#quiet-conversation

To where?

Depends on the severity etc.

Give me permission for sending a video

& full explain

You need to verify your account.

Ok wait

I've pinged you in the original channel you posted in.

Done ✅

@heavy lintel please follow the bug bounty guide.

hello

i got a problem in my VM room Snort, when i run a command it run constantly and wont stop

#room-help

You are asked to test a website, and you are given access to the source code - what testing process is this? and I answered [White-Box Testing] it says incorrect pls what is the correct one

sounds more like code audit

White box testing.

Remove the hyphen, next time, please use #room-help

yo can soemone dm me i need help w soem stuff

If you have a question, just ask. Asking to go to DMs for "help with some stuff" makes it seem suspicious.

hello everyone, I recently started tryhackme, I'm looking for a partner to learn together or a team to join, I have decent knowledge about cyber security and I would like to learn more,I'm based in north America, please feel free to DM me.

mb

What do you need help with?

Hello, I am a currently working on my CyberSecurity Engineering master degree, and I've recently came across TryHackMe and its community. I would like to ask about advice regarding a task - nothing too much just a general advice on how these tasks can be done. Ill be using my Kali-Linux machine and another 4VMs (DevServer, MiniWebServer, myHobbieServer, and windows2012r2) to complete these tasks. Am not here to scam anyone nor try to provoke you or set a trap, am just really new with these stuff and general knowledge or suggestions could REALLY help. If anyone is willing to have a small conversation please let me know (mainly so that I can provide with the tasks that I would like a generic advice).

Is the task THM magerial, or school?

Thank you for your reply, yess its University material. I understand that most people will refuse to help due to guidelines and etc. Am just asking for general information in order to better understand the task in hand. Nothing red-team or black hat related, everything is controlled withing the VMs provided by the university.

Gave +1 Rep to @south inlet (current: #1 - 2255)

Then you'll need to seek help from them, as we don't know how everything is set up etc.

And we don't allow help with schoolwork/work related topics.

I see. No worries that's understandable. Just wanted to shoot-my-shot, maybe get some more knowledge cause am starting to get burned out. I appreciate your time 🙂

you change the username, the last one was a kind of "pegame y decime marta" 😂

me ?

yep

Yeah, I did xD My name in discord is "llamame papa" == "call me daddy" which is a joke basically (same with my profile picture).. After sending like the first message, I noticed the panel on the right side, with everyone's name and role and I felt it would be more "appropriate" to use the name that I have in TryHackMe which is the nick that am using.

Am not trying anything fishy or anything, I just want to be involved in the community :3

in breach-ad room while running ntlm pasword spary got error

#breaching-ad

It's not school or work, but can we share screen with tutor and ask more indepth advice etc? Haven't screen shared as I figured it's copy right law

Unfortunately, we cannot verify whether or not it violates academic integrity at your University 🙂

Not in school but checked the terms and conditions and its personal use only forgot to edit post or add that

hy

hye

how are you?

hey guys im timo from mrc i want learn cyber but i need someone to help me step by step cut idk from where i cant start

At what time of year, that ticket rooms will be uploaded???

https://tryhackme.com/r/room/tickets4

Like this

No idea when the next one will be.

A ticket event is connected to a release of a learning path, although not all learning path releases will have a ticket event.

OK Boss. I just wanted to confirm 😄

https://www.modos.tech/blog/modos-paper-monitor-pre-launch-on-crowd-supply

Cool stuff!

Use case, beyond tinkering?

As I shared my vision with others, I found that many people faced similar challenges: writers, authors, journalists, programmers, students, teachers, doctors, lawyers, engineers, makers, digital minimalists, people with visual impairments, those with health issues and many more.

We all struggled with the same problems—headaches, eyestrain, and distractions caused by our reliance on digital screens. This shared experience fueled my desire to create technology that respects our time, attention, and well-being.

Certainly being on my eink tablet before bed instead of my phone personality has had a massive positive effect on me, just due to the screen

Headaches, eyestrains, so we swap the 24" 4k monitor for 13.3" low-res, low-refresh rate. This is the setup they show. Who in their right mind would want to work like that. Certainly no programmer, journalist, author, doctor, engineer or lawyer. They want "screen real estate" as they say today, to look at documents and drawings all day.

To be fair, e-ink is nice to read on

I have a question. I want to do bug bounties. What path can I learn first in order for me to begin a bug bounty program?

web

Web path?

probably a good start, yeah

i havent found a path specifically for bug bounties but

Pre Security -> Intro to Cyber Security -> Jr Penetration Tester

would get you decently skilled

There is a new web path coming out soon, that will cater more for bug bounties

I think I might want to write a room. I did the history of malware the other day, it goes back far. but misses a lot of stuff from recent decades

like sasser, dcom rpc, nimda and all the things that led to Windows Firewall/Defender and ASLR/UAC

Good luck.

If you're interested let me know and I can give you a channel where that is specifically for room creation queries.

note that walkthrough type room submissions aren't being accepted AFAIK

Check out: https://help.tryhackme.com/en/articles/6633511-creating-your-first-room
Particularly, the Best practices section on the page. 🙂

hi

shhh its the quiet chat

Guys, I want to understand a topic: Can a cellphone use two networks at the same time?, for example 3g and 4g, and what network does the phone use to make a regular voice call?, and why does the phone switch from 4g to 3g when making a call?

I apologize if this question seems too simple, I'm still new, This is my first research on this topic.

afaik cell phones only use 1 network at a time, but will fall back to the lower one when the higher one isnt avail

https://twitter.com/daylightco 👀

What do we do if we are stuck on questions ?

read the text again and try harder or #room-help

google the concept/problem,

use your imagination and brain, take into account that not always will be somebody to tell you what to do. Do your own research

Ok thank you

is anybody there to help me

What do you need help with?

If you have a question, it's better to just ask the question, instead of asking a question to ask a question.

saw that, looks like a lot of hype generation for the moment

Looking for counsel/advice - i’m on month 7 of working as an appsec engineer. I’ve also been helping my boss with some forensic work which is actually way more fun and something i want to pursue. How would you recommend changing course - if at all. I have yet to see any forensic work come up in my day to day. What job positions would you go after? Would you stay working as a security engineer but shift specialty? Is the job growing in demand? Any cool projects to do?

Hi mate,
I would go for Incident Responder, you would still touch to technical stuff linked to your BG but it would add the forensic part to the job (at all level, network, system, timeline, etc.)

https://daylightcomputer.com/

If they've managed to get a 60hz eink paper display, I'd be super impressed.

Apart from the £500 price tag, really excited to see what this brings

wonder what tech they use

stylus looks like a standard EMR

eink is whacky to shadow

not seen a need to get any eink thingy to try and make things on

it's honestly really nice to read on

Needing some pc hardware help

What's the issue?

I sent it to dm so not keep soaking the same thing sorry

Please do not DM without permission.

You can ask your questions here.

Need help building a pc out of these parts for cybersecurity

Any help from anyone is appreciated the school wants these parts specifically in the pc

My DMs open to any builds to anyone who can help

The spec list is pretty standard for a business/workstation laptop

You can go to pretty much any vendor and spec something out that meets these requirements

Ik but which i7 should I use, which mother board. There’s many versions of i7s before I can find a a group of mother boards to pick I need to know which processor would last me a good few years before upgrading and which one will do a good job

you have to do a little thing that is call research 🙂

Thank you for the help

Gave +1 Rep to @summer verge (current: #82 - 77)

If this is for school you're going to want a laptop. You'll need to bring it to class and labs. Go look at the laptop spec tool on whichever vendor you want to purchase from and spec something out. As Rex said, you're going to need to do some research. It's your money, and you're going to need to make decisions.

