#general

why

Soon they are forcing Thales keys

my conmapy thinking to implement yubikey

already using yubikeys for discord

I have Thales for works AD when not using phone for Auth

i need get my self one

will be nice to have one as implant with nfc/rfid or so

im surprised you don't like passkeys - is it a privacy thing?

yubikey is essentially the same thing as a passkey no?

they both use fido?

mostly that they are a mess to keep secure and safe so you don't lose access to things

in comparison to passwords plus 2fa key

if you ever try to backup passkeys you will know the pain

i use passkeys in bitwarden

it syncs

🙁 I broke my VM

did you take a snapshot? lol

No, i would never remember to do that

eh could probably use passkeys in keepassxc too

i typically take snapshots... but then when I break something, I look and realize my last snapshot was like 6 months ago 😄 😄

Its my goto kali VM. I even made it look good.

It loads but menys are gone, cant change settings etc.

I sort it tomorrow

GPT will help instead

Just dcoding b64 for a ctf

better to let AI sort it, saves me time

the new kali has gemini baked in... seems weird they went with gemini... still not sure how I feel about that

Hi guys, where’s the best channel to ask questions?

echo "blkgwasiuhgnnseauioghoerasunig" | base64 -d

^ doubt this will give useful output as shadow just hit random keyboard keys

           へ         ╱|、
      ૮  -   ՛ ) つ(>   < 7  
     /   ⁻  ៸          、˜〵     
  乀 (ˍ,  ل            じしˍ,)ノ 

oof that not look right

Well I can tell it involves cats

cat 1 go boop cat 2

If I am trying to connect to THM with my OpenVPN config, does this "Connection" box only show connected if I go to this page of settings on the machine where the VPN is connected? I copied the openvpn config over to my kali box and it seems like it's connected fine. curl 10.10.10.10/whoami responds correctly

yeah that page is not always working as intended

thanks - i figured so

the curl 10.10.10.10/whoami is the better test to see if you are connected

I wonder why

Maybe it checks the wrong ip

Like if ur using a different laptop for vpn connection it wouldn’t have any way to know

And u have a vpn on main laptop

that's what I started to piece together... i'd have to visit this page on the endpoint that is connected to openvpn for that to show connected, correct?

you can't stack vpn

only one vpn can be running

i don't have my laptop connected to the openvpn profile, i have my kali box connected to the openvpn profile and I'm connected to kali via ssh (no gui)

Na I mean connecting to thm with one laptop and answering questions/being signed into the website on another laptop running a vpn so the two laptops don’t have same public ip

is you host pc on some vpn?

no

im signed into THM on my laptop - kali is a vm on my host server (completely different machine from my laptop)

did you run vpn via ssh or on vm it self ?

i just found a vulnerability in the xscreensaver app in linux

on the vm itself - i actually configured a service in kali to run openvpn with that profile so I could turn the vpn on and off as a service

curl 10.10.10.10/whoami is working, so I think I'm good, i just wanted to make sure

if that pass then you are ok

type in curl 10.10.10.10/whoami and it gives you an IP address, it means you're connected.

yea, that worked, I'm good then

Lmao

I literally just posted that lol

Yea I’m just wondering why the thing in the profile saying not connected might be bugging

I'm also running Kali on my laptop too

oh thm profile can do that

posted what, how to run openvpn as a service?

no the curl command

ah gotcha

thanks everyone

relay on curl command not them site

I just learnt something new now

You can use deepseek to make malware?

technically yes but it is against terms of service and not recommended

Their terms of service but there are work arounds and it is really useful for learning reverse engineering by following along in a tested enviroment

well okay just gonna dip out there and no response

Hi

compile on the target machine
use the attackbox to compile
do static builds instead

are the most common solutions

quite a few of the target machines have gcc on there

ah yes a silk road enjoyer

okay then that leaves the 2 other options

gcc -static blargh.c

yes shadow likes to use blargh as example texts because it is fun to pronounce

but living off the land and using things found on target machines against target machines is generally best bet even in real world pen testing and red teaming

fair... shadow knows very little about programming but got decent understanding of compiling

Where did most of you guys start with your ethical journey?

building bird houses

where?

