#quiet-conversation

ah. nice.

I wanna be 0x1

Why isn't it icalcs instead of icacls

This is really random, but I found a bug and don’t know what it is, I’m way too invested now, any recognition will be helpful.

https://en.wikipedia.org/wiki/Pine_processionary. Dont touch it 🙂

Also if you have a dog keep it away from them as if they sniff them the dog could have some serious problems.

I don’t think it is, it’s entirely grey and it’s alone, no other moths around.

https://en.wikipedia.org/wiki/Oak_processionary

They are not always in group

Might still be wrong tho

It’s wayy thicker and the hairs are only on it’s side, it also crawls

My bug knowledge stops here, I tried 🙂

Haha

+rep @full tapir

Gave +1 Rep to @full tapir

I guess you should start a bug bounty program 😆

https://en.m.wikipedia.org/wiki/Pachypasa_otus

Asked a zoologist friend, identified!

May I ask what country you found the bug? @ripe haven

Israel haha

I wonder what is the zoologist approach to identify this things. So many looks so similar

Heck yeaaaa

Moowo🥺

🥺

This is so cute

Also lots of pretty pretty flower displays

So beautiful ❤️

It's a hairy caterpillar, I can't tell you which species it is as the picture is too blurry.

It was identified xD

And no, it’s a moth larva

Ah, my chat stuck on the pic xD

Moth Larae are the young stage?

Before a caterpillar... ?

Idk tbh

Caterpillar is a early stage of a butterfly maybe I also don't know haha

That's a caterpillar, rule of thumb is the shinier and more colourful they are the more dangerous

the hairy bois aren't very pleasant either

Hair on skin or in genitals?

caterpillars

Ohh my bad

is anyone familiar with proxys that can help me out?

what are sock5 proxys?

ok thanks

Gave +1 Rep to @twilit nacelle

https://tenor.com/view/youve-agreed-to-all-of-this-kyle-broflovski-south-park-s15e1-humancentipad-gif-23108177

Sure what’s up?

😖

Hello there, can someone try to help me track a scammer, a friend of mine lost a lot of money because of him and i have not much of info on the person

We're not going to help with that I'm afraid. Sorry your friend lost money. Take what info you have to the police and let them track. They have better resources/facilities and skill, and you wouldn't want to impede on evidence in the possibility of a criminal case

ok thanks, he has but doesn't think it will do much. Maybe they catch him in a few years.

Hopefully sooner

Yes sadly we can’t help! But what happened?

location, bone structure, movement, colour, texture, hair thickness, general structure and proportion, loads of considerations

kinda like how we identify different breeds of dog, just a more careful eye about it

He was scammed and lost around 500 euro's in savings on a similar place to Facebook marketplace, it's called marktpaats

Wow! I am sorry to hear that! Interacted with any other page?

@primal steppe they are following me…

Fr

Please make it stop

https://twitter.com/NewsBytesApp/status/1539504469964365824

Armageddon lol

Hey, I've got no clue where to ask this.. but is it possible for a router's firewall to not store logs anywhere? I'm looking at my config and I see no options to view logs.

For some reason I have "Port Scan Detection", but no way to see it in the logs?

@magic niche Have you scanned all the ports?

she's gonna pop...

Oh, I'm scanning them currently, it's just that there's no "button" in localhost to actually see any logs...

@frail beacon Like, visiting 192.168.0.1 and logging in, looking through all the options, there's just no button that leads to logs

@vocal ridge I hope not

yeah.
started this journey recently. i don't want it to abruptly end.

@vocal ridge I feel the exact same way. We will be okay 👍

imagine, a worldwide 0day

quite literally

https://youtu.be/P51bzBBnHU0

I hope links are allowed

hey community

Hey everyone
I've been doing an nmap scan on my other machine, just to see if I'd be able to attack it with my current, very limited knowledge, and I found I have a non-standard port open (near port 50000). It's supper weird lol, since I've only seen similar used as "SKIDY'S BACKDOOR" in one of the lessons.

I'll continue investigating this, but is this any reason for concern?

Yes

So, it's a "Randomly allocated high TCP port"... I don't see why it would be open on my personal PC though?

Is there any way for me to find out what this port is being used for?

I started the nmap with -A. It's still working, but it displayed that port as open before it finished

Is the ESP8266 V3 WiFi Deauther worth it?

Given that WiFi deauthing is unethical/ illegal, probably not.

Yeah but in a controled enviroment, for a video

I'm sorry but I don't believe that

Unethical? In what context? I understand the illegal part, but can you name something that is actually ethical to perform?

