^ Your one and only warning

no, I’m your long lost father who fell on hard times so I had to leave :(

give me your credit card number and the numbers at the back please

Dont worry, ill put protein in it and get the best mark 💪

Hell yeah

It has only 14$

I work cash

better than $0

Without the need for online payments i probably wont have any online money accounts

B.F. Skinner 😄

i thought i was smart, then i tried playing CTF's...

Trust me, we have all been there

you been at the "How can a human being be this stupid?" point?

Yup

I spent a year in cyber and still had problems with certain areas in the field.

my brain is a pinball machine that I try not to tilt

You eventually don't realise how much you have improved because things become second nature.
That imposter syndrome feeling always exists though, especially because you'll encounter new techniques. Cyber is massive and while you will get better and understanding topics, there is still a learning curve for each new area of cyber where you will start from beginner and work your way up.

see also https://en.wikipedia.org/wiki/Four_stages_of_competence

Take me for example. I've been in Cyber actively for 5 years. It's now 7am, I've been up all night because even though I wrote it down, I missed something in my malware analysis which resulted in me having to redo my whole assignment. It happens. I feel stupid and tired but now I've learned. And honestly, it feels great because nobody told me where I went wrong, I figured it out.

Take me for example
I shall.

Sometimes it's good to have some perspective. When it comes to something like a CTF - from step one - when you first perform a scan, or you first start enumerating, you have already done something the vast majority of people never will in their entire lives.

and tired, I wondered if that screenshot click might have been related to that

:0 ❤️

I have a feeling that I would have probably done that regardless 😆

that's fair

Jbabsa, is there a new level above legend?

Not that I know of, why?

What's Cyber Crusader from?

It's the event level

If you claimed it after the event roles had been removed, you get stuck with it until the next event :p

Like that one with the swords that one time?

Yes!

SO many complaints lmao

We do remove it now but the rewards page doesn't get refreshed, meaning you can claim it post event and your level will update.

Yesterday i tried a pwnable website to check my skills, when i joined i thought "Meh, this is gonna be easy, wont take too much time", clicked the button play and chose the easy mode. First machine - i needed to find the password from a C language code. Took me 40 minutes to realize that i somehow lost like 70% of my IQ so i went to watch a youtube walkthrough. It was like a horror movie to me. Hex codes, decimals, C language, hex collisions...

It's the little things, eh?

Always (I'm also little)

Tru bestie

obfuscation can be impressive with the C language

✋ 🕵️ 🤚

absolute convolution

It happens, don't beat yourself up over it. Use it as a learning experience.
I don't mind looking at write-ups or walkthroughs, if you're doing it right, it really helps.

i hate hex stuff

If you ain't getting challenged, you ain't learning right

🕊️

Just because we've learned one skill doesn't effectively mean we've learned another. Cyber Security is a couple thousand different skills all tied up into one very ill-fitting trenchcoat. You might fully understand one thing and be lost in another, running into an obstacle only means that there's still more to learn.

Omg it's a Varg.

A wild one!

Is that a pokemon

variable arguments?

How pfp is.

You actually popped up in a conversation a few weeks ago,

I thought you were Scandinavian, but your Aus?

Is your parents?

Mother is Norwegian.

Born here in Aus.

😄

What ya been up to since THM?

Working, traveling, building stuff for the online store, digital art stuff more recently.

Was making some pokemon wallpapers with realistic texturing.

What about the Scrubzm8?

Always happens

Step 1. im excited i cant wait for the machine to start

Step 2. Isnt that supposed to work like this why it dosent

Step 3. Ive done everything, im sure i didnt miss anything out *with a little bit of furstraition *

Step 4. *sneaks at a write up * oooo how did i miss such thing 🙂

Morning

Morning

Morning

I think while you're learning it's okay. You pick up how you can do something and eventually you stop peeking at write ups

I hope

Morning stealth

where can i read about exploits and Vulnerabilities

for web application

Google

OWASP has a good one

https://owasp.org/www-project-juice-shop/

I hope so

That's what I tell myself anyway 😅

Tryhackme, portswigger, owasp top ten, owasp wstg

Is that something like DVWA ?

yes

Eh,. living and uni, whilst having they quiet family life,

Quiet is good.

Quiet is very good.

Maybe I am too quiet 🤔

Beeeeeeeeee

Yes yes you are

hiii!!!!!

Hei

:

Hi 👋
Could someone help me with some advice regarding Kali best practices? I'm considering switching to kali, have a little xp with Ubuntu in vm,but before that just wanted to ask for advice :) tips & tricks for personal use. Thanks :)

Kali isn't usually recommended to install on bare metal, usually just have a vm for it

i personally dont use kali i just bang a lot of tools into my main linux distro, but i guess the main thing is to continue using Windows / Ubuntu and use Kali in a VM so if you break it, you can just reinstall it easily 🙂

treat it like ephermeral

and also use an install script like install.sh so if you install custom software, in the event kali breaks you can just copy and paste the script and it'll work again to how you like it to

ignore my 0x1 role btw that was forced on me against my will

Thanks :) really appreciated

Gave +1 Rep to @boreal gull (current: #84 - 88)

Nah you are just noob :p

For the last 1 year, I am using Kali on bare metal, it's a gradual learning curve

That your daily driver or just for CTF stuff?

