#quiet-conversation

im trying yo learn how to use php and actualy PUT it into a site

Cool

What’s the goal of your website?

idk im just trying to fuck around

you want to put it on the web ?

‘The ps-less way using status files’ starts one too many sed imho.

Add a new entry called „The ps-less way using status file with less sed“ to the list.

and there's more

If there was a recent commit I would totally submit this PR +:!find /proc -name status | while read file; do echo "$file: "; cat $file | grep vim; done | grep -B1 vim | grep -v Name | while read line; do sed 's/^\/proc\///g; s/\/.*//g'; done | xargs kill -9

What is this doing?

ChatGPT saves the day 🙂 https://pastebin.com/ny3qMTXv

Actually now that I look at it it makes no sense to invoke sed for each line, either 😄

It exits vim.

I had figured that much, I was just trying to understand the bash commands 🙂 I shared a pastebin breaking it down in case anyone else wanted to learn it

I let chatGPT write me a script that converts a Postman collection JSON to a markdown list, that can then be c/p'ed into an enhancing-mindmap note.
I can post it if anyone is interested.
if anyone is doing a lot of work with APIs and wants to visualize them easily

I'd be interested!

@sand radish

Here's the script. Run it as python postman2md.py postman-collection.json and it will output a postman collection name.md file in the same location.

import json
import sys

def parse_item(item, indent=0):
    markdown = ""
    if "item" in item:
        markdown += "\n" + "\t" * indent + "- " + item["name"]
        for sub_item in item["item"]:
            markdown += parse_item(sub_item, indent + 1)
    else:
        if "request" in item:
            markdown += "\n" + "\t" * indent + "- **" + item["request"].get("method", "METHOD") + "** " + item["name"]
#            markdown += "\n" + "\t" * (indent + 1) + "- `" + "/".join(item["request"]["url"].get("path", ["PATH"])) + "`"
#            description = item["request"].get("description", "DESCRIPTION")
#            description = description.replace('\n', ' ')  # Remove newline characters
#            markdown += "\n" + "\t" * (indent + 1) + "- " + description
    return markdown

def postman_to_markdown(json_file):
    with open(json_file, 'r') as f:
        data = json.load(f)

    markdown = "- " + data["info"]["name"]

    for item in data["item"]:
        markdown += parse_item(item, 1)

    md_file = data["info"]["name"] + ".md"
    with open(md_file, 'w') as f:
        f.write(markdown)

if __name__ == "__main__":
    postman_to_markdown(sys.argv[1])

Uncomment the few lines if you want to get the description and path for the API endpoints (can't recommend on large projects).

I'm using the following template for each host/system. Just paste the api name.md file into it.

---
mindmap-plugin: basic
---

# {{title}}
## API

The ## API is not necessary and creates an additional, superfluous node in the mindmap. I use the enhancing mindmap plugin. It can export the mindmap as HTML, which contains the mindmap as a base64 encoded PNG.

example mindmap (without the ## API)

@spark sun

They are already gone

Quickly @smoky mortar mind if I dm me regarding a project of mine (Seeing if I could use THM and all with it?)

Go ahead. 🙂

It's for people who might find #general overwhelming with the speed it can go at sometimes.

nice

did google knowingly buy all bit flippable versions of google.com? Or did they just buy all misspellings

the former would be interesting since they chose to buy and manage all those domains instead of just implementing industry wide TCP-based DNS

"Just implementing industry wide tcp-based dns"
You mean updating every single device with a DNS client on it that's in service?

At that time they could probably get away with implementing backwards compatibility with DNS over UDP

DNS over TCP exists since a very long time and implemented probably by all mainstream operating systems. It’s there as SHOULD (in IETF definition) since at least RFC 1123 from 1989.

what would using tcp solve?

data would still be susceptible to bit flips

oh the checksum i assume?

Yeah, checksum would be sufficient to detect single bit flips in header or payload

Hi Tryhackme Admin, I am the number one (#1) of june month, but not get the "Monthly Hacker" badge. Could you please check the information for me?

Thank you :D, But I not get the "Monthly Hacker" badge. Can I get help with the review again? TT

Gave +1 Rep to @quartz spire

Can you show the monthly leaderboard?

Yep, you can see on this link: https://anonymfile.com/qyDJY/photo-2566-07-06-102646-pm.jpeg

Can someone help me? I contacted the admin 3-4 days ago but no response...

Typical response time atm is 7 days, sorry

Please don't ping administrators for site issues^
Although right now we have employees in the administrator roles, usually Discord roles are filled by volunteers (mentors, moderators) and cannot help with the site 🙂

go go go power badgers

gota catch them all

https://tenor.com/view/badger-badger-badger-mushroom-mushroom-mushroom-iggydr-gif-18197905

snaaaaake! ooooh it's a snaaaaaaaake!!

snaaakes with legs ❤️

this proves that some of us are old

guys, I'm trying to understand how SMTP servers work;
suppose I send and email to user@gmail.com to an SMTP server like postfix. Tell me if I understand this correctly:
-postfix firstly checks if the domains of the sender and recipient are the same
-they are not, so postfix sends a DNS request for gmail.com for MX records
-postfix sends the message to the server described in MX record for gmail.com

is this how it generally work?

yep

for the record: https://youtu.be/EIyixC9NsLI

http://weebls-stuff.com/toons/chutney-animated-music-video-mrweebl/

ppl tend just to post issue/problem without reading of how to. also ppl are not rply eager even to read rules and so. which is sad

There is such: http://catb.org/~esr/faqs/smart-questions.html

whether or not people choose to read it is another story

Should be pinned imho

That doesn't make people read it

I think there is. in the room help pins.

#room-help message

#room-help message

@smoky mortar can I dm you for an question in room creation

I see now why you tried to DM me.

bruh

Hiii

@astral island Please do not post URLs to rooms that have not already been reviewed by our team 🙂

It will be made public in due time

What's a quiet conversation?

a channel where heated topics never happen and where you are limited on how qucikly you can post new messages to make it more chill

So people don't get overhwlemed by the speed of general.

