#general

you can enable few 2fa, depend of app and so. i have otp, pass key and hardvare key for protonmail

https://tenor.com/view/cat-cat-playing-guitar-jinx-the-cat-goofy-goober-gif-27109870

Imagine doing that either by the end of this month or at the start of April

and on proton i can select what i wish

12fdddd2017c2bb9e3a8406f3f34e9941af66ad6e89006f441e978e427b79307@shadowabsorber.com
if anyone wanna test if shadows email is working here is a temporary throwaway address :D

oh shit

ralex pressed yubikey in wrong chat

lol

Our does via face recognition and qr.( Something introduced this year cuz the owner of the group realised he has a clg and he shd mark his presense

oh, it is one that every press regenerate

different app use different protocol heh 🙂

true but you can do weird timing attacks with those

time to make my professors put some elbow grease into checking if the work i do is AI generated

indeed. but you can proram key to certein time that will generate few of them and only output one in certein time

spooky ghost 👻 🙀

https://tenor.com/view/conductor-we-have-a-problem-cat-cute-funny-gif-17168115721186324165

anyone know if tuta to protonmail or the reverse also works with fully end to end encrypted emails???

or is it only inside their own ecosystems

Got it! Thank you so much, Alexander! I learned a lot, and I will try the protonmail for a start first

Gave +1 Rep to @loud marlin (current: #23 - 452)

yeah they have free option... though better pay for it eventually

just proton pushes hard for you to get the proton unlimited at 9.99 a month to have their entire suite of things

As far as I know Proton is very restrictive with stuff that‘s not their product, so I‘d not expect that. Don‘t actually know tho.

but thats me whenever I see you lol
That I rush like a ghost! Or the cat in that sticker heh

yeah.....

proton also have some things liek that

Got it. Thank you very much Shadow!

Gave +1 Rep to @sand trench (current: #4 - 2250)

Honestly worth it IMO.

aww!

It‘s not perfect tho, I wish I could mount their cloud storage.

kinda agree but shadow wants to compartmentalise which is not a thingy everyone wants to do or needs to do

well... shadow can do things and send ralex email to check if things works... if wish

sure

If a cat does this to me, the cat can have all the treats I have in my pockets for sure.

ill dm you email. but i think is kinda obvious what it is heh

I honestly only use 'em for the mail and everything else is a neat addon, but I tend to have other solutions for it. E.g. using Mullvad for a VPN.

I can login now
But the courses are loading very slow

¯_(ツ)_/¯

The file share is really neat when you need to share larger files with people as well.

paid services of shadow:
tuta revolutionary
mullvad vpn
domain name from somewhere :D

Or yourself.

Where r u from, if you don't mind me asking

tried a speedtest?

I have a bit more stuff as I self host multiple things over a VPS. Too lazy to type it out on mobile. xD

Client side encrypted, of course.

But yea, domain name, vps, mullvad and proton are my main subs as well.

technically shadow has more paid services but not gonna list out everything as that would be a security risk to a degree

Yee, same.

https://tenor.com/view/dance-cat-glowsticks-gif-27381983

HK

having your own domain name helps a ton

Got two, even, because one is free if you pay for the other with my provider. :D

also domain names nowadays are surprisingly cheap

Honk Kong should have fast internet

Only using one of them tho, atm.

Maybe check your DNS

I just recently able to login and load the course

Maybe the thing is down because of the AWS outage or something.

It's working for a lot of people

Maybe 🤔

Did you try a VPN

good morning ladys

https://shadowabsorber.com is very boring

well... it works =)... you can also attach public keys and so on tuta ?

¯_(ツ)_/¯

How much, a dollar for a month then pay some amount?

they use other protocol for encryption then rsa

10 usd a year for the domain name
free hosting on github for static site

nope

But will try that next time

Try before u die

https://proton.me/support/how-to-use-pgp proton can do this

Right, cool

Tuta uses symmetric (AES 256) and asymmetric encryption (RSA 2048 or ECC (x25519) and Kyber-1024 as quantum-safe algorithms) to encrypt emails end-to-end. When both parties use Tuta, all emails are automatically end-to-end encrypted (asymmetric encryption). For an encrypted email to an external recipient, a password for encrypting & decrypting the email (symmetric encryption) must be exchanged once. You can then use the same password for any conversation with that specific contact: With Tuta you don’t need to set a new password for each email sent to the same contact.

Tuta’s automatic encryption works easily on all mobile and desktop devices. The encryption key is never shared with anyone else, including Tuta. Therefore, even if a malicious attacker intercepts the email message, they will not be able to read its content or attachments.

(joking)

Why does Tuta Mail not use PGP?