/Work lol

server OS

Daily Driver

Wild

Honestly I wouldn’t recommend running any pentesting OS on bare metal

It’s bad practice and unsafe

Was thinking of doing the same, if I break it I'll learn from my mistakes.. hopefully 😅

I wish i had pancake mix😔

Eggs, flour, milk

Do you have those? 😁

Idk if i have flour

And no eggs

drink milk

Im gonna get pancake mix today

Wait i do have eggs

why exactly is unsafe 👽

Mmm now I want waffles!

https://tenor.com/view/gir-aww-man-invader-zim-gif-25625508

https://www.youtube.com/watch?v=vX3gxtuup5E

Invader Zim forever!

Is now mine. I stole your PC

A) Even if you're completing CTFs, you're knowingly interacting with services that you potentially share instances with other users
B) You are likely to modify your system which can result in making your system vulnerable, such as opening ports
C) Download potentially unsafe software or download exploits from the internet. If you run these on your system, you can lose your system. Furthermore, if someone accesses your system, they can use binaries or other exploits you have left behind to privilege escalate
D) You do not have snapshots. If anything happens, you cannot isolate it or revert to an earlier point.

Why waste your time constantly having to reinstall your system when it is bad practice anyway? It's better to become familiar with virtualisation environments because if you work in the industry, you are likely to be using them regardless.

Run Linux as your host as much as you want, but if you're pentesting, use a VM.
You can still have that daily driving experience but you are practicing good cyber hygeine.

Always wear gloves when you're working with germs

Or dealing with seized devices.

I almost got hooked into buying one of those mini tower setups with Kali preinstalled on it but I learned my lesson about how much better virtualisation is before I made a poor decision

Snapshots make it so much easier to get back to a stock image.

Especially after you've set it up with tools you might place yourself.

petition to make this the default wallpaper

On the attackbox?

noooo, the current wallpaper is nice.

April Fool's maybe?

come on that wallpaper is gud

Setting up a stable snapshot after I've installed some additional tools from default has helped me a few times already, would definitely recommend

well thank you :)

Gave +1 Rep to @mossy river (current: #6 - 1431)

Trying to install Katana on kali linux, but the whole GO installation with $PATH is making me crazy. Is it in .bashrc or in .zshrc I need to add a export PATH="$PATH:/home/kali/go/bin"? guides are telling be different things

Any wizards with CVs/linkedin here?

If you wish advice, post a redacted version of your CV in #cyber-and-careers

Is there a promo channel😈

No 😄

You can post videos or posts that are of TryHackMe content in #thm-community-media

In most distros ~/.bashrc is usually the right place for setting up a permanent export path, but I am not an expert.

Done

😢😢

TryHackMe media, not memes 😄

But it had the thm logo

It's still not social media, or of TryHackMe content 😆

😔

Is there a channel to ask question about specific tools(like katana, subfinder etc.)

Here or #infosec-general

;-; can't sleep

That's no good

morning

Mornin

Hello

what a professor

A question in the exam was

I forgot the syntax

Tcp's connection is: (smthing like this)

A. Process to process

B c d dont make sense

mornin

E. End to end

Process to process is the same as end to end bruh

someone just requested to get slack AI

Dark times truly

I won a headphone from the Advent of Cyber event, but unfortunately, there is no shipment available to my country, Nepal. I have already emailed the support team about this issue, but I haven’t received any response from them, even though it’s been a week. Can anyone help me with this?

support may respond a bit slower due to the amount of emails they get because of AoC

Ok ✅

Did you get your score straight away?

oh no

Nope

Probably in 2 weeks

Btw i did good i hope

Fingers crossed it goes well

Congrats, btw

Hi I'm new here 👋🏼

Greetings

Hello

Hi new here 👋 I'm scrubz

@pliant onyx thanks buddy but I don’t think i am goona get it 😶

Gave +1 Rep to @pliant onyx (current: #884 - 5)

Even if you don't get this, you are good enough to get things in the future

You'll get better things
Plus the THM team hasn't decidedly told you you aren't getting this

So there's still hope!

Working For it Hope I would

time to put on a movie and just streamline fixing stuff

Me with YouTube videos

Or Music

I have to fix like 30 routers

Oh how fun. What movie did you put on?

non yet, got a meeting in 15 minutes and then lunch after, so can't really start a movie

Glad I don't have to

well as no sleep and therefor not in bed means it is buldak noodles time again

noodle time sounds good to be honest

yeah gonna wait about 30 mins more before going to the store and buying some

I always seen buldak noodles at the store, I have yet to purchase some. I did how ever have some shin noodles earlier.

buldak is pretty good

I’ll pick some up then!