Add -o <name> or you get a.out from this and that will be confusing. ^_^

As in getting into ethical hacking.

fair

i like his mindset of going to freedome

i dont really know how to answer. it was just a hobby i was interested in so i researched and experimented.

hacker mindset was early in shadows life

A hacker embodies a boundless passion and insatiable thirst for understanding the complexities of a system, computers and networks in particular. They revel in the pursuit of knowledge and mastery, constantly seeking new solutions and opportunities for growth. Their drive and innovative spirit inspire and are inspired by the hacker community, where ideas and knowledge are freely shared and valued regardless of their origin.
--Silk

Which sources did you generally use? Other than tryhackme or hackinthebox.

shadow is older then tryhackme so started out on hackthissite

if that is what you are wondering for site hacking

other hackers, books, experimentation

Hm okay cool, any decent reads you can reccommend? I want to expand my knowledge a bit

also for fun watching defcon talks

nope. all this was from 20 years ago

#bookclub and #resources will give you long lists of things to read or watch

but if you want instant recommended reading from shadow:
extreme privacy what it takes to disapear 5th edition

Thanks! I have knowlege from around 2020 and onwards🙂 only really got into computers then

hello i am getting an error of ``` error on word restored: timeout occurred during the request

https://www.youtube.com/playlist?list=PL6QImKThTOUisMU5DASDCullicZslFERa @elfin hamlet

that playlist is a lot of fun according to shadow

which is the one ordering it

i have restarted my machine many time but didnt work

This is so old, but still a banger video.

That was what got me interested in Red Teaming back in the day. :D

yeah dunno how to link a youtube playlist without linking to the video

it is not just a single video

Remove v=...?

I am guessing, but you could try.

figured it out

Seems that was correct.

Also based.

I wonder whether people can tell that I am bored yet.

When it's quiet here, either everyone is asleep or solving room's.

A silence

https://tenor.com/view/kedinehir-nehirkedi-mitcikedi-gif-9396221664717142950

Silence broken.

Thanks

Gave +1 Rep to @lament tendon (current: #41 - 267)

LuL

mpd-discord-rpc is unintentionally goated

It's pretty dang good.

Did turn it off for privacy tho.

Did you know that you can design custom applications via discord dev portal for that and then just run a python script with an inf sleep in order to display literally whatever you want?

Neat little trick to look cool on Discord. xD

yeah...

shadow leaves it on as an example that you can get music recommendations from shadow in the same way people do for spotify

Whaha

What application are you using anyways?

I pivoted from that TUI player you recommended to just using Navidrom through the browser when I am at my desktop.

UI's pretty decent.

currently using rmpc

which is a mpd client

using beets to manage the music files though

Hi does anyone know anything about demon linux

The distribution or a daemon process?

No

Makes sense

It a debian based projected

I cna't find the iso

I see. No, then.

I wanted to try it

I gave up after install it bare metal when it was recommend to do it in vmware lol

https://www.demonlinux.com/

I can't find the iso there for some reason

I went to there github and it still didn't give mea download linux

there is no iso on that site D:

yeah idk why it just sends me back to the website

well... they say new release cooming soon

been like that for a while

Is there any reason why this would be better then just default Kali?

idk just wanted to try it

You get a cool little demon with you

i do have kali install for my vbox to

Totally valid, just asking.

default kali or parrot os is probably more userfriendly for now

Strong argument.

lol

also seems they like to use a consistent colorscheme/theme with dracula ;D

I tried them i mostly use kali

I'ma just use they're github to set it up

i just wanted to make sure they didn't have a iso some where that i didn't know about

https://media.discordapp.net/attachments/805173366389997599/1224334942033678527/4x.gif

fun way to potentially break software:
git commit --date

Hello Shadow!

ello darkfly

How're you?

kinda tired but also writing things

systemd service sandboxing is whacky

Hello everyone, I’m new to chatting in this space (not sure if this the right place to ask this). I see there are tons of tools and resources out there, and I honestly get a bit overwhelmed by all the choices. How do you all handle this? Where should someone new start when it comes to learning these tools, and what are the key fundamentals or core areas you’d recommend focusing on first? I know some networking (not crazy tho) and comfortable in the command line, at least with the role that I'm doing right now, but I have always had interest in cyber space, just curious

nmap and wireshark are the tools shadow would refer to you to learn first
but note taking or rubber ducky debugging/teaching is the most important skill to retain information
and also get good at using search engines to find what you need

I finally fixed my SSH port on my server and can connect over the internet, sweet!

