#general

I knew plenty of people who more about Log4J without knowing so much about minecraft, they're not gamers.

I'm a massive gamer, and I don't even associate Minecraft with Log4J.

can't believe 🙂 When Log4J was released, 100% articles about it mentioned minecraft servers 🙂

Then you do you. 😄

I am gonna go drink some tea, and touch grass

thats a lot of numbers and letters

Nah just being stupid lol

hell.txt

I can't solve crypto, I never studied it, because of Math

Well, it's hell for me

gg rooms got crypto

Yeah

I'm restarting THM cos I keep forgetting to take notes and then I end up losing myself in it all

gg man,hope you solve it

Thanks

Gave +1 Rep to @topaz steeple (current: #237 - 45)

Well, I will be back, gonna go drink and touch some grass

One of the main rooms I keep forgetting to take note on, I realise it is its own thing too

Yesterday, for the first time I have used Claude for one particular challenge. Because my approach doesnt work (in the end it was broken room and it was impossible to finish it :D), so i tried. Here is Python solution I got from AI. 🙂 AI will definitely replace developers and security researchers. 🙂

python3 << 'PYEOF'
import hashlib

data = open('dog.jpg', 'rb').read()
target = hashlib.md5(data).hexdigest()

# What if we just need to prepend or append something that
# the server strips? Like a BOM, or whitespace, or null bytes?

# Test: does prepending 0 bytes change anything for the server?
# No, we know server stores exact bytes.

# WAIT. The "already uploaded" check is by BYTE CONTENT.
# The MATCH check is by MD5.
# So if we upload dog.jpg, it says "already uploaded" because 
# those exact bytes exist in the DB already.
#
# What if we can CLEAR the "already uploaded" state?
# Or what if there's a race condition?
# Or what if we upload to a different endpoint?

# Actually... the REAL question: can we just delete the original 
# dog image from the uploads and re-upload?

# OR: What if the challenge wants us to create a JPEG where:
# 1. Take a DIFFERENT image
# 2. Use fastcoll to make it collide with dog.jpg's MD5
# This requires a CHOSEN-PREFIX COLLISION, not identical-prefix.
# hashclash can do this but takes hours of computation.

# UNLESS... the challenge provides BOTH collision files somewhere?
# Maybe there's a second dog image on the site?

# Let's check: are there other images on the site?
print("We should check for other images on the site!")
print("Try browsing /static/ directory, or checking page source for other images")
PYEOF

Execute it and send me result.

Btw, Opus 4.6 :)))

Oh god.

too dumb to even understand this wall of text

use the ai to use the ai

It read file. Then wrote 20 lines of comments and then just printed text that we should try to search for different images. 😄 You will understand after you will be on last Valentine ctf 😄

Says google cant be reached but other websites I can connect, AVG ( don't hate) had web shield on but I turned tha toff

What are you trying to do?

you mean Openclaw approach? 😄

what room is this ai waffling about

Just access websites, now another website isn't connecting.

Are you on host or VM?

Host

Tried flushing and renewing your DNS?

Or are you routing your traffic via THM vpn?

last one in CTF... i had correct solution - two separate files with md5 collision, but room was broken - so i thought i have to have some help from AI 😄 It ended up like this... Instead of saying me, that my solution is correct and room is probably broken, it sent me scripts like this every time 😄 Random bullshit

I've been doing a lot of stuff trying to get SCP to work between two VMs on different devicees to work. Musthave chagned something I've forgotten

Hey can I ask where the questions and problems room is?

Port 22 might not be open

🤓

Wheres that

Okay guys as a beginner from zero where should I begin to become a pro hacker like ethical hacker

Do I open it on private or public?

Dumb question nvm

Start in SOC (blueteam) - only possible way how to get some employeement these days as Junior

#room-help or the path channel.

Not quite true...

Can't even find where to open it. Should I uninstall aVG and just use Windwos Firewall?

exactly true

thanks

Gave +1 Rep to @sick lance (current: #2 - 3950)

i'm addicted

Yeah but I gotta learn first because I am a beginner or real I know nothing so where should I begin from first

There are red team entry points, you'll just have some competition.

by some, I really mean lots.

