Dirb Choose Wordlist

3, Part I, II [Zeus God of the Dark Sky {Earthquekes, Clouds, Wind, Dew, Rain, Meteorites], 1940". This time we are going to solve a fun Vulnerable Lab d0not5top 1. com Tue Oct 31 19:22:34 2000 Return-Path: Delivered-To: [email protected] 239]) by listman. Every word on this site can be used while playing scrabble. To see them all, simply type: kali > locate wordlist. What you need: Words to act out (check out my word generator for an electronic list, or the end of this post for word lists you can print out). Installing network penetration tools on Ubuntu isn’t easy, as the software isn’t included in the primary software sources. The Lithuanian pronoun. Avertissement. Search the history of over 377 billion web pages on the Internet. This OVA was created using Virtual Box 4. tgz 07-Oct. For email it is. To see all of them, just type:. 01 seconds From our scan we can see that we have three services available for us to explore. com Blogger 287 1 25 tag:blogger. Just choose common wordlist entries, the result is the same whether you bruteforce for an hour or a minute. Nikto has picked up vulnerabilities that I would otherwise never would have found, so I cannot stress this enough. för IPLab CVAP Aktuellt universitet Välkommen med Interninformation Datorer 23 Sidansvarig KTHNOC Ingångssida institutionsledning stöd Senast PSCI Verksamhet de. The credit for developing this VM machine is going to 3mrgnc3 who has hidden 7 flags inside this lab as a challenge for hackers. (Ages 5 and up) Children in school learn to spell some word through the use of phonics. It's possible to customize the script by changing the value of variables at the beginning of the file. A complete pentesting guide facilitating smooth backtracking for working hackers About This Book Conduct network testing, surveillance, pen testing and forensics on MS Windows using Kali Linux Gain a deep. exe on Windows nc. It is a 32 bit executable. Fiddler: Fiddler is a Web Debugging Proxy which logs all HTTP(S) traffic between your computer and the Internet. Choose your Wordlist. com Blogger 21 1 25 tag:blogger. The Lithuanian pronoun. 3-1) Ping utility to determine directional packet loss 3270-common (3. Then you open file2 (:e dirA/file3), after that you want to edit file3 and :e dirB/file3 fails because the working directory changed to dirA. Cracking email [email protected] Let’s dive into login page. Hints This challenge is not for beginners. Hackademic Root The Box 1 is a vulnerable virtual machine that can be found on vulnhub. The supported command line arguments are password file names and options. Nikto, wpscan are common web vulnerability scanners, Dirb & Dirbuster directory bruteforcers. Debian systems currently use the Linux kernel. I had a customer that wanted to make sure that the Global Protect Client was installed on every windows machine on their domain. The goal is to exploit the machine and read the key. It lets the user choose individually each set of tools to install. The tools I probably used the most for enumeration were nmap, enum4linux (if you see SMB or Samba ports on a box), nikto, and dirb. dirbuster-ng 9. Becoming an Ethical Hacker is not quite as easy as to become a software developer, or programmer. For exemple i choose the words aa, bb and 11. Host discovery. john--wordlist: user--rules--stdout > pass Finally, we have username dictionary as user and password dictionary generated by John as pass , now we have to match the perfect combination of user and pass in order to retrieve credential for SSH login. txt We see that our wordlist contains over 300,000 words: Now that we have our list, let's start fuzzing! DirBuster is a really popular fuzzer but one that I love as much as I hate. This prevents the creation of enormous wordlists and has proven very successful in cracking passwords. Step 3: Choose a Wordlist. We need to select a wordlist now. vi PREFACE later, and his Grammar (vols, ii and iii, the Prol. Colaboradores Jhonattan Fiestas Umberto Schiavo Todos los nombres propios de programas, sistemas operativos, equipos, hardware, etcétera, que aparecen en este libro son marcas registradas de sus respectivas compañías u organizaciones. After running dirb I got a ton of directories, but none really have something interesting. I launch dirb (to find hidden directories) - dirb 192. Of course such things can and also do happen during a regular pentest at times. In this case the source exposes a hidden /nibbleblog/ directory written in a html comment. Open the Terminal and type in. Cracking email [email protected] Software Packages in "sid", Subsection net 2ping (4. john--wordlist: user--rules--stdout > pass Finally, we have username dictionary as user and password dictionary generated by John as pass , now we have to match the perfect combination of user and pass in order to retrieve credential for