

I’m gutted that I woke up late and missed the breakfast menu 😪😪😪

the magnesium part tastes good, it's with ginger and citrus taste

Dang.. it's 7am here. Lol

4:30pm here

3:30pm here

Didn’t get home until like 5am

Mg in generaln taste liek shit. the "taste" is added to kill bad taste. and now when you do this. all things are weird 🙂

Oh, that's really slept in.
I was going to ask if you can beat the sun to the nearest timezone border.

😂😂😂

yeah, the tablesalt water is always a fun taste

you senses work overtime and brain do all weird shit to keep you up. so that gives lot's of weirdness

Woke up with a bruised eye

No idea how I bruised my eye but it’s there

they sure do, cause no solid food for 68 hours, and my sleep hasn't been good either

yep... brain work overtime. if this is first time, brain is, "scared" and do not know what to do first time. same thing i had with my insomnia, and my doctor warned me of brain being "scared"

if you get some hallucinations, is not uncommon

special in periferal side of eyes

isn't scared, just trying to work with low levels of stuff

but yeah, I get that

yo yo

reminds me, I need to take my vitamins again 😄

you are right. he do all the things to keep up. so he "pump" some weird things can occur

People on FB saying Crowdstrike issue had nothing to do with kernel driver? I thought it was being updated with that software Falcon Sensor or something but bad code caused the glitch

how's going birb, all good?

you never setted up NeoVim again?

Or not with but for

kekw

I set up netvim just fine thankyouverymuch

People on Facebook are often wrong.

The fact of the matter is, crowdstrike is a kernel level operator on systems as a defacto part of how it functions.

im ok, just got home from a 2.5 hour ride on my motorbike

now I'm exhausted

xD

Yeah I thought it used kernel drivers for the security right?

sorry, 2 hour

but ey, who's counting

Well the security goes right down to kernel

It needs kernel level memory access to do is job.

Yeah

Which means drivers

Not about security so much as, that's the only way to read all process spaces.

Oh yeah

Yep, drivers are just code themselves

👀

good idea to ride today, it's amazing weather

And it was their driver being updated and rolled out that caused it?

I sent a whole bunch of people to watch Dave Plummer explain what a blue screen is, and why it is blue yesterday

yeah

I "met" an MC on the way home

I tagged along from a safe non-provocative distance

Cos that .sys was an updater one or something

Nice

Idk I'm confused about those drivers

take some rest.

I always do that too, before I get allowed to pass

The ones I know are like device manager ones

they were too many to pass here.. like 6-7 people on harleys and vest and shit

usually they are nice and just let me pass instantly, other times I talk to them at signs and talk, cause they are cool people

lmao

i was like "yeeeaaaa, I'll just stay behind ya'll mkay"

But this was more of a software one? Or is it counted as just the normal bridge?

yeee, I just hang around with them, they usually vibe with me cause of my helmet lmao

first problem is listening to people on FB.

It wasn't a driver, just definition files
https://www.crowdstrike.com/blog/technical-details-on-todays-outage/

Best to stay back unless they wave you past..

Yeah I didn't think it was correct at first but it got me curious

exactly

the guys here in denmark aren't that bad tbh

There are lots of clubs in my area..

Anyone does malware analysis or reverse engineering??

And yeah.. they're all nice if you're respectful.

depends

what are y'all talking about

cops?

motorcycle clubs

oh

On what?

yeah we have those 🤣

the "rulers of the road"

just ask your question

For two wheels*

eh, some think it's the whole road and not just of bikers

nah not really

Gdmorning

That's true..

what might be your question, some stuff are only in advanced channels that we talk about it, that's why I said depends, cause topics like that aren't for beginners

configuration file / definition file are referred as channel files according to this tech detail. of which a channel file is faciliates comms between components. which, isnt that what a driver does?

I live like 5 mins from a Bandidos MC club house, and in the 20+ years I believe they've been there, there hasn't been a single incident worth mentioning in any local news or anywhere else

well, if we are talking about actual gangs, then yeah, but many places have some low level motorcycle clubs that just hang out

other groups of people however..

going better...

oh, I know, you remember the news article about a place getting blown up in copenhagen due to conflict?

last year

vaguely

I work close by that place 😄

nice xD

we were on our way back from the yearly offsite from work, and going to the office, when we got the news we weren't allowed to be there due to the cops securing everything

No...
They're configuration details used by a driver.

got it 👍

Are kernel drivers the same drivers you'd find to update in device manager? And like graphic driver for example or am I very dumb.

