kk

Wanna bet?

If you wanna flag your account for anti cheating, go for it.

hi guys i have the same problem as this
https://forums.kali.org/showthread.php?78131-Can-t-Access-Specific-Website-On-Kali-But-Can-On-Windows

any guess why I can't access exploit-db on my kali vm but on my host I can? 😣

oh dont worry i'll record myself doing it and upload it to yubtub as proof

So you're going to go for no sleep for 7 days?

no ill take naps

also i am permanently sleep deprived

What about every day life?

i got no life

So you sit in front of your computer all day, every day?

No school, job etc?

no but im ded

Have you tried to do curl -v https://www.exploit-db.com/ ?

Just to get an idea if your request is reaching the website?

@unborn jasper even if you do it 24/7 you won't be able to do it

unless ur just copy and pasting flags

im a speed reader

also to complete rooms i only need to answer the questions sooo...

a lot of the rooms require machines to solve

Still need to do the material etc to get flags and what not.

i still believe its possible

whatever it takes bro

@unborn jasper do IT

Let's see what happens when you cruise through only entering answers...

aight, b e t

just watch me

@tawdry dove Just joined this server. Where does one go about acquiring those custom roles?

Custom roles are provided by mods or through an event.

I'm not really active on this server, but I have to went this somewhere, where it will be understood.

I suddenly had the urge to clean up my KeePass database. It's only around 180-200 passwords (not counting other stuff), so how much time can that be?

It turns out, I hate the current web. Many sites changed the login page link (because they expose something like login3.auth.mydomain.com/aLotOf=Parameters&andNotRedirectUrl=ButLikeOneTimeTokens and now they have version 8...), which you cannot even bookmark.

Many of my accounts simply are dead.

Some others changed backends and my old password is not accepted anymore and have to change (my favourite was where I had a [a-z0-9]{32} password and now I must have a [a-zA-Z0-9]{16}, note the change of 32 → 16).

Some others I can still log in, but my history is gone (my favourite so far: a multi-billion, international company simply does not show my old order for a laptop, even though their software installed on the laptop shows that the warranty is still valid).

And what prompted this message was this gem [see screenshot]. Why-oh-why would you put a LINK between the username and password field and not fix your tabbing order? Yes, I have to have yet another unique auto-type sequence with an extra TAB in the middle 🙄 (I gave up counting, on how many sites did I have to add {ENTER}{DELAY 1500} instead of {TAB} between username and password, because you have to type your e-mail, hit enter, and wait for the password field to load 🙄 ). I'm fuming.

Sorry for the WoT and have a nice day 💚

(Update: I can't even 🤣 OpenAI has a redirect to a login/authentication app, which does not set the website title, so I cannot match it for auto-type in KeePass)

glad we are chatting about rootme , cause i hit a wall. i know the answer but my gobuster, isn't running . gobuster dir -u http://10.10.221.155 -w /usr/share/wordlists/dirb/common.txt . is this correct?

yes.. heads up to #room-help

Thanks

Gave +1 Rep to @cinder lintel

Websites that no longer respect tab navigation for forms suck. Horrifically inaccessible

I'm sorry :(. On a more serious note though, have you looked into a self hosted BitWarden or something to replace keepass? I think it respects web forms a lot better than keepass

Nah, kinda privacy freak and don't want to host my passwords anywhere. The smaller problem is really the forms...

the main problems are:

• sites not making login link bookmarkable
• sites not setting HTML title on login page or setting it to something generic like 'Sign in'
• sites inexclipably and without notice deleting users or not accepting correct passwords

Oh for sure, so if even self-hosted is out there are not many solutions indeed

I wonder if keepass xc is better on web forms

Convenience Vs security

bitwarden can be entirely local - if you wanted to host a server for it, you certainly can, but last time i used the client side application there was no requirement to sync to a server

Look chums, I am happy with KeePass, KeePass is not the problem 😅

Anyone here who uses Stable Diffusion?

I believe there is an AI thread under general

Keepass ftw tbh

You say that, but I just cracked one.

With a weak password probably xd

any recommendations for a browser?

I know this is a long shot but can anyone help me with examsoft/exemplify?

What are you looking for exactly? If you want one for general use just use Firefox as it uses the gecko rendering engine. If you want a chromium base (most browsers/bulk of users) use Brave. If you are on Mac I would use Orion (basically better safari) built on webkit. For linux all this applies but for webkit use Gnome Web/Epiphany which is the same thing with two names.

Had once experimented, how I would secure a really crucical KeePass DB (like for a 3-letter agency or such). The problem is the password, it should be 20+ char random, difficult to crack. So use the XKCD "hack", but put in l33t, multiple languages and nonsense grammar.

Then, as a second factor, add a Yubikey challenge-response for which the HMAC key has been generated on an airgapped machine and the KDBX master password set also there.

So, you create an airgapped machine with KeePass and YKMan, create an empty DB, set a good PWD and challenge-response, then close the DB, print it out as Base64, which you deserialize on a non-air-gapped machine (typing it from the screen). Destroy the generator machine.

Good luck cracking this DB.

if you can sniff out the AES key the DB is encrypted with it doesn't matter what you shove in front

you'll probably need an agent on the machine listening for a keepass unlock

My standard answer to any kind of evil maid attack is: If Mallory has access to your hardware, you lost, end of discussion.

could be a software agent

... which has access to your hardware (in order to read the key, it need direct RAM access, cicumventing OS protections)

there were semi-recent flaws in keepass allowing the key to leak

^

Dumping the memory

That too

That's what I mean... c'mon, if an attacker can dump your PC's RAM, you have bigger problems than what password manager you use...

I mean... if the attacker has access to your computer that's game over already

What's next?
Host your keepass DB on a airgapped raspberry pi with a screen and hand copy the passwords? XD

ngl that would actually be a cute project

Isn't there a mouse that can save passwords? As in having an internal clipboard ?

Host your passwords on your flipper as ducky scripts

Nah, then it's easier to have no passwords. Just always click "I have forgotten my password" and reset it at each login to a randomly generated new one. Even a GUID should do the trick and that you can generate e.g., just by opening https://duckduckgo.com/?t=ffab&q=guid&atb=v320-1&ia=answer

That's basically what keepass does

bad idea- the storage in the flipper is not exactly well-known to be robust

It requires physical access tho

SDCards in general are notorious for wearing out extremely quickly. Additionally, the storage inside the flipper really isn't certified. It's possible it could fail at any time, without knowing when due to the constant access reads and writes

Very true!

Ciphered piece of paper it is then

Read shouldn't be too hard on the card

hi guys!!

It still has a limit of operations I guess

Like everything

less worried about it on the card, completely unsure how many R/W the onboard storage is

It's a very small amount of flash

Hi guys, does anyone have exam soft link?

For what?

@burnt night to get the exams

I have a feeling I don't want to know

what is an exam soft link?

same

Probably an exam dump

hmm you got an avatar now :O

Only for Xmas.

