#general

I really do want the physical copies of just about everything. it just not so viable for me. Ill have them one day though!

im also in love in real books. then again. 20 books oprice is one book for phisical

I'll be quiet now. Peace and love :)

Physical books are great. buuuuutt... ralex has said it better'n me 😄

icl i prefer digital books

no control f on a irl book

https://tenor.com/view/rustled-jimmies-ape-gif-5490983

Dusty shelves 😄

Top shelf is hacking stuff-ish. Mostly 2600 mags

i love the read and blue to field manuals

Needs more OSINT

i need to get new copies of mine

2nd shelf is mostly Med school stuff 😄

i used those books so much they are lowkey recked

Dee - that yellow one is --> https://www.amazon.co.uk/Operator-Handbook-Team-OSINT-Reference/dp/B085RR67H5

Needs more

btw @glass nest i buy 2x metal blank card for bank. all is needed to get chip on it. thinking to go in bank and ask if is way to get chip only to insert in engraved blaks

There a couple more, Beerise 😄

Good Evening THM!

oh sheesh

ima grab that

as always esqy is fire

Haha, I thoght you would :p

appreciate u

I would have though the best of 2600 would be a lot thiner

would be helpful to have while i do tryhackme stuff actually

Thats pretty bangin', ralex

cause my brain forgets all the little things sometimes

Weary, you are a cheeky one 😄

yea. and when i show on work... they all want one lol

Weary - It actually quite an intersting 'journey' through hacking over the years

Whole articles on one specific alarm system or elevator system

right chat i wanna get this sqlmap room done before bed time yall remember to be kind to yourself

and esqy u are fire as always ❤️

Good luck!

Nah, I'm just me 🙂

I actually had a subscription, back in the 90s

ie awesome

Weary, I did wonder why you were so elite

Didja spot the blue whistle 😄

no, no, I'm elite in spite of that

Good to see you again, man 🙂

Black Friday, I could finally afford to renew my THM subscription

It is a great deal. 35% is a lot

every year it gets later

to connect to it next time will save for the cahce arp right ?

totally okay if this is wrong place to ask but does sqlmap not come installed in yalls attack boxes?

just hoped into that room and had to install it myself xd

Its a great deal at the full price, but whats better than a great deal, a great deal with 35% off!

does anyone know how can i make my own room?

Yup, Thats my name 😄

but yeah, create a vulnerable VM, upload it.

https://help.tryhackme.com/en/articles/6633511-creating-your-first-room

Then the Room tester crew do their thing

so arp to connect to it to make with ip with mac right who have the ip and will connect to it to device ?

Big fanb of your M&S cake

I've been given that at so many birthdays.

No complaints though!

I got it uncle esqy

When host 1 sends data to host 2 it will first check its ARP table for the MAC address corresponding to target's IP, it will broadcast ARP request to the local network if MAC address isn't in ARP table

haha, I never thought of that, could be worse, imagine if you were named after one of the knock offs

Haha, yeah, at least it's M&S 😄

Its not just Uncle Esqy, its M&S Uncle Esqy!

haha

more like a Lidl Esqy

Or Netto, if you are that old

Terry the Termite

Its scandanavian for value

3p baked beans is value 😄

I was on the dole in my 20s, i shopped at Netto a lot, it was next to the signing on office

It was a lifesaver at one point, thats for sure

When I was in uni, a Lidl opened up nearby. back then it was bliss. Made the student loan stretch waaaaay further

but back then it was also 60p for a litre of petrol

no idea how much petrol was, then or now, my base line is1.25 a pint of stella, but to be fair even then that was ridiculously subsidisded in a student union I was';t even a member of

Yeah, i remember it was £2 a pint of fosters in a regular pub. the SU was insane.

they had an offer - if a uni team won their game that day, they knocked 5p off a pint of snake 'n' black. at one point it was like 45p 😄

That was a messy night

in context i've been paying £6+ a pint earlier this evening

Damn. that would have been 'festival pricing' when I was in Uni

my ups is going crazy beepng

i best make sure its actually the ups not the carbon monoxide alarm

American watchin a euro chat is just fascinating (and led zeppelin, ironically, just came on me radio - no quarter specifically)
petrol gets me every time ... we call the liquid ... gas ... idk how this happened but I go with it 🤷‍♂️

do shodan have some black Friday actions ?

I'm not 100% sure what shodan is?
does this help or no?

The Black Friday $5 sale on the Shodan Membership ends in ~30 minutes: https://itsalmo.st/the-end-of-the-shodan-black-friday...
See what's included:
https://www.shodan.io/store/member

they have lifetime membership from time to time. just rare

Shodan is like Google but for the IoT

You search for servers, and can look for servers running certain things. Like websites, certain protocols etc.

A general thing to do which is fun for people learning what it is is accessing random cameras across the globe with it.

??? Like ... I can "google" printers? for example say, in hospitals?

Maybe not hospitals directly. But you can use shodan to look for results of servers that have an open printer port.

You trying to bust down a print spooler? 👀

Holy shit

...that company operates legally?

Potentially you could find a device in hospitals if you know all hospitals use a certain equipment and that equipment can be identified by it's header. But not saying that is something that happens but that's generally how you would find something so specific.

