#general

know what i mean

Yeah that's true but I am only using Kali for THM and HTB and possibly start studying again soon. I need to get my Security+ and Network+ certs. Then possibly Pentest+ or CYSA+, depending on the market.

If you have the money I don’t see why you wouldn’t do SSD

It’s just about speed

Will also depend on the specs of your laptop but I’m assuming it’s fine because takes m.2

Yeah ASUS TUF Gaming A17

https://www.youtube.com/watch?v=f9HwA5IR-sg

AMD Ryzen 5 7000 series with 16GB DDR5

yay terminator is happening;

https://tenor.com/view/terminator2-judgement-day-t800-war-gif-19401019

my fav hobby/j

BTW I have done dual boot loaders before on my desktop when I was doing both Windows and Deepin on separate hard drives many years ago.

ngl i am strong against dualbooting unless you are using tailsos;

better off having 1 host and a vm for any other os you want to run;

ideally proxmox;

I remember the first timed i dual booted

i had 3 os's

😢

damit i keep calling it dual booting

im not sure what to call it

as someone with experience, i will try and probably fail to warn people that dual booting is going to give you a bad time;

everyone thinks its great when they first hear of it, but when your efi files get deleted without warning you will know pain;

I used to boot if a usb not knowing I could install the operating system

🤣

even worse if your hardware messes up the clock or drivers from swapping os;

that's actually the 1 right way to dualboot;

slackware

tailsos is specifically designed to dualboot off a usb;

but that's specifically cause its use case is someone fleeing state actors or other serious threat actors;

im a serious threat actor >:)

in that case, using library or other random computers is more secure than using an installed os;

nah im joking

im far from that

https://tenor.com/view/horse-horse-meme-goofy-goofy-ahh-brainrot-gif-5508898588807313449

I always wondered whats going thro they're mind on a daily basics

sup

Ok I will dm it you

how did you send it twice

Idek 😂😂😂

Wifi

also https://www.humblebundle.com/games/remedy-games-30th-anniversary-bundle yay alan wake 2 deluxe for cheap;

i have all the other games from all the free epic game releases though;

been wanting to replay through alan wake 1 remastered at some point too;

if you like twin peaks, its same vibes;

sadly alan wake 1 remastered is massively buggy on amd gpu:S

and trying to play it on linux makes said bugs even worse

that said if you just want alan wake 2 like me and already have the other games, apparently its even cheaper to just get deluxe alan wake 2 on epic store atm;

probably cause its about to get rereleased on steam soon;

Oh yeah thanks for the reminder, I forgot about that

Gave +1 Rep to @grizzled sky (current: #296 - 30)

at least for me i didn't have issues on linux, but that was on an nvidia gpu on linux because i need to get an amd gpu next time;

already own it on epic games

but prefer steam so would buy it on there if it ever gets moved over

i launch everything on heroic games launcher so i can get proton on everything;

even drm free games i got from itch and gog;

shadow loves gogs offline installers that you can download and just store to play the game whenever in the future

yup i have entire 12tb drives dedicated to my (legal, of course) backups of game collections;

I have a quastion one guy just said you cant change ur macadress however what about macchanger ?

you can assign a temporary fake mac address but the one burned into the physical hardware remains... you can just choose to "hide" it basically

now its clear

thanks mate

burned in like laser engraving?

hi

more or less yes

so so.. i can use my laser engraver to burn new MAC ?!?

hashahaha no

but but...

https://tenor.com/view/gives-gives-to-you-give-gives-you-this-giving-gif-16311571173340149142

at last i try 🙂

anyone got vps provider recommendations???

Vigor uses akamai (formely linode) and digital ocean.. they are both $12/month and have been very reliable for the few years that Vigor has used them

Allow

They are keeping you safe 🙂

was looking into it, the steam version in many ways is superior to the remastered version due both to the comentary track and due to it having more fog and thus better atmosphere, as well as the original face and animations compared to the new ones that remove a lot of the stylization of the origin 360 game;

also apparently there are some major changes to the environmental story telling such as in 1 scene where it shows alan wake's bed and it has one 1 pillow in the original, vs the remake that just uses some generic bed removing that story telling detail;

so yeah tldr everything i've seen says that the best way to play it on linux is to get the cheaper steam version and enjoy it with director's commentary if you played it at least once;

hello, iam new here i wanted to ask why the voice chats are locked

they are locked for people that are not verified to limit abuse by newly joined people

thanks

Gave +1 Rep to @sand trench (current: #4 - 2226)

no problem

@sand trench is it ok if i dm you? i have a present;

sure go ahead

i want present also ffs

https://tenor.com/view/cake-girl-gif-20216199

hello, on the last question of this room it's misformatting the header flag, can somebody debug?

https://tryhackme.com/room/walkinganapplication

That's not the correct flag

the network one?

