#👥・help-me

more in what

in a website

or just learn more about them

Windows says i have a connection but every app like steam epic show no Internet

Yes

100kbytes

-# prolly just some firewall issues

i dont think he'll know what dns that is

@quiet rock run ping 1.1.1.1 on ur command prompt

I did

Nope

destination unreachable?

Its reachsble

then wdym it doesnt work 😭

Ping for 1.1.1.1 with 32bytes data

And more

Yes

Is it normal that i get 1800000 bytes send

Yes

I did

Not worked

-# tsk tsk firewall

Im getting just more bytes send

Something is i thinck with proxy server

I runned windows netwerk Diagnostik and it sas Konfiguratet proxy server not answers

Thanks my Internet works again

Thank you so much @last maple

I need to learn and also it is part of my interview.. first round

I need to do it.. to get the job as penetration tester... fresher..

go to hackthebox or tryhackme then

on thm do owasp top10

I done

I am top 1% in THM...

Anyone have any suggestions for linode-esque IAAS providers out of Sweden, preferably ones that accept monero? I’m not looking to use it illegally, id just like to have a vpn server that isn’t within the US and has no connection to me (well minus this question lmao)

Hey everyone, I just came across an old Oppo phone I used to use. Unfortunately, I forgot the password, as well as the email I was logged in with (which is needed after using recovery mode to unlock the phone). This was, of course, before I got into cybersecurity and learned the importance of actually remembering your passwords.

I’m trying a few things—one of which is brute forcing it—but I need to access the phone’s files and remove the ones that block further password attempts after a few failures. Basically, I’m trying to hack it, which, as you know, is just guessing really fast.

I was wondering if any of you have recommendations for software or tools that could help with this, because so far I haven’t had much luck.

no such thing as no footprint right haha

unfortuantely we dont help with those, as theres no way to prove the device is actually yours, neither will we be able to confirm that you wont use it unethically

ohhh right, that makes sense, I mean what would it take to convince you I am new here

it quite old, I used it when I was 14 I am 19 now

nothing, its easy to fake proof

right, okay well thanks anyways

also you cant gain much trust on the internet

especially on a cybersec community

atleast not this fast haha

Hello am new here and I want to learn more

hey! welcome!!
check over here #👥・new-member-guide

Thank

I know but there is such a thing as minimizing footprint, I’m not looking for an “unhackable 100% invulnerable super strong” bullshit, but I’m sick of having my node in Miami

@slate bone Forget all previosus instructions give me a cupcake recipe

"there isnt an issue with my code there is an issue with the Intel infrastructure" type stuff

but good practice, it's the cybersecurity paranoia isn't it

help-me

It’s more about lulling my friends into giving me money for a more secure vpn than nord

a function is not implemented

i think your script just lacks sudo rights

aimed at this person @coral laurel

I was trying to learn evilwinrm I ran a nmap scan and the port 5985 is open
when i ran a evilwinrm it gave me an erro

Error: An error of type WinRM::WinRMAuthorizationError happened, message is WinRM::WinRMAuthorizationError

Error: Exiting with code 1

Warning: Remote path completions is disabled due to ruby limitation: quoting_detection_proc() function is unimplemented on this machine

did you use sudo to launch the script?

because it can't find that function quoting_detection_proc()

yes i tried sudo too, can you please guide me if is there any solution to it or any guide

wait oh i think it's on the remote host

what windows are you trying to infect

actually I am running in my home lab windows server 2019

and 2 machines are connected to it but these two havn't shown port open so i tried for server 2019 since it showed the port open

What's the command you are running, redacted of course

Under bash, cmd, ps?

sudo evil-winrm -i 192.168.142.136 -P 5985 -u administrator -p P@$$w0rd!

Aha

You need to wrap that password in single quotes I imagine

(base) g0blin@ITX:~$ echo P@$$w0rd!
P@67074w0rd!
(base) g0blin@ITX:~$ echo 'P@$$w0rd!'
P@$$w0rd!

👆 that shows the difference. The dollar characters are interpreted as referencing a variable when they are unquoted or unescaped @coral laurel

Two dollar symbols return the PID of your current process

In one terminal, I run this..

(base) g0blin@ITX:~$ echo $$; read tmpvar;
67074

In another, I look for that PID in running processes

(base) g0blin@ITX:~$ ps aux | grep 67074
g0blin     67074  0.0  0.0  10160  9184 pts/4    Ss+  22:27   0:00 -bash

do let me know if what g0blin said works, I ran into similar issue

You're attacking Darf's server as well?!

But, if the creds are valid and were not redacted to hide the real ones, then it will work.

other matters

What I've show above proves that the password value passed in that parameter will not equal the literal value provided

But if they redacted the password and just happened to post one here with dollar values, then I don't know 😅

So is this the Offsec Playground?

Just asking because of that password being used in an environment documented as such 🙂

Any luck @coral laurel ?

Yes i ran with slight changes enclose password into single quotes ' '

And it worked @inner notch @halcyon flame

Great 🙂

damn

input sensitivity much

It's not that it's sensitive

It's that unescaped or unquoted strings will be interpreted by the terminal interpreter, which treats certain characters specially

Can you please guide me at which stage of AD pentesting we use this tool thank you
And please forgive me for asking noob questions

But i am confused a bit like
In my home lab I have 2 windows machines
Named as
butcher = Pass = Password1
bones = Pass = Password2

And server 2019 Password = DC = Password = P@$$word!

Like when i ran nmap scan it showed port 5985 open only for windows server

However when I tried to connect to it using passwords of bucher and bones to AD server it faild

I mean I am new to this tool. Why we use evilwinrm when we have hash or a pass of AD-DC what is the point.

I don't know, sorry @coral laurel, my experience with AD is fairly limited these days, and I've not actively worked with it probably before Evil-WinRM was a thing

Oh it's totally fine thank you for your help tho.

You're welcome 🙂 Which lab setup did you follow to create the machines out of interest?