I mean, it's always been there, is that your internet just loading it?

Aaah it's a skelington

https://tenor.com/view/jack-jack-skellington-jack-and-sally-nightmare-before-christmas-nbc-gif-7483399265633771255

cannot believe i just spent an hour going down a rabbit hole on the wonderland box, whos whole thing is "don't go down the rabbit hole" ninja you are evil

if there is a place to go down the rabbit hole is probably wonderland 😉 😂

One of my favourite rooms.

rofl

you have to fall down part of a rabbit hole at one point iirc

hi

So quiet here.

yeah it is quiet convo

Dark

Hello everyone, glad to be here, my first time in advent of cyber security

Congrats!

me too! let's have fun 😄

Hey friends, anyone has an indication where i can read papers about security in general

🥚 👀

👍 😂

hey there

why so slow here?

Because it is for quite conversations, much calmer than general chat normally is

ok cool

@arctic tendon hello, i v got some pdf if you want, about cybersecurity, and you call also follow People like John Hammond to learn Cybersec, RED Team, BLUE Team, and so on

https://www.youtube.com/@_JohnHammond

Hello to everyone 😉

amazing

anyone doing day2 advent of cyber right now?

Probably not, since it's not out yet. 🙂 The daily AOC rooms are released at 4pm GMT each day (as mentioned here)

I meant the side quest one

Those are released weekly-ish. The exact timeframes are mentioned in the description of the SQ room.

no for the task 1 they say that the key is inside the social media links inside the post of 28th to 30th november

check it once in ur tryhackme account

Ah, that's what you meant. 🙂 Yes, there's much more than that already available, since yesterday. You should cotinue, it's a deep rabbit-hole.

There's also a dedicated channel here: #1174347459116417054

ohh thanks alot for it

hi guys

i am new to cybersecurity

any advice where to start?

#start-here

yeessssss!

There are no URLs in that message.

this is so Muir. All this work lol

hahahahaa that is awesome

oh haha, that is pretty cool

You'd be surprised

bro, the attention to detail needed

That's so cool!

Someone want to resolve a CTF with me?

If this is an active CTF, we cannot assist

So I'm on Day 3, trying to input the link address given, into web browser, but it's not working...

Should I reboot the attack box, since I tried to do day 2-3 back to back?

you need to start both the target machine and the attackbox... and then to access the target machine go to said address on the attackbox

anyways if you need more help #room-help is the place

Right, I did input into the attack boxes browser,

did you input 10.x.x.x or did you input machine_ip

of course with the other stuff like http and port number

The former,

How can i start both the target machine and attack box?

for starting the target machine it is this button:

for the attackbox it is this:

--min-rate 5000

yeah eventually i just scanned the ports 1001-9999

and it went way faster

who knew lmao

💀🌞

What's the button for hacking into the mainframe?

I've been wanting to know one thing... Which language of program is needed to be learnt to then learn hacking?

Python, bash, javascript for web hacking, SQL, to name a few

none technically... but it is helpful to know a few
a lot of exploits are in c/c++
and then there is a ton of python to use for different scripting and exploits too
shell scripting will let you automate some tasks and for that you use bash
for website hacking knowing how to read html and javascript will get you quite far
databases like the sql ones will also help a lot

Yep, I forgot C, thanks shadow

Hi, sorry to bother, but I was trying to complete day 4 AOC but it kept saying that the link wasn't working, so I tried to reopen the attackbot hoping that would help but it says I need to pay for it and I can not open a VPN because I am completing the challenges on a Chromebook. Any advice?

try #site-support

Okay, thank you

︎︎︎
︎︎︎

(quiet message)

maybe try #room-help

yeah the attackbox is limited to 1 hour a day for free users... sorry that this is limiting you with your chromebook.... hopefully you can solve it later or get on another computer where you can run your own personal vm soon

It’s fine, I should have looked into what I would need to run the vpn before starting the challenge. I managed to watch the video and work with someone else who was also doing the challenge through the process to get the answers so that’s a plus.

Has anyone used hackthissite before? From what I can tell its safe for the most part but I want to be sure

the hackthissite.org??? yeah have done that in the past... it is safe but old and kinda outdated

Thanks. You say its old and outdated, are the challenges not as relevant anymore?

Gave +1 Rep to @soft pier

they are still a bit relevant but there are a lot more content on tryhackme.com that goes more in depth and teaches you more stuffs

Okay thank you

no problem

go ahead and try those challenges if you want but you will probably have a hard time finding guided content for it

Chill jams

for some reason every time i try to connect to THM using my ovpn file it never connects. Muirs script always shows my tun0 not existing and when the script tries to connect it always works perfectly fine. sudo openvpn ./xtwo.ovpn just does not work for some reason but isn't that the exact same command that the script is using??

Also Muir how were you able to get openvpn to run in the background, fg shows no current jobs running. Bro is a wizard

I can only connect using the troubleshooting script, I do not know what I am doing wrong.

me running said command

That looks like it would work?

hmmmm...it is working.....

you know what it was, the initialization sequence completed was moved up a few lines, and since that wasn't the last line i blindly believed that the vpn was not working

That was going to be my question

1. Did you turn it off and then on again
2. Did you try and ping/tracepath a box
   Lol

its times like these where i realize how little i actually know and comprehend

Happens to the best of us

[everyday]

so this is a quiet conversation

BWHAHAHAHA

Im at class

and its boring

You'd be surprised how many people miss that though.

Thanks for your reply man.

Gave +1 Rep to @soft pier

no problem

Thank you also

Actually not a man if you read the username 😂 I'm not talking about me just in case

Oh yeah that's my regular word you know... I have no idea about the idiom in English.

Actually English is not my First Language

However, I assume I have gained at least the intermediate level.

Nice to meet you by the way.

Just leave the man out and you'll be OK everytime 😂

Yes seargent!

May I add you to my friends' list?

I'm more than glad to chat here in the public, but I don't add people that I don't know or haven't chat for a long time. No offence

No that's ok, not a problem at all. Anyways, do you have experince in hacking?

A newcomer, interested in learning these stuff.

what do u use for buffer overflow testing? Guess it would be better to have VM with Windows as lab environment - if I'm correct let me know which win should i use...
saw win 7 is recomennded but hard to find trusted iso

help me

With?

I could not find an article, please try again.

You talking about exploit development?
You use whatever the software is designed to execute on 🤷‍♂️

If this is for a THM room, #room-help is the best place to receive assistance. If this is for Advent of Cyber, #1174347459116417054

thanks man

Gave +1 Rep to @tawdry dove

I've been away from cybersecurity for a while. Any advice on getting back into it?

I feel like I literally forgot everything I knew :/

doing the advent of cyber sidequest 😈

https://tryhackme.com/room/adventofcyber23sidequest

Where do I actually find people to "hack" with?
Like a group/friends to do CTFs with

I know on other HTB they encourage joining groups and have "Find a grouo" pages for any CTFs that they host

Probably post something in here or in #infosec-general

I'll look into it, thanks.