What is the flag shown on the contact-msg network request?

it seems to be

Yeah, I have a different one in my solution

Look at the response, instead of the request

Oh ok

Sorry, that was a little confusing

I'm not sure where the other one goes

Not all flags are used. some are decoy

they can't make it too easy for us 😉

https://tenor.com/view/covid-meme-cute-gif-23513805

Did you get it? @hushed notch

https://tenor.com/view/shark-silly-lemon-shark-ocean-scuba-gif-905724840689496229

would you guys trust protectedtext.com
link: https://www.protectedtext.com/
they say its open source, but i don't see the source code

My delivery driver is being so slow

I can't find anything other than the API as open source

The only API i found was unofficial as well

exactly

updating your drivers is important for keeping them operating at their fastest

The claim “it’s open source” seems to be only partially true (frontend / client-side code is viewable), but the full backend/service code is not publicly available in a manner consistent with true open source. So it’s misleading or at least incomplete to call it fully open source if you can’t self-host it or inspect the server logic.

yeah i couldn't find the full source code either

thanks for confirming

No problem borat

wawawewa u know me?

u from kazakhstan?

No, but I took one look at that mustache and knew I was dealing with international talent.

but they make mockery of me

i fourth most famous person in all of kazakhstan

i know python

https://tenor.com/view/mephisto-ironheart-desire-sacha-baron-cohen-iron-heart-gif-16269725437776981993

Windows 10 updates

Reminds me of that one movie clip

https://www.malwarebytes.com/blog/news/2025/10/your-meta-ai-conversations-may-come-back-as-ads-in-your-feed

@grizzled sky would it be ok if I kept both SSD's separate with 2 different OS's instead of using a boot loader?

and that is reason 48 to not use facebook

i don't but whatsapp is another story

try and migrate people to signal if possible

i use session and signal, but the hard part is convincing others to migrate

michael bazzel has some tips to get people to move over

in the extreme privacy 5th edition

i've read extreme privacy

those work on close friends and stuff

the edge cases are difficult

think of like a college classmate whom u don't know that well, but u might need to text them for notes

does shadow stay away from whatsapp completely?

what people see right before going POOF into white smoke and maybe dropping a red apple if you are lucky

I was flying my drone in my house. Cat was not amused.

should i go for the The offensive certification

The efi is still going to be an issue so yes;

shadow casually ignores me

u would still need a bootloader though

@mossy river , I pinged you earlier, but didn't get a confirmation if you saw my message.
About removing my verified status, so I can re-link my discord to my correct THM account.

Don't want to push you, it's not a priority. Just wanted to know if you saw the message.

wait what???

ah right

yeah shadow avoids whatsapp completely

never made an account

Did you try to verify again with the new key

generally dualbooting with 2 seperate drives work just fine

just sometimes with linux you might get in tiny mess because of secure boot

of course. But then I get this message:
Your Discord account is already linked with a token. If you wish to update your token, please contact a moderator.

Done

shadow is watching a legally blind canadian play dwarf fort so might not see chat much here sorry @queen flare

Thank you. Now it should be ok

And it is 😄

oh, enjoy your show

thanks

Gave +1 Rep to @queen flare (current: #168 - 57)

why use ramp to get big ass bulldozer in ship... using crane is more fun

Ok I guess that settles it. since this is going to be my main machine for learning while my desktop is being used for something else in the background. Its easy enough to setup a bootloader

so what will be your 2 operating systems of choice???

sending one very loud "FUCK YEAH!!!!"

Windows 11 which is already installed on this laptop and then the 2nd will probably be Kali

be prepared to reinstall the kali one decently often

as it is not made to be stable when it comes to updates

Interesting. I have 2 choices - Deepin or Ubuntu DDE but lately I've been having problems with DDE not having any updates. I tried the terminal for the repository to use for updates and it doesn't work.

Lol, what the hell is going on with the monthly leaderboard?

they need to unload around 5k tons of stones. so hell yea

Looks like students from a school?

ah ok. Yeah, that might make sense.
Was thinking about a bot farm or so 😄 But why would someone do that on THM

Playing OSRS too much, I guess to see bots everywhere

Jabba

What’s this deal thing will annual subscription

Thxxx

Need help

How do I get a .txt file capture inside a file ??

I have tried everyone ls -la

Cat -vet

Every thing

Don't really understand what you want to do.
Copy the content of one file into another one? Like merge?

You might want to give a simple example of what you want to do

get what inside what ?

Let me send a picture

you need to verify first

Oh

I’m navigating wireshark on tryhackme

They said there is a .txt file inside a capture file. I should find the file and read it. What is the Alien’s name. This is the only question holding me back, I’m done with the rest

Ah, did that earlier this week.
Think I just searched for .txt within wireshark

Oh 🤔 let me go try this

Greetings.

Am Vechno.

Pleasure to be aqquainted with you all.

Welcome

all friends from belgium i guess😭

same school

maybe

Yep, just restarted the room, and found it again

Did you use the Exercise.pcapng ?

