#👥・help-me

they might be bale to help

Support on exchange?

I wanna learn to hack.
I need the total basic

I wouldn’t use cc101, unless you want to be sub 433MHz if memory doesn’t fail me and maurader I don’t think it will run in it. I would use ESP32 (-S; S2)

Whats up?

@dry lantern I can help you

#👥・new-member-guide
And Google.com
Good luck

Anyone know how to make bugs for specific jobs?

hi

@dry lantern

on rn?

#👥・new-member-guide

Which website can I use to verify my Facebook account for free, without paying any fees?"

Where can I download the Arc Mode for Call of Duty, and is there an official website or link to access it for free?"

Omg hiii hru

Hey everyone i could really use some some im trying to learn how to use active directory i installed it and now I can't get my regular desktop to open

damn

Do you think you could help me out if possible?

Like the face verification?

You have to do that yourself, we don't do that type of stuff here.

Try restarting? from what i'm seeing AD shouldn't mess with the desktop.

I pmd you i sent an image

UPDATE: he installed windows server 💀

https://media.discordapp.net/attachments/1335438717716004938/1335438782106832926/20250201_211210.jpg?ex=67a02bc8&is=679eda48&hm=83d85295844817aef796baa939e5435e5dd28698330086bc9f28c82828445fc2&=&format=webp&width=873&height=654

what had you installed before that?

@slim basalt

Wait did he install the Windows Server version without the GUI?

I didn't know there was a GUI version

but that's what the photo shows

Yea when you install a windows server you can choose if you want to install it with the GUI or without it.

you need to reinstall your OS after that an Hypervisor and then you put that stuff like Windows Server in a VM

he said he had a kali vm alr

just didn't think to do it with this

where is that kali VM? not on that PC

it was on that pc

keyword was

yeah not anymore

he said he has a win 11 usb so everything should be fine 🙏

thats good yeah it will be fine. But if he has never made a domain like picking the roles ans stuff he could need some help there

its not hard but you kinda need to see it ones

I fixed it yall !!! Did a fresh install of windows 11 😁

Why is my computer using so much RAM?

RAM using is 50% and I barely do anything

Navigate to the Broadcom Support Portal and click Login in the upper right corner.
Enter your Broadcom Account email address after which you'll receive a message stating "Your account is locked". Click Unlock Account.

it asks me for my password

and WHEN

i enter it

it takes me back to this page

bro what do i do

this is for vmware

What is HTTP parameter pollution?

https://portswigger.net/kb/issues/00501400_client-side-http-parameter-pollution-reflected

hello guys i need help with my kali cmd
my terminal suddendly became like this
https://imgur.com/a/epn93w8

and kali-dark isnt in preferences

Just open the terminal settings

And change the background colour

and kali-dark isnt in preferences

je but

like

kali-dark is in the themes folder

but not in the preferences

Hi guys my telegram account is hacked is there anything else i can do other than asking for support?

Tracked them on twitter?
Or you go in back way redemption

DM locked!

Only support

No, also don't trust any dms you recieve as they most likely will ask you for money and scam you

I cant even access it bro

Dont know how to do that

DM me

done

dont

bro

its a scam

how oblivious are you

when you get your account hacked you belive everyone ig

I didn’t see a text

Can you shut up and mind your business

@snow mauve can I help you

I didn’t see a message from you

yeah, dont

you already hasve 3 bots dming you

how will u recover his acc

hack into the telegram db?

be so fucken fr

skid

cmon

go on

reply

im waiting

anyway i think i reset the account it would reset in 40 hr

Bro shut up and try to keep to your business

just need to confirm that account is deleted

ohhhh

i can see youre the master hacker

what will you do

Okay if it does not I’m waiting on your text

hack me?

stop scamming people. its 2025, it barely works

which he wont

because hes not dumb

what a surprise, isn't it?

why wouldnt you wanna ask for support

you been doing something naughty?

i mailed them 10 times

ah fair

and my account consist of only manga and light novel channels

and some football link for watching matches

yeah support is your only option man

but they dont even respond bro

well i doubt anyone here works for telegram bro

their support is dogshit tho u are right

unless you have premium

yep premium gets priority unfortunately

please only contact support or deactivate the email attached to your telegram... and pls dont pay anyone who claims they can get it back it simply wont happen, think with common sense

especially people who's discord profiles have only existed for 10 days....

^^

hm thanks i will use bruce

Where can I resell my gift card

Is there anyway I can trace an individual through a bitcoin transaction? I was scammed out of bitcoin and am pretty livid.

https://cards2cash.co.uk/

Thanks 🙏

Wtf

@flint galleon do not ping mods kindly bot will time you out

okay, thx

Hello, I am currently using TailOS (USB), a modified Linux OS that routes all internet traffic through Tor. I am looking for a way to change my location and hide from websites that my traffic is going through Tor (I would like to set up a VPN/PROXY after Tor in TailsOS). I've tried configuring OpenVPN, Wireguard, and using public proxies, but I haven't been able to make it work. I can't find any tutorials online (except for a Russian VPN one, which seems pretty sketchy and I’m not really keen on using it). The thing is, I'm the ultimate noob (the command line terrifies me). Is there any chance there are some experts in this field who could help me or know where I could look for more info?

Do you need a guide @lofty flare

Yes please

I can help you bro @vital robin

Hey I've got a delicate situation that needs some attention. Feel free to DM me

hello, is there a free way to find someone for a phone number

does vmware player get installed automatically along with vmware workstation? I just realized I have it installed but I never did it.