It's just a crawler

It's not it's fault that you left your administration panel on default configuration open to the www

If you look for vulnerabilities on there you will find a lot of honeypots. Things that look vulnerable but are only there to research what attackers are trying to do in the wild.

^^ exactly my concern

Well, that's what happens hot dog man.

Don't put your sensitive infrastructure to the public internet

I got life time on a blackfriday sale years ago

Says someone that know security ... but the rest of the world ...

frack you =)... i aim for the same, just no luck...

And the FBI in the US hans't "liberated" them ... this ... this is real??

The people putting it there don't know security

You can also get life time with a academic email adress I think, noit sure if they still do that though

It's not that big of a deal really. Not surprising. You yourself could build a crawler to find these websites. So even if shodan didn't exist it's not like it's impossible for you to find the same devices.

nah... no need it so much. just well bi nice to have

yeah i never use it, but nice to have it 🙂

True. Good point.

Man, wait till you actually use shodan to see what it can find. You'll be like woahh

evening

Even with Google you can dork for PHP backdoors, most have the default password set which you can find by downloading the backdoor yourself. Then all of the sudden, you are inside of a backdoor that was used to deface a website.

You'll actually see defacement banners from groups in other countries

And be able to access the functions of the backdoor yourself if the password was left default.

Sure, but I'm not trying to go to jail tho.
18 USC 1030 type shit

I believe shodan can also search for such things. But I know you can look for the specific php files on Google and find that.

Yeah I mean also unauthorized access to computers.

But I'm saying that stuff is there, and not a lot of people know about it. So if you're surprised to see shodan, look at Google dorks. It's the same crazy thing sort of but at a lesser scale than shodan.

Well, prison I should say ... jail is kinda fine .. been there done that not really worried about a simple lock up.

Well don't get locked up at all for computer crime

That's the goal, let's be profesional and do the right thing

By not commiting it the best you can haha. Trust me, I've done bounds of things that if I ever talk to a normal person about it they think I'm going to prison. But like, I've been ethical the whole time 😂 I always make sure my shit doesn't leak and cause outside damage that would get me in legal mud

They just don't understand that. They hear I hacked this or I bypassed this and they're like :0 but not in a way I think people in the industry would be like :0

Honestly industry ppl would be like :| if they're in the know and that's okay, at least they don't think I'm a criminal in the back of their head haha

Good deal, keep on keepin it clean

https://tenor.com/view/cat-hug-angry-birds-catbird-really-meme-no-fake-gif-9980836029424925531

Yeah man use ya whitelists if you got em!!

If you don't, create them!

I do a lot of WiFi hacking so it's def been important. Seeing as I got the big antennas and shit like that could cause neighborhood disruption around hyeah

The airwaves around my house be lit up like XMAS every few days 😂

(pun intended)

@austere isle

ay

what's up people 🙂

man, I'm checking out shodan and as a raw beginner in security it's a bit much for me.
If I had a greater understanding of what was going on, I recognize a lot of the info from earlier labs in the THM courses (which makes me really happy) but ... IDK what i'd do with the info I'm getting ... for now ....

ah, shoot, DM lol brb

What's up fam, all good in here! New to discord and new to THM, hope ur well and good.

Yo, stupid question, how do I put emojis on ppls chats? I'm pretty sure I verified my account...

So like I said you can search it for services.

Services run on ports. One of shodan features is searching for devices via ports.

Interested in seeing how a specific service can be configured? Check out that services port(s).

I don't particularly think shodan is very useful outside of thinking it's kind of cool.

Does anyone have any opposing thoughts? Do you have a use for shodan? If so, what is it?

ay im a bit curious how can i decrypt this? or what is it? WGlmbyB6cHYgdGZmIGIgaHBwZSBucHdmLCBtcHBsIGdwcyBiIGNmdXVmcyBwb2Yu

Looks like base64

i tryed base64 and it dossent really give me anything usefull

try cyberchef magic when no clue

Well I see the letter W right off the bat so it's not hex. Let me check for ya.

bet

It's definitely b64.

Xifo zpv tff b hppe npwf, mppl gps b cfuufs pof.

So you notice how after deciding that string with base64, your output isn't random non Unicode characters?

You got just ASCII/utf 8 in your response. So that actually shows that you decided correctly.

You must now figure out what this text means

It is likely a cipher

bruh

i had founded this base64 encryption online on a random site

Ciphers work by shifting values across an index. This is probably a Caesar cipher or something like that, a really simple way to obfuscate text.

"When you see a good move, look for a better one."

cool

Each letter through the alphabet gets a number, 1-26, and those numbers get an offset. Where you would replace A(1) with C(3) for example. This would be a +2 offset.

base64 and rot13 .. "When you see a good move, look for a better one."

ah already solved, nvm then

u were 30sec too late

sory

Was it rot13?

i used the caesar method

Sorry for blabbing about ciphers then haha

Oh okay, good.

you shift characters

Yeah so it worked out regardless

Hello, I am new. How can I benefit from this application, in your opinion?

So the same thing, but with a specific key haha.

@wide merlin why u have a link to a youtube video in whitch there is a wet bird?

(idk how to spell witch btw)

Doing Caesar you would start at +1 then work your way up. When you got to 13 you would get it with ceasar.

Um

Sorry, pardon?