now install fail2ban and accidentally ban yourself

I act already have that

Also my SSH doesnt use password xP

Keys only

niceu

Now to test if it work with VPN tunnel

don't see why it would not work with a vpn tunnel

unless you are refering to jump boxes to access said machine

Im about to find out

Nope

Gonna try again

shadow is in the uncanny valley of understanding :P

thanks for the feedback, I'll def have it mind. I have been doing some of my own docs gitbook so far it has been good, trying to get RHCSA since in my job will be valuable, but I have always liked cyber roles as well

well enjoy the journey and learning new things every day :D

and time for meepy mooopy sleep sloop to beep boop while merp morp

Hello there

I want someone who could help me hacking and i would pay them for that

this isnt really the place for hiring hackers

but what else is this place for

i dont come here to learn

task 6 for metasploit is frying my brain

exploit

are the blue team career paths good ?

are they as good as lets defed.io for exmaple ?

Defo worth doing

does shadow always refer to shadow in 3rd person?

So ive been thinking. Idk if the pentest route will be a good fit for me. Even tho I can do a thing or two

Seems super stressful and clients want the cream of the crop

HTf you beat that?

You could always bug bounty and be your own boss

Tbh could just go back to g*******ing

Bug bounties aint gonna pay bills

You'll make more doing Door Dash

ok

I used to do it back in the day

I got good tech

Maybe I'll get lucky like with NV Medicaid

Their stupid SQL injection lol

(They patched it btw, but was total accident.)

what is g***ing

Greyhatting

ooh

I didnt want to say it cause taboo n stuff

yeah but i thought it was something else that seemed more strange in context lmao

Sorry for that then

I truly meant greyhay

Greyhat

Grayhat?

Idfk lol

atleast its not goon

public discord servers have their messages scraped and indexed so i wouldnt talk about that stuff

Told ya

Whats a good OSINT tool to search up my name im a newbie to all this and wanna find out what comes up

sherlock

Google Dorking

Ill try both and lyk how it goes 😅😄😬😥

Dont get banned by ISP if you go the dorking route

Itll happen

what why

Happened to someone I know

Also

google dorking is just using google more effecient lol

Google doring can expose tons of stuff

ISP get paranoid about it

Youll commonly encounter capchas

i mean if ur doing it illegally then yeah

but thats not google dorkings fault

Never said it was

It just exposes stuff you wouldnt see

Normally

I used to find all kimds of crap with that sht

Uhm well i used sherlock and it just gave me a list of usernames including one of mine but nothing connected to it like posts etc i was expecting a spider diagram of all the bad things i did in my life

Im very happy no such spider diagram exists

You all need a real competition

now look ur name up on google and add spokeo to the end of the search

Ayy spokeo

This stuff makes me very shaky

I use that

Brb

yeah fuck whoever sold my data to spokeo

Same lol

Bastards

It seems that everyone else who shares my name is a woman

oof

hi jordan

I think im all clear

Well except for advanced tools

Which every cyber security hiring company will probably use

ur full name?

i bet some pyblic database website has you atleast

oh, well are you not american

ur a ghost then

I searched my number once and legit found my street address 🫩🫩

Should not be that easy bruh

its fine ai will kill the internet by 2035

I use chatgpt more than i use the internet and i give it so much data

I hope they give that to my future employers though

Very studious over here

dont forget to give it ur api keys <33

ai layer 3 information cycle inc

Ive probably done that on accident knowing me just taking pics of whatever comes up on my commandline

Im such a noob i know

I only use it when im stuck and then i try to learn why I got stuck so its okay

yeah but what if ur gpt confidently lies to you

😭

There was this one time that 6 of the usernames I use ended up on this arabian dating website

just read the output and try to understand it because using ai will make your brain mushy

if i get a cert and want to "print it" or share it, does it pull my username or full name for the cert?

I do try but only for so long lol otherwise i give in but yeah dw ive been told this before lol

hmmmm, to post or to not linkedin post

https://tenor.com/view/bobawooyo-dog-confused-dog-huh-dog-meme-shocked-dog-gif-16713203299056947073

Who thought of this 💀

That has to be fake

is it sora

it was a hot post on /r/aivideo

i set up like a randomized dork query chain with pagodo, my router got booted offline and i was doing it as safely as possible

holy cinema

heyyyyyy

Time to hack

https://www.analyticsinsight.net/amp/story/programming/top-10-python-libraries-for-cybersecurity-in-2025

My favorite is when Stephen hawking is in the battlebots and Einstein is controlling him