Tuta uses standard algorithms also being used by PGP (AES and RSA or ECC) for encrypting the entire mailbox. In addition, Tuta Mail already uses post-quantum cryptography (Kyber) for quantum safe accounts, which is still a work in progress for PGP. Furthermore, Tuta does not use an implementation of PGP itself because PGP lacks important requirements that we have for Tuta:

PGP does not encrypt the subject line (already achieved in Tuta),

PGP algorithms can't be easily updated, e.g. to post-quantum secure ones like in Tuta Mail,

PGP has no option for Perfect Forward Secrecy (already achieved for Tuta in a prototype).

In Tuta we can easily update the algorithms, and we plan to replace the current algorithms with quantum secure hybrid protocol in the near future. The flexibility of Tuta enables us to integrate an encrypted calendar, encrypted cloud storage and many more features much easier and faster than it would have been possible with an implementation of PGP.

Yes that is accurate Vigo. People use easy pins to login to their computer so if they use passkeys and someone gets their device, they are screwed lol

the encryption of subject line is important to shadow

as any meta data leak can be bad

fair fair

There is cloud hacking tryhackme

Speaking of VPN, why does ppl online NOT recommend using Opera's Free VPN?

They have vpns

I don't know

so because i've gotten these scenerios for the next interview- i feel like i could do a write up for them ? like instead of just discussing them i show that i know how to construct a write up and talk about it. maybe i could have a cheat sheet of some similes or metaphor for more techinical ideas to help fill out the grey areas

Is THM having issues again, Can't get a room to load for some reason.

free vpn = not free

good idea or over doing it?

May I ask what is being extracted from me to make 'free' VPN?

I heard Opera sold user's browsing data

if vpn is free. then person who own vpn server can read all data.

use payd vpn from trusted one

Mullvad

The Goat

mullvad, proton or some by own choice

Proton is pretty good

What about Vivaldi?

jsut know. if ding illegal things it might not protect you if some 3 letter agencies ask for data

idk. im on proton

Russian vpn?

what do you guys use for making reports? i just spent dumb long learning sysreptor and it's pretty cool - i gotta get my html on point though for putting my own graphics where i want them obvi

hey guys i got a question

question us

is it okay to create summaries based on Tryhackme rooms and post them on linkedin and github ?

Hey chat

i want to create a series of summaries of different subjects and use tryhackme and other resources to create beginner series

im still confused who is jabba

you mean like tactics, techniques and proceedures? ttps? if its in your own words you gucci

is thm emply who can tell you more of thing you ask

oh alr

can I dm them?

nah just like windows basics , linux basics , wireshark ex....

when he show's up here you can ask directly

Yea, THM seems kinda slow atm

ahh. i mean sure. you are just aggregating the information but you are displaying it differently. i'm sure you'll add more for other sources along your journey as well

i mean - it's just like keeping good notes

import re

yea exactly since i'm reviewing what i studied so i don't forget while progressing i said why not make summaries and post them on linkedin and github for more interaction

wrong window

hi

yeah i think that's all good - as long as you don't take their trademarked stuff or plagarize them directly

like what

plus you'll find more stuff - take a tour of hacktricks and other repositories

like screen shots of their website.

Does anyone know how I could find my buddies IP address?

oh nah nah

192.168.0.1

i'm using both hackthebox and tryhackme

cool

yeah you'll find alot of stuff out there

127.0.0.1

Ask him/j

what are you using to take notes? i started to use google docs after the 3rd time losing everything

Obsidian

Obsidian

https://tenor.com/view/bros-bro-high-five-dillon-duke-gif-24818151

sublime text\

but when i'm doing a summary that i post on linkedin i use Photoshop i have experience as a designer

cherrytree xD

this is an example

I like using canva etc

only GOATs use obsidian

th fk.. 🤣🤣

i mean word or photoshop are a better alternative on the long run

where are you getting your graphics for hardware and communication??

What site would have the largest amount of subdomains stored?

crt.sh

i guess

for the hardware i use cisco's icons they post it for free , and i download them off of iconfinder

I tried that, I am looking for words in subdomains only

not for a specific parent domain

ask chatgpt

She can not be trusted with this

you dont like it or use it? i was using it alot when i made my osi coloring book it just continued

the Cisco CCNA books are ELITE

https://crt.sh/?q=%25MBZ.%25&output=json

This does not work perfectly

yes yes. iz good man.. was jkin xD

but this would in theory find anything "word."

oooo i didnt know about iconfinder. nice thanks

Gave +1 Rep to @wicked lagoon (current: #2122 - 2)

no problem mate

lol why am i getting such shade for canva? their free tier does alot

I got this interview coming up and they gave me a bunch of scenerios to 'explain to a client' so i'm going to make a fake pentest report with screen shots of these vulns/exploits so being able to explain some interactions via graphics will help to 'explain to non techinical c suites'

i'm using metasploitable 2/3 and juiceshop to illustrate the issues

Best of luck 🫡

thanks dude. i dont' want to hope too much about it but i got to the final interview so i just gotta do this right.