I did do the research but it only made me more confuse for I don’t know the range each core can keep for till it’s time for an upgrade, they want a pc specifically as stated for some of the software running in the course will be heaven such as VMware and one course I’ll be taking soon has virtualization

This semester and probably next will be online only

It's not saying it needs to be those specifically. It's a recommended/bare minimum spec list

Again, all of this is pretty standard

Meaning you can get better hardware and be fine

@radiant jacinth Are you looking to build a tower yourself?

if you still have question is because the research is not finish 🙂 focus more on i7 vs i5 or intel vs amd more than every kind of i7, if you're using it for school I don't think that it would change that much, amount of ram it's also important

I went over that with the instructor already and they still denied the permission to use it

denied to use what?

After I get the computer built or bought (prefer build) It has to be brought to them to approve it for the course

You have to take the machine in to them?

Hence if that was the case I could’ve use another build I had from a year ago that used i5

Transporting a whole machine is complete hell.

Ik but Im caution with my electronics but if unable to travel they need a screenshot of the specs from the command prompt

It is, which is why I recommended a laptop instead. These requirements aren't that extreme

the question still stand i7 or amd equal, price can change there

What happens at the end of next semester, you attend in person?

I read prison 😂 I thought whattttt???

Out of which i7

One that is 3Ghz as per their requirements

Don't look at the numbers, look at the actual info

If they offer, if not virtual or hybrid but atleast I’ll have the pc and continue to work with

Don't care if it's an i7 1700k or an i712400f, is it 3 ghz? how many cores does it have? how does it perform with virtualisation?

So there is a non-zero chance that you will or will need to attend in person is what you're saying.

Yes

I’m just starting these courses I only know how to connect the pieces

OK, because of this, is it the best idea to purchase/build a desktop that cannot travel with you to and from class.

With these courses, you really need to show initiative. If you don't take the time to learn the content and go out of your way to research when you don't understand something, you start to massively fall behind. Be curious, be resilient and be proactive 🙂

I am but road block after road block to connect something only after weeks I barely understand that’s why I goto these discords for help and assistance

We have connected a lot of the dots, it's up to you to actually draw the line

Then I guess I just give up here and think of another route. Only understood a small portion of what was said but I’ll just search somewhere else and see if it’s any different

Only so much info gathering can go so far

As Jabba said, we gave you all the dots. It's up to you to connect them. I feel like I gave you a fairly solid starting point and solid logic as to why building something yourself is not ideal.

One of the benefits is building is cheaper considering the only reason I could afford to make one is loans unfortunately that’s also why I would want to keep it long term before upgrading

You won't need the newest parts, a common problem in computer building is everyone thinks they need the newest parts but last gen works just fine and it will last you years without needing to upgrade.

get a solid amount of ram and you'll be fine for years

It really depends and isn't always cheaper. Let me ask it this way, what are you going to do when you're asked to attend in person and need the machine in class if you've built a system? You can't bring a desktop and monitor to class. You're going to have to buy a second computer.

a framework laptop would be more upgradable

They are still expensive

Most of the classes ask us to have an external hard drive since the classes have donated computers and back up the data to a second or a flash drive

A used workstation laptop meets all of these specifications

you can't have everything in life 😂

amazon have refurbish laptops at good prices

At this point, you can do what you want. We have given you the tools to go forth and do good things.

be careful asking for help in this area. People will tell you to research and learn and figure it out for your self and completely forget that discord and forums and the like are also part of the internet. Asking on here or a forum is no different than asking google except you and ask follow up questions to stuff you don't understand.

some fields will bend over backwards to help teach you and others act as gate keepers and tell you to teach your self all you need is google sadly this field tend to fall in the latter.

I see Jabba replying, so I'm gonna leave this one and go to bed. Jabba you should sleep too, it's not worth it.

It's also like 3am for you

Could you point out where there was gatekeeping here? I would love to understand your perpective 🙂

I have an assignment in for 4pm GMT, staying up until it's done, unfortunately it's a very difficult assignment and they didn't give us much time to do it in (in relation to our other coursework).

I got what I need from everyone but still just drop it so no one fights or escalates things I already am starting to regret some things

Ah I see I see. Best of luck. What's the course?

I think it's important to hear all members of the community so that I can continue to improve it (i.e. changing rules with community feedback or looking at making the Discord overall much better). TryHackMe are trying to make learning cyber incredibly accessible so it would be upsetting if the community wasn't upholding TryHackMe's values too 🙂

It's just a generic computer science cybersecurity degree.
https://warwick.ac.uk/study/undergraduate/courses/bsc-cyber-security/

Unfortunately, they have removed the module listing from the website so I don't know what I can or can't say 😛

Ah, gotcha. If it's forensics or law I can probably point you in the right direction lol

Without breaking rules*

It's CICD, I spent the whole week setting up the software and docker, now I'm doing the write-up. It's just a lot of mental energy 🤣

Oh oof. Good luck and keep it away from me

Ahahah, trust me I don't want it either rofl

Only one section down and already at the word count 😁

Sorry I was meaning to say someone was specifically gate keeping. What I have noticed on many forums is that people forget about the absolute beginners. I believe that when someone puts themselves out there and asks for help when learning the worst answer you can give them is "do some research". If my kid asked their teacher for help because they didn't understand something and the teacher just said read the text book and figure it out I wouldn't very happy with them. That is what I call gate keeping. Not saying that it is happening here I was just saying that its something I have notice on the internet in this field.

I wasn't trying to point fingers at anyone.

Ah, no problem at all. Thank you for clearing that up!

I do agree with you that there is a lot of "go research" in this field. I am more of a fan of the "this is how to find what you are. looking for, go read it" method if something is widely available or documented 😁

Gave +1 Rep to @candid rain (current: #2083 - 1)

when in doubt, get thinkpad

CI/CD is fantastic

can u guys suggest what to use to remain anonymous when trying to attack a website? (educational purposes obviously so i can get some knowledge)

Seems a strange question for educational purposes...

Attacking a website that you don't own, and claiming it's educational, doesn't magically make it legal if that's what you're implying

😂

i think its better to ask here than forums on dnet

im curious how they stay hidden

There are ways, however I don't feel comfortable discussing with somebody who is new, as lot's of people just use this server to try and learn black hat material.

hmm maybe im not new and was just wondering on what would people say?

You been in the server for a four weeks, but nor much interaction.

idont use discord

i often get termed i just discovered this group when i saw tryhackme on reddit

Many times, they don't. It's impossible to be completely anonymous.

Please don't DM me without permission, have a look in #rules please

true

ok sorry man completely understandable

were on this type of shi so i get it 💀😂

@south inlet am i bugging or do u have no pfp

My pfp is a transparent image.

As you can see in light mode 🙂

jesus

oh, i was wondering this whole time why my buttons were all blue on discord then realised i had dark reader on

i dont normally use it from the site

sorry im stealing it, better than default

😂

It is better than the default

Do you know how?

i think i did it wrong lmao

wait no it's working

Yeah, you did.

wow quirky 😛

Brotha tryna be like scrubz 😨

I thought it was a “discord grey”image but yeah using a transparent image is way smarter

Yeah, change to light mode it you won't see it.

Blends in well with light mode, Midnight dark mode on mobile.