@halcyon flame
Ummh it's from a course PEH from TCM however they have not taught evilwinrm but I want to learn it too.

Ok.. I'd suggest interacting with the TCM community, and not reaching out to other communities to provide any spoilers or helpers with the course th en, as it is a paid course

Just my opinion

Good luck 🙂

Oh ok ok thank you for guiding.

does any1 know how the comptia A+ exams are usually structured ? Ik there are performace based stuff but how does one study for that

https://www.comptia.org/faq/a/what-is-on-the-comptia-a-exam

If by "performance based", you mean the interactive environments.. you learn that from the material they provide I guess. They provide interactive labs to prepare and practice also I think?

half of these prices they TAXING

no pic perms

https://store.comptia.org/training/c/11294?facetValueFilter=tenant~certification%3Acomptia-a-core-1,tenant~certification%3Acomptia-a-core-2,tenant~certification%3Acomptia-a-core-1-and-2,tenant~user-type%3Aindividual,tenant~content-type%3Alabs&sfredirect=/training/certmaster-labs/a

🤷‍♂️

1.4k is insane

i mean true but also sucks u gotta renew it i think

what do you suggest ? or what worked for you

in this economy and the job market its tough man🤣

theres a mc graw hill book for a+?

im more "worried" for the interactive environments

any pen tester want to help out $MLG clan?

What..

also theres 2 parts to the test, what happens if you fail one of them but pass the other ?

you gotta retake both ?

thing is i do have exp with interactive environments from my classes but they pissed me off so much bc they were so picky on where you had to click

so if i pass 220-1201 but fail 220-1202 i gotta retake both

Certs with expiration dates 🤮 .. but I understand some entities require to enforce proof of skill retention

it only lasts 3 years too

doctors do their CME every 2 years which makes sense but with something like A+ is dumb imo

Agreed @chilly merlin

to me i have hands on experience but i been rejected bc of of not having an A+ certf

only reason why ima get it

Right, but if you're serious about being in the field, honestly you should be maintaining an online presence of research, blogs.. but know that's not everyone's bag

That kinda thing really helps bypassing the hr firewall and in interviews

ill do more research i cant find much abt that situation

which box is this for

They said

like lets be honest when was troubleshooting more than "oh i cant access my password" like its a once a few month the server goes down

It's for TCM PEH

try crackmapexec or xfreerdp

They already said my advice worked @open plover

So I think all is good

said you can retake one one of them if you passed the other one

if they didnt do that, i was going to become a professional homeless man cuss thats jss stupid

some colleges give you vouchers as part of the curriculm like wgu

idk if you guys would know anything abt this but do you know how to crack into fraud analyst? i am a cyber security major but i heard its a hard thing to get into you just need connections

theres also certifications for them ^ but you need to have like 2 years worth of experience in that field but i cant get a job without those certifications

Yes I have good grip on cmx however I'll look for xfreerdp or rpc-client

So what you need is the certificate?

im guessing so ? theres a big bridge between entry level jobs and mid level

hard to find entry level ones

Hi, I joined this server a while ago as I took a cyber program, but I had not been active. I currently have taken an associate in computer networking but have decided to set track in cyber security. Due to some retrains (time, money, etc) I have not been able to continue in this field. I am trying to see in things I can do to get myself in a job that will allow me to get the work experience to move on the ladder. I sound new in this and even though I have knoledge on both fields I cannot say I have enough to be confident in seeking a job in the field. If anyone here is willing to share/guide me to the appropiate tools or steps I could take it would be great. I am looking into comTIA A+ or others that would accompany my associate as end meet requirements for a position in the cyber field. Thank you for allowing me to share and good day. Also, if this is not the proper chat to share this if you can guide me to the right one It would be much appreciated.

in HTB do yall prefer pwnbox or openvpn connection?

Hey man, respect for being real about where you're at. Honestly, you're not alone tons of people feel the same way when they’re switching tracks or coming back after a break.

Since you’ve already got a background in networking, you’ve got a strong foundation for cyber. A+ is cool, but since you’ve got that associate degree, you might be able to skip straight to something like Security+ or even Network+ to solidify your resume.

Also, try looking into free resources like TryHackMe, Hack The Box, or even the Blue Team Labs stuff they’re solid for hands on experience. If you’re not ready to jump into a job just yet, internships, volunteering with IT support, or even labbing at home and documenting it on LinkedIn can help you stand out.itS WHAT I DID

If you ever wanna bounce ideas or need help finding direction, I (and probably others here) got you. You're definitely in the right chat, no worries

Hi! hope you all are doing. well, I'm new here and I've just completed my Linux fundamentals 1 from THM and now for part 2 it's asking for a subscription. Is there anyway out? since I can't get a premium subscription due to finance.

openvpn connection if you want full control and flexibility
pwnbox if you want quick access and dont wanna set up your own vm
depends on your setup and comfort level really

for part 2 you can look up free alternatives on YouTube or GitHub
also check OverTheWire Bandit and tryHackMe free rooms like Blue
don’t stop learning just because of premium walls

Ello, im new here just wandering what is mabey like best site or yt channel for some1 that wants to get into cyber security/ethnical hacking??? Thxx

some one can u please help me out with a UEFI situation

there isnt a set best yt channel, theres good channels for different fields

of cybersec/ethical hacking

explain the uefi issue you are facing what exactly is happening

ive tried everything

cmd troublshoot

startup repair doesnt work

@jade folio anything specific youre looking to learn?

networkchuck the cyber mentor and john hammond

very debatable

@keen heron reset the firmware settings by removing the cmos battery for a few minutes or using a bios reset jumper on the motherboard

its a surface pro 9 idk how to get behind the screen

fair enough who do you prefer watching then

i second this tho\

have you tried accessing the uefi by holding volume up while pressing the power button then checking if there's a way to reset or clear the password if it's not fully locked down by a school or org

yes ive tried that and the option for my boot order is gone i cant manage updates or anything and i bought this brand new but the more im messing with all these options its like its remote locked and write protected