Ohhh

The shoebill stork

Idk I like the rain and that bird was chillin.

hmmm

chess advice. love it,

You think that site is tryna tell you somethin pal?

lmfao

They're like you may have found this link with our encrypted message, but you didn't find the other link with our API creds >:) 😂

hello

ello

could someone help me crack a code

ye ye

we are the best at code cracking

could you dm me?

just type it here

@polar spoke can you jump on WGlmbyB6cHYgdGZmIGIgaHBwZSBucHdmLCBtcHBsIGdwcyBiIGNmdXVmcyBwb2Yu

geez

ok

(•••) •••-••85

WGlmbyB6cHYgdGZmIGIgaHBwZSBucHdmLCBtcHBsIGdwcyBiIGNmdXVmcyBwb2Yu

I suck but will do my best with the help of the community - and no, I won't DM you

trynna figure out the numbers

"When you see a good move, look for a better one."

nah tf is that

Going along with the encoding challenge you had Infront of you;
Just the other day I was doing a challenge and it had a cookie set to an encrypted value (in b64). I decided it and it was hex. Then you decide that and it's the data you want but backwards haha.

That challenge was fun, working on hacking every challenge in this one site with python only. So fucking with the cookies and shit via python was a tad annoying especially in tandem with reversing the XOR encryption that was originally done in PHP.

i need help cracking a phone number

by my hacker

this is what google gave me

(•••) •••-••85

I'm a go ahead and say that's probably illegal

i need to decrypt that

Yeah bro

so hacking isnt?

sup

No

he hacked my 500 dollar account for something

any words of wisdom on it

We all legally hack here. That's what this platform advocates. A legal way to learn about penetration testing and hacking.

how is it illegal

its with UTF-8 and this is the result @ocean agate (•••) •••-••85

wdym

😂

AY

do you want the answer?

so whats theactual number

thats what cyber chef told me

lol

now u continue

huh

wdyn i continue

sure thing. since i found thm user with that as signature

When you see a good move, look for a better one.

do i have to decrypt it?

oh lol

@polar spoke !? Think we've dm'd before.

👋

What is happening rn lol

idk

@ocean agate https://gchq.github.io/CyberChef/

Yeah bro hey! I just joined this server today. I definitely have you in another. Hashcat!

the best site to decrypt

someone using a lookup service and doesnt want to pay the fee they charge so he gets the censored information

yup, that'd be it lol

facts!

Or hes paid the fee and they just gave him the censored information he could have got for himself, lol

Yeah you're on my friends list lol. I remember where we met. What's funny is I talked about my project to you there which I also shared a bit about here today as well. I don't see too many familiar faces.

Yes and also thinking that we can decrypt it

btw @polar spoke how/where you test to chek what it is or so ?

You asking them how they find out what type of encryption/encoding a string is? I'm asking that cause I was a little confused at first but given the context in guessing this is what you're asking .

I know what kind of obfuscation is at play usually just by looking at the characters.

If I'm not sure I use hashes.com

chicken is known to be first one we annoy when stuck 🙂

Yeah I probably annoyed them a bit saying hi but hey man I don't know many people, I was like hey wait a second

its just base64 -> ROT25

🙂

Listen man you make a dope tool that is pretty standard to be used for our industry, we gonna praise you from time to time haha.

well... chicken is one who is involved on hashcat develop thing or whatever 🙂

Exactly

It's a specific kind of fame you know? It's a well received product

Like I don't see similar kind of fame or admiration coming if I release what I've mentioned here a bit. It's just sorta like oh shit. Not particularly useful in the same sense as a dedicated tool for the trade!

hey

Hi yall

Question

Where should i start to be a hacker?

THM actually has tons of resources to show you how to get started. Remember to stay ethical.

#start-here

hey, welcome! 🙂 i see we have a mutual friend. that's also super cool you were looking at Shodan! that's awesome!

just hover your mouse over the line of text they typed, and there should be a menu that pops up with options

I didn't even know I had friend on here Daniel - that's good to know!! I'm super new to discord (online chat in general, my uncle had a business stolen from in due to online chats in the 90's and I never f'd with it, but I think I have a skillset I can help others on here with and that's what it's about to me - before I ask for favors)

When I hover over lines of text I get nothing 😦

Phone, email, gone through the settings menu several times ... I got nothing ... could it be a web vs app thing?
I don't have the app, just using the website. I'ma try that now tho.

Nope, didn't change anything...
Bet its fkn electron ... js is def riding the short bus....

yep...

ok I can't post imgs either, but ycombinator "confirms"

@cobalt iron

Yessir

yk what's interesting, if you scan a malware signature and 90 percent of the different AV's flag it as malware but there's always like 2 or 3 etc that don't flag it. i wonder if its because what ever that av is for doesn't target those specific signatures or its just not good lol.

