#quiet-conversation

Not everyone buys laptops because they have to take em places. Just a suggestion.

Aside, I've heard dell's XPS is a good one for battery life

Does anyone have any free nitro?

i have a good beat for when ppl say no

You could try asking one of the many bots claiming to give it away, but I'd very much recommend against it 🙂

Sigh

You've let me down.

it was meant for liam

but looks like liam was banned

Nah, just left

https://twitter.com/QubitFin/status/1487710836173185025?t=GP3GZDNrHRSbF3ndYgtv7w&s=19

It legit sounds like a win win situation tho, good for him

It's difficult to move that much money gained from non-legal things online

I'd take the 2 million

But maybe I'm just boring 😄

I could be self sufficient off 2 mil

I could probably be fine with 1 honestly

I don't think I'd honestly know what to do with 2 mil

Mhhm, put a deposit down on a flat, buy a car and that's it...?

oh and help my brother through the rest of his uni

Buy a multi-tenant housing complex, list it through a property manager, continue living the life i have with no changes

Maybe go on holiday for a month

I'd probably get an RS3, then invest the rest somewhere

ooh that's a smart one

Audi RS3's are 🤤

It's the only thing I'd swap my GTI for honestly

Because it's the exact same thing, just better

I'd buy an BMW M3

and then the rest of the 2 mil will go on the insurance

I've got a friend with an M3, can't go wrong there either

I guess at that point why not get both? 🤣

If I was gonna have my dream two car garage, it would be an RS3 + either 911 Turbo S or a Cayman GT4

oooh yess

Followed by crippling insurance

Hahaha!

That and the road tax 🤯

actually, I would get a Mitsubishi evo x and live my rally driver fantasy!

Ooh, that could be fun.

I have wanted one ever since a kid

Was gonna get an old WRX hatchback before I found my GTI

my dream garage is an early 60s chevy apache and a more modern V8 pickup

respectable respectable

The apache is the one that looks high as a kite isn't it

Cummins go brrrrrrrrrrrr

V8 yucky

I just want Audi's magic 5 cylinder

diesel cost too much

and modern diesels are tricksier to keep healthy

Make your own

v8 engines are way more reliable for my use case

hauling a small camper-trailer or a 10' trailer of my stuff doesn't require a diesel

Yeah, I would much prefer to transplant an older engine into a more modern chassis

the chevy stepside is just for funsies, because i love the design

wrapround windscreen and stepside is one of the most attractive vehicle designs

Yeah, newer chevy trucks just look bleh

Older trucks in general look much better

If they aren't beat to shit

https://youtu.be/EQAGN2l3bdI

Evo. Where you get an evo from.

Literally one of my favorite lines

Love jimmy

Hire a financial advisor

That's the first thing I'd do with the 2 mil

Then I'd change my name to Bartholomew

Cut off all ties to society and go live in the mountains

Think about philosophy

Then suddenly come back and create a monopoly in literature

I'd do that even without 2mil - "Cut off all ties to society"

vibe

I'd invest most of it, then sod off and be bruce wayne at the beginning of Dark Knight Rises, where people aren't even sure he exists anymore

Then randomly show up with a bunch of cool toys periodically

get 2 mil, put it in the bank

Multiple banks FDIC go brrrrrrrr

BECOME SANTA

every summer give gifts to the whole neighborhood

Anonymously

Yall jus wasting ur times

Oh, thought that's why we're hanging out in discord in the first place

https://twitter.com/jonathandata1 misinformation is no more :crabrave:

What was the deal with him? I saw some drama on twitter but have no clue what happened haha

He made claims about the Chinese app that the olympians have to use in Beijing: it would record them et cetera. The only evidence he had was a few s of the strings of several unrelated apps (e.g. android and iOS) with no reverse engineering at all

According to people in the community, he has a history of making these unsupported claims and is basically a wannabe: he claimed he was #1 on hackerone, while it was #1 in the US in 201* and because all of that hackerone rep was earned on the department of defense which apparantly accepts almost anything

and now imma shut up in before I get muted for rule 2

If you have more stuff about him I would live to here it haha, DMs open xD

mostly drama

Heh, yeah, one of the very first spats was about THM actually. He claimed that being able to pull data from a public API endpoint was a vulnerability.

The public API endpoint in question is the one that the Discord bot uses to announce rooms 😆

SmH tHm FiXeD a BuG wItHoUt AcKnOwLeDgInG mY rEpOrT

uh, no, the api was just moved

🤣

Along with half a dozen others that were on dumb routes 😆

that one was interesting drama as well 🙂

Definitely true

I learned that you should only make claims if you can prove it

in before I get hated™️

That is usually a good foundation for anything in life

Oh, God. Don't get me started.

I can not buy premium voucher

👀

I mean they're not wrong

Ayo

I don’t get it

Me neither, lol

Hello everyone i have question about John the ripper what if I encrypted a RAR file with hashed password not plain text can john still crack it ?

Remember that hash cracking requires you to have the password in the list that you're using. Regardless of what modifiers/rules you put on it, at the end of the day, it's basically one big list, and you're checking the hash of a password from your list against the actual hash you're trying to crack.

If your wordlist and the rules you apply do not hit the exact "hashed password" you used, then yeah, john won't find it. But, if I took that and put it in my wordlist and did the whole procedure, yes, it would be "cracked".

you can also try to bruteforce it if it's not that long and your rig is strong enough to not take years to do it.

Is HSTS still vulnerable, or it's fixed ? I'm in an outdated course, so I'm curios

https://github.com/nerdsinspace/nocom-explanation/blob/main/README.md

good read

Hey wanna buy me pfp?

I don't know where to go, I need help with a lesson

Is it homework?

It's with the Identifying Devices on Networks practice on TryHackMe

I am stuck on spoofing the mac address question

Oh!

I know what one you're on without even going

Do you know what spoofing is?

I get the gist. I just started today

Then you need to "spoof" the address of the other machine.