An authorised Pentest is ethical?

Yeah, can't this be used for that purpose?

Something that isn't ethical is something that isn't morally correct.
Some places, deauthing might be legal, but it doesn't mean that it is morally correct; meaning just because you can, doesn't mean you should.

Especially as deauthing can be used to get WAP keys or to kick people off WiFi, it's not really the most ethical practice.

Mhm, it can be, but you can show that with a cheap wireless adapter, don't need to purchase a specific tool to do that.

Deauthing doesn't have an ethical purpose, as the sole function it relies on is actually illegal in the US and UK; which is denial of service. What valid findings would you expect to get out of denial of services?

It's just strange buying something that's branded to be unethical.

You can do that demo without deauthing the cameras.

Simulation would be just as effective a demo with 0% risk

Not for this. It's the equivalent of saying 'we want to revoke everyone's access cards to the building'. It doesn't serve any constructive purpose, it just prevents actual work from being done in the best case

And, there isnt' a defense that works against deauth.

It's inherent in how wifi works, period

No clue, really. I was just interested to see why this would be considered unethical. I wasn't sure if this was in the context "Hey, no matter what you're doing, it's not ok to use this approach as it has X and Y consequences, which are never acceptable", or it was just in the general unethical side of this work

A little bit of both. Ethically, it's denying service that someone has paid for. As a risk assessment, it cannot be defended against except with a goon squad and a RF scanner.

That would definitely be a finding, but deauth itself would have to have extra permissions to do as it does disrupt a production system. A client may give a go ahead, but extra care would be needed for the SoW and contract to ensure that it is a permitted action and in scope.

talk about a power move

"gtf off my wifi"

Bigger power move, blacklist them from the admin panel

¯_(ツ)_/¯

But even with client permission, it is still breaking US law. A pentester utilizing that technique is more likely than not to be liable for breaking the cybersecurity act that covers it. I don't remember the specific Act offhand, but it was relatively early in cybersecurity as a governance thing.

Also become a problem if you deauth the wrong device or unintentionally hit a wider scope

Like $1

I don't think you can target a specific device to deauth; IIRC it affects everything connected to that WAP

ESP super cheap

ahh, that's interesting

Mhm, you can

Just listen on your interface, grab the Mac address and deauth

Specific client

Mhm, juun didn't say "the law", they said "US law"

So you need admin to run it correctly, out of the box?

IIRC it's also applicable to the UK, and I think the EU as a whole? It's not just the US.
When people think deauthing attacks, I'm thinking things like unethical use of pwnagotchi and flipper

Huh?

Network stack typically requires admin privs to mess with packet crafting? Or have I misunderstood what this tool does?

It's an ESP, it doesn't have the concept of privileges

Microcontroller

Ok, crossed wires. I thought the context of the ESP chip was that it was a specific adapter that takes instructions from a management app

pretty sure any over the air signal is within radio range. don't quote me.

oh no, wifi's within microwave...

Shhh

@vestal swan may I DM?

Sure

Is there a reason why SQLMAP doesn't have an option to bruteforce words in table names?

I'm currently trying to extract table names but its timebased and likebased so it's 1 char / s

personally I feel like there's a lot of optimization to be done like repeating characters and going to hexonly when a hash is detected

@odd acorn hey may I DM?

I got my first interview!

For what position/job

Mhm

Congrats, dude!

Thank you!
@rapid barn Red Team Associate. I am so stoked, I can't sit still. The anticipation is killing me.

Gave +1 Rep to @plain moth

Haha good luck!

Cool thanks! Sent

Gave +1 Rep to @odd acorn

!docs verify

hey @serene trench can i suggest a song for you'r playlist Portugal. The Man - Evil Friends (Jake One Remix Ft. Danny Brown)

I'll have a listen(:

and? is it ok?

I'll need to look at the BPM, but I'm sure I can fit that in a playlist somewhere

140 mhm sure if I can get it on beatport

I say that I've been mixing 170-180 for most of the day

yep, maybe it's good for endings

22

a

175bpm music is where its at

Okay

How can I crack the pepper of an MD5 hash?

I know the unhashed value(s) and the hashed value(s)

I'm doing bug testing for a comp and want to check if their pepper is secure by bruteforcing it

quiet

@serene harness Hey Acid Burn 😀

Hi crash👋

lol

Only 4 people in here tonight oh well

where are u guys from?

sweden the majestic north

UK

Like it shouldn’t be night everywhere. , in btw I just realised its almost 3 am here.