Hello everyone, after completing the Pre Security and Introduction to Cyber Security Paths, you'd reccommend following this (obviously not starting from the first room) https://tryhackme.com/r/resources/blog/free_path or completing other learning paths( if yes, which ones?) I'm subscribed so i have access to all of them. Thanks

I'm doing the Complete Beginner path after those two.

thanks

could somebody private message me , i need help with the setup and install of Streamify by Kit4Py on github

This is illegal if you use this without the consent of the owners (in this case, the Spotify team).

Please don’t ask for help here

https://giphy.com/gifs/thebachelor-episode-7-abc-xTiN0h0Kh5gH7yQYUw

Throw some css in thre

maybe some JS

Why would someone do that? This is text to read, not “content to consume”.

One reason would be to make it easier to read

If youre gonna ask people to first read 10 paragraphs about reading before asking, you could at least strive to make that a better and more effective experience 😉

First, this is not even my page. Second, this is a standard format for Linux HOWTOs and I think it’s good. Third, it’s not my problem if someone cannot read a 10 paragraphs of coherent text. I have zero expectations, and it’s no enquirer’s benefit, not to mine to learn how to ask better questions.

you asked why someone would do that ¯_(ツ)_/¯

oh that person is mad about something and channeling all that rage onto suggestions.

some people call it "constructive criticism" because it has the word constructive you shouldn't get mad about it 😂

I used to want to work in cybersecurity as a pentester or specialist but I realized how competitive the market for that job is and my life changed a bit so I'm graduating early with a major in criminology and minor in information systems to do a job in law enforcement and I like it. Weird how things changed so fast after 2 years since i graduated hs

Are you going to work in digital forensics? I love forensics

nope, more so research intelligence. I thought about forensics but its not for me

Research intelligence is also great, but I love forensics so much 🙂

understandable

either way is a great job 🙂

Yeah, I just really just enjoy finding information to fit the pieces of the puzzle then explaining it in a way that most can understand, my professors recommended a career path in counter terrorism and so i made a path from entry to senior starting from research

Wow counter terrorism, that's amazing, pretty exciting and big responsibility at the same time 🙂

yep, someone's gotta do the job even if the pay isnt attractive to most. new friends and big impacts

lemme proudly present my new login screen

cybersec is competitive?

Would doubt 1000s jobs but didn't consider it very competitive

right, that makes sense

how about experience as software dev? is it relevant at all?

hey guys im a male age 15 im on my alt rn but i really need someones help because my girlfriends ex has nudes of her and is threataning to sell them online which is 1. illegal since me and her are minors and 2. very unethical of him so i was wondering if anyone here can help me somehow get his address to get cops at his door or if someome can help me do anything about it virtually as neither of us live in the same country as him and really need to put an end to his shenanigans, if anyone can help please dm me on this account

bruh

Someone will be with you in a moment

contact law enforcement. Many localities have revenge porn laws, and there could be complications (such as invalidating evidence) if you do you your own investigation

Your girlfriend should go to the police and tell them what the situation is.

Idk, I just say it because I can't do anything and it avoids minimod

issue is neither of us know where he lives all we know is that he lives in spain but even after using an ip grabber from grabify on him he used vpn so i cant track where his address is to give to cops

so im mainly wondering if anyone here has experience in pulling real addresses that we can then use to stop this guy

just ask him

Last time, contact the police.

Just don't.

if u were tryna sell someons gfs nudes would u just tell them ur location?

Vigilante stuff often means the culprit gets away with it, because you are poisoning the well and not keeping proper chain of custody. Have LEO start an investigation into the cybercrime, that's really the best way you can move forward.

https://en.m.wikipedia.org/wiki/Fruit_of_the_poisonous_tree

Supplemental reading

please post this to #room-help with the name of the room etc.

Could be relevant for AppSec, depending on your experience.

nice,... now you just have a lot of other badges to get

i dont get it - how can I communicate with HTTP server over telnet protocol, if both these protocols are on the same OSI layer?

because the tellnet app is funky

what does telnet client exactly do then?

I mean - what does it do when I connect to a http server on port 80

it establishes a connection with the server normally then asks for you to send input which it then sends over to the server line by line until you send 2 empty new lines as that the server takes as the end of the request.... at which point the server sends back the data requested

if you need a more in depth what exactly is going on shadow can't provide it as they are not 100% sure how it works

my understanding was, the connection itself is handled by TCP protocol, then HTTP protocol handles exchanging data; therefore I don't understand what does telnet "bring to the table"

guess I'll do a wireshark deep dive then

I hate not fully understanding something

Re-organized my notes again 😮‍💨

that looks beautiful

It's not very organized just overarching keywords:

Attachments or anything that takes you outside obsidian (links, files, etc.)

telnet application can be considered a simple tcp client. When you use it to connect to a server port and there is no terminal negotiation, telnet will act almost like netcat. All telnet application-level specifics will be ignored. Then you can use HTTP verbs emulating HTTP over TCP.

thanks!

Gave +1 Rep to @south carbon

is it covid-23?

I know you sent this photo yesterday, but what note taking software is that?

Oh I’m dumb, the question was answered right above me, apologies for the long

hi

hi

@spring steppe

gis

Do you have a particular question? Are you looking for site admins or the discord moderation team?

Gave +1 Rep to @tawdry dove

What software did you use?

It's obsidian notes

Thank you

IT sec only wants you to use one note

What tool is this?

it's Obsidian note taking app

Yoo, how can I learn to take, organize notes like you?

obsidian is great for note taking, and its not hard to use. I highly recommend it

Start with a big concept, split it into smaller concepts, learn more about smaller concepts, build up to bigger concept, connect concepts with others until you have a big web of ideas, expand your ideas, profit, start with another big concept

👍

I can PM you a demo if you'd like

• obsidian have shit load of comunity plugins to step up the game

Ye, I'd like

How do you color them so nicely? I only get neat gray dots.

If you got to settings (the cog on the right) and then groups, you can choose colours for the dots based on different criteria

Thanks 🙂

Gave +1 Rep to @winged rain

Hey, I'm looking to build a CTF team with two other team members, preferably intermediate level (some prior CTF experience), and preferably with some rev experience. If anyone is interested, DM me

Heyaa, I have experience in Cloud security, SOC, Scuritity Compliance and sort of red teaming as well.
I am looking for freelance project where I can work on managing security compliance on Azure platform.
If anyone has any opportunity around this then please DM me.