Yea

Read #1286135820008296509

ok

hi guys

trying to hashcat a zip password

and i get this messajes from hashcat

?

oh i cant upload images

Copy paste

Session..........: hashcat
Status...........: Exhausted
Hash.Mode........: 13600 (WinZip)
Hash.Target......: $zip2$030306e857d69bb36a94b117c802015ea135f50.../zip2$
Time.Started.....: Sun Feb 02 22:49:44 2025 (4 secs)
Time.Estimated...: Sun Feb 02 22:49:48 2025 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Mask.......: ?u?l?u?l?u [5]
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 2952.7 kH/s (5.95ms) @ Accel:2 Loops:999 Thr:512 Vec:1
Recovered........: 0/1 (0.00%) Digests (total), 0/1 (0.00%) Digests (new)
Progress.........: 11881376/11881376 (100.00%)
Rejected.........: 0/11881376 (0.00%)
Restore.Point....: 456976/456976 (100.00%)
Restore.Sub.#1...: Salt:0 Amplifier:25-26 Iteration:0-999
Candidate.Engine.: Device Generator
Candidates.#1....: XvDzU -> XqIhQ
Hardware.Mon.#1..: Temp: 65c Util: 89% Core:2460MHz Mem:8001MHz Bus:8

and the candidates are not correct

Why are ur Temps on 65c when cracking a zip

💀

Also your bruteforcing via what list

hashcat -m 13600 -a 3 hash.txt ?u?l?u?l?u
this is the command

and i have extrated the hash with john and auto identify the hash with --identify

and also a menu with bypass quit status etc appears

also when i file the .zip says AES encrypted

That's because the standard .zip file is using the AES encryption algorithm.

And why would you even brute force a 7z file?

what?

I mean you try to recover the password for a 7zip file?

yes

Is this some kind of CTF challenge?

Because It's nearly impossible to find the correct password.

yea

any1 have much experience with mrchromebox?

or any experience to do with replacing ChromeOS with a common linux distro

Look on YouTube

have done

my problem is more specific

target device is a ideapad 5 flex (amd64), trying to boot debian ISO from a bootable USB drive created with balenaEtcher
Trying to fully replace the chromeOS ROM, not looking for multiboot
for UEFI

when trying to run the MrChromeBox script it tries and fail to find a target directory
cd; curl -LO mrchromebox.tech/firmware-util.sh && sudo bash firmware-util.sh

the error is not certificate related

if someone has any experience with this topic i can give more details and a better breakdown

Would anyone be interested in helping me find someone that was being a racist pos on call of duty? If it’s allowed here

Unfortunately we don't help with unethical things. Refer to #1286135820008296509

Okay that’s cool

I'm currently taking a course on cyber security- Does anyone know a good site to practice on for free

Wdym verify your Facebook account?

what did u mean by verifying your Facebook app

no

he wants the blue check next to his name

you normally pay 14 dollars for it

just a typical nooby question... If I do a bruteforce attack from my system A to System B, under what condition does my IP address get shown to the owner of system B?
in other words, what is there on system B that is able to identify my IP Address...?

It gets shown to system B via monitoring mechanisms on that endpoint

Or in relation to that endpoint

ok...Thanks...! Since I have just started in this field, just curious to know... isn't bruteforce like - aggressive in nature and a 'so to speak' infiltrator tool? i deally supposed to be anonymous to the system B?

[I mean m thinking aloud.. like whats the point if I get discovered]

Yes, if you are targeting SSH with a brute force attack.. You are actively making repeated login requests from your device, to the server. Therefore you're taking up a lot of connection space which makes it aggressive

It depends what you're aiming for but the gist of it stays the same

Well you probably shouldn't have been targeting that system 😉

hmmmm [sigh].. so what other things like SSH can possibly expose my IP...

Wdym?

so i mean, bruteforce isn't really conspicuous...

I am just tryyna understand... that brute is not the silent type

No it's not, but it's alright if you have permission

aah! okay

Silent type of what? Just tryna understand

i mean like 'un-seen'/ 'stealth'

Yes this is considered active

You can remain stealthy, but not with brute forcing

okkkkkk [light bulb moment]

If you want to interact with the target, then it's considered active. Passive means getting information from sites like shodan, certificate transparency logs, archive, etc

okkk

If you interact, then the IP you are interacting from will be visible to the target. Spoofing will not work, as how are you going to receive the traffic when the target responds to the spoofed IP instead of your own

point noted!

Know you didn't ask about Spoofing, but just thought I'd point it out 🙂

You could proxy though right?

i liked that answer .. it just put 2 + 2 together in my brain

You could use a proxy yes, but my statement is still true

The IP of the proxy would be visible to the target

i am way too new to know that

hmm, that makes sense to me

Yes this is true

Aye new role 😎

I liked red better

so, when 'they' like news rooms and other similar agencies talk about 'data breach' and hackers-who-got-into-the-system kinda news, don't such hackers get tracked ?? how do THEY do that... i mean going by the theory that they have to interact with the system

makes sense.

They do have to, but more often than not it's not a matter of tracking attackers through network traffic, but human error and getting sloppy

ah-hah

That's not to say that network traffic can't be used to track down activity

I don't pretend how much data, or the breadth of monitoring of data is by five eyes and other gov depts is, but I imagine it's enough to be useful when tracking down origins of traffic

..even through proxies, and Tor.. don't get me started on that 😄

Own enough of the network, and it is useless. Own the entry and exit nodes, it's useless

Aren't exit nodes unencrypted to the host?

Indeed

Well, unencrypted as in network data

service data obviously still encrypted, e.g. https

Even without those two clauses, timing attacks on network data can still be used to associate someone with a Tor session, given enough visibility of the networks used in the layers of the path

So tor endpoints always have to be web servers?

No

this is a case I read about, there was a bank that got jacked for $ 1,09,30,300.00.... the money travelled [online for sure]... and what and how is still a mystery.. nothing recovered yet... not to my knowledge

I'm not a tor guru

TLDR Tor is a proxy. Entry and Exit nodes are the way in to the network. Once inside the network, a path through the network is negotiated, aka layers, hence onion

Data going to entry nodes is encrypted through the chain of keys of the layers of the path

Each step of the path, the data is decrypted a step further

Yea side-channel priv esc in pentesting if guy uses tor

When it ends at the exit node, it's then finally decrypted to the original traffic

Same goes with traffic ingressing back to the origin

[I need meds]... what is TLDR stand for?

