"i have to be right, im always right" type energy

but thx for the info

Sounds like you are projecting

Regarding the ctfs/challenges is that mostly relegated to user submissions in the ctf channel? anything beyond that? I still feel like i might be missing something, or is this community more focused around just the educational segment?

Regarding the ctfs and challenges both myself and @upbeat veldt deal with that ☺️

So would you mind pointing me to the details for how i understand better about whats on offer?

Im only seeing user submissions in CTF, is there a companion site where this is all contained?

Not a site, and I've pinged Trap for this

Yes, there's a few.. there's a server for learning and there's a server for actual competitions. Which one are you looking for more information about?

Ty

info for both would be nice

ty

No problem, I'll send some invites.

right on, much appreciated.

I want to set up Burpsuite professional in Kali

Any resources or way you can give me for setting Burpsuite professional??

buy itt, download it, enterr license keyy and you’re donee

what a magnificient answer

https://tenor.com/view/bravo-applause-round-of-standing-gif-20790999

what if u cant afford it

lollll

thenn downloadd communityy 💜

https://tenor.com/view/dog-snoop-dogg-rabjouj-gif-21804700

what if i dont like burpsuite

use curl

owasp zap

💀

🫠

what if i dont like life

usee zapp or yourr own proxyy

ding ding ding

🔥

mimi knows the methods

thats what i said

reboot itt

can u teach me how

❌

drinkk kofe

whatever

and if i can't afford it

he’s playingg withh you hehe

where did u say use ur own proxy

😔

i’ll buy onee for youu

oh

alrrr

💜

but what if i dont like coffee?

anythingg you likee ill buyy

a kinderegg please!

yayyy bestt

yess <:

best food

i might need to start bug bounty hunting again

i'm running low on cash

😭

whattt @quasi berry

https://discord.com/channels/990435451334688768/1012079751445352518

:saut

🫡

yesss

hackerone era coming back 😔

...Hello

... How is it going here??

Can anyone help me with some python multithreading output? My program isnt consistent.

Can i see it?

Here it is 🙂

q = queue.Queue()
thread_lock = threading.Lock()

# Send dns requests
def dns_lookup(subdomain, domain):
    global counter
    
    try:
        full_domain = f"{subdomain}.{domain}"
        answers = dns.resolver.resolve(full_domain, 'A')
        with thread_lock:
            counter += 1
            print(f"{counter} - [FOUND] {full_domain} - {answers[0]}\n", end="")
    except dns.resolver.NXDOMAIN:
        pass
    except Exception as e:
        print(f"[ERROR] {subdomain}.{domain} - {e}\n", end="")

# Worker to hand dns requests
def worker(domain):
    while not q.empty(): 
        subdomain = q.get()
        dns_lookup(subdomain, domain)
        q.task_done()

# Open wordlist     
def load_dns_wordlist(wordlist):
    with open(wordlist, 'r') as f:
        return [line.strip() for line in f]


def main():
    parser = argparse.ArgumentParser(description='Simple DNS Buster')
    parser.add_argument('-d', '--domain', required=False, help='The domain to brute force')
    parser.add_argument('-w', '--wordlist', required=False, help='The wordlist to use for subdomains')
    parser.add_argument('-t', '--threads', default=10, type=int, help='Number of threads to use')
    args = parser.parse_args()

    killer = GracefulKiller()
    domain = args.domain
    thread_number = int(args.threads)

    # Load wordlist
    subdomains = load_dns_wordlist(args.wordlist)

    # Start dns bruteforce
    with ThreadPoolExecutor(max_workers=thread_number) as tpe, alive_bar(len(subdomains), title="Snooping", enrich_print=False) as bar:
            future_to_url = {tpe.submit(dns_lookup, subdomain, domain): subdomain for subdomain in subdomains}
            for future in as_completed(future_to_url):
                bar()
                
                if killer.kill_now:
                    tpe.shutdown(wait=False, cancel_futures=True)
                    break
            q.join()


if __name__ == "__main__":
    main()

Ill take a look

Thank you :)

Theres no imports

Threading

Etc

dns.resolver

Discord cut me off last time:

#!/usr/bin/env python3
from concurrent.futures import ThreadPoolExecutor, as_completed
from alive_progress import alive_bar
import dns.resolver
import argparse
import threading
import signal
import queue


# Killer
class GracefulKiller:
    kill_now = False

    def __init__(self):
        signal.signal(signal.SIGINT, self.exit_gracefully)
        signal.signal(signal.SIGTERM, self.exit_gracefully)

    def exit_gracefully(self, signum=None, frame=None):
        self.kill_now = True


# Initialize a thread-safe queue
q = queue.Queue()
counter = 0
thread_lock = threading.Lock()

# Send dns requests...

Alr hmm

Lemme try make something and test it giv sec

js use amass

whats that?

a tool

Amass does something completely different

more useful

they do different things

apples to oranges

Amass has a dns option, but im trying to make this for practice

amass has what u need but

using ai to code stuff for u

isn't rlly gonna teach u

amass is for exposure mapping not what he's doing

he's basically making a diy dirb/sublister

it's similar but amass is more for making a map of a network

not really but it helps me find the things i need

what do u need

do some digging on amass enum

Also that's true I would stay away from AI unless you're using it like StackOverflow

I use amass all the time

wdym?