The thing that makes it a kernel driver is where it runs

ie in the kernel

Oh yeah

Because you specifically mentioned graphic drivers I'm going to give you a link over to Dave plumber's YouTube video. Graphics drivers after having once been moved out of the kernel remove back in for performance reasons.

https://youtu.be/KgqJJECQQH0?si=1-7Hta8Ts4ZAVsJF

It's part of his chat here.

hmmmm, what to have for my first meal in 72 hours

could go for some noodles with bone broth and chicken

Something delicious, but not huge. No American portions.

eat some soup first

Perfect

yeah, that's why I go with noodles made in bone broth

and chicken for protein

smart yea

Eat veggies. Pref raw.

The disrespect

Hey, I love the Golden Corral as much as the next guy, but I know what that'll do to you after an extended fast.

The buffet??

Yeah

You in Kentucky?

First place I ever used my adult money to take my parents to. 😅

NC/SC border

Golden Corrals bathrooms are always nasty

I haven't seen one outside of KY. LOL

They were in Cornelius at the time. I still live in the Maple Hat.

Ah. Love Wilmington.

but I need to go shop for chicken then

Broth noodles and veggies.

I must do the driving thing now. Later all.

Later

https://tenor.com/view/fast-car-gif-22098603

Golden Corral his horrible... I had a friend when I was living in Colorado who was like "hey lets go to Golden Corral for their steak dinner", I was like sure... I had never been. It was the worst food ever

Whatever you do don’t use there bathrooms

Where did you get this perfectly accurate video of my every day commute? XD

all I remember was this sad tasting steak and bland bland food

The only decent thing is pizza... Or what they call pizza.. lol

I’m glad buffets fell off during Covid

except for Sweet tomatoes/soup plantation

RIP

There was one in KY that I liked. Good seafood.. all you can eat king crab, prawns, fish...

I just opened up my old laptop's heatskink...

it's absolutely disgusting...

I'm surprised we don't have anything like that in WA...

meep meep VROOOOOOOOOOOOOOOOOM

today on ice cream with shadow

Is a bit chilly here today...

it is nearly 30°C here today

About 63f here

so 17°C

Supposed to get up to 83f

and going up to 28°C???

Yeah.. supposed to..

It's a nice 26c here

22 here... finally

I’m itching to get to my laptop so I can hack the planet

I already knew about it.

hope they fixed it.

Issue is the systems with bitlocker that need recovery

what's the average salary of a red team operator

?

it's really a bad issue, I'm happy I left earlier. (I was inten)

You should look on platforms like Linkedin to understand your region

india?

is it easy to get an internship and land a full time job in US in general?

umm

depends on where you from, if you are in India it's Decent.

From outside the US?

united states?

It really depends on where you are. Can't really give you a figure, but the pay is usually good given the scarcity of the talent. LinkedIn should give you an idea about the salary in your region.

Im Aus citizen and my partner is US.. we were in provision to moving to US after i finish my bachelor, for better opportunities

ok brother

As James Said:

You should look on platforms like Linkedin to understand your region

I think IT in general US has bigger infrastructure and more jobs

And i was thinking maybe landing a job in cybersecurity easier

maybe not lol

more jobs but also more people trying to get said jobs

be tooo good like me

the layoffs of the past year or so have been devastating to tech, which means there are a bunch of people qualified in various parts of IT willing to take a variety of jobs

correct

and so what you've seen is a lot of shuffling around of people

also, a lot of companies in the US will want US citizens in cyber positions

Any good alternative to copying from Windows to Linux using SCP?

I thought clearance and Citizenship is only needed for federals

python3 server?

but yeah i read having a clearance is better in terms of getting a job

maybe not clearance but citizenship is often a requirement. So many companies have work with the government, that it is just easier to require citizens

it's not always skills, it's who you know.

Thank you!

Gave +1 Rep to @sand fjord (current: #2142 - 1)

no... its not cheaper, its just what may be required by their customers

Updog.

SCP will work fwiw

i thought about joining US military after school just for the sake of citizenship and clearance.. cos myabe it's more options in employment.. but money is shit lol

i kinda forgot. is the soc 1 and 2 paths subscription paths

You need a visa etc to work in the US if you're not a citizen

Pain in the butt, and expensive

All the paths have subscription content.

ight

well there is that, but plenty of companies do sponsor. Software development companies for instance often have a ton of H1B visa holders

It's like a lottery for the h-1b visa you got a 1 in 4 chance even if you pay the fee which last I heard was 14k$

i think visa shouldnt be an issue for me. again my partner got aus green card cos im aus citizen and i assume it'd be vice versa for US too?

it can take a few years

Maybe i should avoid while trump is in position anyway XD

are you married? if not, don't get married, get a fiance visa. A friend of mine found out the hard way

that doesnt matter

I think her husband's visa (from the EU) took 4 years

or apply now if you haven't already

military is a option. Each branch has there own cyber command so you could go for that. you prolly wont be on the front line

personlly

tho

once you join you have to serve for 3 years

why not?