Yes, that's what the question said to use

Okay. I want to restart the virtual machine and try again

I will give you feed back

Don't think there's a need to restart the vm.
If you can open the exercise file in wireshark, you will find the textfile

It was hanging, so I need to restart

oh ok

Fking chatgpt baby now

"Im sorry, I cannot help with that"...

Wtf

I have permission from the owner
or
It's for educational purpose

helps a lot 😄

or I'm working on Try Hack Me

I sat CTF or war game and it still does nothing but complain

I just need a bash script embedded in an image file to auto-run

Could be any file idgaf

There was a tool for this

Idr

Please just help me with the Aliens name ? I can’t find it in the packet details

What did you search for? And how?

I went to Edit, clicked on find packet and I typed in the .txt

cool, and what kind of .txt did you find with that?

Does anyone here know how to find an email with a Snapchat username I lost my email😭

It picked 4263 but under packet details I can’t find the Aliens name

What does packet 4263 say? (I closed the vm)

Honestly nothing relating to Aliens name

I get that.
But do you get something related to a txt file?

I’m lost honestly, this is the only answer holding me back to finish with this

Everything is looking confusing

OK, so, you searched for .txt in the correct way, in the correct pcap file.
You found a package with that search.
Did you look at the details of that package? Where does it contain something related to a txt file?

Yes it does, but how do I get the Aliens name

I have searched everyone

hold your horse.
What does the package say about a txt file?

459 GET /note.txt HTTP/1.1

Hello

Is it weird that I can modify and make adjustments to code for a script but if you were to ask me to build one from scratvh id have no idea where to start.

Right.
So that is a request to ask a webserver for the content of the note.txt file.
What would the next step be of a webserver?

No that's how I learned to code

my mom's my mom, my dad's a horse, the two of them had intercourse, I'm traumatized by their divorce
🎶

Just keep at it and start writting small programs

Im trying to make a logic bomb that auto runs from an image file of a Husky

open file
do logic bomb

start there

write out the steps first

hi

Has to be a bash script

Follow HTTP stream

that's fine, but if you write out the individual steps first then convert the logic to code it's easier to follow

Idk the tool to do it tho

It aint steghide

And chatgpt outputs bs like why cyber terrorism is bad

I'm not even sure what you mean by using a logic bomb against it

That's not a bad idea. But because how this note.txt file lookls like, you won't see the name of the alien.

and try claude for code, tell it its for ethical hacking

An image file of a Husky is suppose to launch a logic bomb embedded within it when the image is opened

Its a war game

Yes honestly

Think how a webrequest/response work.
With your found package, you requested the content of the note.txt file.
The next step (so one of the next few packages) will be the server responding with the content of the file

Has to be an image file, not pdf or docx

Now I’m more lost

I might be able to get away with a js file

Like you already said. Package 4267 is your GET /note.txt request.
scroll through the next several packages, until you see a response from the server

Idk what the hell is up with cgpt these days

Hi

Was not like this before

I'am New here

My loan officer is suppose to call me rn

Been 6 minutes x. x

Okay let me keep checking

Nobody knows the tool for auto run from image file script?

me so far

so

Don't look too far.
It's litteraly a handful of packages after the GET request

Wsup guys

Does the THM attackbox's speed depend on my system's hardware specs or the Network's?. Cause it slow and laggy for me. I use and 8gb ram-i3 laptop

nah i dont think so

probably not

Found it?

Not yet , I want to eat dinner. It’s 10pm here in Nigeria. I will continue when I’m done

OK, good luck.
It's 11pm here in Belgium, I wanna go to bed 😄

Okay brother, can I chat you up privately??

sure

Thanks 🙏

@kindred pulsar Enjoy your meal

Your invited chief

@gusty inlet do any CCNP roles exist for my Enterprise and Security CCNP certs?

Just CCNP.

Would you be able to add that for me or would that be someone else?

Yep, that would be me. You'd need to DM proof. (Creds)

Ok, you did see my linked in though lol

Didn't keep any data, forgot what the LinkedIn was.

Don't wanna get sued.

whats wrong with knowing someone named suesy

juggling between two kids+wife 😄 and not skipping a grind to keep learning every day.

that is honestly impressive

good job

also tip of the day for people who want their own static websites:
make a github repository called
username.github.io
add a markdown file called index.md
sync it to git
tada you now have a static website

honestly, this is game changing doing it every day, at least trying, because your mind never stops thinking about cybersecurity, keeps you in the loop and focused

shadow just does a single question a day but it still keeps them learning something

every effort counts. Even reading an article- latest cyber news still counts.

or writing a guide for how to secure and make yourself more private in the EU

➕ Gave the role CCNP to vigo0000

as all the guides shadow could find beforehand were targeted at americans

➕ Gave the role CCNP to jerlasvegas

➖ Removed the role CCNP from vigo0000

@dark wolf Done!

oh did you doa typo dkob???

Hiii👋

absolutely shadow

Hey

Good evening lovely people 🌹, how are you all doing?

could link it to anyone that wanna read it so far... but it is heavy work in progress

i am interested indeed

actually doing great, very blessed, humble and motivated so far 😄

and yourself?