🤔

what tool u guys use to find vulns in websites

okay how could i use amass for subdomain enumeration

depends on what vulns u wanna find

nickto?

You mean like bug bounty programs?

nikto

everything

yea

limit it down

dns option from github:
Brute forcing, Reverse DNS sweeping, NSEC zone walking, Zone transfers, FQDN alterations/permutations, FQDN Similarity-based Guessing

I manually check for Vulns personally

@unreal reef @formal terrace gimme tools u guys use

be more specific

and i'll help you out

me tooo but eats time

to find web vulns pal

automated scans aren't fullproof.

like sql injec

Maybe burpsuite if allowed

I usually use sublist but you can do it via both active and passive scans using the -d and -o switches

yea

what specific web vulns

sqli,ssrf,csrf,xss,dom

Most programs don’t even like automated scanning because of potential disruption

based

okay so why shouldn't the guy js do that

not common to find these vulns

Or they might have a firewall that would block you

u mean bug bounty pgms

?

why would you buy a whole toolset if you just need a hammer

Yes

ykw

nvm.

not to mention we should be encouraging people to make their own stuf

gimme seperate or specific tools if u have

depends what im looking for.

yea need to enroll in one and try myself out

We’re testing on sites if a tool already exists we don’t need to make our own

most of the cases i'd do a manual search

It’s not skidding

u can use shit like owasp zap or burpsuite for pentesting

decent

Yeah I didn't mean it like that

takes time right in case of ctfs

I meant if it's a small task like what this guy is doing making it yourself is a good choice 👍

i dont do ctfs

https://www.acunetix.com/support/docs/introduction/

so bug bounties how much time will it take u usually

Manual is best so you understand what’s happening

depends on the website/app im testing

And potentially find a chain of vulns even

done some labs in port swigger

keep in mind most web scanners only find the most obvious stuff, a lot bug bounty programs specifically tell you not to use the automated scanners

Automatic scanners won’t help that

depends

gimme a rough estimation or average

I’d say scan first with simple tools for low hanging vulns then look on your own

there isn't a average it varies from the security.

pff

okay

and theres not alot of times u find useful bugs to report

so

Yeah the chances of finding a low hanging vuln for a bug bounty is super low

@visual hemlock check you’re dms

^^

if u rlly need smt

burpsuite

owasp zap

nikto

xsser

xsstrie

xssrtike

bruh

xsstrike

but yeah erm

really varies what tools you use

because everything works differently

unless u use obv tools lik dirb

to find directories

or smt like that

appreciate it

umbrax

🫡

i'd lowkey recommend going into application based bug bounties

easier to exploit imo

ofc depending on the person who made it

still getting started will go into bug bounties sooner gimme some time to get good at foundations

bug bounties are a decent way to learn

and if u find smt u will get paid in the process

how did u learn like at begining

would like to know

i'm not gonna lie i was a dumbbass who liked breaking security to get shit for free

my whole journey started w the most basic language

lua

which basically i js learnt how to pwn/crack whitelist systems to get shit for free

this is a very short version of a long story

then after luas comunity died out

i researched more about wl pwning

dug myself into a rabbit hole of reverse engineering

and ye

kinda went on from there

i got a longer version of it

which actually explains it all

if you'd like to know that js tell me

e

incase u didnt see a reply

and the actual story is a little bit more indepth

this is a nonchalant version

gotcha

was dealing with a guy in chat

ima write the full story

cuz like

it's actually informative

IN DMS

y not here

will get flooded if u want u can post it in #1181325513055273090 and i would like to revisit so

hmm

alr

its not a lesson

just a story

how many years u been doing this

?

on and off since 2018

stopped actual pentesting a year ish ago

hmm

6 years

me for 6 months

I began my journey with Lua as my first language, which led me to discover a whitelisting service called LuaGuard. Intrigued, I decided to see if I could crack their whitelist. This curiosity propelled me into the world of reverse engineering, obfuscation, and security. Within two weeks, I successfully cracked a major whitelisting service that had over 12,000 monthly paying users and had never been pwned before. I reached out to the owners to inform them of my pwn, assuring them that I had no intention of leaking the exploit. To my surprise, they offered to pay me for my work, providing $50 for each version I cracked and helped patch until the company eventually shut down. After that experience, I shifted my focus from Lua to general application security. I began exploring vulnerabilities in Discord self-bots and even game cheats for a while. However, I soon realized that this path wasn’t stable or legal, so I decided to find a more ethical way to earn money in this field. I researched legitimate bug bounty programs that would ensure secure payment for my skills, and that’s how I really got started in the world of cybersecurity.

there u go

the whole story

💀

almost every detail explained

good one

Custom or predefined metatables?

predefined

Which ones?

lemem send u the src of the wl

i gotta find it rlq

Ok

this shit was a while ago

ill send crack

wl

and wl loader

go dms

Ok

Can anybody help me. I accidently uninstalled network maneger folder on kali linux. And now i cant install it back, because the device have no internet

Download it on your host/another PC and transfer it to Kali

https://pkgs.org/download/network-manager

Install with "sudo dpkg -i <name>"

You can download it on your phone as well

Thx

It worked

@halcyon flame hiiiii, help me pleaseee sir

he dare ping the one with aura

Do you guys have any recomandations to spin up free VPC ? Vultr is a making me go insane 0_0

Have you tried this? https://www.serverhunter.com/#query=stock%3A(in_stock+OR+unknown)

That's a really cool site . Thanks ben !