@serene harness Where are you.

India

when does night start??

when it end???

@serene harness So far away how come you are still up

I’m currently on vacations, Just onto late sleep routine.

I know that routine very well 😀

@soft pier Yeah true i am a bit of a night owl

@serene harness where are you from

.

You kinda get into that habit once you enroll into engineering here. Complete assignments or study for exams the whole night and then later sleep through all the classes(huh I can't pay attention anyways). The real day starts after the classes.
Its kinda fun though

That’s cool how long you been studying engineering for

2 yrs * e^0

As an engineer, you should know better than to publish a number without units. 😜

Well, As I have not graduated yet. I am not yet an engineer.

😂😂

obviously the have only studied for 2 ms

Which major, out of purely professional interest

Electronics and communications engineering

cool, not quite the same ECE I did 😛

Hey, I know there are a lot of videos of THM room walkthroughs on youtube and other social networks but is it actually allowed by your terms and conditions? I'm thinking about doing some videos in my native language for LinkedIn but don't want to get into trouble.

Yes

Preferably link to the room in your post

Assume you found this already but if not
https://security.stackexchange.com/questions/109941/hashcat-with-pepper

Are there any good places to learn? I'm quite new and would like to.

#start-here

Which modules in Metasploit tool help us in identifying version of some
services which we couldn’t identify using Nmap? does anyone knows answer to this

its from the assignment i am solving

bit confusing for me actually so thought of asking advice

dont want to ask

or the answer is search module ?

It's better to ask your professor for help and get proper help than ask us and have yourself flagged as cheating if you aren't allowed to get outside help

Plus he knows your syllabus, we don't

its out of box question btw

We cannot help with homework assignments. Your professor or TA are the only ones that will be able to help you.

are i already got the ansswer

https://twitter.com/0xConda/status/1542863878685659136?t=SQiWSOmB8bJIAIt1ilSb2w&s=19

What's the point of that?

https://twitter.com/0xConda/status/1542864614676987906

lmao I'm like wait really that's a thing

https://tenor.com/view/quiet-elmer-fudd-gif-22364720

ohhh lmao

yeahh

-ban @radiant jacinth -ddays 1 spam

🔨 Banned greenlandbase#4368 indefinitely

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

?

@burnt night Trolling ^

¯_(ツ)_/¯

I mean they're trying to speedrun a ban...

-mute 661865932863569940 1d Lay off the low effort trolling and come back when you want to be mature

🔇 Muted Literally An Axolotl#0001 for 1 day

I probably would have practiced analysis using whatever malware they could come up with

life pro tip: apparently it's possible to attach GDB in pwntools

litterally just inserting gdb.attach(proc) into the exploit

this saved me so much time today (still took me 3 hrs but hey)

I was just wondering what is the hardest room on THM?

CCT-2019

Could I please get the CySA+ role when a mod has a moment?

Hey there, drop me a DM about it pls 🙂

1. what is better to take first, cyber-defense or jr penetration/offensive security
2. what is better to take first, jr penetration or offensive security

if theres someone good in python and some other stuff and know a lot about ethical hacking can message me only if he wants ofc

Can you elaborate?

so i can learn myself some stuff i dont understand

Why can't you ask it here?

i dont really learn that good from youtube and github

start with jr penetration if ur asking among these. Cyber defense path is something I would go at last.

https://cdn.discordapp.com/attachments/848486318887403520/993239233257033808/DDLVID.COM-1536070068466896896.mp4

I laughed way too hard at this

Bonk

but why not ask the python question here

why do u need someone to DM u?

i cant understand this meme hehe, pls tell bout this

The actor's name is "Benedict Cumberbatch", it's a jab at weird names

More specifically, it's become a thing to just take any two long words that start with B and C respectively and use it as a reference.

Benerdict Cumber Lad

Benjamin Crumpystitch

Bolognese cannelloni

Bridgerton Cabbagepatch.

You're not supposed to use his real name.

Butterict Cabbagefires

Brisket Caramelfat

+rep @steel tulip

Gave +1 Rep to @steel tulip

Does anyone here use any of those commercial VPNs? I'll be traveling this summer and I'm thinking of picking up Surfshark. Now, I don't know much about VPNs. I know the basics of how they work, but that's pretty much it. I'd like to avoid any complex VPN setups at this time so I'm going with a easy-to-use solution that can be shared between family members with low tech experience.