Sorry, I only own a cat from da block... no apes here https://opensea.io/assets/matic/0x2953399124f0cbb46d2cbacd8a89cf0599974963/101926207304663902062289126253880087080761763971933907596760126812427254759437

I'm so dumb i just realized what it was asking me to do 😅

You're not the first person to go "wat"

You won't be the last either.

I saw that in the forum

Next time though, you'll probably get a faster response if you confirm it's THM you need help with (We don't help with homework or school work here) and use #room-help or #room-hints

Yo

https://cdn.discordapp.com/attachments/755292767453708419/937406469324800010/unknown-63.jpg

You need to verify to post media

So sorry

!docs verify

Follow these instructions and you'll be able to verify

I am so sorry it is just a pic of the halo rat

Mountain ranges are so beautiful

I remember going to BC for a summer and just staring at the mountains, they are so mesmerizing

ikr

Mountains're nice

which place?

moving here cause heat there

near nanital in uk

I want to use m1 air for cyber security. Do you think this is a good idea?

No. Virtualization is a big problem with those.

also, binary exploitation

no.

i choose matebook x pro

https://shop.huawei.com/tr/product/huawei-matebook-x-pro-2021/

Who else get's so fuckin excited whenever u see this guy , he is soo like me with much much more iq points
https://github.com/geohot?tab=repositories

Ben 'n jerry's be wildin' https://twitter.com/benandjerrys/status/1489393235655106562

Everyone say

E

Ben & Jerry's keeping on brand

On Brand for Ben and Jerry's but also a little misinformed. The thousands of troops are IRF1 which is the 82nd Airborne. It's a Brigade sized element that's always on standby, has been since the 80s. In other words, it's a nothing burger

@winged rain please avoid content that is political. This is also not a meme channel

Sorry about that

https://twitter.com/joehelle/status/1490771926863724548?t=F6DFEE5oqcVJKHJt6bsdow&s=19

It do be like that sometimes...

@scarlet star do you mind if i dm you?

I cant seem ot run the kali machines

im a lil busy at work right now =/ did you remember to grab the arm image? and not the amd64?

kali-linux-2021.3-installer-netinst-arm64.iso is the one i used

ah my bad

thank you

no worries - i did exactly the same 🤣

found it thanks

First screenshot is the task 1 in the room: The Find Command
2nd screenshot is from my vm linux.
Can someone please take a look and explain this?
Confused about the Find command. I forget accidentally to use precede expression + -name and yet the command found the file. (find file-1-see 2nd screenshot) What is the different? 😕

if you look in the list, the same thing happened with find file-*, command outputs both of the files but then it's without slash /

Oh ok, my bad(thought I should have to ask here)😅

Ignore me

?

I misread what you were asking

oh ok, np sir. Happens to all of us 👍

Looking at it, it seems like the command was expecting a file path with the use of the wildcard character? Not exactly sure

And it might also be because you have file-* unquoted

Try find -name "file-*"

Oh wait you already did. So yeah that's my best guess

thanks for the reply. Yeah that is what I am confused about.
Why find -name "file-* if I can do it faster this way: find file-* ?

Oh I see now what your reply means. File path. Just tested it out to cd and used the full command and this is the result. 😅

figured this out. Thanks for the help 🙂

I think I was confused about the working directory and folder directory. Because I also tried in the mint directory this command: find file-* and he didn't found it, outputs: No such file or directory. So yeah that is why to use full command 👍

this room is broken

https://tryhackme.com/room/phishinghiddeneye

#room-bugs

Excuse me, why I have finished this room but it doesn't show in the dashboard

https://tryhackme.com/room/packetsframes

#room-help message

Great, Thx

Gave +1 Rep to @gray jetty

just a quick question, is there a recommendation of how much disk space I need for dual boot?

Unless you're in a niche application, Dual booting isn't recommended generally. VMs are leagues better as you don't mess up core components when you mess up. Windows also doesn't run over your boot partition. Is there a reason why you're avoiding a VM?

not really. I just thought that dual boot would be easier/more suitable for the not so good pc that I have now, what is apparently not the case haha

I'm going to try and set up a VM, thanks for the info

Not a problem. VirtualBox is a good free option that has a lot of online tutorials

Though it doesn't play nice with HyperV and/or wsl2

Duel boot is bae

And I am tired of pretending other wise

Dualbooting does have its perks though

e.g. better performance and the dopamine rush when you start your linux installation on bare metal and it responds with a kernel panic

can someone put me through....thought it was from the ground up

Can you clarify what you mean, please?

i meant i need basic guidance on hacking pls

Have you checked through #start-here ?

no...thanks ill try that now/

thanks bruh

Gave +1 Rep to @burnt night

anyone watch the apprentice

No

But I used to and it was fun to watch

So I really should be doing this 🤔

@lost knoll Im sorry for the tag, but I finally passed you on the leaderboards, I have been to do it for like 3 weeks now and it finally happened! I believe you can get to me quickly enough though!

You are 12 points away though haha

personally, i prefer encrypting in base64

very good

Base64 is not encryption

ah, the time old confusion between encoding and encryption

I did a funny

yeah I'm still a bit tired

I woke up about 20 mins ago and now I'm outside waiting for a bus in freezing weather

😔

Yo

Can i become a mod?

or Admin

Owner

Or discord Owner

no, and just for asking you probably never will 🙂

Perks of having a licence.

😔

Today has not gone very well so far
Right now I'm standing in a supermarket using an employee's charger to charge my phone cause I'm in the middle of nowhere and my bus pass is on my phone but the battery died

At 25% battery now, but gonna charge a bit more just in case

😦 ouch.

you should pick up a battery pack at some point.

I have one, but this is literally the first time in quite a while that I haven't taken it with me lmao

hi guys

im brand new in ctfs can anyone help me with a roadmap as a beginners?

#start-here

So many new and interesting rooms and so little time. >_< I wonder how many rooms are there overall and if the top places in the leader board have done every single room ... hmm ...

I'm sure you have seen this https://tryhackme.com/faq but check "How points work" again and there is also a shortcut (find a bug) to get more points ☺️

https://www.instagram.com/reel/CZRuVhLBwcl/?utm_medium=copy_link

Da?nnnnn

Never missed a semicolon😂

.

.