Any timeee

Anyone have a favorite version of linux?

Kernel version or Linux distro?

Linux distro

For me it’s usually Ubuntu with an XFCE environment, or Kali minimal

Ok, I'm somewhat new to Linux so just looking for a place to start.

What you running rn?

I use macOS and Windows 11 daily.

Hey guys...I'm a literal beginner
I want to go in cybersecurity
What are the things(skills) required for going into that field?
Please guide for the same...

@iron juniper

Hello, I wanna learn cybersecurity
right now I have no idea what to do
I'm 16 right now I'm just learning everything atp
what to do?

Opsec 😩

i should learn opsec?

yes

dont link your number or ip

to any account

dont use emails with names in them

dont use gmails

dont use tor, use mullvad

are there any courses?

dont over yap about personally identifiable information

on some forums they have opsec books

oh

what forums

can i find

on cybersecurity

because there's alot of them

and half of them are black hat

hello..,
is anyone familiar with ISO27001?

1. may i know an application that can control dll, ocx, etc files? and
2. Inventory control, license management + push update

lol. what are you telling him about?

i am unable to understand TCP/IP reference model some techincal words such as " Point-to-Point Protocol (PPP) framing and Ethernet IEEE 802.2 framing" which i cannot understand 🥲 can someone help me in networking

Where are you learning networking from @summer kite

i am learning from website(blog) https://www.geeksforgeeks.org/tcp-ip-model/

Do they have videos?

hmm they have but basic just overview

comparing with osi that's it

Dm me

Ill give you somewhere better to learn

this PPP, Ethernet IEEE 802.2 framing this is not covered in video

ok

Can anyone suggest me some jr. Job roles I can get as my first job in cybersecurity or anything around that? And also please do tell what I need to study for them

jr pentester, you can get a cert on the tryhackme course

It will not help you get a job

Okay thanks but is there any other approach I can take?

Junior Security Analyst, SOC Analyst I, Security Specialist I

And how can I learn stuff about, let's say, SOC analyst

SOC I like it friend:).

It’s pretty much up to you. You can enroll in college obtain certifications do job specific courses etc.

I'm in my kast year of btech in cs core niw tell me what can do more for SOC analyst

You like SOC analyst job role?

I mean it’s quite fun I’d say.

Oh
So how can I learn SOC analysis

Everyone can.

Alright I am having problems understanding API security and setting up a lab, can someone prescribe some resources?

https://owasp.org/API-Security/editions/2023/en/0x11-t10/

https://www.ibm.com/think/insights/api-security-best-practices

Is knowing web sec a necessity for API sec?

https://docs.redhat.com/en/documentation/red_hat_security_data_api/1.0/html-single/red_hat_security_data_api/index

eh

api security is a part of web security isn't i

it

When see from a web sec point of view yes, but in some places (esp core networks of telco systems) it is not a part of web sec.

u answered ur own question didnt u

Umbrax mad now💀🙌🙏

am i?

Can you suggest me sone resources

Web sec as in HTTP/2, REST is there but the surrounding HTML rendering stuff is absent.

Well sorry, it is confusing at times for me....

https://www.offsec.com/courses/soc-200/

https://tryhackme.com/r/path/outline/soclevel1

Any resources on how to set up a local lab?

You sound pretty mad, Mad Max.

"max" and no i am not mad

dk how that came to ur mind

The old ones or the new ones?

❌

https://www.youtube.com/watch?v=mvsiuLzpx2E&pp=ygUec2V0dXAgYSBob21lIGxhYiBuZXR3b3JrIGNodWNr
If you need further assistance..ping @valid belfry

You’re a light switch, you always turn it off.

@icy crane thanks

New ones

and ur a random person on discord who doesn't know when im annoyed or not <:

Anytime dude🫶.

Ughh those movies except fury road was a eyesore to watch

Yh true.

Well popularity has nothing to do with knowledge and clearly you go for popularity.

“Random”

fellow 0day is a random person on discord to me aswel

hes "known" on social media

still a random person

Then what are you another random? Yes, yes you are.

yea.

i am.

in ur life im another random person

I like the honesty.

whats going on

nice

this thing called a conversation

Also, if anyone wants help in setting up and understanding SDRs and signals, please feel free to ping me, I have been doing that for quite some years now.

True but I’m a random too;).

to some people ur not a random

to me u are

doesn't make a difference in ur life

because im not in it

or does it 🤔

doesn't seem like it. someone is saying your mad

depends how u react based on others opinion.

ur mad.

are u mad?

i said u are

but are u?

there u go

answerd ur question

someone saying another person is mad

doesn't mean their right

they're*

ok?