50/50 I'd say

I can't make a judgment, I come from web and YC is like a standard there - not saying it's a good one, not saying web ppl are right (their not, usually) but as far as malware ... I can't speak to that and wouldn't know how to confirm is all i'm sayin

or it could be a very brand new antivirus brand but i thought avs have a data base that is constantly being updated with new signatures to flag

Loosin me AceS - I'm Suuuuuuper new to security

ah im just talking about how some antivirus software flags stuff and some dont

To be sure, I have read through the provided link a couple times.
Not saying I'm doing it right or missing something, but I've yet to be able to get further than where I am (nowhere, lol) on emojis and and imgs

that link is to verify your tryhackme account to be able to post images

do you have tryhackme?

or to be exact a account wit htryhackme

I do, currently on the monthly plan (but their black Friday yearly plan has me interested)

yeah so that link that the discord bot sent tells you how to verify

see how in my roles it says 0xOMNI

thats the tryhackme role

you get what ever your thm level is as a role and thus being able to send images

I (am on MacOS) cmd+f 0xOMNI and I get nothing... 0/0

I mean, fair is fair, if I don't have privleges to put emoji or post imgs, it is what it is I guess 🤷‍♂️

did you follow what the link is saying?

When I am learning, sometimes I get very bored and I really don't want to do anything, what do you think is the reason and what should I do?

Hello everybody

that happens, what are you learning at the moment

And I haven't watched any videos for 2-3 days, I don't search for anything from chatgpt, I'm so cold, what do you advise me to do?

Watching a Christmas Classic!

Everything im new

Die Hard!

Network

well that could be your problem

do you like the hacking part or the defending part

Yes, maybe because I think I jump from topic to topic every time and the person whose broadcasts I'm watching is a little bit ahead.

hey AceS

Hacking part

hello sheluv

I did Jr pentest part

I'm new too - and yes, I feel ur pain. Feel free to DM me or talk in open chat, happy to help boost you if you'll boost me! If this is what you want to do, let's get it fam.

so

if i have no premium

what more programs should

i learn

The hacking part is more appealing to me, watching videos sometimes gets boring and I just write and read things on chatgpt

🙏🙏🫡

networking can be very boring for most people. its one of the boring part of cybersecurity unless you like it.

i did all overthewire using cmd prompt

i find it fun but even then it gets boring

I like network

so imma do what you said

what i reccomend batu

The only problem is that I'm working. I've been working for about 4 months without leave, about 12 hours a day.

Maybe about this.

do you have weekends off?

No

Since 4 months

I hope next month

should i learn linux_

?

100

%

ok ty

what have you learned in all

After 12 hours I usually work for 2-3 hours, I use vitamins and Ashwaganda to keep myself fit and I consume 8-10 eggs daily.

I learned

hey Coeus ramone

learned

you just learned?

write to me in private chat

Chef here, 12's are the norm - I want to make it work so I find the time.
You can if you want to - I've got a great woman to support me and kids and grandkids otw. It can me minutes a day, I promis, take copious notes, do ur best to REALLY understand, and if you don't do it again and again. We're not competing for an olympic gold medal here... It's EDUCATION, and that's that you should get out of it.

It has been 2 weeks since I started learning, I have now memorized 20-40 ports, I learned the OSI layers, I learned the difference between HTTP and S, I learned what ssl and tlsin are, what tcp ip layers dhcp mac address physical ip address ipv4 ipv6 ip addresses subnet id subnet mask network id.

idk about you but i think thats progress on its own

hey AceS

whats up

are you a proffesional or begginer

cuz you know a lot

Why? Let's chat here so everyone can help? I'm just a noob and there are ppl here in general with tremendous exp? You can DM me if you want, but I'm much more interrested in the opinions of experienced learners that can help us both.

No offense,
hope I'm making sense to you.

I watched http desync, IDOR, burp suite videos, I looked at the diagram of lan and wan microservices, I learned KONG from API gateways, I read it, I looked at being versatile with a single service.

i mean idk how to answer that question. im definitely not a professional.

I don’t know

Its fine

experienced

like who you are then AceS

how you describe yourself?

(no offense)

For the first time in my life I saw a port for Python web applications, port 5000 is flask Django.

I downloaded and updated Parrot OS, I'm looking at commands in general, but I'm always looking for something off-topic.

First

a cybersecurity lover, want to work in the industry

whats the best terminal

Not always but I hear what ur saying

ok

i love researching stuff

ok

When I'm looking at TCP IP, I'm looking for XSS or CSRF or something else and I don't know if this is healthy.

question

Yes

Whats the best terminal

for hack

especially APT's and different cyber threats

QubesOS

k

I think

wdym?

cuz im using cmd prompt

wdym

how is that not healthy

sheluv wdym

@sand trench well ml4w hyprland thing added fedora installation also

QubesOS is the best for anonymity because it uses tor browser servers and opens a separate task tab for each process, so anonymity and privacy are at the top.

like

every terminal is the same

its the tools

Qubes is completely over the top for 99% of scenarios

im saying whats the best terminal

ok ty

Developed a LOT of python apps in my days ... django/flask, some custom shit...
Ganette loves em'

you can use a ubuntu terminal, pop os terminal, any os terminal to hack

When I am looking at one subject, another subject attracts my attention, so I cannot stay fixed on any subject.

isn't one really, alacritty/kitty are the fastest

staying focus on one subject is what makes it boring

explore

dabble in different stuff until you find something you are passionate about.

for a example i love doing blue team stuff. its my favorite thing and i find it super fun. Everytime i try different stuff i either like it or not

thats natural

I get it, it may seem strange to jump from topic to topic, but I always do this, for example, while memorizing the ports in the OSI layers, I suddenly found myself learning HTTP Desync and parameter pollution attacks.