To bass?

Password Hack Addiction

If he is asking this on THM discord, he will never beat that competition, that's why i told him to start in Blueteam, there is much much less competition

Just start SOC path on THM to learn basics, thats all

Okay blue team for beginner right

No idea of his error code helps

Ayo how good is Red Hat certified system administrator

chrome://flags

Disable QUIC.

depends where you want to work.

Yeah I'm using chrome only for my course

I know you're using chrome...

For example, banks in Switzerland if they are not using Windows, they are fully on rhel

That't why I told you Chrome://

Type it in your address bar...

I know, I;m jsut saying why, otherwise it's librewolf

^

So the certification is indeed good to have ?

as a proof of knowledge, yes. If you have that knowledge

err connection closed now

Thanks

Gave +1 Rep to @compact storm (current: #552 - 14)

Only VPN I use is the THM one for connecting to THM

Is doing OSINT an illegal act?

No.

However, what you do with the information you find, will detemine legal and ethics.

Guess it depends what you do with the info u find

Not proper i know

if its open and public its legal. depends on who u doing it for and whether the target consents or not

... "Target consents".

Yeah...

What if the information collected is shared with others

How will somebody know you're doing OSINT on them?

Sounds grey and sketchy.

Yo guys, when can I play king of the hill and not be clueless? I'm finishing CyberSecurity101 in 2 days is it enough or I must go through pentesting jr first

If you give information out you find, and they blackmail with it, you're also held accountable.

This is an example.

ig if its so damn public its consensual

Here are two OSINT to give you an idea.

1. OSINT an interview person to dicsover if you have common interestes you can relate to. -- OKAY

2. Seen a cute girl at location Y and want to get to know her? -- Grey and creepy.

ok lowkey thought people just do that

Which one?

not really a bad thing if u dont plan on doing anything with the info

depends on ur country law

latter

That's cyberstalking.

Illegal. 😄

Somebody OSINT you?

yea

lol

How did they do it?

naww

gurllll

Yeah, that's not how it works.

unless ur in the us or they have ur full name

Don't be a twat and victim blame.

Yh it is wdym gang, unless u live in the US ur pretty much cooked cos that's data they need to publish

usually its pretty easy to osint from full name especially if its in the us

like country birth vote, shit like that

What are they doing?

https://giphy.com/gifs/flight-reacts-stare-ucqjKHmdv9d2Arp54d

Then that's doxxing and very illegal. 😄

Yeah, I said it.

If you're victim blaming, you're a twat. 🙂

guessing they started with ur unique username?

A massive one at that.

whatchu mean victim blaming

or linkedin 💔

Spooks is petty much telling @fading perch it's their own fault for posting information about themselves, for people to find.

nawww frr that's the worst one

Ergo, victim blaming.

geez im sorry im tone blind in texts 😭

Fuck off then. 😄

Touch grass.

U can control the info u put on the internet never intended to blame them for doing so, it was a statement

i thought the way bro phrase it is more like ;
“im pretty sure that no singular person information can be that widely available on the internet”

GetContact uploads phone numbers of people who install the app, so tell me how that's their fault?

They can't control what a user installs on their phone.

"what the user installs on their phone"

hello Scrubz

r u fr

Are you stupid, or do you not know what GetContact is?

👋

not informed, no

wait but if its publicly available why did the person made it a threat in the first place

I see u obv rage baiting or just no social life so ima dip, again never meant to blame em; It was a statement

GetContact is a database with phone numbers and names.

If you give your number to your friend, and they install the app, guess what?

GetContact has your name and number on a public database.

So, again, how is that their fault?

wtf u got an article about that?

seems interesting

https://getcontact.com/

Here is their website, no need for an article for that.

if u change the password, anything else the person could threaten u with?

Do a search about u to see what data is linked to ur name and unique username. Nothing beyond legal shit u can do. If u aint got a full name of the person u kinda just gotta pray they aint gonna actually follow through. and obv block em

appriciate it

Will it solve all the problems?

nope

it reduces

I've blocked it but it still bothers me

Change passwords immediately and check if any unknown devices are logged in

Then inform the authorities

Gather as much information as you can

hey i am new and i want to lern ehtical hacking on this webside, but i ave to lern from the beginn and tried to lern the linux fundamentals but part 2 and 3 are premium content. can someone give me a tipp how i can lern all these things to get better i only did part 1.