😭

https://tenor.com/view/womp-womp-cat-gif-12768989307250413732

https://tenor.com/view/hah-righttt-yeah-right-whatever-you-say-ok-gif-16175049

Yes

@halcyon thunder if you need help @ me but I am at work rn

Hello, so im thinking about the following, i would like to end up as a team leader for incident response teams but im not sure what path to take, im currently working on my CISSP and know pretty much all of the CCNA exam. Any tips in carrier paths, certs? Im only 21 so i have a lot in front of me but i do like planning the direction i want to go later on in my life :)

@plush ruin which direction do you wanna go btw black | white?

After getting a certificate from Google Certificate in Cybersecurity, what should I do next? I've been trying to figure out what to do next, but I'm just stuck in one spot lol.

Create ur own project

expand your portfolio

And then start freelancing

Maybe Comptia security plus?

constantly look at ad's and etc. for contracting / freelancing work . u are bound to find work you feel u are able to do . but never stop expanding ur portfolio even iy dont have work

the one constant is education

u will never know enough

That's my next goal, but the thing is my current job doesn't pay enough for that (bills and all the adult bullshit :*)), but I'll be studying for it until I save enough, unless there's such a free thing lmao.

Where is the best place to look for that?

getting your name out there on job sites

Its the internet ur bound to find something free

does anyone here know how to bypass a passcode in a ipad ios 17.7?

and if you havent already, let your irl circle of family and friends know what u been doing

Go to ur local tech store for that 🥲

keep guessing 😄

Finna get locked out for 50 years

lit

🤣

Alright, I'll do that then, thank you.

There's no such things as free

no stress

Yeah there is

The other day i found a free $1 on the ground

learning is free nowadays (iy have the hardware)

LMAO, that's irrelevant to what I've been asking for 😭 But you know what, you can be right about that.

😭

Check ben

@quasi berry

He prob asleep 🥲 by now

I'm gonna assume he's an early bird or he's probably in a different country.

Hi

What am I needed for

an early bird? 💀

I'm in the UK

This.

A+, Net+, Sec+

Yeahh, well, anyone can be an early bird 😭

Well

What exactly is your focus in cyber?

Early bird gets the first worm

I'm a night owl.

That's a good question, tbh

But the night owl gets most of the worms :3

Ooo

👀

Is there any way I can learn which side does what, so I can learn which one I could be interested in?

Eh, there can be lazy night owls.

Them times u gotta get up n push thru the laziness frr

That's the point of my job, get up, work, then get home after work, then read book till i go to bed.

😭

I feel like u dont get a healthy amount of sleep

🥲🥲

I hope you do tho

I do actually, that's why I love night shifts.

can someone help me with this problem, I need help using johhny for parrot secuirty. what path way do I have to use

So yeah @maiden solar - what commands has this class introduced you to so far?

Does the question require you to list txt files in a single directory, or in many?

We've been learning basic commands and about a week ago and a half we started scripting. The question states that I have to make a script to search for all "txt." files in your home directory and then change these file persmissions to 644.

week and a half ago*

Ok.. so again, what kind of commans has the class taught you to use so far?

The question doesn't seem to specifically state the grep command, unless that's not the whole question

Anyway yeah

What commands have you learned about so far?

chmod, grep, ls, cd , cp,

i cant think of all of them rn, but those are the ones on top of my head

Ok, have you learned about using the | character to "pipe" together command outputs?

Also, does the question mention recursion at all, as in.. does it need to change all files within subdirectories as well?

Yes we have, I don't just rememebr much of it.

No it doesnt, it just states I have to search for all .txt files in my home directory and then change file persmissions to 644

Ok.. that could be interpreted as all files, including those in sub directories

hey guys can anyone help me, i have an old iphone 7 plus and i need to either get pat lock screen or fully reset the phone. thanks

ok sounds good

Let's start small @maiden solar - do you know how to read the manual for commands in Linux?

As in.. the documentation which includes all parameters etc

Or, we could start at the very basics

Tell me, how would you list all files with the txt extension in your home directory?

grep -l *.txt i dont know if that is correct

That is one part, but there is another command you mentioned that you can (and would need to, if you want to use grep) to use prior to that

grep generally either needs to be piped input using |, or to be provided input with the final parameter (being a filename, or input)

How else could you list files in your home directory, and only list .txt files?

Have you been told about the command to show command manuals / documentation yet?

Yes

What kind of examples have you been given to use the | piping feature of bash?

Or what ways have you learned how to USE that feature

Well i havent had any hw that makes me use the piping feature. My teacher only has videos for us to see

Have you watched them all? Do any of them demonstrate it?

Because, with the limited set of commands you've provided, you'll likely need to use it

You could always use other commands, but if they expect you to use what you have been taught, that might not be the right thing to do.

Sorry if I'm being very limited in what I say. I could always just give you a working solution, but that'd kind of defeat the point

If they've introduced you to the | (piping) feature, surely there must have been some content describing how it works?

Yes sorry, I just get really confused. There is so much material to learn in a specific time that I just forget some stuff. So thanks for having patience with me

Let me just go over the piping video my teacher has published

Sure

Also check back over the video that introduces the ls command

While in theory you could chain together three of the commands you have been provided to come to a solution, you really only need two.

Or one, if they do not expect you to make the changes recursively

Ok sounds good. Let me check them!