That's great, thank God. I'm quite well myself, thanks

Gave +1 Rep to @simple wadi (current: #3191 - 1)

I read that as two wives and a kid

lol wouldn't be bad at all. i feel like there would be a lot of bickering and fighting between them 😄 just makes me wonder how do they live like that in muslim-majority countries where up to 4 wives are allowed mhmm

Hey hey hey! Shout out from Bristol UK! Newbie here - next step cracking the Pentagon! 🤣

lets stay ethical 😄 whats up, how we doing in this beautiful evening?

Jeez! They make the men have more than one wife in Muslim countries! That's a good reason to go deaf 🤣

guys

help

plz

Just been on the John the Ripper early rooms. F*cking love it!

Can't wait to get a more balls deep.

when i want to start an activity the server said you dont have permition

yeah i enjoyed it too not long ago, brilliant room

https://tenor.com/view/cat-shower-showering-showering-cat-cute-gif-11955391106985110144

I've notived THM gives you half the ability to answer but you have to go away and do more research to crack the codes.

Screenshot?

Sudo? SSH - using the correct IP? Reboot the machine maybe?

im talking about discord server

Where is everyone based?

Not something I've come across much outside of Discord chat.

yeah it is a great mix of theory and lab work

Ireland

i am going for jr any advice

Where abouts? Southern or Northern?

Republic of Ireland 😄 Dublin

That's the biggest city in Europe......

Keeps Dublin and Dublin each year 😉

Helllo

How is all

Very good - you?

Where abouts are you? I'm Bristol UK.

Doing alright

https://github.com/shadow-absorber/EU-Security-and-Privacy-Guide

In America

Nice. Whereabouts?

Thanks dude.

Gave +1 Rep to @sand trench (current: #4 - 2228)

Chicago

no problem

The windy city.

I guess

shadow is located somewhere in the dark sweden

Wow! Sweden! Never been but looks like a cool place to live.

it for certain has a very specific way of living :D

I've got a question - outside of a VPN how else can someone hide their identity on line?

Proxies, self care in OPSEC

idk

I did a DNA test and I have a gene only carried by Vikings! So I'm kinda Scandinaevian 🤣

Thanks man.

Gave +1 Rep to @potent dew (current: #3191 - 1)

ok

https://www.youtube.com/watch?v=6vsjIIiODhY

I’m Birmingham 😃

Is there a channel for general help on cyber security ? pls

probably in here or in #infosec-general

Thank you

np

Bro arch got suggested on instagram 🙏

eeeew instagrams

https://tenor.com/view/i-use-arch-btw-use-arch-linux-fedora-gif-23272370

https://tenor.com/view/kitten-cat-kitty-sleepy-tired-gif-9176539601255345484

UK?

https://tenor.com/view/turn-slowly-slow-head-turn-head-turn-black-guy-slow-head-turn-then-smile-gif-5745794282133528485

🤣

Yhh

Used to be like that in Utah

It's an actual beer

meerp moorps time for sleep sloops to the beep boop beeps

notes niters

stupid phone keyboard

did you see you can use a android phone as a hacking device and you can build the program on your computer and then go and use a cell phone to run it

there is kali for android

yes like kali nethunter????

yes

also there is termux for android which you can run scripts

thats what i was looking at but i got to remember to slow down to learn then play with the big boy toys

study everything, gather up money and get a steam deck

way better for on the go hacking

but also wait a bit for the price to drop

o yea running linux but i like the phone idea

because no one looks at a phone

but my job they look at phones lol they look at all the tech i own

Hey everyone just a quick question that im sure was asked before but i need calrification

when starting to learn i chose the roadmap and began there now im omw to finishing cyber security 101

now question is should i just go based on the roadmap on the path to red teaming? or should i click "penetration tester" which leads me to a learning guide which is a bit different?
im a little confused

running kali on android is like sitting in a tub of tobasco sauce while shoving broken shards of glass up your ..

click on the first part of red team

not red team lol

yeah of course

but right above it is "Penetration Tester" in blue which takes me to a different path

under the PT1 test you have the web fundamentals, you can continue on that path

im bouncing around because one path starts getting a little annoying

then go to analyst and engineer for something different but fun

if you click penetration tester up top though you reach this site https://tryhackme.com/careers/penetration-tester

here you can see theres a learning guide and its a tad different

oh that's a nice resource it seems. I haven't seen it. Nor do I work in Cyber or hire so I wouldn't know the best answers

But if its a linux, sed, awk, firewall, wireless, web server, docker question I can help 🙂

or python, php

switching, routing, bgp, eigrp, ospf

i just got to networking on cyber 101

well talk after it it think lol

voip.. but voip sucks lol I used trixbox and freepbx ...

called my wife but put her dads number in as the source, that was fun when i could forge the source of the phone call easily

telcos block that now i think

super cool

It was the same thing with email, used to be super simple to fake an email sender

Do they?