Mie goreng and sedaap is also really really good

I don’t think I’ve seen them, I’ll will look for them.

I had a question

in obsidian, should I have another folder for short notes or summarized notes? I'm already making full notes so I think it makes more sense to summarize them but short notes are kinda partial according to topics

currently it looks like this

Depends on what you prefer most. Everyone has different things

I organize things by task/objective first and foremost, and have separate sections for in depth guides on individual tools

could you show me your folder organization for reference?

Uhhh I've got an old screenshot somewhere around, sure

My Obi vault isn't on this PC lmao gimme a sec

no worries, I can wait

Semi-recent

Ugh, this impacket script I am playing with is driving me nuts

oh no, how so?

It's the impacket-owneredit script

its just being a pain in my ass

guess you have to wrench it together

Looks similar to mine with just topics as the head folders instead whereas mine has a common headfolder for topics, what plugins do you use? I followed a two year old video guide for it so maybe it's more efficient now

I have all the info I need I pulled from bloodhound and its being a jerk :(

Yup

read that impacket command like it was saying it is hacking reddit and got concerned

I had some kimchi noodles earlier, I cooked meat and mushrooms to add too

impacket-pwnreddit

Oh shit wb @rapid merlin

next time shadow is gonna use impacket they will most likely just use docker

Pretty much. Everything is divested, for the most part, into each phase of the Kill Chain for easy access. There's a larger section on the bottom that acts as a directory, and then useful stuff like lab setup and hardware near the top. I haven't really gotten into using plugins though, vanilla Obsidian has been pretty good to me.

Hello, I got compromised

I might take a nap

Oh shit :/

Ok dude, let me know if you need anything later when you get up. Rest easy.

Thank you

when even the people like missstealth get compromised it starts to be spooky

https://tenor.com/view/spookying-intensifies-gif-20204037

If there is anything in my career I have learned, is nobody is above rng

getting scammed a total of 20+ times on runescape has probably made it harder to scam shadow

Sorry shadow

I was a menance in that game

I would PK and rob people all day

badum tss

Any game where it is allowed

If there is PVP I am going to PVP and if I can scam/rob "ethically" within the bounds of the game I will

Unless we are friends. I wouldn't knowingly do that to you shadow

pk in the wilderness was okay
scamming people while trading or mostly unknown game mechanics on the other hand has not been allowed

Yea when it breaks the bounds of whats allowed in game I wont do it

learnt a lot of valuable stuff from getting scammed often though and reporting people

but if I say come trade me in the wilderness and I PK you a lot of noobies would think thats scamming

thats just a life lesson

dont follow strangers in the woods

yeah

So it's an approach like writing experiments, interesting, Prerequisites > Content > Conclusion, seems pretty efficient, I might have to integrate it in my sub-head-topic folders, I think I might add summaries to recall stuff if I'm in a pinch or have to revise something, is vanilla obsidian a plugin?

Pretty much! Since hacking is usually a pretty step-by-step process where you're operating within a certain "phase" at any one time it ends up being pretty effective over having to remember exactly what every individual tool does. And no, "vanilla," in nomenclature, essentially means unmodified/unchanged. Like Vanilla Minecraft is Minecraft without any mods, as an example.

Gaww I might have missed it, but did you consider going for that box on htb or nah?

do you have lets say cheatsheet for some popular tools or do you remember commands

Nah not this time, got a lot of other stuff I'm working on

fun fact of the day:
you can add files to be stored and encrypted into your keepassxc database

I used to have a lot of cheat sheets and I have remembered a lot of commands as well. I still reference docs if I need to and only keep cheat sheets of new things I’m learning.

Typically and I know this is lazy if I’m doing a box I’ll keep a cheat sheet that is just a basic text pad of things I was doing and did and the exact syntax and chain of thought so I can come back to it later.

In each section I've written there's some basic-use cheatsheets. For example if I'm in the process of enumerating and I've discovered an SNMP server, or telnet, or whatever it is, I can go to the "scanning and enumeration" section of my obsidian vault and look for resources that can enumerate those services, and there's some basic command syntax/guides written in it.

I’m a messy hacker :(

That's the approach I use too, step by step organizing notes and linking them to the parent ones from which they're derived, so I think, I'm good at that part, just that now I have to integrate the prerequisites and the conclusions for each of the topics.
Ah, I see, thanks for enlightening me on the meaning.

Gave +1 Rep to @mellow gull (current: #142 - 54)

My notes are often scattered but there is a system in the chaos the only time I get organized is for certs

i was thinking about doing something similar, might download hacktricks locally, for now i only wrote down like few ffuf commands and some rev shell payloads

Vanilla minecraft is how i understood what vanilla means

Mmm that sounds delicious!

It's proven to be really helpful. My memory isn't great but I am able to write, like, an absolute ton; so I divest my talents where I can.

