/hmg/ Hackerman General

What a faggity answer from a complete faggot. Eat shit Elliot

Just because you’re too stupid to immediately hit OSCP doesn’t mean other people feel the need to “climb up” from CompTIA through to useful certs.

The problem is you.

Bug bounty programs are a well-designed scam.
>hunting bugs for both Facebook and Google for 3 years
>found XXE in Google, reporting -> you are not the first to report the same problem, no bounty
>found CSRF in Facebook (you could make someone to post "i'm gay" ) -> rated minor security issue - $200 paid.
Do not waste your time with the big companies

>you could make someone to post "i'm gay"
Hee hee hee

good luck changing that.

Why do you insist on doing this

Because if you want to ever graduate beyond using other people's tools (you can still make money doing this, just not as much - it's what I do).
Because he's referencing Blackarch you knob. And wants a pentesting distro he can use. Even if it's bait, it still makes some sense.
It is. I got my first IT job by having Sec+ and my first pentest job by having CEH. There are people who have done OSCP without prior tech experience, but that's like trying to build your own car before you've ever fixed one. It's possible, it's just hard as fuck.
GTFO with your gatekeeping bullshit. Your crippling insecurity is giving me cancer.
It's pasta.

A bunch of you need to quit waving your elitist dicks around and recognize that people have to start somewhere. No wonder you're all jobless.

Kali linux, tons of youtube videos

>Your crippling insecurity is giving me cancer.
And your acceptance of mediocrity is killing these generals

Does anybody else in here actually hack stuff for a living?

Yes. Author of here.
Amaze me more with your knowledge of base-level IT out of the womb.

I am into math, computer graphics stuff, can I do this on the side? I've wanted to analyze the behavior of programs ever since I can remember.
How long does it take to become somewhat good at this? Have any of you don't things like reversing proprietary apps, web application exploitation ?

If you want to learn about binary exploitation or reverse engineering check out protostar from exploit-exercises
exploit-exercises.com/protostar/
its a pretty good place to start learning about that kind of stuff

Will this also teach me to own web servers?

No, if you wanna learn that git gud at bash and do some CTF's. You can find them on vulnhub.com or hackthebox.

>own web servers?
Look into the kioptrix series of boot2roots, bloody good set for what you want

>Does anybody else in here actually hack stuff for a living?
Hello there mr FBI agent nice to see you again

>can I do this on the side?
You can do anything on the side
>How long does it take to become somewhat good at this?
How long does it take to get somewhat good at math, math boy? Not really a good question, from either side is it?
>Have any of you don't things like reversing proprietary apps, web application exploitation ?
Check archive.org and get the crack.me files

Attached: 5D8A1675-340D-4C8C-8534-CB237DF5C60C.jpg (250x250, 17K)

Consider trying Parrot OS. new version should get out tomorrow.

I know shell scripting. Buy only recently have I realized the power of tools like grep and perl . That should put me in good stead .

How do CTFs work? What are participants expected to know?

>How do CTFs work?
You use skills to capture the flag. The concept is actually not in anyway different to quake, really.
>What are participants expected to know?
Depends what sort it is. Boot2roots are usually a form of ctf, with flags strewn around the machine, even though the FINAL goal is to get root, the flags are for fun.

Other forms of CTF are like things on overthewire

The skills required depend on what sort of challenge it is. Bandit is Linux skills, leviathan is web hacking, black sun is binary reversal, err I don’t remember anymore. But it really depends man

Why're we running with the OP that has Reddit spacing?

Attached: reddit_spacing.png (866x475, 53K)

ParrotOS is pretty good. the anonsurf script is great.

Not him, but I never even once in my life wrote a post on reddit (I don't even have a reddit account), and yet I use your so-called "reddit spacing" frequently, on purpose, because I actually want a space between two of my lines. Your post is stupid.

>Reddit out on damage control.

Attached: plebbit.gif (237x240, 1.95M)

This what autism looks like.
It's not "reddit spacing", it's "markdown newlinening".

>Why're we running with the OP that has Reddit spacing?
I’m the op, and I format it that way so I can edit the pasta in notepad on my phone. So think about what’s worse, a phone posting OP, or a pc posting reddit user?

Also known as Reddit spacing.

A Reddit posting phone OP, followed by a phone posting OP, followed by a Reddit user.

Yo do realize that markdown is older than plebbit?

>A Reddit posting phone OP
Well you’re in for a bad time then buddy boy, because I am both. Enjoy the thread!

Or don’t, like I give a flying fuck.

You do realize that the Plebbit mindset predates Plebbit?

The absolute state of this chan.

