#quiet-conversation

Can't really motivate myself to keep doing THM lately

I'd love to keep learning new stuff but when I try lately, It's just so not fun

It's burnout. Take a break, go do something completely different and don't be afraid to just spend some time thinking about it

Yep

I've had it quite a lot on thm so I can kind of feel one coming so that I can dodge it just in time

Hello hello

Well, guess I'll go play Factorio again

not sure if this question is appropriate here but my default shell was zsh, changed it to bash and now my text are no longer colored, anyone know how to fix this off the top of their head? like where when you type in a program thats not installed the text is red and when it is installed its green, and if the file exist the text is bold and its not bold if the file doesnt exst, etc etc. google keeps showing me how to change the terminal background or the bash prompt and not the actual text output, aggravating as i feel like im not looking for the right thing

there is .zshrc for zsh and .bashrc for bash

zsh read .zshrc bash .bashrc

as config

zsh is default in kali since is kinda better

is it?

you can say so yes

this is what i was referring to, like how the text is colored

How did you change it?

Using Kali tweaks?

no, with chsh like in the screenshot^^

Try it again using kali tweaks

ah okay i forgot those existed thanks. coming back in after like a 7 month break so thanks

It's somewhat new

Hi

hi someone

hi

I know the feeling. Dropped a 45-day streak due to some rooms just sucking the life out of me right now. Hopefully I'll be back on track once some of these rooms are done

guys why can't i upload any image here?

!docs verify

follow the above instructions to verify with the discord bot, afterwards you can post pictures

where is the bot that i should verify my number to?

@deft fossil

oh @weak dove , this used to be my username before

where did you get it from? movie?

yea, it was a german movie I think

Whoami: No system is safe, my favourite one.

Do you know some good films about hacking?

Watch WarGames

Love WarGames

If you want to go old school Hackers and The Net are super corny, but also super fun

War Games is another for sure

Are there any hacker movies that really teach the technical nitty gritty ?

I'm sure there's a way 🤷‍♀️

More about AI, but definitely worthy for a cybersecurity community.... before The Terminator, there was.....
https://www.imdb.com/video/vi846577433/?playlistId=tt0064177&ref_=tt_pr_ov_vi

Hacker movies and technical details are mutually exclusive categories.

😝

That's why there's a million actual hacking vs movie hacking memes lol

Can't recommend WarGames enough.
https://www.nytimes.com/1983/06/03/movies/wargames-a-computer-fantasy.html
https://www.youtube.com/watch?v=Ujw4FJka5zk

Hi All

I'm having issue connecting to ovpn

error : Exiting due to fatal error

can anyone please help me

try changing vpn servers and regenerating your vpn config file, move over to #site-support if you still have errors :)

yeah tried that, after doing that I'm able to connect to vpn, but not able to connect to ssh

it says either connection refused or connection closed

can anyone help me resolve this ssh issue, all tried everything on the net but no luck

this one is very good, but i would correct, i think its not so much about a.i. as about total control and the fact that the most rational decision can be totally devastating

but excellent movie

simple ctf

it required to login to ssh, so when I try to do I'm receiving an error

22

not getting you

nmap 10.10.198.227
Starting Nmap 7.92 ( https://nmap.org ) at 2022-07-25 10:54 EDT
Nmap scan report for 10.10.198.227
Host is up (0.24s latency).
Not shown: 997 closed tcp ports (conn-refused)
PORT STATE SERVICE
22/tcp open ssh
139/tcp open netbios-ssn
445/tcp open microsoft-ds

i just took example of basic pentesting

just to show you

python cms.py
Traceback (most recent call last):
File "cms.py", line 11, in <module>
import requests
ImportError: No module named requests

error while trying to execute cms sqli

when tried to install module requests i receive broken threads error

sudo apt-get install python-requests
[sudo] password for soni:
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
python-requests : Depends: python-certifi but it is not installable
Depends: python-chardet (>= 3.0.2) but it is not going to be installed
Depends: python-urllib3 (>= 1.21.1) but it is not going to be installed
Depends: python-chardet (< 3.1.0) but it is not going to be installed
Depends: python-urllib3 (< 1.25) but it is not going to be installed
E: Unable to correct problems, you have held broken packages.

If you are going to dump a large amount of text like this, please use a codeblock or upload a txt file

Sorry, but I don't see any option to upload the txt doc

!docs verify

Follow those steps and you will. Otherwise you can use code blocks.

i was hoping someone would give me a nudge in the right direction on how to change the style of this, mainly getting rid of the fact its on the line below, and not inline, if that makes any sense 😆

What shell are you using? echo "$SHELL"

Then you can edit your ~/.bashrc

Does a OSH_THEME variable exist?

nope, my ~./bashrc is empty

~/.bashrc, there's dot at the file name start

Well, that's weird

i'll have a google around, least i know which file it is now

Does /etc/skel/.bashrc exist? It should be a backup of .bashrc

doesnt look like it

Not really sure where the bash config is stored then.

i'll have a look around, thanks for your help

Looks like you're using ZSH. Look in .zshrc (:

@serene trench 👀

the one you want is most likely in your home directory

oh

lol

mb

I should scroll up

I use https://ohmybash.nntoan.com/ on my work machines, I'd guess that Parrot uses it too, I'm just not sure where the config is stored tho.
Someone here probably knows more tho :)

Didn't know that

I know that on Kali, the default bashrc and zshrc files both have similar two-line appearances, so I would just pick the shell you like best and then customize the relevant rc file accordingly

Time to try Parrot :)

^ i just installed this and it set it the way i wanted it anyway lol

Does it work?

it does indeed work

So many themes! https://github.com/ohmybash/oh-my-bash/wiki/Themes

Your first message is self promotion? That's not what this community is for.

do you have any more like this one? i was trying to find any similar ones

I wish! A film buff friend of mine introduced me to this a couple of years ago !

i found it completelly by chance decade ago on youtube

"cold war movies"

Hi yeah, I saw guys already mentioned the best ones, but if you wanna watch more, here is a whole list of movies related to cybersecurity that were ever made:

https://cybersecurityventures.com/movies-about-cybersecurity-and-hacking/

that website is so slow

Who am I is the best hacker movie imo

i am the best hacker

No doubts !

mr robot missing (

That's not a movie

Hush you.

yah but.....