Vanilla ice cream is, pretty much, icecream

not only memory issue but its a lot easier to access when you have it all in one place

Hmm passive ice cream ?

that would imply existence of active ice cream

Yes

Yeah I learned my lesson pretty early on about avoiding scattered notes. My brain is scattered enough as is, if I can effectively categorize my notetaking then I'm helping my future self

Active ice cream has tastes, biscuits and more stuff

It does more than being an 'ice cream'

right now i have something like this

but i have dedicated directory for each machine i did

Did u do oscp ?

That's not the worst way to do things. Everyone has a method that works well for them, after all.

no this is just cheat sheet i yanked from the github

For me and my scattered notes I don’t mind but my memory is on point and that’s where I keep a bunch of my info. I access my memories like files on a computer and have my own file system so to speak so I can query myself pretty effectively and visualize well.

Notes for me are an interim stage of memory and considered a step in my long term memory. They become useless to me after a while for the most part.

Nice

i plan to in the near future tho

that or CPTS

Ive a lot of notes but i rarely reach any because i remember the notes itself while im typing ut

might go with cpts since its cheaper

Im already down to cpts

Better to get a company to pay for OSCP

Same reason

Could always go eJPT first if you felt inclined to do so

Also cpts is respectable

It’s respectable to us, not to HR just yet unfortunately

At the end of the day, knowledge wins and any cert that gets u a comfortable job works

Mainly because it isn’t monitored like OSCP

The cert that gets the work is the best one

The way I have been approaching boxes for a while is vastly different than how I would approach them in the real world and my methodology changes considerably. It’s a lot like competitive programming vs software engineering

it also depends which certs are recognised by employers in your country

With one speed is key and you throw caution to the wind. The other you have to be more methodical

smashes -T 5 rapidly

hello

-T4 is the best

Hey

wassup

Hi

hi

Howdy

I tend to be more methodical
even when doing ctfs I rarely go -T5 lol

I’m seriously banging my head against the wall with this box right now I can’t believe it’s challenging me like this and it’s an “easy” box

Already had to chide Malarum a while back for rushing port discovery a little too quickly

t5 is fastest or slowest?

i forgot

Already 3 exploits in and 3 shells in with 3 accounts compromised

💀

fastest

speed

yea

fastest, with -T5 you'll be spamming a server with a ton of requests

-T5 is fast to the point that you're missing stuff by virtue of your hostility

I just go rustscan

hiigood morning

o

Sometimes speed is great to practice for the simple fact sometimes you have to go fast.

true

There are situations where it is indeed key

rustscan -a IP -- -A

yeah for sure.

are nmap scans illegal without permissions

No

Yes

They can be in some countries

But they are discouraged

Passive scanning isn’t illegal as it is akin to normal traffic

If you go fast with your scan it can be considered hostile

But it’s highly discouraged to do it regardless

It's pretty good to assume "shouldn't do it"

Unless ethically in an engagement or a controlled environment like a ctf

with some servers fast scans can trigger their dos protection.

Its more like guidelines than rules

Yup, then you get the good ole blacklist

Basically it can and will cause problems for you not maybe, but eventually

To my knowledge an nmap scan isn’t considered illegal in any country

France, actually

Once i couldnt resist and i scanned my uni website

That's the only one I know where an nmap scan alone will get you demolished

It was pretty vulnerable

Without proper authorization I assume being key

Yeah, of course

That’s wild France don’t play

They have a whole "trying every key to a door you know you shouldn't open" thing about it

did u report it? lol

on my uni some student reported critical vulnerability and got suspended

Nope

The PoC was even avaliable on github

Yeah

Cuz the scan itself most likely illegal

I mean they should be grateful

Goverment ? No

most of them run outdated software from 10 years ago

Also ISPs generally kinda waggle their fingers a bit if they notice you doing weird stuff on their networks, portscanning being one of them

the uni

im doing a ctf and it adds an 128-AES key to the url, fun lol

Always good to be careful

Its running a 2004 apache http server

Not even https

When I was in college in like 2007 they were going over wireshark with us. I started sniffing our schools network and back then there were a ton of things that didn’t use https fully or hell anything. I called my teacher over and was like “like this?” And he saw what I was looking at and I could see teachers logging in, reports, all kinds of shit. He was not amused and I almost got kicked out because of it. They had to write a new policy because of it.

Bruuuuh

I thought it was hilarious

i am convinced colleges are scared of using up to date software

Man don't teach kids about a cool network capture tool and expect them not to test it out

Because its more expensive ?

I think its more like afraid things will break or teachers not knowing how to use it

Sometimes shifting to modern architecture can destroy legacy systems they're relying on for some random database that'll annihilate the school if it goes down for more than 0.2 nanoseconds

is it expensive to do sudo apt update or download newer version of ubunut for vm

I feel like that when I learn a new tool and im not a kid lol
So I have to seek out ctfs to play around with it all.

or just plain lazyness

until last year we used ubuntu 16.04 or something on our school vms

Oh yeah its linux

I forgot that for sec

they just recently switched to 22.04

Exactly! I learned about a tool that converts files into DNS queries and then reconverts them back into true files the other day and - like -
How can you not expect me to try playing with it?