Specifically, check out the man entries for the commands you have been given. They all have something in common (although cd does not have a man entry)

I've got to go shortly I'm afraid. What I would recommend is this

Build up towards your solution in steps - Linux and its core binaries were built in such a way that they can be combined in order to achieve tasks that no one command can achieve on their own.

Breaking down the question..

1. How do you find all txt files in your home directory (optional, find them recursively)
2. How would you execute chmod on those files to change them to the required permissions
3. Can you complete this task with a single command?

Read of the command manuals carefully, go step by step 🙂

This can be achieved in a number of ways, it's up to you to find them.

Good luck!

Thank you, really appreciate it. Hopefully it all comes together and I can finish my hw. Been stuck on it for a bit haha but thanks again for helping me!

(also, if you find one way to do it.. if you have a feeling there are other ways, explore them too and document them - they may build some fundamental knowledge that will need later)

No worries, everyone starts somewhere

For beginners what is a good place to start to build a good foundation? What should I learn first?

look at pins in #1181325692823150642

what do you want to pursue?

can someone help me recover my instagram ?

https://help.instagram.com/account-recoveryHow

White hat i'd say

@wanton marsh could u possibly help me

https://tenor.com/view/hi-hey-hello-there-kitten-cute-gif-16697937

Now can I help

gooo dms

I had few questions can someone help

🙂

Hey there, whats up

Hi all. New here and had a question over something I saw on someone’s videos I follow.
They mentioned something called bandit on overthewire.org
They said it is easier and better than try hack me. For anyone who is a beginner like me. Just curious if anyone has used this site and has been able to compare it?

OverTheWire holds your hand alot less and requires more initiative and researching yourself. I'd suggest starting with THM.

Then move over to HTB or OTW

@humble wren

Thanks. I appreciate the input. @lean lance

You're welcome 🙂

How can I get rubber ducky USB?bros

Can someone help me on this

https://shop.hak5.org/products/usb-rubber-ducky

From the source

Does anyone have any good recommendations for todo apps? This would be on windows (I've got neorg on linux)

Can't i just make one of my own

techincally you can make anything

If you mean from a regular USB, short answer: no

You can buy smth like a Raspberry Pico microcontroller and make it act as a rubber ducky

I mean he can something related but not a fully fledged rubby ducky

You know how the Rubber ducky works right?

Yeah i do

Oh thanks bro, what are the process?

he can get some other scripts and use autorun creator to do something else.

That is not the same, and not very effective, besides autoruns are often blocked

IM just trying to give him hope :/

Rubber Ducky introduces itself as a HID device. Which makes it pretty much undetectable

Because PC's fully trust things like keyboard and mice by default

Autoruns been blocked on every device since win 7

btw why doesn''t windows block it or smth

I will need to understand how

Not always the best solution

HID device windows thinks it’s a keyboard

Or mouse

Well.. to the computer it's just a keyboard or mouse

Nothing else

It doesn’t know what it actually is cause it loads keyboard drivers and signatures

✅

(I think keyboard it might be different now)

Hmm

Thank you family

Buy a Raspberry Pico for like 8 dollars

And you can make one yourself

But run him through it ... it may work for hiim : )

I got like 8 of em, they are amazing 🙂

an arduino can work too right?

Yea

Technically any microcontroller

They are very fun to play with

and cheaper right?

Cheaper then what?

Hey 👋

bruh. is it the firmware or hardware

Can I get help from you guys??

raspberry pi

Pico is cheaper yes

Yeah

Pico

It's the hardware, microcontroller to be specific.

@fluid shard What do you need help with.....

You can do alot of cool things with them

what but if its plugged in can it appear in like gparted or disk management...

It's a device, not a software

huh>

So, apparantly there's a new way of scammin'

Go look up on microcontroller, and how it works and what it is

Please have a look

It's cool and interesting

@lean lance

We don’t do unethical stuff here

#📜・rules

#1286135820008296509

Relax folks, you didn't know the intention yet 😄

But yeah, make sure it follow guidelines here

Just warning.. incase...

So, my friend got a message from a random dude who messaged him that he had reported my friend for fraud and that his account will be suspended within 24 hours. For cancellation, he needs to bind his account with another account

Aya

Ah the typical account takeover scam, yea.

Now, my friend, without knowin' anythin', did it and the scammer got the access to his account.

Grow the account bigger then the original and then report the original account

Is there any way y'all can track the scammer down?? I have his IP address

Access to his? You said something about suspending his account

That is not something we do here

was it an email?

The account suspension was a fake notice created by the scammer

its the trick. merge the account or get your account suspended

You will have to contact the platform this occured on about it

How can I contact??

Was it gmail? @fluid shard

Depends on the platform

Well maybe "(platform) support"

A google search

If I give you guys the IP Address, can y'all track it down??

While it might be a scammer, anything unethical or something along the lines of vigilantism is not encouraged or helped with here

Please, like mentioned. Read the #📜・rules and #1286135820008296509

Ohhhh...I didn't know that

That's okay, I'd suggest contacting the platform with all the proof you have

Taking things in to your own hands is only gonna make it worse or not do anything you want to achieve

Yeah, it was

That was a really convincin' lookin' bot sayin' to bind the account with some other email address:- bot.assisstant@gmail.com smn' like that

https://support.google.com/accounts/answer/6294825?hl=en

I think its something to with family sharing @lean lance

idk

Revoke all permissions, change password, contact Google

who here has used parrot OS?

scammer took over the account

Could be yea, you can link different accounts this way

No, it wasn't the gmail account that was hacked, it was the discord account that was hacked.