Doesn't fit the brief

you should still watch it 👀

!docs verify

@serene trench when we have next server party? friday maybe

Shh it’s quiet do not let Mother Junn hear us 🤫🤐

yo harry how do you save your parrot os state cause when I make a folder for example and power off my vm then power it back on it deletes everything for some reason

mine just automatically saves it via VMWare

You need to actually install it rather than just running from the virtual dvd

Did that now its fixed

Not sure haha. I’m at home with family at the moment. I have my decks but I don’t have a lot of my music library and setup like I do at my other place

Plus the internet here is pretty bad so i don’t think it’ll stream well. I’ll try and see though

hey bros, im using ngrok right now to ssh into my home pc from afar

is there a better alternative?

share your experience/ what do y'all use for the same usecase

A real VPN

ngrok isn't open source right? I wouldn't a cloud service like that to not misuse my data

is discord open source though

Do you trust discord with SSH access to your device?

yeah, i'd love if i can ssh directly on discord

It's a question of access. Discord probably is selling or monetizing my usage data, someway. That's not the same thing as using discord as the means of accessing my controlled environments and systems.

That's the worst take I've heard from you yet.

i put my sensitive stuffs on an airgapped libreboot laptop though

https://tenor.com/view/weird-al-crazy-wow-creepy-nuts-gif-5547782

How to get a girlfriend

Learn how to cook. It's a very attractive skill.

Learn how to love yourself too. You're not ready to love someone else until you're ready to love yourself.

I've started working on that

Good idea xd

Actually big brain, if i cant get gf, i cook myself

Thug life

Fix your sexist attitude too, that will help.

You have a gf yourself?

Long term.

-ban @grand drift Sexism and madly nsfw messages.

🔨 Banned kozzek#3575 indefinitely

damn people can suck

Never sad to see sexists get the boot.

Did they get banned from TryHackMe.com, too?

I'm 50/50 on it

Discord bans don't always transfer to the site.

I've actually started cooking my own dinners alot more, instead of just frozen stuff, nothing to write home about, but I enjoy it more knowing that I prepped it all.

I'm always super hyped for dinner, it's a lot of fun when you cook stuff yourself. I always look forward to it

Always tastes better too 😄

I've decided to start eating the same things I did in first year again. I'm eating for £15-20/week which is nice. Usually pretty damn tasty too

Similar things, but enough variety to stay interesting

Omg it’s Cmnatic Omg 🥹

Watching that now , so far so good

enjoy the ride

Deery me

can anyone help me ....not able to open virtual box its showing failed to acquire vb com

tried hard but unable

maybe its the version you got , try to get another one and re-run the set ups , when VM refuses to do what I want I just reinstall

https://www.youtube.com/watch?v=9284aKGiRzo

this video is so funny

Whoever made the zeek room thank you so much. I haven’t done it yet but I imagine it’s great. I spent months trying to learn how to install, configure it, and set it up along side arkime and suricata. I gave up after a long while.

Does anyone here use AstroNvim and understand its Lua config? I am trying to set the default header when you open it to this:

  -- Set dashboard header
  header = {                                                                                          
    "████████ ██████   █████  ███    ██ ███████     ██████  ██  ██████  ██   ██ ████████ ███████", 
    "   ██    ██   ██ ██   ██ ████   ██ ██          ██   ██ ██ ██       ██   ██    ██    ██     ", 
    "   ██    ██████  ███████ ██ ██  ██ ███████     ██████  ██ ██   ███ ███████    ██    ███████", 
    "   ██    ██   ██ ██   ██ ██  ██ ██      ██     ██   ██ ██ ██    ██ ██   ██    ██         ██", 
    "   ██    ██   ██ ██   ██ ██   ████ ███████     ██   ██ ██  ██████  ██   ██    ██    ███████",                                                                                                                                                              
  },

but Lua isn't reporting any errors and I can't work out why it isn't loading No GitHub issues on it so wondering if the header part is broken or if it's just me

😐 so I just installed that config, after creating a custom user init file (https://astronvim.github.io/configuration/basic_configuration) I added your header into the local config block and it works, whats your error?

that’s so weird. did you have to source anything to make it work?

i can send you my full config? the header is longer but i cut out some parts to send it in discord

nope 😐 whats your nVim version (I have NVIM v0.7.2)

sure share it and let me try

not even just the trans part works D:

I presume this is the header too? 🙂 Doesnt work D:

ah wait omg

➜  Ares git:(Bee-config) ✗ /home/bee/.config/nvim/lua/user
➜  user git:(main) ✗ ls
user_example
``` whaqts urs called?

/Users/adrian/.config/nvim/lua/user/init.lua

ahh. it worked! it waw 1 folder too high 😄

Scale 1-10 how true is it that you should know the internals of your tools?

Was talking to a professional in the past week who says that its very important as tools like reconng are loud asf even though they're included in OSCP

or in a pentest

Loudness can be a value-add in a pentest

It's not an uncommon thing for a bonus if the pentest team isn't detected

IMO, the more the pentester knows about the tools they are using, the more potential value the test can have. Knowing the limitations of what a tool does allows for a better test

Even if it's not red teaming, there's value in being quiet. If a pentest can do the test without detection, it has a value-add of helping the blue team to refine logging and detection rulesets

Usually it's written as part of the scope in the SOW

And it doesn't mean a test is over if the tester is detected

Really? What if the soc sees it

they'll let it go

Ohhhh okay...

usually the company will tell their soc to "ignore any traffic from X for this week as there's a pentest"

Alright. I thought that blue teamers would actively defend in case of a pentest

well i mean every company is different and might sell a pentest as something different but that's the norm

i haven't done a proper red team assessment, but i've been in the soc during one and we treated it like an actual breach - as we didn't know it was a redteam

It 100% depends on the org and what their goals are

If it's actual red teaming, it gets treated as any other breach. If it's not adversarial simulation, it's a collaborative learning experience in the debriefing to help the SOC refine their detection so that they can catch it in the re-test

Ah

are there tools for SSTI payload generating?

e.g. going from self.xyz to self.xyz.__xyzclass__.__evenmore__.__dundermethods.os.system()

there's tplmap? not sure if that's what you want though

sad news is tplmap is not yet updated to python3

tplmap hasn't been updated for a few years, IIRC

yeah looks like it

4 years since last update to the python file

if you pop open Wireshark while running nikto or any other tool, you'll see what they mean by "loud"

Hey I’m looking to set up my laptop and desktop to use the same file system if that makes sense. Was wondering if I should use ssh or something different? It’s a VBox VM so if there’s some hidden feature I don’t know where I can use the vm on two computers that would be cool too. If anyone can help

i believe you can mount your host fs to the vm with Vbox

I would advise against mounting the hosts root as a share in the vm. Better of using the vm software to make a shared folder that is mountable in the guest.

yeah, mounting root or other critical folders is always a bad idea

Hmmm thanks I’ll look into that

Why is that http[://]1.1.1[.]1 syntax used in threat intel context?

Defang url ?

Yeah

Ahh okay

#start-here

Finally went fly my drone after so many rainy days. Just says RUNAWAY and shuts down, debugging time :(

Is it called that because like you’re “defanging a dog” so it’s harmless??

Also looking it up, that syntax he provided still makes no sense haha

Nvm I found a fancy ibm article that explains exactly what I just asked. Thanks for the new info guys

I might do it, would anyone be interested? Seems easy enough

Well actually, It's python3 compatible

??? Using the tool 2to3 or some other way???

Idk, look at github, most things were updated 6 months ago and are now compatible.

Oh um... That is probably only for the burp suite module

Nope, everything

even the tplmap.py because that is the only file in the repo that is used for the python script...

It just calls the actual files in utils and core that are updated

im new to coding whats the basics

plz anyone guide me

Variables, If statements, For loops, While Loops, Basic Recursion, Arrays.

Use code academy and other free sources.

And just make stuff on your own within a scope of difficulty.

If someone changes your nickname, please do not remove it @twilit loom

Oh. How come?

It was changed for a reason, read what it was changed to. Your name is not pingable as it contains non-Latin ascii

Where does OSI model exist?

Have you tried searching using your favorite search engine?

Yes

So what did you find?

It doesn't exist ok but what about TCP/IP

Where does TCP/IP exist

I can’t imagine how does it work even though I watched some videos

Buy I didn’t get the idea correctly

I'm going to recommend that you do some more research.

So why you are here ?

To guide, not to just give answers

I did research I told you I didn’t get the idea still I have some gaps

I’m not in exam

Then do more reading

hhhhhh

There is plenty of material regarding how TCP/IP interacts/relates with the OSI model

It sounds like you just looked at a couple of pictures and decided you didn't understand; you actually have to read about why each is useful.

Ok

You didn’t understand me

I don’t want you give me an answer I want you to explain to me if you could

That’s the fact bro

Not your bro

Ok shut up

Was just going to ask for you juun

-mute 749893922050015272 10m Very rude when given reasonable responses to things that are very easy to look up.

🔇 Muted Abdulelah#8740 for 10 minutes

@gusty cypress part of the learning is researching by yourself

thanks will do from today

Gave +1 Rep to @twilit loom

@Abdulelah you ain't going far with that attitude..

Oh no what happened

Adding mocha to oat milk is ok…

Trying to compile GRUB from source, can't manage to get Debian to use it

What are good resources to learn about nation states?

Lmao

That sounds like a bad idea at best

It really does
I'd just like to edit the Welcome to GRUB! text to include some contact info, no way other than editing the source code

But this really is just a "Break your bootloader" speedrun

Yeah...

@amber karma sorry for the ping but can I dm you? I want to ask you a few questions about cybersecurity.

Pretty sure there's like only 1 version of the binary that actually works, and they've been using it for 20 years

(disclaimer, that was a joke)

Considering that I am on Debian, I probably am running the 20 year old version /s

Grub gets updated pretty regularly. I wouldn't expect you to be on a version older that's older than your OS.

Latest stable release! 2021!

Yeah I was being facetious

I know you were.... I was concerned about the seriousness of the other other participant

They were joking as well

I did say /s

https://tenor.com/view/sassy-gif-25178355

Good idea! I switched from Kubuntu to Debian because I HATE SNAP I HATE SNAP I HATE SNAP, so I'm kinda figuring stuff out since there isn't much preinstalled

I've spent the day wading through kernel stuff, my brain doesn't get that right now

I would start with the MITRE framework if you’re interested in TTPs and whatnot. The public policy side is another can of worms that I don’t know as well but am familiar with.

Snap is indeed dumb

Ubuntu 22 has Firefox only on Snap now :(

Have you considered a non debian distro?

That explains why it doesn't work on my wsl

Kind of, I have tried RHEL and Fedora before but I didn't find them to be that much better so I just stayed on Debian based distros.
Alpine is fun, but too much work

Never really tried anything Arch based, I don't rice so I don't really see a point in that

Fair

What do/did you run?

Mostly windows ATM, sadly

I run mostly RHEL/Centos/Fedora - my work uses a lot of their products so it makes my life less painful.
I do have a handful of ubuntu boxes, and a windows box for games

Might go for fedora when I get a dedicated Linux box

I really wanna get more into the RHEL based distros

The modern ones aren't bad tbh

There are have been huge improvements to fedora usability since F30

I would probably actually use Fedora with Gnome

and silverblue is quite intriguing, although immutable file system may be a bit more than what you're looking to take on

all of my linux boxes that use a DE (even Kali) use gnome

it's not great, but it's consistent and predictable

which is much more important to me than the modern 'sexy' view of window managers

