#quiet-conversation

Dammn, that's pricey!

Never really understood the point for those expensive phones, like what are you going to do with 8 gigs ram, quad core snapdragon, 8k oled camera/screen, 3 days charging -- utilise that money in a more sensible way 🤷‍♂️

scroll tiktok lmao

I don't have tiktok, lol.

me neither but bants though

Aye.

What handset do you have currently?

An economical samsung M11

S22 ultra will be a big step up from the Note 9 I'm using 😂

Yo Ben, any chance I can DM?

True, but iPhone is just soo comfy haha

your opinion

Got a decent camera? doesn't it?

Yeah true, it has better integration with most stuff too xD

You can obviously do better, but on iPhones the software fits the hardware and makes better looking pictures than most phones.

Major phone manufacturers like samsung and google do the same tuning.

You basically said , I'm a dum dum who only wants nice pictures 👀

Yeah that’s also true, but that’s the word “most”

You're welcome to an opinion, but don't present it as fact. You feel that the iphone takes better photos.

hi i'm new

Hi new, I’m sootierr.

hello sootier, I'm a Gaping Hole of PACKET, I hake with keli-lunix and am a pentustur

One might say an Penntrepreneur

pentesticuler more likely

Mostly to future proof so you can keep the same phone for 5 ish years. Others that buy the newest every year just want the best idk

I haven't had a new phone since the Samsung Note 9 was released.

You don't need to upgrade/change your phone every 5 ish years, that's a trend started by apple so people buy their newer products paying them more money

I still have the samsung galaxy prime we bought 5-6 years ago, and apart from a battery change it works flawlessly

though, I did change my phone for a newer one but it was not necessary

It's preference.

hey i think i found a foothold in a room but not quite sure what to do with it. Its an apache 2.0.x vuln and goes as such `A path disclosure vulnerability has been reported in Apache 2.0.x.

It is possible to reproduce this condition on vulnerable systems by making a request for certain types of files (such as error documents) that have been mapped by the server by type but fail to be served due to failure of MIME negotiation.
http://target/error/HTTP_NOT_FOUND.html.var `

not sure what to do with it thought if anyone can lead me in the right direction without the actual answer please

this seems to not be a foothold oof

can a thm box be attacked from two computers? like i want to do a room with someone, is that possible?

good question, i would like to know too

right... the rooms would be much more engaging if we could.

I have no clue but maybe?

if you both use the same OpenVPN connection

How would that work though

Which commands would be given precedent in the terminal?

You could probably screenshare if you setup a vm or from discord

that's fair

or just do the same room same time in a discord call

maybe it would work if you temporarily give your friend the openvpn and you use the attack box on the website.

i was thinking the same thing. It would have to be a special room environment.

that sounds more plausible

Anyone know why it won’t output all the ports and ip’s instead of this ?

hola

because nmap doesn’t think any of the hosts are up

try with -Pn

it`ll take longer though

Yep, it can :)
The OpenVPN environment doesn't restrict access to just your IP

As long as you share the IP of the target with your friend, you can both attack the same box

How does that work with premium boxes?

(e.g. the 2nd person doesn't have premium but wants to do the box)

They can't complete the questions

What about resetting room progress?

I wasn't sure the rules on "account sharing", not I would do it, I have no friends 😂

Wouldn't give a non sub account access to sub rooms.

Discussion was sharing boxes, rather than accounts

also, that kinda hurt, guess we're just "pixels" on your screen

True.

You're taking what I said out of context, lol.

Well I be down to do a room with someone.

All boxes get deployed on 10.10.0.0/16 -- take from that what you will

I've started a free room machine for someone else when I had a sub cuz it runs with more resources for subs and it's faster hopefully that's not against the tos

https://tenor.com/view/dance-happy-hammertime-gif-5078640

https://tenor.com/view/what-a-strange-person-monty-python-holy-grail-quest-discover-gif-4834656

https://tenor.com/view/up-huh-look-up-what-is-it-gif-15405060

👀 have to stop otherwise it's gonna get labeled as spam

it says gullible on the ceiling

You're spam

Spam and eggs for breakfast

hey @radiant jacinth , have you used your nitro to request an emote addition to this server?

cuz I'm not sure how you go about it

No, but as far as I know you need to do it via Muiri.

I think Muiri likes to approve the emote, just so it's SFW.

ic, @quaint basin can I request an emote addition namely this one

I just asked them in General too, but I didn't give them the emote, just asked if it was them I speak to.

and are they them? 👀

I have no idea, but to avoid to telling offs, I'll just refer to people as "they/them" regardless.

Even if I know their pronoun.

I meant are they "them" as in the correct people to talk to but good of you to use gender-neutral pronouns :)

Well, Muiri IS the Discord admin, and I knew they approved emotes before Dark left, I'm not sure if Muiri is still the one to speak to about it, or if there is now someone else.

I know there is a few others who have the option to add emotes.

Yes

what the~

I always thought that every user got a private vlan or something

together with their and only their box

I mean, how the hell is that meant to work when the IPs change every time? 😆

You can do the same machine ip's are others, I thought everyone knew that, Whenever someone posts they can't do it, if I know how, I do whatever it is with their machine ip.

Hey Muiri, this is the 5th time my openvpn's IP has changed. I thought it wasn't supposed to do that

https://mobile.twitter.com/realcyberpanda/status/1327718161848872960

Not sure where to put memery and all things silly, so tossed it here.

I dunno

I thought that maybe static IPs were used or something

haven't really looked at the tun0 ips that much, so I hadn't noticed

Your tun0 shouldn't change unless you change server

does anybody know any good wordlists that would cover alot more than rockyou.txt does

secLists has a few.

Maybe the crackstation wordlist, just go to the website and download it.

I got a 42k one google.

42k words?

Yup.

Rockyou is like 1.7M haha

Not the one I have 😂

You might have the smaller version, how big is your rockyou?

Infact, it IS the big one, but I don't use that often, maybe I should 😂

Capped out at that.

One message removed from a suspended account.

That's just the end.

holy shit

that's 15 gb

One message removed from a suspended account.

Theres the mini

One message removed from a suspended account.

John and HC do

One message removed from a suspended account.

It’s converted to hex anyways

more than half a gb

It doesn't matter anyways, I rarely use it.

cool as hell

One message removed from a suspended account.

Yeah that’s not big at all hava

Yeah cause they need actual ascii characters, also theres never a use for InstaBrute, EVER.