Then when will someone use the tools

curiosity killed the cat

But only if the cat was observed

I had to hold back trying out a ddos tool I found one time

Haram

Also rustscan -a IP --ulimit 15000 -- -A

That is if you want to announce your arrival on the server

oh that sounds like fun xD
today I've been learning sqlmap and got excited lol

Yawn, I've done too many THMs today

Tired now

I remember back in the day a bunch of budding “hacktivsist” all downloaded LOIC on “anons” word and would be part of a mission. This was from a 4chan post mind you with links (shudders) It was a RAT and hella people got owned but it was even more funny because Leo’s were also ratting the downloads and hella people got partv&ed

Oh those were the days

I remember that.

Like it’s sad because well you know but I can’t help but look back and laugh

That is a DDOS tool right?

Anon used to be such a big culture icon, really inspired all the modern day voice changing mask wearing spuds

i slowed down a lot since new year, i was getting burnt out, nowadays i mostly do a room or two per day

Yea there was a real one that circulated for a while but it quickly was out circulated by fakes that had malware

yeah it was posted on the IRC

The new fad is getting AIs to self destruct

How does that work? 🙂

and posting tiktoks where you're using nmap with phonk music playing.

yup

My favorite

I had slowed down as well, all I do nowadays is maintain my streak and learn something new

I heard tiktok has 4 days left

except elon buys it 😉

yeah china wants elon to buy tiktok

just read in the news there are apparently talks

I can't really explain this without skirting the rules, but basically getting the AI to input destructive commands into its own terminal.

Is the essential concept

i will be grinding until i get top 10 in my country and i am retiring

I believe theres a day in aoc abt that

Anything for that screenshot baby

It's so resiliant in architecture it only destroys the instance though

It is funny to see it implode however

I’ll be grinding until I get higher than you then

i need to grind 25k points more

Monthly or all time?

Ah all time got it

Unfortunately yeah kubing or docking or whatever instancing they do makes it difficult to deal lasting damage but it's really funny to watch

i am 8th on monthly rn since i didnt do much ctfs

considering how the tech world is in love with AI at the moment, I might consider learning how to find vulnerabilities in AI systems.

mostly doing paths rn

I need to grind <points to 0xD> + 25k then

thats the spirit

to be fair, I am looking at some of the people that are in top positions on leaderboards and I roll my eyes, I am slowly griding rank because why not but it feels meaningless when I see someone come out of nowhere and stack 9.8k points across 3 days

and I'm just like yea ok dude

Some of these people are gonna be ahead forever, too

My main purpose of grinding is to get the skills required for a bug bounty

Like I ain't beating 0day, sorry

bro has 5k points frist day after leaderboard reset

to me points and levels dont matter, im here to learn more than anything.

If I don't complete at least 1 bug bounty this year, I will gift a rando Discord Nitro

Oh yeah that man has way too many hours at this

When you look at the rooms often you will see people that were obviously given the answers for first blood like as soon as the room release it they answer all questions with 30s inbetween them and its a brand new room

Even rustscan says, "0day was here :)"

it perma takes up the first blood spot

That's a flex

I think thats kind of lame

Some people just got nothing better to do

That's why I don't bother with it so much

chasing the clout

theres also a lot of super advanced users/professionals who use thm as well.

I don't see meaning at doing it first, just doing it fastest maybe

For now, I'm at a point where I want to do something completely on my own

Something = a tough room

It's not even that they are so skilled and have nothing better to do its flat out cheating the system. It's not humaly possible to get first blood that quick blind in 30s

I require a hint or two even in some easy rooms rn 😅

and not just once but over and over again

hm no

I mean some of these guys have clears that are faster than the VMs loading

isn't that the whole point in hacking tho, to cheat a system

exactly

does thm staffs not do anything abt these?

Lmao

reminds me of Mr.Robot ctf scene

Some of them are THM staff lol, but to be fair I give them a pass because well, they own the environment

This year's Advent of Code leaderboard was poisoned with LLMs

Are THM rooms also suffering due to bad LLM use?

Hints are good to have, because the tasks often want you to do something in a particular way

the thing is the board and its points are really that competive though because of that and I think thats a shame

and I say what I say meaning no dissrespect to THM staff

True, they help me not go into a rabbit hole, or help me not search through things when I'm on the right track and just skip the searching

Thats why I like HTB's ranked seasons

Which I highly appreciate

saved me time and braincells

ranked ctf

I mean personally idt staffs should be allowed to do the rooms they work on, at least not for first blood points

Agreed on this part

@safe canopy you good? huge respect for the time you are spending on eraser.

actually, it bothers me that THM set rules for rooms, what requirements they have to be considered easy/medium/hard/insane .. however the past months, they dont fullfill the requirements anymore and just pass QA .. when you check on easy rooms from the past years and then today, its quite clear that medium back then, is easy now. i dont think that THM is actually doing a smart move in here, when "easy" only leads to frustration to new users. link as ref https://help.tryhackme.com/en/articles/6633511-creating-your-first-room

I do think there's a pretty noticeable overlay between easy and medium rooms - hell, I've seen a few easy rooms that objectively are closer to medium/hard

sidequests were easier than some easy rooms lol

I think some of the easy rooms aren’t easy at all

I think people come to learn, and thats ok, its a newby friendly place, but if you take your rank serious and are competitve and want to push yourself, go HTB, many of their "Easy" boxes would be considered hard to insane by the standards here.