Strange question but yeah, is Debian usable on a laptop, I know it's incredibly stable but I hear people say the system breaks if u try to get newer packages or update

I don't want to be forced to use Ubuntu, an OS which forces me to use snaps

Imo very usable! I've used Debian as my daily driver for my laptop for roughly 5-6 years. The only thing was I had to enable non-free software for some wifi drivers iirc. I hadn't any issues with updating.

Im considering moving to debian from arch

I will dual boot once I get another SSD

I'd say as long as you're okay with not having the bleeding edge packages or rolling release, it's pretty good- although you can always try out the testing or unstable branches. Although, I've recently switched to NixOS myself since I wanted to run Hyprland

I think 2 yr old packages won't affect my daily workflow, I mean at least they are stable

Does Nix use gnome by default or hyprland

I think GNOME? I haven't run it with a full DE yet tbh

Can I DM you

tbh I'm not really open for DMs, but if you want to chat or ask me questions here I'm open to that!

Someone from Chhile ?

I don't think so, I've seen somebody from Argentina living in UK, but nobody from Chile

auuu that's sad

why?

nothing specific

I don't get it but OK 😂

hi, im doing LinPrivEscNFS having issue when i try to use command mount

gmount -o rw, vers=2 10.10.47.86:/tmp /tmp/mountme
mount: only root can use "--options" option

i went through all the write ups, they dont have this issue

if any of you know what issue let me know

the error message tells you what it wrong and how to solve it already.

#room-help

but it's too hard to read 😂

can someone help me with some aswwers?

#nmap room

you should go to#room-help also please don't post the same question in different channels, it won't get answers any faster, just would annoying people

Reading and understanding what you are reading are two different things.

why pay attention and try to figure it out what it says, if you can ask, people are so lazy nowadays

Ever heard the expression "can't see the forest through the trees"? They may have been working at things for a long time and just frustrated or just overlooked it. It happens. You are assuming that because they ask for help then they couldn't have first tried to figure it out for them selves. Nothing wrong with asking for help.

nothing wrong asking for help, but if you just post an error and don't tell anything else, what you tried, or any other clue, you come out as lazy. People nowadays see more than 3 lines and get automatically frustated 😂

In this day and age I find asking a question and having a conversation often times is a better use of time and I learn more than sifting through google search results and having to scan article that often times I either don't understand or are not quite what I am looking for. And you can't ask most web pages a question if you don't fully understand the information. I find conversations one of the best ways to fully understand something. That being said some people find researching and reading is how they learn best. 😅 What one person sees as lazy another sees as efficient.

Low effort questions get low effort responses. Cybersecurity requires you to be able to conduct research on your own, without outside help. Reading man pages, Google, etc etc is vital. If you do some research and don't understand what you are reading, the first step is to take a step back and see what knowledge gaps you have. Do some more reading to fill those gaps. If there's still a lack of understanding, coming with a well formated, informed, question showing what you did to solve it yourself is the most appropriate. If you show you're trying through the former, people will provide equal if not greater effort in their responses.

It also shows that you respect people's time.

my point exactly

I respectfully disagree. That is basically telling someone who is learning that they should teach them selves. You don't send your kid to school and tell them to teach themselves math. Asking questions on the internet is research it is just a much more efficient research. In fact I believe that is the entire point of some of these rooms in this discord server is to ask questions and help people.

it's more of a mind set, I understand what didyou means

sorry I hit a wrong key and posted that before I meant to haha

most simple questions can be answered using a little bit of searching and even looking up single terms if in doubt.

I agree it is a mind set but I believe it is a mind set that isn't caught up to modern times. Kind of like depending how old you are at some point you may have been told to look for your answer in an encyclopedia. Long gone are those days. Forums and discord servers are often a better source of information. It gives you slightly different perspectives or even just worded in a better way.

of course it's not wrong asking question, it's what you ask and the way you ask that some time is wrong. You don't ask how I do this, you research, and try a few thing and then ask, and say I did this and this and had this error, also I read these and didn't quiet understood this, etc.

you don't say help me and that's it

modern times wants to be told what to do though imo. attention span is decreasing and thus the will to spend time for longer tasks.

Really the only difference is you either as google and get a answer that someone typed at an earlier date and may not be exactly what you asked or you ask the question on a forum and the answer isn't prewritten and is specific to your question. Also it allows the person or persons answering the ask questions back and help to steer people in the right direction.

While that is true people are also becoming more efficient at things as well. Why spend hours hunting for information if you can get the same information in minutes. I only joined the tryhackme server when I had a question and couldn't get answers on right ups because my problem was a little different. Asking was a much better use of my limited time and far less frustrating. I am not in the field and this is all just for fun for me and to learn something new. I don't have hours to spend going down rabbit holes trying to find and answer. I imagine many other people may be in the same situation.

just my perspective I have to get going I hope everyone has a good night/day. I really enjoy hearing others perspectives😁

hello everyone, i can't connect to openvpn, im new here and can't troubleshot the issue

timur_cyber@Macbook:~/Downloads$ openvpn timurcyber.ovpn
2024-05-29 11:54:24 --cipher is not set. Previous OpenVPN version defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2024-05-29 11:54:24 OpenVPN 2.5.9 aarch64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 29 2023
2024-05-29 11:54:24 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
2024-05-29 11:54:24 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2024-05-29 11:54:24 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2024-05-29 11:54:24 TCP/UDP: Preserving recently used remote address: [AF_INET]18.202.168.160:1194
2024-05-29 11:54:24 Socket Buffers: R=[212992->212992] S=[212992->212992]
2024-05-29 11:54:24 UDP link local: (not bound)
2024-05-29 11:54:24 UDP link remote: [AF_INET]18.202.168.160:1194
2024-05-29 11:54:24 TLS: Initial packet from [AF_INET]18.202.168.160:1194, sid=2ec775ee 2ff77197
2024-05-29 11:54:24 VERIFY ERROR: depth=1, error=self-signed certificate in certificate chain: CN=ChangeMe, serial=425397202556807641543660048237946304772097879576
2024-05-29 11:54:24 OpenSSL: error:0A000086:SSL routines::certificate verify failed
2024-05-29 11:54:24 TLS_ERROR: BIO read tls_read_plaintext error
2024-05-29 11:54:24 TLS Error: TLS object -> incoming plaintext read error
2024-05-29 11:54:24 TLS Error: TLS handshake failed
2024-05-29 11:54:24 SIGUSR1[soft,tls-error] received, process restarting
2024-05-29 11:54:24 Restart pause, 5 second(s)

who can say, what's wrong with it?

regenerate your .ovpn file. I assume you generated it a long time ago.

i tried it 3-4 times, but it didn't helped, tried to ask chatGPT but no results

#site-support please.

Hi, don't advertise those sort of things, or ask other members to look for any.

This is illegal.

thank you i found the solution

Gave +1 Rep to @rugged frigate (current: #123 - 53)

Did anyone take ISC2 CC certification? If YES, On a scale of 1-10, how hard it is for a beginner who completed THM Intro to Cybersecurity and Pre-sec and some related to ISC2 CC videos.

I haven't bothered to take the exam but I looked at the course. It's very basic, non-technical and has little overlap with THM. It's more aimed at the management side of things, but at a low level compared to other ISC2 certs.

In other words: A person intelligent enough to figure out THM rooms has all it takes to pass ISC2 CC. Then it's just a matter of putting in the study huors.

Oh okay! Im gonna take it tommorrow so checking if anyone has idea on it.

Good luck. Did you go through the ISC2 course? Without that it's gonna be tough.