You will most likely need to explain using comparisons, why this is a problem, what are the risks and what can be done to fix it

My advice, flag things that are potential or require complex as lower priority to something that has an associated high/critical cve

oh for sure. show the vulnerability - why it's vulnerable - show a exploitation example - suggest remediation and why the remediation is important

etc. i expect to use alot of similar and metaphor in explanation as well - thats why i was inquiring about graphics

you need to cover why this vulnerability is a problem. e.g. an attacker can download this exploit from the associated github and run against the target to gain elevated access

lemme pull an example, might be easier

Assessment Findings
1. Weak HMAC Authentication (Replay Risk)
Description
The agent communicates with the API by generating an HMAC signature only over the current timestamp. This means the signature is not tied to the actual request details such as the method, URI path, or request body. An attacker who can capture a legitimate request therefore gains both the timestamp and the signature and can replay them against other endpoints within the server’s acceptance window. The agent further exposes itself by printing the timestamp and signature to the console, making accidental leakage more likely.
Impact
This weakness undermines the entire trust model of agent-to-server authentication. An attacker who gains access to these headers can impersonate a legitimate agent without needing to know the underlying secret. They could use this to renew credentials, register malicious endpoints, or inject falsified monitoring data. Over time, this could erode the reliability of monitoring and potentially hide malicious activity.
Recommendations
The HMAC scheme should be improved so that it binds to all aspects of the request: method, path, body content, timestamp, and a unique nonce. The server should validate not only the signature but also ensure nonces are never reused, effectively preventing replay attacks. Console logging of sensitive headers must be removed entirely to reduce the risk of disclosure.
Business Impact
Major: Exploitation undermines trust in the agent ecosystem, potentially affecting monitoring across the organization.
Remediation Difficulty
Moderate: Requires changes to both agent signing logic and server-side validation.
Risk
High: Authentication bypass enables impersonation of agents.

CVSS v3.1: 8.1 High

IsUrgent: Yes

POC: replay.txt

ahh that 'why' is a different why than what i meant. you're right. i hope you don't mind i copy and pasted it as an example to keep in mind when i'm writing my reports

nah, no worries 🙂 these are actual findings just to make it clear haha

mullvad
ivpn
proton

in that order for vpns

yeah i figured so

they're written very nicely. clean and precise.'

Thank you :), if you need my metrics system can give you that too

what metric system do you use?

i was going by cwe and cvss

I use a bit of a more business centric approach, to make the vulnerabilities easier to digest

yeah i like that alot

the language used is business like but not too techy

critical
likely
major
hard

was the log4shell vuln

just found out my email passwords were fking breached

https://breachdirectory.org/

bruuuuuuuuh

welcome to the club

change it to winter2025

dude if i give them a report with metrics with an overview for remediation - they'll definitely throw in that monthy train pass with the job offer

don't steal my colour codes i called dibs on them

naah go for the classic
correct horse battery staple

I have seen this before

Tuta ?

Can't remember

OooOOoo i never thought of using my own color scheme

https://xkcd.com/936/

should we make it autumunal my dudes?

samhain approacheth

the colour codes are based on RAG, fyi

you don't want to steer too much from red amber green (blue for informational)

guess I can start using those randomize password generators...

like pwgen

get keepassxc

or bitwarden

was looking of keepassxc with setting yubico challenge-respond thing as password

If I saw this as a non tech individual, the colors r subtle, not too bright nor too dull, just perfect

ahh the old Simonides of Ceos trick

i was gonna use glaucus, zafre, eburnean - you know classic colors

thanks 🙂

Gave +1 Rep to @frozen hull (current: #291 - 31)

My passwords are in a text file in c:\users\vigorizatnte\not_my_passwords\definitely_not_my_passwordlist.txt

I think I am safe

yeah add some blastoise, ghastly and magikarp to make it even better

My son's name is Magikarp

when he's 18 is he going to become gyarados?

no that is first at level 40

Hey guys! Whats the recommended wordlists for usernames and passwords for brute forcing thm boxes?

rockyou.txt

sorry.. level 20

but thats only passswords

miss remembered that

seclists

/usr/share/seclists or /usr/share/wordlists has them

Do you use it for both usernames and passwords?