ouch why

I'm not sure, I don't have access to a voip system to test any longer, i did at my old job though

kali is for computers with big monitors

so you can keep things straight between all the stuff going on

Ooohhh I thought you were talking about the classic phone system

typing on a keyboard is way easier when writing code or in cli

i can only do cli on real keyboard

nah, with voip you could set the caller id

so when you wanna call someone you could make them think it ws someone else and they would answer

You could do that on the phone network too.

i haven't had a landline since before jesus became muslim

what about using termux on android then to hack

oh wait, my bad english, i mean since god left chicago

You could also do it over the mobile phone networks. Not sure if it still works though

And you could send your caller id as text

you could use email to send a text and fake the info

The best thing you can do to avoid scams is to not piss off any hackers

i want to be number one nightmare of scammers

jk

i think scammerpayback or kitboga is already

scam baiter to

or that english guy... 0day here, a mod, worked with scammerpayback, its on YT

Hello chat

Hello Forsty

Need some heat?

0day scares me ok

hello

Why does he scare you?

think about it ok that man has done this for how long and he knows how much

I hate it when I teleport and accidently end up in Libya

https://tenor.com/view/fknbnuy-reaction-animal-speed-fast-gif-21698273

lwkey

jerma is live

Yeah

kali or attack box

hey

guess what

Imagine not getting free money like me 😝

im joking

Quite low effort

yeah lol

Light work

SATAN

FUCKING SATAN!

GET THE FUCK OUT OF HERE

Security Administrator Tool for Analyzing Networks ? It was a free vuln scanner in 1995

you don't like it? Does it still exist?

you going to defcon next year too matt?

I'm gonna Play some Doom the dark ages in god mode bbl

brooklyn nine nine was a really nice CTF

It was my first aproach to steganography

if you enjoyed it and would like to continue with similar difficulty CTFs, try jack-of-all-trades

I will try it. I am just doing all easy CTFs now

As you should, it's a good level you're at in order to start tackling challenges while also learning a bit of theory on the side

Probably the reason why I'll fly to Mexico city again

What is this?

Tacos

I almost pulled the trigger on a spontaneous weekend in CDMX earlier this week. Looking at these tacos is already making me regret that I didn't....

24 pesos per taco

Isn't it really early for you?

You think he sleeps?

our pfp and name color match bella haha

someone almost thought i was you the other day

yea i nearly replied to Bella with my last message instead of you

FERRRGLARRRR! Hello!

hel,lo

hlelo

hello

How're you?

good

i got two 2000 word reports due next week one i am only 1/4 the way through and the other one i am 0/1 of the way through

good luck

Let's gooo! Knock it out of the park ferglar!

https://tenor.com/view/skeleton-dancing-skeletons-boo-cartoon-gif-18326832313355216882

https://tenor.com/view/illusion-hypnotize-circle-time-loop-gif-20586461

Narh, my pfp is 100% black (trust)

❌

have you made this or somewhere you found it

i searched for dreaming hallucinations in gifs

I can't send gifs for some reason

Do I need to boost to be able to?

no just verify

oops

Alright I am blind I believe

Preciate it

no prob, use that last one

then you can send gifs and emotes

🫶🏻

oh i though that you made it btw

nah, i wish, it's pretty cool

Ehhhhh ... wassssuupppp

Weird name

And weird PFP too

and a weird profile. and discord account created today

Good night fam

https://tenor.com/view/goodnight-goodnight-chat-minecraft-gif-9960598526624359912

good night

https://tenor.com/view/furry-gif-13118164600071707916

wooo. 30 day streak and a level up

W

➕ Gave the role eJPT to ctxzero

Yup, 5 AM rn.

Grats!! I hit 90 today!

nice one

thanks

Gave +1 Rep to @sturdy sequoia (current: #616 - 11)

damm, early bird

nice chall room

Noice!

really don't know how this matrix calculating

guys

how do u check ip on THM kali

Hostname -I ??

ip addr
maybe

ip addr

gives 2 ips

which one is what

link/ether 16:ff:cf:94:5a:0b brd ff:ff:ff:ff:ff:ff
inet 10.201.28.170/17 brd 10.201.127.255 scope global dynamic eth0
valid_lft 2457sec preferred_lft 2457sec
inet6 fe80::14ff:cfff:fe94:5a0b/64 scope link
valid_lft forever preferred_lft forever

not sure. hopefully someone else will chime in

eth0

on the thm machine

or tun0, on your vm its tun0 but that output shows eth0

which ip do i use for netcat listening

the attack box is what you run nc -nlvp 4444 on but is it metasploit or nc that it says to use

ip route

default via 10.201.0.1 dev eth0
10.201.0.0/17 dev eth0 proto kernel scope link src 10.201.28.170

which one is it

10.201.28.170

so why the hell is nc shutting down

ping yourself

bruhh

@dark wolf hi!

does listening need sudo privilege

no right >

did you connected via opvn file?

im doing it on THM kali

not my own

ahh, did you add ur target ip into /etc/hosts?

do i ?

try it

bet

echo "ip domain.xyz subdomain.domain.xyz" | tee -a /etc/hosts

omg the windows vm machine is driving me batty

done

what port works best for netcat ?