I watched Lo and Behold and I learned that the first word on the internet was "Lo"

In 1969 when ARPANET was created, a UCLA computer was communicating with a SRI computer, UCLA's computer being the first network node ever and SRI being the second, and when ppl on the ucla computer were going to type login or log on not sure which, stanford's computer crashed on the letter G and so only L and O were sent and received over the internet

on Lo and Behold the documentary

https://www.youtube.com/watch?v=q3g3hqNJqpQ&t=5254s

btw this is legitimate it just has ads, not bootleg movie. It's from Youtube official. So don't ban me mods plz.

Oh sorry it's probably geo locked. US Based.

https://tenor.com/view/google-logo-meme-animate-logo-google-gif-24209368

yeah so now you know that the first word typed on the internet was Lo

!level

ouch

!echo

#bot-commands will work

thanks, I have not seen this! Right up my alley.

Gave +1 Rep to @spiral basin

very good enjoy

I know I haven't been as active as I should be on here, but I've been super busy these last couple months really honing down on my A game and studying for the Sec+ and Net+. Now that I am done with one goal, I plan on being more active on here. Really appreciate this community and it's members which make it a great environment to be in. 👍

Keep taking goals down 💪

@radiant jacinth The material I used initially was Udemy course videos and the Total Seminars textbook. I also practiced heavily on free online exam practice questions found at examcompass.com. Mind you, I also had other proprietary material from class that helped a lot, so don't want to rob you from the expectation that Udemy and Textbook were the only materials i used to pass the exam. Though i do say this, Udemy videos coupled with Security+ Textbook can definitely do the trick in passing your exam. Being that you will see questions you read on that Texbook, on the exam......also last but not last what helped another was doing the ISO 27001 and HTTP in detail rooms from TryHackMe. I did see questions on the exam regarding ISO 27000, and the OSI Model room

Gave +1 Rep to @olive tundra

hello people

Finally got the badge. I'm suppose to get a wallet version as well

grats

grats

Thank you all! I do want to say that Mknukn and among the rest of THM members definitely had a portion of inspiration in getting this done. Can't show my gratitude enough, this community has been amazing and overall amazing to me. 💙

Is there a way to save it in yourself the motivation you get at like 2AM while browsing the internet ?
Am i the only one like this ? I would start doing push-ups at like 3 AM and thinking about opening my LLC and learn a new language and find something new to do

You could use will power.

Where do i download that ?

Discipline

"Start off by making your bed." By making your bed, you start your day with a sense of order, discipline, and accomplishment. It sets a positive tone, giving you a small but tangible victory that can serve as a foundation for productivity and motivation throughout the day.

Already doing that

Whats stopping you from doing all of those things at 2AM though? Not everybody has the same sleep cycle 🙂

my full time job that start at 8

Wake up earlier and go to the gym or go to the gym straight from work (keep gym clothes /pre workout in your car) then youll be full of endorphins that will motivate you to get shit done when you get home.

i work remotely and my gym is on the 1st floor of my building

I just wanted to vent 😄 all is good, we got work to do

That helps

Yeah, helps pay the bills
But soon. gonna transition to a cybersec role and finally be a bit more fulfilled from doing my job

sounds like a plan, good hunting

If you work at home, couldn't you negotiate with your boss to start work at a later time? As long as it gets done I don't see how they would mind? Gotta do whats best for you. Being awake till 2am and starting work at 8am isnt enough sleep ideally also, so they would probably notice an improvement

Ah yes cause Amazon cares 😄

Fuckkk amazon

once you get high enough up they start to treat you like a human. buddy of mine has a ton of paid leave

and other benefits

To get high enough you have to have a PhD and Master's in licking boots and kissing asses on a corporate scale

Average corporate hell enjoyer

Just finished the Jr. Penetration tester learning path. Idk if it's supposed to be that hard for noobs. but some parts were really challenging.
Anyways, satisfaction levels are at an ATH and on to the next challenge. THM rulz!

What's your next step?

i'll do the OWASP room and try some of the easier CTFs, then go onto the offensive Pentesting learning path. Outside of THM i'll apply to a local university on Monday, if i get in, i'll earn a Masters degree in Cybersecurity and digital forensics

learn some stuff, have some legit certification in my resume and hopefully switch to a job in cyber 🙂

Awesome sauce ! Solid plan ! Good luck

Lost my 53 day streak today🥲 what’s the highest you ppl ever got?

73

718 and counting

42

just proved i am not a robot, i passed the test

https://tenor.com/view/sorprendido-cara-surprised-shocked-face-wow-oh-god-gif-15759918

See u next year at 1000!

yuups

the goal is to get the max streak badge

What’s the max?

1500 days for the highest level streak badge which is what shadow meant with max

if anyone still wants a switch

on woot.com

Japanese one at that.

finished the "complete beginner" room. feels good man

@stray tundra I am halfway through, that is such a pain of a module to go through, good stuff

The ctfs at the end were pretty tough. But not to bad otherwise

how do i change my country in tryhackme profile?

http://tryhackme.com/api/user/update-timezone
and refresh

Which room is that?

Sorry, I guess the correct terminology is "Learning path" so I completed the "Complete Beginner Learning Path"

Ah okay is that the introtocyber path? Is it completely free?

I'm subscribed so I'm not sure if it's free

But I think the intro to security path is different

Ah okay then thanks

Gave +1 Rep to @stray tundra

I find it incredibly cool that obsidian can just show what HTML code does:

huh how did you do that @winged rain

is that a plugin?

Nope, all you need to do is write some HTML code and it'll magically show you a preview, here's the code underneath (I added a single back-tick so it dosen't go away when i try to SS):

I love obsidian

Please how to solve the 504 gateway timeout..

You're using the wrong IP, you need to start the machine on Task 1, 2 or 3 or something.

You're trying to access the Attackbox IP in the browser in the Attackbox

This is the page. https://LAB_WEB_URL.p.thmlabs.com

Yeah, you need to start the machine, what room are you doing?