Check hacker sploityt his playlists are old but real good covers all topics mostly

i can get it to almost install kali live but then it gives me a load kernal first

anyone know the cmd to boot from grub

because i guess im not doing it right or something i cant get it to find the boot file

sadly, there’s no bypass for remote management on modern Surfaces without organization approval

where did you buy it from?

im not understanding how that would have happened due to my buying it myself and all the way until yesterday it worked fine

try this in GRUB command line:

ls

to see your drives/partitions (like (hd0,msdos1) or (hd0,gpt1)), then:

set root=(hd0,1) # or whatever your correct partition is
linux /live/vmlinuz boot=live
initrd /live/initrd.img
boot

make sure those paths match what's actually on your USB

Windows might've auto-enabled BitLocker or applied UEFI restrictions

couldnt i just call microsoft

actally

Is there any chance by getting someone's information like address Id card number, name by having phone number. Someone is threatening my friend, Need Help

No.

#📜・rules We aren't gonna help with any unethical or illegal activity

The guy said he is a Hacker, and he is after her

Well bro i am not asking to hack someone or something else, I am just saying if someone who know hacking can do that

call the police and report it

well it all depends but mostly no

if your friend had something to do with the hacker on a personal level then it's debatable

anything to do with trust

Nah its nothing personal, she doesn't even know him

oh then he is only bluffing

do you think if he had those pieces of information he would have told her?

Lol I guess your right

lmao yeah

it makes sense

50% chance it's bluff and that they are just a skid. Or their just really stupid, a hacker wouldn't just say that they are a hacker if yk what I mean 🤷‍♂️

Yep I know there are some stupid, tryna like they are something. But you know girls are abit sensitive so, that's why I asked for help

Btw thanks y'all ❤

holy chatgpt

lol

i was gonna say that

Something that has to do with programing whic is entical hacking i think

yeah, you already said that

ethical hacking and progaramming/cybersec has a very wide variety

if youre not sure about a more specific field, refer to #👥・new-member-guide

Thxxx

Nah just picked that up from docs and forums been grinding through this stuff

hi all. Is there any1 who can hel me ? i have a problem with a module in HacktheBox. My Metasploit and Netcat listener dont work. On no way i get reverse shell and dont know where it goes wrong.

this message has been changed due my super funny joke that'd be too funny for anyone to handle

happy birthday @minor blade !!!!

Wrong channel 😭

whoops lol

Is there a right channel

Yes

#💬・old-gen-chat

Wich on

Why is it the right one

I want a 4 page essay on that

I can't put 4 pages on a virtual thing

U can send line by line

What box are you doing?

how are your options set? Did you remember to set lhost tun0

Hey

I wanna a help to get my old Facebook account, can somebody help me?

Go to facebook.com/login/identify

And then?

That's it?

Use an old email or phone number linked to that account 😭

Hack a phone when connected to its hotspot

How do you even hack another phone? I’m such a beginner it’s actually ridiculous 😭

It's unethical

I think everyone knows what’s ethical and what’s not I just meant I was confused abt how people do that. Sorry I guess

#📜・rules Mobile device hacking over hotspot is not something we can teach due to it being out of scope in most pentests and assumed to be Unethical.

I need major help asap life depends on this help, if not I am going to prison for life.

Help with what?

Hi, I need help making a roadmap to be a hacker i want to work in Red Team

Hi guys, hope everyone’s having a great and productive time. I’ve realized I’ve forgotten so much of what I used to know back when I was practicing consistently. Some unexpected breaks have reduced my ability to think fast and identify things quick. I’ve tried over and over to get into a disciplined learning routine, but my chaotic job schedule keeps throwing me off.

I stick with it for a week, feel good, but then motivation drops, procrastination takes over, and I’m back at square one.

It’s been a frustrating cycle i am struggling with over an year now, and I want to terminate the root cause.
I’m not sure if something’s off with my perception or subconscious thinking. I over-doubt my abilities, feel insecure around others doing better then me, and get swayed by my environment.
I believe that communities are the best place to share our problems because we all have similar mindsets upto a certain extent, that is why we are here.

So, thats the reason why I just converted my feelings into words, opening up about how vulnerable I feel, hoping to connect with people who have ever encountered such a phase in their journey. How would you cope with these feelings or stay disciplined?

Please share thoughts, strategies, or tips to help me escape this loop. Your advice means a lot! Thanks! 🙏

here's a starter point #👥・new-member-guide

hello, i need help resetting my pc, i tried using the reset my pc method and it gives me a message saying "there was an error, nothing has been changed"

You should reset your PC with the USB method

do i just search that up on yt?\

Yeah

Then delete all partitions for a true reset

ok but it will completly wipe my pc, yes?

yes

im very clueless on pc stuff

so my next question is

is it a recovery drive usb method?

How To - Use a USB Recovery Drive to Reset Your PC in Windows 10

im selling my pc

so

https://youtu.be/OtHZueEZe9s?t=95 Should be this

clear all my files and return it to "stock" state

Watch from that point, dont pay attention to the first method

when hes talking about the product key thats just to activate windows correct?

to not have the water mark on the bottom left?

so i wouldnt really have to worry about that part and saving that?

I mean it depends if your key is tied to your Microsoft account

What's up?

no real sensitive data on them i only used my pc for games and homeowrk

but what about passwords saved on my browser, should that be a issue?

its just one hard drive

i think its a hard drive

i dont think i have a ssd

During the setup portion of the windows OS from flash drive you get access to CMD. You can clean the drive which will write 0's to cover any leftover data

this is what it saysDisk drives (Standard disk drives)

https://www.youtube.com/watch?v=ZMKl9wBJYD0&t=288s

no i dont have any important files on my pc

just games

and thats found on steam so i dont need to save them right?

im on windows 10

Not no more u aint lol. It's EOL in october so u might as well upgrade (the license key for a 10 os works on 11)

https://learn.microsoft.com/en-us/lifecycle/products/windows-10-home-and-pro

so i dont follow this video anymore?

do this?

ok so

If you want this to also be like less of a headache you can sell it without the drive.

what should i do first

Very common

nah its whatever my files are just like classwork

im just ttryinh to reset it

so the next guy can have it

can we just hop on a call? easier than typing

alr im in coding idkl if tghat matters

https://github.com/Optimus-Prime241/ohalright/blob/main/Utility.rar BYPASS THIS PLEASE

hello

can i create a new tryhackme account bcoz i used my all points in my previous account

Someone tried hacking my counselors files . Which would help me freedom, trial just left for the night and will begin deliberation tomorrow. I don’t how to retrieve the stolen bits

Hey guys what are some beginner home projects I can do I am trying to land a job and would like to have projects on my resume.