Either get a sub, or learn the content elsewhere.

https://labex.io/linuxjourney

Is a good alt to Linux 1,2,3.

thanks

True Caller Rip off?

Tryhackme on valentines day should be tryloveme

I like this cupidbot

Because you only need to say

This is a challenge I defeated in seconds

fxxk it.This is actually an attempt to make everyone run around na**d.

I’ve seen a lot of these 'information-sharing' apps.

And the more people use it, the more disgusting it gets...

f

The Wi-Fi password is the simplest example.

exmpl of what?

Hi

If someone who hasn't come by even once in a year connects to your WiFi and installs this kind of app, you should get ready to change your WiFi password

However, for people like us, setting up a MAC whitelist is easy.

and WiFi password can't really be considered personal information because they are not unique enough and easy to replace

But this is just an example, referring to the information you authorized being used in ways you didn't expect

There was someone asking about this a while back and I forgot his name

Check this out - https://tryhackme.com/jr/cryptographypuzzlechallenge1

You mean my birthday, school i went to, childhood pet name isn't personal?!

Well shit

cupidbot went so eazy my fastest ctf challenge ever XD got all flags in 4 prompts

nice

In fact, this information cannot be used to identify you

https://tenor.com/view/the-password-is-password-secret-top-secret-bojack-horseman-gif-16179929

But it sounds like the answer to some recovery issues

GM

https://tenor.com/view/toasted-im-steaming-cooking-fail-gif-9211099152438865773

It's a Toaster!

Speaking of that speedchat, how did you set up a persistent shell?

I really used 'speed type' to get the flag

lmao

are you picking fights?

yo yo

with someone that designs malware for a living 😄

Hi

Helloz

I think we should start two listeners, copy the commands in advance, and once we get in, immediately open a persistent shell.

Moreover, we can transfer files in advance and use msfvenom to generate a reverse TCP shell binary payload for Linux.

Sup guys

When I unsubscribe, do I get remaining days?

My official course starts sooner than I thought so gotta focus on that

i think yes but im not employee

you get days up to when sub needs to end

Hey guys

Hi sup

Says today scheduled cancellation but still have 15 days

then you get15 days

it will stop to be at original end date

See how much i can accomplish, course starts in a week so realistically 7 days

what you pay is what you get

Man anybody done that cupid one??

i ctf for 9.5 hours today

Is anyone here ever made like, new technology or something of the sorts

Has*

Damn man

How's that

Sorry wdym

Like, inventing something new

2567

67?

I am just learning reverse engineering

all easy room

lmao

That's like taking something apart

I'll look at the last three tomorrow.

Hello Everyone
I’ve just published a new blog post on SSH Port Forward and Tunnelling, ⁠ while acknowledging that many of us still find it confusing, no matter how simple they seem. As part of Project NetPivot-X, I’ve taken a step further by breaking down this concept with clear explanations and practical demonstrations.
Check it out here: https://teamsimple.net/blogs/ssh-port-forwarding-socks
Feel free to give it a ❤️ if you like it and share your thoughts

U done all of em??

Yes been Into something New

yes 2567

Is it possible to break down a phone battery without exploding it?

What is this

https://tryhackme.com/love-at-first-breach

💀 👍

do not try that in any cost

What are in the prize

you can't fix battery if you open it. and chemichals are quite dangerous when get on fire

Awww damn

I don't know, because the ranking rewards probably have nothing to do with me

yes you have to bite into it

if you'r batteri is pillowed, take it outside and put in some sand or so.

As for these completion rewards, they are lottery tickets. I don’t know what they draw for, but if you win, you'll be notified by email.