Nice idea, but again.. it is ultimately susceptible to high ownership of the network. Own the layers, own the traffic. Of course also owning the exit node means being able to sniff on the network traffic. Not so much of an issue if it's all encrypted like https, but it still gives metadata that is useful

Too Long Didn't Read

Is the chain of keys 'web hook?' related management on the local device connecting to the Tor entry node?

Sorry, out of context, kinda meant "this is the short version"

aaah oka

it was awesome... I just read a bit about it just now

The chain of keys is negotiated by the client when connecting, and then decided upon through the network node by node. The chain of keys is decided by which nodes you connect through on the network. Tor nodes are publicly listed, and that is how a path through the network is decided

(over, very over simplified, but that's the idea)

I've a vide regarding Tor if you are interested from like 8 years ago, but still very relevant and interesting

It goes through what I've described in more detail, and obviously more accurately

interested

https://www.youtube.com/watch?v=rwawq8PsozU

God Bless Ya

Sorry, kinda took that conversation way off course hahah

heheh, nah its good

any knowledge is good/ m a sucker for knowledge

but I always pray that I understand it...

else, id sleep on top of my keyboard

Yes you can also mess with cache to potentially infer about the chain of keys.. it's pretty complex

You've also got a middle node, whatever that is for

anyone know how to pull ips??
I really need it and I got a reward for those who can

Pull ips?

Like, chat up lines?

pull IPs?

Yes

Grabing an ip...

#📜・rules #1286135820008296509

I dunno what that means

its for a good purpose

I was trying to be funny @fading galleon - "pull" is to "hook up" with someone in British slang

We don't know that.

want me to tell why?

hahahahahaha gotcha

To tell you why we don't know it's for good purposes?

no what the purpose is

You're the one asking for it, you know the purpose

What on earth is going on

for me to tell you what the purpose goblin...

You could play around with using protocol poisoning, SSL/TLS, MitM as well

Got any references? Always curious to learn more on attacks on Tor

Did a load of research and detecting of malicious nodes years ago

No these are just ideas, but I probably go decently deep.. I'm just learning about these topics myself haha

Aha ok, no worries

"Access all Tor nodes and then become Tor"

I can dm you and you will know its not for bad purposes

Just say it here, I don't accept random DMs

its personal

If it's personal, it sounds like it's likely against #1286135820008296509

Do you know much about web stuff @halcyon flame?

Know enough yeah

You could teach me networking, and I teach you web

Tryna become a penetration tester eventually

I don't have the time to teach, sorry 🙂

There's a disgusting SO here that left my friend traumatized. I need his ip to use as a means to get him to apologize. thats it. so its very sentimental but its ethanical in a way

so, here's one more nooby question: India is ok with CEH-from EC Council... rest of the World - Comptia [et al] .... I bought some old books for Comptia A+/Network+/Security +... tried to go through them... but its all theory ... why is Comptia given preference? [no offense to anyone]

And there we go. Speak to the authorities.

This is not ethical, even given the best intentions.

That's not a real apology and that's not what we do here

thats wack, you know they wont do anything. and i dont know any personal details about him so what can i say.

We can't help, sorry

A security officer?

As I said, regardless of best intentions, this server is not for vigilante action, or unethical / illegal activities.

All you can do is to speak to the authorities, report what you know. It's possible your report could help to build a case, in case they have done the same to others.

Don't assume others will do the same, because if everyone assumes that nobody speaks up.

Because of the certificate you get for each CompTIA Exam, proving you studied the materials which you can present to employers

Same thing as shouting "dial 999" in an emergency. You need to tell someone directly, or everyone assumes someone else has done it

Kinda..

so doesn't that same thing happen for EC council??

You wouldn't achieve anything with an IP address anyway

IP addresses just show you their public IP

We cant help you but if you want to get into hacking as a hobby you should start with OSINT @left wolf

Thank you @graceful saffron and @halcyon flame , much appreciate your help

but I gtg now... just got off the night shift [IST].. now sleep deprived

CEH is a multi choice questionnaire which is tailored to beginners, the book itself is useful, the certificate is pretty meaningless imo

Alright, have a chill night man

I see what you mean

Thanks Man! I will ! Cheers again !

Yeah so it won't help you get a job, although it will give you knowledge

hmmm..! I see your point

CompTIA will, because the questions on the certificate are ambiguous and quite lengthy

Aowhhh!

But good luck, you should first understand your learning path before getting into cyber security

absolutely ! 100% ... thats what I am trying to figure out night and day... someday I shall make it too

Slow But Steady !

If you just want a role, then you need to train for that specific job opportunity down the line. Like SOC analyst, IT help desk, Network engineer, penetration tester, auditor, administrator, consultant etc.

Database administrator, hardware guy

nah, it's not just about a role... to me, deep knowledge of things matter a lot... I would wanna grow in CyberSec only.. vertical take-off

pen test is what I think is closest to what I have in mind..

end of road will be 'Red Teaming'... i mean . not End-End... thats the goal

Yeah that's difficult because of the sheer amount of knowledge you need to know, however you can become a junior penetration tester with the right connections and certs.
What kind of knowledge are you starting with currently?

Red teaming is sick

Threat emulation exercises

presently I am getting introduced to CEH things.. so learning various concepts and tools and so on so forth

building up a base

You should watch some YouTube when you encounter a concept you don't know, use tryhackme and hack the box as well

Hack The Box is more advanced though, so maybe start with tryhackme

tbh, I am non -tech guy... but I am that fellow who will wake up from the dead and fight back... I was in HR for 17 yrs and made a switch three yrs ago into IT... all was thru self study.. so here I am

Pwn.college is good too for ctf based exercises

Welcome, yeah it's a neverending road

Especially with AI and all of that

thats wht I love about it... HR sucked anyway 😁

What didn't you like about it?

reading resumes.... boring as hell

Feed em into the shredder

there was a time when I worked as a Global head for a MNC... but the job entailed same thing... resumes/ salary negotiations/ bosses asking for a new strategy... giving employees the same crap wrapped in a new pkg

no fun

Just make an RNG that picks 3 resumes from a folder then overwrite the other resume files you download over and over again.