@thick shell Impressive introduction in #intro.

rockyou is default on thm for bruteforce. if thm dont point to smth else on some room or so

/usr/share/seclists/Usernames for usernames and /usr/share/seclists/Passwords for passwords

Usually it is a name wordlist for usernames and rockyou for pws

What Viggo said

i'm thinking of scripting a few things in to specifically do some stuff with these scenerios - is that too over the top and i should keep a couple tricks in the bag?

If you think it's over the top you can't do it. If you think it's not over the top you can do it.

It only matters what you think

https://www.youtube.com/watch?v=BEXDruMq6dI/

https://tenor.com/view/chappellesshow-dave-chappelle-crack-drugs-gif-18560143

this is starting to be a banger of a series

I see, iirc it has files containing millions of usernames / passwords. Now i havent done any complete bruteforce attack on any thm machine as of now, but wont this take alot of time?

@fair trail I accidentally found an anonymous POSt load on a sub....

I had not seen her in a long while. thanks

Gave +1 Rep to @sand trench (current: #4 - 2251)

you're welcome

wym

@sand trench you are in too info sec alot. How do you feel about ISO 27001

I found a vuln that allows me to post files with POST requests.

to be honest don't know much about that D:

I contacted the CTO of Globalconnect about it

From my work email for some legitimate powah.
But he is OOO

The ISP Allente pissed me off

So now they have a grumpy old guy after them

and the CTO of Telenor

Does anyone happen to know where i could find a vulnbox in thm, htb, or vulnhub etc that has ssrs (sql server reporting services)?

that's the only one i'm having difficulty replicating immediately

but i guess i could spin up a windows box and do the whole mamajama

But that takes time

yes. yes it does

He/She may be on vacation. I highly recommend finding out when they will be back on vacation and making sure you get into their house and wait for them in the lazyboy.

Then when he walks in his house you can say "I've been expecting you!"

hmm i think i found a couple htb retired ones that have ssrs available. i'll figure it out

Yes, it will take a lot of time. Usually the password is within the beginning of rock you. For username + password there are more clues provided to narrow down the list.

Guys the weirdest thing happened and I'm not sure... Usually our company doesn't advertise for pentest roles, they head hunt. I recently moved to data and am less than 3 months in my current role however I've been with the company for 4 years. So I asked my manager what he'd do in my situation and he only said he'll come back to me tomorrow.

Vigo says thank you shadow

Gave +1 Rep to @sand trench (current: #4 - 2252)

Thanks for the info 🙂 ill be using rockyou from now on. Btw, is aws having issues again?

Gave +1 Rep to @dark wolf (current: #85 - 117)

Probably lol

Downdetector says so

GG amazon

proving why the big tech giants is bad

Yep, didnt amazon say they fixed the issue?

the internet was supposed to be decentralised

but apparently 50%+ use aws

Look at this https://www.reddit.com/r/CrappyDesign/comments/1ocl3w0/aws_crash_causes_2000_smart_beds_to_overheat_and/

don't buy internet of things devices basically

yep

instead buy ploopy hardware

beep boop beep boop meep moop poop pee

ey the meep moops belong to shadow

https://tenor.com/view/hakannnn-erkemmm-gif-2598742263059534717

lol

https://tenor.com/view/howlers-den-who-gets-the-pokey-pokey-cat-gif-8874659858752863111

https://tenor.com/view/longing-longing-for-you-miss-you-missing-you-silicon-valley-gif-11909057

how HR team feel like when they make your life miserable

Why would you ever have to deal with HR

if not reporting colleuges

I am making new friends reporting people to HR every now and then

😭 think you making enemies

Im IT Security, they don't dare to do shit 😄

AI enabled printer! Get your AI enabled printer here!

https://www.hp.com/us-en/shop/pdp/hp-officejet-pro-8139e-all-in-one-printer

Well they deserve it and its not something they did per say.

Maybe storing videos for adults with obscene names on their work USBs etc.

That is for HR to solve

https://tenor.com/view/unfunny-black-guy-not-impressed-not-funny-ok-and-gif-21269558

Why does my printer need AI

They just dont think about XSIEM to store all content from any USB stick in logs

And that we monitor it 😄

AI ALL THE THINGS!

Enumerate all the things is the life motto

Hi are there any rooms to group up with someone on some security projects?

Are you looking for rooms or team projects

That's why when I am at the drive thru and they ask, anything else? I always say, yes may I enumerate you?

I'm looking for projects mostly

Hm what level would you say your at

but it is preferable that it is group work as in regular corporate work

stalker

Pen

👀

Don't worry, I won't stalk you

Are you sure?