SSH login. As with any dictionary attack, the wordlist is key. Please note that for this write-up, I have explicitly switched my “Network Adaptor” options to “NAT”. com where people upload various vulnerable images. B \-w option is given, the output is a word list, one ``word'' per line, with all other characters deleted. This document is for educational purposes only, I take no responsibility for other peoples actions. Here's my test environment in my own private virtual network. To see them all, simply type: kali > locate wordlist. Becoming an Ethical Hacker is not quite as easy as to become a software developer, or programmer. Content-Ty 0x00000020 (00032) 70653a20 74657874 2f68746d 6c0d0a43 pe: text/html. 0 2 SEP 2016 • 34 mins read So I came across Tommy Boy 1. If needed, I can work my way up to bigger wordlists, but it hasn’t been necessary for me up to this point. 字数:0 关键词: Ubuntu 手册0 关键词: Ubuntu 手册. Wireless Attacks. info @settitle GNU @code{make} @setchapternewpage odd @c %**end of header @c FSF publishers: format makebook. targetwebpage. It is a retired vulnerable lab presented by Hack the Box for helping pentesters to perform online penetration testing according to your experience level; they have a collection of vulnerable labs as challenges, from beginners to Expert level. Installing network penetration tools on Ubuntu isn't easy, as the software isn't included in the primary software sources. The machine is intended to teach beginners about the basics of CTF challenges. Web Application Vulnerability Scanners are the automated tools that scan web applications to look for known security vulnerabilities such as cross-site scripting, SQL injection, command execution, directory traversal and insecure server configuration. Cracking email [email protected] This is a new content discovery wordlist by @nullenc0de, to use for file & directory bruteforce with tools like dirsearch, dirb, etc. What you need: Words to act out (check out my word generator for an electronic list, or the end of this post for word lists you can print out). com Blogger 21 1 25 tag:blogger. This will print out the paths to any file with the string 'wordlist' in the pathname. This prevents the creation of enormous wordlists and has proven very successful in cracking passwords. El equipo técnico de BCNSoluciona, dentro de unas de sus formaciones internas de pentest o test de penetración, test de intrusión, ha practicado un reto de Vulnhub y lo ha resuelto, a continuación os describimos como se ha hecho. I setup my Kali Linux in host virtual network and my target machine (Necromancer) which I downloaded a OVA image from VulnHub website. txt as a wordlist. Each bug is given a number, and is kept on file until it is marked as having been dealt with. Metapackages give you the flexibility to install specific subsets of tools based on your particular needs. Then you open file2 (:e dirA/file3), after that you want to edit file3 and :e dirB/file3 fails because the working directory changed to dirA. You may choose to also do so or remain with the default settings (Bridge), it should not differ much in terms of the steps in the write-up. It can be abbreviated to -dir. CA sends certificate to applicant. This NMap tutorial provides a brief background, install instructions & a walk-through of its most crucial functions. A bit of research points me to CeWL which can generate custom wordlists from for example wikipedia. dirbuster 1. How to install Dirsearch 1. -w - Specifies the wordlist to use for brute-forcing directories. Get Facebook or Gmail Passwords; Access controls. tcl I am using foreach command to list all files & directories under the sub directory, but the output is empty. A "rule", then, explains how and when to remake certain files which are the targets of the particular rule. You can vote up the examples you like or vote down the ones you don't like. tgz 04-Oct. DIRB - URL Bruteforcer: DIRB is a Web Content Scanner. Debian systems currently use the Linux kernel. There are two great tools to gather information about a web server: nikto and dirb. The script will try to login into the WordPress dashboard through the login form using a mixture of enumerated usernames, a wordlist and relevant keywords from the blog's content. In this case, I will be using a built-in wordlist with less than 1,000 words at:. Feeding the hash to john the ripper with the rockyou wordlist returned nothing so I gave up. To see them all, simply type: kali > locate wordlist In addition, there are numerous online sites with wordlists that can be up to 100 GB!. I had used a different wordlist and different directory buster than the guy who did the walkthrough. Please if you're playing this and have some fun/see some value send me feedback @securitymustard and what you'd like to see in future DFIR games. In this tutorial we will discuss about How To Crack Web Form Passwords Using Hydra With Burp Suite. As with any dictionary attack, the wordlist is key. In addition, there are numerous online sites with wordlists that can be up to. txt dictionary but has 300k more directories/files. Simultaneously, searched the source code of the page, in case something is hidden. xyz we could target this host to reveal potentially damaging information about the webserver and its. An object may choose to utilize one or more other objects in order to build a more sophisticated application. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58. The increasing number of computer crimes involving thefts all point to a need for protecting the system from unauthorized access. A bit of research points me to CeWL which can generate custom wordlists from for example wikipedia. Around a month ago I started playing with HackTheBox which is a site very similar to Vulnhub. This is loosely called "referencing" or "including" another object. Using the information I tried to access the phpmyadmin page but this also needed a password to login. Two days ago, I completed the PWK course along with the proper reporting of the challenges. DIRB is a Web Content Scanner AKA a domain brute-forcing tool. You never know in which direcotry you are. only port 80 is open) you may want to try big. -o - Specifies the ouput file name. What you choose as your 'go to' fuzzer is really a matter of preference for what works best for you. The Lithuanian noun. type of form 4. The goal is to exploit the machine and read the key. So, i ask to my friend how to get a solution. It also separates them into categories. It looks for hidden Web Objects. Every time. In POST requests the input should be sent as JSON in body content and GET should send input variables as part of the url. To browse Academia. Dad was offered a. 0_RC1 An application designed to brute force directories and files names on web/application servers blackarch-scanner. Black Arch GNU/Linux Tools. It is a 32 bit executable. Web Application Vulnerability Scanners are the automated tools that scan web applications to look for known security vulnerabilities such as cross-site scripting, SQL injection, command execution, directory traversal and insecure server configuration. In addition, there are numerous online sites with wordlists that can be up to 100 GB!. The Lithuanian verb. We check the Makefile to see how it’s supposed to compile and make some adjustments in the command to include the new libraries and -fPIC flag (for the library to be able to be relocated from its preferred location in memory to another address, there could be another already loaded library at the address your. To see all of them, just type:. wc -l /usr/share/wordlists/final. You will get a neat, 36 page printout in which the first two dice throws are the same for each page. We right click the little foxy button next to the URL bar and use the localhost:8080 proxy for all traffic, and open burpsuite. If you need to type in Greek and you don't know how, read this note at the end of this page. For instance, if you are going to conduct a wireless security assessment, you can quickly create a custom Kali ISO and include the kali-linux-wireless metapackage to only install the tools you need. So I am doing a pentesting/CTF exercise against a very closed system. I also ran dirb with big. INTRODUCTION A. Cracking SSH server running on 192. How to copy a list of file names to text file? Ask Question Asked 7 years, 7 months ago. I used the common. Kali Linux Final - Free ebook download as PDF File (. Cuando se instala kali 2016. We address what it is and discuss some tips for choosing core vocabulary words for your students or clients. Please select an entry for more details!. What could go wrong? Nothing Bob. This is just a normal looking login page contains username and password fields. Read the Docs v: latest. File Name ↓ File Size ↓ Date ↓ ; Parent directory/--0ad-. blackarch-scanner. If you need to type in Greek and you don't know how, read this note at the end of this page. This machine it's a very good one to understand the impact of LFI (Local File Inclusion) vulnerability on php @ Vulnhub. Get Facebook or Gmail Passwords; Access controls. This is Edition 0. Smith This le documents the GNU make utilit. From [email protected] You can use a custom one made with Crunch of CeWL, but Kali already has numerous wordlists that are built right in. PDF | The mission of set reconciliation (also called set synchronization) is to identify those elements which appear only in exactly one of two given sets. Then you open file2 (:e dirA/file3), after that you want to edit file3 and :e dirB/file3 fails because the working directory changed to dirA. Avertissement. Around a month ago I started playing with HackTheBox which is a site very similar to Vulnhub. So many Linux distributions are