Isnt the bug fixed already?

How big is the chance that running malware on proxmox VMs will infect your entire computer?

(e.g. moonbounce-ish exploits with sandbox escapes)

how do you deal with stress

Malware breaking out of VM's is rare.

Think about the damage it would cause to thm if it could 👀

There's been a couple for KVM but if you keep patched

Not much. THM hosts on AWS, the impact is to AWS not to THM really

Yes, but they could stop users from deploying machines

How?

Taking down the aws servers hosting the machines?

That's still AWS' problem

It's massively redundant

It's not ran on one machine

hello guys

using the Harvester in Kali Linux

What ip is that?

no results

how can I gather info around this ip address

What IP is that?

lol its the ip address that given through the assignment

Why are you trying to gather data on it?

Who told you to?

lord ninja xD

my Uni told me to do this assignment before tommorrow 😕

We don't do homework help here.

Ask your teacher for help.

um okay sorry, I thought to get some help from experienced guys here, okay

I'm a mod. If you have a problem with me trying to establish if it's illegal or unethical, please take it up with MuirlandOracle.

When asking other members for help (either with TryHackMe rooms or anything else), Isnt that in the rules? "anything else"

sorry

What point are you trying to make?

okay I will ask for help

in #room-help

That is only for tryhackme rooms.

Im just saying, asking for help on general questions shouldnt be scrutinized, i get being unethical is not ok, and your trying to make sure thats not happening. But asking for homework help isnt against the rools

and im not trying to be rude in any way, dont take it like that please

oh okay understood, can u name me some discord servers that I can get help

Asking for homework help is just something not done on an etiquette point of view.
You could argue it's also unethical as it's assessed and they're effectively cheating.

from cyber sec enthusiasts like you

ok man, i get it i guess.

sorry

It's an assignment from your uni.
If you haven't understood the teaching material or you need help, that's exactly what your lecturers and teachers are for.

Get your money's worth out of your education

its not a home work help actually, its something I really want to learn, I searched through google, I already found the answer, through online ip address look up, I can put that answer to the assignment, but for sake of enthusiasm in cyber sec I have, I want to find a way to look up on the Ip address via theHarvester only

its not a homework help

Then it's an exam?

Or otherwise an assignment from your university?

thank you, Im sorry if you guys misunderstood this, I fucking love this field, I was stucked and came here asking for help

Counts as homework. Same advice applies.

yep assignment not a graded one, I can ignore it if i want

The absolute best thing you can do is talk to your teachers

Show an interest, get them to explain further. Work with them.

yeap, ikr, I believed this could be a good way and faster way to get know than asking from teachers, but it didnt worked as I expected

Especially at university level, be on good terms with your teachers.
One of the big advantages of going to university is connections.

yes, I understood, communication with teachers is a key

I got my job in pentesting, skipping certs and a few years in IT, just by being on good terms with lecturers

(also leaving assignments till the night before they're due is bad)

yea, that makes sense, also motivated me

nope today is when they gave assignment and told us to finish before tommorrow, lol, they love to give stressful assignments haha

hey um

can we get a job just only with certs and without a major?

There's only one answer to that question: maybe

always depends on skill and attitude noh

There's so many factors at work. A degree still makes getting interviews easier. If you're working on a degree, finish it.

im finishing it haha, wish me good luck

thank you for having a talk with me, alr back to assignment 😂

I was using theHarvester last week.

👋
Just to elaborate on this 🙂
There's never any way to tell if something is assessed or not if it's an academic question, which means that we would be unethical if we helped with it as we would be giving them an unfair advantage over their peers. If it's not assessed then there should not be a problem speaking to a lecturer or teacher about it, which solves the problem entirely 🙂

did you know the room to get Windows Priv Esc ?

Hello

No.

Just finished factorio for the first time ever

took me 74h

Hi

what kind of certifications are basic for an ethical hacker

OSCP, CEH, eCPPT, eJPT, etc

Hello everyone

Thanks

Gave +1 Rep to @frail rapids

which certificate has the highest value in ethical hacking

For beginners I'd guess the OSCP

Hi everyone.
I'd like to learn C (I have previous experience with python and java) but most books spend a lot of time on basics (operators, data type, etc) and I usually get bored. Does someone know a book that covers other arguments in parallel with C? Like C by projects or C for binary exploitation.

Even game design or scientific computation would be good. I just get bored in learning C for its own sake.

you might also try in #bookclub

I missed that section. I'll check it out. Thank you

Can trilium do this ?

trilium has support for mermaid.js built in - super easy to use diagramming language definition. not sure about the circuit diagram though

Are streaks based on the specific hour vs just a calendar day? I lost my streak because I logged in later in the day, kinda stinks.

Wtf

xD

That's your attackbox, not the deployed machine 🙂

Ah

Idk why I got that resetted

I need some general advice on solving CTF's as things get more difficult. When should I give up and look up a write up? I know sometimes advanced CTF's are timed so when it times out. For THM though at what point should I stop trying harder, take the L and learn?

When you have no idea what's going on or they're using tools techniques you've never learned about it's usually good to look at a writeup then research those tools, techniques yourself

You can't do a CTF if you don't have the knowledge needed to actually do it

I also don't like that you are describing it as taking an L because it's a learning opportunity which should be viewed as a W

Research the potential tools, and then if you’re still stuck, then consult a write up

Don’t limit yourself to only what you know and are comfortable with, otherwise you aren’t pushing yourself to do the research. If you do research and still can’t figure it out, then looking at a write up or getting a nudge is what you should do

i see, i misunderstood and thought asking for help was being considered "unethical" i just misread. Im sorry

All good ♥️

I am new to the information security. TryHackMe.com is a good website. If I have finished some lab in the room, I don't know how to find the solution.

If you require room help or hints #room-help #room-hints would be the place to go, prefferably after you've done some research and pondering yourself.

Literally this, I recently did a room with "redis", didn't know about it before but researched for hours and got the exploit for the foothold!
Sometimes, it is too advanced but you have to put a solid few hours in first before going for a writeup 🙂

I think it's a lot harder to get in that mindset by just doing THM. I know I found the discipline to do the research when I started doing real events.