If the resume looks good, then keep it, if not then run it again

i could call out a bluff n the resume by just talking to the guy who sat there claiming he was too good for the job

HR speed running

How?

Are they bad or you just know how to access them clearly

how... well, if you have read like close to 3000 resumes in a month for all these years and talked to those people, you get a hang of it...

That's a good combination of knowledge to have in a company setting

If the resumes are too long, do you just throw them out?

you just know the guy is bluffing... e.g. I was doing an interview for an F&B org... the dude claimed to be Snr. Exec Chef... showed me his work on his laptop... all fancy... big resume.. called himself expert in Italian

5 Mins into the interview... I understood

no... I hv treated every resume with respect. maybe the guy doesn't know how to make resumes, but he has worked for it...

https://tenor.com/view/typing-keyboard-funny-lol-gif-17582856

hehehe

Professional right there

That's actually cool, I think that's a good way of going about it.. Now AI would be a pain compared to 3 years sgo

Kudos

I'm sure it can be hard for teams when dealing with high volumes.. but it's the least that can be done

Never know if you are passing up a diamond in the rough if you don't at least give a few minutes of your time to seriously read a covering letter and CV. Some people are so skilled.. but not in all things, like written communication

When you spot someone, and when you see them through, join and flourish.. so awesome.

I leave recruitment and interviewing (for the most part) to those better than I 😆

well, ideally when a person says he's expert with Italian food... I ask two opening question... 1. what 'is' Pasta? .... 2. how many pages are in HACCP describing the making of Potato fries...

and thats it

I find it hard to get a read on some people, and it's bitten me in the arse a couple of times.

I have given time to every single person who presented his/her resume... selection is secondary

🫡

I'd say "pasta is delicious, I'll make it up for you in the kitchen, you'll love it 😋" and "I read the content not the pages, but I can show you"

yeah, to Err is Human... guess it applies to both sides of the table

selected !! 😁

Ayee 🕺 🍻

okay.. i really need to wind up now

good talking to you both!! will catch up

ciao!

For sure man, have a good night

What type of services are you recruiting in?

Many departments, would be quicker to paste the link - is that allowed @chilly merlin ?

yeh

so long as it's not a discord invite it should be fine (or like a scam / phishing link)

(it gets auto sniped)

and you get timed

Trial defender, trial mod?

yeh

same thing

Cool cool https://apply.workable.com/hack-the-box-ltd

👆 @graceful saffron

Alright sweet, I'll check it out

Gotta love hack the box

Thanks 🙂 Still find it crazy what it's grown in to. Just wish it was around when I was learning as a kid 🤣

I mean, I'm still learning

but it would've made things easier hahah

(just checked, trial defender is the role before defender, only trial we have)

Oh man, well you've done a great job at giving what you wanted as a kid to everyone else

Are any of these remote?

You can filter by location type, but generally roles require a certain locality due to part of the role

Remote in this case usually means "not Greece"

I don't think there are any truly remote roles at the moment, as in areas not listed in the current locations under remote workplace type

We try to hire people in areas where we already have others team members near by, even if we don't have an official office space there right now. Full remote, we have a few in that position (myself included, apart from when I go to Greece for certain meetings), but we try again to hire near by other team members in order to ensure some sort of connection with the rest of the team that's not just a webcam

Ohh I see, that makes a lot of sense, I've taken a look at the MSSP job offering posted a few months ago and it looks interesting, although it may not be the opportunity I'm working towards currently

Although I'd highly recommend it to anyone else looking to expand their horizons.
I'm just looking for more of a researcher role if that makes sense

Like I'm confident in my SOC concepts, Confident in web penetration testing, getting better at network engineering, understanding different protocols, forensics, IR, regulations, frameworks, development, hardware, languages and directory structures (which I'm getting better at), protocols, automation, Linux and windows tooling and hooking, etc

Yeah, makes complete sense

Yea, so I might just try and harness it to become a bug bounty hunter

The problem is that, I'm not the greatest with mobile yet

It would be good to collaborate together with someone to achieve a higher tier vulnerability

Or it may help for attack vectors and scope management

I'm wondering, what was your original idea when it came to HTB?

Expectations vs reality?

I joined after it was started - ch4p was the original founder, but the aim was to have a middle ground between the complexity and non-realistic scenarios seen within CTFs, and the high cost of industry accepted certifications.

He wanted somewhere to practice himself, and HTB was the result

Sadly they don't have any jobs in India

So expectations were a middle ground focusing on the ways an attacker thinks and they executed it perfectly

One misconception a lot of people have about hacking is that everything works the same, it definitely doesn't

I got scammed $900 through Apple Cash I only have the scammers numbers(s) what do I do? I reached out to my bank, Apple, and the police and still no help but I filed a claim with FTC

There's nothing more you can do

Just hope

We can't hack accounts for you or help you in any other unethical or illegal activities

So just learn from your mistakes

Hello everyone

Hello

Is there any way I can use Kali Linux on my browser without having to install it on my virtual machine or my pc

yeh there are services that provide virtual boxs on ur web broswer

or u could just use a vps

wow that's good.
please name it

AWS, google cloud, microsoft azure. there is definitely others.

Thanks Chief

Please how can I setup a VPN

What vpn?

Just download

Yo im tryna nmap my Metasploitable i have connected them to the same ip and set everything up it still doesnt show up all the operating system and stuff can someone help a brother out?

i cant see any of the networks services available and stuff

i did nmap -sV -O -and the correct port

it still doesnt show up tho

Are you running the metasplotable on a VPS or on ur home network?

home network

On a serpate machine? or in a VM?

vm

ohh intersting, there tends to be problems with creating a metasploaitble within a vm, especially when trying to run nmap scans etc, this tends to be caused by a lack of isolation. It would be best to try and create a metasploitable environment on a seperate machine or on a VPS. Are you using virtual box?

yes im using virtual box and wdym by a seperate machine like another laptop or smth?

yeh exactly, but i could still try and help with the vm if you would like

you need to make the vm an actual device on your network, this requires some configuration on virtual box.

are you down to this a little later

ill share my screen

@little pike unfortunatley i wont be on later, but im sure someone else who is knowledgeable can help! This link might be usefull aswell (Its official virtual box ducmentation on how to bridge your vm): https://www.virtualbox.org/manual/topics/networkingdetails.html#network_bridged

can anyone help me with vpn

Alright thanks a lot ill go through it as soon as I can thanks a lot

Whats up

All goods boss!

sure, watcha need help with?