I once saw Stephen Hawking climb a wall with no rope

He's bad ass

If you don't believe me, I have a blind friend who also saw it

I had no idea until my deaf friend heard all the commotion

does anyone have an online tool for cracking hashes? hashes.com is down and this hash isn't in crackstation - it's for THM room Hashing Basics

The best joke is:
"Stephen Hawking walked into a bar"

try john

or some tool like that

ok thanks

no problem

Crackstation
Hashcracker

or you can identify the hash using hash-identifier and decrypt using hashcat -m 1800(use the specific mode by going through the hashcat page) hash(store the hash a file)

https://hashcat.net/wiki/doku.php?id=example_hashes

Can't you do that using john?

yea the hash is not on crackstation - I started down the path of john/hashcat - just odd the room says "use online tool"

multi tools

I never listen to such remarks

yes

Amazing

john --format=md5 hash.txt

Yep

but u have to identify the hash format

i love cats

thats why hash cats

Fairs

https://tenor.com/view/kat-cat-kitty-kitten-cats-gif-4186602401456915754

I remember using John for something in event horizon , so I thought it should be best solution (as it is the only tool I know how to use )

you don't have to identify hash type with john

it will try and gues it

hello

Is there for game hacking server?

meaning?

Have you tried gamehackingservers.com?

?

or how about comeondawgjustgivemetheserver.com

there is the server for gamehacking

is there a server? is that what you are asking

We are a cyber security Discord server

anyway it is a rule violation ig

Ig he's seeking a server for game hacks/cheats

yes

we do not condone hacking, please read the #rules

Hashcat is good

try going to trypirateme.com

You're at wrong server atp

hashcat john and hyrda can do the job

cybersecurity is just a lot of research, agree or disagree?

shit

I'm leave now

a lot

Cybersecurity is applied research

yea, this is a better phrasing

let me ask echo to clear my doubts

echo doesn't know its foot from its mouth

if you ask it it will say hello im here to help you with cybersecurity!

have ever any1 tried out HTB

a few have done htb on here, it's more difficult from what they say

their PWNBoxes are awesome and the loading time is ❤️

Hackthebox is for intermediates at minimum, I wouldn't recommend it for beginners

tryhackme is better then htb

expensive but how much better is it?

i started an attackbox within 20 sec or less

for beginners it is perfect

are you talking about tryhackme or htb but thm is better for begiiners

Hackthebox is amazing, just not for beginners

thm obv

but the tier 0 easy ones are good if you want to practice ctf as a beginner

Think of tryhackme like freecodecamp but hackthebox like leetcode 😂

freecodecamp is built different 🙂

Both are amazing in their own way but have different target audience

absolutely

For a beginner I can close my eyes and recommend thm without thinking twice

have fun with nodes my friends

Where's cloud security 😔

devsecops for a later time

now i have to face a boss fight

https://tenor.com/view/benjammins-too-much-time-bum-unemployments-final-boss-ceo-of-unemployment-gif-11760137557666773477

Thankfully I got a job but I am trying to transition into a niche

I need a job so that i could transition

what does mean by this

how

I wanna focus on redteaming but specialising in cloud security

all the best

htb is so confusing have you ever done that

Because it's not for beginners genius

0/10 ragebait

I also recommend portswigger labs if you're interested

Best labs for web app pen-testing

I have way too many subscriptions rn XD

Can't add 1 more

I just mainly used portswigger, owasp juice shop, htb and thm for now

100% agree

I always go by this motto in life "Improvement begins at the edge of your comfort zone" and BOY does htb make me uncomfortable at times 😂

Do you take AI's help if you're stuck?

Same

But help while stuck? No

I use AI for scripting n shit imma keep it a buck

But the general logical flow? Nope

We have to integrate AI in our career in one way or the other else we will simply be left behind in the race

💔 😭 sponsor of my past project wrote me he'll drop ipv4/6 sponsoring if I won't return

GG

Cuz current owner is "unintelligent"

And whole infra relays on the sponsors IPs

fun

Seems like you don't have a choice now 😂

My creation gets ruined by new owner

I don't want to do comeback

Tough

But in the same time I don't want that project get fucked

Cuz a lot of apps and students rely on free AI API and VPS services

What's your action plan now

No idea

does portswigger offer free courses?