Gave +1 Rep to @cunning elbow

it means alot when people reply people

side quest answerd?

You'll have to wait on the 28th December for any hints.

@pom#0375

Its a roald dahl book I remember from my childhood.

side quest answerd?

you won't get any here

@odd acorn there may be a chance Parker Jones is a scammer due to his account bio

Im also just coming back after a few year dip.. Just browse through the learning rooms you've completed and make a fresh set of notes.. You'll pick it all up pretty fast (with actually a better understanding).

its been more than a few years for me, longer than expected

site is good revision tactic.

What VMs do you guys use for malware analysis?

as in what host? or what image ? personaly i use proxmox

Are asking the Hypervisor we use or the actual linux Box

both

host to be specific

ohh, well me i use Oracle Virtual Box with Parrot OS

but hypervisor is a dilemma too

Oracle is a new one, haven't heard of that in quite a while

Oracle Virtual Box is a type 2 hypervisor

? oracle vb is whats recomended on most web pages describing how to setup a home lab

Its a free Hypervisor from Oracle

not new 😉

Yeah, but me also use Vmware workstation pro

looks like i was in the wrong place then

hmm gonna look into that

No worries, what was your issue

I'm actually looking to get into malware analysis

You should also look into learning about nested Virtualization

need a vm and a hypervisor for that

yeah me too

vm in a vm?

Yes please

Its very interesting

i have proxmox setup on a old Supermicro 12 cores 64G 4TB 😉 - it's farily easy to spin up a small box and test stuff in it - could do a nested vm but not really needed

I did hear bout malwares capable of bleeding out of vms, does nested virtualization help with that?

depends on how they are setup - you can make an isolated network and use that , not easy to break out of a vm , but it can happen

Yes malware can bleed out of the vm, it also depends on the way you setup your VM and hypervisor

Create a snapshot of your VM before you start testing malware. This will allow you to restore your VM to its original state if the malware does manage to infect it. Use a firewall to block network connections from the malware. This will prevent the malware from communicating with other computers on the network

Hmmm, so i need to config my hypervisor, up a firewall, nest the vms if i have to and I'm good to go?

I got Remnux on Vmware17 rn

some hosts have a built in firewall - i just isolate the entire thing - forces me to open a console to a machine on that network and not just ssh in from my "real" network (like my home would be 10.10.X.X where the lab is 172.1.2.X)

Shhh

Guys can anyone tell me ..as a beginner in cyber security what should be my first project ..... any reference is appreciated

Something simple, but it can be whatever you want it to be 🙂

Can you give me some examples

Port scanner, fuzzer, c2

Malware detector based on Yara?

Might be more intermediate though

Thanks .....

Hey guys,
I have a small problem and I hope someone can help me.

So basically I want to fuzz a binary and unluckily the part I am particularly interested in is a TCP socket that runs on a specific port.
There are many other sockets doing some stuff but i don t care about them.
How do I override the open(), close() and accept() functions with a shared object (the socketfuzz.c in the AFL++ utils) of this particular socket without disabling everything else so i can fuzz this port?
I am currently using AFL++ on qemu mode. And what i am trying is to have input files in stead of the actual socket communication. I have to use binary only instrumentation without the actual source code.

Does anyone maybe have a hint how I could approach this problem?
Every hint or idea is welcomed. 😄

Is this for a THM room?

nope but i hope that is not a problem 😅

Who/what is it for?

for my bachelors. i am trying to have an approach on fuzzing network services and the efficency difference between network based protocol fuzzing and file based fuzzing.

and i came to the conclusion that protocol fuzzing is painfully slow and i hoped to find another approach. especially for automated bugg testing in the industry

actually a very nice bachelor topic to investigate

I am a bit of an IT vet, acheved my associates back in '08 and most job have bene "The" IT guy allowing me to do everything from helpdesk to admin. Solid Generalist that has always ben interested in cyber. Is it worth it to do 2 more years of school and get a BS or would I be better off working on certs and becoming more specialized? what are you thoughts?

For you, I'd look into certs tbh, you have tons of experience to the point we're school probably isn't even looked at on a resume

But that's my opinion

If you want a cert though, get your employer to pay for it

Thanks 😄

Gave +1 Rep to @faint gate

Hello all

Hi, somebody here who got nice security questions for my podcast with Daniel Stenberg (maker of curl) it is for a course for my bachelor

لزبف as, mi mo@cunning elbow

Random discovery: DeviantArt locked 2FA behind a paywall 😂 Unless you have a subscription (the cheapest is $1.66/mo w/ 50% off, so $3.95/mo), you cannot activate 2FA 😂 chef's kiss

?

quiet!

Lisbef if I'm not mistaken. I know a bit of Arabic 🙂

Based on Shodan.io, what is the 3rd most common port used for nginx?

Any one answer it

port 80 the third

#room-help

I hesitate to retake my subscription..

nobody can make that decision for you, first make sure you have the money, and then think about how useful and enjoyment you got from the subscription. After that if you really enjoy it and you think you can continue learning then you have your answer 🙂

good evening fellow quiet conversers

So i retake it..

😂

congrats!!!

Hi

hi

@radiant jacinth Keep it PG13

Hi

Hello everyone

Howdy

Im currently using a proxy chain on my vm, and I can connect to any site(to my knowledge) except for google.com. why is this?

What's the error when connecting to google ?

It says "!!!need more proxies!!!" And times out

Ps. adding more proxies didnt work. I also tried using different types of proxies like only https insteas of http, not sure if that would do anything anyways, I dont really know how proxies work

why not just stick to tor then

Yeah I might, but I still want to figure out why it isnt working

Hi everyone. Please I am having issues connecting to the THM network using the OpenVPN. I keep getting this error message.

sudo openvpn Downloads/TheHood.ovpn
[sudo] password for kali:
2023-12-22 11:02:09 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2023-12-22 11:02:09 Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2023-12-22 11:02:09 Note: '--allow-compression' is not set to 'no', disabling data channel offload.
2023-12-22 11:02:09 OpenVPN 2.6.3 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]
2023-12-22 11:02:09 library versions: OpenSSL 3.0.10 1 Aug 2023, LZO 2.10
2023-12-22 11:02:09 DCO version: N/A
2023-12-22 11:02:09 TCP/UDP: Preserving recently used remote address: [AF_INET]18.202.129.195:1194
2023-12-22 11:02:09 Socket Buffers: R=[212992->212992] S=[212992->212992]
2023-12-22 11:02:09 UDPv4 link local: (not bound)
2023-12-22 11:02:09 UDPv4 link remote: [AF_INET]18.202.129.195:1194
2023-12-22 11:03:09 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2023-12-22 11:03:09 TLS Error: TLS handshake failed
2023-12-22 11:03:09 SIGUSR1[soft,tls-error] received, process restarting
2023-12-22 11:03:09 Restart pause, 1 second(s)
2023-12-22 11:03:10 TCP/UDP: Preserving recently used remote address: [AF_INET]18.202.129.195:1194
2023-12-22 11:03:10 Socket Buffers: R=[212992->212992] S=[212992->212992]
2023-12-22 11:03:10 UDPv4 link local: (not bound)
2023-12-22 11:03:10 UDPv4 link remote: [AF_INET]18.202.129.195:1194

Hey, #site-support may be better. You can also try the vpn script

Hi

@tulip shore Please don't do this. You're not a moderator and it's rude.