Walking An Application task 1

Then press the green start machine button on task 1

Not opening

Did you get a Red box at the top?

Yes. After clicking the green Start Machine, 2 red boxes appear, 1 access Machines and 2, Terminate.

Use the IP that populates that box.

If you require anymore help, #room-help is the channel that you need to use.

You know there are feds here, right?

That's not what this Discord server is for.

Hello, someone know if its possible with gobuster to scan subdirectory in the middle of address ? Exemple : asddasd.com/asdsa/54645/sdsa
asddasd.com/asdsa/54646/sdsa
asddasd.com/asdsa/54647/sdsa
etc etc ..

Not too sure, but at least with ffuf you can

Thanks ffuf works

Gave +1 Rep to @olive frost

Hello guys,

Im working on an university Project where we need to pentest a Network. Ive Scanned its dmz with nessus and found that 3 Hosts with " Unix Operating system unsupported Version detection" (Debian 8.0). How can i exploit the old os ? I dont get how the exploit db works

ask your classmates or teachers

Well id Love too but my teacher Just threw us into Cold water. We basically only got a few pdfs about pentesting and he wont give us hints. We also do Not know our classmates neither can contact Them. So im Just swimming and have No Idea how i can Pass this course 😂

we sadly can't help with your courses, so I would look into finding a way to get help from your school, sorry 😄

You mean youre Not allowed to or Not able to? What is the general way you would exploit an old OS Debian 8.0 ?

Not allowed.

We are unable to assist with schoolwork. Best course of action is to ask the teacher

And you cannot even Point me in a Direction how i can solve it myself? I mean its a kinda generic question. Otherwise i cannot expect any Help for all Kind of Penetration Testing questions since i might need it for a university Project ?

ask your professor/TAs

i wish i had pentest assignments at school

Dumbest rule bruh

Not assisting with homework?

yes

Same

The rule is to literally protect you. It'll turn out much worse for you if you get slapped with an academic dishonesty for getting help on the internet

Some would call said assistance cheating. This rule is simply a precaution against that

The rule still dum

Its Like Not even assisting with Homework at this Point. I have to fulfill a full Penetration Test of a system and i could ask ANY Question about Cyber Security in this context at this Moment.

Thems the rules, please follow them

That's not being assessed per se though

Homework and Exams are assessing your knowledge of a subject, not the internet's

Also if we do their homework for them, then they aren't learning anything

I totally understand and even greet this Kind of rule in General but IMO the rule doesnt make Sense for this Situation since its a general Question about a pentesting Procedure.
But it seems i cannot expect any Help since it might be for Homework in the end. What Kind of questions are allowed to answer then ?

@twin ridge

Questions based on rooms are fine, general questions are alright

How can i exploit an old OS Like Debian 8.0 where nessus told me "Unix Operating system unsupported Version detection". I tried to Look it up in the exploit DB but cant find it since i dont know for what im supposed to Look for

Yeah but the coursework should help there

Exploitdb isn't the only source and that Nessus alert alone isn't super helpful

But they need to learn to dig deeper

hello i have a problem with mysql in linux can someone help ?

Is this for THM content?

nope. i'm studying sql idk why mysql doesn't work on my linux

https://www.digitalocean.com/community/tutorials/how-to-install-mysql-on-ubuntu-20-04 this might help

the weeknd is studying SQL on a Linux machine not related to THM, interesting

true

what problem?

idk

yo

tu

E: Package 'mysql-server' has no installation candidate

which distro are you using?

i downloaded it from here : https://www.linuxvmimages.com/images/kalilinux-2022/

https://www.kali.org/tools/mysql-defaults/

thanks body

Gave +1 Rep to @summer verge

anytime 🙂

Hi

Yeah, it was rejected the same day

what joke am i missing here

DVWA (Damn Vulnerable Web App) is a web application that intentionally has a lot of vulnerabilities for you to practice with 🙂 https://github.com/digininja/DVWA. Basically the person is reporting vulnerabilities of an application that is designed to be vulnerable 😄

ah okay, 😄

yup...safe to say people were not amused

On the contrary, it was absolutely hilarious lmao

That researcher is lucky they reported it under a handle -- I doubt they'd be getting any job offers for a very long time if they'd used their name

None of the other exploits in their repo are valid either 😆

this guy must be great fun

hey guys

hi!

What do you require help with, exactly?

thats illegal

i just did skynet and it was a lot of fun, would recommend for beginners 🙂

is skynet a THM room? or some other CTF?

it's a thm ctf/room! https://tryhackme.com/room/skynet

thanks for the recommendation

does anyone know a way to grab a ip from a link thats then redirected to what the linked looked like originaly?

Why

coz i wanna try it out on my self

idk just to learn ig

But why that specifically?

wdum? - mask the link?

Grabbing an IP address from a link

It’s relatively pointless in actual cyber

idk im new to this lol im just intrested coz it seems cool lol

I would steer away from that and learn proper cyber #start-here

ah alr

what would be the best one to do after the beginner one?

#general message

cool thanks

Gave +1 Rep to @odd acorn

is it worth using a vm coz i got w11 on my pc so should i use kali on the vm and then run THM on there?

Yup

is orcal a good vm software?

Yup it’s good, I don’t particularly use it though

which one do you use?

VMware

does it cost anything?

its look v confusing icl

They have a free version but Oracle VBox is arguably better than VMware free.

VMware free has better performance but is very restricted in terms of features

sounds good ill stick with orcale for now

how do people design their own like os take for example pwnagotchi or flipper

i think YouTube spacehuhn will provide some insights

is there an overview of the security implications of python in excel?

It's being run in a locked down Azure instance, not local.

Online O365 only afaik

marsmellows on a stick over a grill/fire or charcoal?

the magic 8 ball says ... 🔥

🔥

🔥

🔥

🚒

🧑‍🚒

🏕️

🌳 🔥

oh no

👱 ➡️ 👻

👻 ➡️ 🤖

heyy guys

what do you guys do when yall are bored?

Only boring people get bored 😂

ever try reading?

I just did the Bounty Hacker room. I think it's the first room where I've not had to look at any writeups. Hooray!

Eyyyy, congrats! one step closer to knowledge!!