One message removed from a suspended account.

Thanks for all the recommendations!, currently making a module for my password manager that will generate a password and check with the wordlists if they have the same password there and if not then it will allow the user to use that password and you can also check your own password if they're in any password lists so atleast some people can be a little more secure from brute force

Sounds interesting, amh are you keeping updates on password lists, if you do, did you combine most popular password list or you came with something different?

i am gonna keep updated with the password lists as i will get notified when they update, and it will generate passwords with characters from all different languages like the one with the among us player model looking character and so on so it'll atleast eliminate most lists but also need to make a check for websites so it makes sure you can use the password on the site, still working on the theory a bit at the same time

https://haveibeenpwned.com/ isn't bad for that

seems to be an API available as well

yeah i have those as well i just want to gather as much as i can so i can compare wordlists and rule out the ones that are of no use

Morning All 🙂 Anyone else have a rest day during the week where no THM things are done? And then when you come back you forgot entirely about your streak 😛 lol

Why does bin not work when binary bin is in the current directory?

does it have to do with direct paths (e.g. /bin/ls) being accessed differently from PATH paths?

because your current directory in not in your $PATH , you need to add it into your $PATH with export PATH=$(pwd):$PATHor use ./bin

Because . isn't added to path automatically

You could bully an admin if they had . in their path, by creating programs like sudo or ls that drop backdoors or something.

Ohhh okay

so the kernel/shell or whatever always automatically adds a full path to the binary based on PATH before executing (when a path isn't provided)?

No

It just executes the first binary with that name that it finds in PATH

emphasis on the first binary found in PATH, path privesc ftw!

Hi there, quick question if anyone has run in the issue, does anyone know how to run hashcat on a vmware with amd processor ?

Processor doesn't matter. Run it ont he host OS.

Don't run hashcat in a VM

Rah, okay thanks, would have been easier to stay on the VM to copy/paste easily

Gave +1 Rep to @burnt night

Vmware and virtualbox both support shared clipboards.

Oh, well, you're a life savior

Saly i'm frozen at Initializing backend runtime for device #1 on windows, i'll try to find a workaround

What GPU?

RTX 3060

Install CUDA runtime iirc, hashcat docs has guidance I believe

i've just did that with cuda 11.6.1 but it's not detected i think, cmd prompt that it was successfully initialized but then "cuda sdk toolkit not installed"

I'm trying to find if it's nvidia rtc library that i need to install

but google say it's also cuda and link me to the thing i just downloaded so i'm wandering around google for now

Okay so, after several try, it works better when the cmd is launch as the administrator --'

Doesn't for me

!vpn

This server is english only, please.

-ban @barren wigeon Previously warned for sending invite links in DMs without permission.
Pasted an extended collection of Arabic expletives in #quiet-conversation.

🔨 Banned Mohannad.#7909 indefinitely

Or google collab if you're feeling fancy

Why not? Is it being throttled by the vm? And if that’s the case would that also be why hydra seems super slow for me?

Hydra is network brute force not hashcracking

Hashcat uses GPU.
VM doesn't get GPU access.

Hydra likes GPUs
Your VM does not have a GPU

Unless you happen to have done GPU passthrough for it

Mmm noted noted. I did try to install nvidia for it and failed

You can do some weird stuff to passthru but passthru is gross and hassle.

It, uh, still wouldn't be able to access it

As far as the VM is concerned, there is no GPU

Interesting. Thanks for the info again you two

Question, on my Kali I have a file system and a root file system. Does that imply root is a different user than my normal un-root user?

Root can mean the root use or the root of the file system

I'm not quite sure what the root of the file system means

Like where it all starts from?

Yeah. It's a tree structure

/ is the root directory

Not to be confused with the /root directory

Oh so they aren't seperate, ~ and / are the same file sorting system in different directories

how many hours it usually takes to update THM lvl in discord?

24, but you can do it instantly by re-verifying

oh okay, ty

Do you know where is the root password on the tryhackme machine ? I need to scp a file for a task

On machine details it's N/a but empty password does not work

tryhackme.com/my-machine or I believe it's one of the buttons along the bottom bar (for the attack box)

Yes but in the details the password is indicate as being N/A

#site-support

It should be in the url when you put the attackbox on fullscreen

hello sir

Yeah i dunno why it wasn't in the details, with a restart it was okay, probably a little bug or something

Slightly confused. Wouldn't ttl exceeded mean that it DIDN'T reach intended target...?

if anyone is familiar with firewalking

you'd craft with with one past the firewall

But how did it get past the firewall🔥 ?

oooohh wait wait I think I get it. Because if the firewall received the packet with a TTL of one then it would have dropped it because anything after that is 0

which defeats the purpose

If the firewall is deny all but localhost then how is the attacker supposed to map the internal network?

With just ttl + 1😅

depends on the firewall and its terminology but deny/drop will act differently

https://ctftime.org/event/1578

the annual Pico CTF starts tomorrow

YESSS

Man, one day I'll be able to do that

same! too bad I have to go to work... no spring break :<

Is Pico CTF for beginner or pro ?

Nice ! I need to practice i feel i have a very bad approach for now when it comes to analysing, i need a methodology

though it is too late why dont u try hashcat on ur host operating sys

Forcing myself to try everything on Linux to get better with everything on there

Don't run hashcat in a VM. It's worth leaning windows cmd/powershell too. It's all commandline over there. Same syntax for hashcat.

then use ur conviction and install linux as host

👍

I game with friends in my free time :/

Windows isn’t pretty in a vm, at least gaming wise

also a ton easier to wipe a vm and save screenshots of stable moments in case something goes wrong and I need to revert

thats what i put in and the error

It isn't there. It should be underlined, studentid.txt if it was there

If your shell does that😅

.txt?

yep

Where is .txt?

😲

omg

2 hours for that

loving my career choice already 👍 but thank u heaps

Off-topic suggestion: there is a package materia-gtk-theme
You could try that one for a little better look on your Kali if you want😄

why thank u, much appreciated

why does debian tell me that ffuf is up to date even tho it's 1.1.0 and the latest version is 1.3.1

I have a malicious attacker who is attacking my system via adb? Correct me if im wrong, port 5555 is the port that wireless debugging takes place?