It was meant as a joke, channel name #quiet-conversation and me saying what I said about waking up

thought it was funny ig not. MB

Jokes are meant to be funny, that was just hostile to the user, please don't be hostile to other users

Well I do apologise

Anyone know of a seedphrase (bip-39) to wallet address script? other than just importing. Looking for some sort of algo to do this 😛
i know i can read the RFC and do it myself but would rather copy someone elses code lol

jooo what u said

sick

There are no URLs in that message.

Hello guys....
Tryhackme vpn is forbidden in my country and I try alot of ways to connect....
Outline Beta: now stopped and doesn't work
Planet vpn: doesn't work now
Vpngate: don't work
I tried to install old version of openvpn but I'm stuck here

If your country does not allow OpenVPN then your only option would be to use the in browser attackbox provided by THM

But it's slower than the vpn connection

That is true, but there is nothing we can do about your country's restrictions regarding the VPN

https://tenor.com/view/morgan-freeman-hes-right-you-know-correct-true-right-gif-27174315

when are the adventofcyber certifs gonna roll out ?

I'm curious, who here genuinely likes Active Directory themed boxes?

I love AD

Not an AD fan

To Staff: I hope the poll is OK here, if you must take it down I understand.

I'll just say that learning Active Directory and Group Policy in production use at work is what made Windows sysadmin click for me, yeah this is fundamentally how Windows Server domains are supposed to work.

These rooms are extremely valuable real world info that you will see in prod. Great to spin up your own Windows Server test labs, there's 90 day evaluation ISOs for Windows Server 2019/2022 you can spin up

"Oh this is literally what I used to log into my profile on any computer back in high school when we first got XP machines" (would have been Windows Server 2003 R2)

tl;dr yes very valuable and relevant info in these rooms, and it's what I have to make sure we're protected against at work (lol not to wreck the poll)

Do you follow SwiftOnSecurity @tall saddle ? I think this thread is something you’d like. https://x.com/swiftonsecurity/status/1734772483302289682

Him and Kevin Beaumount are my all time faves indeed

Yes this is why I love SwiftOnSecurity. He drives home so often how the things he learned in help desk regularly save the day for all kinds of tasks

help desk is not a dirty word, and teaches you so so much

I get massive respect for people who accended from there as I did, but heck I sure dip into help desk to this day at this smaller org I'm at

what is this black magic

google santa tracker is infinitely better than the norad one

you download qubes on a laptop, don't give it permission to do anything but just exist. A week passes and your OS is graphically unstable...

just annoyed

This is so cool holy crap

.

hi

Interesting 🙂 https://securelist.com/operation-triangulation-the-last-hardware-mystery/111669/

Well that's a delicious bite of the big Apple.

!rank

We use / now, instead of !

ohhh thanks for the help

Gave +1 Rep to @south inlet

/rank

This should pop up when you type it in

Where are we gonna type it ?

Anywhere you need it, but ideally should be in the #bot-commands channel.

this might sound a bit stupid, but how do i start my hacking journey? im completely new to this kinda stuff

Have a read over #start-here

If you type it anywhere other than #bot-commands only you will see the bot’s response

I’ve been meaning to say so I like the hacking thing but how can I use this on websites and how am I soposto remember everything

I feel the same way to remember everything and it is very overwhelming. I think practicing over and over again with setting up defenses and configuring firewalls is a great start. I am trying to learn as much as I can in that regard with repetition.

Ok

You're not supposed to remember everything, that's what we have documentation and google for 🙂 Just keep exploring things you like and whatever you do often will automatically be things you start remembering. Things move so fast in the cybersecurity area anyway, what you remember from years ago will likely be outdated by now.

Guys is jr pentest path and oscp are enough to take ejptv2? I didn’t like the ins course but I liked thm path’s more

if youre taking OSCP, you have no need for ejptv2

I wanna take ejptv2 after one month, I didn’t have enough budget for oscp rn

I mean the oscp parh

Path^

You should also do the Wreath room if you have time

So u this jr pentest path and oscp path+ weath room are enough to pass ejptv? I have technical knowledge im not completely beginner

So u think*

Guys any suggestions for good free note taking app on Linux.

Tried https://obsidian.md/ ?

i did expose today, it was quite difficult for my level but i liked how it combined lots of layers and included a new tool i've never used before

Fav notes app<3

Aimbot

why do u think that

https://www.youtube.com/watch?v=GujqU6eFey8&t=8s&ab_channel=Prime

is this aimbot too

I would need to see complete clips; the tracking is sus, but not totally unreasonable for 2-3s at a time from different games

I'd need to play the game to make a decision, but that does look very much like aim-bot.

I wouldn't say that tracking is sus, they're both pretty close to each other with barely any movement, like juun said you'd need more clips

You can't make a decision based on 3 seconds of gameplay

(I've played Apex for a couple months)

the short perfect mass tracking at close range is the sus part; also the tracking through a couple of pillars, but that could be explained by good prediction. Like i said, need more data to go from 'kinda sus at times' to 'definitely cheating'

@spark sun

Using controller on Apex is broken due to its "aim assist". Theres a reason why the pros are looking to switch to controller versus MKB as it has more value overall when doing fights.

It just looks like controller aim assist

Heck, even pro teams are looking for having at least one controller player on their roster

hi THM hackers

haven't talked in this server in quite a while, nor have I done any THM rooms. thinking about getting back into it... what are your suggestions for those v rusty hacking skills?

I took a break a while back as well and came back to it. I helps to go back and go over stuff you already know/knew for just a refresher and then just get back into it where you left off. And do some CTF's, it doesnt take long to get back into the swing of things

great suggestions, thank you 🙂 ethical hacking has been so fun for me in the past, but I work in a tech job that is totally unrelated to security, so I spend a lot of my time learning things related to that...

Gave +1 Rep to @fickle compass

im doing the "Simple CTF" room, and i'm struggling to understand how the exploit you need to use works, https://www.exploit-db.com/exploits/46635. Aren't there an enormous amount of different salts, how does it crack it in like under 10 seconds

It dumps the salt used in hashing the password plus the algorithm used is MD5 which is super easy to generate nowadays (i think i can do around 10M hashes in 1 sec, others can do more) and the password used is easily crackable.

i don't think i quite understand how it's revealing the salt here ngl

because the payload seems to make a query to search for the salt used (to then check if it exists based on the time delay), but why/where would that be stored?