♥️

i need and vpn login that i can use

What do you mean boss? like u need an account?

yes

Why dont you just create one?

Check pins in #😈・pentesting

i can create i still need to sub so that why i need login

nothings free amigo

okay amigo

if you're worried about leaking your IP, you can use TOR, which is actually free

I am trying to scan my metasploitable machine with nmap and it shows all that all ports are filtred, more specificly:

All 1000 scanned ports on <here i took out the ip adress> are in ignored states.

Not shown: 1000 filtered tcp ports (no-response)

Nmap done: 1 IP address (1 host up) scanned in 201.41 seconds

Bruh my dad clicked on a ad in Facebook and it said his Facebook account was close to being suspended and made us call this number but it seems like a total scam

I don’t know if it was real or not since his acc works now

Sounds like a scam ngl

What was the the nmap command you used?

nmap -sV -O and the ip

i tried -sU too

same result

So just a version and os scan 🤔 you could also try -p- to scan all ports Incase the exposed port is not in the top 1000..

Or maybe try adding -Pn if it's a windows machine

Or if scanning all ports is taking too long you could also try something like https://github.com/dievus/threader3000

so then id have to do nmpa -sV -O -Pn and the ip?

the other person told me to "you need to make the vm an actual device on your network, this requires some configuration on virtual box."

im not sure how to do it tho

Yes that's correct

I have a question regarding network interaction via VPN in my case. My college uses Sophos as an internet solution, which requires us to login using a username and password. This happens only when the college allocated DNS is used to access the portal. If other DNS is used, it simply does not work. When I connect a VPN, it uses its own private DNS, which results in the connection being dropped after 3 mins or so. I did a workaround through it by letting their Client Auth Agent (a client installed in my system to auto login to the network) bypass VPN. I am not exactly sure how this interaction would work. It works, but I just want to know if my college will still be able to see the sites I go to? Essentially it's doing something like this to my understanding.

Other Apps <- VPN <- Internet provided <- (Sophos Client -> Authenticate Internet)

Alright ill check it out in a bit

Ahhh that makes sense you will most likely want your metasploitable on an isolated part of your network that way you don't expose the VM to the internet. And then configure your Kali machine so the 2 can communicate.. let me find a link to a YouTube video that will walk you through this

alright bet ill prob need the link

https://youtube.com/watch?v=mvsiuLzpx2E you want the isolated network part

alr thx

VirtualBox - Error In supR3Hardened WinReSpawn
NtCreateFile(\Device\VBoxDrvStub) failed: 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND (0 retries) (rc=-101)
Make sure the kernel module has been loaded successfully.
where: supR3HardenedWinReSpawn what: 3 VERR_OPEN_FAILED (-101) - File/ Device open failed. Driver is probably stuck stopping/starting. Try 'sc.exe query vboxsup' to get more information about its state. Rebooting may actually help.

can someone help me with this

it happened after I updated VirtualBox

1 sec i know the fix

can u vc?

I found it thanks just restarted my pc but I have other problem

uh

it takes more than that

C:\Program Files\Oracle\VirtualBox\drivers\vboxsup

I installed guest additions and since that the clipboard didn't' work it was working before that and the drag and drop is not working also

go there right the vboxsup.inf fille and click install

i dont know abt that mb

it is making me crazy

bro u gotta mentor like me

igot my pookie zoro

@karmic leaf

my goat

🤑

😭

I didn't get what exactly do you mean but I hope that @karmic leaf can help me

😭

na

Well i surly can not.. i wont say that im just starting because im not and dragging myself all the way down to "what does ls do in terminal" wont be it for me.. for my level or a bit lower than me yeah sure i can help with stuff like ctfs or maybe trying to code malware or any programming language but i dont think i can do it like that..

hes only mine

bro lwk

i gotta hack into my ipad

cuz my dad keeps taking it

and i keep sus stuff in it

oh oh

my entire gallery is just pictures of my misses so like i gotta hack into it and deny him access whenever he tries to go on there so

😭

bro 😭

not sus like that bro

its only pictures of my girlfriend

ah ok

but he doesnt know yet uk

😔

idek if he uses it

he changed my password on it too

what it is girlfriend?

the thing is attached to me tho it has my gmail allat i just gotta control over it on my pc

its a app thing

this is weird isn't it is your Ipad?

u do sudo girlfriend --rizz

but like he doesnt want me to use the ipad too

idk why

you installed linux on the ipad?😂

😔 yes i needed to use the girlfriend app

and what is the repo for that is it school or university or what?

friends friends

how to add this repo so I can install the app?

can someone help me test for server-side parameter pollution in a query string??

uh sudo install girlfriend

might work

just check and lmk

Places to read news? Onion?

yeah it worked just needed sudo apt update thanks

😘 ur welcome

you deserve ⭐ ⭐ ⭐ ⭐ ⭐

❤️ @karmic leaf see this

u should teach like this bruh instead of watching me suffer

yes we will be in a better world if everyone is like you!

😔

https://tenor.com/view/caseoh-curt-idk-food-hunger-gif-5357725025351395900

when I have kids I will tell them that you should be like this guy

thats great bro ill tell them abt what a great guy u were too

lemme go back to studying i feel bad rn

yeah you should

fr

fr

What’s that?

You can’t do that

yes I know t

apple locks every thing

You can do it on the older ones

Not everything

Macs are open

just use their software

so you can you do dual boot

or install other software?