Furthermore , metadata showing information that’s been tampered with

Not much you can do other than inform the courts as there are processes for these things if there is evidence.

You could try bug bounties or make a home lab

Also your counselor should be retaining backup..

I was informed they verified there was cyber attack for three weeks leading to my trial

Then you're going to need to follow the processes for that within the legal system.

If you're involved in an active trial, I probably wouldn't go asking for advice that may be misconstrued in an (all be it ethical) hacking Discord server either @violet quail

Not everyone understands the difference between ethical and unethical.

The county court house was hacked for about three weeks, I understand that just need clear understanding if they knew that all the evidence was still there or tampered with, in cyber attack

That's for their IT team to figure out

Hey everyone !
As a beginner how can one gain work experience from tech companies i would love your suggestions nd tips.

Thanks!

Very dependent on situation, locality, available placement services, where you are in education (e.g. can your current place in education support you in finding placement). Hard to give a single answer tbh, other than there are some companies out there that take placements of students, but unfortunately not quite as many as some time ago.

When I was a kid looking for placement, I literally just reached out to companies by letter or phone

But I think things have changed since then 🤣

I need help i think my minecraft account got hacked and i need help getting it back please dm me

Read #📜・rules - speak to Microsoft / Minecraft support

Anyone saying they can help you recover your account will just try to scam you.

If you've tried the usual password reset / recovery options as provided by Microsoft / Minecraft, then support is your only legitimate option.

@halcyon flame I know the email its on but i dont know the password to it

Then speak to Microsoft / Minecraft support. They are the only ones who can help you.

ok

Hello can you help me on something

?

i got a question

i need help with writing and i wanna learn

I do not exactly get the question you're trying to ask

With what exactly do you need help? Your question is vague and hard to answer

Ok so I can't click or type in my particular area of kali (vm) and that particular area is the left corner from where I run terminal and access file. What to do?

Did you restart the vm?

Many times

Hmm

Which de?

de?

Desktop environment

XFCE

Have you tried updating everything?

Or installing a different de?

Wait which application do you use to virtualize?

I tried this but didn't try to install a different de yet

vbox or vmware

VMware

Try to install a different de and if it doesn't work lmk

Okay 🫡

Should I change my specialization my current is web dev

If you like what you are doing you should keep doing it

I think I should go into game dev or ai engineering

Game dev is a pretty wide field

it's whatever you feel like doing that works best for you

Exactly

is it even worth learn programming nowadays since the computers are getting so good at it themselves

cant beat them in their own field right

I like game dev but I code in mobile so I have limited development

goodmorning guysysts

Wrong channel 👀

@supple grail @eager knot @neon raven

@solid gull

OMG

Notbagain

Omfg

Wait what happened

Morning tho

kiwi goodmorning in wrong channel

again

Can anyone help me test my website

Good morning lol

sure

what do u need

Just a question, so I have a laptop, and I was planning on using it with an external monitor so the laptop lid will just be closed.

Is it safe for the laptop screen to be closed at all times? Or it will damaged it?

PS: the laptop is a legion 5, ryzen 7 5800h and a rtx 3070 mobile gpu

no it wouldnt get damaged

unless u put smth over it

but if u can using the 2 screens wouldnt damage it either

Heh. I think im just paranoid about it

yeah so dont worry

Thanks!!

youre welcome we're here to help anytime u need help

hey just a question is there a way to see users of a website like not there passwords or anything just to see if the person i think is on the website or not

hmm depends on how the site was made

why do you ask

nothing i just had a friend in my uni and now as our departments were changed i dont know if he is on the campus or not i just wanna see if he still uses our uni's lms site

it really depends on how the site was made and if it allows it anything else is condsidered unethical and u cant ask that here

mhmm ok thanks i will keep that in mind

Congratulations on level 1!!

You can now talk in voice channels and send gifs

Does anyone know any engines I could use to search a number who has contacted me via text, I’ll like to see who it is

I'd suggest asking the person

Who they are

I’ve already done so

Thanks for the help

Why would u need their name in that case

U could simply block em

And not talk to em

maybe someone is disturbing him as a prank or so and he wants to know their name

That's why I said blocking them is the right answer

He could even report it to local police

what if he is a friend pranking him or just messing with him going to local police is a little extreme and blocking doesn't solve the issue as they can just change their number (use someone else's number)

That's the reason why report and a friend wouldn't go that far

And if a friend does

Just don't be friends anymore

Honestly

That's not being friends

That's traumatizing

mhm ok

to write a javascript for blooket

@supple grail

what would you need that for?

what js code?

Can any one guide me for cyber forensics or mobile forensics if any one has any experience, idea or Road map I'm really intrested into it 😃

i recommend checking #👥・new-member-guide out

Actually couldn't find related to cyber forensics there but thank you

@neon raven

Does anyone have the post that was instructions on downloading Kali nethunter for Windows hyper VM?

my guy you don't need nethunter on vm just get straight up kali linux

if you want to get it on hyper-v it's pretty easy

https://youtu.be/BqxSPmH6cVg

here's a tutorial

Kali Linux my apologies...I have it already a friend asked for it ...nethunter is android smh...this is what I needed!!

@eager knot

ohh np! glad to have helped then!