>You do realize that the Plebbit mindset predates Plebbit?
Then why are you so fixated on it instead of criticizing the "mindset" as you call it? Why focus on one of the symptoms rather than the cause? Is it perhaps because you are fucking stupid and your posts are trash and bring no value to any conversation?

>The absolute state of this chan.
Pic related.

Attached: EF484D66-8EA9-4097-B07D-91A3CC32C40C.jpg (1106x180, 150K)

It isn't a symptom, it is a marker. It is how you detect the enemy.

>moot
Lol, that faggot lost any credibility when he ran away to Google.

>Well you’re in for a bad time then buddy boy, because I am both. Enjoy the thread!
>Or don’t, like I give a flying fuck.
Now I understand why the level of this general is so ridiculously low

>Lol, that faggot lost any credibility when he ran away to Google.
I too would sell anonymous fucktards like you out if it meant a profit for me.

Totally has nothing to do with the low skill level of the posters, does it

>I too would sell anonymous fucktards like you out if it meant a profit for me.
I wonder who is behind this post...

Do you call someone a jew when they get a paycheck, too? Is new-Jow Forums this fucking sensitive about money?

>being a wagecuck
You should be selling your services on the dark web to drug lords.
That's how you make real money.

Does one have to be good at maths in order to be a programmer?

Attached: 1E1B8353-401A-4DCE-A2EB-B515B7647FC6.jpg (1213x1241, 629K)

No, ofc it's better to know at least simple math (like high school math) but most of the devs out there never use it at their job.

Programmer, no. Computer scientist, yes.
Also, you should learn C and Python/Perl first.
Then from C onto C++.

Attached: howto_into_cs.png (1068x1142, 178K)

Yes, but not for the reason you think.
Mathematics and Programming are purely logic based, although Programming requires more memory than Mathematics.
If you're good at one you're probably good at the other.

No. Most programs require literally zero math to make.

Mate you’ve mistaken this for the cyb thread

What's wrong with being a gray hat?

*sniff* Thanks guys was about to quit my dream because of it but now I will chase my dreams and take it down

Thanks.
Fuck off memer

I use to be a deeply interested hackerman but my skid friend left my town and with no one to hack with i fell out of it. I wish to get back into it, someday.

Maybe try getting into the more rigorous side of it?

>Totally has nothing to do with the low skill level of the posters, does it
it does
mediocrity starts with the OP

So uhmmm
Why dont we autists make a team on HtB or something?

I think the /sec/ IRC has one?

Shitty corp job where I just watch bots throw Apache Struts and Oracle WebLogic exploits around. Living the dream.

Ok, every few threads I will keep posting my bitcoin thief coded in Go for you guys, I just want to make this clear. Bitcoin validator I used in my code was already publicly available. I also used a open source library from github. I had to do some modiciations to the validator code to work they way I want.

This is why I am releasing it. Not all code is mine, and seems selfish not to share it among /hmg/.

Any other projects I work on that uses open source code, I will also release, but stuff more privae I won't release.

>source code (only other thing you need for this to work is the clipboard library)
pastebin.com/Wpi2pPBg (link expires on June 3rd, 2018)

>Source code to validate bitcoin address (if you just want the validator for your own project)
rosettacode.org/wiki/Bitcoin/address_validation#Go

>clipboard library (Required to run my source code in the pastebin link)
github.com/atotto/clipboard

this is early version, for now it works for what I want it to do, but I hate how I build it, and comes out to 1.46mb

Also quick instructions, the clipboard library, I downloaded it, and extract it and renamed it from "clipboard-master" to "clipboard" put this in the same folder with your .go file (that is why in imports I have ./clipboard for now)

I am starting to like go, my non molested test pc (windows 10) ran this no problem without having the environment installed after I build it to .exe.

Also one more thing, the rosetta code link I provided, also has source code in other languages, too. I actually made bitcoin thief in python first, before switching over to Golang.

Attached: golang.png (180x180, 10K)

There is one. It's called hmg. I'm in it. The problem is that these threads degenerate so fucking fast and the information about actually having a team is never included in the sticky because everyone and their mom makes this thread now, so the usefulness of the thread is dependent on the OP.

So how do I get in?
I started my account just yesterday so im not on the Hacker level yet, still grinding through challenges

I posted my username in a thread a while back and the leader (mercwri) invited me.

Aight, my username is advancedautism
Gib invite pls leader

Talking about HTB, has someone in here owned Stratosphere?
I can't get RCE, or at least some useful RCE because i have access to some ugly console but it looks like I can't execute anything aside from inspect objects and basic arithmetic, the % and $ don't seem to work and neither java functions.
What I get from the forum is that there is already a written exploit that should do the trick on .action and that it is widespread, but I've tested all the exploits I can find from 2017 and nothing.
Should I kill myself?