Because there literally are no writeups to go off of, so either you keep trying or you just move on

Yes, when I was starting in Thm, I'd read more writeups without the proper research too
The discipline is something that gradually develops

I've realized I've been doing it wrong 😆 I should research first then go look for a writeup

I would look for a writeup then research the stuff in there

Just read this conversation related to my question, this was really helpful thank you guys. I will do my research, follow hints if available and only then find a write up for CTF's if I get really can't go any further.

@burnt night ayo

thank you @sharp inlet

Gave +1 Rep to @sharp inlet

hi

hello who are you?

Hey now, be nice

Who am I?

not you, Alik

hamza?

maybe you are a dreamer

Maybe u are the dream

Screenshot is from a video:

hi everyone, I need a bit help with installing Linux Ubuntu on my system WIN10 as a partition. this is all very new to me, to install linux on win10

Via YT video learned how to do this but YT broadcaster only has one disk in his system and I have 2.
Primary is SSD and second is HDD Healthy (basic Data partition)
I don't know where to shrink volume and how much, so did also research about this and it said

if you have more then one drive, make sure to choose the one that says Primary Partition

This will be usually be labeled as the C: Drive.
so yeah I think I can do this but I am not sure about. Just do exactly the same as described in the step-by-step plan?

(shrinking volume in C: - boot cd linux - choosing Something Else during installation - right click freespace -click add- ?create partition 4000MB: use as swap area? - right click free space - add - primary partition - mountpoint / - device to choose for bootloader.
And that is it?
I don't get the Swap area thing. What is it for?

How much to shrink in C:? It's an 250GB M.2 SSD drive. I would like to work with Linux more often, to get used it.
(VMware liveboot doesn't work good for me since I figured out every changed I made will be deleted, even if I delete the repositery too )

I think I have already found the right guide to install Linux on WIN10 but I'm just not sure about this. Like I said this is all very new to me

You could install the system instead of liveboot within VMware

Where do you want to install the linux system - SSD or HDD?
Make sure you have enough space to cut out from the drive you select
And use Windows' diskmgmt.msc utility to shrink the volume, you will get Unallocated space (free space) in black color in the utility

Any changes you make to an installed system in VMware or any other similar hypervisor tool persists after reboot (not liveboot)

I would like to install on HDD because it has 1 TB size and only data partition.

I did install Linux iso images on the VMware and changed this in the setting to use iso images. See screenshot

Installing didn't work without the dvd, I tried that already.
After installing and select this option works to open linux in VMmare without the dvd.
Any changes I make to an installed system will persist after reboot?

I'm doing something wrong here with installing linux on VMmare ? But I tried to install iso images only too and didn't work 😕

What did you select after starting it?

Install the system
Graphical installaler
Live boot
Live boot with persistence
Settings
...

Oh, I can't remember that anymore 😅

Here you already have a hard disk allocated for your VM (30GB one)
You could install the system on it and then remove the DVD (.iso) from the VM and it will work normally

You have to Install the system, you might have seen similar option being selected in the video you mentioned

In the screenshot that I have shared: option to use ISO image file doesn't mean I have deleted the DVD from the VM ?

In the YT video it's how to install linux on WIN10 as a partition. On VMmare I already have installed

I tried it again and this doesn't work.

That would boot using the .iso file and not the installed system (if you installed it)

Have you installed the system in the VM?
But earlier you told, you haven't 😅 (just liveboot)

Sorry my bad, I think I have then not installed the system in VM.

Ok thanks I think I got it now. Need to search some info about installing system in VMmare without the dvd liveboot, right?
So the iso images that I have doesn't install the system , right?

Gave +1 Rep to @woven patrol

What's the full filename of your .iso file?
I guess you have the -live.iso one🤔

and if I installed the system on VM, all the changes that I make will persist in the VM ?

Yes, just like a normal installation (not a VM)

I have Disc Image Files Linuxmint-20.3-cinnamon-64bit

So yeah that seems be the reason why I can not install without the dvd I think 😅

Could you also share an image of the boot menu when you start the VM?
Is this the one?
https://linuxmint.com/torrents/linuxmint-20.3-cinnamon-64bit.iso.torrent

Oh, didn't you see the Install Linux Mint shortcut on the desktop when you login into the VM?

Oh I don't remember it but it wasn't a torrent. Probably the download site. I have downloaded it through Linux Mint with the sha256 txt

It looks, Linux Mint directly opens up a live session and not present you with options like Install, Live boot, ...

yeah I have installed it on desktop

Ok, I am going to do this again with the dvd on VMmare and will try something else through the installation.
Thanks for the help, appreciate it. brb

I think this is correct. During the process I didn't see any option + I have changed the location.

Or is it Customize Hardware and use iso images ? But I have Disc Images Files. Doesn't work probably?

Well, I am gonna try that myself first.
I don't have VMware, so just to be sure I don't distract you from correct path😅

Also, you should select the ISO image file and boot from it.
Then open Install Linux Mint available on the desktop in the VM

I need a little help with something, I need to login to RDP from a user that is on the Domain Controller into another computer on the AD but I have no idea about the syntax haha

Yes I've waited for you reply and then selected use iso images files. Then I have rejected the dvd and opened Linux Mint and it worked.

Now I also see what you mean, I think this one is what you mean to select option? So here it's somewhere I have to look for install system?

OEM install?

Try to just start it, and then install from inside it. I was reading their docs, you will get Install Linux Mint after you get in

Oh I see. This one?

Yeah

Thanks @woven patrol This was so confusing when I installed, I mean 'installed' Linux on VMmare. I thought whole time this is it: yahh I have a VM now AND installed Linux but no 😅

Gave +1 Rep to @woven patrol

Thanks again, appreciate your help 👍

Actually, I think of it now not showing the Install system during boot.
In most of my VMs, I have had that option😅

It's my first VM and I choose VMmare, that is actually why I didn't see Install system here

I think I should probably try more few different VM to see which works good

I mean which works easy for me

Perhaps not because of VMware, that's just how that .iso was prepared to directly start a system to try out

That won't be what the issue is.