Oh nah i was just wondering just in case

chemicals inside gets wasted over time. you can't fix it, and there is no reason for it to do heh

special if you have LiPo batteries. they are quite dangerous

So the battery is quite literally a mini bomb

if handled wrong yes

when they get on fire is chain reaction and is hard too stop it

I'm guessing the time it explodes differs on the battery

when battery gets to be pillowed, alike baloon, then is time to say by by

at last that is case to get rid of it asap

could you guys teach me grey hacking

nop =/

why not

pt1, pt1 discounts, or shirts

there is no grey. if yoou hack without permission, is illegal

what if you're doing it for something good

i think this valentine's ctf is maybe for couple cuz i cant find shit

havent even looked at nothing yet

if you have legal permission that is good, as you say. any other way is illegal

it will be better if you dont

i cant type today omfg

still bing watching vinland going strong so far

well then do you mind teaching hacking

https://tenor.com/view/malicious-monkey-thinking-monkey-freaky-monkey-gif-17111090804698831003

we do a lil trolling

you need teach you self

Atleast you are doing something

i just played val and turned on the machine

Sisyphus.jpg

turned on in the sense

power on the machine

quick question. is the score board for the ticketing rooms module rigged? cause most of the guys that actually completed it first are not there, and it keeps changing

em

ticketing rooms has score board?

Can the government or anybody send me a message, and it turn off my device

Is that a possible concept

yep

you know what

man i dont like where this question is going

i have 400 points in lafb

Can the government hear your dreams while you sleep?

as concept, prob yes. in reality, i'm not sure that you are someone that government is interested in first place

thankfully not yet

Shii idk they be experimenting on the human mind probably

Ohhh you in Gaza?

if something is off its off

Free Gaza

They can see you willy from outer space

I wake up -> i feel motivated -> i open thm and power up a machine -> i fail miserably and leave

Ok

...

it's a song but sure

Yes.

Pegasus spyware can read your messages, calls, photos, location, turn on your mic, camera and switch off.

But what would the point in that be?

If your device is off, they can't do any of that.

i havent heard that one but sure

Womp womp everybody ping.

the goverment knows by knower

seems like a nice song

hi scrubz

hi sb.

i guess

ello scrub

I'm considering changing my name to 'null', this more confusing field

null is lame

Hello Relax.

Nah cause so many people probably have that name

Pick something unique

How2LaunchKubernetesAttacks

How about Not Null.

Thats a good nae

I actually don't like unique names.

Tbh, whenever I see Null, I insantly think of Nullsec

i see

Valid

I am thinking of my cod stats

0,73

😞

0.73 is still > than 0, so not null by definition.

https://tenor.com/view/listen-one-job-gif-12942767

actually it's not a point

.

Anyone love at first breach?

https://tenor.com/view/andteam-%26team-andteam-harua-%26team-harua-wave-gif-239835100684104357

No, I don't love at first breach, thanks for asking.

My wife is against me cheating

I completed the first 3 but stuck at 4 someone help?

Corp Website?

Actually, I'm about to solve the third one.

Yah no clue on site

Maybe my duo can help u

Okay let's do then

But a small problem came up, I should check it against WP later.

Is corp AD?

It was hard for me

But completed

@hexed rune

same

Did u finish the room my indian fränd

I have already written a key pair generator using AI, and it can predict the private keys of other accounts

But even if I have the private key, I still can't produce a signature that can pass verification.

😭

I have one clue

My script is indeed based on the steps on the help page, and it is in hex format.

so I skip it

Don't skip bro

I know I'm just one step away from success, but I really have no clue.

crypto is like this, right?

I think it's already pretty good to have gotten this far.

It's using pss padding

oh

that a point

Visit about page

Guys someone help me , when is my voucher going to expire?

Maybe I missed it, but in the end, I just don't know enough about it.

okey i know next

I did check the about page.

but missed it

The upper number

Got it but what about that active until part I don't get it

Expire day when you dont redeem then

thanks

Gave +1 Rep to @winter mesa (current: #1438 - 4)

Oo , thanks

Gave +1 Rep to @stuck ridge (current: #796 - 9)

havent

I have completed 5 rooms will work on more tonight

Mein deutsch freund

🤣

When I saw the task document for Cupid Matchmaker, I already understood.

It's about the performance gains compounded 😉. Anyone can be O(n) when you only do it one time.