I just run KDE on my work machines and whatever the default is in Parrot/Kali

Doesn't Fedora use BTRFS by default now?

Yeah 36 might almost be usable 😉

at least F35 does - Silverblue uses OStree which is a bit different.

lol, F36 isn't quite baked enough. I use F35 for my work

Isn't it out of beta yet?

A couple months ago. It's still a little unstable for my taste. Some of the tools I need haven't been recompiled yet

Ah

Set my night color to 1000K and now everything is hilariously red

hi

Is it fair to assume that WPS is that button on the router to connect your printer without passwords? And WPA is how you connect your (e.g. GUI) device with a pass

WPS is button indeed that when pressed active to connect via WPS number. WPA is encryption

wpa is when you tipe you password of wifi.

WPA is the encryption scheme

WPA also has directory authentication schemes with radius, so username+password auth
We just don't use it at home.

Try hackme room : vulnversity

when I try to upload the .phtml file, it doesn't get uploaded after sometime it says problem loading page

Which task are you on?

Task 4 Compromise the webserver

Did you get it eventually?

not getting your point

getting the same error in lazyadmin room, while trying to upload the reverse sheel code in ads section

@finite shuttle #room-help please

Hope yall enjoying this beautiful weekend!

It's finally below 35C here so I got to go outside without melting

Huzzah

HP printer drivers are being a bit mean today

I really wonder what this even means. Why personality?

@dark panther Have you tried calling it names?

Way too many times

It finally did what I wanted it to tho, only took like 2 hours

i want to learn hacking

#start-here is a good place to start

I find myself kind of in an awkward situation with real life web testing

I feel like that the design of the website corelates with it's security but that isn't always true

All I can guess is that each role of this presumably multi-function printer/scanner/whatever, was given a "personality" per role. This type of phrasing has been used previously in operating systems, but slightly different context

It sounds like you're playing with an Okidata printer and you need a hardware personality module that lets the device emulate a certain standard of printer for the computer to interface with

at least that's the only place I've heard of one of those

Oh, HP

It sounds like you're trying to have a bad day. Would you like some help with that?

Probably same deal though, nobody is telling the printer who to be. The internet says remove the device+drivers in devmgmt.msc and printui.exe /s , clear leftovers from programdata and reboot+reinstall

John Carmack speaking of the state of hardware accelerated graphics APIs in 1996. Classic: http://www.lytha.com/taffers/carmack_directx.phtml

For those not aware, ~/.plan files were provided over the network via the finger protocol and edited by end users directly. Obviously not used any more for some serious security issues but fascinating bit of history. An end user would edit this file to speak about what they're working on in the 80s/mid-to-late 90s

https://en.wikipedia.org/wiki/Finger_(protocol)

How can I do an attribute seperation in xml without spaces?

<svg data-base64-encoded-tex="XHgwMAo="onerror="alert(xss)"x="" height="24" width="24" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M1 21h22L12 2 1 21zm12-3h-2v-2h2v2zm0-4h-2v-4h2v4z"/></svg> gives error in firefox:

fixed it by using +

How many questions do yall have answered per week?

Depends, I can answer as many as 5, and others 173. (This is going off my activity log which also include machine start ups)

holy shit https://msrc-blog.microsoft.com/2022/08/08/microsoft-office-to-publish-symbols-starting-august-2022/

On this day today a few years ago (one on the right)

We done 400+ miles in a day on tiny sports bikes. I was sore for about 4 days

`

You ride!?!?!?

Before I went back to uni yes 😁

That hot 🫣

😳

There's something interesting i wanna share:

https://dolosgroup.io/blog/2021/7/9/from-stolen-laptop-to-inside-the-company-network

CBR?

Hi, does somebody want to hack some machines in THM together? I offered https://tryhackme.com/room/boilerctf2

Please make sure you are not breaking the terms when doing this btw; Section 2, sub-section 4: Users without subscriptions can only access non-subscription Rooms.

https://tryhackme.com/legal/terms-of-use

Of course, this room is non-sub

some dumbass but a fsociety.dat file while I was at a ccna class

the leavemehere.txt file was there too

Someone overwatched Mr. Robot🤪

I love Mr.Robot.

It’s my favorite show.

did anyone visited admin.tryhackme.com ? this made my day 🤣

welp

https://shitdev.nl/admin/

Is it possible to match for strings in wfuzz?

the response size is the same for positive and negative responses but the content is different

https://book.hacktricks.xyz/pentesting-web/web-tool-wfuzz

welp fixed it by using a filter

--filter "content~'MATCHME'"

I've read a few of the tweets and at this point I'm too afraid to ask who the guy is

Hi

trying to switch to Windows 10. it feels like working without thumbs

my power has been stripped from me

at least until i learn powershell

change environment variables with a gui? yeah, have fun...

I've already screwed it up...

FileSystemRights AccessControlType IdentityReference      IsInherited                InheritanceFlags PropagationFlags
---------------- ----------------- -----------------      -----------                ---------------- ----------------
     FullControl              Deny WIN10-WRKSTN\lemvr           False                            None             None
     FullControl             Allow WIN10-WRKSTN\lemvr           False                            None             None
     FullControl             Allow NT AUTHORITY\SYSTEM           True ContainerInherit, ObjectInherit             None
     FullControl             Allow BUILTIN\Administrators        True ContainerInherit, ObjectInherit             None
     FullControl             Allow WIN10-WRKSTN\lemvr            True ContainerInherit, ObjectInherit             None

No clue how I have 3 sets of permissions for one Item

Try again...

It all started with https://www.youtube.com/watch?v=Fzl3FSy8X98

Thanks!

Gave +1 Rep to @frail rapids

Finally getting better and keep trying to finish one easy lab without help and then hacker vs hacker hit me wit the source code😭😭😭 I hate it here bro

I can’t read this man I had to look for help. Pls stop being mean guys

@inland falcon if you’re void, thanks for explaining what the code does😭

Gave +1 Rep to @inland falcon

learn 👏 to 👏 code 👏 before 👏 trying 👏 to 👏 hack

How many languages do I need to learn before i can hack😭😭

It depends of what you choose

If it's website testing you need to learn things like SQL and javascript

And if it's binary exploitation you need to learn C and Python

I want to hack everything that exists😐 I want to be known as the best purple team member that has ever existed

I didn’t start at age 7 tho. started wayyy too late for that haha. Maybe just a decent one.

it is never to late to start

you just need to keep on learning more and more

True, you need to always keep learning

Programming languages, protocols, techniques

But it's a shame I can't say I do this

My attention span is low

I started three weeks ago... We do it together my friend

Nice! How its going?

don't you forget, it's never too late. Colonel Sanders founded KFC at the age of 65 and, Jack Ma, who couldn't get a job at KFC, founded Alibaba, and retired at 55. Age is just a number, only those who keep trying will succeed.

Welp does it include exploit development?

Interesting

Should I take a CS Degree to have some programming background?

I mean, there are other ways

But I always fail because I don't organize myself well and my interests can change multiple times in a week

I think that something more organized and that puts more pressure on me would be good for me

You do not have to be a software engineer to become a hacker/pen tester/whatever, but the reality is that part of trying to hack something is understanding how it works. If you don't understand the fundamentals of how stuff is put together, you're just bound to struggle once you need to do more than copy and paste one liners from PayloadsAllTheThings 🤷‍♂️