Yes, I do! It looks easy lil bit to me but never know till i get certified on it! Lol

Good luck!

and Thanks much @cloud zinc

Gave +1 Rep to @cloud zinc (current: #191 - 32)

quiet in here

I thought the name of the channel was a give away, apparently not 😉

can someone help me with this question

I might not adding the right format

Which TCP ping scan does not require a privileged account?

is this for homework?

yes

Nmap Live Host Discovery

we don't help with homework it's against server rules

room-help?

if it's a room you can go to #room-help if it's homework from uni or work we can't help you

Is this school work?

Yes, it's why I didn't ask in room help I guess

Sorry, we don't help with school/college/uni or work related support.

That would be cheating.

Ok no problem

Thank you for understanding 😄

Ofc thanks

😵‍💫

Hello guys! What certifications do I need to start work as SOC Analyst??? 🤔🤔🤔

L1, usually there would be none as the job postings I usually see for those is entry level or if youre transitioning from a different IT position, BTL1, Sec+, and CCD are good.

I always read BTL as BLT

Thank you very much!!!

Gave +1 Rep to @fathom panther (current: #22 - 375)

my VPN it not working in my machi

─$ sudo nmap -sV 10.2.14.61
[sudo] password for kali:
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-05-31 19:21 EDT
Nmap scan report for 10.2.14.61
Host is up (0.000012s latency).
All 1000 scanned ports on 10.2.14.61 are in ignored states.
Not shown: 1000 closed tcp ports (reset)

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .

https://github.com/miracleaxax/3num

hello, in linpeas can i add some custom key word to be highlighted in output ?

or just searching it in the outputted text file

Typically you would just grep or awk for lines containing your match term

okay thanks, i was wondering if there is a flag in the args

Gave +1 Rep to @spark sun (current: #10 - 752)

Don't think so, but the script isn't compiled so it shouldn't be too hard to check

yes

i can even add a line in the script

Open a pr, might be interesting to others

i'll try thx

good morning

very carefully

in slowmode

whoa, slow down there, Bob

ˢʰʰʰʰ

Looking to move soon, my best internet option might be Starlink, anyone have reviews for remote work/THM experience?

Not me specifically but a buddy of mine has it and he hasnt had any issues

There are some beginner paths you could follow on THM. See this message for a recommended order: #general message

Yeah thats a good one

Nah, not really needed. Python or something is always handy but not needed.

But id still recommend to learn it :p

Thats a hard question... Tryhackme has some rooms... I like https://codecademy.com too

No problem. Good luck :)

I’m usually a fan of free resources, but tbh codecademy is really good

I know I'm late on this, but following along to NetworkChuck's python course on YouTube is also a great source! He's really engaging and teaches it very well (he also does more videos on hacking and cybersecurity in general, so you should definitely check him out)

@hidden jackal

FYI all deleted messages are recorded, and this is a PG13 server.

You know he is not liked by much cyber security professionals right? :p

If anyone you would prefer to

Gave +1 Rep to @silver apex (current: #2089 - 1)

Yeah you're right, but he is a good place to start

not a fan too much marketing, sales, and splash and not enough info, the old videos were OK

check https://www.codewars.com/ it's fan and you learn too

Hello, I was wondering how to claim a CVE ?

its my first cve 😄

@reef glade how about going to MITRE and doing the same

well, kudos bud for the first CVE

Nice...congrats!

Thanks, I heard about it but never used it. I’m not that good at programming, but doing some leetcode to brush up on data structures and algorithms hahaha

Gave +1 Rep to @summer verge (current: #77 - 80)

Was this part of a bug bounty, or similar, and have you conducted a responsible disclosure to the affected organization(s)?

you can skip all the premium rooms and still get a decent understanding

or you could follow this image instead:

No all of them should be free... Some few rare ones might have become premium

Gave +1 Rep to @soft pier (current: #4 - 1769)

This image is indeed helpful.

Hi everyone did you see this playlist https://www.youtube.com/watch?v=ROO2pDPgja4&list=PLCD3FoP0vxE4FI5dvdLnx-ky8sitsIgOB&ab_channel=DarkSec

Dark used to be the community manager for TryHackMe

Why isn't he today?

Dark left, I think he moved to HackTheBox.

This was years ago

Well, not left, more moved on?

interesting i didn't know about HackTheBox

any reasons why?

He just wanted to move I guess?

he won't be creating any new THM rooms now 😦 ; his rooms were great

I can't remember the last time Dark created/uploaded a room...

Don't worry, the current content creators THM have are great, not to mention the community members.

yeah

I am not sure if i can say that here but he have his own server

I'm not surprised tbh 😄

all of that for free?

. @neon dirge

hi

Trying to have a quiet conversation here.

Can't hear you

it is really quiet in here. I'm having to whisper (cue whispering sounds)

v'z juvfcrevat va ebg13! (rot13 is not allowed, nvm)

Hello, this is English only server. 🙂

For moderation purposes, this included encrypted messages.

alright

Now is rot13 really encryption is another question, but yeah if we have to work to understand what you're saying it's going to be an issue

What are arguments for rot13 not being an encryption?

It is? It's just that it's a super weak form of encryption.

that's what I figured.

Hello quick question
I want to create two separate networks on one router
I want to put my CCTV and some devices in a network( like the settings of the router itself), and other devices, such as my friends devices, in another network, for security purpose.
I have an option on my router called Guest WIFI. I understand what it's about, making VLANs.
But I want to know how much security this provides. Is it possible in any way that a device from a different VLAN can connect to another device from another VLAN? (lets say even Discover device's IP of a separat VLAN)

There is something called VLAN hopping so it is possible but probably hard to excecute when you are not a high profile target, i would buy a proper switch layer 3 that you can configure. I dont know how trustworthy and reliable the functions of your router are

I see, thank you

May If i would buy a switch L3, I think i should buy also a wireless access point, so the devices can connect wirelessly like phones

may This makes it a little expensive

probably won't be feasible with consumer networking gear

Your welcome,I would look for a smart managed switch like netgears( or an TP Link TL-SG105PE) if u want an easier config because its over web access/browser, unless you want to really config it on the cli then there are some cheap layer 3 switches from FS and a wireless access point i would try to get TP-Link EAP115 N300 ( then look that the layer 3 switch has some power over ethernet then it can power the wireless access point without that you need an additional power supply ( i would look for IEEE-802.3 af/at that supports around 65 watt that is mostly enough for all wireless access points that support PoE))

I guess in total it could be when u get the TP-Link TL-SG105PE and the TP-Link EAP115 N300 around 100 dollar/euro depending where u from,maybe a bit more

Thank you very much

Gave +1 Rep to @timid isle (current: #2092 - 1)

I see

let's keep those in the koth channels, please

Does anyone have experience with parallels on Mac?
The software to run W11 or linux on mac as application/vm.

Especially compared with VMware fusion?

Can't get Vmware pro?

Nah, just curious how it works and peoples experiences

Parallels is amazing. It massively out performs VMware fusion both in performance and just ease of use.

I personally wouldn’t pay for it but if you have the money I would recommend it

Interesting, thank you!

a

https://tryhackme.com/games/koth/join/d566593e1683615de7291de2

so switching to linux mint today

was going with rhel, Roxy in particular but i just idk i like to use it for my servers not my workstation i mean i could but idk
trying something different
i used rhel, gentoo, ubuntu, debian, arch ect ect but never mint.

what sets Mint apart from Ubuntu other than the DE?

i just wanted the DE.
it doesn’t matter anymore
i can’t switch because i can’t use dual gpus

i was going to use kvm passthrough since i need windows

Your welcome 🙂

Gave 1 Rep to hjkkolp_11153 (current: #2094 - 1)

Goooooood morning! ☕️

good morning y'all

Watcha all up to?

when and why all tryhackme machines now started to have only 1 hour for use and not 2?