4444 ?

any

when not root 1024-65535

i usually 6969

NiceNice

WARNING: Failed to daemonise. This is quite common and not fatal. Successfully opened reverse shell to 10.201.28.170:4444 ERROR: Shell connection terminated

bruh

imma kms

why the fook is it terminating

that connected but got broken shell

what's chall u doin

what the shell

i got some buzz rn

see ya later

hey everyone! can we go far without graduation in cybersecurity ?😁

to the moon

Im having issues with connecting via OpenVPN. Using a Kali VM, had been working fine. Any ideas on whats happening? Changed public IPs to x.x.x.x:x

2025-10-02 23:25:52 Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2025-10-02 23:25:52 Note: cipher 'AES-256-CBC' in --data-ciphers is not supported by ovpn-dco, disabling data channel offload.
2025-10-02 23:25:52 OpenVPN 2.6.14 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]
2025-10-02 23:25:52 library versions: OpenSSL 3.5.1 1 Jul 2025, LZO 2.10
2025-10-02 23:25:52 DCO version: N/A
2025-10-02 23:25:52 TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:x
2025-10-02 23:25:52 Socket Buffers: R=[212992->212992] S=[212992->212992]
2025-10-02 23:25:52 UDPv4 link local: (not bound)
2025-10-02 23:25:52 UDPv4 link remote: [AF_INET]x.x.x.x:x
2025-10-02 23:25:52 TLS: Initial packet from [AF_INET]x.x.x.x:x, sid=5eba5459 718c6671
2025-10-02 23:25:52 VERIFY OK: depth=1, CN=ChangeMe
2025-10-02 23:25:52 VERIFY KU OK
2025-10-02 23:25:52 Validating certificate extended key usage
2025-10-02 23:25:52 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2025-10-02 23:25:52 VERIFY EKU OK
2025-10-02 23:25:52 VERIFY OK: depth=0, CN=server
2025-10-02 23:25:52 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bits RSA, signature: RSA-SHA256, peer temporary key: 253 bits X25519
2025-10-02 23:25:52 [server] Peer Connection Initiated with [AF_INET]x.x.x.x:x

Try with sudo

... Thank you. Of course it was that

Gave +1 Rep to @night peak (current: #532 - 13)

any advice for someone who is traveling and only has access to a phone to be able to continue to learn and retain knowledge? Feel like being away from my pc is making me rust.

I am used to my schedule of learning atleast 1 thing a day and using that in a ctf or seeing how it works

Try some books or pdf, you will waste precious time trying to do it on phone

faster to use time to learn

Im not sure if this is great advice, but if you've got a notebook that you can write things out with, an informational level room would be nice I think

honestly I feel like thats what I needed to hear, I never write anything down physically. All my notes etc are in obsidian.

I have written down nearly everything since the beginning of using THM. Almost a full 5 subject notebook so far and I'm only just now getting down with Jr. Pen Tester

I already did do the Web Fundamentals too because I heard a lot of things about people feeling not quite prepared for the web section on the PT1. In my opinion, you end up remembering things better when writing them out and then having a headache for an hour because you forgot to use sudo or make a file executable...

my hand writing is so bad

this feels like ancient technology

Dude same, I will need to rewrite this entire notebook

need ai to do my handwriting for me

And actually take my time with writing, lol

If only

my only other option I have is using a little lan setup that has a raspberry pi

but idk how that will perform on hash cracking etc

Ouch, to the hash cracking part

yeah last time it cracked a hash I woke up and it still wasnt done

Screenshot all the highlights tutorials, lessons, commands, and techniques before you travel to another place.

good idea

ive also installed iSH to help me retain syntax knowledge

feels so weird typing in a terminal on a phone

iSH?

Oh no, I hate the sound of that

it is, don't bother, just read info

get some pdfs

cheat sheets

linux shell for phones

Also download your favorite cybersecurity content videos offline, so that even when you’re in another country, you can still keep learning

Ahh

this is a good idea too

i need more physical books

never even thought of this, seems oddly specific like you have done this before

appreciate the advice ya’ll

Haha, you’re really going to write it down in a notebook? You’ll probably just get sleepy from writing all those commands and proof of concepts.

probably not commands

So what is it?

The amount of syntax I wrote down in the What The Shell? Room.....

That Powershell one liner😭

writing syntax sounds like a mindfuck

Don't get me wrong, I remember a good portion of them, but I did not even attempt to understand what was going on in that one liner. My windows knowledge is kind of abyssmal compared to linux knowledge

I hate windows

AD is so boring imo

Ngl, I do not remember it very well, I'm going to supplement with a bunch of areas I feel weak in before I try the PT1

web app testing is where its at

Oh that is so fun tbh, priv esc is also really nice, when I don't forget to make the file executable....

yeah thats true

3 hours... On one section of the room because I didn't make the file executable and didn't realize it because apparently I never clicked the hint that said make sure you made your file executable... smh

Sitting here trying to write the $PATH shell myself, and turns out, my entire mistake was not making my file executable...

yeah catching a shell is super fun especially the priv esc part. Theres something about bug bounties though that give me a crazy adrenaline rush.