Yep

Personally I don't think that people who don't make custom exploits are hackers

They just know when to press ctrl c ctrl v

I've now completed 150 rooms on THM
Including all the rooms in Offensive Pentesting , JR Penetration Tester Paths and Wreath Network
Can anyone suggest whether I should try more rooms (and which ones ) or switch to a different platform now ?

I now know I know nothing!!! Starting with the very beginner stuff. Learning lots. Plan to transition from electrician to cybersecurity in three - four years. So just plodding along and ensuring I am retaining as much as possible

Hi

I wish you good luck and have fun learning!

Hello everyone, is the only way to disable Wdigest Auth when using mimikatz to grab passwords? Maybe there is no other way.

Hi all, I am unable to fetch the output of the task 1 , Please help me

hows everyone doing?

Chillin

Check with your local power company if they do site tours, yesterday I visited the largest Czech dam and hydroelectric power plant, was super cool

that's pretty cool. Did you get to take any pics?

Hydro plants are cool

Not many, this is the top of a turbine tho

My coal powerplant visit was much cooler and I have more pics

From inside of a cooling tower

Probably the coolest place I have ever been in

+rep @gray jetty

Gave +1 Rep to @gray jetty

What cooler tower is that???

Left one, coal powerplant in Tušimice, Czech republic

hi guys

how r u

fine

Anyone know if these are worth it? https://www.udemy.com/course/linux-heap-exploitation-part-1 https://www.udemy.com/course/linux-heap-exploitation-part-2 https://www.udemy.com/course/linux-heap-exploitation-part-3

100%. The guy is a great instructor and the content is super dense with good information. Still working through part 1 right now.

Like a lot of things in infosec, you could probably find information on each of the attacks discussed in the course across various blogs, but I think this course is definitely worth the money because of the quality of explanation

New here need advice as I was just started my path working as desktop support and wanted to be in cybersecurity and what courses and what can I choose my career growth

Milton, a general manager within the Information Technology industry has said “I would summarize my experience in a few words ‘Smooth and seamless Operation’. The enrollment was easy to handle, especially when there is a good number of devices. Training for other users was very easy, and today an administrative employee manages the basic features and enrollment. The solution has been stable throughout the time of service.”

^ I guess I have missing punctuation here?

Got a usps scam and for funsies I decided to manually go to usps tracking and type in the number and it turns to this?

Is this URL encode? Idk. Why would that even happen

Ah I realize I copy and pasted the tracking number that’s why. I thought it was normal ascii text but apparently it was not. Manually typing out the number gave me the expected result. Interesting

Anyone know a way to get this text on to my pc to play around with it? Or attempt to at least

Do USB port killers work when the USB port is turned off in BIOS?

Yeah? They don't care about data

It's a hardware attack of shorting thousands of volts through it

Ahhh

I just figured disabling it in BIOS would isolate it somehow

Not just software

I wouldn't be surprised if you can still charge things off it just fine

You're frying the chip that negotiates data transfer, not the power lines

ahhhh

hi

Hello

Your need help?

You should try it 😁

GUYS

I GOT MY FIRST CVE :DDDDDDDDD https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36220

OMG HELL YEAH!!!!

We can’t really see the CVE though😭

Yeahh it still needs to be published by MITRE

Congrats! 🎉 🎉

hello

whoami

root

Why is MD5 password hashing bad? https://twitter.com/ProgrammerDude/status/1560548247286022145?t=HkC_1ognxjI9B2M2zTGQew&s=19

FYI https://nvd.nist.gov/vuln/detail/CVE-2022-36220

It's public :D

Basically I had to test the software for my work since I work at an online learning management system used by over 800.000 highschool students and I was requested to audit the SafeExamBrowser config my workplace provided. I was basically manually fuzzing until I found out that the browser doesn't supress printer dialogs, which reminded me of the usual printer dialog -> kiosk escape

hey guys, dont know if its the right thread, im currently working on my nmap skills and wondering whats the most typical way an intruder would scan my network. I read that you could hide behind tor and proxychains, but with the wrong Scans there would be still a package leak. Does someone has more information about this? Or Somehting i could read (Paper , etc) ?

Why do you need to hide the fact you're scanning?

There are multiple Scenarios, for example:

If someone scans my network and hides behind proxychains and tor , it would be more difficult to track him or am i wrong?
I was curious about the package leak, because it would be nice to analyse what information is exactly leaking when you hide.

Don't focus on that.
There's pretty much no legitimate reason to ask about it here, and port scans happen absolutely all the time

Lol than tell me in which channel i should ask, why shouldnt i focus on some topic which im interested in?

Do not ask about it in this discord, as part of rule 9

i dont see where im talking about an illegal action, i asked about some scientific research about the nmap package leak. But nevermind i see where this is going

It’s possible to find collisions in MD5 pretty easily, so it’s not good for storing passwords.

Collisions isn't the problem for passwords.

Rainbow tables and the insane speeds you can get for cracking it are the problems

Collisions are an issue for using it for integrity checks

Cc @frail rapids

You’re right, my bad

But you can still use it for HMAC technically because the compression function still works, but there are better options

Sha1 has the same issues

The cracking concerns still apply, although less for rainbow tables

Md5 is stupid fast on a GPU. That's bad.

Cracking HMAC? Or just cracking an md5 hash in general.

I was answering your HMAC comments specifically there, as it was a reply

Rainbow tables apply for all unsalted hashes.
MD5, NTLM, SHA1 are all very very very fast to compute on a GPU, which makes them easier to crack. That applies to MD5 Hmac too, as you can compute lots of possible keys to brute it.

also i wouldn't say "easily" lol

possible is a better term

How would you go about cracking an HMAC tag without knowing the key or the message? In an ideal scenario you don’t know either?

Fair.

That's not what hmacs are for?

You said the cracking concerns still apply, I was asking for clarification on what you meant there

The key is the secret

Integrity and authenticity, not confidentiality

Right but there’s two inputs into that function. One is the key, the other is the message.

And like cracking salted hashes, you need at least one of them

Message isn't secret

I think we’re thinking about two different scenarios, I’m thinking of symmetric encryption between two parties using HMAC for integrity checks, while you’re probably talking about how HMAC might get used in the real world, which totally makes sense.

I get your points though

Hmac for integrity.
Not for confidentiality.

MD5 is broken for integrity due to collisions

Collisions are made easier because it's fast to compute, so it's all interconnected

You're right. I just want to make it clear that I was originally thinking of this in the context of an encrypt-then-authenticate/authenticate-then-encrypt/authenticate-and-encrypt scenario where the message isn't known, and the HMAC tag is being used to check the integrity of the decrypted ciphertext.

In that example, the message is secret. That is all.

Ahh alright

So what is MD5 useful for then?

If you travel back 15 years, lots of things.
It's old.

Stuff you don't necessarily care about integrity with. There are several very good research papers that show that a bad actor can create arbitrary data to collide with a 'known good' MD5 hash. IIRC one of those papers also demonstrates the same with SHA1.

Ahhh

I like this site: https://shattered.io/