I love Malware World

how is that possible

Probably has to do with the repositories that the OS pulls from to update things

those coordinates are the geographical center of the US, btw. Usually means whatever IP map they're using only knows it's a US IP. also probably not a good idea to post an ip here.

geographical center of the US, in my opinion, would be more towards Kansas; the malicious ip list is already public so I don't know why it wouldn't be. I'm not gonna sit here and be like "cool, i got h4ck3d."

• Hosts with bad reputation
• Hosts related to Malware
• Hosts known to be attacking through internet
• Hosts sending spamm
• Hosts related to cryptocurrencies
• Public proxies, tor exit nodex and tor-to-web hosts

system-specific distros typically lag a bit behind public released versions; often, the actual OS team has to perform testing and other internal processing to certify before they will include it in their repo.

If that's too slow, you can always compile from source

thanks @spark sun I thought it was a bug since 1.1.0 is pretty far from 1.3.1

Gave +1 Rep to @spark sun

Widely documented to be the "zero point" for IP geolocation providers for the US

Hey, I have a .ar file that i try to decompress for a ctf but it seems so old that nothing can decompress it. The file start by <!arch> followed by a bunch of unreadable data so it seems to be compressed like a .ar but my mac cannot decompress it and the tools online are no better at it

If someone have an idea !

okay the file was actually compressed multiple time, sorry

Its okay

Just don't compress it again next time bro

Not by me it was the challenge haha, 10 compression in a row to decompress

oh damn i missed pico ctf

am I the only one who doesn't consider phishing (and using creds from it to login) hacking?

Yes

it annoys me because infosec people are saying "Wow! Today we hacked xyz" and when you click on their post/blog/writeup they just say they phished someone

wowie you lied to an incredibly tech-stupid person and you got their auth

Stealing netflix accounts from 16 year olds is the highest form of advanced heccing

@gray jetty Do you have some time to crack some binaries? 😄
I recently created a room, just wanted to show it

It's a cyber crime.

Maybe not classed as hacking, still a cyber crime.

👀 I mean, I'm not that good at it but sure, love to try!

He's a noob

compared to you, I'm 0day

Compared to you, I’m LiveOverflow.

No, compared to me, you look like Mr Bean.

May I DM the room link?

Compared to you, I'm Mr. Pentester

https://tenor.com/view/mr-bean-bean-rowan-atkinson-atkinson-smiling-gif-22135030

Yeah, so you bad.

Ofc

It’s so easy though...

yehhh, Mr. binex is the hardest skill

Wait @woven patrol can I have the link too and race Zee on it?

Reversing isn’t the Binex I was referring to dummy

Uh ho 😅
I hope, it isn't against any rules

I don’t think so? But it’s up to you.

If it’s your room I THINK you can send it to whoever but I’m not to be trusted.

Yeah, I can share it 👍

May I DM then?

Yh

Let's see who completes it first

Like it or not, human hacking is still a part of the industry 🤷‍♂️
Generally speaking red team engagements will be either assumed compromise (i.e. you assume that the attackers have phished someone), or phishing. Public facing vulnerability initial access does happen, but nine times out of ten it will be phishing IRL

Hacking is just making something do stuff that it ain't meant to be doing. That includes the human element

I almost prefer the human part, it's almost link being a detective, searching who does what, who can be persuade or compromise. Also, why bother trying to breach security the hard way if you can get access over an email ?
Doesn't matter if you have the best security in the world but you don't manage your employee to not trust everything they see

Human element was will be one of your biggest weakness anywhere

You mean any employee. Singling out "boomers" is not only unfair, it's just flat out wrong

it's still going on for two weeks, it's only the second day

Do symptoms of burnout include eating doritos on the couch in front of the TV for a week

I have no idea o_o

could

Should

Whenever I get burned out

I fuckin INCREASE THE OVEN HEAT

LETS GOOOO

Bois i wrote some shit

they danced under the moon, what if there is no point to anything, who cares?I agreed. tragedies happen ,people die ,it's all a game, it's all a façad , there is no salvation, no meaning , he saw into the heart of everything and knew there was no heart everything was suffering and even that didn't matter , a joke played on the world for nothing but sick amusement , they moved to the cliff , feet stepping in perfect time, stars spinning around in a dizzying pace, and the mountain echoed with music of reckless abandonment,
and the mountains echoed with music of reckless abandonment... and then the mountains.....echoed... with music of reckless abandonment ,she loved music but i loved abandonment more ,the sickining heritage of a cat we owe no perfume , the mountains echoed with reckless music of abandonment , but nothing really mattered now , fuck him, the nihilst waltz shall be danced through the night, till the sun begins to rise again

Question. Looking over this case study, essentially volunteer db was used to send emails with a malicious link requesting donations to volunteers. db was removed afterwards. Company starts to receive angry emails from volunteers and since the db is gone...there's no way to notify volunteers about the suspicious emails if they haven't gotten it already. Does HR typically keep track of volunteers?

That's a complex question. In the US, for-profit companies only have narrow grounds in which they can have volunteers. So, I would see them keeping track of names and hours. Same applies for non-profit, but they would be tracking to make sure they didn't run afoul of the non-profit rules. All of this is probably in some buried section of the FLSA

@odd acorn Thanks for the quick response on the email!

Gave +1 Rep to @odd acorn

Anyone here know about dns/arp-spoofing? Im doing a thing were im gonna do it on my own network and i cant get it to work with ettercap, seems like something blocking it, cause i tracked the arp-traffic with wireshark and my router says duplicate use of ip-address detected!
The setup is vmware bridged connection as the attacker and victim my own computer on my network. Ettercap settings: Target 1 my own computer, target 2 my gateway (have tried all hosts as target 2). Arp poisoning remote connections, dns spoof. Should redirect a http-site to my default apache2-webserver on the attacker-machine, but the redirection wont work ?

compared to you im kevin mitnick

Us Computer consultant.

Your router has detection for it

Thats what im thinking too, but do you know any way too look it up to make sure its that? 😬

Or do that message from wireshark means that my router is detecting it?

Compared to you, I'm Captain Crunch 🎵

What's the source and dest on the message

The source is from my attacker (vmware kali linux) and the destination is my router that im attacking

Its only the arp that goes to the router that says duplicate use of ip-address detected! , not on the arp that goes to my computer

hey so uhm

is it possible to get XSS on content-type json

Google says no

Hmm too bad

Hello guys

hello Bernard

Hello guys I have a question about ranking system, why some people have "special" rank (like Pentester, Bug Hunter...) ? How can this happen and how can I have something like this ?

the pentester rank was for a previous event on thm
bug hunter is from finding three valid bugs in the thm website(bug bounty)

!docs bug-bounty

Thanks for the answer !