I haven't started to do any yet, definitely going to after I pass the PT1, I just want to feel like I'm ready before I jump in, you know?

yeah thats a good mindset

its all about staying in scope

thats the most important part

changing your header for each request so they know who you are, rate limiting etc

Oh yeah, that part I don't think I'll have too many issues, might make a flow chart and whatnot to track scope easier. Rate limiting is going to be the death of me though with hydra

rate limiting SUCKS

-T1. 100 hours later

5%

when I first started to do bug bounties I started to realized how secure modern websites are now

even just lower tier / free cloudflare WAF is pretty decent and anti script kiddie

iykyk

Oh, okay then. Maybe I should practice some more before then, lol

I’ll say this, I wish I went headfirst into web app stuff in the beginning

the shell stuff is cool and all

but you’re rarely gonna be in a scenario like that realistically

but now we have xbow

The owner of the website is surely rich they’re paying a lot to their security provider

yeah that was just a random picture of cloudflare blocking a potentially malicious request

I can imagine, there are only so many RCE vulns. Whats Xbow though?

dude look into it, its kinda scary

Why do you say that? Higher quality SIEM?

I'm gonna find stuff for clash of clans, lol

it is/was the #1 bug bounty hunter in america

oh, alright then

but its an agent

can i link videos here?

Oh thats concerning. I am so not beating that ever

welp its not a bad video

https://youtu.be/lC2Ornloj24?si=eLfa6gYZrVAr5snN

yeah, You know, when you create a business website, it should be secure not like those other sites that just rely on ads to afford security services.

xbow was having issues with it hallucinating

guess how they fixed it?

Did they just tell it to stop hallucinating?

Yeah, I can imagine a few

created a separate agent to investigate for hallucinations

The Evil-GPTv2 room was funny, got the flag in 3 prompts

bruh😭

Ouroborus time

when I heard that my mind went like

Thats actually hilarious

AND GET THIS

THEY STILL USED HUMANS TO DOUBLE CHECK

All in all I don't think I'm doing terrible. Only been doing THM for like 3.5 months and I'm almost done with all of JR Pentest. Didn't even have too much knowledge of linux beforehand and had years on windows. But now feel much more knowledgeable with linux than windows

Thats actually amazing

😭

I will always be a windows hater

the only reason it exists is because games are typically built on/for that os especially ones that have kernel level anti cheat

True

I guess also because people think a terminal is fucking satan

but even then there are pretty intuitive linux distros thats almost replicate windows

sudo gcc tmp.c  -o Gotime -w
[sudo] password for sly: 
tmp.c: In function ‘main’:
tmp.c:5:1: error: implicit declaration of function ‘system’ [-Wimplicit-function-declaration]
    5 | system("GG");
      | ^~~~~~

Any ideas why the file is not being created?

CLI is so nice tho when you get used to it

Or will it not create it in the /tmp directory

I dont think the dir is the issue

How do you paste terminal commands here?

Use 3 graves prior to the code and 3 after

`

Then just copy between it, builtin discord feature, a buddy in college showed me and its stuck ever since

I would need to see whats written I think

void main()
{setgid(0);
setuid(0);
system("GG");
}```

Same example as shown in the $PATH portion of the room

you just casually paste it here?

or bot command?

Just paste in between and but with one more on each side

woah

thats new

Sorry, I’m new to Discord, so I don’t really know yet.

I guess you can do it for individual words, also I kinda forgot, is it against the rules of the discord to post code or anything I didnt even think about it until you said something

You're good, I was really curious the first time I saw it too

do you have an executable/script in the current path?

named GG i mean

Its not trying to run yet when I got that issue, I was just trying to compile it into an executable

and then I'll wget it over to the vm

Because gcc wasn't on that machine by default

But it eventually will be calling a "binary" named GG

try adding #include <stdlib.h>

I think thats why it isnt recognizing system()

So, I went into su, and tried to save the stdlib in and it says permission denied

maybe update source file?

But I exit and then use my base user and it works

Why... what happened. I do not understand

why i can't do that

Has to be the grave key (`) not (') and it has to be 3

recked

uhhhh are you using the entire path? like /example/example/GG

Does anyone actually have any idea on why nano would not work and said permission denied when I tried to edit the file?