Subscribers get 2 hours base time on machines, you can add 1 hour to target machines.

Free users are assigned either 60 mins rolling time, or one boot up a day.

It's one bootup a day, bit misleading when it says "60 mins per day" but doesn't work if u shut it down after 15 mins or so and then boot it up again

our developer is active

It explains the maximum allowance for free vs. unlimited allowance when subscribed. 🙂

For the attackbox

did I get money back if I cancel subscription of THM?

Is it monthly or annual?

monthly

Afaik No, they don't provide refunds for their monthly.

no problem

Yup yup 🤙🤙

Trying to pop by here each day when I got to thm

Please let me know if this isn't the right place to ask but, I want to do a little challenge for myself. I've never owned minecraft but used to watch people play it all the time and last year I downloaded it for the PC but realized I needed to make a microsoft account to log in. Im not a fan of game launchers and DEFINITELY not a fan of making email connected accounts for games just to play them on PC (can you tell my age, yet?). So I'd love to try to figure out a way to play the game without making an microsoft email address and use say... a burner one or bypass it alltogether. I have absolutely no good reason to do any of this. I just think it seems like a fun way to challenge myself so I want to see if anyone has been able to do this.

I'd say a burner one is the way to go. There should be other things you could challenge yourself with, like tryhackme.com

I've completed all the paths I've needed to do for my job and doing others for fun but I need something different 🙂

but thank you for confirming

Oh.. if you're done with the paths, maybe have a look at HTB Academy as well as I've been reading lots of good reviews about it.

Hackthebox? I think I did try them a few years ago but I went with HTS instead

You know there's more than just the paths

Yeah, my bad, that's why I stopped replying.

You’d still be legally required to pay for it.

Pretty sure there's a java version of Minecraft, don't know how maintained it is since Microsoft bought it

Yes, when you buy Minecraft you get both Java and Bedrock edition.

Hello everyone
I want to become a security researcher
i search regarding security researcher on the google it says basics things like reverse engineering, bachelor degree, blah blah
can anyone in the server guide me how i become security researcher or any course

Security research is a broad field. One example is malware researchers: they dissect and analyze novel malware to find IoCs, reverse engineer the attack, and understand how it works essentially. Another is cyber threat intelligence research where you track threat actors, understand their organization structure, find out their common TTPs, infrastructure, etc.

Pick out a field you like (e.g., application security) and build the required core competencies on it. After that, you can look at how you can start your research. It can be looking for vulnerabilities or how to improve the current security.

Java is still updated

For now

Thats not possible. You have to connect it with a Microsoft account

Dont you need a microsoft acount to even download it?

I believe so

Everything was integrated a couple of months ago

No, I was able to download it without an account. Just can't log in without an account

plz dm me for anyone interested in linux system programming

We've got the #programming channel if you want to talk about programming.

well most of the time i get ignored haha

I see you posted once. It may be better if you ask a more pointed question? As in what specifically are you running into that's giving you trouble, vs the whole thing or this whole component is overwhelming.

i did ask a specific one yesterday about the pwn101 room

I was talking about your message in #programming

hai all!! whats up

Hello

canadian or scandi?

Neither?

If you're asking where I am from

yea. cas of the moose!! wait they exist in US too? think I seen one in colorado

Yes, A. Alces Americana and A. Alces Gigas are in the US

Not sure which moose species is in Colorado

oh

yea.. might have been utah but all the same lmao

you big into nature or just Alces?

I like nature

The moose out in the west may be Alces Alces Shirasi

vs Alces Alces Andersoni which are in/closer to Canada rockies

cool cool. I like corvids 🙂 hoping to see a bluejay some day

If i wanna make Videos of me doing the Paths, should i hide the Flags?

Up to you, to be honest.

I've seen videos where they have the flags, I still do all the steps I have to do, and problem solve it when I get stuck or something goes south.

But I ultimately use the spoiler only when I get stuck for hours or days, due to technical issues.

I redact all answer in my write-ups. I'm not producing answers dumps. Should I start doing videos I'm gonna redact at least the main flags of a room.

If it's a CTF with just two flags I would hide both, personally.

Hello I'm having a challenge , im new to to The cyber world and would love to be helped , my karl linux 2024.2 virtual box Amd64 is inaccessible, please help me out

Any help I'd really appreciate

How did you install your kali linux VM?

i followed all. steps on YouTube ..

Could you elaborate a bit more on as to what exactly your issue is? For example, is the VM not showing the distro? Is it not allowing you to run it? Is it crashing?

and even my karl Linux ain't opening yet my virtualization is on

i wish i could share my an image so that someone helps me out

can i dm and show you the issue sir ?

I'm not sure if this topic suits this channel, but you'll need to verify your account to post screenshots / pictures.

@sleek yew

Yes

Just out of curiosity, what topics WOULD fall under "qiuet conversation"?

In the description, it says relaxed and quiet. So I'm not certain myself. I just don't see troubleshooting topics being discussed here. Maybe in the #infosec-general channel?

This channel is for people who which to talk, but can find #general overwhelming due how to fast it can go

Is there a monitoring app that doesn’t need access to the target phone ?

What are you trying to do with it?

I'm pretty sure it's just a channel for not writing in caps. No shouting

Well, you'd be wrong...

Okay I'm gonna stop trying to make jokes in general in this discord. I think it's fallen flat everytime

There is a time and place for jokes, this wasn't it...

aight...

Especially place😂😛

hi ya'll

Hey unfortunately we don’t help with schoolwork here.

Is it necessary to learn C/C++ if u want to get a cybersecurity job, and is it actually beneficial to know it

It's not necessary for most jobs, it's a hard requirement for some jobs. It's very beneficial to learn C as it teaches you how computers work at a low (albeit not the lowest) level, which languages like python or JavaScript don't.

Is c better than c++ then?

To learn how computers work at a lower level than modern languages: Yes. C++ is hugely complex and none of what it offers is needed for that purpose.

are we allowed to work on new rooms in teams (pairs) or does that fall under no hints allowed?

How come my pc goes to sleep yet when I turn it on either through keyboard or mouse it wakes up without the screens waking up

It's absolutely necessary and vitally essential for certain things like reverse engineering and exploit development. If you don't want to go that route then it's not applicable to you. If you do go that route you'll need to learn computer science, like understand the stack, heap, call stack, pointers, buffers, and how memory and registers work at a machine hardware level. Essentially, you're controlling hardware through voltage modification, and you need to understand how the machine is built and how it functions, how it processes data and stores it in memory.

can you put the ssl data into intruder of burpsuite

Alr thanks 🙏

Gave +1 Rep to @cloud zinc (current: #54 - 129)

My uni isn't teaching c/c++ to my class atm (they probably should) so I decided to self learn it

For those purposes would only C be enough? Or is it necessary to get good at OOP in c++

Would some knowledge of OOP in c++ be beneficial for stuff like secure coding?

https://nedbatchelder.com/blog/202401/you_probably_dont_need_to_learn_c.html
What do you think about this blog post?

In the 2nd paragraph a lot of points that I never thought of a reason to get exposed to C. Like performance. Strawmen imo.

Then

C can teach you useful things, like how memory is a huge array of bytes, but you can also learn that without writing C programs. People say, C teaches you about memory allocation. Yes it does, but you can learn what that means as a concept without learning a programming language.

That's not an argument against learning those concepts with the language that is still the foundation of a lot of the stuff we use every day. Like the Linux kernel or the Python runtime.