Well then contact Discord about it. These things happen very often

Well, is there any number of discord??

that can be recovered easily i guess

This is from the FAQ about hacked accounts: https://discord.com/safety/360044103651-reporting-abusive-behavior-to-discord

https://support.discord.com/hc/en-us

Thanks y'all, y'all are life saver

https://support.discord.com/hc/en-us/requests/new?ticket_form_id=4574398270487

Straight to the correct ticket form

You're welcome and good luck

Oh hello Six, cool new name 👽

thanks cyphr 👽

Hmm their response time doesnt seem good

peeps on reddit say 2-3 months

i've never personally interacted with discord support but i've never heard good things lol

ohh this is six🙂 hello cousin

As a company, Discord is quite shit tbh (don't ban me Discord, I know you can read anything in any server)

hello 👋

Watch me get banned by Discord again now lmao

guess its the lucky ones....

https://tenor.com/view/bane-no-banned-and-you-are-explode-gif-16047504

Question fellas, when I set LHOST on metasploit framework like on exploit/multi/handler as my public ip it fails to bind and won’t connect back to the test target like it should and yes port forwarding is enabled on my router but still doesn’t work, any advice?

And I’m not trying to use private ip cuz I wanna see if it connects back using public ip if anyone was wondering

What’s your lab setup? Two devices on different networks?

Two devices on the same network

I’m trying to reverse connect though the internet instead of private network

Are your subnets different? Also, you will not be able to connect to a different device using public IPs that is within the same network. Most routers do not support NAT loopback so the target device will have to be on a different network

I’m not sure if subnet’s are different. But what if it still doesn’t work when on a different network?

Try diff port, check firewall settings

It does. I actively use Metasploit for managing my sessions when doing Pentests. If it still does not work, it is more likely issues regarding Port Forwarding or Firewall. You can also set the LHOST to 0.0.0.0 for receiving external connections

Kinda check with firewall and allow connections for port 4444 and same deal but I’ll look into it when I’m home

I will set LHOST as 0.0.0.0

I’ll do it later I’m not home

Yeah..that will make sure the device is listening for incoming connections on all ifaces

Okie

@fallow yoke Hey Monke, how are you?

Guys I want Windows 7 iso files for pentesting

Search in https://archive.org

Can my link work too?

It can, but could also be infested with infected versions

Yeah.. was gonna tell him to get from Microsoft section

What's service pack exactly?

A collection of bug fixes and product enhancements

McFee deleted it. Are you sure those files are safe?

I certainly wouldn't trust..

No offense..

Been a well known source for many years, but if it flags avoid ig

Shame MS took down their own links

That site used to be using MS links, but i guess things have changed in recent times

Mb

Yeah, they should offer it through some kinda of dev portal or smth to be honest

Latest they provide is Windows 10 for trial ISOs now unfortunately

I mean.. Virtual Studio sub provides such access, MSDN, whatever

But yeah, a cost

I dont take offense, apparently the site is not how i remember it to be

Cool beans 🙂

If i'm wrong, i'm wrong. Simple 😄

Ah good one, might be yeah

I've got a perpetual license, they provide versions going back a way

https://visualstudio.microsoft.com/dev-essentials/

Unsure if it still provides the benefits for new subscribers or not

UPDATE: I tried putting the LHOST to 0.0.0.0 and didn’t work

On metasploit

What port are you using?

Sup app

@obsidian umbra lhost is your own ip

Idk if you know that

0.0.0.0 localhost > localhost > 127.0.0.1 localhost

If you run ping localhost you are pinging yourself

Or any of those

I know it’s my own IP but I had two other people that were helping me out on a situation

I don't think metasploit will work without port forwarding

Your device is not able to reach to another device

Basically, I’m trying to do a reverse connection using a public IP instead of a private IP.

I do have port forwarding enabled

Which ports and which ip

You portforward your machines ip to the internet

Port 4444 and my public ip

What router do u got

I don’t know the brand, but I use spectrum

For me I need to specify a local ip to forward to the internet

I use spectrum too

Check out ngrok

Guys I was talking to earlier said try 0.0.0.0

For tunneling? Could help

I did try to use the tor network and that didn’t work

If there's port forwarding enabled coming back to your IP.. is that coming to your host or vm (if you're using a VM)?

Yeah, Tor not the way

My own computer host

This is all ran off of a laptop

Arch Linux

Have you verified that you can connect to the forwarded port from an outside host, like a VPS or something?

Not really it just doesn’t wanna do a reverse connection back when it comes to public networks instead of private

I thought about building a machine on AWS Linux and trying that

I'd advise confirming the port forwarding is working yeah

Is there certain devices that can be port forwarded?

If it can open a port to listen, and the router or whatever can forward on traffic.. there is no limitation

Try using port 443, I've had similar issues with ports above 1000 in the past on some networks

Port 443 didn’t work. I’ll definitely note it if I need.