And I have also noticed the same doing some of the older boxes on THM, some of them were legit brain teasers

what I do like about THM boxes is the creativity in the themes and the whole vibe

definitely, some are quite hard.

many of them are pretty neat

I very much so enjoyed the year of X rooms

they need a new category "trickshot" where you just dont need common sense but only need to know the most weird tricks ever to pass a room xD

Where THM thrives is in showcasing really creative processes and methods

yeah htb are NOT beginner friendly at all, I tried them once then gave up and never touch it again. I'll prob go back after I learned some skills

yea htb easy is rather thm medium/hard

Whereas HTB definitely stems more from stabbing you in the chest until you're bleeding and then dropping a 500 page manual about stitching yourself back up at your feet

also room difficulty on htb is just community rating of that room, no?

understandable, I think HTB aims for more realistic scenarios and chains of events vs THM which is more so trying to teach you to "think" like a hacker, use logic, solve puzzles, have fun.

you are so accurate with this that i smiled reading it

lol

No they are set by

not sure abt that one

they are set by HTB

they gauge it based of techniques required that fall in line with their "tiers"

the more advanced knowledge is in higher tiers, and if a box requires that and its prerequisite it will have a higher difficulty

yes. it starts with a rating but then upon release the community feedback changes the rating

with that being said, its often I see a lower tiered box requiring higher tiered knowledge

yo @cloud quiver you there

there should be like a universally agreed upon guide for difficulty across all websites/ctfs

My only gripe with HTB is that they sell esport-style team jerseys and therefore I can't respect them

It's too subjective if you leave it open to community it will always vary and fluctuate

some people think X is easy and others think its very difficult

I'm going to have to buy one now so I can be a cringe lord

I don't like hostile their users can be towards THM users

i gotta read through how to create a room for thm, i have something in mind to combine riddles and hacking, so like a story thing as in the room mother

they think their shit dont stink

and also, if you spend a lot of time in their community the amount of script kiddies and beggers who don't know shit is high

they all just beg "come on bro, give me RCE". "ok bro I will give hint pm me", "I got the system flag lol ez"

n00dles time

like wtf

Don't forget your hak5 beanie and MyHackerTech backpack with linux/terminal enamel pins

See thats why I like THM rooms

its that creativity right there

also their discord link in the website is not updated, I wanted to join but oh well

well, htb is "hacker cool" .. im on the discord but rarely talk there, for my taste a way too toxic there

It's toxic as hell over there I will be real

HTB's community is rough

join the kali discord

im too old for comparing virtual p .. sizes

are there more skids here or over there at htb

the defcon discord has been nice to shadow

There

HTB is where all the hardcore wannabes go

I think that is also subjective to interpretation but I feel like via observation over there

by the simple fact their community is bigger

I have met some people here that I respect and I can tell know their shit

kali has one??

when you know your shit, you can spot people that don't real quick

and its like every other person over there

They do actually yea

it can be pretty hostile, BUT

dont tell me windows has one too

there are people that will help you and like to do so

soooo does shadow know their poop????

Microsoft has one yea and I actually got full blown into it with some power tripping mods over there

I'm trying to create a payload using msf venom and it says command not found What am I missing

think reddit mods on steroids

in metasploit room

and its filled with a bunch of people that wouldn't know a sysinternal if it slapped them in the face

#room-help

there is only one right answer to this

👍

i would love to conduct a research on how does one become power tripping discord mod

Yea that would be over there, but its likely you dont have it installed or are typing the command wrong

btw htb discord has just 10k more members than thm

all script kiddies I tell you

lol jk

but it feels that way

I used to be one (LOL) so I can answer this question.
Much like The Mask, it's a state of being that eventually subsumes your consciousness and overwrites your previous traits.

Apply same logic to reddit mods.

I don't think I ever powertripped on anything I ever modded

I have always been chill and laid back and only handled actual issues

I dont pretend I know my stuff, I know enough considering when I started to do a lot of research.

nowadays I wouldn't moderate shit unless I got paid good money for it

I got powertrippy kind of as a consequence of being relied on for everything

Need a new rule list? Need someone banned? Need someone interviewed for mod status? etc etc, kind of got handed off to me

It was either ego trip or psychotic break

Why not both?