Comgrats! Keep up the great work!

same-site cookies.

https://portswigger.net/web-security/csrf/bypassing-samesite-restrictions

if the cookie doesn't have the secure attribute set then you could theoretically get it if they were to be using HTTP and not HTTPS

just by intercepting the request to the site

yeah i just relized that

that would make it to easy then lol

site seems to be down

Indeed it does

Not actually true.
The exact scenario up there (redirecting through an attacker controlled server) isn't necessarily how it would be done, but IP grabbing is often a part of reconnaissance in red team ops.
You don't want your C2 infra to be accessible to anyone who isn't operating inside the organisation -- both from a liability perspective, and in terms of opsec (e.g. an employee executing a payload on a personal PC at home, or someone actively trying to hunt you respectively). Restricting it by IP is one of the measures you'd take to block that.

Pointless for pentesting / most things on the blue side though

Sorry, yes you’re right. I was tunnel visioned by their proposed scenario

All good 🙂

Doing some job hunting and I noticed a LOT of jobs want sql experience so. I was wondering if anyone had any reputable or "off the top of my head" sources where I can learn sql. I'm at work and haven't looked myself, just figured I would ask here first because the sources I get here are 10x better than anything I have found myself

IMO you are better off learning relational algebra than a specific DB engine - it's totally fine to pick an engine (postgres or maria would be my top recommendations) to practice on, but understand what the math is doing when you run a query first.

Postgres is probably more popular in enterprise settings

Done!

@wary cradle you there?

got a question about the OSCP you took 👀

What's your question?

Looking for someone to chill with, I’m 17 from the uk and just started tryhackme, am going to be active 6+ hours a day and am a chill person to hang around with

ayoo, hmu

how i got act of kindness badge

Hello !!! I have a question about networking anyone can you explain that concept?

Just ask your question what you don't know, or need to know.

Hello everyone! Please help me to decrypt the password from the handshake file captured of wifi ?

Which W-Fi ?

Worldlink

I mean, is it your own?

yes

Do you own the router, or rent it from your ISP?

No, it's my own

Would you tell me how to do so ?

look into the wifi cracking room on tryhackme

Thanks boss..

Gave +1 Rep to @mighty echo

Hi

i completed tomghost today (with no writeup hehe) and achieved level 9 🙂 it's a great room!

hai iam stuck with nmap NetSecMod Room 06 nmap Reports Q1 Check the attached Nmap logs. How many systems are listening on the HTTPS port? scp not working time out and try ssh that also how can i solve that

#room-hints

@twin ridge @odd acorn

Done!

thanks

I have no study group for you, but you can ask about a lot of stuff on here, either in #room-help / #room-hints or in #infosec-general .

Gave +1 Rep to @grand citrus

hey, I hope you are all well. I need assistance with my virtual machine, it appears to have a bug.

If you have a question, just ask

my Linux Machine has a bug. I need assistance with removing it so I can proceed with the training.

This isn't enough information. If you want assistance you're going to need to expand. Start by verifying so you can post screenshots if necessary.

!docs verify

Follow the above instructions to verify

my life has bugs I'd like to remove... 🙂

@rare geode That is NOT at all appropriate here. If you say anything like that again, you will be removed.

Try debugging tools, like self-development

Hey guys

I'm having some troubles with open vpn and Kali Linux

Could anyone help?

Go and explain your issue in #site-support, you should also verify so you can send screenshots

!docs verify

hey, this is what I was referring to yestarday, It has a bug

What bug? Seems to be working how it should to me

If you are referring to the ls results being different that is on purpose. The stuff on the left is just an example and on the right is what you interact with for the practical part of the room

Hey guys
can you help me in tryhackme lab "blue" error
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=-=-=-=-=-=Fail-=-=-=-=-=-=-=-=-=-=-=
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==

and another error is
in "vulnversity" labs when we run the uploaded file
WARNING: Failed to daemonise. This is quite common and not fatal. Connection refused (111)

make sure to listen on the port specified in the reverseshell.

Did you set lhost?

yes

Make sure your lhost is your THM IP and not your VPN IP; if you are using vpn and not the attack box. I had to correct this on a box and was able to get it to work.

@odd acorn ❤️

!update

Does anyone here know about temux and setting up Kali/Vnc cause im stuck

I'm familiar with tmux. what's your question?

tmux is kinda hard to learn for me

So im trying to connect to nethunter kex, but it says "unable to contact setting server, failed to executr dbus-launch"

@junior ermine

basically i cant get kali to set up a server to connect to

I’ve never used kex, but if you have some docs and can point me to where it’s failing I might be able to help.

will do

You meant termux here dontcha?

Yeah

Well that makes more sense. While reading the docs on kex, I couldn't figure out what tmux had to do with it.

it doesn't show the list of things in the above folders, it doesn't show

for example

That is not a bug, you'll see that question 2 in the task asks "Which directory contains a file?", so there is only supposed to be one directory with a file and others are intended to be empty

all the folders are empty

Oh? can you send a screenshot of that?

The screenshots are examples.

I can't open the Linux Machine as I am not a subscribed user, so I have limited time.

but i did try opening each folder, i did not see anything or file in any folder. which means i couldn't perform any other command like cat, cd, ls etc

Well without screenshots it is hard to tell what went wrong, but there should be a file a file present for sure. You're saying you tried to cd into all four directories and then you ran ls within each one?

Are you doing Linux fundamental 1?

Also, should move this to #room-help

oh yeah I forgot we were in the worng chanel, thanks

Literally each one of them.

https://twitter.com/helloNikoheart/status/1698971499552453020

bit of an oversight there discord

there's even a way to hide embeds 😅

ج ح خ د

the usual way with less and greater than sign doesn't really work for me.

Discord warn you before opening a link.

example.com

I'm glad lmao

How do I fix (no wireless extensions) on kalilinux ?

Also can’t find Wi-Fi on my kalilinux

Right click the network part

I did that 😞
Wireless isn’t part

are you running kali on a VM?

Yes

if you're running on a VM kali thinks that wireless internet is regular eth

@silk tusk try this https://nooblinux.com/connecting-a-wireless-adapter-to-kali-linux-virtual-machine/

Okay will give it a try

Hey folks is there a good list of boxes somewhere that all collectivly build on each other. Starting from Zero knowledge to somewhat advanced?