used as a tool for Penetration Testing makes Linux users who enjoy these activities to choose which distributions are suitable for them. TR0LL 2 - Layout for this exercise: 1 - INTRODUCTION - The goal of this exercise is the study of the hacking process for the vulnerable machine Tr0ll 2. Also DIRB sometimes can be used as a classic CGI scanner, but remember is a content scanner not a vulnerability scanner. This backdoor is awesome!!! However, I like to run commands via the terminal so the shell has a 'network' tab that I clicked it starts a back-connect through perl on any port I specify so I start that after running a nc listener on the same port to get a limited shell. - Sign CSR with applicant's private key. Louis when the exploit began to take hold. We need to select a wordlist now. txt for wordlist and it gave a lot of information. txt is a good, default starting point for me. Dictionary Attack Website’s Login Page using Burp Suite. To see them all, simply type: kali > locate wordlist. txt) or read book online for free. Disclaimer – Our tutorials are designed to aid aspiring pen testers/security enthusiasts in learning new skills, we only recommend that you test this tutorial on a system that belongs to YOU. Directly connect the USB-dongle to the virtual machine can not be - it works in a failover cluster, and can be smigrirovana to any of the host servers without any downtime. 9780765197849 0765197847 The Book of Wine - How to Choose and Enjoy the World's Best Wines, Robert Joseph 9780884111801 0884111806 The Time of the Gringo, Elliott Aronold 9784048533362 4048533363 Nara Yoshitomo - Lullaby Supermarket, Banana Yoshimoto, Stephen Trescher 9789024734375 9024734371 Direct Protection of Innovation, William Kingston. Host discovery. To begin with, you probably want the -directory option rather than the -path option. I am trying to list all of the *. The NetBSD Packages Collection The following list contains all 16537 packages currently available in the NetBSD Packages Collection, sorted alphabetically. 20' | less # List the files any process is using lsof +p xxxx # Get Cisco network information. There are 10552 words containing B and D: ABAND ABANDED ABANDING ZEBROID ZINDABAD ZOMBIFIED. This config file works great on Ubuntu 10. Top 25 Best Kali Linux Tools For Beginners. 119 -port 80 -output Lightweight. Not all packages in this distributions is free, we need to evaluate them. enumerator is a tool built to assist in automating the often tedious task of enumerating a target or list of targets during a penetration test. In particularly you can choose the wordlists used by Hydra and Dirb, specify another Metasploit scan script and change the output file names. – Choose appropriate algorithm and key size. CA validates CSR. You may choose to also do so or remain with the default settings (Bridge), it should not differ much in terms of the steps in the write-up. The first foothold very much depends on the word list you choose. Now move dirB into dirA, which Windows Explorer allows because it only checks the immediate items being moved and doesn’t strictly check all its recursive subitems – namely, C:\dirA\dirB is about 200 characters long which is legal. When I checked the wordlist I was using, the folders and files I was looking for weren't in there. You never know in which direcotry you are. This is Edition 0. Checking the actual response that the server was giving me, I could see that there was some LaTeX engine behind the page, as the response contained the execution log of the pdflatex command. PET Masterclass wordlist 1 - englishservice. You can either use one or many wordlists. In particularly you can choose the wordlists used by Hydra and Dirb, specify another Metasploit scan script and change the output file names. When bruteforcing a hash using hashcat, you can use a set of rules which do word manipulations on the fly. We address what it is and discuss some tips for choosing core vocabulary words for your students or clients. The Game of Thrones CTF: 1 (Capture The Flag) contains 11 flags in total (7 kingdom flags, 3 secret flags and one battle flag). DIRB main purpose is to help in professional web application auditing. vi PREFACE later, and his Grammar (vols, ii and iii, the Prol. Depending on your needs, you can choose to keep all your files in a single partition — the default — or to have separate partitions for one or more of the top-level directories. htb We got some ports. SkyDog Con CTF - The Legend Begins. Colaboradores Jhonattan Fiestas Umberto Schiavo Todos los nombres propios de programas, sistemas operativos, equipos, hardware, etcétera, que aparecen en este libro son marcas registradas de sus respectivas compañías u organizaciones. Whilst it was running I grabbed the embedded image to see if there was any interesting exif data or similar. Another CTF style challenge from