Lol

like i tried metasploit, it was really fun at first but i dropped it second day doing it

Then ur doing it right! You're interested. And that's what matters.
Hackers, as far as I can tell are curious af about how everything works and fits together.
It's the "fits together" part that I struggle with.

Yes

I may be bored because of the jumping from topic to topic, but for someone who works 12 hours a day, this can sometimes be normal, sometimes 13-14 hours, so it can be an excuse, but yes, sometimes I get very bored, I try all kinds of ways to learn, I believe that I will learn as long as I direct my excitement and dopamine in that direction.

batu have you tried doing challange rooms

Dopamine is the key here because not all people have the same learning ability, some have normal intelligence, some have kinesthetic intelligence, some learn while watching videos, some learn while researching, and some learn only while doing it themselves.

No

I have never tried it, but I will try, but I have no experience yet, so I haven't tried it.

i think you would like challenge rooms. instead of the constant flow of information and boringness. You actually put your skills to the test and figure stuff out

Ni ni everyone

hello shadow

could someone dm me

i need help badly

what is it

thatswhy i said dm

I'm thinking about it and I'm going to lay the necessary foundation for it and continue there because sometimes I spend 2 hours on a very ridiculous subject, but the important thing is that I've solved it, I'm not bored, my brain, my head, my balance, my focus and my dopamine arrow are looking in that direction, so I go to the end and get that thing.

Bro, you dropped ur dropped in earlier ... no one is gonna just do the work for you

im not asking for that

im taking a different approach

You are tho ...

Qubes motto is a reasonably secure OS... Privacy and anonymity is up to you

what is it

i got a account compromised

what type of account

social media?

if so contact support

i tried everything

i needed

a password cracker suggestion

He posted some ... idk looked like he was trying to read a binary as a txt file, thought it was a phone number ... askes ppl to reverse engineer it.

yeah we cant help with that sorry

and then i can do it on my own

notthat

I told you what I know, I'm new, sorry, you're more experienced.

what is a good software to do so

@mossy river knows

@mossy river ?

erm

does hashcat work?

we dont know

oh

@ocean agate what you are asking is illegal.

If you continue to ask here you will be banned.

its my account???

It’s not your service

wdym

account is you have on someones service that is provuided. you do not own server or smth

It doesn’t matter who opened what account, you can’t go around hacking accounts, messing with services or otherwise touching software that you don’t own

I’ve got this thanks 🙏

Gave +1 Rep to @loud marlin (current: #26 - 364)

i made the account

oh sry. was type not notice ...

i have literal proof

It really doesn’t matter if you made the accohnt

What you are doing is against the computer misuse act

fuck that ill do it myself

Good, diy

pls

You’re more than welcome to. Please refrain from asking here or you will be removed

i mean i joined here to ask for helpbut

pretty useless

The rules are very explicit on asking for help with illegal or unethical activity

mhm

idc if i get banned on this server

Yeah, fam, this has to be a ToS violation - please don't engage with this.

Happy to be wrong if someone can site me something I missed btw

Not wrong

like bro

it was a 500 dollar account

and before you move with thing you do. know that here are some police/fbi or so users... thm is company that need follow rules

like i js want a damn suggestion

No. pls stop ... just dude ... ur not here to learn, ur here to do illegal shit ... not what this is about bro.

Can everyone please go and familiarise themselves with the rules, especially the one that says not to interact with rule breakers 🙂

You will be muted if you continue

whatever

another server it is

or the web

hmm

toodles

https://tenor.com/view/deer-ice-gone-jumping-gif-13261777

👋

yeahkys

jabba the hutt

Going to re-read them now - best suggestion ever and thank you

Gave +1 Rep to @mossy river (current: #5 - 1370)

Can everyone report their message for glorifying suicide please

:hammer: iluvmooda#0 has been banned.

[BAN] User left the discord server.

Yes

btw jabb, ever play with meshtastic things or so

I haven’t, James might have

ben ? or

Wait I can’t find the report that is about suicide so I just did vulgarly assaulting

Hello chat

Been a min

My wifi is ended

Just so everyone is aware. I really don’t like throwing the book at people or telling people off. You’re all human and I don’t want anyone to have to feel like they can’t do things without fearing being told off by moderators

But if someone is breaking any of our community rules, ping a moderator and just act like they’re not there.

You are all wonderful people for wanting to help! But sometimes the situation is being handed a certain way and anything you’re likely going to say something I’m going to end up typing. Sometimes people can get upset and I would rather none of you awesome people be at the other end of threats or insults from another member 😓

Thank you very much @crude stump for showing how this is done perfectly, you’re a star 🤩

Gave +1 Rep to @crude stump (current: #65 - 124)

I'd heart this if i could verify my account - still working that out
Thanks Jabba!