I don't mind joining military tbh.

it just takes longer

a fiance visa is about 18 months from what I've heard, a spouse's visa is years

from an immigrant point of view, it gives you tricare, veteran status and they pay for your school

thats weird

lots of people get married instead of looking at the fiance visa

i would think its the other way around

I know

my friend's husband just got his visa this year, I'm gonna go find when they got married

only thing i can think of is they are thinking, get your visa quick and have your wedding in the us

it sucks military pays too little. almost minimum wage for 3 years yikes

2021 so yeah 3 years

wild

yeah that is weird

you would've thought the other way around

hmmmm

i think priorities should go to married couples lol

maybe shadow makes more then "minimum" wage in the usa

do you have a degree Dolce?

according to the interwebs... a military recruit makes $20k USD

I do but in health field and thinking of career changing

ahh then you wouldn't be at the lowest pay

if you did the military but also if they went by your degree, they'd put you in an applicable area to your degree (I would think)

I had a look at joining as an officer and that is only for US citizen

yes literally doo doo money haha

and youre locked into that contract for at least 4 years

what branch

that's cool

anyone know the reason why i wouldnt have access to firefox in pop os in a vbox vm

nice

do you have knees and back problem? or is it only for who did infrantry soldiers

infantry

what do you mean by access?

yikes

thats insane

I shall thank you and your knees for service

"Erm we are having trouble finding that site(Every site,even google), Check that firefox has access to the web, could be behind a firewall"

120lbs jesus.. that's a human

DNS?

checked if its DNS?

Always DNS

https://tenor.com/view/dns-haiku-dns-haiku-tech-pod-it-was-dns-gif-27399037

It was DNS...

let me check

prolly is

Hey Zumi :D 👋

That's alot for someone who needs to operate a robot

Yeah nah i think carrying 120lbs is not healthy

was it a long distance each time?

haha i don't think anybody would enjoy that

wow so you were in korea too that's cool

I should really thank you for your service as a korean

Do you get deployed voluntarily or you go where they tell you to go sort of thing?

man that sounds cool doing missions all over the globe

If we wanted to run a command in the background, what operator would we want to use?

I now what but he is

error

the operator &

&

i now but error

#room-help

lol shiiit

see the privet

@fervent meteor

I said what I know, but the rest of this is a question and I will finish

i can send image

maybe it didn't benefit you careerwise and moneywise but having these experience would have taught you resilience and life skills?

• how to operate a robot and you can carry 120lbs

ok thankس

Gave +1 Rep to @fervent meteor (current: #872 - 4)

still looking for assistance regarding the matter :c

If you don't understand theory, find a new source?

I understand theory

I want to apply theory in a practical level

also just take notes on it bro if you cant use it practically yet

I take notes all the time

but all I do is just write notes and read theory

me too man i feel u

I've only done one single CTF room and that's all because I have experience in that field which the room required

hey, do most people start their cybersecuirty in highschool or after it?

well... some do, some not

I started in HS

how's it going right nwo

I just finished HS

so far so good though

Sometimes prior to HS..

ah isee

I think I was 11 or 12 when I started.

black hat spotted 👀 /s

shouldnt you be worried about getting a pimple at that age

I started very young too.

I started when I was in 9th grade 🤷‍♂️

started coding in 8th grade

No. I was more concerned with my parents finding my stash. 🤣

ig some people are built different lol

It was all AOL and VB back then though..

Oh the things I created in VB...

I designed and wrote something that the only way to stop it from working was to completly remove the registry.

If I could talk about some of the crazy things I did... Lmao

i dont think doing this at a young age is a common thing 💀

whats the answer for the first question on web applcation security

#room-help

So the FBI didn’t come to your door ?

Maybe they did.. maybe they didn't.

Yea so I tried doing one of the easy red team boxes and I know literally nothing just a couple thousand more hours of studying and I think I got this

I was 10😭🙏

Le me joining #general chat seeing messages like "I think I was 11 or 12 when I started" and "I was 10" and other similar messages:

https://tenor.com/view/pedro-monkey-puppet-meme-awkward-gif-15268759

I need two weeks of continuous work to solve this room 🫠

wtf even is that xD

some of them are actually pretty easy

and just text

Yes but the view is really amazing🫡😂😂😂

yeah

@modest zinc team. Can I make a suggestion? I am new to cybersecurity studies and I often find after completing a room that I wished I had some material to practice on. Obviously the CTFs are the answer but I have to go search for the right CTF to match what I'm studying. Can you please add links or suggest relevant or corresponding CTFs to rooms this would apply to? I often find myself copy pasting the whole room in chatgpt and asking it to make a CTF based on the criteria, and often find myself thinking. 'I wish THM would throw me a bone here.'