talks about the sha1 collision

Yeah I saw that one in a ctf

@frail rapids Can I dm about your CVE?

Sure

hello friends i hope it is the right thread, i have just finished jr pt path and now i am on the offsive path, anyways if you are like me and intrested in teamwork here send a massage👍

#offensive-pentesting-path

Could someone help me figure out how i can make gobuster run quicker plz?

I mean i tried experimenting with different threads and delay times, it's painfully slow though.........

what tech does thm use for the attack machine RDP?

Used to be guacamole, I think now it's some vnc over websockets weirdness

guacamole is an apache project to display the DE on a web socket - I think it uses VNC but not super confident in that statement.

Ahh okay. Too bad it's not suitable for windows

I'm trying to put CVE-2022-36220 into a box but it's hard because I need to stage a virtual kiosk breakout

so I think I should just RDP via remmina then

THM's browser access does support Windows

Windows client? e.g. if the attackbox would be windows

Windows targets yeah.

It's used in rooms

Ahhh yeah

I've been trying to do the "raspberry vpn hotspot" thing with OpenWrt.

it's worked... about 5 times in a row before unexplainably breaking and i don't understand it

having to wipe it out and redoing it 5 times. Can't figure out if it's OpenWrt or something else

Maybe something's wrong with my SD card, i dunno

Gonna try with Raspbian and RaspAP i dunno. I'm throwing darts at the wall rn

i just hope it's not a problem with the raspberry...

Oh

yeah it's a pain

I have never done this before, is this your first time doing it?

yes.

it works perfectly until it decides not to, for reasons unknown. I can't pinpoint the issue.

I'm going to try a different method using Raspbian and RaspAP

Can you explain how it is and what your experience was, I was just curious

It was just a Raspberry Pi 4-B with OpenWrt.

It's a wireless hotspot, automatically connected to my VPN/VPS in Luxembourg

It worked perfectly every time until power-down. Loss of SSH. Loss of connection altogether, completely locked out.

Oh interesting

I must be try this

yeah, it's neat

Very cool!

HOLY #H1T

THE CVE HAS A SCORE OF 9.8 (CRITICAL) WHAT THE

OH MY GOD https://nvd.nist.gov/vuln/detail/CVE-2022-36220

It's all downhill from here on

that looks cute

Greetings, I have an email solution that marks the following url as spam, I try to find out why the solution marks the url as spam but I can't find anything about it, not even on google, even I searched on reddit. Has anyone seen it before or know what it is about? (I separate the url to prevent someone from accessing it by mistake) http: // slkjfdf . net

You can use VirusTotal to scan links

I already did it and it only returned me that it is malicious and an engine that detects it as spam

Then don't click it

Wanna do an interview for OnlyPayloads?

Hi

I subscribed to tryhackme and I quit my job

I subscribed last night actually and that’s it I’m done

Why did you quit your job?

Cause I had to be twice as good to be given half the opportunity

Some jobs it’s not about who you know really or what you can do because the talent pool is pretty much the same so you end up having to earn your way to the top by having a particular relationship with those able to improve your role

Instead of trying something new like tryhackme

experience is more important than extracurricular activities... continue to get experience then continue self learning, apply for better jobs

@serene trench happy (albeit late) birthday! 🎉

hello guys. so i joined this space today

When you've transferred money to your account, go back to your bank account page. What is the answer shown on your bank balance page?

Any help please?

The answer is in a yellow congratulations box above the total.

Aye congrats!

thanks! :D

Finally we are changing SIEM from Logrhythm to Sentinel, i thought i was gonna die working in Logrhythm.

It's the first SIEM i've worked on but god i hate it, unbelievably sluggish and outdated from a lot of perspectives, their support also kind of sucks so yeah.

Gonna take some time until we make the full change but can't wait for next week to get started working a little in it 😄

Sentinel1 is a SIEM now?

I guess through their Singularity Marketplace?

https://www.youtube.com/watch?v=XXZp6LQZSJU

Azure Sentinel != Sentinel One

Ohh he actually said Sentinel1 but didn't notice it 😄

So I see this https://twitter.com/ArmyChiefCyber/status/1563295564380250113?t=fyCtmC8m_0VZl4pSMLK28Q&s=19 and I wonder - can US nationstates be open about their work?

Or is this because it's the army and not a 3 letter agency

It's probably because of security classifications @frail rapids .

saying they are nation-state hackers may mean something, maybe not, army cyber is supposed to be really good, I've worked with a few in my career

No, that someone can tell others they're working there

Without their employer firing them for their own safety

It definitely would give a unique work experience

It's other than working in FAANG, and I think it's a great early-carreer move

you'll probably get a trainings/certs, unique insights, and the right to say you're an ex-nationstate hacker when you want to go into corporate

which will probably make the recruiters go mmmmhhhh

Personally I really hate the masculinity of the army, which is why my preference would go out to other orgs

(I don't live in the US but I assume it's a lot worse over there)

is this only for us citizens

US

I don't live in the US so I definitely wouldn't go work for them anyway 🤷‍♂️

but I just find the appeal of working as a nation state not bad

They can say it, I’ve known a few that shared outside of a working relationship but we are all cyber professionals

The army cyber division has a lot of women

Non citizens can join the military but you’d have to talk to a recruiter if you are eligible for certain assignments

Really?

Over here it's like 5% women

The army cyber division has a fair number, one of my friends worked there, it is more diverse than my corporate job

Or maybe that is where she worked

Hey everyone I’m new here and I started my course in Oak academy this is my first week will be using Tryhackme. Any suggestions for the first days ? Thanks

Have fun 😉

hey, im in NMAP session, they ask me to nmap "MACHINE_IP" but i cant find it. can anyone help me please?

You need to start the machine.

Usually in Task 1. (sometimes not)

i did it already

I hope that's not you DM'ing me...

You need to press this green button, and wait 2 min(s) for the MACHINE_IP to update, if it doesn't, press refresh or Ctrl + F5.

Please don't DM me without asking.

sorry

im in the machine already, im trying ping the "MACHINE_IP" or nmap -xS and i get this massage

No, you're in the attackbox.

You also need to start the machine you will be attacking.

Attackbox = machine you're attacking from
Target machine = Machine you will be attacking

great thank you!

Hello guys, i just found about this discord from the official website. So, i have decided to join. I want to enter in the cyber security world. I am looking into cyber security analyst and certified ethical hacking career. Is there anyone know the right pathway/programs/certificates to achieve? So, i can start my journey in the cyber world without wasting time. Any help or advice would be much appreciated. Thanks in advance.

I joined the THM last fall and completed 5 rooms & the Advent of Cyber. Logged in for the first time in 6 months and show no rooms completed. Does, or did, history get wiped at some point of inactivity?

Is it me or is unknowncheats a tech support website for undocumented windows kernel structs by unpaid children

No cause that’s so true

When you've lost yourself in the fog of identity. When fractures begin to appear in your very soul. When you feel you are no longer here and not really there, you can find yourself again with one simple command: whoami. whoami..

I like it! So poetic and so funny at the end 🙂

i prefer id

and therapy

eh, I prefer id

Anyone know any good c++ servers? Newbie looking for some people to communicate with. Feel free to dm the link if you have one

I love it

alias wholetthedawgsout="/usr/bin/whoami"
wholetthedawgsout
root

Absolutely top tier.