It's most likely a challenge designed to trick Cupid into looking at your dangerous XSS payload.

just my guess

Tomorrow I'll know if I guessed right. I'm too tired to play today.

Out of curiosity, recently i got an email with this sub "Invite to meet with TryHackMe Product Team"

I successfully attended it ( virtually) ..can i expect some type of gift like voucher something 😅

Or is it common

i like voucher

Same here , my sub is gonna end in 2days ..I was expecting something in return 😅

I've received emails like this

But I wasn't involved

Any clue for the corp Website room?

Does anyone from LATAM having a really bad experience with the target machines?

Because my English is actually poor, ||I'm actually using translation to communicate.||

Ohh 🙌🏻

nope

You completed?

nope

does anyone know how to decrypt the masterkey for browsers?

i need to learn

hiii

masterkey for browsers?

Does anyone want to team up? I ve just started with the 1st one

Is there voucher for subscriptions?

That key management tool usually requires the password of the currently logged-in user.

wdym

For personal use, it’s almost as if it doesn’t exist.

welp

like discount ig

only through events

Or if you are student, you can get discount

Is there a way to handle
Payments aren't available in your region due to provider limitations.
without using something like Wise

ye

Until you try to remove password login from the hard disk image

use another bank card

yeah that works too ig

I mean it won't even show up the payment things

VPN?

Could it be cheaper in some countries? Just like on Steam.

how much does it show for you?

I never tried it

Thanks, would you recommend any videos on this topic?

Gave +1 Rep to @signal ingot (current: #414 - 20)

would claude help with that??

does extension on chrome will work?

i see

hv u tried paypal

em

i'm already a premium member!

yeah me too

I think it is a bit risky using vpn to buy subscription

i have no idea if its different depending on the region

not a bit

a lot

idk the payment settings won't show up for the subs meanwhile it appear when buying cert

even on different devices?

ye phone and laptop are the same

mine is monthly $6.99

oh yeah mine is cheaper than that

yeah try the vpn thing

whatttt

Some strict forums that I know of will ban users from posting if they use a VPN.

how is it cheaper

maybe different type of dollar?

yeah its like 250 rupees approx per month

risky, can i contact the TryHackMe member instead

thats like $2 something dollars

u mean the staff? i think so

i mean staff xD

how..

ahahaha bro was ready with his link😭

WHAT

Any networking student here?

im not sure i’ll lyk if i found something

baby networker here

baby networker

Yo i just realized that if the fridge have uptime, it will be 2 years 3 months 21 hours 12 mins 20 seconds

Dm , can you?

sure

yeah

Alright

i found the contact page on thm thats pretty much it. tryhackme.com/contact

okey it's too late 23:00(GMT+8)bye U guys

byee

Goodnight

because it is verified?

completed signed room too

alr thanks bud

Gave +1 Rep to @paper pecan (current: #748 - 10)

no prob. just hoping ur stuff settles quick :3

Monday to Friday, 9 AM - 5 PM (UK time) 🗿

wym by rank?

any channel where people just send python files?

wait

2072216

Is the THM website dashboard down or sum?

I am.. what do you expect

no 😭

I'm on 1st year wdym

sup

It's been acting all week

Hey for the first challenge, I have to guess the flag path? Or is there a way I can get to know it

sup zack

For the CTF, the Start Exploring button on the dashboard seems broken. Use the link in #1469415359215042641 at the top of the channel

https://youtube.com/shorts/cKh6c9jUwc8 if you didn't already hate Ring/ Amazon. Here you go

I'm losing my mind with the response submissions, I entered the response 4 times , had to restart the page and then the same response was accepted

Does anyone have a python file that goes thru all your chromenium based browsers, finds the masterkey, decrypts and actually gets data?

now i am stuck at corp website

i'm watching umaru chan

hello all

Alr i understand..

and how do you think to decrypt masterkey in some fast time to get data, as you say

i don't know, i'm learning at this moment

Btw may someone spill some cybersecurity roadmap

getting key from hash or so is quite time consuming

god tier taste

looking for a pythin mentor tbh, and i dont mind paying
i can tell who is a scammer/bot, so be wise and have VERY good and solid python experience
i will be like testing u if u dm me, i want a good quality teacher for py and i WILL pay if u want

how many cost premium?