The CMS seems to store the encoded salt in the database under the cms_siteprefs table.

hmm okay but still, if a salt is only comprised of upper and lower chars and is something relatively short like 10 chars, thats still 52^10 different combinations, which at 10M per second would still take 27 millenia

now that i re-read the code i understand it even less lol. Isn't it just trying substrings of the dictionary = '1234567890qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM@._-$'
in order and hoping it works?

MD5 is closer to the billions of hashes per second

Hi THM hackers
Can someone tell me how much time an nmap scanning could take (all ports)?

Well it depends on:

• connection
• speed of your machine
• speed of the server
• flags used
• services running on the target

Ok !
Cuz It's been at least 15min and it's not even close to the end

What flags are you using? Are you on the AttackBox?

Try to use —min-rate 2500

Yeah on the attackbox

Thanks guys

Something I can't understand: the port 22 was "open" when I first scanned the ports. but now that I try to connect through ssh (using an ssh private key), it said that the port is closed

Here is the exact message : Connection closed by IP_ADDRESS port 22

It's the last question of the "exploiting smb" section

The question : Now, use the information you have already gathered to work out the username of the account. Then, use the service and key to log-in to the server.

What is the smb.txt flag?

sounds like they talking about smb not ssh (smbclient) - and when you get a "Connection closed by IP_ADDRESS port 22" that doesnt mean the port is closed - it means the service behind that port (ssh) disconnected - no reasion given

Hum ok
Thanks

Thanks for shedding light on the meaning of the message but given that an id_rsa file is for an ssh authentication, I think they are talking about ssh

Otherwise why should I have to download the key ?

if your using a key the format is ssh -i /<path and keyname> username@ipaddress

scp is the same format fyi

also , when having issues with ssh you can use -v

Why use nmap when you have rustscan 👀❓

Less noise

They both have their uses

@grizzled scarab I used the -i switch and the path but still ! The same problem

try with the -v ssh -i /<path and keyname> username@ipaddress -v

it should tell you where it's dying

keys also need to be 600 chmod 600 blah_id

it's user,group,world and binary so 4,2,1 rwx (read write execute) so 600 = 4+2,0,0 or rw-------

Once a key has been generated, it should never be modified. 0600 would be a bad choice for key permissions

Does anyone know any "airgapped" modern cars?

I want to drive a modern car which is completely offline due to attack surface

your car is more at-risk from canbus exposure than any radios

Ideal type would be a modern sports car with modern safety measures

atleast no network-based canbus exposure ^-^

canbus usually doesn't have direct access to the radios.

Good luck

Car security is usually setup like an onion with different layers/zones. Layer 0 is your critical and the outermost layer is likely going to be infotainment/accessories. Devices usually are allowed to talk directly to the adjacent zone but not to the zone after. Layer 0 can talk to layer 1 but not 2, 3 can talk to 4 and 2 but not 5, etc etc

If you format messages correctly, afaik, or they're doing something quirky you can get around some protections

All the recent attacks on tesla scare me

i mean, that's tesla..... I wouldn't own one

could you link a few?

https://tenor.com/view/the-flintstones-fred-wilma-dino-gif-13215672

Why is wifi not showing up here?

What are you trying to do also what is this for? It's going to show up as the device name, it's not going to say wifi.

Its not really for anything Im just messing around with wireshark. Also when I used it before wifi was a capture option, but it just disapeared. I cant see any traffic whatsoever besides an occasional spike from eth0

is it a vm?

Hello i need a job in portugal for entry level in the field of cyber security any help please ?

Google & Liinkedin would be your best bet.

Yup

and dice

That's probably why

Ye, you'd need to have a seperate NIC to do that.

depending on the host system - direct access to hardware can be an issue in vm's

If it's a USB it will be no issue.

Thanks

Gave +1 Rep to @warm peak (current: #7 - 777)

It worked before on the vm, so Im guessing it might be because I tried to isolate the vm to protect my host from malware? Dont remember exactly what I did to isolate it but could this be why?

possibly - i would be just guessing in the dark as i dont know anything about your setup - if possable you could spin up another vm just to test if you can access from that

Which hyperviser do you use?

Thanks

Gave +1 Rep to @grizzled scarab (current: #150 - 41)

I use virtualbox

oh wait wrong channel

Hello

I was using the BurpSuite Repeater Room on tryhackme. in Task 6, Capture a request to http://MACHINE_IP/ in the Proxy module and send it to Repeater.

Send the request once from Repeater — you should see the HTML source code for the page you requested in the Response view.

Try viewing this in one of the other display options (e.g. Hex).

Using Inspector (or manually, if you prefer), add a header called FlagAuthorised and set it to have a value of True, WHEN I DID THIS IN THE BURPSUITE , THERE IS NO RESPONSE SHOWING? CAN ANYONE HAS ANY IDEA WHY

Are you using an actual IP, or "machine_ip"

machine_ip

That's why it isn't working...

You need to start the machine with the green button

i am using the burpsuite community version on my windows

Yeah, but there is no website in http://machine_ip

Oh , so I have to use the machine from the tryhackmeroo only

Not only, but if you're doing the THM room, it makes sense.

okay, thankyou

So I'm trying to get access to this Room but it says "not-found"

#743859653343182930

Throwback was retired:)

Hey all! I wasn't entirely sure where to ask, so i'm gonna drop this here... I broke my last VM and am having trouble installing a new one haha ˙◠˙

what kind of problems with new one

Change mirror returns me to the previous "Enter HTTP proxy info" screen

that looks alike internet connection

might better download kali for VM software you use

Ah, are you talking about the vm package installer?

you use VBox or VMware

VMware :]!

I'll try that! ty ty

do you have any idea why it was doing that? You said it mmight be an internet issue?

is much more simple. it's pre build file just as VM make one

looks like it cant reach internet/repo

is you VMware network set to NAT or other something

so weird 🤨 It is set to NAT, but when I installed my previous one i Had the same settings and it worked so idk what changed haha :((

try this pre build VM.. if is ok for you to wait to be downloaded 🙂

Alright, thanks so much! :]

np

Heyy, sorry for spamming about this haha :(( I tried installing w/ the pre built vm and it won't start up for me. When i try to open it, it gives me this msg

tried a couple different network settings while downloading with the regular installer, and that didn't work either • ᴖ • ｡

Looks like it can't find the file it's booting from.

Hmm 😶 I wonder why that would happen? I unzipped the file in the same dir I initially downloaded it to...

It looks like it's in Temp folder, which is a temporary folder, so Windows may have deleted it.

did you follow any guide to set it up or ?