Gave +1 Rep to @mossy river (current: #5 - 1371)

I always miss interesting stuff by a minute

You are very welcome

Same ole bs

No problem at all:) shows you have good hearts that you’re all so willing to help

But don’t worry- our moderators are constantly up-to-date on the best ways to deal with and deescalate situations 😎

3 more messages from mod/admin than average

= interesting

I GOT IT!!! I CAN READ!!!

lol, nice

how's everyone doing? i just got back from the store.... needed ... items lol

Hi

Question for the server… hacking generally violates ToS and many laws

perchance

What CAN we discuss about hacking in that respect that doesn’t violate server rules

https://tenor.com/view/discord-image-perms-flex-image-flexx-gif-20201451

as in ethical discuss way

Like suppose I have found compromised networks or accounts and would like to discuss how to ethically navigate this situation

Not saying that’s the case, but what would we talk about ???

if you found you report

even better if is bug bounty

On the top left there is a link that says "server guide" I'd start by reading that

Like multiple times

Yeah I read it, just didn’t see the value of the server if many real situations are off the table and even more hypothetical ones are off the table as well. I just mean what DO you discuss

Went through hundreds of messages and only saw people talking about aliens and pizza

Good!

Of course CYA is a thing so can’t say I don’t understand

Are there side quests or challenges posted on the server? Like community activities?

So, THM is a subscription website, as I suspect you know, and as far as I can tell we discusses the various challenges on said website. When people get stuck on something, here is where they come to get help. Not sure if that answers your question or not, but as far as I can tell, if you are acting in good faith and LEGALLY exploiting systems/orgs that are 100% consenting, or within the guides, I'd assume you're good.

Correct. I’ve only ever “hacked” machines and equipment that I own for fun. Not much of a hacker anyway but thanks for the info. I was looking mostly for challenges and activities to participate in with the community

Sweet! Let's do it - super noob beginner myself, so I'm happy to learn with you and figure out how systems work and can be configured or misconfigured for "exploitation," if you will.

Thanks!!! Looking forward to it

Anyone have exp with VirtualBox on MacOS? Probably missing something obvious, but I keep getting a shell instead of the OS booting. Bing/Google searchers aren't turning up much (well, as far as I can tell ... some forum posts that are similar but not providing a soln or really any meaningful advice.)

you have to use UTM

You should use vmware fusion, the license is cheap and the best for macbook, you need to download the things you will download as arm64 or amd64 if you have a processor with chips like m1-2-3 or 4, arm64, if you have a MacBook using intel, you should choose the amd64 option, I have m3 24gb air.

I seen this one coming from a mile away

Anyways, hope everyone has a good day.

I am so excited for December 1st! 😄

I am just finishing up the complete beginners learning path but I hope I can get some raffle tickets!

hahaha, same

How sic would that defcon pass be? I can have goals right?

just one day for aoc

Never heard of UTM, I'll give that a shot.
Ur saying VirtualBox just won't work on a MacOS host?

Will attempt a debian (the best linux flavor of all time) in the morn.
appreciate you!

im doing the Python for Pentesters module, what is the target machine?

Go to Task 1 and press green "Start machine" button 🙂

Yes i did

he does what now

ethical child hunter

The target machine is what i need

Target machine above is located above Tasks , if you want to start AttackBox scroll up the top of the room and press "Start AttackBox" button 🙂

I wouldd suggest VMware Fusion Pro it's free now and works way better than VirtuaBox (in my opinion)

dang someone beat me too it hahaha

So the target machine is the local machine?

ask in #room-help

hey

yo

Hello

how are you all doing?

forgot it's relatively quiet around this time of the night

Welcome 😄

evening KGB

omg message sent at 04:04

Good evening to you too 😄

haha 404 hacker xD

How you doing KGB

congrats on 0xD GOD

idk how long you've had it for

Thanks , for about 3 years now probably 😄

Gave +1 Rep to @wanton ridge (current: #654 - 7)

Thanks KGB

Gave +1 Rep to @cloud quiver (current: #13 - 610)

what's 0XD?

damn getting close to #10

Hello

it's just their ranking systme

Hello , welcome 😉

so, KGB's a senior?

yea OxD GOD is highest rank on site I believe

I'm not far behind him 0xA right now with 13676

So, these roles get automatically updated in reference to the progress on THM?

but KGB is super helpful idk how he does it I just saw him help like 5 or 6 people at the same time I tried to help one and kinda felt like i was getting in the way lol

Yes 🙂

KGB how many points is required for OxD GOD

20k

damn

how do I kick an adorable cuddle toy (my cat) off my lap

nvm he left of his own accord

yay

No , you aren't getting in the way buddy 😄 . Feel free to chat with us 🙂

python syntax time yippee

anyone got anything on their bucket list?

haha nice thank you, I'm just impressed how you helped all those people at the same time bro

Gave +1 Rep to @cloud quiver (current: #12 - 611)

@cloud quiver if I delete this account and create a new one, then can I verify with my THM discord token again?

uhm

I don't think so

When you delete account , It's permanently gone along with token 🙂

you'd have to make a new THM account, along with a new discord for a completely new token

if I delete my discord account**

each token is unique to that account so

I thnk that you can then 🙂

if it's already been linked, then you'd more than likely need a new THM account

if I delete my discord, won't it get unlinked?

Try to ask here https://discord.com/channels/521382216299839518/521771811768107008 🙂 .

^

Thanks

Gave +1 Rep to @cloud quiver (current: #12 - 613)

what's this?

it doesn't do much I don't think

it's just how many times the person has been thanked

I don't think it actually plays a part in anything

unless there is some role or something

@rapid merlin

didn't actually know that the bot was open source damn

As a total beginner, can I do anything with the Advent event?