28 here

#feedback-and-ideas for this please. 😄

some of the rooms have that, but many of the ctfs are made after the learning ones, which means that they'll have to go update those rooms to link to said challenge, but I get what you mean, lots of rooms are also made by users of the website, so they aren't sure if there are any learning material or anything for that, but if you'll like then there's #feedback-and-ideas

would have been nice. you should send that suggestion in through #feedback-and-ideas

OK, fair enough. Yes I think I will send this their way. I'm sure they've thought of this and like @chilly veldt mentioned I'm sure they have their reasons. But maybe if enough of us complain something will change 😂. I just often think 'Man I wish I had material to really drill this into My brain'

using chatgpt to create ctfs is pretty big brain im gonna use that

I assume largely logistics.
The room creator would have to know where to recommend.

But maybe some key term flags that you can take from the room and filter the CTF or koth on.

it's gonna be useful when you're running into so many issues haha

I once locked myself out of the box, helped me go into recovery and reset the root password and edit the sudoers file

Disclaimer: Don't edit the sudoers file without knowing what the hell you're doing

good advice

also do regular snapshots

and write notes on everything regarding your setup

Helped me a lot when I had to redo everything on an older image of ubuntu server

ALWAYS make notes

i dont like notes, i just revise and practice and go back to original resources if i forget

wait hold on, is every text on youtube slightly tilted

i don't see it

.....

whatever floats your boat I guess 🤷‍♂️

shadow has problems taking notes...
so here is what shadow does:
try teaching everyone else how to do it and help them through the problems

https://tenor.com/view/toaru-kagaku-no-railgun-head-bang-desk-gif-3828773

hence learn by helping/teaching

the best way to learn is by teaching to others

Pro tip

Even though 20 volts is not a lot, a capacitor charged to 20v can have a LOT of energy and make a decent spark

Ask me how I know!

lmao

you got sparked?

Nah I was smart about it and discharged the cap when I was done, on the handle of some tweezers

good good

And uh... it sparked, left some nasty black marks that wiped off, and a small pit in the handle

was about to say, if it sparked you, you'll probably won't be texting in here 😄

20v would be enough to hurt and leave a nasty burn

yeah, so you'll have your finger in water 😄

Would be... difficult to die from 20v, unless you had wet hands and it went via your heart

oh, didn't think about dying, more like, keeping your finger in water to calm down the burning

Shoutout electroboom

love that guy

YATTA

yuup

learned that quick when repairing and maintaining defiblirators

if someone tells you battery powered stuff is not dangerous

Big caps are dangerous

give them a defib and tell them that it is fine to shock themselves with it

Small caps are fiiiiiiine

High voltages are dangerous

shadow hates the mentality some people have that battery powered stuff is not dangerous when you are taking it appart

defibs and uninteruptable power supplies have taught shadow not to mess with them

is It worth to switching linux (specially fedora) from win 11 with nvdia gpu ?

I'm doing a room where the author's english is horrendous, is there a place to help correcting rooms ?

worth it for what purpose????

#room-bugs

Not fedora

Use Debian

More stable

eh fedora is stable enough for most people

Well I don't use programs like adobe fully depends on win ( I checked list for apps that can I use in fedora)

I want to be good at linux kernel and env so I thought If I force my self to use it

I know the basic stuffs like window mang ect

that is not what shadow meant
things shadow kinda meant:
for more performance on older computers
for more performance in games
for more open source software
for more privacy
for more security

none just to learn it

learn linux

then a virtual machine should be good enough

ok

thx ❤️

do you recommend any software, maybe virtualbox ? (for win )

vmware or virtualbox

thx again

I personally ❤️ VMWare

It was a great move from them to release a free for personal use plan

also could dual boot with a usb thats what i do

vmware is considered the best, but virtualbox is really great aswell for personal home labs

Hi guys, I recently got fired from company I was working with, and they didn’t get their laptop back, I’m thinking about restarting it and using it as a personal device, what do you think and if anyone have any helpful tips or tricks that would be great.

Note: although they fired me but they still did not remove my access 😂😂

what

this is illegal return it

it would be, if they asked for it?

@sick forum Buying vouchers outside THM is somewhat likely to lead to you being scammed or your THM accohnt being banned

It's still their property

fair enough man no problem thanks for the advice dude 🙂

Gave +1 Rep to @naive violet (current: #2 - 2162)

https://tenor.com/view/nitro-rick-roll-gif-24863685

so you think the best thing is just to send it back?

Contact them

send it back to them and buy a cheap laptop 4gb ram or sommat and boot linux onto it

Send it back. Legally it's the company's property. You're not going to win that battle if they take legal action against you.