There's another reason why I don't want to return

I'm just 15, I'm not best person to handle huge projects

The courses are free but to do some of the labs like for example using burpsuite intruder, if you have community edition u are heavily rate limited

And new owner is over 18 so

Tbh he did nothing after I left the project 💔

He just acts sometimes stupidly

is the Apprentice ones the basic ones

Yeah they are like 1 liner labs

A simple ' OR 1=1 -- type shit 😂

<script>alert("HI")</script>

My friends website was vulnerable to SQL injection btw

And to that too

This happens when you let ai code

Free AI

I try it everywhere

Me too

Bro I did a pentesting project for a client and their had their API key hard coded, let that sink in

but once a government website raised invalid entry

and some detection BS

you mean in source code

Most websites I've pentested were vulnerable to time based SQLi

Ye

rip mahn

do you know where to see latest domains bought

Not sure actually

My not friend this time had their admin api key hardcoded into frontend

i want to try out the cyrillic typosquatting

Which could be used in backend

That was 1 minute compromise to admin panel

No jokes

F12 -> login field ID copied in admin -> search -> open script it found match -> look for id field there -> find the key 😭

W

I mean L for the guy

is there some software to override recaptcha

Yea

I also in the end reported this to DPA cuz the website has no privacy policy whatsoever

Nice

(no I wasn't hired, yes I did grey hacking that time)

Owner also got informed of that but he denied to do anything about it

That's when I escalated it*

• data was possibly breached several times by that time

I never got the opportunity to do white hat hacking

I mean white box

Oops

I always did black box so far

You'd be surprised how much info u can get by simply doing url/robots.txt 😂

Ik

I do that all the time

Gtg

Bai

Have a good one 👍🏻

Imma get going as well

What is assembly language?

a very old language used to interact with the computer's hardware

its a low level language, i.e harder for humans to understand by just looking at it

It's not old

It's literally still used now

at the end of the day, your high level programming languages just compile or translate to ASM/Machine Code

Well, it was created in 1947. thats kinda old

Old in tech implies out of date

Yeah okay, its not out of date but it is old

I hate assembly 😀

Ah the dark days when I had taken the microcontrollers and embedded systems course

But unfortunately it has a huge application in cyber security as well, I'm not looking forward to it 😂

assembly killed my christmas once

How so

is this you

yes

oh congrats

Ty. Going through the jr pentest route rn

Gave +1 Rep to @candid sentinel (current: #574 - 12)

guys where can I ask for the osint ctf help?

which ctf?

Hello Everyone i'm newbie

welcome

welcome

Sup sup

sup bella

sup t1mo

Its hackathon in my country and today is osint challange which i cant solve idk

Its just a website with leaderboards nothing else

we cannot help with an active CTF

hii snowie

its not an active its just new at this point you can do it anytime

AMWaveHi

Why do so many people switch to Linux?

I switched cuz I wanted to learn linux

for fun

but then I realized linux is actually better than windows for me

actually it depends on the person tho

i use windows and linux

I use windows still too

for gaming

gaming on linux is pretty hard to setup ngl

but for some reason

i get the blue screen atleast two times a day

in windows

I even did a fresh install and diagnosed my pc. there was no problem

Linux for hacking, Windows for everything else.

Windows 10 support is ending right, no more security patches or updates. so after oct 14, 2025 all windows 10 devices wont get any updates from microsoft anymore, which means theyre gonna be super vulnerable to hacking and stuff. unless you got your own antivirus like AVG or Avast then youre kinda protected i guess

for me, windows for gaming and linux for everything else 🫠

To each their own. As long as it gets the job done

and a considerable amount of people don't have windows 11 compatible devices

are you still sick

What is this, being cheeky 😄 If you do not require windows for game/work
Ubuntu is your friend

ya 🫠

For weeks now, super sick

one week

G_dev1_Hajime_Cry

I was sure that you have had that (sick) for more than 1 week

do i need premium to start learn hacking?

100% NO

nope. plenty of rooms for free

Thank you 🙂

Larsbandage 🙂 you have THM, hackthebox.pentestlab, + a ton of other box/room based sites to play with.
Then you have youtube and start looking and learning tools for bug bounty.
Then the whole world opens up for Ethical hacking

i just asked, cause i dont want a new account on a new website, and then i need to buy smt and another thing and they have my creditcard data and so on

i just want the Exams from my teachers xDD

Just a joke :))

other question: can i change the language or is the language english and you cant change it?

cause my english is pretty bad 😐

What language are you looking for?

you speak french

Swe/Nor?

german

Oh you need to talk to your goverment to stop dubbing everything in to German

You will be in a world of english tools and portals and websites

I speak nor, but bookmol not nynorsk

oh sorry bro i am french and the englesh help for communicate

Germans are scared of english. But try and get better at it or have your browser translate eng - german.
But all the tools you will face will be in english

Imagine translating metasploit to finnish

i dont fear about english, if it is impossible to change the language, then i find a way to understand it

It would break from all the characters

HAHAHA

scared for GW2

Can we please translate python in chinese?

