Whats a good intermediate vulnhub (or similar) i should do? Just finished Trollcave last night.
Jose Martinez
How about Jow Forums team for defcon quals ctf?
Alexander Baker
Shitposting on the Discord every now and then. Might change that habit though with their untrustworthy data policy.
James Scott
Same. I want to find an alternative but i dont know anything that would catch on and actually get a fair amount of people using it.
Adam Adams
I haven't connected to the IRC in months, how active is it?
Austin Gonzalez
I dont know, i havent been on in ages either
Josiah Martinez
We need a Hackissance, revive the community from its slumber and cyberpunkification.
Owen Evans
Agreed. Not really sure how we would do that though. I feel like there are quite a few newfags comming into the /hmg/ community, but they leave pretty quickly when they realize hacking isnt as easy as it is in the movies and mr rooboot.
Liam Adams
Most of them cba to even read pentesting manuals. Let alone learn an actual language, or the application of exploiting network protocols for attacks.
Xavier Diaz
Holy shit, haven't seen this thread in a while
>tfw my arduino keylogger is collecting dust now
*shrugs* working 10 hour shifts, to bring in extra dosh, I started programming in Golang (go language) already made bitcoin thief, or bitcoin swapper.
Probably work on botnet in Go.
Gabriel Brown
Thats the problem with distros like kali. It gives skiddies the impression they can just boot that up in a vm, open armitage and own any machine, anytime, with no prior knowledge about vulnerabilities, exploits, network traffic, or even fucking bash or cmd.
Hey dude, i remember you. Ive been learning golang myself, and i've been writing a botnet in go. Getting some weird errors and still getting my head around the goroutines but other than that is comming along pretty well. The cross-compiling in go is amazing.
How did you go about writing a bitcoin theif?
Justin Morris
>Thats the problem with distros like kali... What we need to do is bring together a core of experienced sec and then form a community, vetting for conscientious noobs who want to learn. Then we build on-top of that activity.
Evan Martinez
So how would you suggest on doing that? We could do something similar to the hackthebox site? Or something like that? idk. Really we need a password protected chatroot/website where that you need to be invited into.
Nolan King
Any suggestions on obscuring an exe from being reverse engineered with gdb or something like that? On linux i was using a script that reverses some of the bytes and checks the output of that compared to the original with gdb and radare. But its kind of hard because this exe doesnt output anything.
Matthew Perry
Yeah, I like that, so they actually have to prove that they are willing to learn before gaining access. Also, we need to install that our community does not support illegal infiltration or surveillance. Otherwise we'll end up v&.
Ryder Brooks
Hey, it's 5/9 today. Very fitting.
Aaron Sullivan
>*instill
Henry Gomez
>Also, we need to install that our community does not support illegal infiltration or surveillance. >Otherwise we'll end up v&. True. Put up some disclaimers and stuff. Are you thinking more chatroom style, or a forum type site?
Ethan Davis
Why not a chan for the aesthetic?
Samuel White
If we could design a beginner ctf that requires at the very least a few google searches that has the required knowledge of: >Enumeration >Using pre-written exploits (like searchsploit stuff >Post Exploitation >Basic methods (SQL Injection, reverse shells etc.)
Something like the Kioptrix level 2 ctf would be perfect, however modify it so that the flag is an invite to a discord or something
Joshua Edwards
We're trying to move away from Discord, because of their data policy.
Christopher Ward
>a password protected chan for hackers No matter whats on the site, the FBI would v& us all, thinking there is still hidden layers to the website that needs another password or something.
>discord I would rather not discord, with all the spying and stuff.
>If we could design a beginner ctf Thats not a bad idea, but the problem with that is the solutions always get published online. Look at hackthebox. you dont need to hack the invite code anymore, just look up a walkthrough. I think we do need something like that, but we also need someone actually talking to people, and handing out invites based on what they say about hacking/pentesting.
Justin Allen
bump for this.
Robert James
>the FBI would v& us all Are they really that retarded? We can't even peacefully assemble in our own software?
Jacob Brown
Maybe, maybe not. The one thing i do know though, never underestimate human stupidity. Im the guy that made the ArcheryOS, so if we are both serious about this i can make a ctf and you could start writing the website?
Gavin Brown
>Im the guy that made the ArcheryOS, so if we are both serious about this i can make a ctf and you could start writing the website? Certainly, I'll see what base imageboard software is current and fits our purpose and start making adjustments. And I'll make it very, very clear we do not support any illegal activity.
Oliver Rodriguez
Ok, ill start working on that now then. Can i have your github link/a way to contact you about this? even just your discord username and ill friend you. Do you have a place to host this?
Christian Parker
Any ideas on what vulnerabilities i should include in the CTF? I might just browser exploitdb for some. phpmyadmin 9.3.1 (i think it is) might be a pretty good one to weed out some of the n00bs. I was thinking about going for a hackerman theme?