I deal with this sort of situation almost weekly.. you could be in a world of hurt.

Or you could just ask them

Sometimes companies will let you keep the laptop

That too.. they may not want it back. 🤷

If that's the case, someone may work with you to reset it and remove any management from the device.

https://tenor.com/bTdEP.gif

oh no, on that regards i have macbook pro M3 and i'm running VM's on it for windows and Linux, i just hold resentment against the termination of my contract and thinking that they did not ask for the laptop, then i'll just take it

yeah a bad way of looking at it mate this will get you in trouble in the future

Thanks you for the advice Alt i appreciate it, i think i'll do this.

Gave +1 Rep to @normal fable (current: #51 - 143)

regardless of what they have done it is not worth getting yourself in trouble

No weewoo is good weewoo...

much appreciate it, i'll just send it back and that's it.

not worth the headache i guess, thanks for the advice guys!

Work finally paying for the training 👀

Nice!

Hell yeah! That's exciting!

Now to work on my boss....

hu

hi

:hammer: dullgg#0 has been banned.

my god that ban msg gave me an aneurysm

It was copy/paste

seemed like it

what is going on in this image

spontaneous combustion

my central nervous system

discombobulation

https://tenor.com/view/fall-apart-stick-figures-gif-7331310

https://tenor.com/view/discombobulate-gif-14899122829865785104

Does anyone no how I keep my account frozen. It's been frozen a month now. But I'm still working away and want to keep it frozen for another month

Wow monday morning first email in the office is 'were out of coffee'. Brutal

Oof.. worst email ever.

Are they rioting yet?

'Sorry, im out of productivity'

well... start take hostages... some will buy...

Snowflake hacked =/ that sounds bad...

And then u realise u got an assignment due on the same night that you haven't even started 😂😂

Please accept my resignation. Next time don't run out of coffee. K. Thx. 🤣

im stuck ... 😄 cant finish 2 challanges

powershell fundm challange

Jokes on u, I be buying bottles of iced coffee from my local grocer 😂😂

Hehehe luckily I actually stopped drinking coffee at the office a few months ago so Im prepared. Just rough for the others 😂

Hi dolphin 👋

Hi skid.

Heya 😄

How're you doing today dolphin?

Not too bad although the weekend could have been a little longer 😩 hbu?

I agree haha

I lost the track of time

I just study

What did you study

preparing for exam

have been

Ooh good luck!

I just got voluntold to help clear out the attic.

Voluntold, hahah. Love that

To whoever recommended endeavor os to me: I love you

shadow was part of the club for that

Hey everyone

Which Snowflake?

currently in a bit of pickle. See i signed up for a cybersecurity course at school but i dont know how to do this shit at all and im going on vacation tomorow and if i dont get it done before tomorow i cant enter the school. So i joined this server to ask for help

is this the right place?
i have to do a tryhack me assignment

Anyone there?

Good fternoon

Attic clear. Lol

yo that's a cool pfp

#general message

From the pinned comments.
If you're looking for a bit of a "where to start"

Otherwise, if you have specific questions, we can try to be helpful, but we will not do your assignments or homework for you.
Always happy to direct and give hints.
We even have channels dedicated to that #room-hints and #room-help assuming you get stuck while doing a THM room.

Thanks I took selfie when I was doing thm rooms

Gave +1 Rep to @supple tangle (current: #2142 - 1)

I just dont know what they mean with "Go to http://MACHINE_IP and start enumerating the website to find the publicly exposed credentials."

is machine ip like in firefox or in files or something

If you're in a room, there's going to be a "start machine" button.
The machine IP will then be presented in the room contents.

And will replace the machine_ip portion of what you see there.

I think I will soon get blind if I don't stop staring on screen 😆

Shit i accidentally left the attackbox on and only had 1 hour is there anything i can do or do i just have to buy premium

Are you on a computer you own?

on my work laptop

Fair, do you know if it is within work policy to run virtual machines on your work laptop?

Because that's going to be your no timelimits option.

Yeah it shouldnt be a problem i just ran one when i did the tryhackme

oh wow alright i gotchu

I just have to check, because every business and position gets their own policies.
You can download a Kali virtual machine image from offsec's website.
And you can use the OpenVPN client from inside that virtual machine to connect to TryHackMe.

sorry do you work for tryhackme?

Most professionals don't actually run the majority of their toolset on baremetal, they do it within a virutal machine, whether that is Kali, Black Arch, Parrot, or just a collection of tools on their favourite operating system.

Nope, just been around a couple years.
We try to be friendly and helpful.

rightt

Actually, darn, 5 years?