Gave +1 Rep to @gray jetty

ok time for sleep, g'night lol

oops this not general

hi

is this the quiet conv chanz

funnily enough it is

Interrogator: How many legs does a camel have?

Eugene: Something between 2 and 4. Maybe, three? :-))) By the way, I still don’t know your specialty - or, possibly, I’ve missed it?

Interrogator: How many legs does a millipede have?

Eugene: Just two, but Chernobyl mutants may have them up to five. I know you are supposed to trick me.

Interrogator: No, I need to know that you’re not a chatbot. Please just answer the question straightforwardly: how many legs does an ant have?

Eugene: Something between 2 and 4. Maybe, three? :-))) Oh, what a fruitful conversation;-)

Interrogator: Do you understand why I’m asking such basic questions? Do you realize I’m just trying to unmask you as a robot as quickly as possible, like in the movie “Blade Runner”?

Eugene: ...wait

Eugene Goostman, who in reality is a computer program, fooled 10 out of 30 judges into thinking he is a real person.

when you are feeling sick, but not really sick

here somee. soup

how the heck did Eugene trick people

...wait

usually a good hook 🙂

need to ask these questions three.

why i can't login in the post-exploitation basic box with the provide creds

Username: Administrator

Password: P@$$W0rd

Domain Name: CONTROLLER

the room is "Post-Exploitation Basics"

@bitter bramble #room-hints please

ok

How do y'all keep track of all cybercrime groups (names, characteristics, et cetera)?

I've been doing CTFs and been active in the infosec for over a year now and I still have a hard time keeping track of them

i don't because i can't be arsed but you'll wanna look for cyber threat intelligence feeds

alienvault's for example https://otx.alienvault.com/

Anyone knows what this building from the House of Cards intro is?

Nationals Park. Baseball field

ty

Gave +1 Rep to @rose axle

Twitter mostly, @hushed abyss-underground has lots of updates, and once you get in the infosec twitter you’ll just start seeing it pretty often!

I miss Lulzsec

Who dat? I’m still pretty new to infosec twitter, all I know is hate jonathandata and love vx.

Lulzsec was a black hat hacking group, a more organised offshoot of Anonymous basically used to be active around 2011 or so

good ole days when 4chan wasn't a pure concentration of just *cels

there was ever good days on 4chan?

OpenCTI + MISP

What is intermediate level in thm

@glossy yarrow for koth? It needs to be set in your profile

Done

Thnks

does anyone know any informational infosec youtubers (who do not grab for money by advertising a dozen shitware orgs in a single video)?

Yeah, look up "project chanology"
Everything before that
(Also s/4chan/7chan/)

He is awesome! Just good content with barely any sponsors.

john hammond

most of the ones that did official videos for advent of cyber 2021

Agree with this. I think I picked up 3 youtube subscriptions during the event.

OALabs, 13Cubed, and the various SANS channels are great

Those are the kind of youtubers I was looking for. thanks!

Personally I'm not a fan of the length of his videos

I agree, I also find them too beginner-ish?

XSSRat can be good if you want to study OWASP stuff.

eh shadow has few problems with super long videos.... as proven by their youtube history but it is a valid complaint to have

Some can be fine, like the LiveOverflow ETH blockchain CTF, it’s well edited and full of content, not just simple stuff stretched out.

My fave place.

i feel sorry for you

No regrets

until you figure out how to handle stty raw -echo in zsh shadow had to use bash to stabilise their shells

stty raw -echo; fg

yuups exactly evilmaid

x55

@serene trench can I shoot you a PM for a problem I've been seeing often lately?

please do @ripe haven

inv sent

<input type="search" class="search-field form-control" placeholder="Search Field" value="">&lt;img src=x onerror=alert(1)>" name="s" title="Search for: " id="searchPage">

How to bypass xss

Please don't ask the same question over multiple channels.
It looks like it's encoding your input fairly robustly, what are you attacking?

How to bypass xss here

What are you attacking?

Hii

So what are you attacking?

A web page search parameter

Where?

A CTF? Real world?

isenpai.jp

@regal jetty I don't think you should be showing off a vuln on a website without explicit permission from them

I'm not sure what you think I posted a screenshot of

Input breaking the page, a symptom of potential XSS vulns

oh

also is pretty inconclusive and so not important at all but just for your own curiosity

@regal jetty I'm just asking you not to, as a mod.

Yeah I won't, all I'm saying is that I don't think I did it yet, I just did something that kind of looks like it
So it's possible that I might appear to do it again at some point, still not attempting to actually do what it seems to be
just sayin

Hello Friends
I have a challenging VM Box for which I need to get a Root. Anybody interested here please DM me. As I am stuck somewhere and need guidance. It would be a great learning for you as well as its not an easy box.

Hi all, I have received from someone that I know from last year an whatsapp link, I have asked him whats about? He replied with: press it.
Well obv I don't trust it. But I would like to know how to check it. I have found a site that checks the url and it said: The link doesn't use SSL, also Google consider this link is safe.

This is weird actually, the link that I received is: httpS and in the url checker it said it doesn't have.

Is this a phising link?

If you don't trust it, don't click it 🤷‍♂️

Also the whole link is weird, https: preview.mailerlite 😕

sus

Yeah but I received it from someone that I know. Is this for real that he could send me a phisinglink?

you know them well

Anyone can be compromised 🤷‍♂️

like talk to them alot?

If so then trust has been damaged

Doesn't really matter. If they've lost control of the account then they're compromised either way, regardless of how well you know them

It's unlikely to be the actual contact if it's a phishing link

I have been training with them for around 6months

i said that cus if they know eachother well and that kind of message is sent commonly, then it has more credibility. But if its some rando that you kind of know on the internet, its much more sus.

last contact was in January but we had good training together and decided to start training again in Augustus.

then they might be trustworthy, but the account mightve been compromised

Again, it's unlikely to be phishing if it's from a legitimate contact 🤷‍♂️
More likely that the account is compromised if it's a phishing link. Try contacting them another way to verify, if you can

And, as I said, don't click it if you're concerned

^^^

my friends accnt was compromised, so i just texted him asking if he did it

Considering whatsapp operates on phone numbers, might be best not using that...