Do you have any idea what would be causing the error with not being able to find a acess a mirror for the machines? I had been having this problem for awhile, and none of the mirrors close to me would work. I tried adding it manually to the source list but that didn't seem to ork either so I couldn't download anything ahaha :((

as scrub say. looks some issue in temp folder. did you might try restart pc in this time

ah, that makes sense

also can you copy that error in text form nad post it here

VM Name: kali-linux-2023.4-virtualbox-amd64

Could not open the medium 'C:\Users\redactedlol\AppData\Local\Temp\6f386a8a-4175-4461-b67c-cd2e64e9c071_kali-linux-2023.4-virtualbox-amd64.7z.071\kali-linux-2023.4-virtualbox-amd64\kali-linux-2023.4-virtualbox-amd64.vdi'.
VD: error VERR_FILE_NOT_FOUND opening image file 'C:\Users\redacted\AppData\Local\Temp\6f386a8a-4175-4461-b67c-cd2e64e9c071_kali-linux-2023.4-virtualbox-amd64.7z.071\kali-linux-2023.4-virtualbox-amd64\kali-linux-2023.4-virtualbox-amd64.vdi' (VERR_FILE_NOT_FOUND).
Result Code:
E_FAIL (0X80004005)
Component:
MediumWrap
Interface:
IMedium {ad47ad09-787b-44ab-b343-a082a3f2dfb1}

you using virtual box, not and VMware ?

Here it is, files being in the tmp folder def. sounds like it could be the reason though! The repo error is just so frustrating, because I can't really find a fix on Google either :((

Yeah, I noticed I said Vmware earlier on accident i'm on vb

ooh

then did you downlaod virtualbox kali pre build

Yeup :((

ok. so you have Vbox kali from kali site. not the VMware one

Yeah, I downloaded the prebuilt one for virtualbox

ok

since the error is for vbox. and is VirtualBox E_FAIL (0x80004005) errors can occur for a variety of reasons. It includes faulty settings in VirtualBox and incompatibilities with third-party applications. Additionally, improper Network Adapter configuration and incorrect configuration files may also cause this issue. The error generally appears after you install a new release of VirtualBox.

one solution ppl do is to run cmd as administrator and run: bcdedit /set hypervisorlaunchtype off

and after command restart pc

When connecting on Tryhackme OpenVPN through their Kali machine, is it automatically connected or I need to setup connection?

local kali or kali provided by THM

Kali provided by THM

then you do not need to use VPN file at all. kali that THM provide in -browser is automatic connect

Weird, it says I am not connected

VPN file, and connection is needed if you use kali on you own pc

No no, It's THM Kali machine

it might say that if you dont use local pc with VPN file

if is thm then is not needed to manual connection

Oh ok

VPN is needed only if you use you own kali PC or VM local.

Because I get error when performin enum4linux. So I thought maybe it's because I am not connected

just be awre that THM kali, in-browser, it can be slow and if you have pooc connection it might get extra slow

you can post you error in #room-help or so, and some will jump in

What error are you having?

Hii, i was using tryhackme Redteam Recon and in task 3, when i do the WHois command in the teminal machine, it shows
''connect: Network is unreachable'' can anyone tell what can i do

In which machine are you running the command from?

attackbox

post it on #room-help

i used IP today, it still didnt work,

i tried so many times, still no respose

so wait, asking the same question many times in many places, only will annoy people. It won't work in your advantage. If people didn't answer is because they don't know or they are busy

lol im not saying that i didnt get response from them , i meant the response in the burpsuite machineeee

I thought you were replying of my msg early, anyways know you know for the next time 😉 😂

no no

just a bit of common sense, I've been in the game for a long time 🙂

best not to assume

when you assume you make a a... of u and me I know 😂

i love how people think a spelling trick taught to 8yr olds has anything to do with the meaning of the word

I enjoyed the tomghost room very much
I didn't expect 210 points from an easy room. Is there a lot of rooms with bonus points?

Yeah, i think ive seen hard rooms with bonus points

How do you be “quiet” in texts

🤫 🔇

no need to yell

This channel is for people who might be overwhelmed with the speed general can go at, so they can chat in where things are slowed down.

Oh

Count me in

count me in!

LETSS GOOO!

Add me in your friendlist guys

.

.

Sure

Why am I reading all of these like yall whispering😭

We are all whispering, its quiet conversation after all

Good one

Hi. anyone home?

it is 11 30 pm..... i am whisssssssspering

I'd be interested to try

I'd like to join

Been going really hard on THM these days and would be cool to do it with others! Def interested!

interested

I finally took the time to look into the learning paths, I've already covered/had practice with almost all the topics in Red Team/Jr Pentest.

I don't have a lot of available time to work on things, think I should go through the content anyways just to have it checked off and not staring into my soul?

Hi. I just started tryhackme for the first time and I can't answer the second task. Can someone guide me, please?

Second task of what which room?

#room-help also would be better.

I solved the task already.

@unborn geyser Why have you sent me a friend request? You kind of look like a bot

I have no cyber problems and also friending someone without permission breaks the rules of this server

Ah now you're spamming

hey guys i'm new and i was wondering if anyone new how to convert pcap files to viewable files in on chromebook linux

What do you mean by viewable? You should be able to open them in wireshark

Use wireshark to open pcap file

Hi 🙂 someone knows a good linux Bluetooth adapter for testing hack devices via Bluetooth?

pretty sure i saw some video from john hammond or david bombal talking about which adapters they recommend and for what purpose

Gonna watch it, thanks

Gave +1 Rep to @sleek creek (current: #1966 - 1)

Yesterday, I used the -c option of vim to escalate privilege. Its a classic: vim -c ':!/bin/sh' I suppose the creation of this feature (the -c option) was motivated by a certain need of vim users , but at the same time it seems pretty "overpowered" and easily insecure. Do you think its the responsibility of the developers to avoid giving options like that that could easily become insecure or should the developers create their tool (here, vim) without limiting it, leaving the rest to the cybersecurity specialists ?

what's sh

i don't think that's how it works; if a tool is ment to be used, it will always be able to be hacked. u can do all u want to make it difficult but it will be hackable.
devs are innocent, as this would be impossible to do irl, or they might as well let the user permission to get root directly without vim

-c enable Syntax Highlighting
Open Multiple Files
Search
Highlight
Set File Encoding
vim wouldnt be vim without these -c applications + I'm sure u can abuse anything really in general, like a text editor even without the -c option, it's just one way to do it

also hackers could create a -c if they want, they dont need to wait for devs to create it, it's like inventing a bycicle, they didnt create -c nor rotating wheels to moov, it's like a concept that's already there: it's just a possible way to get root if it's -door wide open insecure, its probably overpowered to be able to moov so fast, but even without creating a bycicle so it doesnt get Unintendedly used ,hackers could create one themselves. therefore creating a new motorcycle instead is as dangerous as delivering it home to hackers, if u don't deliver it, they'll go get it. All about how hard is it to go get it, and not really on creating it or not since they could do it very well if they have the knowledge and time

i talk too much gl reading trought, hope u like phylosophy mess xd haha

Actually I am very happy that you took the time to answer, thanks

Gave +1 Rep to @cyan ridge (current: #1966 - 1)

Hello everyone, we are searching for people that have already completed an easy CTF to learn and practice together through the easy and intermediate penetration testing learning paths and CTFs. We are already an active group of motivated people and we are trying to grow with people that are committed to learn and practice and already have some basics down. Send me a message if you're interested, talking very briefly about your experience in cybersecurity on try hack me or other platforms.