What kind of privacy/security can I expect from such a commercial solution? I usually go completely offline in foreign country (as I'm very skeptical when connecting to hotel WiFi or similar). Does VPN provide any security when using public VPNs?

Mullvad is known to be one of the best.
Privacy/security, there's rarely open networks any more so encryption is better. Sites use HSTS and HTTPS so you're reasonable safe against downgrade attacks

@wary cradle || CONGRATS YOURE ON WORDLE||

Go with Mullvad

What do they mean by if the certificate is "present". The wording is throwing me off

I'm reading up on S/MIME.......and the sender sends their digital certificate and signs the message using their private key...... so does "present" mean a certificate thats clearly not signed?

The way I am reading that sentence is that if you already have the sender's certificates and you get an untrusted notification, there is a possibility that the email has been tampered with

Thanks

Gave +1 Rep to @tawdry dove

Hey! Did anyone manage to download glibc 2.34 on kali?

I'm completely stumped tbh

hello Everyone,
https://github.com/alauthor/enum-tryhackme-machine
this is a bash script I created it today for enum tryhackme machines
I still working & developing it
feedback plz,

Mr. Robot SE 2 EP 6 😂 😂

what about it?

you'd have to see it

words don't describe it

can anyone help me with windows privelige escalation section of Jr.pentester pathway? For challenge - abusing vulnerable software?

There is no need to ask in several channels, just ask once in #room-hints or #room-help and wait until someone might be willing to help 🙂

Why?

There's about 2 machines where you need to care.

can someone help me with this problem am facing on terminal while running byob "unable to locate directory containing user-installed packages"

The error is fairly self explanatory. It can't find the correct directory that it needs. I'd Google how to make sure it's pointed to the correct directory.

where can i report a user who just sent me a scam?

that's a good question...

definitely report it to discord, but not sure on THM.

@odd acorn if you're around

DM me please with a screenshot

I got same message

Hello, oh, I m new and I wanted to have some experience in the field of hacking, is there anyone to help me?

From the #rules . Make sure your questions are specific to exactly what you are looking for. Just asking for general help will not have anyone respond to you. Also, don't waste time by asking if you can ask a question, just ask your question.

I work as a security engineer for a business which uses Google cloud. If I would scan/attack a machine (e.g. port scanning) would that be attacking property of the business or attacking property of Google?

Or should I ask my supervisor

that sounds like a shower thought for some reason
just ask your supervisor and make sure the legal team has ur back

Ask the supervisor

And legal

Sounds like a college student attacking the infrastructure and saying he studies there 😂
Just kidding

Most Acceptable Usage Policy (AUPs) of most organisations and universities prohibit this type of behaviour and would be considered a fireable/dismissable offense. It would be something along this line:

Network Activities

The following activities are strictly prohibited, with no exceptions:
* Port scanning or security scanning is expressly prohibited unless it is an approved activity to detect weaknesses in the organisations’s environment, and after prior notification to the CISO office.
* Effecting security breaches or disruptions of network communication.
* Executing any form of network monitoring which will intercept data not intended for the employee’s host, unless this activity is a part of the employee’s normal job/duty.
* Circumventing user authentication or security of any host, network or account.
* Introducing honeypots, honeynets, or similar technology on the network.
* Interfering with, or denying service to any organisational information or technology asset.

So yeah, don't do this even if you have supervisor approval. For any security testing you need approval from the Security Team, which is mandated usually by the CISO.

Most organizations may not have a CISO, unfortunately

Agreed, but most should have an AUP. Especially since this usually ties to GDPR or other associated regulations.

Fair

I am the security team

It's an online business with over 800000 registered users but 30 employees

Then get approval from your manager or exco and you should be good to go.

In terms of testing the Google product, usually, this is acceptable as long as your approach is to test your configuration of the product, and not the product itself. Like AD from Microsoft. If you are looking for vulnerabilities in the product itself, you should adhere to their bug bounty and responsible disclosure policies.

Aye

Alrightt

I have two laptops, I need a higher processing power to do some task.

Can I combine both laptops?

I mean combine the CPU of both.

No

You can spread the load over two

By distributing different tasks

The task is one but needs higher processor.

Then you need to buy a single better device

Okay.

What is botnet btw?