😂

or japanese

This would be very funny

I think Finnish is the way forwoard. that language is just odd

demn

might be right tho

I know I am because you were too sick to do a 4 hours CTF 😄 3 weeks ago

3 weeks???

Something like that

nahh not that much

that was cuz i had school work i'm sure

@narrow yew 出力する("こんにちは世界")
Thats just a simple print("hello world") ......... credits: ChatGPT

can i learn cybersecurity in this server ?

kinda. youll probably need to go to other places too but its a good start

have any1 taken the CEH ?

koth not showing ip

hey everybody

comment ça va??

hi all

should I learn C for cyberSec?

or c++?

if you want

Yes you should but i won't force you because its help you to understand malware

ok

Reverse Engineering is fun

but assembly is more efficient then it ?

yes , but i will recommend c family c#,cpp,c language to understand more about assembly

ohh okk

python for automation?

Yah

Like writing CVE if you found it manually you can do it automation

oh

Look at the exploit-db they're made of python

yes I saw those exploit-db exploits when I solved my last CTF

You hacked the bookstore? lab

nah other

cms made simple

ohh

where did heather go

who is heather

ah must be HTB then

well it was someone rlly good at JS who i wanted to pay to help me fix this extension

its thm not htb btw i haven't heard any guy named heather

can i see maybe i can help

hm what are the other like grey hat hacking forums?

yes sure i can dm it to u

@mossy river how's the build going

if you've started

Won’t be started until Sunday

I'm Heather

no I'm just kidding. who the hell is Heather?

ah

Hi Heather

@mossy river can you help @echo moss

Depends on what help is needed

i would rlly appreciate it

can we talk in dms

?

Sure

What is mandoc in Linux?

I was using the command "uname -a" for couple days but when I wrote "man uname -a" my termux said that it's not installed in my package so to install type "Pkg install mandoc"

Was it just a suggested tool to install? Sometimes if you type a tool in that doesn't exist, it will give you suggested tools to install that you may have been searching for

https://mandoc.bsd.lv

Try man uname without the -a

Ok

:hammer: bigeater101#0 has been banned.

lol gg bigeater

hello all, i'm newbie, i wan't to be a hacker, what should i do?, i just have android smartphone

You're going to have a difficut time just using a smartphone

Get a computer. Smartphone is way too difficult

welcome

Any chance you have a local library with computers you can use?

Good suggestion there

Or an internet cafe (if they exist still in your location)

I hate headaches before work...

Headaches suck period

Amen, it's just magnified by kids screaming

why difficult?

okay

Most the tools you will need will not be available, low processing power etc

ooh, i see...., thank you

Gave +1 Rep to @silver sky (current: #36 - 303)

imo the worst factor would be the small screen size, if you can get a monitor you can hook up to your phone it would be more possible

Hey widey

hey all im new aswell

🙂

dont mind the color or my name

New but mage level

Hahaha

what do I do?

I got a low end windows device

and

a virtual machine in it

on*

and find the privilege escalation room difficult gng

damn

It is difficult

Take your time

Jabba what is the best linux OS I should use for Vbox except for kali?

I'm thinking of switching

Me too i have low end device

what's athena

The wannabe arch os idk

mm

let say son of arch haha

idk how to explain

It just boils down to preference

If you have limited resources go Mint, otherwise just play around and find one you like

I prefer Ubuntu; nice interface, stable and I can set it up to meet my needs

Distro

gotcha

A Greek Goddess

the os

Pentesting distro

o kratos
makes sense

distro?

Distribution

Linux distribution

o

fairs

is kali the best linux for pentesting?