I haven't played a room in almost a year.
I need to fix that.

please stop me if this breaks the rules but could i pay someone to make the assignemnt and give me the answers

lol

Did i break the rules

LOL, yes, that would break the rules.
We're happy to support as I said above, provide hints etc, but completion is on you 🙂

Dang its just that i cant open the vm thats the real issue tbh

Rank 6174.

Community has been hard at work knocking me down.

I guess i just have to pay for premium then

Big thanks anyway!

Nah, just gotta figure out why you're having issues with your VM.

Its the attackbox in tryhackme

just make a vm on your laptop and work inside it

Yeah, but you don't have to use the attackbox, it's an option
That's why I asked if you're allowed to install a VM on the system you're using.

oh i thought u meant attackbox = VM

https://help.offsec.com/hc/en-us/articles/360049796792-Kali-Linux-Virtual-Machine

nah unfortunattly i cant had enough trouble getting discord web to work

The problem with the attackbox, is it uses cloud infrastructure, and cloud infrastructure costs money.

why not go straight to https://www.kali.org/ ?

Kali is maintained by Offsec. I just searched for their guides 😄

ah cool

It seems like you're using your work laptop for personal activities....

Yeah i am ngl, my own laptop had a blue screen issue last week so i sent it off to get repaired

You're probably breaking your AUP, Acceptable Use Policy, which is more than likely a fireable offense

Don't suppose you have your personal laptop on CrowdStrike eh? giggles

This 1000% depends on the company btw

Which is why I said probably

Nah im good bro theyre pretty chill

But it shouldn't really matter, work and personal shouldn't mix

nice

not what im here for

"More than likely a fireable offense"

1000% depends on the company

hmmm yeah looks like you'll have to go premium then

I'm not sure why you're trying to argue this, none of the language I used is absolute

You may be stuck waiting until your personal comes back.
I hope it blue screened more than once before you decided to contact support 😄

"More than likely"

Is not absolute.

Wow ok

You wanna go there... 😂

Some people really don't wanna lose Internet arguments

Whatever

If I said "it is a fireable offense," then your statement would be correct.

Misuses of digital equipment is often harsh at many companies.
But even at companies who are likely to just say "Hey don't do that." will definitely go "What is Kali doing on here?" if they weren't expecting it.

You're the one trying to argue it.

oh yeah dude it was a big problem it crashed every time i put my charger in and got a bitlocker screen when i turned on

this argument is really dumb

Forget I mentioned it. You're right. I'm wrong. 😂

Jesus

Ah fun.
Was it an HP laptop?

lenovo actually

why? do hp have that problem a lot

Zaid, either setup a VM or use an EC2 instance on AWS free tier or something, work on getting connected again and move forward.

yeah i guess so😭

true im wasting time

going on vacation tomorow have to get this done in the next hour

Oh Lenovo, in my experience their support coverage is decent.

Wit HP specifically I was curious because my work laptop is HP, and when I plug in any non-HP USB-C charger I get a popup saying "We recommend you use an HP charger."

Which means they have some kind of communications code likely in their USB-C hub drivers that detects the fact that it's getting 120W from something other than an HP charge block.

So I could see a USB-C based charge circuit causing blue screens if something corrupted that driver.

Well, if its any consolation. I firmly believe THM is worth the Premium sub 🙂
But I did like 7 months without premium until I wanted to finish a bunch of paths that had premium content.

Can someone please just open the attackbox for me i just need username and password and dont wanna pay premium or is that breaking rules again

And now I keep paying even though I'm not using it very much 😄

Nothing we can do to help you complete on your account for your course purposes.

What if i sent the course link

As I said before, rules.
We won't do things for you. We will help give you hints.

do you not believe what he said?

why wouldnt i

I think the double t was a typo

oh yeah i didnt mean it like that

just how you had double Ts, couldn't tell if typo or sarcasm

will always love this picture

@lethal parrot

Attack box is free

anarchy...

Yeah, I had to put the double T against the context of our conversation 😄

Do a free course on retaken

Tryhackme

for about an hour

You know you could just make a Kali vm

Openvpn

i have to finish my school entry course tho its 6 questions

we've been through this

nah on work laptop

What are u trying to do zaid

Are u supposed to turn in your work?

I guess you can’t do tryhackme

im supposed to answer questions in tryhack me

Yeah that's where we started this.
He's on work laptop, and even if it is within use policy, they'll need admin/IT to install the hyper-visor from the sound of it.

Why can’t they ask there admin?

i just have to do 1 room on tryhackme

cause its 12 am

Oh

Honestly, I would recommend they do, just not today 😄

U can always add more hours

going on vacation tomorow

This

if i buy premium?

No

It’s free I’m pretty sure

To add hours

I wasn't sure if there was a daily time limit, or just the timeout when you're on free.

it says this: Non-subscribed user can only deploy the free AttackBox for 1 hour a day. Subscribe for unlimited access.