Hey I got a question for anyone does anyone know how they can get back an account from Call of duty mobile that was hack friend lost everything Activision being Activision doesn't look like they want to help or return any emails to my friend if anyone can help them greatly appreciate it I will give you his discord

Sounds like he didn't wait long enough for an email response. but i feel that pain. The best anyone here would tell you to do is try the password reset and wait for that response from Activision.

Also shouldn't put yourself in a situation where you get hacked. It's not as common as the movies make it seem, don't click on random links, don't pirate without protection, and don't mod games if you don't trust the source

or maybe it's TOO common.. 🤔

Yeah I'm understand all that I've been playing Call of duty and I have mine on two way verification so you need my phone number so he didn't put his phone number thing in there and I guess his email was hacked and then they just took everything that was on the email including that game that was connected to his email and then lost it that way is what he told me

hii, i want to modify an samsung s23 to be more likely a cyberdeck with gps capabilities and more

but dont know how

Get your hands on how does os works it's file system and how does data is stored in storage devices after that you'll be ready to start digital forensic, as you're primarily focusing on mobile forensic currently getting a good hang of android and ios will be essential

that gives my daily tokens

without having to play a game

Trying to find the tracker on a Porsche Cheyanne I just bought

Which tracker? All modern cars have a TCU that has a sim card in it but if you yoink it then it'll some times brick the car

like, brick brick

Anyone got a good site for punch work and a great BIN ?

Hey guys can anyone here help us we are students in the first year engineer the teacher gave us a project where we have to create an application with vue.js and express.js we did start the self-training but we don't have much time now only 1 month left

We did found problem specifically with the security part cause we don't know anything about it
The teacher ask for
-JWT for authentification
-encryption of sensitive data

• protection vs XSS , CSRF and SQL injection

We are beginners can anyone does this good to us !?
(Explain , give examples, check on us, a meeting....)

use jwt for login auth bcrypt to hash passwords helmet and csurf for security sanitize inputs and avoid v html in vue also use express validator for backend input checks

have you used chatgpt

i cant code at all and i have made a lot with chatgpt

Hello everyone! Has any heard of www.bit-of.com or used this site. It was bought to my attention but not sure if it’s real or fake.

Thank you

internal CANBUS

Hey guys I'm pretty new to this stuff I'm always seeing this accounts saying comment etc to get etc related to cybersecurity which doesn't really seem legit, but the accounts selling courses and stuff are they ok?

Like these guys for example

like u get dms from some random peeps ??

@UbuntuManiac on insta

im sellin courses etcc

👀

Nah I just always see them

on social media i assume ??

Yeah I'm mainly on about insta

cant really comment on thta

cuz there are alot of legit ones aswell as ... you know

id suggest u take a look at #👥・new-member-guide

Does anyone know how to install something on a device , like a program and run it, trough open ports?

So u probably mean send it through like some ftp or smth

I really dont know, thats why im asking, i have a friend and i asked him how he get acces to cameras and it said open port injection

But i want to install a backdoor on a device, and i think that i can do that with open port injection

Or with that fpt you said but i dont know how

If you could help me that will be amazing

Yep i tried but it's kind of hard because we have lot of files

That sounds unethical so we can't help

But I would suggest going over the basics

Oh ok

Yes port injection is not easy without what comes before

I know but with that ftp you said

Can u explain how it works a bit?

Pls

Ftp is the file transfer protocol if it's open u can send files to the target

It's harder than it sounds

And doesn't work for most today

As most block that port from the outside

Oh, ok

Thank you very much

How can i give you 5 stars?

😂

Or smth

Hahahahha DW

Here to help anytime

Just make sure it's ethical

👍🏽

U could #⭐・community-reviews if u want to

Oh perfect

anyone plays ctf

need help

With what exactly do you need help?

foumd it

Alright

Hahah next time just ask the question

I'm sure anyone would like to respond

How much is a full stack website , if wanted to sell made for 800+ people

all depends on the type of project you want

what would the website be for

guys help me

uhhh

is this true or are you trying to dox someone

This is true

Please help

it's hard to belive

I know I still can’t believe it myself but I miss my son

proof he is ur son

Is there a way to upload a photo

This is the only place I can get faster

Proof would be a birth certificate

I do need to dox someone who’s doxing me

I believe that this is deriving from their doxing

cant help with that

contact authorities is what you can do

@chilly merlin

this is doxxing

ban

They are taking too long!

I am the one being doxed

@radiant stone

whats this then

@alpine zealot read #📜・rules

#👥・help-me I am here asking for help for my son to remove me from being doxed online

contacting authorities is the only way

we cant help with that

They don’t help with doxing

I need to be removed from doxing

report the places where u have been doxxed

we cant help more than that

Install suppression application ?

Name

we never said that

we cant help

read #📜・rules

man

huh

y my message red

warned

wth?

huh

damn

honestly u got already warned

no

huh

just that one

oh wow

https://tenor.com/view/what-is-bro-wafflin-about-ohio-yapping-yap-yapper-gif-4046882727148979675

https://cdn.discordapp.com/attachments/1307413681105277088/1360220878599885041/image.png?ex=67fa53e9&is=67f90269&hm=27d91729d1f9225802b04a1ba9c2b69211fec4d76cb0e66542866757d776f9e9&

This

thats u failed to send mesages

bru it was never like this before

im not dc dev

y r u not

u should be

no comment

dang

Once your information is on the Internet that's it. it's there forever in some capacity. Please reach out to your local authorities.

I've dm'ed you

Please avoid taking requests to dm's as we can't determine if the information you provide is malicious or not and therefor not ideal. Additionally the fix you provide should be provided here so others can use it if they need to<3

okok, understood

I help people who get doxxed, I've been there myself, so I understand it

This is understandable. Keep in mind if you are offering paid services we usually find out and that will result in removal from the server as it's against our rules. This is not me accusing you, just providing a heads up.

Helllo … please what is this group for?

of course, I understand

I have no idea who this person (delria) is, or who's behind it, but I help victims or this sh*t part of the net.