Yes

either kali or parrotOS is what people prefer

but you can use pretty much any distro

parrot is the colorful one

kali or parrot just come with alot of tools preinstalled

all Linux are good

blackarch is also an option but i think its deprecated

o

they all got the same commands right

like ls

ls -a

that stuff

I'm new to arch distro haha apt don't work

pretty much, although some distros might use other package managers, for example arch has pacman

sudo apt

but if you are starting out i would still to something like kali, parrot, ubuntu, mint

etc

kali currently

i would suggest configuring your kali to fit your needs, change your background etc

o I can do that?

look through the options

shi how fam

see what stuff does

help

what do you wanna do

background?

right-click on the desktop, select "Desktop Settings" or "Appearance", then choose your desired wallpaper from the provided options or by navigating to a custom image folder

said gemini, i dont know from the top of my head

ubuntu uses apt, right?

or no

on my

vm?

yes

yeah

any debian based distro uses apt im pretty sure

makes sense

hyprland is cool

im using i3

i use arch btw

guys

GMKtec K10 (Intel i9‑13900HK, 64 GB RAM, 1 TB SSD)

EWWWW

I am abt buying this one

what u think

i think my laptop is too weak for hyprland

I will put it in the frige to cool it down.

not bad, what gpu

hello i want to do my last 3 simulations from SOC lv1 i am individual so i have no that much money to but simulations i want certificate so i need to complete the simulation
can any one help me to sort out

Intel Iris Xe Graphics (96 execution units)

im sure that will be fine

its only 1k dolar

and mini pc

idk if you are joking, but i wouldnt

I'll take one extra cooling unit.

I will connect with usb

port

btw, hashes.com is back online... weird it showed offline for over a week and is all of a sudden back online

Can anyone tell me what to do with an IP adress

I have someone's IP adress

nothing

save it to one drive

you can have my IP @sturdy onyx its 127.0.0.1

have fun

Someone help me I am confused between three linux commands

which ones

-r , -a , ~/*

rm -r deletes all the files of a specific folder but what if I type rm -a ? What will happen

you can do man rm

shows you the manual for the command rm

Sometimes i used rm -rf * hahaha

it holds explanations for all the options

wipeout all file inside the folder directory

with asterisk symbols

you know you can also use a search engine

https://tenor.com/view/satisfied-viralhog-smiling-happy-delighted-gif-7757242892176384584

I did but the work of -r and -a is similar so that's why I am confused

Why would you need someone's ip

And what do you want to do with it?

don't do this

or use chatgpt

I deleted my linux serveral times using rm -frd /* --no-root-preserve or whatever its spelt

See on top most lines.
Both -r and -a did controled all files of a folder then when will I be using -r instead of -a ?

Goodluck bailing out moment

is there a rm -a?

Yes

in your screenshot you are using "ls" not "rm"

Oh my bad, but still

Even if you take example of ls

My question will keep relevant

ls and rm do very very different things lmfao

Well Yup

-a Include directory entries whose names begin with a dot (‘.’).

ah, yeah

-a also include hidden files. All files basically

-r Reverse the order of the sort.

-r for ls is reverse the order of the sort

-r for rm is recurse

So -r can do the work of -a also but the condition is that it will reverse order

the same flag does not do the same thing for every command

https://tenor.com/view/red-flag-red-flags-guy-running-with-red-flag-ignoring-the-red-flags-man-running-with-red-flag-gif-9274875786215349752

So that's what I am asking, suppose I am using rm or ls command then when will I have to use -r and when to use -a

i don't think so "." and ".." are not hidden files in your particular example

Hello No name!

it's probably best if you review the man page for rm so you understand the flags fully

My favorite ls command is lal or ls -al

you can install "tldr" on the command line too to get a more condensed version of man

Interesting

I found a typo in one of the new rooms

why i cant past images ? , is there anything i need to do first ?
ps: i just joined

Man-in-the-middle detection Task 1 spells wireshark as “Wirehsark”

I'd suggest man if it's a command you really have never used and tldr for familar commands that you need to remember the syntax of

Heyo

verify your account

https://help.tryhackme.com/en/articles/6495858-discord-how-do-i-verify-my-tryhackme-account

hi

thanks

+rep @lament meteor

Gave +1 Rep to @lament meteor (current: #1583 - 3)

Hai

can anyone know why it stuck and not downloading ?

Use localhost

i believe

lol my Kali decided to 💩 on me last night and now it's not working anymore.

KDE Plasma!

i want a WM

not DE

hello i want to do my last 3 simulations from SOC lv1 i am individual so i have no that much money to but simulations i want certificate so i need to complete the simulation
can any one help me to sort out

any error?