I gave up

Are you sure you're using `? Its the one top left with the tilde/squiggly line

This was it, thank you

Gave +1 Rep to @sage locust (current: #3191 - 1)

rkhunter --check --report-warnings-only --cronjob 2>&1 | tee rkhunter-$(date +%F).log && \

I get it now

thanks HAHAHA

Awesome, good job man

im almost considering getting a pi/mini pc while im traveling

idk if another pi is a good idea tho

guess it could be another lightweight server machine

My boss showed me a keyboard today that has a raspberry pi builtin. Really neat stupid compact, about $200 usd

yeah those are cool

I can't remember what it was called but it was neat

my issue is no gpu

True

I like my tower, but I do not want to lug it around

yeah…

other idea is doing a very small itx build

or external gpu

Those are always neat

woops

like this would be sick af

pretty much like a little guitar amp

I would love carrying that thing around

That looks sick

Does anyone know what the loopback address ends up being when you're connected to the THM VPN via OpenVPN but its all on an Oraclebox VM?

wouldnt that be the vm itself?

Thats what I thought but wget isn't communicating with my machine

you tried local host?

So, I've got a simple python server running on my VM so I can transfer the file to the THM VM for the room. The THM VM is having issues connecting back to my machine

oh wait I think I see the issue

could u /verify and send a screenshot

@wraith jasper

are you using bridged adapter?

--2025-10-03 05:39:35--  http://10.0.2.15:2001/tmp/Gotime
Connecting to 10.0.2.15:2001... failed: Connection timed out.
Retrying.

--2025-10-03 05:41:46--  (try: 2)  http://10.0.2.15:2001/tmp/Gotime
Connecting to 10.0.2.15:2001... failed: Connection timed out.
Retrying.

--2025-10-03 05:43:58--  (try: 3)  http://10.0.2.15:2001/tmp/Gotime
Connecting to 10.0.2.15:2001...```

you might have to bridge or port forward

Basically trying to do this but in a roundabout way because the thm vm doesn't have gcc

Not quite sure how to bridge, port forwarding should already be applied on my router though, I was running a few servers for a little while

Unless someone went through and reset

nah not that kind if port forwarding

like via ssh

Oh, mb. I might have to look into that

and for bridge adapter its a setting in the VM software for that machine

Enable Network Adapter?

you can connect the machine on the same network as the host pretty much

what are you using? vbox? vmware?

Vbox

Have it set to bridged adapter, what is promiscuous mode?

Oh, I think I answered my own question

you need it for sniffing etc

I think promiscuous might need set to allow vms

I could be wrong, but I think that might be it

was there an option to turn it off?

Off by default

yeah leave that

Okay

can always go back and enable

Time to test

ip should be in the same subnet as the host once its all done

Should I have only that option for network adapters?

Or leave the other/base one enabled

leave the default one on

There we go

It changed to an IP within my subnet

although I did lose a few interfaces

which is odd, I did disable the default one though and only then did the ip change

Hi people I need help with Microsoft sentinel, I'm new to it.

I think this is because NAT is enabled and it needs to be for the VM to have access to the internet

(I think)

Can you help me with exporting workbooks , I cannot see option to export data

I mean, I've still got eth0 and lo and tun0

But there was like 2 more interfaces prior

prob eth1 and the vbox interface

Ahhh

you should be good tho

now just make sure you’re listening on all interfaces when hosting the http server

then use eth0 ip

SHOULD work

Yee, it finally did. Took me long enough, lol

Sup chat

sup sup

wassssaaaaa

https://tenor.com/view/wazappp-gif-16533663536355085528

https://tenor.com/view/100-gif-6454071728916649766

https://tenor.com/view/enfant-balthazar-oups-gif-2566379017358673363

Lucky me lol

its real

must be it says official

wild

Does anyone know of ways someone could get unpaid experience as an intern in cybersec?

Ah wait wrong channel

Yes

what are best phones to do portable pentesting within reasonable grounds with, just something cheap for experimentations

Check requirements for kali nethunter

Hello

Guyssss

Hey, is there any way to change my email or transfer my TryHackMe progress to my main Google account?

Hello 👋

There should be a way in the profile options

I'm signed out rn but it should be there somewhere

If not then you can always contact support

hey! i purched the annual pack, it says 5month free, does that mean i'll get 12month + extra 5 month?

yoo guys

I got the T-shirt

in hack2win

But i didnt receive yet

is it better to NAT or Bridge network connection for a Windows 11 vm in linux?

hey guys I am a beginner

I was wondering which free rooms I can use to kickstart learning some hacking skills

Nope.
In total (code + generic discount of an annual pack) is 5 months cheaper than 12 x monthly payment

https://tryhackme.com/resources/blog/free_path

The free path is p good

thnx

Hey folks! New here and excited to hack, learn, and grow ⚡

Welcommmmmmmmmmmmmmm

Ello 👋

Thnx feel great to be here😌

Hell yeah, enjoy yourself (And remember to take notes)

got it!

Hello everyone,
I’m looking for like-minded researchers to collaborate on bug hunting. The idea is to exchange methodologies, work on testing together, and strengthen our approach for better results. If you’re interested in teaming up, feel free to reach out.

NAT dude

Is it nighttime there? There aren’t many people in the server, it’s so quiet

This server has people from all over the globe

Nope