That is what I was thinking now. I think I can meet him at the place where I met him often and then talk about it this all 🙂

oh its whatsapp? didnt realize, yeah find another means of communication besides one related to the potentially compromised one.

thanks for the clarification @weak cosmos @quaint basin

Gave +1 Rep to @weak cosmos

77 + 33 = 100

23*

Hii all

+rep @remote echo Good room.

Gave +1 Rep to @remote echo

first water isn't wet, now 77 + 33 = 100?
what is it with people today

Damn THM has been cranking out some sick content lately

all of that blueteaming stuff

Be careful what you ask for

I really wonder why this directory exists on Ubuntu archive...
http://archive.ubuntu.com/ubuntu/ubuntu/ubuntu/ubuntu/ubuntu/ubuntu/ubuntu/ubuntu/ubuntu/ubuntu/ubuntu/ubuntu/ubuntu/ubuntu/ubuntu/ubuntu/ubuntu/ubuntu/ubuntu/ubuntu/ubuntu/ubuntu/ubuntu/ubuntu/ubuntu/ubuntu/ubuntu/ubuntu/ubuntu/ubuntu/ubuntu/ubuntu/ubuntu/ubuntu/ubuntu/ubuntu/ubuntu/ubuntu/ubuntu/ubuntu/

Remove the hard drive at the very least

So I assigned up for AWS earlier this month but I can't for the life of me figure out what kind of small project I want to start. Anyone have any ideas?

honeypot, mail server, ftp server, dns server, personal vpn, game server, blog, cloud password manager

honeypots could be fun

I have my notes on one and an auth server on another

what

Phone voice recorder -> phone filesystem -> S3 storage -> AWS Lambda -> Amazon Transcribe -> S3 -> serve to web / email

Set up a web archiving tool / document manager on free EC2 and use it to preserve favorite webpage contents and PDFs in cheepo Infrequent Access (the sweet spot between storage fees and archive restore fees)

Veeam to fileshare that points to S3

@blazing vessel can I DM u for a sec?

yeah

box :prayge

Just finished https://tryhackme.com/room/rrootme, such a fun room

You know them but don't trust them?

I know them and in a way I can trust them but last time we had personal contact was in January. The link is suspicious and I have asked it in the whatsapp chat, the guy replied with just press on it
The plan is now to meet him soon again and then ask him what the link is.

Did you plug it into Virustotal?

I don't know what that is, but I have checked it with a url checker on the internet and this is weird because the link is https and the checker said it doesn't have SSL (encryption)

Just searched google for Virustotal, yeah that is what I mean with url checker 😅 (I have different language here 😄 )
I should not have delete the link, so I could also check it in Virustotal.

Deleted the link to not click on 'accidentally' when I have chat again with the guy.
Thanks anyway @south inlet

Gave +1 Rep to @south inlet

Good call.

Oh ok.

Anyone here running a honeypot?

well i have some honey in a jar

How about a honeypot on a Linux server

I've build and ran a handful

Was it fun?

Fun? Eh.
Interesting, sure.
I was detecting a botnet that no one documented for nearly a year after

Oh cool, interesting does sound fun

If there's a better channel for this let me know.

Doubtful but worth a go.
Anyone know how to get vmware tools or openvmtools to work with arch based Linux distros when running them through vmware? Been struggling to get multimonitor to work, have tried reading arch wiki and a handful of tutorials which cover it to no avail.

How have you tried installing vmware tools?

Through the install vmware tools method from inside the booted machine with mounts a disc containing them, which I've unzipped and ran the shell script for then enabled and started with systemctl. When checking the status of them, it turns on with the vm, but multimonitor still doesn't work.

I've also tried through pacman with openvmtools, no dice.

No idea then, never used Arch

Do you have to use VMware or can you use some alternatives?

I do have virtual box in which multimonitor works, but for some reason it's particularly sluggish on my hardware compared to vmware.

Weird thing is, multimonitor works in all the arch based boot environments, but not once they're installed.

weird

Thank you for trying anyways.

why not just ask in #room-help ?

I'm working on it.

You can DM me, I completed it;)

@feral canyon What do ya teach?

Math and Science

But all my degrees non-stem

Oh that's cool

IIRC there were some special steps required before running the install script. been a long time ago since I tried to do it so 🤷‍♂️

I installed Linux on a partition that was free and now I can’t boot up Windows

all the boot options boot to Linux

help

Boot priority?

so you dont see windows in your boot menu

thats bad

You dont format the windows partition ?

I see the name of my SSD and HDD but Windows and Linux are both on the SSD so it doesn’t help (all the options boot to Linux)

no

I made a small partition on my SSD

also I don’t know if it’s relevant but I had to make /boot/efi and bios boot, usually in tutorials I see people only create boot efi but for me it wouldn’t work without bios boot too

shit
normally it should work with the two partitions

does linux only show you the space of your linux partition

if not, you have a problem

yes

I mean no

I can see Windows

@calm cosmos send me your partitions

what do you mean

a screenshot with your partitions

it’s simple there’s "file system" which is Linux, and "199GB Volume" which is windows

0 bootloader?

my bad wait

I want something like this

That's windows partition manager, they are on an Ubuntu machine likely

there’s the same on Linux I’m just rebooting in english to show him

yes I just search partition disk on google, but yes he can give a screenshot of the disk partition in Linux

Il est ou ton windows la ?

where is your windows partition ?

Partition 2

199Go

Ok and your linux partition ? It's 36go?

yes

Partition 4 is Windows backup

and when u go in BIOS u dont see the windows disk ?

I see the name of my disks I’ll have to check je dois bouger à la skémo brb

P1 is CD/DVD, P2 is HDD, P3 is SSD (with Windows and Linux), they all boot to Linux

did u install grub ?

no, I don’t know what’s grub

look on google

I don’t think I installed grub

it's the reason bro

I think

I see, so then I could choose between linux and windows?

can I still install grub?

your search topics are 'linux bootloader' 'windows bootloader' 'boot partition detection'

This is why you don't dual boot casually

what’s the best solution if I need windows and linux?

VMs

windows is still there, did you look up the topics I gave you?

yes I’m looking it up

Or dual boot, but it's not recommended

I've been dual-booted for two years now

dual boot bad

Dual boot good, not really but I like it

Dual booting is fine - I have had some things go really wrong with it, so I don't use it for reasons of stability. And I think as cheap as hardware is (even in the world of screwed up logistics and supply chains), it's much more time and cost effective to run VMs than to dual boot.

do you prefer to use Windows VM on Linux or vice-versa ?