130e cca per y

Spend those money in premium on platforms and self-learn python

Ah yes you can do it on Linux the Brave comment was more for phone based stuff

Hey everyone, I'm really into cybersecurity and hacking, and I'm always looking to learn more and improve my skills. I'm dedicated to getting better, and I think collaborating with others is a great way to do that. I'm hoping to find who are into the same stuff and might want to work on projects together.

Let me know if you're interested in connecting and learning together Looking forward to meeting some new people in the community!

quick update on my room: i somehow forgot to use the most popular username for the credentials and wasted 6 hours

Wheat bread ok

Haaai! ^^ Wanna be friends?

BASED classic

finally completed corp webiste room

too

ok guys; give me terrible use cases for my clawdbot

signed messages has fried my brain harder than go/jo v. sukuna

mainly cuz i am no bueno con crypto

https://tenor.com/view/beyin-brain-komik-beyinsiz-akılsız-gif-13673887

stop using it

thats not a use case

; next try

any hint for cupid matchmaker after i 've reached login page

did you alr complete all the previous rooms

no just picking randomly

oh

ok i was gonna say:

https://tenor.com/view/horrified-funny-face-dang-ice-cube-gif-12839544880309883282

Hello everyone. I am looking for a grey hat hacker who can help me recover a hacked Microsoft account. For more info please dm me.

Hack nasa

k ill put in backlog

Debug endpoint

i know

Use gippty to craft a nice code to forge admin mssg sign

chatgippity?

Yes

Or you can do it on your own if you can code

yea that's why my brain was fried

i might just use python library but idk

i'm re-learning how RSA works rn lmfao

Thats how you do it

Imagine what the actual ctf will be like

i need to get my scripting game up

Yess sirrr

im the benginer

hello everyone

https://tenor.com/view/pastor-preaching-african-beninging-gif-10383264

hahahahah

beginner

yes

no benginer

Hi everyone! I just joined the group and I'm a bit new to TryHackMe and CTFs. Could someone please explain how things work here ? Thanks!

Uh you complete rooms and get points. The more points you have, the color on your name changes

Okay nice , thk u

https://tenor.com/view/tyrell-tyrell-wellick-gif-20209005

just throw your pc out of window will be a less stressfull

and if you don't you will find out the cybersec memes are real

https://tenor.com/view/hacker-gif-19996909

I wonder if these early TryHackMe rooms even come close to how good you need to be for jr pen test or sum

https://tenor.com/view/gus-gif-23309277

and when gus fring starts tryhackme

tryhackme fears not gus

naah they are just useless

i ve done so many but only burp and the gobuster worked out for me

So unless I can no-diff these rooms I’m not even a chance of being jr pen test level

unless you do a lot of ctf

you cant crack anything maybe

now i know opensource knowledge is much better

htb is more realistic than thm, but thm is good to learn the fundamentals with the walkthroughs rooms

Wow ok ok ...understood. I'll just lurk and observe for now, see how you guys handle things. I prefer to watch before I jump in.

classic

yeah agree

You done with the rooms ?

if I hadn't played far cry 6 i would've thought this is a real person

I didn't do any

Guys how important is the fundmentals ?

pretty important

🙃

have'nt you watched breaking bad

Im cooked chat

okay i wont skip and room until i fully understand evert detail

nop

how

why

that's great 🔥

watch it now

I’m not even close to how good I need to be in order to be a Jr Pen Test

and mr robot too

i'm in it

I mean I’m not going for pen test role but still

its okay just grind as possible as you can thats what im doing now

now i know 6 month roadmap won't workout for me

ohh

bruh

https://tenor.com/view/grind-never-stops-grind-never-stops-sunglasses-gif-16169280494046145217

Still I wanna do CPTS in the somewhat near future

how old are you ?

23

so what are u focus on now ?

Everything 🙃

i dont think its a good idea

Whelp.

try to to focus on specifc path first

Can’t rly help it. I wouldn’t be if job market didn’t suck

how good are you with the basics or fundmentals ?