And besides, what will Python or Ruby developers do with that knowledge other than appreciate that their languages do that work for them and they no longer have to think about it

In my opinion that alone is reason enough to learn it, to be aware of that. Knowing that there's more and at least roughly what, without going even deeper to assembly. Seems like a good balance to me.

"What are you gonna do with that knowledge" is something I hear from people studying at university who should have gone for trade school instead. Some people value deeper understanding others care more about application, that's ok.

Pointers came up a lot in the Mastodon replies. Pointers underpin concepts in higher-level languages, but you can explain those concepts as references instead, and skip pointer arithmetic, aliasing, and null pointers completely.

Again: maybe you can teach that without C, but why bother. C is almost everywhere under the surface, it's not rocket science, it teaches exactly these things in a somewhat practical manner. So what's the argument to skip it and learn about those ideas with Powerpoint slides, instead of implementing them in code yourself. People tend to learn best building and breaking stuff.

C has about 30 keywords. It's really easy to learn and play around with. Nobody was ever talking about writing large, safe, optimized applications in this context.

TLTR: Pointless blog post imo. But ultimately personal choice.

Interesting, appreciate your time - I don't know any C, so can't formulate an opinion on it but its interesting to see the perspectives of different people on this matter

C is vulnerability appreciation 😄

I’m tired of this: “You have to learn C so you can understand how a computer really works.”

vs.

https://www.youtube.com/watch?v=CYvJPra7Ebk

I would not pay any mind to anyone who downplays the importance of the relationship between C language and computer science

well C has come very very far

still there is a lot of instances where other choices then C makes sense for programming

You don' really have to learn c cause it's the only choice what I did was that i first learnt a little of C after getting a good idea of everything and why the syntax is how it is I switched to python now I make gui, web backed and network stuff in python

well we started with c++ in school and then moved into microsoft java.... then shadow made their final project in openjava

though technically shadow had used oracle and open java ton before that to make minceraft mods

we started with pascal 😑

Even Ghidra or IDA pro will decompile everything into C and not C++ or anything else. You take a go binary and reverse it and you will see code in C. It's useful to know C and C++ among other system level lower languages for that career path. The ASM instructions are widely understood across most platforms in the C compiler design so it is easier to reverse them to C instead of anything else.

Otherwise, C/C++ are not that important at all in Cybersecurity. You need to know basic scripting to automate your workflow and that's it in most cybersecurity. If you're going for SAST/DAST, and code auditing, you need to be an already established software engineer.

Only a few career paths in Cybersecurity require knowledge of software engineering and/or programming.

For example this is how I reverse engineer Diablo 2

As you can see, the offset for that function in Ghidra is in decompiled C, however the original source code was in C++

Once you figure out what's going on in C, you can modify the ASM. This is just one example of reverse engineering requiring C. I can open up a malware which was written in Golang, and you again will see only C code in Ghidra or IDA Pro decompilers.

Furthermore for binary exploit development, you need to know C so you can quickly write exploits. Exploits basically automate the steps you manually take. So exploit is just a small program/script that runs the steps you need to take in order to escalate priv or whatever else.

You can do it in other languages, but sometimes you need to actually compile and run the exploit and it can't be done from a scripting engine like python or perl.

https://www.blizzard.com/en-gb/legal/28d5ebbf-c245-4408-8ba9-043dd5f056bf/legal-faq#:~:text=You also agree that you will not alter%2C disassemble%2C decompile%2C reverse engineer or otherwise modify the Downloaded Content.

You're breaking their terms

So that's not applicable. Code editing is 100% allowed by Blizzard. This has been fully established for the past 20 years in the Diablo 2 modding community.

https://github.com/ThePhrozenKeep/D2MOO

Reverse engineering is 100% legal because no original code is ever used.

The day Blizzard says that we can no longer mod Diablo 2 internals and engine etc etc. is the day I leave the Diablo 2 modding forever.

But it's been 20+ years and they only care about battle.net/hacks/online stuff. They don't care what you do in Single player offline.

I remember in 2005 Blizzard won in court that programmers don't have the right to reverse-eningineer their games.

Source.

https://www.cnet.com/tech/tech-industry/blizzard-wins-lawsuit-on-video-game-hacking/

Hacking is not the same as modding.

You asked for a source, you got it.

nobody has the right to RE their games.

Did you read it?

Yes.

I specifically addressed that already.

A federal appeals court has ruled that computer programmers do not have the right to reverse-engineer Blizzard Entertainment's video games to improve their playability.

The parties in that case purposefully reverse engineered diablo 2 BATTLE NET TCP protocols. Not single player game.

I also remember it because I used to do it...

The defendants in the case, Ross Combs and Rob Crittenden, reverse-engineered the Blizzard protocol using tools like "tcpdump" to listen to the software's communications with a game server. Eventually, their "bnetd" project let Blizzard games connect with unofficial servers, yielding benefits like faster response times.

Again, that's network stuff. Highly illegal.

Single player is actually encouraged by Blizzard. They have released OFFICIAL modding guides for players even. Google it.

I am here to protect the Discord server and it's members.
Their legal FAQ says no reverse engineering, and you are using a RE tool on the game.

Unless you can get a written statement from Blizzard Entertainment saying that you can do it, it's not allowed here @granite parrot 🙂

Sure np. I am not trying to discuss it here. I was just giving an example anyway. Furthermore in the screenshot, the Ghidra is reversing the source code from D2MOO, and not Diablo 2. It's nothing to do with the Blizzard game code.

No problem, thank you for understanding :)

You're welcome.

Terms which exclusively apply to those who agreed to them. Under the condition that they are legal in the individual's jurisdiction. I understand mods rather being safe than sorry, but in general companies writing things in their T&C means nothing until proven otherwise.

You should know that unless you have explicit permission to mess with something, you shouldn't do it 😉

That's a different discussion, one about ethics.

You pointed out their terms from their "legal faq". I am not legally bound to whatever blizzard writes in any of their documenrs as I have never entered a contract with blizzard agreeing to any of it. I don't know about HCB of course.

In my jurisdiction I don't need explicit permission to do with my property whatever I choose to do with it. Publishing the results of such actions is yet another topic.

They play their games, they would have entered their key thus agreeing to their EULA.

My message was meant as a general statement since I have to object to the idea of everything a company writing in whatever document being applicable and enforcable to people who have not agreed to it. That's what companies bet on.
In the special case here the "legal FAQ" that was quoted explicitely applies to downloaded content from blizzard.com. Given that DIablo 2 is 24 years old there's a high chance at least this specific source isn't even meant to be applicable here.

The real deeper point was that knowing C for this path is important as RE is done in C for most practical and pragmatic reasons. Golang, C++, Rust, all decompile to C in Ghidra/IDA Pro

Can you recommend a YouTube channel on the general topic of RE?

hi all

I generally learn best with reading and I don't know youtube channels about that.

If you plan on doing binary exploitation, reverse engineering, working with legacy C code, kernel development/exploitation, firmware development/exploitation, or writing C bindings to C libraries in higher-level languages, then yes knowing C is useful. However, if you're planning on exclusively doing web security/development or using high-level languages like Python, Ruby, JavaScript, Go, Rust, Zig, Crystal, Nim, then it might not be necessary to learn C.

Hey guys, just have some questions, I find that I struggle with exploiting websites, is there any good resources online to learn all the owasp top 10 attacks and how to effectively find them and exploit them, like XSS, LFI, etc etc. Also what certs in the web applicaiton pen testing world are good? thank you

There's several thm rooms on owasp top 10

ho all

I’m shooting for the PJPT and then the OSCP. The OCSP is the most recognized I believe, but it’s difficult. As for good resources, keep at it with TryHackMe and if you can I recommend even some HackTheBox.