I might just need a VPS

Hmmm are you sure the payload itself is not messed up?

i need help

I am representing my school in districts for cyber security and I also did last year and i got thrid place (only reason why i got third was because there was only three teams) and the progrm is called skills USA. I have the guide on what the questions will be about and they are about the NIST 800 181 Cyber Security workforce frameworks I am new to this and i want to get first becasue if I do i can go to state and therefore

I’m positive the payload is not bad

@maiden solar how did you get on? 🙂

I'm here

you never mentioned port forwarding

I'm in school for software development and also interested in hacking

Please where can I purchase license key for Socionator

And how do I setup visual basics on my MacBook

Please help me

Hello!

On their website and stack overflow discussion for the VB

Guys I need suggestions please. I’m trying to build a database honeypot and I have a dual booted system, windows and Kali OS. I don’t want to run this project on my immediate environment. Can I install a virtual box and also install Metasploitable. My computer is 8gb Ram. Also is there any other alternative for the project that would be helpful.

@tender dust https://book.hacktricks.xyz/network-services-pentesting/pentesting-rdp

@analog adder @ me if something breaks again

nevermind, waited a little, turned it on and my pc did a sike!

and booted

Hey!!! Thats good!

it wasn't posting at all

Yooooo

Live in canada, do cybersec jobs give a shit about which uni you went to get your comp sci degree? Or do they like you having lots of certs ?

me myself don't hold any certs i js personally do bug bounties and other shit but I would assume the more certs u hold the better chances you have

how much do you get from just doing bounties?

varies from person to person

theres no exact amount

every program pays differently

and for each bug aswel

Yeah I get that, but from what I've seen it's pretty hard to live off just doing bounties because of the variability; do you work on the side or you fully in it?

I don't work within it or it related things.

my knowledge is purely from just having it as a hobby

from when i was younger

gotcha gotcha

bug bounties depends on the person

their skill

like lets be realistic if ur good enough to do bug bounties for big ass companies like roblox ur gonna get paid quite good money

but if u aren't skilled enough to find exploits in it

you won't

so it varies on ur skillset

Yeah bug bounties are something Ill go for when I get experienced in the field, but Imma try applying to security positions first

lmao we went 2 fully different routes

I haven't even gone down the route tbh, I'm applying for universities rn so my choice degree isn't even decided yet

I'm just worried if employers give a shit about where i get my degree from

I don’t know how to access their website

their requirements are basically breathing is optional

ask in a couple more channels you might get an answer quicker

my evil ginx is not working

the program tried to add a TLS certificate to it

but then i got this error

failed to set up TLS certificates: login.microsoft-onedrive.3.4.1.zip: obtaining certificate: [login.microsoft-onedrive.3.4.1.zip] solving challenge: login.microsoft-onedrive.3.4.1.zip: authorization failed: HTTP 400 urn:ietf:params:acme:error:dns(ca=https://acme-v02.api.letsencrypt.org/directory)

and then i figured at least the website will start

but it didnt

pls help 😭😭

@wicked sorrel try this https://github.com/kgretzky/evilginx2/issues/452

Hi

Create a new account or contact roblox support

This stuff happens alot on Roblox, account take overs are like a daily occurence there. Contact Roblox like already mentioned.

yow ^^ I need help with my cloudflare tunnel and maybe with my webserver. I cant reach my website not even in my own network. Any ideas why? I use nginx and my domain is set and is under sites-enabled and sites-available and for now only http is set

Where are you hosting it? Your own network or in the cloud?

on my raspberry pi 4 in my own network

Did you setup port forwarding to the Pi?

maybe I got the wrong architype amd instead arm but I checkt that now

no but I don't need that or? when I use cloudflare tunnel

Ah right, yea you should not have to

yeah double check that

ok ok what is od that when I try to get on my website from the same network it also cant reach my webserver ... Am I right that I only need a dns entry with a that my domain point to my webserver or for that I need portforwarding? onyl internal I mean so not from the outside

I will do ^^

I reach it with the ip in the internal but not with the domain of mine

Check from the same network if the website even is accesible: <ip of Pi>:port

Ah ok

Then it's surely a configuration in Cloudflare

Double checked all the DNS settings in Cloudflare?

And make sure its ARM for cloudflared

Pi is ARM as you probably know

ok so no tunnel configurated and one a record with domain pointing to webserver

Am I now able to reach my website with my domain even the tunnel is not configurated?

or do I need port forwarding for that or a tunnel to even use my domain

or does the dns record I set need some time to establish global records ...

Without the tunnel, port forwarding will most likely be needed for typical home networks

Because of NAT

you can try pinging the domain and see the IP response

no output

nslookup and domain give out that server is my router and a ipv6 adress and "No internal type for both IPv4 and IPv6 Addresses (A+AAAA) records available for ..."

ok so let me set up a portforwarding rule for port 80

then when it should work shouldn't?