Pretty damn good outside of AD

And networking

bro ai already fked most of the jobs

nice keep going then

ai didn't fix any shit so far

Yeah CCNA is one of the certs I’m going to work toward and I’ll learn AD more and more as I learn blue team, red team, and some sysadmin stuff

Altho the more I think about it the more I just wanna do Net+ cuz lazy

How long have you been in this field؟

it's been years after I last used this

thats cool man actullay thats my third day XD

who wanna inv me to their team for today's box?

nice

Windows.Forms app?

ohh there is people using windows here

Lots of ppl still use windows and just use a VM for hacking

ik im just kidding xd

btw does proton log our traffic ?

Maybe but probably not. Proton is pretty good

Their entire model is privacy so if they betray that they will lose a lot of customers

yeah understood

i do

Good day everyone) I want to join the team to complete the Valentine's Day challenge together, but the form on the website does not create my request, so I'm writing here)

I have the same question)))

check support

anyone tryna join me in love at first breach ctf

thank you) do you mean on the website? I think people are celebrating, it's not convenient to disturb)))

Gave +1 Rep to @odd heron (current: #3631 - 1)

i finally finished the metasploit module

took me a while

Can you meta sploit now

kinda. i don't think only the module provides enough knowledge to apply it irl

it will take more practice than that

i know how to use the tool, but there is a lot more to it, like detecting possible vulnerabilities within the OS

in the module we use mainly eternalblue, which is not as common nowadays (it's still pretty common where i live)

https://www.pizzint.watch/

thats looks so hot

is this a website that tracks spikes in pizza orders in the pentagon so we can track possible political decisions??

They've at least shown they've moved away from anti privacy laws in Switzerland, which does boost confidence a bit

what am i missing here

Guys I am fucked with that signed messages room

Please help anyone. ?

i've had this issue before

the answer is in the cve.org page for toolshell

My people. How are you doing

@gusty inlet how are you playing tryhackme in discord?

Go to #room-help

Wtf, how did it work

It is literally the same

there is a tryhackme app?

i don't know

CVE-2025-53770
CVE‑2025‑53770

lol its the dash

Not that im aware

lol

so stupid

Happy valentine's day 🎉 🌹

some MSF modules exist for that. Like wmap_* for web vuln scanning and post/multi/recon/local_exploit_suggester for priv esc. Nessus and ExploitDB (searchsploit) will provide info too

hello markiplier my name is everybody

seems slightly early

How so lol

isnt it feb 15 rn

Not for me lol

i dont think any time zone has a 24 hr difference

oh wait i thought it turned to 14 for you

mb

All good I know there's a variety of time zones in the channel

central standard is the only real time zone though

everything else is just made up

Lol

anyone did Signed Messages room ?

A few have

do you mean the one in australia

you did ?

idk their clocks run upside down

and their toilets flush the wrong direction

everything about australia is backwards

i just joined the love at first breach and i entered an easy room named CupidBot and i asked the ai chatbot for the flags and it gave them to me. LMAO was it that easy or it was supposed to be another way

Speed chatting is making me crazy

Yup it was for toddlers

+1

sooo you're telling me the first room is actually decently hard and requires quite a bit of investigation then the fifth room is just "hey AI, what is the flag?" 💀

yea

Yesterday was the birthday of CVE-2024-21413

🎂

so water gushes out ?

https://giphy.com/gifs/abdullahmk47-cat-gulp-glup-vwN2nKohPRTZwnK6Oq

@hardy cipher sorry don't check message requests often... shadows cheese knowledge is mostly from cheese.com but there are some other places shadow looks at here and there sometimes

is this normal?

sup

Dial up cave man internet?

yes, dialup was 56k speed

ftp.netscape.com

is that netscape navigator or something lol

Nowhere

Since thats not ethical

dark web

unfortunate

thanks for info

would u consider a hacktivist a grey hat hacker?

hacktivism is illegal

so u dont think "hacking" can be form of protest?

vigilantes

are protest illegals ?

taking down servers is illeal, even if it's a protest

it can be but its also still technically illegal depending on where you live i guess

i don't know of anywhere that would be legal though

Are you referring to exposing certain people? 🤔

well if the government can do it why cant we yk?