Like cyberterms said, the owasp rooms on THM are great in my experience. I did some of them fairly recently and felt like I learned a ton

dont waste your time on the PJPT imo

is there 101 for tryhackme.. just wondering where to go from here. I'm in the easyCTF room.

https://portswigger.net

#start-here to understand tryhackme

is there a dev room?

Dev in what sense? There's DevSecOps

ty. very unfamiliar with discord^^

no just general. got two ways to write something and I dislike both so was gonna ask for opinions^^

Thats from THM

oh lmao

There's #programming

sooo my friend fell for a fake game hack, and basically the game installs a node js server and sends all your browser passwords and tokens i am still unclear about how its doing it, can I get some generals direction towards how I can dissect this malware?

Malware is for advanced chat only, as it's not a beginer level skill, and the fact you don't know where to start is probably a good clue that you probably shouldn't.

I not really a.. cyber sec specialist but I do know how backends work, this thing has harmed 9k people so far, steals google accounts, session tokens and passwords there's not much i can do rn so the more i know the better ig and I fair certain that the virus isn't a binary and the source code might also be shipped with that, although i can't do much... is there a white hat hacker forum where i can post the malware so the knights can retaliate?

Not that I know of.

so there's nothing I can do to prevent this?

Hacking back/retaliation is illegal in most jurisdictions.

hmm i didn't really mean retaliation in that manner, I meant getting them to face the legal actions because I don't know what will result in them facing the legal actions

More promising would be sharing the word what that malware does and which servers it connects to so people can configure filters to stop it on their networks. But if you're not an established name chances are nobody takes you seriously enough to act on your report.

Report to law enforcement. Amateurs getting involved in the investigation has actually caused charges to be dropped, as the investigation and information gained from the amatuers can become "poisoned" and unusable.

alright I agree with both, for the second comment the ip comes from istanbul because that's what google reported the hacker tried to login from, so what are the chances that it happened behind a series of proxy chains

if i really do report it to istanbul cyb dept and there's no hacker there at all..

You report it to your country's police

hmmmmmm-

Not some other country

alright..

does anyone want the link to that infected game by any chance?

No

Absolutely not.

lol ok

@tacit quarry ^

you know i didn't mean it that way

just what I was looking for - thanks 😄

Gave +1 Rep to @twin ridge (current: #12 - 578)

shouldnt rely much on the IP it could be a vpn, proxy server etc

@odd acorn

whats this rep thing

The more rep(utation) points you get the... well the more you have. Doesn't really do anything.

oh

If you reply someone and thank them they get rep. Thanks!

Gave +1 Rep to @supple galleon (current: #2102 - 1)

Thanks for telling me!

Gave +1 Rep to @cloud zinc (current: #50 - 146)

So I got 146 rep and i'm on 50th place on the server

quiet conversation

quieeeeet

whispering

shhh

thats too loud

lol jkjk

There seems to be no counterpart to YELLING in text communication.

You know that rep is totally useless, yes?

#quiet-conversation message

Just making sure

there is: WLALALALALALYOYOISHOUT

also, it seems like, to thm mods, loud conversation isn't yelling, its sending more than 1 message in 10 seconds

Any opinions on VMware

workstation is in an alright state right now but when something goes wrong, their support are beyond useless (even if it's a business license)

and afaik Fusion still doesn't have ARM support (?)

many the menu is full of them 😂

This is a more relaxed version of general with enforced slowmode. General can be really hectic, which I know can overwhelm people. This channel is for the quieter, slower-paced conversations

Muiri 2020

i use vmware fusion, community edition. I find it too be much faster than vbox, with a better ui. Also, to run vbox moues commands, you hold control, as opposed to command-control. As you can probably tell, one is better than the other.

Why not pro?

Broadcom did release Workstation Pro for free for home use.

im broke

so i use vmware fusion

idk whether its communty edition or personal license

Vmware pro is free.

From broadcom

AFAIK vmware fusion was discontinued

I would be surprised - Fusion is for Mac, and they say it's still supported

The fusion player is being discontinued, Fusion Pro is still being supported.

This goes for Workstation player also.

Since fusion and workstation pro are now free.

Do I get anything if THM publish my room that is free?

The Eternal Glory.™️

🇸 🇰 🇮 🇧 🇮 🇩 🇮

no

quality anime-style wallpapers?

I mean, we could get stickers 😛

Diablo II was the game with open sourced lua code right?

That was Hades II nevermind

discussion above makes more sense now

well there are more games that use lua as a scripting interface that handles a lot of the modding potential

Especially Roblox

dom dom yes yes?

quiet conversation

is anyone alive

discord has became worst then ever updates literally degraded them a ton

it's always been kinda bad.

guys i dont understand who is the hacker knowned as 4chan

4chan is a website

its a meme

Hello guys !! Someone is skilled in CTFs ?

Are u talking about catch the flag

Yeah

I need a tool to automatize the scripting

Wdym?

Can u be more specific

Smt like team CTF, every team has 4 services to keep up (the same for everyone), and every service has 2 vulns. The purpose is to find the vulns, patch my own code and write a code to retrieve the flag found through the vulns of the others

I need automation because the flag retrieved exploiting the vulns changes every 2 minutes or so

I know that i can just write a code in python with pwn to connect to the servers and with time or crontabs launching the code every 2 minutes, but maybe it exists some tools with an interface that tells me if the retrieving is successful

Idk it's very specific, it's just time saving

It would be good also a good template if i'm forced to write the code

@south inlet

how can ı fix sqlmap is outdated

update it?

i tried

which version do you have?

Can I share my new startup social links?

We'd prefer if you engaged with the community for a longer period of time, before dropping any self advetising links.

last one

Can you tell me which?

You're going to need to provide information if you are looking for assistance. We cannot see your computer screen. I'd recommend that you verify to be able to provide screenshots. I've listed a couple of questions below:

1. What are you doing?
2. Is this mysql part of another piece of software?
3. What version are you currently running?

@fickle jolt Don't post ip's in chat please.

Hi everyone, I'm new to this world and just starting out. I'm eager to expand my knowledge and improve my skills. Could someone recommend some books to me? I'm already following the learning paths on TryHackMe and practicing; I'm nearly finished with the beginner path, so I have a basic understanding but still have much to learn.

There are some books in #bookclub

hi guys could someone help me with web fundamental part 1 user Accounts, Profiles, and Permissions question What is the account description i am stuck if somebody could tell me the ans i will be really thankfull

#room-help

yeah but it was no help

That it's the correct place for assistance

You only posted in the channel 2 minutes ago. You have to remember everyone is a volunteer here. Assistance will be provided when someone is able and available to assist.

yeah i know and i am waiting for someone to answer thanks for your help tho

OK, spamming across channels isn't going to get you help faster

hi

found this video which I think it exgaratting

https://www.youtube.com/watch?v=Hi7JMTojT-4

Interesting watch.

to be honest it BS

those device won't prevent ISP from tracing the router

Well if he's not using their router, it will. Sure they'll still be able to see his traffic but they wont have access to his CPE

Anybody have VirtualBox installed on there Mac M1/M2 Pro, or am i still beneficial with UTM?