Yeah, send me an email or send me a message on the discord [email protected]
Lucas Turner
guys can I be a hacker too
Christopher Turner
No, fuck off >yes, im just joking sorry for being mean
David Carter
Where should I actually start learning if I want to get into pen testing? Is that field even worth it? I have sec+ but I hear thats worthless
Henry Long
Basically how it works is that I grabbed the source code on validating bitcoin address I implement that into my go language, and I make a function to check windows clipboard every 300 ms, it will send whatever is from the clilpboard to the bitcoin validator, if it returns true, it will swap out that bitcoin address with mine in the clipboard manager, so when they go to paste the bitcoin address, assuming they're stupid they will be using my address.
Michael Robinson
Thats a heaps good idea, nice one
Jonathan Green
read penetration testing: a hands on intro - georgia weidman, it's kinda dated i guess but its an easy read and will let you explore pentesting, then move onto something like hacking exposed where it'll teach you more indepth shit
t. also just starting out in learning
Blake Robinson
Actually pentesting things. Learn by doing. Do bandit and do vulnhubs.
Adrian Lewis
Also getting involved in a crowd of people willing to help you learn, if possible
Carter Nguyen
This. If you really wanna learn, join the discord and ask people questions and advice. If you dont really want to learn, dont join the discord.
Joshua James
Anyone done the DeRPnStiNK vulnhub?
Dylan Parker
>Whats everyone working on? Odd shit that doesn’t really fit handsome man general, but I think is cool
>soldering together guitar pedals kits >creating an OCR scanner with a webcam to track what yugioh cards I have >seedbox on rpi >web app to suggest different deck builds
These are my general projects. But hmg related I am doing my CCNA Cyber ops study, as I feel it would be good to finally get myself a Cisco cert
Lincoln Sullivan
>arduino keylogger This sounds familiar
Were you working on anything else at the time?
Joseph Collins
>>creating an OCR scanner with a webcam to track what yugioh cards I have ahahah nice!!
> But hmg related I am doing my CCNA Cyber ops study, as I feel it would be good to finally get myself a Cisco cert good on you man
Daniel Long
>It gives skiddies the impression they can just boot that up in a vm, open armitage and own any machine, anytime, with no prior knowledge about vulnerabilities, exploits, network traffic, or even fucking bash or cmd. And the problem with people like you is you refuse to admit that armed with a shodan scan, it’s trivial to find boxes that can be popped as easy as launching eternal blue or ms08-67
Nathaniel Rodriguez
>any machine, anytime those were the keywords.
But yeah, i fucking love shodan
Sebastian Thompson
Writing vulnerable C programs, and exploiting them(learning buffer overflows). Besides that, reading Operating System concepts (book), and Absolute Java (book).
Christopher Thompson
Specially when it’s 5$ for the year during the specials
Justin Jackson
Im gonna pay for it the next time its on special. Its worth it just for being able to use arguments with the api.
What made you guys want to hack things? I'm getting into it slowly since I'm just a mediocre application dev, but I'm liking it
Nolan Reyes
I really enjoy being somewhere I feel like I'm not allowed to be or making something do something it's not supposed to. It's good fun
Gavin Clark
>the feeling of breaking something that the creators tried to make unbreakable >You never know what you will find >a direct line into peoples personal lives >everytime you try to hack something you learn something new >infosec is constantly changing, never a lack of research or reading materials
Hacking is just fucking great, for so many reasons
Brayden Cox
>26 >trying to get into hacking since 16yo >another year, another shot >no hope that this time im going to accomplish something >still fooling myself that I can put these skills to good use and make myself some money
I don't know any better. I'm a mediocre programmer, and by seeing other coders I know that programming skills aren't enough, you have to learn to struggle and thrive in uncertainty, but this shit is hard.
I'm not going to lie. At this rate I know that probably I'm not going to make it, but is still fun to read about this stuff.
Matthew Morris
How do you feel about using automated tools? I'm trying to learn again about this kind of thing after a couple of years off, and my brain that was fucked up by uni is telling me that it's okay to not understand the basics and to just use the tools for the job, but hell, reinventing the wheel feels great even if I waste plenty of hours just to understand how things work. Doing the easy machines on HTB and looking at the forums showed me that there are plenty of guys stuck trying to use shit like meterpreter for enumeration when a simple cheat sheet did the job, now maybe that was just because I already had experience and I'm not gonna lie, I also started with a backtrack install and trying to just use the tools instead of learning how they worked. I feel like it's better to take an inductive approach, starting by doing things at a basic level and just then using the automated tools. Also, I know nothing about making ctfs but you could try doing something like a dynamic flag, not only making a new flag for every invite but something like changing the encode used (if the flag is encoded) every bunch of hours, or changing the flag position so you have to take over the whole system to find the flag.