Kali, Parrot would be good if you are regular on THM and learn related stuff

Oh I see, hmm

Thanks, will check it out 👍

Gave +1 Rep to @woven patrol

haven't used parrot -- does it do anything better than Kali?

should i use vmware or virtual box if im looking for a free software and also which os is better for hacking parrot or kali

VMware or VirtualBox is down to individual preference, I can't say much for parrot either as I use Kali, it's handy knowing the things I need for THM are already there, and confidant enough to find and install what I don't have.

!rank

ok

its in #bot-commands channel allowed

They're not verified either, so they won't get a rank.

I feel like virtual box is easier for the user to use and it's also open source meaning more updates/features get added to it more frequently

Auto hack script in parrot is op

I run kali out of a virtualbox from my macbook pro. SSH into it and do all challenges from there. Seems to work well

Docker is another good option, I find that it's lighter weight than Vbox

Very important to note that those are not VMs, however

Oh I had no idea, are they basically chroot jails then?

Kinda
They are closer to being chroot jails than they are to being VMs, that's for sure.
Containers on *nix systems are effectively just process namespaces -- in other words, the processes are segregated but if you use ps aux on the host you'll still see them in the list.
Containers on Windows run off hyper-v, so I suspect they are closer to being VMs, but I haven't really played around with those

Containers are also supposed to (by convention primarily) only actually run one process -- e.g. a webserver

So, a containerised web stack, for example, would use a bunch of different containers -- a webapp container, a database container, and probably a cache container at minimum

Docker containers can run all three at once, but it's very much not recommended

well, that went straight into my notes 😄

the idea of a container is that it provides runtime isolation, and is intended to be immutable. If you are intending to have some kind of backing store to write to, that introduces a pretty hefty level of complexity to configure vs just running a vm

There are performance advantages to a container, but it's easy to donk it up and not provide the isolation intended

containers are a key component of microservices

Interesting, thx for clarifying

Gave +1 Rep to @quaint basin

Can you deploy metasploitable in a corporate environment for testing?

https://tenor.com/view/that-would-be-an-ecumenical-matter-father-ted-father-jack-ecumenical-irish-gif-15581044

It would be down to the organisation to decide the scope of what they want you to do

How can I make this work?

<!DOCTYPE html>
<html>
  <head>
    <script>
      function makeNode(c){let p=document.createElement("p");p.innerHTML=c;document.getElementById("body").appendChild(p)};
      function printParam(){decodeURI(window.location.toString()).split("?")[1].split("&").map(p => makeNode(p))};
    </script>
  </head>
  <body id=body onload=printParam()>
  </body>
</html>

when I use <svg onload=console.log(1)> it doesn't get executed

it basically prints out the parameters

hm <img src=x onerror=alert(1)> does work

that's quite weird

CEH V11 Exam voucher + Courseware just for 15k INR

Yes, but CEH 🤮

Also, would you please quit spamming that in every channel @foggy vigil

Once is enough 🙂

I could go a bit of CEH...

I assume it has another meaning?

Someone might be interested.

Nah, I'd get that before I finish college.

One cert EzPz.

If they are then they will either be very out of touch, or have already carefully been watching the job market in their area to weigh up whether they need to subject themselves to that rubbish.

Regardless, that still doesn't mean you post it in about 6 different channels -- that's just rude 😆

One channel -- preferably #resources is enough

Got you

"that rubbish" is my favourite part.

#rubbish channel? O_o

Is it legal to take revenge on scammers?

No. Unless by taking revenge you mean reporting them to authorities.

😔

Apparently I'm a victim of one

What sort of scam? Did you lose money?

The scam was a 'game beta testing' link

And what was the outcome? Was it phishing?

For the outcome, it was worst than my entire wallet

He broke my computer hardware and the power button doesn't produce light any more

Hence, why I asked question on revenge

i did run antivirus scans, changed my passwords and activated 2FA before he broke my power button

i thought it was safe until the hardware broke

Did he break into your house?

remote

So you did it?

no

I downloaded that exe

So you were infected with a virus?

Yes

The lesson I learnt was to not run any suspicious exe files

im still in grief after what happened

Isn't the power button light controlled by firmware? I didn't know a downloaded exe file can go that deep into the system

It happened about 1 hour after I downloaded that bad exe file

It can't

It was a very unfortunate coincidence

Those "game testing" malware tend to steal discord tokens etc.

It cant be a coincidence because my laptop was working fine for years until the exe happened

It's human nature not to believe in coincidence

But this was a coincidence.

hard for me to believe

Maybe we'll be hearing about a new exploit tomorrow.

You won't. Power light is handled with ACPI.

Right. That would also be a curious thing for an attacker to target

I suppose there is some sort of way for me to fix my computer?

Wipe the OS and reinstall

Sending malware over discord and telling people to play your game isn't exactly a sophisticated technique

My local computer repair shop doesn't charge to look at your computer, if they're able to fix only then they charge

It just wouldn't happen

It's a coincidence. Humans hate those.

I wish somebody was able to turn off my power button light, I personally don't like it

You often can in your bios. You can also... You know... Unplug it.

Unless it's a laptop. Then tape over it.

Tape is the answer

I'll tell my parents that my laptop broke by coincidence

I don't think I know how to wipe the OS or reinstall it

You'd be better actually telling them the truth

I knew a 60 year old who got hacked, bank account. Few thousand stolen. She doesn't even know how it happened. Unfortunately the stats say that the majority of victims are over that age.

I had an assumption that old people weren't smart

I thought it was a coincidence

It is.

But tell them the truth about the whole thing.

I can but that's too hard

Nowadays I wouldn't just uninstall the OS

bcs of moonbounce etc

but gl making a new esp lol

This is actually a pretty easy thing to tell them. If you eventually want to get treated like an adult, you need to act like one which means telling people uncomfortable truths

Half truths are still a lie and lying will always blow up in your face

Most laptops these days have a recovery partition built in. Trigger the factory reset and everything goes to day 1 installs

Any one know of a good crypter? I'm trying to make quasar FUD rofl

Sounds cool, what are you trying to deploy on?