How long would you recommend trying an attack vector before deciding to try something else when you’re doing a CTF? I find I spend way too much time on dead ends.

for me once I feel stuck i move to something else

I guess I just can’t determine if I’m stuck or if I’m doing something wrong/missing something 😅😂

hi

hello

hello

guy's

hy guys

anyone help me solve Risk Management
task 10

Go to #1146822130831478919 and explain your issue

why everyone is quiet here

Sssssh

are there tools to identify an EDR/antivirus on a device as attacker?

i.e. searching signatures like process names, or dropping false flags to see how the EDR responds

not sure if we are allowed to discuss that in here instead of #exploit-and-mal-studies

No access :<

No access :< ^2

hi i have problem with openvpn anyone can hellp me??

#site-support

Hello 👋🏻, I'm at last , that I run the doubletroube mechine in my Kali using virtual box , i configured the exploit and payload by in images . But won't get the reverse shell it shows failed to daemonise . I'm stuck here. Can anyone help me to solve this issue and demonstrate it .

Did you set the ip to yours rather than exactly like the images?

Yes @twin ridge , I

I change the ip

And port of mine

That happens sometimes, did you try again?

Ghost ping?

👀

Looks like

what's the cheapest and most secure way to store confidential business data?

offline encrypted hard drives that are only connected when you need to read them

encrypted as in full disk encryption at the least and multiple layers of encryption at best

that requires making backups though

so I was thinking storing an encrypted folder in the cloud and decrypting it locally with a security key when necessary

ok but what makes business data something that a hacker would want anyways lol

since stealing encrypted data is useless

then you have a continues on going cost fo the cloud service

an practical example is blueprints for ASML machines

a hdd hosted at your own location is cheaper

fair enough

true

but if you need easy access a locally hosted hdd in a server using smb and encrypted files on said smb share would work neatly

that would tickle my spidey senses

oh wait nvm encrypted files could work

think you can setup full disk encryption on that to for if the server is ever off and therefor offline

I'd be more worried about ransomware deploying on the network when the nas is online

and the attackers yoinking credentials to it when doing recon in the network

yeah if those are some major worries offline hdd:s that are only connected for when they are needed will be better

would be neat if there was FIDO-based auth for SMB

so ransomware would be near-impossible to roll out on it as it would require an end user to press the hardware button

hmmm

good question if microsoft has implemented any smart cards or hardware keys for authentication for these kinda stuff

thoughts? i am looking for a cheap gaming pc. i have a gtx 2070 i plan to use 🙂

define secure?

yeah looks pretty good. I'm not too familiar with the AMD line but I think would defo consider the 5500 budget friendly. IMHO 16gb RAM is the minimum these days

maybe wanna get an aftermarket cooler but suppose you can just see how it goes. Budget 'n all 😄

How much are you paying for it

my daily driver laptop has 2gb of RAM lmao 😂

thank youuu

preventing the typical threats to small business

like someone invading their network without them knowing and stealing data

so only business-sensitive data

some cloud solution will be best, depends on the type of data if you’re wanting more thorough answers though

pre-supposing your crypto is good

was just curious if there were any current promo codes going on! @ me if anyone has an answer

If its business-sensitive data, an encrypted S3 bucket works already

But still, the cheapest solution is user awareness, MFA, Password Policy, etc.; those are all free to implement

For small businesses, its unlikely they’d have anything running locally like websites (except maybe AD). Those would most likely be hosted on a provider, from there you’d already have segregation of networks. The immediate threats I can think of are either physical attacks, insider threats, and segregation of networks (e.g., guest network and internal network together)

I'm curious to hear people's thoughts on impostor syndrome

I do not work in or aspire to work in cybersecurity, as many on this server do. I have a job writing code in C# to test other code

but I feel impostor syndrome is rampant throughout the world of working in tech generally

Yep, I deal with it in some cases

Especially when I fail on something I know I shouldn’t be failing on

have you found anything that helps with it?

The best way I deal with it is I say to myself that its normal to have knowledge gaps

Identifying where I am weak at, and generally being confident in what I know and what I don’t know

nice. that does sound useful

I'd be concerned the case won't put enough air through and the power supply isn't likely up to RTX 2070 load

I’d say you can also get a better motherboard, A520 series is the lowest of the motherboard tiers and won’t give you as much power as you’d need and might generate more heat depending on the load

good points! i actually have a very old gaming pc (i7, 2070) i use as a home lab. maybe it’d be better if i turn it into a mini pc and salvage the parts

I have things using port 8080:

netstat -ano | grep 8080
tcp        0      0 127.0.0.1:8080          0.0.0.0:*               LISTEN      off (0.00/0/0)
tcp        0      0 127.0.0.1:8080          127.0.0.1:40186         TIME_WAIT   timewait (35.73/0/0)
tcp        0      0 127.0.0.1:8080          127.0.0.1:37358         TIME_WAIT   timewait (5.72/0/0)
tcp        0      0 127.0.0.1:8080          127.0.0.1:58148         TIME_WAIT   timewait (50.72/0/0)
tcp        0      0 127.0.0.1:8080          127.0.0.1:33554         TIME_WAIT   timewait (20.73/0/0)

But I can't find any process which uses port 8080:

$ lsof -i:8080
<nothing>

This is preventing me from deploying a docker app which exposes to 8080. How do I figure out what's using 8080 and kill it? 🤔 Restarts do not help 😦

try sudo ss -tlpn, shows the process using it

does anyone know a tool to crack an ssh privkey password when the start and end of it are known?

forgot the password for my vm management ssh key and apparently never wrote it down

I think there are ways to recover a partially lost key. Don't know the terminology of it.

https://twitter.com/nicksortor/status/1703862848127201493

It's kind of insane how often multi million dollar aircraft just vanaish so often.

maybe it got hacked

lol. imagine

I am

What a dumb tweet

There was an issue/mishap that forced the pilot to eject over South Carolina. The plane continued flying and is presumed to be in a body of water, narrowed it to two lakes, they're still searching. The safety standown is a common thing applied when the cause of the mishap is still undetermined.