Yeah that's what I thought.

I was pretty sure that's one of the big drivers to roll your own VM.

Wait you can only add hours if you use a rooms given attack box

And specifically because of the cost of AWS

its premium time

Anyway, just made a new Distro image.
Back in a bit 😄

Think of it this way: all of the time you've spend messing around with this just to save a one-time payment of what, €14?
(if you cancel the subscription within a month)

Is that worth your time? Which is more valuable right now, time or €14

Just pay and move on

moldy image

just did

Now i have acces to the hackbox but i still have no idea what im doing

Well that's one problem solved then. Progress 😄

glass half full

wait are you using the THM attack box to access HTB labs? lol nvm I severely miss-read the situation, ma bad

Doing a learning room?

yeah

you can get some help in #room-help if you get stuck

thanks!

Gave +1 Rep to @supple tangle (current: #1422 - 2)

double edited, so sorry for you loss

🙏

When your Lenovo comes back let us know and we can help you get a VM of your own going.

And if you really want to save time, learn nothing and get it out of the way just google it and you will find the exact answers lol

https://tenor.com/view/no-family-guy-bad-dog-newspaper-peter-gif-8108196576766934699

T-49 minutes

Don't tell people to Google the answers. That's not learning..

😂

I had some like a year ago on VMware

amen

some kali linux and windows 10

He said he just needs to do it to get into his class

😭

you think i havent tried😭

that was the first course of action

But one in those classes, the skills taught here well be helpful. 👍

Lmao

Definitely

true

Read the material and do the steps. The answers will come.

Thanks everyone big help!

good luck

As long as it's not a private room you can always ask for help in #room-help too.

i just bought the sub today too

yeah its made by the school so i think private

People will nudge you in the right direction. 😁

Ah. Probably.

So the mission is to see the username and password and theyve give me all these tools for password cracking like hashcat and medusa. do i have to like put commands in there to get it

sorry for asking so many questions but i feel like this stuff is in another language

They are tools yes, so it depends on the situation

The right tool for the job and such

so if i want to find the password i have to use a password cracking tool correct?

dude this is question 3 out of 6 they start talking about root flags in 5 im so finished

We can’t help with school work sorry

Bit unfortunate to get started on all of this just now then

does anyone know of a discord server that does

🤷‍♂️

well then

thanks

What class is this anyways

what do you mean

Hey everyone

Nvm

its to get into college

but i want to learn cybersecurity there i dont know stuff yet

You gotta take a cybersecurity test to get it o collage?

I’m confused because you said this

its europe probably a different school systems might not be college idk how to explain

Is this truhackme?

yeah

Ooooh

We can help with that

I enrolled in the Jr Penetration tester path on THM and I’m currently in the File Inclusion room then I think there may be a small syntax error in the room

hell yeah

If there’s any admin in this server that could go and tell me if I’m right

#room-bugs

Your generic question "do I need a tool that cracks passwords to get the password" can be answered: the answer is perhaps. To crack a password you need a password hash or a password protected thing like a pw protected zip file. If you have a hash you can use hashcat. To bruteforce a password you can use a tool like medusa.

But like... You're in for a long and painful night if you wanna do this room/challenge before your vacation, it seems. You've still for a bit to learn to comfortably approach it.

So it’s simple it’s just in the Local file inclusion the syntax is http://webapp.thm/index.php?lang=../../../../etc/passwd instead of http://webapp.thm/index.php?file=../../../../etc/passwd

A root flag is a flag in the machine that you have to find

What is enumeration?
Enumeration is defined as the process of extracting user names, machine names, network resources, shares and services from a system. In this phase, the attacker creates an active connection to the system and performs directed queries to gain more information about the target. The gathered information is used to identify the vulnerabilities or weak points in system security and tries to exploit in the System gaining phase.

Go to http://MACHINE_IP and start enumerating the website to find the publicly exposed credentials.

Answer the questions below
What username did you found?
Answer format: *****
Submit
What password did you found?

Answer format: ***********
Submit

this is the query

And normally if we trying to access a file it should be file not lang

alright good to know

Did they tell you how to enumerate

I been trying w lang and getting the same page w no difference several times before noticing the problem

A website

"Publicly exposed credentials" sounds like you don't need to crack anything

no just the explenation they give there

Look through the website. It’s prolly hidden somewhere

what room/path are you doing

Viewing source? That's illegal!

What

Boy if you don’t

He's joking

😂

its from my school private

Me when I speed through rooms and forget most of the content later

Sorry, tried being funny, failed apparently.