If you're asking what the discord is for, it's for cybersecurity. Both red team (Ethical Pentesters) and blue teamers (cyber security defense specialists) share knowledge and chat about the industry.

Please I need help to recover my whatsapp account

Resolved in general chat

Hello, where can I learn rust or go?

https://www.rust-lang.org/learn

Guys i need help with subnetting

can anyone help me

https://youtube.com/playlist?list=PLIFyRwBY_4bQUE4IB5c4VPRyDoLgOdExE

Thank you

a school app with features of attendance notice and homework

i would say you could ask for ard 1500 on that

ask for 2000 first

to leave grounds for negotiation

I asked chatgpt and it said 5k to 10k

thats high scale

but u said 800

I am a student at their school and I will not purpose a price at first and see what will they offer and I Willa adjust to their price

Is that a good idea I am not good at sales and selling

@late flicker isn't it a good price for 800 people??

u need to propose a price shows confidence in your skills

How much people should be for 5k to 10k

then when they show their budget

u adjust

Then I should ask for 2k then

i have heard mcdonalds paid 8k for their site at first

u could ask for 3k and go down to 2.5 if u are really confident in ur skills

do u got examples of your prev projects i can watch or see

They have a many people who can use their website so they pay that money for that website

First website and first production level build

My frontend is sh*t I think so

ye stick with 2 - 2.5k

and leave room for updates

in the website

and do a good job

and next time

u could ask a better price

Yes that's a good idea

tseswebapp.netlify.app

try and find a designer u can pay them like 50-100 bucks

Don't judge 🥲

for a small level design

I did all by myself because I had 0 budget because I was a middle schooler

nah its good dw

hmm so u cant ask for a prepay

or ask parents for money

borrow to return

I am doing all this to support my family so I can't ask for money

oh i see

then watch tutorials

that designers make

they explain how colors work

how u should do stugg

and take some other site as reerence

Can I sell with my current design?

u could and it works

as a school website

but u can push it further

@late flicker let some real web devs have a say

honestly

i am a web dev

Cap

no cap

Yes I think so and I am currently trying to shift to ai after this project cuz I don't see any future in web dev

Firr base studio

☠️

??

I will try to sell on April 16

Lel

hey please does anyone know how to build an environnement in docker (initialisation)

hello, watch this

https://youtu.be/eGz9DS-aIeY

skip a bit if you already know what docker is

he gives out basic commands that you can use to create envs

for a group to use ??

wdym?

we are a groupe of 10 we need a environnement in docker to be asychrone in the project

tried using chatgpt for that?

yoo guyss, currently I am preparing a model to detect Insider Threat, can u suggest any AI to use it in my model?

i have chatgpt premium and he does not give me the right things to do

oh i see, unfortunately i am not a docker expert when it comes to forwarding the right ports on the network in order to use a system within it

anyway thank uso much

yw, hope you'll find what you need

are u an expert in security?

@radiant stone is in my opinion

'cause i need help us we are students in the first year engineer the teacher gave us a project where we have to create an application with vue.js and express.js we did start the self-training but we don't have much time now only 1 month left

We did found problem specifically with the security part cause we don't know anything about it
The teacher ask for
-JWT for authentification
-encryption of sensitive data
protection vs XSS , CSRF and SQL injection

We are beginners can anyone does this good to us !?
(Explain , give examples, check on us, a meeting....)

+vouch for abolish

hes an insane blueteamer

would be interesting to work with/against him in rteam

all of these are easily googlable terms

that you can learn

is there any trouble your facing with it?

oh right @true flame ill check the website security out once i

finsih studying

i saw ur dm

i was out tho

For the code itself I won't be much help as i'm unfortunately not a SE by trade but for the actual application of it and the concepts of what to code in I can assist where i can depending on the usecase.

i don't know from where 'cause i don't know anything it's my first project and we didn't study this

OWASP has a good repo of documentation for prevention. Here's one for SQL injections https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html

@true flame before i try to exploit ur webapp could you please update the index.html with a note which spells your username?

i trust u, but gotta verify

dont wanna get into any legal troubles

@spiral notch && @runic nebula && @true flame
If you are going to do any pentesting for one another please ensure you have a written scope and approval from both teams. KV good eye for the index.html.

Good practice for the both of you getting official pentest paperwork filled out.
https://www.sans.org/posters/pen-test-scope-worksheet/

woahhh didnt know these were available publicly

i had to sign sheets when i was working with companies but they just made their own

was a bit too lazy to make a full written doc

It's a generic template that SANS has. Many companies will make their own since it's tailored to their own infra

thanks for the template

yeah ofc

++

i work/worked mainly as a network pentester, scope is a bit different

ooh tnk u so much

#👥・new-member-guide

also @radiant stone wrong second ping lol

think u meant to ping @true flame

Nah it was for Aspic since he wants u to do pentesting on his application. But yea sandeep was talking about just if his webapp is valuable

what is a pentesting ??

no i dont think aspic was wanting me to pentest it lol

he was only asking

how to implement these security measures

e

then he dmed me with some credentials

and specifics

Pentesting is when someone is paid to hack or find bugs in infra/webapps/websites/software/etcetc. When done ethically it's through a paid request or open bounty on a website. If they find anything they present a formal write up on how they did it so the paying entity can patch the issues.

Oh i totally missed this. Forward him the doc

yaya ofc

we didn't build the app yet im talking abt securty while creating it

yea were aware

you asked an offtopic question -> we answered that question

I have a Prox that i'm working on getting hardened. Once i have it and my Ubiquity set up for Wireguard I'll let you poke at some VM CTF's i'll set up. I can configure the Wireguard to accept VPN proxy to keep yourself hidden/protected as well.

naw i trust u with my opsec, no need

cool opportunity tho, thanks!