VulnHub, this time it's covfefe. We right click the little foxy button next to the URL bar and use the localhost:8080 proxy for all traffic, and open burpsuite. Airbase-ng; Aircrack-ng; Airdecap-ng and Airdecloak-ng; Aireplay-ng; airgraph-ng. In this post, I will walk you through my methodology for solving a Vulnhub VM known as Necromancer. This NMap tutorial provides a brief background, install instructions & a walk-through of its most crucial functions. When invoked with no command line arguments, "john" prints its usage summary. To see them all, simply type:. log 07-Oct-2019 15:14 1005964 0ad-data-0. It works by launching dictionary based attack against target web server. com with wordlist. Got the password. but why my sqlmap can retrieve the databases names. This is my first public CTF writeup. So I executed it and when I saw inside nothing happened. 4 MiB: 2019-Apr-15 14:46. 239]) by listman. You can use a custom one made with Crunch of CeWL, but Kali has numerous wordlists built right in. targetwebpage. It is a posthumous publication, for Moulton met a tragic and premature death. 我们从Python开源项目中,提取了以下50个代码示例,用于说明如何使用subprocess. SkyDog Con CTF - The Legend Begins. 0c34920 C CLI implementation of the Java dirbuster tool. To see all of them, just type:. Choose the OVA file from where you downloaded it. In POST requests the input should be sent as JSON in body content and GET should send input variables as part of the url. For shellcode, we specifically choose custom reverse_tcp shellcode from shell-storm. Choose the File Options menu, then infect an existing xls document that already contains a macro. So I changed the wordlist further and tried again. john--wordlist: user--rules--stdout > pass Finally, we have username dictionary as user and password dictionary generated by John as pass , now we have to match the perfect combination of user and pass in order to retrieve credential for SSH login. com with wordlist. We'll be giving John the Ripper a wordlist, and based on the options we give it at the command line, it will generate a new, longer word list with many variations based on the original wordlist. A complete pentesting guide facilitating smooth backtracking for working hackers About This Book Conduct network testing, surveillance, pen testing and forensics on MS Windows using Kali Linux Gain a deep. An Ethical Hacker a. HackTheBox Chaos Introduction. You can let dirb run default options or choose options like extensions, proxies, authentication and much more. If you choose not to go this route, I would highly recommend that if you see HTTP(s) running on a port, scan it with Nikto. # Nmap done at Sat May 12 20:05:33 2018 -- 1 IP address (1 host up) scanned in 939. 4 MiB: 2019-Apr-15 14:46. It's possible to customize the script by changing the value of variables at the beginning of the file. First, move file. - According to the author's description there is a Proof. a Aakash Choudhary and today i solved another machine SkyDog CTF vulnhub machine which is 1st machine in 2 Series. DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers. Create Certificate Signing Request (CSR) - Contains public key and identity information. { "packages": [ { "name": "0ad" }, { "name": "0ad-data" }, { "name": "0xffff" }, { "name": "2048-qt" }, { "name": "2ping" }, { "name": "2utf" }, { "name": "2vcard. The Game of Thrones CTF: 1 (Capture The Flag) contains 11 flags in total (7 kingdom flags, 3 secret flags and one battle flag). com,1999:blog. There is a relevant file on this machine that plays an important role in the challenge, do not waste your time trying to de-obfuscate the file, If you got big stuck, Try with Password start with \"sec*\" with nice wordlist. By continuing to browse this site, you are agreeing that Google and its partners will use cookies to provide you with targeted ads tailored to your interests and to enable us to measure the audience, click to learn more. My next target was called Bob, and I had a great time breaking into Bob. Hi! How do I create a wordlist with all combinations of choosen words. This page will be a completely chaotic list of tools, articles, and resources I use regularly in Pentesting and CTF situations. It lets the user choose individually each set of tools to install. CA validates CSR. The Lithuanian verb. Please note that for this write-up, I have explicitly switched my “Network Adaptor” options to “NAT”. dirbuster-ng 9. [email protected]:~# hashcat -m 500 metasploitablehash. It also separates them into categories. security/dirb [CURRENT] Web Content Scanner: textproc/p5-Text-PDF [CURRENT] Perl 5 module for manipulating PDF files: meta-pkgs/texlive-collection-binextra [CURRENT] TeX auxiliary programs: devel/p5-B-Hooks-OP-Annotation [CURRENT] Perl 5 module to annotate and delegate hooked OPs: games/xscrabble [CURRENT] X version of the popular board