Write your own

We'll see about that

I cant do factory reset if the laptop wont turn on

@pearl latch Could you send a screenshot of cat /proc/cpuinfo ?

of my vm

linux?

Well I just wanted to see what processor your machine is using? Do you know ?

its amd

I'm using a m1 macbook

Okay, so why you installed an arm kali then ?

no its not amd

can I dm you cuz it takes time here

Ye, go ahead with DM

yo, so I completed the Pentest+ path on tryhackme and got certed. However, I still cant solve the "easy" boxes on hack the box without a walkthrough. Is that normal or what should I be doing to be able to solve them without help?

You and I are in the same boat man. What I've decided to do is to keep trying rooms without walkthroughs but when I fail to get anywhere I do a different room that explains a new concept I might be able to use to get the flag. Currently, I'm failing to solve the Pickle Rick room and I'm not sure if I should be bruteforcing or not. So I'm going to go through all the bruteforcing rooms try hack me has to offer and keep trying when I think I have the answer for Pickle Rick I give it ago. If that fails I will try a different room that teaches me a different technique.
Gives me a reason to learn about things because it's for the purpose of solving a CTF. I understand though it can get pretty frustrating

(Please don't spoil anything people. I'm currently excited to learn about bruteforcing because it might work :3)

I think the only bruteforcing for pickle rick is with whatever you use to look for directories.

There is an account to log in to, however all the credentials can be found somewhere on the machine.

okay. I shouldn't have said anything lol

https://tenor.com/view/seth-meyers-spoiler-alert-spoiler-giveaway-secrets-gif-9191849

I didn’t even know there were walkthroughs

I passed CompTIA Security+ last Monday. Very thanks to a guy that suggested me professormesser.com

Awesome!!!!! How was it?

completing one path once isn't enough unless you're really talented

I went through 3 of the learning paths 3 times

and then for my first boxes, I still looked at hints

not to mention I did wreath

Tbf, wreath is an easy level network that guides you with almost baby steps 🤷‍♂️

I never said its difficult. just saying I went through a lot of materials before I Could do even the easiest boxes on my own

I still remember running linpeas for my first time, seeing 4k lines of output and thinking to myself "this is fucking insanity"

Yeh, a little tip for linpeas, pipe the output to less like linpeas.sh | less -r
More readable
And yes, it does take some time just being able to solve easy boxes

For htb*

@gray jetty have you any rooms today?

Ugh, ... whhhyy?

👀

I'm trying to some now.

Every room I do I can't do a Feroxbuster scan inster other enumeration tool here

All of them refuse to connect.

Ffuf, wfuzz, gobuster, are good alternatives but sounds like a connection issue

Connection is fine, I can nmap them etc.

Can you show the error for ferox?

Maybe you brutes 'em too hard and they died

Is the machine even accessible via Web?

I'm not sure tbh.

It's "source"

Maybe add it into hosts file, ig

Some machines need a domain name to serve Web content

Source shouldn't. just has a flick through the video

I'll boot up a machine where I know I need to enumerate it.

... what room is this anyway?

https://tryhackme.com/room/source

I can scan other targets, must be the way the three rooms were set up and I was juts unlucky with the choice 😂

Yeh, no bruteforcing is needed for this room 🙂

Also, add ip to /etc/hosts

It is one of those rooms

Linpeas is great, after 8 hours trying my first vulnhub box I remembered linpeas and pwned in 20 minutes

it is indeed life saver

Is it just me or does anyone else search for an issue in this discord chat and get too invested in a random chat that happened two years ago

Yeah! I like reading on some of things I missed out on.

ahem stalker ahem

I prefer to call it learning

oh

same man same

That happened to me the other day when I was looking for something said when I first joined lol

Good eve everyone!

||hashing crypto is an old room but for the last question for task 4 the letter count for NTLM hash in the hashcat website is 33 but the right answer is 32.||

User error.
Echo, unless you specify, will terminate with a newline.

Research would tell you the correct answer

with normal echo there's a space at the end, but with -n a new line replaces the space and makes it compact

hi

google say 14 lol

thanks

Gave +1 Rep to @gray jetty

Eh?

-n removes the newline

And there isn't a space involved regardless

TL;DR: Without -n, echo adds an extra character (\n) on the end, messing with the character count.
With -n, the character is not added so the character count is as expected.

Then you're looking at input to the LM algorithm, truncates it to 14chars and hashes 2 lots lf 7

Hey does anyone know how dnsmasq works? I read the description but I still don’t quite understand if anyone can explain it to a 10 year old

Well not necessarily how it works, that I just about fully understand. I mean the purpose of dnsmasq. I hope the answer isn’t something as obvious as masking our dns queries. Per the name

thanks for the clarification, so instead of space in normal echo there's a \n at the end and with -n it's no longer there 👍

Gave +1 Rep to @quaint basin

There's no space either way

I meant the extra character is a \n

I assumed it was a space :/

Nah, there's nothing there if you remove the newline

well, that's why I said normal echo

Normal echo has a newline

Echo with newline removed doesn't replace it with anything

I mean, I said with -n it's no longer there,

~~you're just dying to say I'm a muppet aren't you ~~

You muppet ;)

nah, doesn't feel the same coming from anyone but muir

Sorry I tried <3

Muppet is a great word to call someone, second is eijit.

well done, ya muppet :)

Oi, eijit! calm it 😄

https://tenor.com/view/huh-dave-chappelle-what-confused-gif-10721560

for reference

Yeah, that was around the time I joined the discord channel, xD

It was a pretty fun conversation,
#general message

LM is gross and bad.
It splits your password into 2 sets of 7chars qnd hashes them separately, then combines the results. It's old and gross and bad.

It was, there was even a message I thought Muiri would have got hit with an innuendo.

Doesn’t that mean you have to do half the work cracking it?

Correct

Pretty sure it’s actually less but idk

Why not just hash each char separately

2^2 less no?