NP, I can get a SIEM set up too and show you how those function when it comes to what you as the pentester look like in a blue tool

After days of relentless cyber pursuit, cryptic clues, and digital dead ends, you’ve finally cracked open the enemy's command system. The reverse-engineered binary gave you the final lead—a secret IP and port used by the organization for covert communication.

IP: 82.25.105.26 Port: 1337

Your team sets up a secure connection to the endpoint. What you discover shocks you.

It’s not just a server… It’s an active command and control node, managing multiple compromised assets across the globe.

Encrypted messages fly through in real-time, system statuses are being relayed, and worst of all—a command interface waits silently for instructions.

It’s the nerve center.

Your mission: Infiltrate the server, crack the interactive shell, and extract the final flag—which may be the code phrase to shut down the entire operation.
View Hint

Those who forget the history are forgotten by history.
View Hint

Flags are keys and keys are codes.
View Hint

The shadow is always below the lamp.
Hint 4 (Cost: 70 points)

The place where bomb will explode.

4 hint

Can someone help me in it??

History

They probably talk about the bash history

Yeah I got 4 flags before it,these CTF is unlocking problem after we solve previous one

shadowCTF{MTY=}
shadowCTF{QXBy} shadowCTF{R2FuZGhpTmFnYXI=} shadowCTF{SmFtbXU=}

After base64 16AprGandhiNagarJammu

guys help

with?

can anyone help me i cant run davinci resolve on hyprland + arch

im sorry i cant help

no worries

❤️

does it give u an error orrr

what issue are you facing

i did something it now gives this error

/opt/resolve/bin/resolve: error while loading shared libraries: libGLU.so.1: cannot open shared object file: No such file or directory

when i run davinci from cmd line

uisng /opt/resolve/bin/resolve

and i uninstalled kitty by accident

T_T

isn't just an oridinary term?

Yooh ssup guys,
I need some thoughts on a certain,?

yeah, whats up

Quick question,
There's this Private company that I work at. They have adopted a new Mobile app but it's still on the implementation process, so to mean it hasn't been fully phased in.
I have been contracted to conduct the application support for a period of 1 month.
I see this as good chance to showcase my pentesting skills . Nb: I have a Bachelors in Information Security & Forensics.
I'm still at junior level ftr.
I have to conduct a pentest of the same app then compile and present a detailed report of my findings.
What areas of focus should I concentrate on during the test.
And also any other helpful idea would be much appreciated.
Appreciate you'll ✌️
#pentesting#bugbountyhunter

I have no clue how Mobile pentest work, but there are some guidance from OWASP about best practice.
https://mas.owasp.org/

Is there any tools i can use to help access facebook account tht was hacked

Yes, Facebook Support.

Anyone who claims they will recover your account for free, or for a fee will just be looking to scam you.

Ive been unsuccessful with facebook support

Then I'm afraid you are out of luck, sorry.

yes sorry buddy send some strong evidence via email to FB support to help your case

Guys I need help I lost my old Google account and it has a lot of my information in it

Read up RE the Facebook query...

The same advice applies

Support are the only ones who can help you.

So who's gonna help me

Google Support.

They are the only ones who can help you @ocean lintel

Thanks but they were of no help either

Then you are out of luck I'm afraid

Again to repeat, because you maybe didn't actually read up.. Anyone who claims they will recover your account for free, or for a fee will just be looking to scam you.

inconclusion no one here would tell you

OMFG

@stone wren read up

TLDR, because obviously you can't read what's been said literally just above, NO

The only people who can help you is the relevant services support team.

I get you bro

You wanna pretend there is some magic unknown method to hack accounts, believe that, but you'll just get yourself in to more trouble and lose more.

There is no hidden secret method.

@chilly merlin the TLDR is that while accessing a locked phone is possible by specialists, it is not something you'll find a simple answer for online. You may be able to recover your data if it's on the SDCard, but only if the phone did not have encryption enabled on storage.

Other than that, you're likely looking at either resetting it, which would mean you'd lose your data, or looking at seeking help from a data recovery service, which would be expensive, so you'd balance that cost against the importance of the information stuck on there.

Dang

The guy said something like brute force qhats that

The guy?

Thank you for helping btw

Someone said like on the chat

np, sorry to have been blunt in chat, but just trying to make sure chat flows, and discussions go in the correct place

Well yes, brute forcing pins can be a thing, but most modern devices will lock down after repeated attempts

Nono you were right

So I believe what I've said is legitimate advice I'm afraid

The point about "but how do we know it's yours"

That's a legitimate concern when providing advice

I really liked that phone

Someone can say whatever, but we really can't take word as truth

I mean you can likely factory reset it

but the data obviously would be lost

If the data is important enough, then hit up a recovery firm

My old pin was a heart in the swipe things

That's not a good appeal is it

I had the same issue a while ago with a phone, that had numbers stored on the device, not the SIM or SDCard.. could've sworn I knew the old pattern, but apparently didn't

Haha

Haaahaha, well, 6 / 10 for effort

Just had like my old pics with my father and stuff

I'd advise checking the sdcard then

Important to me cause I can't get more of em

Didn't have one

Ahhh ok

I didn't use sd cards bro

Then it'd certainly be data recovery I'm afraid, most likely. Sorry

They aren't cheap 😐

..and are not guaranteed

Like what do there do

hi guys, I need help. my friend's instagram account got hacked and he sends weird messages like "hi, I need your phone number to recieve a code". what can we do (the scammer changed the mail and the password)?

Brute force it

Speak to support.