BRO

im gonna rage

https://www.youtube.com/watch?v=mvsiuLzpx2E

@tr

@upbeat veldt dint work

thx tho bro

its a joke

it was a joke

bro

im so tired bruh

im actually sad bruh

i gotta figure this out before i sleep

i got 40 min left

haha

rip

bro

i think i figured it out

i got them on the same 127. ip adress

lemme check

127.0.0.1 is your local ip

BRO

its

pinging

dms

i wanna curse to express my excitement rn

can someone help me installing guest additions in VirtualBox on kali linux or give me a resource he used and worked with him?

https://www.kali.org/docs/virtualization/install-virtualbox-guest-additions-on-kali/

I will put this in virustotal first

Hello red boi

404!

https://www.kali.org/docs/virtualization/install-virtualbox-host/

https://www.kali.org/docs/virtualization/install-virtualbox-guest-additions/

https://www.kali.org/docs/virtualization/install-virtualbox-guest-additions/

Guys I need to unlock my modem. Any help

Chips arrived @sturdy lance, 7 days delivery my arse. Gotta dig out my electronics gear from the boxes in the garage now to find a USB/UART bridge in order to get it wired up. Still not expecting them to be actual C5 modules, but who knows 😆

hi

can i get help

hi

what help

i dont look nor answer to dms

this is a channel for a reason

the problem with openvpn

dosnt work

when i try to connect to my tryhackme vpn file

THM probably have their own support, right.. but, copy and paste the errors from the log - you don't need to provide a screenshot.

(also here there's #1014044825512849498)

Why not?

The error message from openvpn

Not from Discord

If your message is being deleted, it probably has too many repeated caps in. Post the log on pastebin or something

or as a GitHub Gist

how

or speak to THM support

😭

ok

sudo openvpn name.ovpn
2025-02-03 19 40 14 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
...... Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
........ Note: '--allow-compression' is not set to 'no', disabling data channel offload.
.... OpenVPN 2.6.13 [git:makepkg/5662b3a8eb9e5744+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO] built on Jan 15 2025
.... library versions: OpenSSL 3.4.0 22 Oct 2024, LZO 2.10
...... DCO version: N/A
... OpenSSL: error:0480006C:PEM routines::no start line:Expecting: CERTIFICATE
... OpenSSL: error:0A080009:SSL routines::PEM lib:
.. Cannot load inline certificate file
......... : Exiting due to fatal error

the problem with time repet alot of times

we're not your slaves..

?

lol

Yeah.. go speak with THM support - we can't help you with this

ok ok ime sorry

It's a problem with your configuration file

@spiral notchimean i fix the discord problem not the openvpn

Do not be upset with me

If your message got blocked, it was for a reason

Making demands of people who are trying to help.. not a great look my person

Anyway, good luck.

I say you that the problem was because of the time returning more than once

🤷‍♂️

Sorry if you feel bad

I'm fine, just giving you a heads up. Try to be polite, not demanding ey

Much more likely to get help then

bro the translate on discord so bad

I tried this https://www.kali.org/docs/virtualization/install-virtualbox-guest-additions/#virtualbox-guest-x11, and the drag from the guest machine to the host does not work. Also, I can't drop files directly onto the desktop—I have to open Thunar first and then drop the file inside. Any ideas on how to fix this?

bump

Dont think anyone here has experience with that. I also often have issues with our schools network restrictions

I suggest just read the docs

Find a work around

What I tried to do

I have already found a work around, which I have mentioned. I wanted to know if the work around is secure or not

Safe as in undetectable?

Apologies, I misunderstood your question at first

Safe as in if my traffic is not exposed to college servers with the work around.

Using a VPN, since that unblocked your websites, it means the von network is prioritized which would most likely mean it's safe

However is it your own laptop or the wchool laptop?

They could've installed foreign applications like spyware

Own

If you let them double click anything

Then there's no way to be 100% sure

Ah, no one has done anything to my laptop. It's just the firewall they use for the dorm wifi

Yeah a vpn should be fine then

Prevents any mitm attacks and arp spoofing

I am new to cybersecruity I am 14 what do I need to learn

#👥・new-member-guide

Thanks

no worries

Is try hack me free ?

Where can i learn my sql for ethical hacking

Yes

Just sql? https://w3schools.com

Apart of it free

Portswigger is good place

hello friend good day sorry the mailer you give me isnt helping i tired to make payment

its not working

What?

I didn't give you any mailer

Oh.. you mean those services

Whether or not you can purchase them, sorry that's not something I can help with

i feel like there's something i'm missing, i've just finished my hacking college and got my associate's degree
later on i've been practicing very little at hackthebox mostly, since i see it fitting for the type of study i want to go through (not strictly web pentesting)
i have a fair amount of knowledge when it comes to tools and the use of certain libraries in python in which i've also mentioned in my resume
i've been applying to jobs, many jobs that either are at entry level or require experience (i know i have none but we can never know)
i have been applying for 3 weeks, i know it's a very little amount of time but i feel like there's something i'm doing wrong
in what field should i try and start with first despite my academic studies? do you think companies who hire for positions like soc analysts would care for help desk experience?

Yea I'm sure various different jobs could translate into something useful in the field, it all depends on how you word it. You could try to tailor your resume to reflect the job description you are applying for. Say the company is looking for someone with experience in XYZ, if it's a true statement for you then reword it a little, proficient in XYZ etc etc... Go through a bunch of different job posts for that type of position and pull out bullet points that you are capable of doing... Create a list now you have a template for that specific job title... Then shoot your shot..

if you would ever be willing to VC, i can give you some general employment advice as straight forward as i can put it that may be of use to you for the position you're in right now

this is really good too

thank you for the straight forward advice!
i'll try and find a way to make editing the resume in such method easier, since editing it and saving it each time as a pdf can be a bit too much for each job application, maybe if i could make more templates of my resume for various pre-planned purposes i can make something like that happen, is that what you had in mind?

i could use any help i can get honestly, so i'd be willing
i can ping you (if it's allowed and you have time) whenever i am available to be there if that's ok by you ofc

fs take your time

i lost my password to my oracle vm can i get it back

Alright man
My job
Reply DM

How do you personally handle the internal debate of when you’re ‘allowed’ to call yourself a hacker? I find myself struggling to feel entitled to any sense of pride in my knowledge because it feels like there’s always another level I haven’t reached yet. Do you think there’s a defining moment where someone truly becomes a hacker, or is it just a mindset? Can you only consider yourself one if you’ve learned a certain way, have done XYZ amount of things?