Oh wait no half sounds right

Exponentially less, each additional char of plaintext adds length(charset) or whatever

Cracking two 7char pws is much easier than one 14char

Yeah need to get the math done for that

Ummmm... No-one realised that tomorrow is Raspberry Pi's 10th birthday? I think there'll be some announcements...

Hello guys
can someone help me how to brute force gpg files
I tried using john but it is taking a lot of time

Yo! Can a mod give me the Creators-Lounge role? I’m trying to make a room and may need some help.

Oooh, what's it going to be on?

Some cool stuff, I also need a couple testers cause it’ll have quite a lot of steps that can be messed up, are you up for it?

Only if I understand what going on 😆

better not be a windows room smh

Can I DM you?

Probably won’t but technically it could be haha

writeups are provided for testers 🙂

Whats wrong with windows rooms?

Zeesh hates them

Oh if a writeup is provided I'd be down to try and break the room

Maybe and maybe not...

👀

As long as I know where I have to end up

Can I dm you?

Go ahead, my wifi is cutting on and off tho so know that I'm not ignoring you

that's probably the best method 🤷‍♀️ so either

• you're using the wrong wordlist / not applying the right rules
• that is not the intended method

Usually being a bit more polite will go a long way ;)

Oops sorry, I realised just now that it sounds a little “do as I say”, my bad honestly, thanks for pointing it out!

Gave +1 Rep to @twin ridge

Still waiting ;)

Sure! Do you mind giving me the role? I would really appreciate it!

Is please that hard to say these days? Smh

-arole 708286316529451029 creators-lounge

➕ Gave the role Creators-Lounge to sootierr#2643

Thanks hydra!

Gave +1 Rep to @twin ridge

Look forward to seeing your room

GHoP is going a room! this should be good!

Honestly I will probably make it a Hard room, it’s probably gonna be medium though cause the stuff I want to do is pretty uncommon in CTFs and I will need to give hints to alot of the steps.

That's cool, after all, the hints are optional.

I was thinking more like hints as a part of the CTF itself, not in THM since I want to have only two flags but I have about 3 steps you need to do before even getting initial access.

Ah, I see!

Remember that everything needs to be self-contained

Yeah I know! It just has a lot of steps for the web part!

What does IAT mean? I tried googling but couldn't find anything

Import Address Table.

So quiet...

So so quiet

Sorry in advance but I have a stupid question.

Shouldn't malware with admin rights be impossible to delete?

It should be able to counter the request to quarantine by... (suppose malwarebytes) and stay installed, right?

I don't have deep expertise in this area, but assuming the malware is running in memory, it could implement countermeasures against endpoint protection. However, if those aren't full proof, or if the malware is not running in memory, then the malware installation theoretically would be less effective at blocking AV, etc. from cleaning it up.

Pretty sure the most effective way to remove malware is just nuking the system, then there's(hopefully) no traces left

You should already have all your important files backed up following the 3-2-1 rule

Thank you for the indepth answers! @winged rain @dry pewter

Gave +1 Rep to @winged rain

I was using my family's laptop and noticed there was adware. I ran malwarebytes and cleared it but was curious as to how they didn't survive.

The thing about malware is that sometimes it can stick around on your LAN and spread that way. It could spread to your other computers on the system and then after you wipe the initial system that was infected slowly crawl back

adware usually doesn't behave that way, unless there is deeper stuff involved.
More than likely, the adware has installed itself in multiple places and re-installs a component of it from a component you missed on the sweep.

What

ok

am I the only one who dislikes the "hacker" culture on tiktok

don't get me wrong I don't use tiktok, but from the clips I see on r/masterhacker I get disgusted

like it's getting to the point where it's just a source for skids, considering the target audience of tiktok

sure people getting into infosec is a good thing but it just annoys me that these folks think they can learn infosec in a few days without any fundamentals like networking or programming and instantly become a "l33t h4x0r"

Not a problem if you don't use tiktok.

it is because all of those kids go on to subreddits like r/howtohack and r/hacking... and discord servers like these

I always thought of it as a phase that teenagers go through 🤷‍♂️

same as wanting to become the president,musician, etc.,
~~enginner : ~~

I think except for twitter almost every major platform has terrible hacking culture and skiddy stuff

even twitter has alot, but it's way better than TT or IG for example.

I tried to look at even just the standard tech/IT communities on clock app, couldn't help but do everything in my power to scrub that 💩 from my timeline.

There are some nice IT people there, mainly the forensics people for some reason.

I just found a painful amount of disinformation/misinformation, and since I don't have the time to make my own vids/posts it wasn't worth being on there.

no captcha present and the icons in the navbar aren't loading, yet i have no errors in my console and every network request is a 200 🤔

does anyone know what may be going on

this is in a fresh vm with fresh firefox - the login page on my host looks fine

Definitely, all the teenagers ik who like computers have gone thru a hacking phase

The problem is that "normal hacking" isn't very exciting content

It's more educational than entertaining and I don't go on those platforms to learn

I’m thinking of learning another programming language, but I’m not sure what to learn. Should I learn C, Go(lang), or some other language?

Depends on what you need / want to know

I kinda wanna do machine learning

but i need to learn A LOT for that

where should i start?

Python would be obvious answer, as its the most popular ml language

Iirc google has free machine learning course

so far i know python, js, html, css

Python for ml then

oh neat alright

i wanna be able to make AI play games

Like Open AI project?

not sure what that is.
*"learn" to play games

Google for Open AI games, their AI can play game better than humans. There's one where they play Dota 2 and beat top team

oh ok neat! then yeah

Its really interesting, there's also they make 2 team of bot competing each other in hide and seek, and exploit every possible opportunity provided by the game engine

yeah, alright ill look into that

thanks

+rep @slate vine

Gave +1 Rep to @slate vine

Sir any way to get subscription discount for students . I have institute mail also if possible to get discount . Please help me

There is a student discount for THM. If I remember correctly, the option to do it yourself isn't working correctly. In order to rectify this you can email support and ask nicely. Please be patient as they are rather busy.

!email

It should work with academic emails

It just doesn't occasionally

Gotcha

HTML is my favourite programming language

I deadass know C/C++/C#/java/python/ruby/perl but I have 0 HTML knowledge.