So they want the metrics from the aircraft to determine if it's going to be a fleet wide issue or a singular one

well now it's boring

They found it, I do have some questions though

hello

I from China

Hello

hello

Anyone take LPI Linux Essensials? How is it? I will be taking it soon for school and wanna get an idea of what I will be looking at.

Its a great course!

o7 ready to clear at least 5 rooms today

i have completed 22 in 2 hours today

i am slow 😦

my excuse is adhd what about you?

Not bad dude, that's a pretty solid effort

got stuck on my 3rd room Mnemonic but now i am stuck learning how to use emoji's in hashcat... ADHD takes me down all the roads all at once.

Ahh yeah, you can caught by honeypots when hacking. That's nothing new but with time you'll be able to spot them

My docker service is running. docker complains that Cannot connect to the Docker daemon at unix:///run/user/1000/docker.sock. Is the docker daemon running?.

Before I restarted the service, there were some in-app warnings about "out of memory".

I cannot seem to restart docker or use it due to the daemon error.

Any ideas? I am sure I need to do something to expand storage or something but can't work it out 🤔

that shouldn't be a storage problem

are you running the docker rootless or the actual root context docker daemon?

i am not sure, it definitely is not running with root though

it was working fine until a few days ago when it "randomly" stopped, so something changed to break it 😛

if you are running it as a daemon, it expects root

would recommend switching orchestrators to podman with quadlet for systemd unit files

so that you can still run rootless but have it available as a scheduled service

ok i tried to install podman:

E: You don't have enough free space in /var/cache/apt/archives/.

I think it's the same error, my docker apps were reporting low / no memory too

storage and memory are not the same

check memfree and memavailable in /proc/meminfo

/dev/mapper/ubuntu--vg-ubuntu--lv  226G  216G     0 100% /

This looks suspicious

vs df -h and du -h

100% use 😄

if it's complaining about lack of memory, i'd expect that's a quota memory issue

if it's saying out of storage, that's an entirely different thing

would be storage, i am pretty sure this will solve it:

https://askubuntu.com/a/1117523

I have seen this before in the past 😄

right, but again... resizing LVM is unrelated to memory. Expanding the LVM partitions with pv, lg and lv doesn't do anything to solve memory quota in your orchestrator

unless this is a regional thing where memory doesn't mean volatile?

sorry, storage

Anyone willing to donate a promo code or premium voucher 🤝 hmu❤️

there are giveaways help from time to time

yeah and theres also the fact that im looking into gov jobs but its rather limited given my gpa my first year in college wasnt as good so I decided to work on a trading company instead to help with my 'lack of experience' professionally

suppp.......... i play a lot of rooms in tryhackme and i stuck on the vip rooms anyone who wants to give me premium voucher to support me i would really appreaciate it

Any other Mocca drinkers?

more a latte guy

I love them all. Mocha for a cold day, latte for the morning.

Yesssss mochas

did the Res room today, it was a challenge but i feel like i learned better recon techniques 👍

for those into cryptography

ROT13

at last put text 🙂 lazy to retype lol

haha ok

hfr fgebat rapelcgvba znel, Dhrra bs fpbgynaq

will do my queen

use strong encryption
mary, Queen of scotland

And if you're into cryptography or more likely cryptanalyse, I think you know that mary got killed because of a code based on on mono-alphabetic substution which is based on cesar

And because of a traiter

i will hack you with html

im joking

its not possible

u mirin' bro

@twin ridge

Yeah I saw that, it's a bad joke

Is https://tryhackme.com/room/netsecchallenge seen as a "CTF room"? since it has the charts and all...?

yes, it is a challenge room

Then I have completed my first challenge room 🥳

this was hilarious!

New playlist for hacking (it really does feel like this sometimes) 😂

Grind or die?? Nuh uh

Take frequent breaks and don't die 👍

Dying is the biggest productivity killer

Oh yeah

Is there anyone with PNPT certificate? :)

You could try lurking in the TCM Security discord if you need info on PNPT.

I'm gonna die peacefully

Expect few everyone is just doing to die peacefully

so uhh..

I am completely unable to access BIOS lol. Replaced the CMOS battery. Tried to reboot to UEFI (don't have uefi)

It doesn't have UEFI. Pretty old motherboard.

I've never seen this happen before.

I've never not been able to access BIOS and not have the chip be broken and Windows still boots lmao

can't open boot menu... nadda

fiddled with connections... re seated everything..

i guess it's time...

hey i need help vpn is not connected

Try the vpn script

!vpnscript

not working

i forget, can't you generate a new one?

#site-support

It's not possible to help you when "Not connected" and "not working" is your best description of your issue.
Go through this room again:
https://tryhackme.com/room/openvpn

completed nax today, was really exhausting to get the ||npiet|| to work

If you have questions about a cert, just ask. We've talked about it lots in #cyber-and-careers and yes, as @little shore suggests, the TCM Discord

It's solved :)

B

e

https://www.pcworld.com/article/2044341/reading-a-skype-message-could-reveal-your-location-to-hackers.html

anyone know if this got patched?'

Have anyone took ejptv2 before?

Who even uses Skype anymore... (Except for corporations that is...)

Ive been informed that ms teams is basically skype reskinned

don';t know if this is true it probably would have said Ms Teams too so I guess it's not true

Has anyone done overthewire? I got stuck on bandit20 and I looked up a tutorial and i am not fully understanding what is going on. I do for the most part but not 100%. I included a screenshot of my terminal and a link to the tutorial I followed, and the level https://medium.com/secttp/overthewire-bandit-level-20-a1af9a042c56 | https://overthewire.org/wargames/bandit/bandit21.html

Please ping / DM me with any help and thank you in advanced 🙂

I did over the wire years ago

there’s a guide out there if u can’t figure it out

Skype for business was a product a while ago, and completely different from skype aside from branding

What if God was the first magician, and everyone treated him like a prophet because no one understood what he was doing. So exagerated stories were passed along his lifetime and suddenly he became more of a God figure than a prophet. Sooner or later the Bible started reflecting all these God like stories and Christianity started becoming a thing.

but because it was based in truth to begin with, people just naturally believed that everything was as the exaggerated stories claimed so no one really questioned it.