Wyatt Johnson
The reinventing the wheel discussion is retard. If you are learning is pretty acceptable.
Evan Gonzalez
When I watched Mr. Robot for the first time, I saw what a power you can have with hacking, and that's what got me into it. I normally don't say it, because most people think that when Mr. Robot got you into hacking, you're instantly a script kiddie(which afaik I'm not).
Lucas Fisher
where can i find some windows system programming oriented c/c++/delphi/whatever cybersec community? best thing i have outdated shitty win98 programming books from the 90s and forum posts from vc2005 era.
Jeremiah Russell
>spending time with glowing in the discords chatroom light cia nigger
Jace Sanders
maybe don't make another circle jerk that no one will come. you can make chan for all and boards with some kind of password for h4x0r5
Juan Allen
It's funny because with me it's the opposite. I started watching Mr. Robot after I was learning how to hack and exploit.
Nathan Sullivan
>after I started learning fixd
Thomas Lee
is learning a language worth it for stuff like this? what language should I learn? C?
Luke Bennett
Using tools isn't a problem if you have some concept of what the tools are actually doing.
I know that feel, I keep finding myself wanting to know the basics even if that takes a lot of time. I guess I have a lot of respect for the people with deep knowledge how don't just "know Kali"
Jackson Diaz
We're trying to create a community of knowledge people and those who are willing to learn. We don't care if you personally don't come or not, sorry.
Chase Nelson
10/10 made me kek
Thomas Cooper
Pretty nifty and dickish, well done.
Bentley Robinson
Because understanding cybersecurity is and will only become an ever more important skill in an ever more digital world. Keep your data safe, and maybe get paid keeping others' data safe too.
Cameron Adams
Learn C, then Python or Perl.
Cooper Young
> vetting for conscientious noobs who want to learn.
You want to get that right and not waste your time? Only admit those who knows how to code. Give a challenge or something, idk. Other than that is not worth it.
Every amateur community that aim to teach beginners to hack ends up infested with script kiddies wannabe bothering for tutorials and guides where everything is spoon-fed to them.
The most important quality that every hacker worth its salt must have is the ability to thrive in uncertainty. Many thousands of teenagers picked up X86 (and X86 protected mode!) from nothing more than the MASM Bible during the 1990s. Today you can find a twat every two minutes asking for help to understand a fucking loop.
Really been trying to get into the infosec field but it's not easy finding a starting point. Tried a lot of things; books on assembly, books on using programming languages in a hacking context (stuff like Violent Python), youtube videos like the ones from liveoverflow etc. But I'm not sure what I can do for an extended period of time so I'll actually get a good understanding of what I'm supposed to do. I'm thinking CTF stuff is my best option atm. I don't want to just learn how to use tools like the ones in the metasploit framework because I absolutely don't want to be a script kiddie.
Ryan Diaz
The hacker scenario in Brazil is way too bad. CS Students, self taught pricks, skiddies... They are all lazy, they don't like to study, to test, to HACK.
They just want full recipes from stackoverflow, github and others.
I'm from the 70's. We pwned the early years of the "cyber". Cyberpunk wasn't a thing. Cyberpunk is my way of life. Those SWJ, millenials, wannabes, they're destroying the web. They never experienced an usenet, fidonet, RENPAC X.25 (BRAZIL), RNP (BRAZIL TOO). They now have 2 Gbps internet on their schools and what they do? COPY AND PASTE PHP CODE.
They never felt so excited with the first connection to a BBS. The dial of a modem.
The bugs that windows modems (HELL) brought to the first linuxes like Slackware (we had recompile all drivers and open pppd with a tmux pinging an endpoint or the daemon died).
They never felt what is to be all night wardialing to companies. Poor kids... "Oh, I'm a DEVOP". FUCK YOUR DEVOP SHIT. I'M A SYSADMIN! I PWN THE SERVER! I AM ROOT!
Dylan Miller
So when did you start out, and when did you start watching Mr. Robot? I started watching Mr. Robot in mid-2016, and started out a few weeks later.
Christian Campbell
Setup vulnerable machines and use your l33t sk1llz to try and "hack" them. If, after some time you really can't "hack" them, work on your l33t sk1llz and come back. But surely don't look up how to do it, that takes off the fun.
Daniel Fisher
You always have HackerSploit on YouTube, the l33test h4x0r in the world! youtu.be/JGIUzPq2Koc
It's a curriculum guideline for cybersecurity programs, so it has extensive information on what knowledge you should attain to be proficient in cybersec.
Yes, I was also working on samy kamkar's rolljam, But I am new to radio frequency so farthest I got was jamming at 315 frequency, which does work, a guy in a volkswagen couldn't unlock his car at first. But that was a while ago. Now I have a crush on this girl at work, I asked her to hang out last week but I was so nervous, and beta I wasn't sure if she said "I can't this weekend" or "I can't" but thats different board, in a different thread.