I find when I do get the motivation to study and perform my CTF’s & Boot2Roots, I feel unstoppable and my calculated progress expanding. Feeling like I’m thinking outside the box and actually accomplishing what I want to do is exciting. But then moral dilemmas come back when I realize I may only be on the 10th step of the 10,000 step ladder that other people are already at, and therefore don’t deserve to feel pride in what I’ve done, or the way that I do it.

It's not like being a lawyer, passing the bar. Being a hacker is a mindset. Sure, perhaps you don't know as much as someone else, but nobody knows everything. If you have the drive to grow, the desire to make things work the way you want, not the way they should, to patch things together to work as greater than the sum.. if you are inquisitive, curious and realise that nobody knows everything - that we all start somewhere

You're a hacker

You can be a child with a set of lego making something great, and be a hacker. Someone who makes something work to better their life, even if it wasn't intended to work that way, a hacker. Pentesting, programming, endeavouring to always grow and to use your skill, persistence and knowledge to adapt not only yourself to your situation, but the tools and materials you have available as well.. hacker

Hacker isn't a check box. It's a way of thinking.

Is it a password for an encrypted disk, for the BIOS, what?

For the OS itself?

If it's for a VM of yours and it's just the root / user password you've lost, there's an easy way around that.

...so long as the disk is not encrypted..

thank you for the wisdom, insight and encouragement, i sincerely appreciate it

Hey guys I need help from someone to get emails of 2 gmail accounts opened on an android phone i think. Can anybody help me pls pls pls?

services are not provided in this community. enthusiast conversations only

#1286135820008296509

yo any tools for control over my brothers laptop to troll him?

i wanna just bug him out over and over i can have remote access to his laptop that isnt a problem but like how do i do it

teamviewer ☠️

And this is where the saying "brotherly love" comes from

if he is connected to ur local network, u can remotley shutdown his computer from cmd, fun lil prank

alright thx a lot

all good!

How much is this access limited to?

Can i get into the emails & stuff too?

generally speaking no

Is it possible in any way?

do you mean from cmd? or exploiting a computer?

Same

Idk what’s a cmd but yeah a computer that’s miles away

sounds like a case of imposter syndrome

yes its definitely possible.

I remember one website, where it would show fake windows update. Good enough to troll him.
Open the website and let him wait for several hours

https://cdn.discordapp.com/emojis/1311351427490254969.gif?quality=lossless&name=popcat_hyper&size=48

Can anybody teach me this pls

😭 i did it on him before

he was stressing

Lmfao

#👥・new-member-guide

u can also dos urself 😂

thats a fun lil prank

Can u help me out? Pls

I sent u a dm

u can ask questions here homie!

How do i do it?

This didn’t help fosho cuz

check ss64

Where

google

Can anybody do it for me pls? The latter. Asap

Sir yes sir

That’ll be 5 ring pops

I accept shipping

I genuinely need help

Just ask

And you shouldn't DM people for obvious reasons. Too many scamers.

Just like this person who has in his Bios that he's offering recovery and hacking services. That's going to be 99% a scam

Some body PLEASE help

help with what bro, ask the question?

https://dontasktoask.com

Just ask?

like a somebody someone help him!! 👊 🚨

maybe he should just ask?

Maybe he doesn't know how to ask

I need remote access to a device far away

Ive asled twoce by now this is 3rd

That doesn't sound like it's a device that belongs to you.

It has my info

#1286135820008296509

Not that ive done anything wrong rather i was wronged

?

brother, read it

It's a yes or no question. If it's a device that doesn't belong to you, you don't have the right to get access to it.

It does belong to me

My emails r there

But used by someone else now

God

It’s too complex

it's not

If anyone can help pls dm me

Even if i gotta pay

you only getting scammed

It is u don’t know the actual reality

I do.

this aint the server for that kinda of stuff homie

How about teaching ne then?

Ok well then u can tell me which server is

google

My teaching is always the same.

1. Don't click on suspicious link
2. Don't download suspicious applications
3. In case your account got compromised, restage your device and then change all your passwords.

thats a pretty good server

Hey I'm trying to disassemble an exe using Ida free but the task is to find the cryptography algorithm used but I'm not good with assembly if anyone can help then much appreciated

Like I got the session key and the public keys but idk how to find the private key and I'm pretty sure it's Diffie Hellman algorithm 😭 but idk how to find the private keys

in what language was the app written in?

Umm I'm not sure, tbh this is the second time professor asked us to use Ida free but he didn't really explain much. Like finding passwords was easier than this. Though I managed to find some information but need to know how to find the private keys

https://github.com/horsicq/Detect-It-Easy

It's important to know the language and / or the compiler that is being used.

Because if it's written in something like Go it's going to be a bit different

Okay I'll let you know in a couple mins

Yeh that's true

But this is probably C, C++

Not helping man

Which

google

It's a pe32 btw @crisp star

If u can’t help y even bother shitting

Written in C++

lmao

Learning a process is not a problem but the usage of the process.

Can you see a function related to something like encryption?

Checked through functions but nothing says encryption or anything but I could maybe send the main function's contents

can you even see the function name or are they all stripped?

Yeh I can see the function names

Well that's good than.

Have you considered that this could also be just a XOR encryption?

Um nope the filename says

DH-modified-last

So I thought it could be related to Diffie Hellman

The usage is my problem none of u would object if u were in my situation calm ur horses down @gaunt comet

but your only task is to figure out which encryption has been used?

Yeh and the private, public and shared session keys

lmao, im 99% sure if u knew how to exploit someones computer you would do it for unethical purposes, thats why we dont entertain ur questions.