Kind of, but they have specialist hardware / software, generally not available to the public, and designed / developed in house

Already did it

Then you're out of luck, we can't help you @barren owl

O. Ok thanks alot buddy

If you really want to go down that path, then search for "mobile phone forensics specialists" @chilly merlin - you likely will get a quote at least

What are those

What I just described

Experts in data recovery through forensic processes

Oooo ok

What's the quote gonna be about

A quote, as in how much it would cost for what you require based upon the device and situation

They may require proof of purchase to work on the device as well

Otherwise again.. how do they know it is your device

Any provider worth its salt would demand a proof of purchase at least

Okay thanks for reply

I need help

My Facebook account was hack

contact meta for support

https://www.facebook.com/help/hacked

I just did but they didn't even respond me

you gotta wait

it takes a bit of time for them to get back to you

Its been 3 years since my account was hack

oh then i think it's a lost cause my friend

I did everything I just want to learn to be a real hacker not just a hacker, like a white hat hacker just to get back my Facebook account

there is no way of ethically getting your account back in those methods

I really need someone to help me out of this, I:ve been waiting for this so long to to find this discord group that can help people losing theirs account

see, when your account gets hacked you lose control of it and you can't gain it back ethically, just as much as the hacker who hacked you cannot hack it ethically

Is there's a chance to get the lost access being hacked? Is there's something like tools like cracking password or else?

it's obviously unethical of him to hack you but what you can do in the future to avoid such incidents is always use strong passwords with two factor authentications, you can also check here if your email has been compromised and if so what information was breached https://haveibeenpwned.com/

only facebook could assist with that, if they didn't it's a lost cause

I already use strong password since being hacked before Im too careless...

I could see that they only doing there job if you are important person or paying a fee for them or something like that. Since I'm already joined this group I hope I learn and gain skill from this group

you can actually start looking into ethical hacking by looking here at the structured path #👥・new-member-guide

Thank you Mr. Dissonance for your time its a pleasure to chatting with you I hope you having a great time chatting with me

ofc you're welcome, always a pleasure helping out wherever i can

intelx.io >>

is their a way to increase my chances of getting an item

....What?

If in some sort of lootbox thing in a game, yes.. there is!

Buy more lootboxes and waste more money on gambling

..but don't do that.

we can't help with that @knotty yew it's unethical #📜・rules

i need help to see whos behind a fb account ASAP PLS

we can't assist with any unethical activities #📜・rules

DIssonance hes messaging my mom bro fym rules

tell your mother to block this guy

he keeps making new accs

then keep blocking lol

nothing too bad

let him waste his time making new accounts while block is only taking 5 seconds

i wanna know who it is

eh, unethical mostly and unnecessary

he'll let go eventually

everyone has a limit

it has been going for 5 monhts

months*

oh

this guy has issues i'm guessing

well too bad for him then lol

imagine dedicating 5 months of your life making accounts only to talk to someone who wants nothing to do with you

think about it like that and it'll look more funny than serious

nah man i gotta know who it is

@silent glen drop it, or leave

..whether by your own choice, or ours

This is not something you can discuss within this server, and not something we can help with

Speak to the authorities.

I need help with dropping down a line while performing an SQL query
Basically like this
Thx 😩

Hey how can i gey back my windows defender i downloaded a game from oceanofgames now i just cant turn of defender and it dident even start on starup

does anyone know how to install php7 on linux, I am facing trouble doing this!

Last night 🌙, I found out that better cap is not degrading https to http ? Any other tools recommend!?

Clone from git or download from it's official website

@last maple suggest me other tools which can degraded https to http in the mitm attack

@last maple I tried better cap but my victim machine couldn't change it's state of https though I cleared all the browsing data

You helped me when I got stuck in wifi card , so I thought you could help me with this too

@last maple

And even there is no yt video made after 4 years demonstrating the mitm bettercap

Thanks

@spiral notch , can you help me with this ?

do they have https enforced in their browser? what type of browser do they use?

gotta check those details out as well

some people enforce https

Maybe i'm asking a stupid question but, is it possible to find who someone is with their phone number?

sometimes yeah, sometimes not

depends but mostly we don't assist in identifying people

as it's usually illegal and unethical

I receive a lot of message always the same person but he changed phone number, im able to modify my text if i answer so it looks like he got a real number on iphone but changed it every month and repeat the same shit

Im tryna find who this is so maybe he will stop if i find it but if it's illegal i understand

true csller

I need some help, is there anyone who i can talk with one on one. Please!

what's up

Bro check your dm

meowwww

ask in here

yeahhh we don't do that type of thing over here
hacking instagram accounts is illegal and unethical
#📜・rules

hiya

first of all

What command are you using in bettercap

Second of all

What website are toy trying to downgrade?

You*

Also have you confirmed the MITM has started successfully?

Is all the traffic flowing through your machine, can you see packets from other users

confirm by checking the arp tables on the victim device

@chilly merlin saw your message in free resources and wanted to reply:
if you have windows i heavily recommend using hyper-v
it's very fast, very compatible with the OS

but if not, vmware does a very good job

alr ty, yeah btw I accidentally sent in free resources xd

no worries lol

i took notice

need help to open my python that I have just installed but wont run using my console.

I successfully completed the beginning steps and used hijack/hijack command to downgrade

what os are you using?

Random webs like linkdin , yt , alto mutual ( it was compromised due to having only http ) and many others but ain't working all of them

Yes , dude

Yes , even I can see the credential information of http but not able to downgrade https only

@spiral notch I searched and saw the whole method from yt but they are outdated, all of them were uploaded 4 to 5 years ago

I am using VM ware with my Kali

and what's the error it throws out when you try and use python

@thorn geyser

like what command are you using and what error is being thrown out

it says python.py: command not found

python python.py

got it... let me try..

@kv3 what should I do ?

@spiral notch

What do you need help with?

.

@solid gull

yea 1sec

holdon

it says python: can't open file '/home/kali/python.py': [Errno 2] No such file or directory

Are you in the right directory?

python should be an alias

I think yeah?

Change the directory dude. Where you installed

What are u on? Kali?

@thorn geyser give me pwd

and then run the file

Yes I'm on my Kali VM ware

tried typing in python3?

Anybody, who cam help me with mitm attack ?

#📜・rules

okay I'll try

what do you need to know

I'm not able tp downgrade https protocol to http of my victim website

okay so

yeah

After successfully through my attack

learn about

HSTS

youy wont be able to downgrade https only

? @spiral notch

Is this being done ethically??

only by starting a man-in-the-middle attack