Good work, user.

Bump.

If you git gud at maths, you'll be training your brain to solve the same types of problems you face in programming. Maths also comes up when making programs more efficient on the low level. You don't /have/ to understand any real maths though, no.

Is there a complete checklist for this shit, or a roadplan for learning? Feels kinda overwhelming if you dont already have a similar background.

>Spoonfeed me
It's already simplified in this OP, if you cba to put in the remotest amount of effort, go and be a skid elsewhere.

> OSCP exam is next week
Any tips?

Already:
* Got +40 lab boxes
* Did all the exercises
* Did some machines on htb / vulnhub
* Read all relevant and even irrelevant blogposts
* Intend on getting plenty of sleep
* Intend on taking breaks and eating
* Intend on avoiding marijuana and alcohol and other drugs during the test

What else? I took it before and failed but not by much. This time it's REALLY FUCKING IMPORTANT that I pass the thing.

Attached: image.jpg (640x420, 40K)

If I do all that stuff, at what point can I consider myself an eleeet hacksor?

I'm actually working on one. The first chunk is Sec+/CEH/CISA, which I already have, so there's not a ton of detail (also didn't take much studying).
But it's meant to be a roadmap to OSCP and further on into RE/exploit development/shellcode/etc.
I'll post it in the Discord when I'm done.

gitgud.io/yrmt/OSCP-Roadmap

When you actually make money or lose someone a lot of money, your parents excluded

Opinions on CompTIA's new Pentest+ exam ?

Pentesting will NEVER, and I repeat NEVER be as big a thing as any other security sector professionally
This cert wont change that

>Opinions on CompTIA's new Pentest+ exam ?
>opinions on a certificate that just passed beta?

Are you for fucking real man? Instead of asking this three threads in a row, why don’t you go to an actual security forum and see what they think

It was only last thread m8 calm down.

Why's that.

Because when it comes to the security field, most companies only want pentesting as part of a greater business move. They don't want a pentest to find vulnerabilities - they can do that themselves if they want. Justy give a half-competent IT tech the chance to install Nessus and the rest is pretty east to interpret.

For example: most of the clients I work with have to have vulnerability assessments and/or pentests done on a regular basis for compliance purposes. ISO 27001, PCI, etc. will sometimes require proof of an assessment in order to maintain updated compliance.

That's where a pentester comes in. If you really want to make money in infosec, you pretty much have a few good options:

- Be an auditor (CISA, ISO)
- Be a programmer
- Be a vuln researcher
- Be a CTO (CISSP, CASP)

And then do pentesting on the side. I work as an analyst, so I do a lot of assessments, but the firm I work for is a compliance auditing firm.

You don't often hear about the business side of infosec, but it's crucial to building a career.

>calm down.
Yet you still miss the point. It’s brand new and next to no one will have taken it. What exactly do you think we know you can’t find with a google search?

Please use an anime image next time

Expectations on how it'll be
Things you would want to be on/off it
Validity of people who passed.
That sort of thing. I asked for opinions not set facts on if it's hard or what's on it.

>Expectations on how it'll be
Read the second sentence of the OP

You're right about the business side being overlooked. I do think however with mainstream media over hyping data breaches that pentesting could slowly building it's way up. This could either be a temporary surge or stay up to a point where it's big. It could get lumped onto incident response kinda like digital forensics has.

More regarding the A+ Net+ and sec+
CSA is kinda valid and CASP is legit but over hyped

I agree. If anything is true, governments have a lot of catching up to do in the area of offensive security, so as long as China and Russia have way more hackers than everyone else, it will be a profession of some kind.

You got this, mate! I've got mine in ~2 months and got around 15 boxes now.

offensive-security.com/wp-content/uploads/2015/01/offensive-security-try-harder-2.0.mp3

Hacking is not about money, my young friend.

Go read Free as in Freedom.

Going to be joining uni level CTF in the fall. The meme-tier shit that they question me on is just ridiculous. Stuff I've never heard of until CTf.
Done Pico and pwnable.
Which is the most important to study before I start CTF in the fall?
>x86 programming
>Python
>Binary exploitation
>Something that your average C++/C# Comp Eng. Junior wouldn't have run into yet?

My Everyday OS. It just works

How long would it take to go from very little tech knowledge to being "ok" at this?

Attached: FB_IMG_15261072789241493.jpg (1080x1064, 879K)

>How long would it take to go from very little tech knowledge to being "ok" at this?
>how long would it take to go from very little Japanese knowledge to being ok at reading manga
>how long would it take to go from being very little athleticism to being ok at basketball
>how long would it take to go from very little engine knowledge to being an ok mechanic

Do you see how stupid your question is