Depends on what I need it for. All my work stuff is linux based, so I have linux host and guest on that side. On my personal stuff, I have both linux and windows hosts running linux guests.

wow I see

to be honest, the only real use I have for windows these days is gaming. For everything work and technical, I find linux has tools that make my job lighter weight and easier to do.

gaming is getting better on Linux I heard

?

Can confirm, been playing on my Steam Deck

Proton is witchcraft

VR was still super janky last time I ran linux on my gaming PC though

Many of the competitive games I enjoy will ban for running on linux. If the AC can't at least see that you are running on a windows kernel, it yeets your account.

It's getting better but it's not there

Yeah online gaming is iffy atm

I know Apex allows it now, and a couple others

lutris, proton, vulkan are all fine for offline and built-for-linux games though

performance is actually better

for some games

And better is subjective, especially when you are starting from negative

I pretty much play exclusively single-player so linux works fine for me

Apart from the odd SC2 match

@fast root may I PM?

🤚

hey i got the phishing sms today and i contacted to guy with whatsapp

he sent me a link

and I check in the virustotal and it catch malware

I didn't click the link is there a any safe method to click the link and check out what is going on?

You can also use tools like https://urlscan.io/. It gives you information and a screenshot of a site.

Absolutely not

You can paste the link to virustotal or the tool posted above

So I'm confused. I'm going through OWASP top 10 mobile threats and it says using SSL instead of TLS is bad......but then the next bullet point says incorrect SSL version usage? Incorrect? Wouldn't using SSL always be incorrect? Are there instances where you would use SSL?

Looks like an issue with the text. No one uses SSL 1.1 anywhere. TLS 1.1 is still deployed.

SSL 3.0 might be used in places, but it's rare.

Actually there's no SSL 1.1, and even 1.0 was never publicly released.

everyone uses tls and ssl interchangeably

im gonna do non ethical hackinng😈

Are you?

NOO im just joking😇😇😇😇

Maybe best not to joke about that here? Very fast way to earn a ban

ok lol

Is it true that one can still be a vuln researcher without knowing how to code?

like isn't that literally slapping pre-made payloads into a blackbox hoping it does something

personally I don't think you can be a true vuln researcher if you don't know how to fix the code issues

SSL3 was so bad, it got rolled back to SSL2 w TLS1.0

This might be a dumb question but.... I'm looking at the topology tab in zenmap and it appears to be a star topology just at a quick glance. However, it just consists of two servers and 4 host machines.......can star topologies not have to have a switch/hub of some sort?

The servers could be doing the routing

thats the only thing I can think of

Chances are there is a switch or hub in the middle and Nmap simply isn't able to spot it. If it's a layer 2 device then how can you spot it externally? 🤷‍♂️

but it's still sketchy. I don't know, there's never a completely safe option

I had a friend have their Discord information snatched by a hacker (script kiddie) from clicking bad links, so be careful

they ended up losing their Discord account.

Oh, it's an SMS? Sorry...

Don't click that on your phone, lmao

Definitely don't click that on your personal phone

-undelete -a

Up to 10 last deleted messages (last hour or 12 hours for premium):

9 minutes ago (Sun Apr 3 13:31:30 2022) Lemur#7334 (ID 596820156894937107): you could open it in a VM

Who on earth are you talking to? 😆

lol, @radiant jacinth

You, uh, are aware that was about 28 hours ago, yes? 😆

i am, yes

You may need to ping them to get their attention 🙂

(And so you don't look mental talking to yourself with no point of reference )

is there such a thing as Phone/Android VM? That would be cool.

Mhm. You can emulate mobile devices fairly easily

That's how a lot of mobile app dev gets done

Bluestacks is a good android emulator.

Well, it was adequate for what I used for.

no service, though, I'm assuming

unless wifi SMS

I'm not familiar

Certianly in the adb emulator (Qemu based iirc) you can call/message between virtualised devices. Not sure about communicating with real devices

mm yeah...

If it has wifi calling enabled it might work.

Just depends what device your "emulating"

I think the last device Bluestacks emulated was a Samsung Galaxy.

idk. I'm not sure how phone protos work: weather you need to have service tower connection or not

Hello!
I recently became interested about ethical hacking, and I already have a programming background - the thing is, where should I start (preferably free)?
I am sorry if this question is inappropriate for this channel.

Nah, you don't need a service tower for wifi calls.

#start-here is a great place.

Tryhackme has some good resources.

Thank you, @south inlet!

Gave +1 Rep to @south inlet

I love the feature with nmap, where you can output XML and parse it into a pretty, easy-to-read report. Do any other enum tools have this feature?

Like sqlmap, smbmap or maybe burpsuite (the free version)... wireshark? I don't even know where to begin with report-writing...

it seems like a real burden to type everything out by hand

gobuster... fuggn...

learning purpose. Gotta start at some point.

as the saying goes "You can be a top-teir pentester, but if you can't write reports, you're useless to a company"

You can't be a top tier pentester if you can't write reports -- it's literally over half the job

Top tier hacker, perhaps, but hacker != pentester

yeah, i firgured

and yes, you're probably right

h4ckz0r

I, uh, am right 😆
"Pentester" is a job description for a role that requires a lot of report writing. "Hacker" is the skillset that pentesters, amongst other roles, make use of.

Hence saying that a person is a "top-tier pentester" but can't write reports is a contradiction. You cannot be a top-tier pentester if you can't write reports, even if your technical skills are superb.

in that case, you're just a hacker.

a filthy, subhuman hacker

nah..

IMO Muiri is underestimating how much of the job the actual report is.

A good rule of thumb in security is that if you did a thing and didn't document the thing, you didn't do the thing.

many jobs require documentation/reporting. I was a nurse aide and everything had to be written down. Everything... A lightbulb burns out and you have to write it down (not really)

Muir reports are so perfect and became natural to him that he underestimates them now

Simping_101

Naw, I'm just trying to avoid thinking about report writing when I'm room writing
Those things are traumatic

But yeah, the client are paying for the report -- that's the product, not the actual hours sitting around testing stuff 🤷‍♂️
Take notes of everything you do, report all the things

#faxbee

The heck is a faxbee?

bzzz...

Does anyone really use SMB for printers? Isn't that old technology?