game. check_output()。. blackarch-webapp. Now move dirB into dirA, which Windows Explorer allows because it only checks the immediate items being moved and doesn't strictly check all its recursive subitems - namely, C:\dirA\dirB is about 200 characters long which is legal. From [email protected] a Aakash Choudhary and today i solved another machine SkyDog CTF vulnhub machine which is 1st machine in 2 Series. com Dirsearch - This tool can be used to brute-force a directory and it is much faster than DIRB. (but hey we never know) It found: / /bin/ /index. Pablo González Pérez Germán Sánchez Garcés Jose Miguel Soriano de la Cámara. It looks for hidden Web Objects. Whilst it was running I grabbed the embedded image to see if there was any interesting exif data or similar. The wordlist is essential, as with any dictionary assault. 3, Part I, II [Zeus God of the Dark Sky {Earthquekes, Clouds, Wind, Dew, Rain, Meteorites], 1940". So lesson learned: try 2-3 wordlists for dirbuster or gobuster or dirb or dirsearch before concluding you've exhausted forced directory browsing. txt is a good, default starting point for me. tcl, not every file ( * ). This is just a normal looking login page contains username and password fields. The CTF is a virtual machine and works best in Virtual Box. It is maintained and funded by Offensive. Dad was offered a. Build other lists, that begin with or end with letters of your choice. Other software includes php 5. log 07-Oct-2019 15:14 1005964 0ad-data-0. Openwall wordlists collection. File Name ↓ File Size ↓ Date ↓ ; Parent directory/--0ad-. Change the default wordlist e. It looks for existing (and/or hidden) Web Objects, it works by launching a dictionary based attack against a web server and analysing the responses. log 07-Oct. This will print out the paths to any file with the string ‘wordlist’ in the pathname. This is loosely called "referencing" or "including" another object. Installing network penetration tools on Ubuntu isn't easy, as the software isn't included in the primary software sources. 0 setting before booting up the VM. txt wordlist to see if there is anything else hiding. First thing done when I manually inspect the webpage is view the source. Specially in security related testing. open SQL Server Enterprise Manager > Expand the server node > Databases > choose DB > Tables > right click > all taskss and export data > here you can authenticate with sql admin creds or admin your using > click next > in this next screen choose destination as a "text file" and choose the destination to export to > for readability choose. How iI create a wordlist with all combinations of these words. Super Mario Host CTF Walkthrough. This page will be a completely chaotic list of tools, articles, and resources I use regularly in Pentesting and CTF situations. Browse our notes for titles which look like what you need, you can preview any of the notes via a. I then moved on to the next host which I expect will require some form of brute-forcing. You can use a custom one made with Crunch of CeWL, but Kali already has numerous wordlists that are built right in. Use netdiscover to identify the hosts in my network: netdiscover -r 192. Let's dive into login page. So far, not much is really jumping out at me. com/entry/hackday-albania,167/ The readme comes with the following note: Note. Becoming an Ethical Hacker is not quite as easy as to become a software developer, or programmer. Hack The Box'ta bu hafta emekli olan Vault makinesini detaylıca çözmeye çalışacağım. You can vote up the examples you like or vote down the ones you don't like. Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing. If x relatively similar string are to be compressed, i. index in freedict located at /tags/basic01/website/htdocs/download/linux/bin. As with any dictionary attack, the wordlist is key. Web Application Vulnerability Scanners are the automated tools that scan web applications to look for known security vulnerabilities such as cross-site scripting, SQL injection, command execution, directory traversal and insecure server configuration. Dirbuster / Dirb Dirb is a tool to find hidden objects, files and directories on a website. txt on port 25 with a 3 second delay. org) es posible que, al navegar a través de facebook, no te deje entrar a algunas páginas. But by all means, please choose to go off into crazy conspiracy land. 7) id eA1087b05305 for [email protected] For example, when fuzzing using the default dirbuster medium size wordlist, 5 results appear. What you choose as your 'go to' fuzzer is really a matter of preference for what works best for you. Keep calm & click on. a Penetration Tester has to have a good understanding about various fields. Time to get some root access on the server, cause i didnt do much these days, so i will stop blabbing and start to explain what is going on and how everything happened… 😉.