Yes, I already have too many targets to go through

beginner I know linux a bit I've basic knowledge and few certf in SOC field but nothing beyond that

through or to ?

Are you wanting to make defensive tools or offensive tools

Depends on the subject. Some I can have others go "to". I just cross it off my list when I have the information I need.

https://tenor.com/view/catpopo-gif-14363104828101683866

I'm more into offensive but I know it's good to start in the defensive fields so I'll do both

which one would you perfer

offensive

hm ok

I guess search up offensive tools and start there

So you don't want a job , just learning for fun?

Most offensive projects are just attacking and making tools from what I'll seen so far

And for fun, not for a job usually

which provider is used more in canada AWS or Azure ?

me? ultimately I would love to obtain a job

then go defensive

but firstly I need to craft something to my portfolio I guess

Most jobs are defensive focused

1. Implementing XDR Platform using: Wazuh + Suricata + TheHive + Cortex

2. Implementing Threat Intelligence and IOC Correlation Platform (Wazuh + MISP + YARA)

3. Implementing Adversary Emulation & Detection Platform (Wazuh + Atomic Red Team + MITRE ATT&CK)

4. Deploying Compliance Assessment Platform (Wazuh + Grafana + OpenSCAP)

5. Deploying Automated Incident Response System (Wazuh + SOAR tool like Shuffle or StackStorm)

6. Implementing AI-assisted Threat Detection Platform (Wazuh + ELK + ML pipeline)

these are some projects that were adviced to me by an expert

I don't really like defensive its boring

sometimes

boring = less people doing it = more chances of finding a job

noice I'm gonna reserch these right away

good luck use THM & Hackthebox academy for resources

Btw THM premium is worth it

If you have enough ofc

THM yearly subscription + monthly student HTB academy subscription is a deadly combo

I haven't went back to hackthebox yet

its been a while

yea I've already seen some intriguing topics that are premium only, gonna buy it when I'll run out of interesting rooms

i'm following the SOC path on both platforms

goal is to get my CCD in two years

What is that

Certified cyber defender

one of the hardest blue team certifications

What after that one

i think it depends on the path you'll take

ah

BTL2 is also a great choice

I wish I could get crts

https://tenor.com/view/anton-karnov-pov-typical-anton-anton-anton-pov-karnov-gif-12875937738105798632

me too bro lmaooo

i wanna get my CPTS and that's gonna be it for me in red teaming

Nice

i'm focusing on cloud and SOC that's it

I wish I could join HTB server :(

I need to learn more about lcoud

sometimes i've been thinking about

you could ...

AZ-900 AZ-104

Me banned

passing my AZ-104 in december

I have no clue what that is lol

azure certifications

ahh

Just wondering are there 900 certs

or is the number something else

it's just a code

ohh ok

https://pauljerimy.com/security-certification-roadmap/

def a phishing link /j

thanks

Gave +1 Rep to @heavy storm (current: #1099 - 5)

oh no i've got clay in my eye 😭

I've been to a webinar recently where soc menager said that certs don't really matter for him rn. The key to land first job at cyber sec is having basic skills requied to navigate in soc and some type of thinking that's critical for this type of job, I can't really specify what kind that is, but he also said that it is better to have few github projects that show steps that you've made to obtain certain results

I dont know about you guys but I am done with recon. That alone mentality burned me out i know it's important but it's not need for most vulnerabilities out there.

Oh thanks for the tips !

Gave +1 Rep to @tribal tapir (current: #3229 - 1)

certifications + projects > projects

the guy with certifications will always have a better chance of getting an interview

Any certification is better than nothing these days regardless if it's well known or not.

unless we kidnap them >:)

Do you know any affordable certs

https://dragkob.com/security-certification-roadmap

Filter by price.

thankss

Also jsut wondering can normal people buy data from data brokers

just*

from some of them yes
not from all of them though

Ah ok

There are currently well over 450+ cybersecurity certs out there. There is no way one person can get all these certs. But Googles and THM is a good place to start.

How muc his stuff like that

I was going to do google cybersecurity cert but i stopped half way

i think googles cert is pretty worthless

Well there are 100s more to choose from just have to find one that will work for you. But the thing is EVERYONE is doing that certification. Which means the competition gets more fierce you have to find a certification that is high in demand.

according to the people here

Hey there!
Are you having trouble with a lost or hacked Roblox account? Don't worry, I'm here to help! 💡 I can assist with account recovery, password resets, and security measures to prevent future issues. Whether you've been scammed, lost access, or just need some guidance, I'm here to help. 🤝 Let me know if you need assistance, and I'll do my best to get you back in control of your account! 😊"

but idk, i didnt get it

ah yes

i think @gusty inlet needs his account recoverd

or @mossy river

Someone need any sorts of help or any type of script for ANYTHING?