Am I the only one who truly hates enumeration focused boxes

I love web exploitation but the enumeration is just a c- funblock

like it's literally just hoping you have a good scanner

Happy Path Enum > scanner

yep, can confirm, never used a vuln scanner other than the ocassional nikto

meh it's HTB I'm so pissed about

I literally cannot get a shell on most boxes

and then I do retired machines and look at a little bit of the writeup and I'm like

"oh wow, how didn't I think about that"

There is more than just 1 type of enumeration. nmap for ports/services and so. gobuste, dirb, FFUF, for folders/files enumeration...

if you don't have bwapp and/or owasp juice shop in VMs try it. 🙂

That's... that's not the issue here

oh =/

everything besides port scanning

Does anybody own one of these? https://www.amazon.co.uk/TP-Link-MU-MIMO-Wireless-Supports-Parental/dp/B0845XD62P

I see in the questions section that some say it does support openwrt/ddwrt, but on open/ddwrt websites I see no reference to C80, closest is C8 and I'm not familiar enough with tp-link to know if that's basically the same thing

hello peeps!

Hey Good Evening

I'm doing a challenge with LFI where /proc/self/stat returns properly, but /proc/PID/stat doesn't, does anyone know what's up?

I'm using the pid from /proc/self/stat

I've been playing with it for a couple of hours now, but I can't figure it out

I guess this applies here

Is it an active challenge?

oh shoot it might be, mb

okay I found the issue!

@olive frost ^

I can't ping the mod role directly for some reason

@mods

hmm, that worked some time ago iirc

Guess it's solved ?

They're not generally pingable after some abuse a while ago

Can CM's still do it?

Hi, I have problem!

I don't have Internet connections on StartBox.

AttackBox? I don't think anyone does

Jest AttackBox

In the content, he writes to use it to perform tasks!

well, you should be able to access the machines that are in the same network with the Attackbox at least

I had an IP assigned - it said at the top, so I think I was on the same subnet after all....

try terminating and launching the machine again. Maybe it didn't start up after all

I did so, when I turned it off I lost the access I had left i.e. 20 minutes and I can run it tomorrow...!! :((

Welp. If you want to continue the room, you can connect via vpn and then perform the tasks on the machine

All I have is the Start AttackBox window!

https://tryhackme.com/access

What OS do you use?

Arch!

Oh. Idk how to connect to VPN in an Arch environment

ok :((

just do this I guess

I just do it

Using a VPN will I be doing this on my Desktop?

I've never used it!

yeah

or on the Downloads folder

ohh OK!

I learned a really neat trick today with regards to binexp

if you leak a library's address you can use it for ropgadgets

I hadn't really thought about library's like that

if you're leaking it's base address then you can rebase your libc with

libc.address = leak - libc.symbols.<leaked_func_name>

yeah

and then you can just do libc.symbols.<func> for actual addresses

it made my pwntools "exploits" a lot cleaner

Hey, it would be great if someone could help me with this problem: So i am trying to host a simple htp server. I have a raspberry pi and a PC, both on the same LAN. On the raaspberry pi 4 (debian) (in terminal) I type "python3 -m http.server 8000 --bind 0.0.0.0"
and on the PC (ubuntu)(which I want to download a file from the pi onto) I type "wget http://(raspbery pi's ip:8000/file being downloaded)". I get the output Connecting to (the IP):8000. It is stuck in this connecting state untill i get the timeout error. I can connect to teh server on raspberry pi using 0.0.0.0:8000. Has anyone else ever encountered this problem? What do you think I could be doing wrong?

I am not sure, not that I have deliberately installed. How would i check? I can ping the pi's ip from the computer.

@twilit nacelle shall I send you a dm of the result?

this is pretty basic system admin stuff; like lassi said, check if you have a firewall running on the pi, and if your router has a built in firewall, it may be blocking as well. Screenshots in this case likely won't help, as the end-result doesn't give an error more than 'cannot connect'.

! docs verify

Yes it is active, shall I disable it?

OK great thanks for the help. I'll tell you if it works.

Hey, it worked thanks you are so helpful. And you saved me another hour browsing tack overflow and getting nowhere. 😂

Gave +1 Rep to @twilit nacelle

i need video steganography tool

can you suggest a tool

anyone tried running samsung dex and attack box together? does it work?

hi?

for what?

i try solve a ctf question but i didn't find any tool for extract data from mp4 files

what ctf question?

not on tryhackme

what ctf then?

a normal stegonography question

from where?

will you know?

yes, I want to know from where

hackkaradeniz

is this a ctf that is going on right now?

yes

we will not help you then

cause that's cheating

no problem

thanks anyway bro

algien habla español y es haker

Hello, you may want to take a look at the rules. Wouldn't want you to get in to trouble

This server is english only, please.