Okay that’s pretty funny

starting college tmr

I really feel like wearing the "I hacked the Dutch government and I got was this lousy t-shirt" shirt but I don't want people to know about what I do in my spare time

I want one of those

That's a pretty cool flex tbf

but you will forever be asked if you can get into someone's facebook account, because they like, totally forgot their password...

That's like the best shirt out there

Hello sir, I am your premium user .

Here I am stuck on one question. Please check it .

Who is TryHackMe's HTTPS certificate issued by?

for this question to find an answer i had done a lot of research and submitted all possible answers .So please help me . the question is wrong or anything else the right answer.

Try harder, I did that room a few weeks ago

Also #room-help

please help me

Which browser are you using?

That's not helpful?

Just confirms that the room isn't broken

The room isn't, but their Anit-Virus or firewall could be giving them the certificate, which would lead to an incorrect answer.

update:

I want to quit... stuffs so boring 🥲

they going over the fundamentals?

jep

and we're talking real fundamentals

think difference of int vs bool fundamentals

Sounds uh... fun? perhaps see if you can blitz your way through the coursework, get it done early, and use the rest of the time to self-teach something else?

welp I'm currently just learning haskell in class

issue is that my attendance is getting weighted in my grade

What about contribution?

it's university of applied sciences.. teachers are failed IT employees and probably feel like they're better than me

I just asked a question about declaration / definition / initialization and he still mixed them up

Oh fun times... I remember doing some haskell, haven't touched it since

I can't speak on behalf of your school, but I'm sure your professors are probably more than just "failed IT employees". There definitely are cases where they're teaching a subject because there was no one else to and they aren't that up-to-date on it, but if the school has any level of quality, a professor will absolutely clown on you in their subfield of expertise.

also if it's so easy just speedrun the work and do whatever else you want on the computer in that class 🤷‍♂️

I've played CTFs during lectures all the time

or, even better, just ask to test out of the class

This is a thing that only someone deep into the weeds on practical programming applications and compsci would know. function, object, and variable lifecycle isn't a thing I would expect from a sysadmin or network focused instructor.

these are often combined (or the first two at least) in modern languages

I'd expect a sysadmin to know a bit about variable lifecycle and functions at least

Maybe - but I wouldn't count on it. A senior admin, yeah, more than likely knows a bit. But probably not the formal definitions

not formal definitions, agreed, but there's a basic level of scripting I expect them to know

Completely fair; I agree that the depth of knowledge is dependent on how much scripting they've had to learn for their role

but he was teaching those topics (in a programming class)

If it's an intro class, they often don't give the 'best' instructors the base level courses. For what it's worth, giving a lecture is difficult, even if the lecturer knows the material very well. I often turn words around and mis-speak when I'm lecturing; if you have concerns about the instructor quality, go to office hours first and seek clarification from them. If the problem persists, go to the dean or department chair and ask for a meeting to air your concerns.

Making courses is hard

Yes

Making Learning paths is as well 😄

Why does the FBI only go after ransomware affiliates instead of operators?

Or are all operators russian

What do you mean by affiliates?

They arrest the people using the ransomware when possible

Yeah but I think they mapped out the REvil network and keep arresting affiliates

but they haven't arrested any of the operators afaik. or the operators are really good at opsec

Again, what do you mean by affiliates and operators

Revil, if you believe the Russians, was dismantled and arrested

hi

ooh I'm excited ~ starting Exploting AD. Wish me luck

No, breaching... it's like Christmas. Idk which one to choose

ohh,best wishes to you

i think resolved and network manager are conflicting

wondering if i should just switch to networkd

yeah that helped

whats up @compact compass

im new to cyber security as well

Hello guys, is there some kind of channel where we can do a CTF all togheter?

yes! 🙂 well, in #964299701581119538 you can find others to do a CTF together if you like or keep an eye on #964299422538289245

@quasi turtleOh thank you very much!

Gave +1 Rep to @quasi turtle

yw! I hope to set up weekly sessions again soon, feel free to drop suggestions for rooms you would like to do in the #964299701581119538 chat

Yeah!

Making Spanish rice is an art form

easy peasy

No Troll, i give 1 month as a GIFT
Should be more quiet here to let people see

how to claim

There's a lot of bad voucher stuff and scams going around - if you want to gift a voucher to a community member, @twin ridge or maybe @odd acorn would be someone to talk to about coordinating it.

In this case I think they won the voucher from the ticket event, but you're absolutely correct, that's the right route to go through 🙂

well i will see with them then ^ thanks

Gave +1 Rep to @spark sun

I'm excited for the new path

Hope to learn a thing or two about AD since I'm in college and it seems like everyone has experience with windows servers

hey, can anyone tell me where should i start solving CTFs as i am a newbie

Start with the boring stuff

Watch NetworkChuck's CCNA course from 2 years ago and start using linux virtual machines until you're comfortable

kayy, thank you !

Can someone pmo

Why do you need someone to pm you?

Good evening strangers 🙂

when should I rely on walkthroughs?

When you're stuck 🙂 They're just another way to learn

I feel like I m relying on them too much 😦

are you learning from them?

I think so. Taking note as I finish each room. When I can't find a flag or feel stuck for like half an hour I just skip to walkthroughs. Is that bad?

Then I wouldn't worry too much 🙂 make your own notes on what they're using (commands, methodology etc, then you can refer to those instead at times

We all start somewhere 🙂

I sometimes just copy word for word but I should really write them in my own words. Thanks

Gave +1 Rep to @worn schooner

Definitely not. Another option is to take a break. Can't tell ya how many times I've been stuck and taking a break gave me a fresh pov.
Having said that, you can't expect yourself to know everything and walkthroughs help you through things you've never experienced before.

i try to do my writeups with my own quirks but sometimes lines can be word-for-word.

Explaining a technology or an attack vector or anything else involving that is kinda hard to put in your own words

how do you explain jndi/log4j without doing it verbatim?

I've heard people recommend refurbished laptops. What about a refurbished servers?

i mean hardware is hardware but with that level of abuse would it be worth it?

I know I definitely ran into this a little bit when trying to write a post on the internals of Pwnkit. What helped was (a) explaining it exactly how I understood it because I'm still a beginner at binary exploitation and (b) going beyond what the original advisories said and trying to explain it to someone who maybe isn't familiar with memory bugs but knows basic programming.

i try to do the same

In the case of log4j, consider your audience and what direction you want to take your work. Do you want to explain how everything works in detail, are you trying to "explain like I'm five", is this for seasoned experts in the field?

i would expect readers to at least have some basic knowledge.

I also thing a lot of people get hung up on the l33t h4ck3r side of things. It's worth discussing the implications of the bug as a whole to the software supply chain and what issues are currently present there. Exploits are cool but providing mitigation or discussing the origin of the bug and how we can minimize it going forward shows some maturity imo