The whole point of certifications is to get past those HR gatekeepers and get hired. Beat the competition I used to work with people who had all the certifications in the world but didn't know WTF they were doing.

There is a difference between theory and practical

Ok
He can message me privately

IMO you can multiple choice your way into a job in cybersecurity.

crazy

Just wondering does anyone know what they actually do

I never looked into this type of scam

you either pay them and they dont give you anything

or maybe hack your email

or account

idk

"hack"

you never know

Thanks for thr recommendation!

Gave +1 Rep to @slow cloud (current: #54 - 197)

:hammer: ericmatteo#0 has been banned.

dumbass backup script =/

$HOME/Working must be really important to back it up twice

I prefer me a good homelab with Seafile 😅

personally use pika backup

because don't really care about system folders.... as nearly all important data is in /home/

and /etc for customizations of services that you locked down

have copies of those in /home

also had to undo all the sddm hardening shadow did as it made podman crash with cryptic errors

😮
New Rules section?

Hello Shadow!

ello darkfly

How're you?

slightly excited for new art commission shadow is starting to pay for

Let's goooo

red motorcycle is now sold

does motorcycle go beep???

yes

also how much did it sell for??

Only if it’s backing up like a truck 😄 normally it just vrooms, not beeps.

https://www.youtube.com/watch?v=bKaeI61BtVc

https://tenor.com/view/gif-gif-8593213374087197675

870 Euro

sounds low for a vechile but what does shadow know

it's cause it doesn't run

needs to be fixed first

this website

is so peak ngl

@marsh lark

I have been playing CR for 8 years, but never reached top 10 in global 😮‍💨

Yo I reached 10K yesterday!

bmt is this clash of clans

better

https://tenor.com/view/mimimi-gif-12010519003275209713

pray tell?

Clash Royale

AHHH

tomato tomato 😄

Tomato tomato??

CMNatic this is the first time I’m ever disagreeing with you

Ayyyy up we’re moving up in the world

https://tenor.com/view/clash-royale-emote-angry-king-chess-gif-8475376968549347293

I can't find a good Netflix serie or movie for the love of god.

Nothing's entertaining.

Poking around a bit and seeing this on an RDP
OS: Windows 8.1/Windows Server 2012 R2
OS Build: 6.3.9600

must resist the urge

too poke

Just browsing a few IP ranges on Shodan, nothing too exciting.

"Blackbox"

Hi can somone help me. I’m stuck on an “wifi hacking” training. The goal of that training is to accses the admin panel of the wifi, but I don’t know how. I already cracked the hash of the wifi password by deauth the fake devices to force them to login again. But I don’t how to continue

Money Train, Suits, Breaking Bad (if it's still there), Blacklist

are you on the wifi?

Yes

and the admin page is not on the default IPs?

Better call saul

What do you mean by default IPs?

Don't know you well enough to know your tastes @gusty inlet

The office.

adminpages on wifi are usually in the same places

I find the humor lame and dry hahaha, brittish humour is better

look at your own router, on what IP is the admin interface located?

is it not the same kind of question here?

just enumerate all IPs?

@dark wolf Maybe I am all wrong here and not undestanding the issue

seems like a no brainer

Well I tried the default credentials to login but it won’t work. The wifi panel login is on 192.168.1.1 in the target wifi

I don't know Math, I'm working and not paying attn

I can help you work

@bright stone What have you tried

I saw these sora clips where characters from that game are on your front step. There's one where the hog riders break into your house

Nothing now, I tried to brute force. And I scanned the wifi on routersploit but gave no results

what router is it then

Your profile picture and IGN look familar

The router modell is Sagemcom F@st 5350

and what IP numbers have you found

Do not reply you used routersploit

THM has a wifi room?? whats the url

Its not THM

The mods discourage helping people with challenges not originated from here

Otherwise he would have said so

What do u mean?

They could be hacking someone

True

but if admin/admin did not work

he's out of luck

https://tryhackme.com/room/wifihacking101

😂😂 no, it’s an CTF training lab on Google

If he did not even scan the network for other IPs. Not much to do

But how can find the flag. I can’t continue

@WWW share it, I want to do it

We can do it with Viggo

he needs a break from work

Ahh yes, I've done that one

And I tried burp suite on the see the requests for the login page. And still that didn’t help

I need to do something, my grey hat is slowly turning dark by looking at all these IPs

I don’t how to continue with that CTF. And I can’t get hints

And you are not sharing the CTF

Give me a sec

So I suggest you move along 🙂

I am doing the Powershell room. First time I have seen it broken down like this. It's a REPL.