Nvm lol

Anyone know of any resources that I can skim through regarding vulnerability assessment report writing? Or maybe some good case examples I can skim through?

I know people are going to hate me for this, but what arguments are there against using passwords like ppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp

because if attackers assume that you're using [a-Z0-9_-+,] etc in their cracking app its as secure as a complicated password of the same length with capitals, weird symbols, digits, etc

How will you remember it? and typing it would also be a nightmare

Also, do you know how Enigma was initially cracked? A German commander accidently sent a bunch of As (I'm pretty sure it was As) and they managed to learn a lot about it by that, so it could probably be a problem if you're attacked by MiTM.

If that is your password, you might go visit doctor 🙂

actually, they waited for the weather cast each morning, and cracked it from there, they knew that the morning message always had the weather cast in it and possible "HH" so they looked for the german message of weather and HH in the message

I mostly remembered a repetition of a letter so I'll take it

Password 1# also works

№1234567890

password policies

password = service_name[0].lower() * 30 😎

I realized that our password manager let me paste in emojis for the password field. I then copied/pasted into the password prompt. It worked.
It was fun on a conference call with a vendor and I said “the service password is <stuff> airplane emoji. No, I’m not kidding. Just copy it from the field”

excuse me, what is password? Ask The Bartender
and then just watch ppl go asking bartender for password 🙂

Yeah but the only way you could find out is if a plaintext password is leaked

i mean they could tell u right

lil bit of social engineering

oh my god im immune to the slowmode here, this is great. when i left modship i wasnt immune and now i am

i love this

Rules make it insanely arbitrary. Assuming a 32 character limit and 26 letters. That’s only 832 combinations which would not take long

if someone does not break it with simple rules and wordlists it would work as a decent password when brute force is the only option left

Yes, but attackers would need to know what characters the password exists out of first

Which is a powerful condition because if they know chars in your password, they might aswell just know the entire pass

that math feels off

Probably is. I didn’t think about it much

ofc

no think only vibe

good like

hi?

https://github.com/Jayy001/DiscordBot/issues/4

Anybody else have any other ideas?

Shodan? or is that a nogo cause of it being a paid API?

or getting PoC scripts for different CVE's (saw you had something with payload generation and using Ryans payload generator)

crackstation.net compatibility

Got STH for that

why use crackstation when there's ciphey

Interesting could do

Crackstation for hashes specifically

oh yeah

bc i didnt know ciphey existed

Ciphey doesn't support hashes but that why we got STH

Whats STH

then make ciphey support hashes 😄 😛

Search that hash

That seems good

Might come in the rework

Nice nice

Base64 encode decode

Encoding sounds neat

Oo wait exif data!

Yess

Or image reverse lookup

Or steno (messages in images)

OSINT

Running pywhat on differnt files

@mighty echo good luck with exif data over discord 😄

discord strips all exif data

Yup, gonna give it an external link 🤞

iirc it dosen't actually strip videos but yeah for images ill find a workaround

i am able to access a website with this site map _next/static/css/b929835218decd64.css does it mean anything?

What's the best way to store secrets?

.env seems okay until you realise that LFI kan leak /proc/self/environ

It's css.

this only happens if the .env file has read privileges for the file on the account being used for LFI right

hey?

don’t be vulnerable to lfi

I am having issues using openvpn because of the UDP block in my country.
Is there any method to bypass this block? Its really annoying I can't use the platform because of it..

use the attackbox?

Its too slow

I prefer using my machine

that's still the best option as bypassing country blocks is going to be a no no, anyway

sad.. Alright then thanks

That would be illegal

The new AD Networks are tcp. Can you try one of those and see if it works?

Sorry, I have no clue what AD Networks are

No worries, https://tryhackme.com/jr/breachingad for example

I will check it out then inform you, thanks.

Bad example, that one is still udp. Try: https://tryhackme.com/jr/lateralmovementandpivoting

Didn't work either TLS Error: TLS handshake failed

HTB tcp .ovpn works for me tho..

Thanks for your help anyway

that's terribly sad and wrong. censorship is unethical

blocking an entire protocol is absurd

it really upsets me hearing that.

Done by countries, not by TryHackMe. 🙂

ik, it disgusts me

that's only my opinion

Hej staff (Ben) pls add closing bracket to the Task 13 xd Its killing me and I cant ignore it :DD

that should go in #room-bugs

Well I dodnt post it there cuz its really not "bug" yk

but sure, why not

more likely to get seen there though

Might come in the rework