Yes , of course . It's very beginner friendly 🙂

@stray cliff Thank you

lol didn't work

This, most, if not all of it should be more than possible to do as a total beginner

I'm excited it should be fun

Yes , all tasks are guided + they have a video walkthrough 🙂

perfect!

It's for learning, it seems.

ah W

not totally a competition.

Yeah , that's the idea . Funny , christmas themed way to start learning cyber security 😄

it's a question per day I believe

or task / day

idk how it's done truthfully

It's a task per day 😄

ah yah

for how much did you get your yearly premium?

I haven't got premium

I'll get it, eventually

I'm currently doing some courses using tcm

got the academy membership?

yea

1 month, I already own the PEH, WPE, LPE & OSINT courses

how?

does it expire

I bought them before the subscription based model

what does Rony?

the courses

for TCM?

how much were they back then?

im hesitant when it comes to buying courses

they seem to expire after awhile

you plan to do PJPT?

$30 per, but I only paid full price for the OSINT course

rest were discounted at like $3

yeah, PJPT & PNPT once I stop being lazy and get a job

Beautiful morning.

gm horrific shrek pfp

how?

Yeah he just got a bad b

upgrade ppl upgrade

Beautiful morning to you too buddy 😄

There was a sale a few years back, June of '22 I believe

How's it going

whoa, such a steal

Thanks for asking , good . How are you 😄

Gave +1 Rep to @sudden bridge (current: #300 - 19)

Im doing amazing. Have to speedrun a research paper.

this was amazing 😭

Glad to hear that 😄 . Have a nice day buddy 🙂

thank you

Gave +1 Rep to @cloud quiver (current: #12 - 614)

this is the first I've ever seen the KGB be thanked, considering the horrors they committed

yeah, it was some veterns day discount I think

emm

idk

do uguys use web based kali on THM ?

I doubt it

some people might have too if their machines can't run it as a VM

it seems that the performance is better than my local VM ..

which is simply unbelievable

when was your kali last updated

ah!

2 years ago

leme try update first

UPDATE IT

wtf

Hello guys

should i get a Raspberry Pi? what would be it's uses for me as a beginner? And which one should I buy?

Hellooo

HELLLLLO

your up early miss stealth

I think

Yeah I’ve got someone over so I’ve not slept

💀

SKULL EMOJIIIIIIIIIIIIIIIII

Hi guys, I having a problem with the OSI dungeon game

What’s everyone been up to

space bar

to enter

Thank you

It's working

Doing TCM's Python 101, then 201 Course

after that, probably touching up my bash knowledge

They have a python path 👀

hm?

I didn’t know

TCM have a 101 & 201 Course

yeah

Oh tcm

it's not that popular

yea

I was so confused

I think THM have a brief section on python

I thought you meant thm

might be wrong though

I’m very tired

yeah it's all good

https://linpeas.sh/

this is funny atp lmao

oh it's owned by hacktricks?

no 😂

it hosted linpeas script but sneaked in a data collection line and it got everyone's attention lately.

so he removed the script and put this

wdym "data collection line"

HWID, IP Logging?

thats why he's saying he could have gotten a backdoor, cuz ppl use this blindly - even though its not official.

just very basic - uname, hostname, kernel, OS.

ah

why does this guy have everything linked as hacktricks 😭

i think linpeas (original) author is a contributor of hacktricks

lmaoo thats funny

the whole lore on linkedin was funny asf 😂

leme look it up

what is your pentesting setup ( VM, LIVE, DUAL,BARE METAL )

I use VM 🙂

VM on m1

I have Debian on a proxmox server I use mostly

I can't wait to tell my friends to download the script from here and then yell at him when he says there's no script lmao

Do you know a good reverse engineering framework for analyzing binaries compiled from Rust?

I use ChatGPT to research and get general information, but as a friend of ours said, the information and details it gives are limited, is there a better artificial intelligence suggestion? My friend suggested Calud, what are your suggestions?
I generally like to read a lot and I search for every title that interests me in the chat.

I would not recommend AI when doing deeper research into topics.

why!?!?!

They are great to gain an overview and to figure out what to look for next, but outside of that (in my personal experience) they tend to be very inaccurate.

I am open to everything, I like reading a lot, reading is more interesting than watching videos.

archwiki

It truely is.

You cannot participate without hacking time first.

I get extremely bored sometimes, but reading something is somehow more attractive than watching a video.

I don't know if it happens with you guys 😅

hacking time?

hm?

Well.

with reading u can also listen to music

its normally just more chill and the information is much deeper than you would get with a video covering the same topic

I think I got exactly the answer I was looking for, thank you. But the sound of the music can be a little mid-level 😅

Gave +1 Rep to @keen light (current: #1576 - 2)

I get more bored from watching videos then from reading.
Also I'm generally faster when reading because it's easier to skip unimportant sections.

Yep

I disagree with this.

It really depends on what video or what text you have available.

%100

true but its very hard for a video to convey all the information without becoming word salad

but there are some really good video reasources out there

Same for text tho.