Tooo late, i've moved on

👍

Yeah I learned a few things from that room. It's kinda cool.

How do I hack library

Library say I have to pay library fees

How to change numbers like in Mr robot

?

Then you pay ofc

Huh

Move to another county

No I use kali Linux

To stop library

If you owe money you pay it

That is how life works

Huh

@gusty inlet knows

No

No I use kali linux to stop library

And stop the fees

Like Mr ribit did

Mr rabit is now mr soup

sorry

Kale 🥬

What library is it?

paramiko

uh

its illegal?

to hack library

unless you wrote it

Maybe he wrote a lib

made it an AI

AI is now pissed off

he means library

demands money

like physical place

yeah, C ? Java? Python?

right?

Oooooooooooooohhhhhhhhhhhhhhhhhhhhhhhh

Yes he does

@rapid merlin so like

the place

where you get books

right?

I know you never been there

i see

ofc he wants to hack his school lib or somehting due to the fact that he ows money

hahah i been there plenty of times

I just bought new book

in school you had to go to library to study

i had no internet

Maybe go back to mr robot.

withotu letting school know I broke old one

:3

no phone

But If he just tells us the library's name we can just tell them to add more to his account

id add there extra fee

"trying to hack lbirary"
10k USD

cuz

why not?

Well if he does the rest is easy

how many russians are there

https://tenor.com/view/hack-the-planet-keyboard-keyboards-twitchcon-bluvelvet-gif-15929096

CS GO with fire sign == 10000% russians

https://tenor.com/view/disgust-gif-21405981

It’s not Russian it’s an American podcast

Classic movie tho

my friend wrote website

I even have the script

added there ping command

The earths mantle has a CVE rated 10.0

guess how many vulns I found?

I can’t tell you what library. Developing kali linux hacks

we should exploit it

right about two vulns which gave root access

💀

I’m developing a device. Device generates unlimited WiFi anywhere you go.

Using kali linux. And library wifi

Its called unlimited sub to your cellphone service provider

😭 what what but that is illegal

for sure

he said WIFI

Huh

Well its a 4g/5g router

No it isn’t

Oh

you'r friends with Elon

Device makes unlimited wifi

Does it have internet?

or just wifi

because my Raspberry will do that just fine creating an wifi

Why post those referal links?

@dark wolf you can report it for me

im old

Idk it’s using kali linux

You have mentioned that a few times now

Yeah exactly

I’m using kali linux to make free wifi

Yes you told us

Bro either tries to scam or earn 10$

I reported it

There have been a few of those links today

If not wrong its referrals

For commet

If it were free Claude I would have signed up

Per user 10$

advertising

Yep

And also earning moni

Claude is a great AI

Plan to use kali linux to act as wifi router. And then connect to free school wifi

Human brain is great AI

I use mikrotik

And generate unlimited wifi anywhere you go. With Kali Linux

Amazing thing you know

I swear this that dude has about 90 lines with the words wifi linux and kali all in it

@rapid merlin

wat is kali linux

what is wifi

(other don't say a word doing test)

wat library are you using?

me too!

do you also have controller licence

i think its a bit overkill for my use case

I am the Mr robit

but i have it

hi robit, I'm luna

Or rather. The Mr Kali Linux Ribot

Now tell me what is kali linux

you are mr ribbit

https://tenor.com/view/koharu-bunny-eating-munching-bunny-munching-gif-14734225609698921002

Hii guys I'm not a professionel so I should to build a portfolio ? and makes write-ups for any room I finish ?

What are your goals?

Tell me more about the "everywhere you go" part

So you have kali, sharing schools wifi

how does it share it everywhere you go

And explain how mobile hotspot while phone is connected to wifi is not the same thing

uptoyou

I guess you could set up your own Cell tower

i really regret not doing streams when I did insane challenges

he can 3d print one

I might redo them for fun

If I find out how to redo a challenge..

I'm nee to this web still 💔

Didn't click all the buttons yk

Options -> Reset progress

on any room and you can redo it

no more points tho

Link to your GitHub page. And put all your stuff on there. Or LinkedIn

Idk I heard kali linux makes wifi

For free and unlimited

YouTube video

are you just trolling?

I think he is

Or he be special

I just reported

spamming

I can 3d print you something cute

Aha

Sounds fun

I can 3d print anything i want but i can't think of anything i want to print. I've printed more modifications for my 3d printer than anything else lol

Theseus stream commin

Oh wait. No nvm

I ain't leaking theseus

I'll stay loyal to it

Voron?