Any debian based OS you guys can recommend? I cannot stand Ubuntu so something easy to work with.

mint

then

linux mint

its like windows

debian

or Arch

hello i want to do my last 3 simulations from SOC lv1 i am individual so i have no that much money to but simulations i want certificate so i need to complete the simulation
can any one help me to sort out

Yeah wouldn't boot so I went into recovery mode and then after a while it just froze. I know someone warned me that Kali is unstable so nothing to lose here really.

what do you dislike about it

my guy.. you aren't verified and it seems like spam to keep repeating yourself lol

kali always gets unstable

I just don't like Ubuntu. I once had Ubuntu DDE and that was a good one to use. It was similar to Deepin but the problem is that those two distros are not being updated like it should so it's time for me to move on.

kali isn't really meant to be a daily driver

ubuntu is not great

yes I know, I wasn't planning on staying with it forever, I've had issues with it in the past but this was for learning.

https://linuxmint.com/

Ok I'll go with that then. Thank you @slow cloud

Gave +1 Rep to @slow cloud (current: #54 - 190)

can u explain please ?

i really liked it

Go to #site-support , not here.

use the word "localhost" in place of the IP address

your hosting it on 0.0.0.0 and trying to wget it from your private ip

i always go for the Cinnamon Edition

but you can use xfce or mate, whichever you prefer

http:// localhost : <port>

take the spaces out

Weird. I kept getting a voice in my head to go and look at Cinnamon, no idea why but it just did whisper Cinnamon nonstop to me lol

you can do that or use 0.0.0.0

but i am getting the file from the target machine and even this capture shows that its connected and responsed

Anybody knows the best place to deploy a bot or website

you can host it locally

or rent a vps

What do you need to host a website for?

what?

debian

run debian

you trolling me?

Why is this throwing error???

Give it a port no.

And remove the s from http

yeah i think the issue is the https

no

@slow cloud but when I paste ip it automatically become https even though I delete it and add http

Do you have to config /etc/hosts?

ig not if hes on attackbox

Eh I would still check

you can turn that off in firefox

wiat it that attack box

or your machine

Attack box

what happened when you changed it to http

wait nvm

i saw

@slow cloud I'm searching I could not find it

@blissful snow same thing came

hmm

really?

dude this mouse capture is driving me insane - how do i know when im hoving over something!!

is your really? an actual question or are you being sarcastic lol

an actual question -i've never heard that before. So kali would just be taken out for the pentest? or do you mean to create your own pentesting vm out of ubuntu or arch or something

that's from their docs

Hey people
anyone knows how to get IP of website behind cloudflare?

I got task from friend of mine to do that on his web, I don't think its possible but still will ask to be sure-

@jovial cobalt may I dm you?

just use it for a pen test - sure you can save your own scripts and tools on it - customize it some - but you shouldn't really be using it to browse the web, pay your bills, talk on social media - at the end of the day, it's completely possible to do it though

Some websites have shared IP's iirc

I can't find there on web

dig shows cf proxy ip

OH! yeah that makes sense - if you are doing normal people stuff i wouldn't be using a kali box. i thought you mean for daily pentests lol

Hello guys

of course of course. i'm definitely not in my bank account on kali

aha wait

Oh gosh ok its tunnelled not proxied

yep its impossible, im out

some people just use the default image from kali and don't customize at all - they boot it up, use it, tear it down, like a container

😔

i think kali has an official container tbh

but still - anyone have a cure of the mouse capture after update / pimpmykali? it's really driving me up the wall

you could also build your own pentest box - some people do that - keep it minimal and only put the tools they use on it - kali is nice because it comes preinstalled with everything - parrot OS came later to do the same thing

yeah of course i could just ubuntu and add nmap and john to it or something

exactly

plus there are other pentesting type boxes - but still what you know about mouse captures?

It just saves ur time that's all

ubuntu, kali, mint - all debian

No need to set up

how do i get rid of it! thats the question

its effecting my progress and sanity

what do you mean by mouse captures

it happened after my pimpmykalli.sh

then i tried another fresh box - and just after the upgrade it started happening again

i don't use pimpmykali so I'm not sure

like when you click inside the VM - the mouse cursor disappears and i can't see where it's overing

i make minimal changes to the kali image (that's kind of what I was trying to get at)

thus i'm having hte hardest ype clicking on any buttons, or windows or even knowing where the mouse is

.

i didn't use PIMP this time and its happend after my apt get upgrade

gotcha

what hypervisor are you using?

i thought it was the vmware tools issue, etc etc . i've been googling for 2 days

i have never heard of pimp

i'm on vmware currently

pimpmykali.sh by dewault? it's pretty nice to fix up some stuff.

offsec has a page about it also

idk i never used it