@boreal scarab aaaand here we go lol
https://www.youtube.com/watch?v=9LjgqZ2wP0g

you mean putting warrant out for arrest of certain people?

no bc im not law enforcement

that's what the government does

that's dumb logic for a start =/

so the governemnt is put backdoor access into our cpu WITHOUT OUR PERMISSION

alex, my nail broke

it's cracked on one side

no one will ask you'r permission to backdoor smth

paranoid much?

no its the truth its legit documented that they do that

if is middle finger, show it to the world 🙂

it's my thumb

from pressing spacebar too much

Aw cute valentines server photo haha

are yall doing the valentines event btw?

I didn’t know there was one until now

I've done 2 so far

=/

i had bump alike spot on thumb from space bar... was pain in ass to control fingers

I might take off all my nails

bella seems smart

off... that's going to hurt

just some 98 proof alcohol and it's off

ohhh

the paint thing... lol

it's just gel hardened in UV lights

acetone is generaly good for that kind of things

yeah

just smells like hell =/

hey guys it it normal if ur pc starts smoking?

totally

ok thanks 👍

you guys know any computer pranks?

THM also has a python course?

Anyone done with speed chatting ?

Yea you can fit a bomb in the cpu

Or just do that scary maze prank where there is a jumpscare

nice to meet you again

yess

is the THM certs worth doing?

no lmao

its just to learn

cissp and these certs are worth it

tho they cost money

like the SEC1 OR PT1 cert

comptia

not rn

ok thanks

frack... forget to calibrate printer before print =/

nice

can i get comptia pentest+ instead of regular comptia+

yea ig

you can get any iirc

hey! where can i ask for help with a pentest im doing rn?

outside project

i dont know where to ask

pentest as CTF or?

real pentesting

legally, got permission

im not sure that is smart to share that kind of info at first place

wdym?

to share data of pentest with rnd ppl... idk hoow to say

If it's a real engagement then that's private between you and the client

im just asking for help about pentestmonkey php revshell

because it doesnt seem to be working

i wont disclose any other detail

not all revshell work's

Lots could be going on. Shell doesn't work, something is detecting and blocking. Target isn't really susceptible

excuse me, but does anyone know how to get started with a room using Kali instead of AttackBox?

Warning: Undefined variable $daemon in /var/www/filehost/uploads/revshell.php

well... there is tyou problem

i thought it was some kind of bug or something

Warning: fsockopen(): Unable to connect to my.ip.address:9001 (Connection timed out) and this made me think it was some firewall shit settings

you have undefined variable

it always worked so thats strange

lemme see

what kind of pentest is that when you say it worked but not now lol

kali ctf and a rasp pi environment

$daemon =0

is it ctf or is pentest =/ dheck you doing

pentesting

well... the basic revshell and so things does not work in company size servers. at last not so easy

customer says its like self hosted

if network is firevalled and restricted it will not work

fair

closed port or so. blocked in/out connections, ...

thanks

If you're at least able to get a shell uploaded a web shell should work, from there if you can get a privesc then you could get a revshell on a port below 1024 which some are likely allowed outbound

okay does pterodactly panel have some sort of dirbusting spoofing lol?

it surely does

why isnt my website loading ?

guys what is the best VM free software for mac

could someone tell me

what website the tryhackme main one?

or like one of the challenges

yws

I am currently not experiencing any issues with it. If you are also Eastern Time it might be a problem in your end.

are you getting 404 or some other error code or just not loading in general

I am getting this issue recently for a few days as well.

what issue. not working can mean a lot of things

not that i can fix it probably just curious what the actual issue is

i wanted to post on itel some of the most yet unhackable form of communication ><

finally done with all the rooms

clear the cache or try a diff browser if that does not work that it might be on the server end I guess

depends on what the error message is

im guessing he got 404 since he responded that message of mine

I tried bro! I tried with Chrome, Firefox, Edge, Brave. Literally the same issue : ) everyday. I gave up

did you make sure the url is correct?

¯_(ツ)_/¯

I think I was getting 404 as well a little while ago but its currently working for me

it loads too slow or tells to refresh again and again

Maybe weak internet?