נυѕтιη σтнєяσηє @shaen@hackers.town

It's that time again 😩​
fdupes -R -s --maxsize=314572800 /mnt/storage/ >> /tmp/dupeslog.txt

Do you think it's possible to chroot into the steel linux install of a dual boot system using a virtual guest system running on the the steel Windows, so that you can use your linux from your Windows through your linux? 🤡​

Maybe with.... sshfs?

Where can I stream video games occasionally without using Twitch or YouTube?

I thought I'd let you guys know that we survived getting covid in our house.

No one else got it from the person who did, but we did all watch that person nearly die before needing a hospital and then barely staying alive while there.

Since coming home a week ago, they have been recovering slowly from pneumonia after effects. But no one is covid positive anymore, no one died.

I really don't know how. We all lived together before we even knew.

But don't forget that we almost did. And so can you.

Thanks to everyone here who gave me some positivity during those weeks.

python3 -m this | head -n 4 | tail -n 2

This is my idea of a love letter.

So I was finally forced to check the writeup on this tryhackme challenge, and the task I'm on starts with:

So, this is probably the reason you're here. Do me a favor and at least read some of the garbage I wrote for the previous tasks. Please? This section is confusing because there are SO MANY ways to do what it is asking you to do. Don't try to be clever. It won't work. You'll probably end up being way TOO clever and not get the right answer.

And that makes me feel a lot better.

In short, if you're doing these challenges, when you get to the part on XSS, just know that its very badly designed and don't feel bad.

Tentatively: My mom is improving. She'll need a lung doctor after she is released from the hospital. So I'm wary of being too hopeful.

No one else who was exposed has started dropping off dead yet.

Still waiting for that to happen, but starting to think it might not.

​ passwords
​ cookies

📄​.🍪

I gotta say, they should probably teach XXE in historical computer vulnerability. When was the last time you saw someone using XML?

Update on my family: Neither me or step dad are symptomatic yet. There is still time for that to happen, but it hasn't happened yet.

Mom, if she makes it, is going to have to learn to walk again from being bed ridden with low oxygen.

The hardest thing about this whole situation is that normally you can sit in a doctor's office and doctors will talk to you eventually.

In this, you just don't know anything.

The most annoying thing about tryhackme exercises is when they explain an exploit is possible "due to misconfiguration" yet that they don't show the configuration that led to the exploit.

I think I can program a faster dictionary attack while waiting for Burp Suite Community to finish this time throttled bullshit.

(root) NOPASSWD: /this/is/a/bad/idea

The issue with this LFI challenge is that you don't even need to get root to find these flags. You don't need to login at all. You can just read the flags from the browser, knowing the file names and locations of the flags based on the creator of the challenge and their habits.

I'm completing these tryhackme challenges in less than 5 minutes but they're still so fun.

How common is it in 2020 for for LFI on a website to allow access to server files?

After spending a few days with Burp, ZAP, Juice Shop, and DVWA getting in some basic learning about these tools and targets, the thing I have come away with about the difference in Burp and ZAP is this:

One is incredibly well documented with a lot of training available attempting to get you to buy the Pro version.

The other has almost nothing available to teach it to you. In some ways you're probably better off learning Burp just because you'll get a better education in the tool.

Then after, you can look at ZAP and figure it out more easily yourself. Sort of.