LMAO

I know the feeling.. I learned the webdev 3 langs in december after programming in .NET and Python for two years

What’re they?

Html, css, js

Oh I dumb, I though Lau was talking about web 3.0 langs and I was like “we getting HTML 2.0 or sum??”

Tbh css is just literal hell, I can’t think if a “language” more annoying

Yeahhh exactly

HTML and CSS are miserable to work with

JS is atleast programming haha

Btw I got a question Lau, are you decent with CTF style reverse engineering? Like encryption reversing and stuff?

Not really. I'm still getting better at low level development for it

I've done some videogame RE once for certain purposes, but haven't really dived into it after that

oh okeh nvm haha

eh kids will be kids lol reality will hit them eventually. lol

https://tenor.com/view/heman-smile-skeletor-laughing-laughing-hysterically-gif-18559585

yay finally resubed to THM!

@quaint basin ey id like to bring ur attention to what i think is acase of cheating

That's not really a muiri thing

Please inform me who should i contact

Who's cheating?

I talked to some guy in 3rd of feb, he was 0x8, he has no certs , and was happy he got that lvl

I got in contact w em and we talked a bit

Here is my last relevant msg w em

Hey @dusty sleet
Can I get you to email me with an explanation of your report, we will look into it:)

support@tryhackme.com

I've seen these guys make videos on all the paths. I think he's legit

There's video proof of him going through the rooms and explaining his process

His most recent video, although i don't know if it's the same person

https://m.youtube.com/watch?v=pc_NCJW6bl4

Do not distribute or provide access to content involving the hacking, cracking, or distribution of stolen goods, pirated content, or accounts. This includes sharing or selling game cheats or hacks. Not sure if the Oxford comma is confusing me or what. @serene trench This is what I was talking about yesterday.

might be a few ors too many there as well

ah wait yeah ok could be alright

Yeah I'm just not sure if it's saying to not post content about "hacking, cracking, or distribution of stolen goods, pirated content, or accounts" or if it's saying not to post content about hacking cracking or distribution of "stolen goods, pirated content, or accounts"

They phrased it weirdly haha

the latter

I think so too.

hi

hii

hiii

hii

Combo breaker.

well, arn't you a <insert scottish insult>

No, that's a bit extreme.

ok, I sincerely apologize

No, I meant my word.

Yours was fine, I've been called worse 😂

well, It's just that I'm not racist at all, just don't like the scottish 😂

that's a jb quote btw 👀

It's ok, half the Scottish don't like the Scottish 😂

Yeah, I remember someone said it.

#general message

2020!

yeh, I checked all the pins in #general , lot of cool stuff in there

#quiet-conversation message

noooo, that's just memes

i just started this on campus job and they're tasking me w/ making activities about blockchain and NFTs 🙃

Doing alright coming up with ideas? Or need some resources?

hi

I'm so sorry

Yeah, I'm not having any difficulties, I just don't wanna lol. Appreciate it though.

It's rough out here lol

No worries, friend of mine works for ProtocolLabs, so I'm sure they've got plenty of resources to recommend if you needed it.

Truly merciless territory

is it a good idea to give my non sudo root user permissions to the opt directory to add things to it?

i plan to use that directory to sort all my scripts and such

im asking because i still dont fully understand the filesystem yet, and why i need to be the sudo root user to make changes (sudo doesnt work, i need to be root user)

what im asking is it makes sense to put my exploits in the opt directory but with the way the default permissions are configured it makes it seem like im not, and i dont want to mess anything up

Sudo will work, but if you're using > etc then that's not part of what runs as root.

Put the exploits in /home/kali/exploits or something

You want as little code running as root as possible

noted noted thank you, that makes sense. I had a cluster***k a while ago bc nothing was organized so im getting tips from ippsec and he placed everything in the opt directory

had to nuke the system bc nothing made sense

I despise that i still cant do easy machines without help lmao

ughh

You'll get there eventually

Quick question, why does my VPN IP keep changing? I thought with premium you'd have your own unless I'm mistaken or it doesn't work that way

Your machine VPN should be the same, yours changes? Are you changing servers?

Same happens to me sometimes start with beginning one

Yearly sub expired today 🥲

the time to switch to htb has come

https://tenor.com/view/ok-okay-umm-awkward-situation-huh-gif-5850917

You ought to stay on the server though xD

Yeppp I like this community waay more

I just prefer the challenges and CTF style of HTB better

More challenging, I like that about it too but I feel like it’s a little annoying

hello

I need a cheap linux vm 4gb ram rhel , to run an oracle db, I would like a static IP or maybe something like ngrok, I explored azure and its kinda pricey , anyone can recommend something else ?

I'm not changing servers

It takes time.

strange, as your THM IP is created then attached to your account.

I've had about four changes now

#room-help

• Oracle Cloud 24GB and 4 ARM cores in one VM or split into 2/4 'always' free. 200GB block storage, 20GB object, 2 Oracle autonomous DB @ 20GB ea., 3 noSQL DB @ 25GB ea., 10TB egress free / mo., Ubuntu or Oracle Linux (RHEL)
• AWS Lightsail free for 3 months but only up to 2GB plan
• Atlantic.net 2GB 1 vCPU, 50GB SSD, 3TB egress
• Kamatera.com 30 day trial (?)
• Alibaba 2C 4G / 4C 8G, 1 month
• DigitalOcean new account = $100 credit for 60 days
• Google Cloud new account = $300 credit / 90 days
• Vultr $50 / 60 days
• Linode $100 / 60 days
• https://lowendbox.com/

^

what flavor is vegeta

Vanilla flavor 😋

Man

quick question about obsidian. I would like to use it for only making note, but what if obsidian disappear one day? Saving files is in different format then txt file no?

Obsidian saves all the notes in .md files which are basically like .txt (you can open them with anything that lets you edit text)

Gotcha, thanks. Just tested and it works 👍

Gave +1 Rep to @half fractal

Check out logseq btw, I like it a lot more for quick/simple outlines and structured notes, YMMV but nobody seems to know about this one so I like to shill it lol

can someone help me get hacks please

ok my bad