Oh then nvm

We can’t help with that

Lmao

dude

Anything private we can’t help with

Your school uses tryhackme?

we were making such good progress

its just to get in

“We” we aren’t the ones taking your class

Can't you bring your laptop on your vacation so you can continue studying?

That’s smart

Thank you

Gave +1 Rep to @crude stump (current: #81 - 80)

Figure out a time when you can study. It doesn’t have to intrude your vacation

Yw bribe

Birb

yeah but its kinda heavy thats it

Figure out your priorities - what's more important, the holiday, or getting in to this course?

https://tenor.com/view/vacation-gif-12253393920666896345

Back for a few, just catching up.
I expected a private room given the purpose.
But yeah, like I said, hints are a thing.

I choose to bring chonker laptops with me everywhere XD

Previous laptop is a 17" Gaming laptop with a 3060 in it.

New one is a 16" Framework with a RX7700S init 😄
(Previous is going to get wiped and handed down to my nesting partner)

I just find 5lbs isn't enough to keep me from wanting to have my laptop wherever I am.

and finally shadow is feeling like using ublock origin hard mode

I've got ublock, priv badger, and ghostery all running...
And thinking about setting up a VPS with pihole on it 😄

Hello guys i just joined and am very interested in learning about ethical hacking what should my 1st step be joining here?

#start-here

After the start-here, if you're still not sure where you want to start.
Shadow's recommended order list is pinned.

I read "RX7700S init" with a London accent and immediately my mind went "I dunno fam, fr no cap?" 😂

I wonder how many shadows they have absorbed.

bruh

ghostery shadow thinks if they recall correctly got bought
priv badger is discontinued by EFF but can still be used but is not as good anymore
ublock origin is super powerfull if you set it a bit more agressive then very easy mode and go to easy mode

Ok thank you

That's fair, I missed that space hard.

Did ghostery get bought? I'll have to look into that.

if you wanna read up on how to turn ublock origin even better: https://github.com/gorhill/uBlock/wiki/Blocking-mode

Hello

recommend easy mode for most people

Hi who wants to do koth w me ? (Im new sorry if its not the channel for this)

as it requires very little tinkering to get things to work

probably more luck in #koth channel but it is not wrong to ask here

If you /verify you will have better results in #koth

😠

LOL you're fighting with a decker mate.

You'll never be faster.

Shadows the best chummer we got.

One of these days I will do the whole wearable PC thing.

for super portable stuff shadow just uses their dragonbox pyra or openpandora

Does bleachbit help shred files so that they are unrecoverable from the system?

I'm asking, cause I will be giving away my laptop

And I will be preinstalling it, but I've heard that files are recoverable even after deletion

think it has an option to do that yes

also yes but most people are not savy enough to do it

Do you know what brand and model of SSD you have?

Give me a second

but if you are going that route dban is generally the recommended tool

Bleachbit may be unnecessary if it includes a secure-erase feature.

assuming HDD:s

if it is an ssd just format it and then execute a trim command after basic setup

If HDD, then yeah, dban is the classic.

It's an m.2 ssd

I think a samsung one or kingston

What is a trim command?

generally if you run the trim command after formating it nukes the data

basically similar feature to hdd defragment but for ssd:s.... speeds them up a bit but also makes deleted data generally unrecoverable

So defragmentation helps in data removal?

I thought it is a process to refreshen up the memory space a bit

Because SSDs store data different than HDD, TRIM will remove any reference data for where to pull cells from to get info off the device.

https://superuser.com/questions/1403762/permanently-deleting-files-on-ssd

no it does not but trim kinda does

run full disk 3x time with 0... will be ok to not recover nothing

the problem with writing that to the disk multiple times with ssd:s is it slightly lowers their life span

indeed

But a lot of modern SSD mfg are encrypting your drive transparently.
When you format it, they scramble the key, they don't actually format anything, because disk writes are considered destructive on SSDs.

ssd is bit fragile in that area

So you can "secure erase" an SSD in microseconds effectively.

nah... it takes time

at last full disk encryption, the part of going full takes around 30ish min for 512gb

format
install something using luks full disk encryption
write data to full disk
format
install what needs to be used
move on

We're talking about two different things here.

Another thing: Debloating Windows

Does OOSU10 help a bit?

please don't

O&O ShutUp 10

Does this app help?

I notice it could crash the system

Or make it's behavior errory

debloating windows generally disables a lot of security features and sometimes updates
if you can't see the issue with this eeeh

Yeah, I guess you are right

I had installed copilot on my windows, but now I uninstalled it

Not that I was planning to do much with it

But I can use copilot on edge

Damn Im at work tommorow

I don't wanna go...

haha superuser site is broken mess for shadow now:

this is what happens when you block all 3rd party

Im very happy with my brand new laptop

It has some AMD Ryzen 7 AI processor