How does anyone have a quiet conversation?

very quietly

VMWare Fusion Pro is free

guys, can you help me with understanding what, say, connection to a server is in those rooms? say, i have a target machine, i scan for an ftp port, i find an open one. then i write ftp@<target ip>, and where do i end up? where am i connected to? where is physically the ftp server? i just can't comprehend it. sorry if dumb question

Your in the File Transfer Protocol

I wonder whare you would be physically aswell

If you write ftp@ip nothing is going to happen

I just think of the ftp as virutal more than anything

It will error out as that is not the correct command to initiate a connection. As far as where you are connected to, you're connected to the machine at the IP address through the File Transfer Protocol.

ftp [ip] will move me to a shell with 'ftp>' to write commands (well, so it happened in the room). so im still 'inside' the target machine?

Yes, you need the space between ftp and the IP. @ prior to an IP, depending, can tell the service to log you in as a specific user.

You're accessing a resource on the target machine, yes. Configuration of said resource dictates how much access you get once connected though.

so basically, in layman's terms, i connect to where the files are stored and shared on a target machine?

Where the files FTP has access to are stored

oh i see

It doesn't necessarily mean all files on the machine

I'd recommend reading the manpage/manual for FTP

Lots of good info

yea sure. the room also walked me thru finding a login and pass for a user entry. does a user in this case mean, for example, an account on your, say, windows computer? like when you start it and choose who to enter by. is it that user that i would be connected as?

say. i have two windows profiles, for Max and for Sally. when you boot windows, you gotta choose which profile to enter. is it the profile i get when 'ftp Sally@ip'? just trying to figure out if the user notion in this case goes beyond ftp

or profiles and users could be two different things on the same machine? in this specific ftp connection case

Let's make this a learning activity. I want you to take that question and conduct some research, use Google, Linux man pages, etc. Break out your paragraphs into the individual questions you want answered, use your desired method of searching, write down what you find about each of your questions, and then come report what you've found.

The process of researching and writing is proven to assist with memory, over someone just telling you.

i just don't understand what and where that thing is that i connect to when i type 'ftp [ip]' and it shows me some of the target's files. i've found an ftp server can be installed locally, i've seen some on the two types of connection and two channels - for commands and for files themselves - but how am i able to see (some of) the target's files just by typing 'ftp [ip]'. how are we interconnected from the beginning is what troubles me

You're on the same network

Or the ftp server is setup in a way that allows connections from the internet

Have you done #pre-security-legacy-path?

nope. still on complete beginner

network services room

So pre-security is the precursor, I'd recommend going and doing that path

#general message

Here's the recommended order

ookay, thank you. i jumped ahead with this one, according to the order, then. the structure and explanation is very merciful on the website, so i will follow the order, then

thank you for your time. appreciated

what you mean CPE?

CPE is customer premise equipment. So basically the equipment that he's using rather than the ISPs. They wont have remote access to it, especially with TR-069 but they'll still be able to tell what type of equipment he's using based on MAC and will def be able to see the traffic, just wont be able to log into his personal equipment.

interesting but SFP GPON module suggestion from the youtube guy help him from ISP watching his traffic

Ya they'll still have access to see the traffic, it just wont let them have a backdoor into it

to prevent ISP from tracing my only suggestion using VPN

which is the only solution to prevent ISP to trace your activity

I was able to install parallels desktop for mac

How can I hack a game server

This is illegal, we don't discuss/teach it on this server

Got it

Hey, im trying to decide on either buying THM or HTB subscription... any help?

Choose whichever one you want. Each service has its differences, but you're the one that needs to make the decision.

Can i ask what you use and why?

Ive seen reasons for both sides but im still having a hard time deciding

Have you try any of them?

We don't really do the comparison thing here. There are differences, but those differences and the choices are dependent on the end user.

Ive been using THM up until i hit a point where i need premium

Alright, well, thanks for the insight

Gave +1 Rep to @tawdry dove (current: #17 - 424)

Hi
I have an old computer that has an RJ 11 port
Can I connect it to the phone socket directly or do I need a dial up modem, and do I need an additional subscription from the ISP, I dont have any idea how this work!
By the way, because this is old, I did not find much on the Internet. What are the other uses for the RJ 11 port of an old laptop?

I highly doubt you can get this service from an ISP though... it's quite old.

Yes, Me too

thanks Birb

I can still hear the noises...

The song of our people. That and the heads-up in the computer speakers that we're about to get a text message on our phones.

even if you found a provider that still offers dialup and assuming the RJ11 port on the back of your PC is a built in dialup modem I don't think todays webpages could load on 56kb/s internet haha.

Heres a blog post from 12 years ago with average loadtimes for popular websites back then, cant imagine its gotten better

https://www.pingdom.com/blog/loading-todays-sites-over-dialup/

thank you for this information Nod

Gave +1 Rep to @ruby yacht (current: #640 - 6)

Got it

That's still a thing no?

I haven't heard it in 20 years at least.. maybe?

@maiden nexus can you please stop, please allow mod/admin to deal with it.

Sorry I just don't understand those people

I'm just saying it's not his first time

I just think of the ftp as virutal more than anything

haven't had actual speakers in a while, but have heard the bip bip bip bzzzzt about 10 years ago

that was a classic, you knew that a call or a sms was coming even before the mobile started ringing 😂

QQ, anyone here ever published a CVE?

yeah I did

Okay I found the answer to my question on Mitre's website eventually

oh ok

There are no URLs in that message.

Guys do you know what does ernpl stands for

I cant find an answer to it

that was a classic, you knew that a call or a sms was coming even before the mobile started ringing

Here's the recommended order

There are no URLs in that message.

You ok?

😂

HI
I have a small project for home
I want to turn my old computer into a cloud storage server
I'am going to download Nextcloud because I found it to be the most popular on the internet
I think Ubuntu is suitable for this
But the problem is that I don't know how to use Ubuntu server. I think most people chose Ubuntu Server and not Ubuntu Desktop.
What do you think, I want some advice

I'd say if you want to setup Nextcloud and forget about it, use Ubuntu desktop, it works fine.

But if you want to learn how Ubuntu server installs then use that.

After the installation they both are more or less the same.

Imagine like Ubuntu server is like Ubuntu Desktop terminal only.

You gotta do everything from there, you can aldo install a desktop environment though!

It's kinda like barebone Ubuntu the server version.

Thanks for help bro

Gave +1 Rep to @lofty smelt (current: #2119 - 1)

Found something for ya...

You're welcome bro :D_ _

Ubuntu Desktop is heavier. It's a waste of resources to use it for a server install.
Will that matter in your situation? Probably not.
Is it poor practice? Yes.

I will try with ubuntu server
I think it's not that complicated

I mean if you need the GUI then sure go for it

If you can work with just the console, then server is a good choice

It's really not. The installer is pretty straightforward too! If you encounter any issue, the internet is a vast place. Just search and you got it. B)

I have now finished installing Nextcloud on the Ubuntu server
in a very short time
It was really easy by watching a YouTube videos
But the thing is now that this works, I can't add things of my own because I don't know what might cause this
It works don't touch it lol 😅
but yeah, There are still things missing sure
I will have a good time now to learn more, I must learn more to be able to interact with the server

Very nice, you can try messing about the server in a virtual machine on your main computer if you don't want to risk breaking the Nextcloud installation.

That is the reason I run everything in Proxmox (as ESXi is not free anymore :(_ _) I can leave my main VMs as they are, and mess about stuff in other VMs.

Also every service is in separate VMs, I know it's not very efficient, but I tend to break stuff pretty easily. So it's better this way than everything broken in one single click.

May want to look into k8s?

What's that?

Kubernetes

Oh that.

Uhm but it can run only containers no?

Yeah

I need something to virtualise operating systems though.

But you manage your services at the pod level within a VM

Rather than have 1 VM per service