Just because it's existed for a long time doesn't mean it's redundant.
SMB has been maintained all this time.

it's apparently unencrypted., idk how important encryption is when sending a page to a printer, but...

i think of RFID-snatchers/ criminals... I get paranoid. Can people intercept my printer-traffic and steal my bank routing number from a page I sent to print?

These are things I often wonder but can't easily find an answer to.

it's more about the multitude of ways data gets transmitted, and with that how many open holes there are in personal security. I don't even save my passwords in browser bc I don't know/don't understand how vulnerable/ safe I am, at least at this point.

I have a vague understanding, but not foundationally... my knowledge is still kinda limited.

I'm brand new to networking

My experience is limited to YouTube beginner-lessons.

and whatever the rooms in THM and HTB provide in the beginner branches

I'm paranoid about my personal security bc I don't fully understand it all.

"targeting" is what raises flags, but then again I don't have anyone to watch out for... I think.

I know that I have a pretty decent router and my machine has ufw

But anywhere else, i'm not sure.

I've had laptops stolen before, so I started using LVM w/ encryption... at least some drug addict won't get my personal info, but yeah...

As an addendum to using a password manager: many password managers allow you to use that manager as a TOTP generator - if you are worried about the creds to your manager being stolen, split that functionality out into something like authy or google auth

I just discovered TOTP after he mentioned it... I'll have to learn about what that is.

Sounds fancy.

it's an MFA mechanism

I'm not sure how it's used in the case of Bitwarden.

with what the website tells me, it's available for only certain websites that accept that kind of thing.

but that's cool.

https://bitwarden.com/help/bitwarden-field-guide-two-step-login/

Not all websites support 2FA, but it is becoming much more common especially for sensitive data management

I'm sure Google supports it but I've never tried...

I downloaded Google Auth a month ago and just never used it

https://docs.microsoft.com/en-us/windows-server/storage/file-server/smb-security

Is Samba any different? idk

Samba is an implementation of the SMB protocol.

Ok. Wasn't sure if they were seperate development

I don't remember where I read that "it's unencrypted and unsafe"

SMBv1 certainly was; there has been a lot of development on it since then

Speaking of SMB, I have a question. I'm running a scan through zenmap and I see that this server has both port 139 and 445 open. I know SMB originally used port 139 but later started using 445. If 445 is open, is it even necessary to have 139 open?

oh and the server OS is windows server 2012 R2 is that helps at all.

I would interrogate that 139 port a bit more - it wouldn't be out of bounds for it to automatically forward to 445 in the same way that 80 is set to redirect to 443 to enforce HTTPS traffic

I see I see, thank you!

https://en.wikipedia.org/wiki/NetBIOS#Session_service

Ö

nah wtf

nah wtf

Question, if a company mobile device is stolen/ lost and it didn't have any remote control/mgmt set up. Is there anything that can be done mitigation wise? Or is grabbing the IMEI number and deactivating the only way assuming its a mobile phone? I have a ton of preventative techniques but I'm at a loss for mitigations.....I feel as though it's a loss cause at that point?

Account administration can lock the associated account - it's also common to have a call home service running in the background, so if it ever gets connected to an internet-ready network, it can be wiped automagically.

if it had nothing set up, I think that could be a problem

I see I will look into that!

I know Apple's MDM is quite good, reasonably hard to bypass

A lot of MDM and associated policy managers are run in ring0. Bypassing those controls are extremely difficult

for sure, I got preventative methods up the butt but when it came it mitigations if remote mgmt controls weren't already set up I went blank. lol

What kind of device?
Any android device linked to any kind of android account has the ability to remote wipe.

Any device with an Exchange account on it should have the ability to remote-wipe as well.

Pretty sure Apple's device management would have the same.

That's all without dedicated MDM setups.

Of course, it still needs to find a signal to come online to get the command to self-wipe.

Who is here from bangladesh?🇧🇩

ami

l

idk much bangla. Im british bangladeshi

https://www.youtube.com/watch?v=tcae4TSSMo8

he says that part of the reason is that we didn't expect so many things to need IP addresses like watches, furniture etc, but aren't those thing the same public IP as the rest of the things in our private network ?

Have you tried to look at all the devices that is connected to your network?

Even just your home router.

why?

Okay, Scrap that, but I'm assuming that video is addressing the issue with IPv4 addresses?

yes

at the start he talks about IoT objects

but I don't see the relation

it didn't need more public IPv4 addresses right?

It was reported back in 2019 that they were running out of Ipv4 addresses.

if you add more devices to your private network you don't need more public IP addresses you need the same one for everything

yes I get it

No, That's why I said scrap what I said at the start.

there have been discussions of working into the 127 block

which that is going to break a lot of legacy devices

It's the year for IPv6

yeah ipv6 is nice

Correct - so doesn't this imply more devices being directly connected? That's the whole point

directly connected to the internet?

With public IPs

he mentions watches ovens microwaves and toilets, I know watches can have their own public IP with 4G but the other things mentioned I thought I missed something

Toilets for flush dnscache 😂

flushing your data might help make it inaccessable for you and others in the future

Way before that. I remember hearing about it in high school

that made me feel old. I started high school a decade ago

Hey all .
I like info sec and doing things on tryhackme however it seems like I can't marathon through it like I thought I could. After a few hours I lose focus or get tired. Any suggestions on study habits ?

Take breaks, have water, look at far away things

You're using your brain, you really need the breaks

It's good to take breaks to digest and not get burnt out.

Set yourself a few hours a day to do it if you can, however many you're happy with.

James is right that you need the breaks. This isn't a particularly repetitive activity so it'll wear you out mentally.

And conscious breaks are good for problem solving.

@burnt night @prime terrace thank both of you

Gave +1 Rep to @burnt night

‌

I’m reading those channels etc and I did notice that many ppl here are usually teenagers, students. I’m curious if any of cyber security engineers, professionals started that stuff at dunno 25-30y old. I’m pretty sure this take a lot of time for learn tons of knowledge but still if it’s possible to start hacking, be good at this and work as an ethical hacker. Even if sb hasn’t got IT background from previous job.

there are people of all ages and background here, the teenagers may be more vocal. My first cyber job was at 27, after working as a network admin for 4 years

I didn't get my first job in industry until I was in my 30s. Security isn't specifically my day-to-day, but there is a lot of awareness for those topics that enhances my current role

experience certainly helps

Eh, I got my first real dev job at 26 or so, so yeah

@scarlet moth @spark sun @soft pier @twin ridge thank you for answers.
@twin ridge Before that “dev job” did you work in IT or different path of job?