Before I'm typing walls of text to troubleshoot, check this vid, you are probably missing a step: https://www.youtube.com/watch?v=D2lzdfohKJo&pp=ygUoaG9zdCB3ZWJzaXRlIG9uIHJhc3BiZXJyeSBwaSBjbG91ZGZsYXJlZA%3D%3D

🫡

sure thx ^^

If after the vid you still have trouble, you can ping me 😄

ok well the video did not help me :/ @lean lance so now I did set up the tunnel per cli and it is running also with the right architecture arm, but now when I go to my domain in the browser it says
Error: Redirect error

The website you are trying to access is redirecting the request in such a way that it can never be completed.

This problem can sometimes occur if cookies are disabled or rejected.

I am confused ^^

Sounds like a misconfig with nginx and https redirect

what is odd that I did set the ssl/tls to off in cloudflare and in my nginx server there is no https/443 conifgured

but it also tries one time to resolve it as https:// domain.... and then you refresh and it switches to http:// ... also I did turn of that cloudflare automatically only do https ..

Yeah it's still redirecting to https

Why not use HTTPS anyway?

What is your nginx config looking like

I mean I want to but doing that now is harden then to find the problem why it is not working anyways now with only http and without https and certifications ...

Well, https is mostly forced in different areas. Which is why there is a redirect loop now

Install certbot on the Pi

server {
listen 80;
listen [::]:80;

    root /var/www/herbfarmer/html;
    index index.html index.htm index.nginx-debian.html;

    server_name domain.xx www.domain.xx;

    location / {
            try_files $uri $uri/ =404;
    }

}

that is the sites-available do you also net the main condifuration file

sudo apt update sudo apt install certbot python3-certbot-nginx sudo certbot --nginx -d domain.com

The problem is definitely the combo of using the tunnel and non-https. It can be done but usually gives conflicts.

Besides there is no reason not to use HTTPS, it's very easy to setup anyway

ok sure I do that

Let me know 👍🏼

copy your message before sending it, if it's very long Night Owl bot will remove it @deft light

I saw you fixed it at quick glance, the rest I couldnt read 😄

@lean lance thx man ^^ now it is working, let me now if you wanna have look at my website 🐦
I did describe the way I got there but the bot just del it and said to me don't sent the message over and over again xD
So yeah a short version of that is that there were two problems

1. that I had was the "sudo apt install certbot python3-certbot-dns-cloudflare -y" I used that because let's encrypt could not establish a connection to my webserver, also I had to make a api token and link it to the cerbot ...
2. after I did all right it told me
   400 Bad Request
   The plain HTTP request was sent to HTTPS port
   nginx/1.24.0 (Ubuntu)
   fixed that with enable always use https ... and rewrite http to https ... on the cloudflare dashboard and also did reconfigured the tunnel so it don't verify the origing server pull

ahh now it works

yeah the other message was to long ^^

Nice, yeah that sounds like things I've come across as well. Glad you fixed it mate 🙂

Sure you can always drop the link

me too ^^ thx again for the help

No problem 🙂

Yo how much cybersec should I do as a web developer?

Yo guys hope your doing well can anyone assist me with some web challenges of a ctf ?

what ctfs

ironCTF

hey

does anyone know if Ethical hacker course by Cisco is a good course to take if ur new to ethical hacking

is that the name of the course?

its called “Ethical Hacker”

hmm

there's other certs you need to accomplish not only that

im currently studying Networking Basics, its part of the “Junior Cybersecurity Analyst” career path i was checking if i can skip the rest and start with ethical hacking related courses

yeah there's others you need to pursue. net basics >>net+>>sec+/pentest+/oscp/sec+ and CySA+

Check the other users to discover which user account was used to make the malicious changes and revert them. After reverting the changes, what is the flag that you have received? what does this mean?

like i dont get it what should i answer there

i think the one you are referring to @chilly merlin is CySA+

@chilly merlin can you helpme out?

what's wrong 😕

i wrote something can u help me with that question

send message link . cookie lazyy

here

I'm not yet doing ctfs... ping a hacker here...

@rare canyon

what are you in?

@unreal karma help this guy out please 🙏 ^^

not yet ctfs

the flag will be somewhere in the account’s data after you revert the fuck shit

huh

i dont get it what should i answer there

whatever the flag data is, its inside the file that the flag would be in. orrr the flag could be a 🔑

i dont have enough context to know what type of flag you’re looking for

this is question on trychackme

did you try following instructions step by step? they are pretty clearly stated

wdym

1. check the log or personal accounts to see which account made changes

2. revert said changes

3. find the flag in the user that made said changes

@chilly merlin i do not have the patience to teach and this reminded me of that.

can you come in my dm

https://tenor.com/view/obama-what-seriously-what-the-president-gif-16881768

bro i understand whatever you are saying

answer

i just dont know what to put there

You clearly need to take a step back and properly cover the theory and information

it has to be something specific

That is the point, you need to find that out

https://tenor.com/view/look-what-yep-this-gif-13617583

Thats the whole point of CTF like challenges..

right, the flag could be anything

usually its a key or relevant plaintext information for the beginner CTFs for THM and HTB

the point of cybersecurity analysis is to find a non-uniformity

Just saying what to put there won't teach you anything. It will just tell you the answer. Not how or where to get it. The challenge is to look around and work with the information you are given.

i get it yea

but last time i asked the question like this thing

Don't give up, keep thinking and read over and over the info you have

then why you asking us for

i was right i had already put right answer but it just didnt show me

this^