Feel free to @ me here too

It has legitimate uses, and you probably shouldn't need to elevate vim without a password anyways

-c merely launches a command

yo can somebody say waht hackers can do with ip address??

Loads of malicious stuff. DdoS, accessing your location, your own computer runs off a ip address so they could use that in bad ways to. There’s tons of stuff

but with an IPv4 behind couple CGNATs, I'd imagine there can't be done as much as with one public IPv4 assigned directly to your machine

Yeah it all comes down to the level of security

Not that much to be honest

Location can be guessed to within the city or county level, generally not much more precise

DDoS sure, but why would people waste resources ddosing you?

Games

Hmm?

People ddos all the time in games. Get mad that you absolutely destroy em so they turn into skids

Probably more a standard dos than a ddos

Yes

It’s definitely not like you hear actual groups setting up botnets

Still annoying tho

That probably won't last too long in any case, and the ISP will probably start filtering more

Definitely

In any case your IP address won't allow much.

Not much more than a physical address in any case

So it’s more of a address when your scaling the web

Mmhmm

my friend has this old ass youtube account, he lost the password for it years ago and wants it back cause its funny

does anyone know how to get in without the password or email?

You contact google/youtube and see what they can do for you

It depends on how old the account is. If it's before Google acquired YouTube and you don't know the email then the channel is practically lost

Otherwise you would have to go through this: https://support.google.com/accounts/troubleshooter/2402620

Nice try champ

bro is trying to reverse engineer

I was reading earlier on how exploit development was getting harder and the barrier to entry was increasing. What is the thoughts of people in here? Are we all eventually just going to be searching for web exploits?

Exploit development is a small specialized field where you need tons of experience and knowledge to develop particular exploits in the modern world. I think its normal for it to have a high barrier to entry.

interesting, thats what I want to do ideally. Find exploits one day in various systems. Though apparently with modern security features things like buffer overflows are apparently no longer as prevalent. On reddit they were saying that Rust memory safety would help protect from these vulnerabilities. Some even talking about it like a catacylsm of no longer being able to find the low hanging fruit anymore.

There are still unsafe coding practices related to Rust.

Plus, its not moreso the programming language but rather the developers who create applications or systems using that language will be the issue.

There will be times that maybe an unsafe function is justified to be used.

yeah this is one of my primary concerns for the field because I dont want to be outdated and outfoxed by a machine

one thing I've noticed here in that the game seems about finding the ways to think outside the box in the rules, and to catch them in a catch-22 security wise.

@radiant jacinth you're reading too much fiction again...get back to your cave!

But I do think AI will make it easier for exploit developement; since the AI can try multiple things that would take humans much longer to do

What happens if I SHOUT in the quiet zone

does anyone know what happens if you make a request to an AP without encrypting the request with the PTK? Does it just fail?

You get muted 😉

is it safe to submit our personal data to THM??

it said for non student so if a student submit their data anyone can see it??

People can't see this information.

Anyone who's good with networking understands this?

Linux to Windows(OS Host):
Source: Linux IP & MAC
Destination: Google IP & Windows Mac

Windows to Router:
Source: Windows IP & Mac address
Destination: IP Google & MAC_iR ROUTER

Router to Google Server:
Source: Router IP(ipe_R) & MAC address(mace_R)
Destinaion: Google IP & MAC address

Im thinking its related to ARP

The teacher is not really good at explaining lol, why is there two router(maci and mace)?

could'nt imagine a more confusing drawing

on the other hand, why shouldn't there be two routers? Maybe there is a "bigger network" inbetween them, idk

Packet tracer would be excellent for this.

haii so these day i am looking for penetration testing of hardware and embedded system. like web, Mobile, API penetration testing no more content are available for embedded. anyone is aware of embedded penetration testing. plz share the link, pdf or resources. i have list of attack vector form OWASP top 10 but concept or hands on activity on each test-case is lacking, and no platform provide it.

Can someone explain me what is the point of tryhackme room initial access when we know that all techniques that are used in that room are impossiblleee to succeed on modern comoputers ?

what do you mean by modern computers? computers on the internet? maybe. computers on an internal network? you have no idea

I mean, every computer will notice RAT virus when you send to victim, or link with code etc…

Are there any initial access techniques ?

That can evade Antivirus, windows defender etc.

Hey is anyone down to join my team for 0xl4ugh ctf on Feb 9th in 2 weeks

those aren't initial access

anyways, those are advanced topics that we don't discuss in General

Then, what it is ?

Here is the article link for advanced channels

Thanks !

Is gobuster always that slow even with the threads set to 64?

Plenty of reasons:

• your machine can't handle that many threads
• your connection is slow
• the machine you're attacking can't handle that many requests

Maybe the 3rd option
I have a pretty good machine and my connection is also good

So there isn't any trick to make it faster?

Yes, reduce the amount of threads.
Speed isn't necessarily something you'll always want in this field.

Be patient so you don't break anything and get yourself in a lot of trouble (IRL, not on TryHackMe) :)

Ok

Chances of having 64+ logical cores (one per thread + more to handle everything else your PC is trying to run, without having to context switch) on consumer grade equipment are slim. Assuming you're using a VM on your host, chances of that go down significantly.
Now, granted when you're making network connections you should have a bit of tolerance for context switching as you wait for responses, but regardless, 64 threads is unlikely to be as beneficial as you think it is

That said, if it's a THM machine then chances are it is actually option 3, yes
That and Gobuster is not the fastest option available

Although as Jabba said, speed isn't what you want IRL

Yeah but for gobuster chances are that most of the threads are waiting for a response rather than doing anything useful

So 64 isn't entirely out there

True

Server on the other hand is probably having trouble

network threads are much more tolerant of context switching than pure processing threads. Approach it from the context of 'how much time is spent waiting for a TCP response at layer2'

With a good connection, is the latency there going to be enough to keep a full 64 threads busy though?

Actually, thinking about it, even on a good connection probably

What's the best cast latency for that, compared to time cost of context switching on the same core

By far the dominating factor should be waiting on packets at layer2, not swapping the PCB

Yeah, orders of magnitudes of difference. Didn't totally think that one through -- it has been a long day 😆

It's all good. It's a thing that 99% of actual programmers don't really think about, until they have to do a high-compute task across a network

The interesting thing is though, remember that C++ port scanner I built for uni a few years back? Think you (and Hydra actually) looked over the source code in passing a year or so after I submitted it, so probably 2021/2022-ish.