While reading something, the dopamine level increases, so I'm talking for people who enjoy it, when you listen to music on the one hand and get dopamine from there, the brain seems to work completely in the direction you want, but it can distort the focus in some people, it can vary from person to person.

i guess i just feel like the text is generally higher quiality if you get it from a good source like owasp for web and archwiki for anything linux

Direct documentation / man pages usually don't have that issue, but it is more difficult to find what you are searching for because of the size. At least most of the time.

Text is also a lot easier to produce, so you are likely right about there being more higher quality text. Whahaha.

😅😅

My dopamine level absolutely goes through the roof while reading the newest ISO standards. ;)

hippity hoppity your dot files are now my property

Heh.

My dotfiles are in a private repo.

I think.

ill find a way

my dotfiles are shit so no one will steal them

I usually search for words I don't understand in the chat and the terms in the videos I watch, first of all, one of the most beautiful features of AI and AI is that it associates with 5-10 different subjects while explaining a subject, while learning a subject, you are fishing in 5-10 subjects, like collecting apples of different colors but the same taste from different roots of the same tree.

🙏🙏🫡

I am pretty damn proud of mine, honestly.

But I ain't sharing them.

what DE/WM TERMINAL Emulator do you use

On my latop arch + wayland + hyprland + kitty and on my desktop endeavour os + X11 + awesomewm + kitty.

I will migrate my desktop to wayland in the near future as well.

mines very similar arch + wayland + hyprland + alacritty

Fair.

• gnome utils

Do you guys have any Raspberry pi?

no

Default for hyprland, same here.

someone ate mine

Yes.

A normal one and a Pi Zero.

why is everyone using hyprland lately lol

for the rice

what are it's use-cases as a beginner?

last year it was awesomewm everywhere

Because it simply looks better.

Like, objectively.

im still on old meta, awesomewm :p

I can do everything I do in awesome in hyprland, but better.

probably check it out when i have time

I'm like halfway.

My Laptop runs hyprland, my Desktop runs awesomewm.

Make it a Pi-Hole.

make a sniffer

Or a lil' home-server to host stuff like vaultwarden.

walk to any random cafe and leave it at the corner

I did not want to suggest this because rule 4.

jk

please be ethical

which one should I get?

oh no

Like, for a sniffer specifically?

You should first check whether your laptop supports that already, aircrack-ng is open source and free.

You just need a wifi chip that supports monitor mode.

I actually wish to know what are the varying use-cases of different versions?

Oh, they don't vary that much. Never version usually just have better specs.

I got one with 4GB RAM, which is easily enough for a Pi-Hole.

If I remember correctly you can also get one with 8 GB by now, at which point it basically is a normal computer. xD

my computer is only 8gb 😦

laptop

Just try to get one that has more then one code.

What model you got?

more than one code?

thinkpad t440

*Core, sorry. Typo.

Thinkpad good.

One second.

how do uguys think about the new m4 mac mini?

is it usable for cybersecurity

Here ya go, you can upgrade it. ;)
https://www.youtube.com/watch?v=fOOVzvLqzV8

If you want to, of course.

I do like thinkpads tho, because they are so easy to take apart.

No clue.

the price is lucrative

hardware hacking is the coolest!

Prolly won't ever use a Mac in my life.

But if you can run a Kali Linux VM on it, you will be good.

Likely, at least.

Proficient in Linux?

Very.

But that just came with time.

Don't get me started on how many systems I have wrecked so far. xD

that's how you learn, I and my brother have done it with windows as a child.

I did use Windows for a long time as well.

Switched to Linux a few years back tho, and it's just neater to use for me personally.

Plus I get to save 150 bucks that I don't have to spend on a license. xD

What do you use?

hey

Heyo.

#rules

which distro you use?

Windows as my main, learning Linux for technical use-cases.

where is the vc?

Arch on my Laptop, EndeavourOS on my Desktop.
Will soon fully switch to Arch.

You need to verify for VC.

Fair, makes sense.

what is token

You need an account on TryHackMe for that.

Check out #start-here

thinkad t440 is so customizable ive already swapped keyboard and mousepad gonna do the hinges on the screen sone

happy computer security day

Computer security day?

Thinkpads are great.

Match your active border color to the rest of your pallet, lmao.

this is my config its just the basic hyprland config but its good enough for me

Looks hype otherwise.

^_^

Well, it sort of fits, I suppose.

should i make the color more inline with the rest of pallet

Did you know you can make the border color a gradient?

no

could do blue and red like wallpaper

Mmhmm, I thought the same thing.

ill have a look at the docs

join vc

Literally why.

nothing just chilling

Here ya go:

col.active_border = rgba(f9f5d7ee) rgba(f2e5bcee) 45deg

That's what I have in my config.

You can hardly even tell there's a gradient tho. xD

pretty cool

That looks pretty damn sick!

can anyione help me

With what?

i cannot upgrade my subscription with to early sub

i am getting error code 500

Oof.

Seems like a #site-support thing, potentially?

IDK.

I'd assume it'll resolve itself in a few hours.

yes but i think its india only problem

Server's prolly overloaded right now. xD

Lemme check.

pls help fast only 6 hrs left i dont want to miss this

Works fine on my end.

no i am getting the option as well but when i go to claim it it dosn't work

can i share you a video?

You sure can. I just can't do anything about it, since I am not staff. 😅
500 means there is a server error.

i will send you a video in personel just in case you understand my case