Just thoughts I ponder occasionally.

Read dune it's good and digs into the whole messiah concept in a fun way

i mean it digs into quite a bit more, but you might find it interesting

The last couple books are not easy reads though

Still haven't read the last 2 but omg emperor of dune is such a good read. Probably my favourite out of the first four I've read

God Emporer of Dune was where the series started to go off the rails, but the next book is really where things got weird

Hahaha. I recommend reading the fairly decent exposition and choice of views in The God of Metaphysics, by T.L.S. Sprigge. 🙂

In my mind, God Emperor is the last book in the series. It is totally divergent in a lot of ways but is like a spiritual successor to the OG three. I wish it would have ended there lol

This is a very specific view through the lens of Christianity. The concept of God is different in other religions.

Actually sorry, the concept is the same but God's priorities are different

I'll have to get to it at some point, I've been meaning to reread the whole series

totally worth it. I think there are a lot of cool payoffs that happen in God Emperor that sort of justify a lot of the previous books world building.

Yeah i've read god emperor of dune, that one's my favourite i reckon

I haven't read books 5 and 6 though

ah gotcha, yeah 5 and 6 were not particularly memorable to me. I might also have to go back in for a reread sometime

Need to look at the Stellaris DLC. Would like to do a Golden Path faction with a giant worm as the leader lol

Wasn't chapterhouse the last entry...anyways

My copies are back in Canada: (

yep, just meant I pretend the last two don't exist. Its a pretty perfect story with God Emperor being last imo

¯_(ツ)_/¯

(╯°□°)╯︵ ┻━┻

uwu ¯_(ツ)_/¯

┬─┬ノ(ಠ_ಠノ)

Don't flip the table!

needs a /tableset

.Hey guys I have a question. I want to be a red teamer. I'm doing Jnr penetration tester path. But I'm having trouble grasping the full concept. So can I do security engineer and coc path first practice it a little then come back to penetration path.What I'm trying to ask is that can I become a red teamer later by first learning blue team

😠

yes.

(╯°□°)╯︵ ┻━┻

put that back

Why why why

┬─┬ノ( º _ ºノ)

Is there A list of machines in try hack me from easiest to the hardest

nope but if you wanna make one feel free to do so

Since they cover a wide variety of topics, difficulty is probably more based around which ones you're more or less comfortable with

I had a much easier time with retro than a recent software room I forgot the name of despite retro being labeled hard

Difficulty is subjective 💃

yeah depends on what you're good at

i need some help in king of the hill h1 easy when you type nano backup.sh i cant save with new edit

You need to to use sudo

Probably shouldn't be giving hints for a koth

See, I thought this also,

But it's not really strictly koth.

There is some files that won't save unless you sudo.

¯_(ツ)_/¯

No official rules against it, and god knows there are a million write ups out there.

We need 3-4 boxes per machine that can deploy so that there are ‘random’ footholds each time

Cause they're owned by root generally

Fair

🗣️WAIT IS THIS QUITE CONVERSATION!!!💥💥💯💥💥💯💯💥💥💥💯💯💥💥💥💥

shadows poor ears

quiet!

quite the conversation indeed

What, Fortune wasn't enough for ya?

I do actually have plans here for Chameleon -- was going to be pretty much exactly that. A box with about 15-20 Docker images, each containing their own autogens. A bunch of them would be picked at random at boot and built.

I decided against building the thing when it became clear that KoTH was being largely abandoned. No point in building a box that wouldn't get added 🤷‍♂️

Sad

Interesting idea though

thats kind of sad, was hoping to be able to participate one day

sounds like that would be an amazing normal ctf room on tryhackme too... but yeah sad it got canceled

just imagine people trying to do writeups when the room is random

eventually you'd get them all

true but that did not seem to be the case with red team capstone

Hello .someone's on the line

1

On the line, or on-line

https://tenor.com/view/loser-online-is-the-homestuck-gif-24872474

How y'all doing?

Doing good doing good, currently still waking up and in dire need of a coffee lol. How's you?

calling it a night actually

good good.. gm

I made Cafe Bustello Coffee... i dont think i can ever go back to any other brand...

Hi everyone, I have a Linux question and need a bit help. How would I extract all files (photos - .jpg) from one folder and hundreds subfolders and move/copy them in one new folder? I would like to do that from terminal in one command. Another problem is that each of that .jpg photo has another file with .jpg.json extension but I want only .jpg.
Thank you

@crisp yarrow If you're familiar with piping, I would starting by taking a look at the find and xargs manual pages. The one liner should be fairly straight forward with these.

Actually, find's -exec operand makes xargs unnecessary.

I'm going trough man pages now to see if I can figure it out

Do you want to keep the directory structure?

They are all mixed anyway so, no.

Hi

The command to find all the JPG files: find DIRECTORY -name "*.jpg", and it allows you to execute something with -exec. You could do something like `find DIRECTORY -name "*.jpg" -exec mv "{}" "DIRECTORY_OUT/$(basename {})" \;

I used this find . -type f -name "*.jpg" and get the result. how should I move that result into new directory? Using pipe?

Piping is to exchange content, I understand that you only want to move the files

yes

So use mv in combination with find

find . -type f -name "*.jpg" mv /new_directory
like this?

No, like I indicated:
find DIRECTORY -name "*.jpg" -exec mv "{}" "DIRECTORY_OUT/$(basename {})" \\; (and I realized I need to escape the backslash. We can make it simpler actually:
find DIRECTORY -name "*.jpg" -exec mv "{}" DIRECTORY_OUT \\;

mkdir jpg_files
find JPG_DIR -exec mv "{}" jpg_files \\;

That should work, but tell me if you have issues

There is already so many random shit going on it would probably make people paranoid and crazy

It would make it more competitive ✨

There will be no more remembering how to get onto each box and getting root within a minute

Please am having a problem here, Whenever I try to use my root Terminal to connect to an IP host, after I enter the IP, it asks me if I'm sure I want to continue connecting (yes/no). I type "yes" and then it asks me to enter a password. However, I notice that I am always unable to input my password to connect to the server IP.

It's not echoed back

Continue typing and then just hit enter