Fact ✅️

I probably need the file to help you further. But maybe you can look for strings. Since it's a university / school task it shouldn't be too complex.

Like I searched in string too but couldn't find "private" string

Maybe it has a different name

Hmmm yeh could be

But

You could also use tools like Floss. But I doubt that's going to be something they expect you to use.

Yehh this work only requires Ida

Okay so it says

.text:00941130 call    sub_941200
.text:00941135 add     esp, 8
.text:00941138 mov     edx, [ebp+var_C]
.text:0094113B push    edx
.text:0094113C push    5
.text:0094113E call    sub_9410A0
.text:00941143 add     esp, 8
.text:00941146 mov     [ebp+var_8], eax
.text:00941149 mov     eax, [ebp+var_8]
.text:0094114C push    eax
.text:0094114D push    offset aBobSendsAliceT ; "BOB sends ALICE the session's public ke"...
.text:00941152 call    sub_941200```

Ah the alice and bob story

Just a portion of the main function

Yes

So it's probably Diffie right

Yea

Yehhh but how to go further with identifying the keys that's the question mark here

I got the public keys and the session key by using the breakpoint properly so it showed

what happens if you just run the application?

When I run the app it quits itself but if I use a breakpoint it pauses the operation

So I can view the output

Like it's supposed to just show the public keys and the session key so quickly and the app quits itself

Bro talks like u r 1 of em. Listen I wouldn’t be joining this discord, make a discord account just for the sake of asking help for this if I wasn’t this troubled. U guys do ur regular time wasting shit here but im here for a purpose. Which is not illegal but i need some proofs prior to proceeding. @viscid adder fact check ur asses bro. What’s even wrong with people these days? I really wish the worst be upon u 2 from the bottom of my heart to not even want to hear out my story. I sincerely curse u for the humans u r

brother, no one on this discord is gonna teach you how to hack into a computer that you dont own. simple as that.

Who tf said i dont own u dumbful

Aight.
Tell me your story, I want to hear.
DM

What’s with mockery among u people? U can’t shut quiet if u can’t help?

Whats this then?^

"far away" 😂

LMAO 🤣

It's more that your story doesn't sound like it's in good faith. You ask to get access to a remote device that you don't own, just because your account got hacked?

Do you want me to send the pics for you to see the text properly if you could help

I probably need the file to even help you. But I don't have a Pc right now.

I see oof

Um will you be able to help me later when you have a pc if I send you the file?

it depends how tired i am after work

Oh okay

Thank you still

I'll be sending the file, if possible please review

you could also join a reverse engineering discord server

Any recommendations?

Just google Reverse Engineering Discord server. There should be one with about 18k people.

Oh okay

Also make sure you read the rule in here.

Okay

Any cool/interesting post-root tools to play with?

Hello guys i m beginner for cyber security and i don't know how can i start can u help to what i want to learn

#👥・new-member-guide
You can begin here.

could you use a different audio player using a type 2 hypervisor on a computer with hardware that only uses a bad default software?

since you can set the input and output

Apparently the device has been moved far away so that i cant access @viscid adder what’s so fun about laughing on someone who’s the victim of a criminal case asking people for help?

https://tenor.com/view/bruh-meme-gif-26978290

I mean if it's already far away and you don't have remote access configured, you're kinda out of luck @light skiff :\

The only advice I can give is to cooperate with the authorities. If you know where the device is, work with them, do not attempt to recover it yourself. You never know who you are going to run in to, and what they may be willing to do.

🙂

Anyone with any ideas on how get through to this company?

https://vsys.host

they have so many websites that are stealing my copyrighted work and they do not answer abuse emails… it is basically a safe haven for online thieves

Does anyone know what is the solution if bot attacks like dos and d dos are being performed on youtube lives??

Ddos attacks can't be performed on yt live streams

Okay

Like the views are going from 15k to 80 k and then coming back

Is there any solution??

Those could just be raids and such

Add better anti bot protection

If they're spamming your chats

If they're just viewing, you can't do anything, I don't think there's any point in doing anything either

Why wouldn't you want more views if it doesn't bother

Its a channel that is for students for preparation for exams and next week we are having the exams

Like the mains

So somebody is spamming like bot viewers and making fluctuations

Causing them to stop the live classes

Is it possible so for YouTube lives ?

I've been messing around with the Wifi Nugget (esp8266). Does anyone have previous experience?

if anyone can help me with the reverse engineering please, I have tried the best to understand but it's very new for me. The questions I asked are here

Im trying to set up a proxychain and i did the steps shown in this video https://www.youtube.com/watch?v=KWwOU1z5E8E&t=465s and i watched like 3 other videos same thing and whenever i tried checking my ip it was never liked masked or anything and even when i did the proxychains wget -qO- ifconfig.me command the only ip i got back was mine and so im sure it dint work if anyone is free can someone just help me out https://media.discordapp.net/attachments/1335257626698842236/1336402385920196680/image.png?ex=67a3ad35&is=67a25bb5&hm=35e9e654f40bb670758d59f4c1cbd43c12e1469bb030151f3cbe05a59563e27f&=&format=webp&quality=lossless&width=727&height=227

thats the thing that has shown up

i watched network chucks video too

and an0n Ali's video all of them were on this topic

the results were the same as they all do the same thing more or less 😔

https://media.discordapp.net/attachments/1335257626698842236/1336393144144760932/image.png?ex=67a3a49a&is=67a2531a&hm=9541020fd4fc361db397d2354650cc82171f40073054da4158bcde83c6acdfaf&=&format=webp&quality=lossless&width=1440&height=657

this is a clip of what i did

dynamic chain is on proxy dns is on and i tried it out again

https://media.discordapp.net/attachments/1335257626698842236/1336403847538802688/image.png?ex=67a3ae92&is=67a25d12&hm=f3dfcd93c9640833bf6e55d349c8bee09108c3ceebcd8d352cd0a0cdf28cd2dd&=&format=webp&quality=lossless&width=1440&height=621

I need help with something