Part of that was performance testing -- I remember distinctly that the optimal number of threads to have running simultaneously was about 3 higher than the logical cores of the CPU I was running it on

it should have been way higher than that, honestly

when I wrote a port scanner in python, the ratio was more like 100 threads for every physical core

Could easily have been other bottlenecks there -- lecturers didn't hugely care about the results as long as the scientific method was right

IIRC if you structure the C/C++ network piece correctly, the ratio should be around an order of magnitude higher

takes notes

Oh, the other thing was that it was scanning something on the same wired network though

So network latency would have been tiny

Also keep in mind that my pyscanner was about on par with nmap for port scanning - no other functionality. I also overtuned the hell out of my code as well

Yeah, that would have an affect - but not as much as you'd think, given how fast the latest 802.11 protocols are

I'd expect it to be significantly faster than scanning something over OpenVPN (THM network) though, especially if you're a long way from Ireland

Tunneling is always going to be slower

Assuming that's the context for the original question anyway

If you wanted to really go crazy with optimization, you'd track how many open connection requests your program has and optimize around expected timeout vs response timings

No thanks
Much though I love programming, I don't think I'd enjoy doing it professionally

Probably depends on how the threads are blocking as well

I hope I'm not talking horsecrap but can't the same be achieved way faster by just doing async socket reads and checking if theres data

bcs then you can send 1000+ packets over 1000+ different socket fd's, and then poll each fd for data in the main thread

then its just a matter of transmitting the right amount of packets so there wont be a backlog of packets to handle

would be pretty funny if this could be done with io uring tbh since there wont be any ctx switching which saves a few ms possibly

That's basically the technique. I'm the c api, you have to build a bit to manage all those descriptors

I have just finished Intro to networking room, this is my first room and it is cool.

good job

Hi everybody - I'm new to THM and CTF in general - So far I've completed the 'Introduction to Cyber Security' and 'Pre security' rooms - I'm currently doing the 'Complete Beginner' room and going to school (AP degree) where I'm learning about networking/Linux and C/Python programming.
I'm curios about what people set up is while doing THM and CTF's in general and I was hoping to get some recommendations.
Do you guys use a VM with Kali? - Just use the THM attackbox? - Running linux on 'bare metal' ? - Dual boot?

So far I just used a combination of the THM attackbox and WSL2 with Ubuntu.

Thanks in advance!

Kali VM just in case you break something on accident. You can turn it off and on to fix it.

Kali Vm is the easiest, and probably one of the best.

Wsl has networking issues, as good as it may be.

Dual boot, Windows could eat some of the partition, and Kali Linux is a terrible distro to run as a main.

Not to mention that it also makes GRUB your boot manager, so you have to specify windows on boot, etc.

Yeah, I personally wouldn't drive Kali bare metal. I (personally) install too much stuff frequently that can break it, or where I appreciate having a quick back-up. I use it like a "dev" environment i.e. "let's give this a try...oh it broke something? okay i've got a snapshot for that" - takes 20 seconds to restore"

Kali in a VM will do you just fine. Unless you want to run your own linux distro and add tools accordingly, Kali is well-rounded, and the install process let's you decide how "heavy" you want to make it

As much as I love the AttackBox (as the maintainer) It really doesn't beat your own setup, configured how you like, with the tools you want available on launch

it is super convenient for doing rooms here and there if you don't have access to your environment, or, for example, there are some rooms (especially older) that are generally only compatible with the AttackBox (because more modern versions of the OS make it quite difficult to go backwards)

I run Kali off a vagrant-controlled VM, provisioned by ansible to make it easier to kickstart it back up when I invariably break everything

some have also said I was insane though so, something grain of salt

I run Kali via a VM inside Hyper-V with checkpoints, so I can revert if anything breaks, which it usually does. Works absolutely fine for me!

Starting to notice a theme here with Kali bricking 😉

what kind of task would break it? can't relate

I am at the point where it's easier for me to standardize my tools with ansible playbooks and roles - bringing toolkits like kali into a 'secure boundary zone' is more hassle than it's worth, when i can use the company standard distro and install from git with a lot less hassle (because I can throw everythign through the CI/CD scanner to validate the tool doesn't have any known malicious stuff in it)

Yes yes and that’s a good call. However, it’s a lotta work & overhead for the average “home” user 😁

how do u get the exact same lateral bar on the right on kali or parrot? got used to it

Hi all. So im getting kinda deep into this and looking at what others are saying, i am realizing a lot of people are talking about taking notes. I haven’t taken any 🙈🙈😬😬

I have always been a if i dont know how to do it, ill google it and figure it out that way kind of person. Learning the core concepts on how to do things, fundamentally understanding it, rather than sweating the specifics that i can always reference later. Am i setting myself up for long term hacking failure if i am not taking notes?

same

Taking note is proven useful, but every person it a world, so you have to do what works for you, but my advice is that before you dismiss taking notes completely give a shot, and see if works for you, you know what people say don't knock it until you try it. 🙂

I have just completed wiresharkthebasics room. If anyone will ever forget how one can go to a certain packet, or apply a simple filter, hmu.

yay thats epic!

Notes are an extension to your brain, not only a paper database for specifics 😄 A mind map so you can brainstorm with yourself, an ordered list of actions you've taken before you got into a bug. Procedures you might not want to think about all the time you do them, so you can write them down and reconsider each part individually at any time. The beautiful thing about notes is that they come up in a different form to serve a different purpose 😄

u r very smart

I have completed a room called furthernmap. Nmap looks like a very advanced tool, it sure will take more than one room to master it. I will buy Gordon "Fyodor" Lyon's book "Nmap Network Scanning". Having a physical point of reference would be very comfortable.

If you have to run kali as vm because you're afraid you could break something, you shouldnt even think about dual booting linux

It takes one big screwup and you accidentally corrupted the disk with your other os (i.e. windows)

I didn't say about breaking Kali.

Kali is very easily broken, it's nothing to be afraid about.

However I've heard far more reports of Windows eating up the partition data.

Thus, breaking the Kali.

What's more likely to happen is that a windows update rewrites the boot partition with the windows boot loader. Unless one understands how the boot partition is structured and is willing to put up with fixing it, strongly recommend no one dual boots from the same drive.

My main point was, in a VM, Kali is far easier to run.

This

Dual booting is antiquated, VMs are super easy and save a ton of headache

Thanks for all the answers so far and your insight! 🙏

Is there somewhere I can access the answer sheets?

As in answers for rooms?. If you really can’t figure it out google the thm room. Or if you just want a hint and you figure out the rest ask in #room-hints

Ok

What's everyone's programming/cybersec music taste?

Heavy metal, electronic, classical?

Check out Nerdcore - Ohm-I & ytcracker

Yes.

@sleek nova https://www.youtube.com/watch?v=D1NdGBldg3w

https://www.youtube.com/watch?v=dQw4w9WgXcQ

Thanks to the /flags directories on the machines.

Gave +1 Rep to @sleek nova (current: #1982 - 1)

:hammer: ryan.l4#0 has been banned.

kpop lmao

north or south?

explain what the difference is

idk

north is more like classical music

i do like classical

but i also really like upbeat music

https://youtu.be/astISOttCQ0?si=uc0acW1FT98iBtli

You know no good music if you ain’t listening to this

🔥