not that i publish my writeups. they're mainly for me.

oh lmao

i neglect the blue team aspect. I've never even touched it. not yet.

if this is just for notes then copying and pasting is fine 🤷‍♂️ , just make sure that you know and understand what you're copying as opposed to just copying the entire article.

Most of the points I was making were related to writing public blogs.

yeah, i was just pointing out that sometimes we all copy-paste at one point or another

as long as you understand what you're looking at

it's not necessarily a bad thing

my original question though: anyone ever bought a refurbished server?

I am new to this and i dont know if this is the right place to ask this question
but I am not able to message in #koth channel
Do I have to connect to any vpn to access the machine?

You may have to verify for the #koth channel

!docs verify

!dark

!dark

!dark wassup

Isn't discouraging employees to throw around their work email addresses the best way to prevent phishing?

And easily guessed

Darknet diaries had a great peace on Insider Threats involving LinkedIn and work emails.

Is that like a tv series ?

Podcast, should check it out.

The one with the scientist?

Yeah, just finished listening to it in.

Is it me or is learning certain parts of infosec harder as time goes on

Every blogger assumes that those reading are experienced in that field

^I'm specifically talking about kernel pwn

Tbf you are exploring a topic that is just more obscure and advanced than your regular heap or stack pwn

There are just less people who are experts or teach the topic the deeper you get into it

This

^^^ the things above are all valid points but to add on often times the thing a researcher is publishing requires so much prerequisite knowledge, they decide to make their intended audience someone else in their field of study. Say for example someone is writing a blog post about a kernel vulnerability they discovered. The person publishing it is going to want to convey what they found so that other researchers can understand and possibly repro it. A basic 10 page writeup of some kernel CVE with the target audience being other vulnerability researchers may be over 500 pages if the target audience is a first year undergrad computer science student in order to give them all the background knowledge for the vulnerability and how it was exploited. The person publishing doesn't have the time to write a 500 page paper on an 0day if 10 pages is enough for another kernel vulnerability researcher to understand it. The same goes for any discipline whether it be biology or physics. If you're doing advanced research which requires a lot of prerequisite knowledge, you will want to publish you research with the audience being other researchers in your field or else you'll end up writing a thousand pages just to explain every discovery you make

yeahhh

I guess it just sucks that no one wants to write beginner content for specialized content

The beginner content are the classes everyone says is useless in a comp-sci degree program.

Algorithms, data structures, and OS for sure.....

idk about you but I'm not getting a OS-design course or even minor in my compsci BSc

I did.

I didn't go to a top tier school, my undergrad as a solid middle of the pack tier3 school.

Well that's kind of a contradictory statement. If it's specialized, then that will require background knowledge of the "special" subject. The term "beginner" is going to be relative. Something like basic algebra and multiplication may be a beginner topic to you but to someone who hasn't taken an algebra course it will seem foreign

Doing research in memory corruption and binary security in of itself requires a vast amount of knowledge ranging from how computers lay out memory for executables and how a bug can lead to undefined behavior. When you scale it up a notch to kernel exploitation you now introduce stuff like privilege rings, OS design, user/kernel land communication, physical vs. virtual memory and how it's implemented, and various CPU aspects such as control registers and how caching is implemented

It's just very unrealistic expecting people publishing research to include all of this stuff in a single paper

Well yeah, but perhaps just a simple blog post

E.g. explaining basic techniques and the general goal of kernel exploitation

Just something in between the regular kernel docs and specialized exploit papers

Many of those concepts are introduced as part of comp architecture or OS courses - they aren't nearly as in-depth as the active research is, but they aren't intended to be 'current state of the art' in those domains. I am not up to current state of the art, but I am able to read and follow those reports due to those courses

I'm just curious, but what do you learn in OS design courses? syscalls, drivers, memory management, etc?

A bit of all of those topics, plus scheduling, permissions, disk partioning, and a very small amount of monitoring.

Well yes but you have to start somewhere. I have a few links about kernel stuff let me see if I can find them. I started out by developing my own vulnerable kernel modules and debugging them in qemu and writing exploits for them. Then I branched out into finding kernel CTF challenges that I could try solving

https://0x434b.dev/dabbling-with-linux-kernel-exploitation-ctf-challenges-to-learn-the-ropes/
https://github.com/xairy/linux-kernel-exploitation

It's good to start out at the basics of development when it comes to kernel exploitation. If you're completely new then try creating a driver which exposes a char device that a userland program can interact with. Or even implement a custom syscall

You'll slowly start to get an idea of how OSs work by playing around with writing kernel modules and can then tranfser that knowledge gained into finding vulnerabilites

Thanks a lot!

I guess I should dive deeper into kernel devices. I thought just knowing how kernel modules work did the job

(especially until I tried solving a kernel pwn challenge)

Yeah learning how to develop a basic kernel module is one thing. When you have access to kernel land the amount of things you can do is vast. A kernel module which prints hello world to dmesg is going to be a lot different than a kernel module doing hardware IO to a PCIe device. There's just so much you can do that it really is worth exploring more in depth

maybe shadow should read through that keyboard backlight kernel module more carefully

Hm

Perhaps I could look into linux driver dev books

for the most part reading up on it should be easy but time consuming.... though not nvidia drivers because those are still closed source

Like drinking from a firehose... I have many years ahead of me.

Morning all

Hello!

Hi. Could one of the Admins/Mods reach out to me by DM about adding to the next Community Giveaway?

If you can ping me I'll start up a tracking list somewhere

Is password expiration policy/feature necessary?

https://pages.nist.gov/800-63-FAQ/#q-b05

This is honestly just a cool read.

I honestly didn’t know that security questions were so hated.

rules always have its yay or nay side so can't really complain about that

Yeah but just surprising tbh

if i have to change my password every week, i would have done the same

Fr

Why haven't I seen someone talk about SPAs leaking all URLs/paths of a webapp?

Basically SPAs use client side rendering which means that all paths are crammed into a single .js file

so if you use a crawler you can find all paths of a webapp

I've used it for a few web pentests at my old employer. It helped because I knew which API (and regular) endpoints exist, and all HTTP params for them were next to those API paths in a fetch(...)

that also means you don't need to do dirbusting (for most cases) which makes it a lot more quiet

I come across this frequently. I was able to chain an open redirect to blind ssrf a few days ago because api endpoints where listed within the expression scope of the application

any marines on here?

Army, and one cop I believe

There's a bunch of different services here

Not a Marine, or any branch, but if you've got any specific questions feel free to ask

Interesting word choice

There are a lot of people from various military services retired and active

hey,how work the top 50 Monthly in tryhackme ?