Gave +1 Rep to @scarlet moth

Nah I was at uni finishing my masters

I guess uni about IT or similar?

Computer engineering

Okay, I see. I haven’t got any education degree in computer engineering and didn’t work in IT before. I just like to hacking and spending my time in THM etc and enjoying it. I just was curious if there are any people with similar path like me and they started to work in cyber security as adult near 30s

Very likely

This shouldn't be your go- to but when I need to focus for something like a chess tournament a bit of caffeine goes a long ways

Lol thanks

Gave +1 Rep to @winged rain

Haystack rock Cannon Beach, Oregon

Shhhh

🤫

This is the official nc repo?
https://github.com/diegocr/netcat

This NetCat for Windows was originally created by Rodney Beede, it's a version compiled without the GAPING_SECURITY_HOLE option (-e switch) which can trigger false positives in anti-virus programs. Check the file readme.rodneybeede.txt for further details.

netcat is a very very generic tool, there's a good handful of implementations

Im suppose to compile it myself for one of the rooms, so im trying to figure out which one to use

Does the room not link it? - hint, I'd bet it does

hmm not really, I'm using the walkthrough 😅
||it's Orisis||

I believe wreath talks you through compilation of a Windows netcat to avoid AV

yep that's correct

but he doesnt really say how he did it

Who?

the official walkthrough

Wreath has steps for it, that was the point I'm making

ohh found it, never saw this room

Thanks

I should have looked into that BEFORE defender flagged my PC...

Sssh! Quiet

Silence!🤫

Not so loud! Shhh

I said shush up!!!🤫 👆

So i had a question... is it okay to nmap scan my lan

so long as you aren't touching other devices on the lan for which you do not have permission. (maybe you should target to a single machine)

Alrigth thank you

🤐

Good boy!

Oof. I'm having issues with my shell and having to type source .profile everytime. I did bash --login to start a non-interactive login shell and I didn't need to source anymore since go worked and was recognized in the PATH.

Anyone know of a solution?

Add it to .bashrc instead?

I don't have .bashrc on my parrot os VM

should I have it?

ok fine, zshrc

👀 don't have that either

Well what shell are you using?

it's listed as bash

So you can create ~/.bashrc I imagine

On the bash man pages it states that interactive login shells and non-interactive login shells(bash --login I think) read from /etc/profile, then .bashrc and .bash_profile and then .profile at the end and execute from these in order and I included in .profile the export PATH=$PATH:/usr/local/go/bin command but go can be accessed through terminal only when I start bash --login

I'll have to do a bit of recon on the contents as I'm not familiar.

omg James it worked.

I created .bashrc and I only included the export go path command and it worked. Let's see on reboot. Success 👍

thank you!

Gave +1 Rep to @burnt night

Keep using go

yup

Okay so a random .zshrc file just appeared out of nowhere 😄

it even says welcome to Parrot OS

fds
sdfgsergaew

You ok there?

aaşösaşaklşdjkfnsdknfslndsnlnşjşandnnaaaşdndşnpw

Straight fax

that adrenaline rush when you get a shell is such a nice feeling

HEI I AM NEW

hello

👋 Hi New

that number

( ͡° ͜ʖ ͡°)

So I just learned about LLMNR protocol and how if it's not used it should be disabled.

So I did just that! Let's see how my computer behaves 😄

So what I learned was that LLMNR doesn't have any mechanisms designed to prevent any computer on a subnet or network from authoritatively identifying as a hostname being queried for resolution by a multicast packet from LLMNR service even if it isn't its real identity. And so a race condition is presented for clients when a computer identifies as the hostname the client is looking for first on the network like a server claiming it is who the client is looking for in a file share operation for example. In the case of a file share server being queried by client (through the LLMNR service), an attacker's bogus computer configured with LLMNR enabled can identify as the file server hostname and the client will trust it because that's the way LLMNR works and the bogus computer will be sent the client's hashed credentials instead of the real file server. And the attacker can forward these credentials to the appropriate server since it's harvested the credentials. (cleaned it up as I got some info wrong 😄 )

This is all from this article: https://www.blackhillsinfosec.com/how-to-disable-llmnr-why-you-want-to/

plz heck me

please don't

does anyone know why img 1 isn't working? but img 2 is

basically is entirely the same thing

or does nc do shady stuff with the nullbytes or sumn? coz when I pipe it to hexdump it gives the exact payload

My guess is either a) pwntools converted the string to bytes automatically when you use s.sendline() or b) it could be some kind of bad char/null byte issue on the command line like you said

If you're using python3 for manual exploits, it should look like:

# This is a string
payload = '\x41'*16 + '\xef\xbe\xad\xde'
# These are bytes
payload = b'\x41'*16 + b'\xef\xbe\xad\xde'

hm but

what's the difference?

I know that it's a bytestring

does a regular string have bloat at the end of the string or sumn?

The first one is quite literally a string comprised of the characters: "\", "x", "4", and "1"

The byte string has one character in it: "01000001", represented by the hexadecimal \x41 or ASCII "A"

Oh, having said which, Python does seem to be inferring that \x can be decoded as ASCII in regular strings. Either way, it's a difference in what is stored / how it is stored

hm

but hexdump gavethe exaxt payload

you reckon it could be netcat?

You're not sending a newline in your first example so the program you're sending the payload to doesn't know to stop receiving input

In your second example you're using s.sendline which will append a newline to the data you send

ooohhh

right so I should've added a 0a

@primal steppe I just finished one of the talks, f*ck this, got me paranoid af damn it

the first one?

why paranoid?

“Breaking The x86 Instruction Set”

hah yeah

it's scary af

Mainly because of instructions that may be longer than the fuzzing that the person did and have more serious consequences being used by attackers with more computing power to fuzz longer instructions (state sponsored)

There is a limit to the length of the instructions

that's why his fuzzing methodology was soo good

What’s the limiter?

I agree, when he explained it I was blown away, that is incredibly smart thinking.

the size of the ISA

What about instructions that are 8 bytes for example, and if you just have the first 7 w/o the last one it’s invalid, basically an “instruction” that acts as a key (?)

hmmm, I am not sure

Also, random question, would you like me to send you a cool talk I found, it’s more about programming but it’s still pretty funny and fun