🤔

True!

absolute power corrupts absolutely

Ironically I hated it the entire time

I hated being a mod on anything, God

well, its worse when you have a dispute among members and both are like "he/she goes or i go" and you are sitting in the middle, knowing both are valueable

good morning guys~~~

morning

Mornin

time to do some rooms

morning

Is this the secret to all problems, "having" to do something is not as amusing anymore

Hi buddy , what's up 🙂

yo the great kgb

i was talking about u last night

;-; the noodles are all gone

all good i promise

Noooooooo

shadow ate them all

Oh

Not noooo?

Kinda noooo?

Well thank you for that 😄

Gave +1 Rep to @upper knoll (current: #639 - 8)

ima go make fish pie soon icl

yeah want more noodles

Kinda nooooOOOO

your welcome you are the person i think of when im stuck

noodles absorber

i know if your online problems i find will get solved

how did you get muted, @sand trench ?

noodles are shadows favourite type carbohyderate giving food

considering how much asian food i enjoy i dont eat much noodle

this weekend??? well kinda escalated or made a situation worse then it needed to be

they didnt really exist growing up i grew on pasta

ohh, i just saw the mute and was like "woa dafuq???"

lapse of judgement on shadows part as they were tired and tried to explain how something was kinda rude

There was a peculiar "customer" that mistook Shadow for an employee

i.e shadow has regrets it went that far and think the mute was extremely justified

aw, guess shadow was still polite enough

It was a bit much at the time, really caustic situation overall

we still appreciate seeing shadow!

my understanding of escalating requires lotta *** words xD

same

noodles are the best carbs

I can't connect to tryhackme servers can someone help me?

Gaww would perish without noodles

what u trying to connect with lad?

I dont actually know what the * are supposed to be

curse words

I assume

words you wouldnt write or say in front of a kid or your mom ^^

Does anyone know if and where you can get gns3 networks for training pentesting

hmmmmmm should shadow eat some candy now or save it for later
descissions decissions decissions

ik but idk which curse word

Any curse word.

https://www.gns3.com/software/download

american version of arsehole fits into 3 letters

ah that one

what kind of candy does shadow have available?

Then o gave to setup the metwork my self

Wdym 🙂 ?

But I stuggle adding multiple computer or setting up the network environment my self

moastly foam banana
some french nougat
some regular nougat

Is anyone here a backend developer?

thats what vms are for right?

foam banana sounds wonderful

You can download pre-configured network from somebody else

Hey guys, hope you are all good

Yeh but where?

google

llearning this stuff is always good but if u want to be spoon fed u wont get anywhere

do you want an AD network to try your hacking skills on??? shadow has a few saved in tabs on firefox they could grab

learn to research and help yourself

https://github.com/Orange-Cyberdefense/GOAD/blob/main/README.md

https://www.gns3.com/marketplace/labs

yall are so friendly xd

wait what is gns3????

Network simulator software , similar thing to CISCO Packet Tracer only much less buggy imo 🙂

ah

cisco packet tracer is terrible because it only supports light theme

blinding shadows poor eyes forever

Then GNS will be great choice for you , I think it has those dark themes 😄

@boreal scarab
bite me 🙂

sitting here waiting for shadows new blu ray burner

dark themes are an invention equivalent to fire for me

monochrome books are cool

for those that don't know: https://www.monochromebooks.com/

shadow got the dorian grey one to give to their mom for christmas present

hmmmm maybe shadow should try and port this to catppuccin: https://github.com/vial-kb/vial-gui/blob/main/src/main/python/themes.py

https://tenor.com/view/hello-world-seytonic-coding-hello-gif-10598764531210485569

verify to send gifs

wow those look amazing

they are more of a collectors item book then a normal everyday book

and yeah they are nice

the feel is premium and they look really really goood

what book does shadow want in a monochrome version?

a collection of h.p. lovecraft novels in a monochrome book version or alternatively dracula in monochrome version is what shadow is wishing for

nice great choice

need to do web application pentest

help me with all the possible tools n other thinga

Which web application, and what scope

for soc

I had another sleepless night😢😢

dont u do drugs

No

ahh man

Really weird way of not answering my question. What web application, and what scope?

https://tenor.com/view/bunny-wth-confused-huh-what-gif-17289999

sorry i said already for soc

Exam 1 down, 1 to go.

Security Operations Center

Best of luck to you, hope for good scores.

Yeee! What exam was it and what's next?

Malware Theory.

Next up is Malware practical.

Easy for you, mate.

web applicationd

you want to pentest for soc .. im heavily confused .. perhaps rephrase the question again.. otherwise id say you just follow along the web app paths on thm and just write down which tools are used e.g. burp / zap / etc pp

morning baby

idk there are a lot of tools, but I think you should know them if you follow the learning path

i do know n i hava a list already

but need more of it

morning

burp
owasp
zenmap
nicto
wikto
nessus
fortify

Ohayō

wireshk

I've got an app I cant use

Okay, you still haven't told us what room/web app you want to... soc for.

bro tools dont matter if you dont know how to use em

and soc's dont do pentest btw

socks

there will be 2 machines which well be getting and we need to find out as much vul as we can

Oh, I'm definitely not helping you then.

ah so this is work related

specifily cant say work

but my project

Cheating in any form is strictly prohibited. This includes, but is not limited to, requesting assistance with schoolwork, employee assignments, or active CTFs.