Or what printer do you print mods for 2025 that is not a selected few that is not Bambu

Prusa? But those will slowly die, Bambu took too big piece of the market

Ender 3d Pro

Haha Ender 😄

Got it 4 yrs ago

I have an old dusty one forgotten in the basement

V2

It works just fine

yeah

I have an P1S that is the best ever

And a few resin once

What do you print?

Things I do not need

hahah yeah, well we try and keep our place free of chachkies

Gadgets for home and gifts, cookie cutters for christmas. Nothing too serious.

or however you spell it

If you were in to resin printing I would hook you up with files

if system.isCrashed: system. restart(system)

IF system crached

there be no restart

System be ded

i love how i be getting stuck on some of the beginner module questions for no reason 😭

i might be cooked on some of the harder ones

💀

you cant know everything

for sure

Hi, i try migrate the process but don't work in room/blue , someone can help me

i love it when i give up and have to look at a walk through and then realize what im doing wrong, and it gives me the boost i need to answer all the other questions easily after feeling silly for a few moments

lmfao

sometimes you just need that one clue

yup

the walkthroughs are there for a reason

real

How about a bot that scrapes walkthroughs and does the ctf for you when you are sleeping

lol

😂

i try several pid but don't work

youll probably get a better response in #room-help

i cant wait to get to the blue team level 1 path

im excited to learn that stuff

Take a while with the new rate limit rules

👋

Hello No Name!

Hi

Hello Immortal!

Just wondering do I know I forgot people a lot 😭

Prolly not

Sorry

Ahh ok

Well hru

hi

hru?

I'm doing good
How are you feeling today?

no idea honestly

like a potato

worse

or better

no idea

is it chill if i go abit out of order for some of the learning paths? like doing the splunk basics in soc level 1 and then heading to soc level 2 to do the advanced splunk stuff for example

i think splunk is the first tool i wanna get super comfortable with

🤔

yer do what you want. i dont even follow a path

bet

I hope that your day is able to improve!

Going to sleep

Soon

Aka yes it will improve

As I love sleeping

But depends if someone will wake me up in the morning or no

btw that's great to hear

I don't even do the path

I just go straight challanges

i just do rooms i find interesting.

I just do either all challenges which are purple team

Or all insane ones

Or hard ones I find interesting

Insane ones sadly all completed

I don't have premium to do Osiris

i kinda wanna mainly focus on the skills that will be important for the job i want

but there are a ton of super cool rooms

im hyped to try

I am guessing... Pentester

nah

huh so apparently shadow is not the only person using shadow absorber as a username

Whuut

Soc analyst

did not expect that

pentesting is cool

i wanna learn that stuff eventually

Best reply ever.

(Im a SOC) So im all for it

maybe go for OSCP if i want to make myself suffer

really?

thats sick

I pentest at work, I manage our bug bounty program so I triage everything, and I can pentest all I want in our enviorment

And its alot.

But SOC work takes heeps of time if one allows it

is openvpn not working for anyone else? keeps disconnecting

cool if i add you so i can maybe bombard you with questions sometime

lmao

You have a fan then

Shehe have fans everywhere

There is only one absorber

Hopefully, no one has taken my name just yet.

I don't mind fans, but y'know.

they don't have a lot of following to be sure

only find them when running sherlock to find old unused accounts to remove

guys, rate my dog

don't want to ruin others days thats for sure

very pant

is it alive?

good question

Cute&goofy/10

Maybe its stuffed

and just resting

yea

Idk, they have their tongue out..

I am guessing dead

Some people even keep dead parents for company

I'm not fan of dogs

I hate them

But urs looks nice

Ig

Anyways gn chat

Hello if i want to take the 1 year of ine fundamentals that include ejpt exam + ICCA what rooms to finish in tryhackme first before taking the practice in ine for ejpt

Done!

thank you dkob

not sure if they posted in multiple channels but that message sure seemed sketchy

@boreal scarab how often use sherlock???

Hey guys easy question, doing a THM room where I've gained admin access to a Wordpress blog website. How do you guys usually go about retrieving flags in these situations?

Are they hidden in posts, dashboard?

Sherlock Linux?

https://tenor.com/view/shut-down-press-button-shut-it-down-gif-17603164

https://github.com/sherlock-project/sherlock

im still a noob with thm rooms but from what i can tell they could be anywhere. sorry if thats unhelpful

You're doing great. Keep at it 💪

Think I used it once or twice.

I'm a man of manual searches. Buuuuuuuuut I'll give that one a try

from wordpress admin migrate to www-data on the target machine by using rev shells

then from there use grep to find flags

woah

Haven't touched my Graphene phone in about 2-3 months..... it's so out of date lol

haha thanks

Gave +1 Rep to @topaz topaz (current: #235 - 40)