We can't help you, sorry. Whether it's homework or a professional task.

you wont have luck here with questions regarding homework/exams/work/"everything outside of thm". @sick lance to the rescue 🙂

ok

https://tenor.com/view/this-is-the-way-this-is-the-way-mandalorian-mandalorian-i-have-spoken-baby-yoda-gif-24159898

Look at that, I'm blue now

https://tenor.com/view/aww-cute-gif-24949784

You taste bad

congrats

Does anybody have an idea that if i welded that coxial cable to this massive antenna, and connected it to the wifi card like this, will it work ?

ik. i dont shower today

Also... get woken up "Matt, my computer on't turning on" Reseat the battery
"Matt, my monitor config is broken"

I HAVEN'T EVEN HAD MY COFFEE YET

AND I JUST WOKE UP

could potentially work but why you would do this is a big question to shadow

Hmm

Why do we do anything

To fix the bad wifi range for the laptop

aaah

I know, I can smell you from here

doubt it will give you any better range actually

And get the range that satisfies my desires

My phone gets better range than this

Lets give it a shot

It's not my wash day either 😄

What can possibly go wrong

would recommend a new dedicated usb wifi card over doing a bodge job with soldering/welding cable to attenna

Scada is bogus,

nice little jsp vuln.

........ please don't use that phrase

Oh, you mean.... The Q word too?

heard of some awesome jobs for Scada in the energy sector, but that must be scary

Yeah, due to the legacy software and where they're placed.

https://tenor.com/view/cat-chuni-sleep-gif-20108376

I'm going back to bed

sweet dreams

Hmm soldering it turned to be harder than i expected

And ill ruin the antenna

But i

Never gonna give up

I'm not surprised by this course of events but I'm curious nonetheless

make a satellite

The antenna is already a satellite 😂

make a big satellite

Size comparsion to my hand

Taller than a 15.6 inch laptop

are you soldering that antenna to a laptop

Im gonna connect to THM network by wifi 💀💀💀

easier to look at a usb wifi adapter so you don't damage your laptop

but where is fun in that

suppose fun isn't meant to be cheap 🤣

Daym i laughed a lot at my own argument

I swear it's like there's a calculation for how much time has passed and how demented people's ideas become here

when i run LFILE=/etc/shadow what happened in backend ? it store an LFILE as variable?

we are all slowly becoming insane

May as well solder the antenna directly to the laptop to make sure it's sturdy

Usb c nokia already done

Imagine what a giga chad can do when they go crazy

it makes a variable called LFILE which has the value /etc/shadow

I feel my braincells disintegrating

then later you can insert said value in the text by doing $LFILE

where it stored ? and

Im thinking of a way to do that while keeping the anetnna in one piece

in the shells sessions env

yesh

if i open new shell it not work ?

ok

depends but generally no it will not work

ok

thz

Just do it below the turning hinge

there are ways to pass the environment variables from one shell to another but probably out of scope here

So you can still aim the antenna for maximum reach

guys networking is smth essential for cyber security in order to begin at it?

Yes.

Wonderful, smart and amazing

shall i begin with a CCNA course?

Hi there, what's the remote desktop tool name on the attacker box?

depends on what you are hacking but generally yes

ok

You don't need to start with a CCNA

Learning fundamentals first is...

chad

probably a good idea

Makes me laugh when ppl call the CCNA fundamentals

yes do the Network+ or CCNA course, then if you want you can also do the certifications, but do the courses first, for general networking knowledge.

https://youtu.be/amGLgE2EksE?si=HrhNGjz284cmb3Gz

Wtf is this 😭

lifelessness

Why is this?

CCNA is a difficult cert, cisco has a new cert CCST, might be better for beginners

just found it in Discord history 🙂

ok thanks dude

Gave +1 Rep to @rough dome (current: #2590 - 1)

CCST looks like the old CCENT

good music, lots of things to do, noone talking to you, best situation to be in

Hello guys I want to form a moral hacking team if any of you want to apply to the team you can send me in private chat I have a special site for submitting and receiving reports or gaps that we are working to improve or close

ok

Sorry by the CCNA being a difficult cert, I mean as a cert for someone that is just starting out

special site

Im wondering if theres a way make the wifi card transmit at higher power

heating issues

there are laws on this lol

you into hardcore WiFi hacking?

Hello, we have rules against advertisement on the server.

Good morning all! I've heard that the TP-Link routers are getting banned in the US. 😳

@rough dome do you wanna to join the team

oh yea

who uses TP-Link smh

DM the link

for what reason>

😅

for being spyware

Chinese brands are notorious for spying home nets

no idea

I am telling you all the information in the private chat just accept my addition

I use a TP-link but not their driver, just the hardware. Moreover, I have even unlocked AP mode and WPA3 in it.

MikroTik provide Enterprise features at consumer prices