/hmg/ Hackerman General - Idk what edition

In /hmg/ we discuss pentesting, ctfs, exploits, and general being a hackerman.

PREVIOUS THREAD

CompTIA is not beneficial to your career and if you think it will be, you don’t belong here.

Resources:

VM/CTFs:
overthewire.org/wargames/bandit/
>easy beginner bullshit

vulnhub.com/
>prebroken images to work on.

hackthebox.eu/
>super secret club

Tools:
kali.org/
parrotsec.org/
>meme distros but they just werk

metasploit.com/
>scriptkiddie starting point and swiss army knife

Tutorials/Guides:
abatchy.com/2017/03/how-to-prepare-for-pwkoscp-noob
>From zero to OSCP-hero rough outline

youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA
>IppSec, video guides for retired HTB VMs.

Certs:
eccouncil.org/programs/certified-ethical-hacker-ceh/
>CEH, only looks good a resume to non-technical in HR

offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/
>OSCP, the big dick swinging exam, 24 hours to own 5 machines and a further 24 hours to write up a report detailing your methods.

Resources:

>web app hackers handbook.
Thanks IBM!

ibm.com/developerworks/community/files/form/anonymous/api/library/635ec0e2-2989-4663-82d2-3488f9d16dd8/document/09d6ec5f-ff2f-4901-8d44-05d10e848bc5/media

>OSCP videos

magnet:?xt=urn:btih:f91feb6d2ea93f1c3c03b6be52051c2df72da1b7&dn=CERTCOLLECTION+-+BASELINE+-+SANS+%26+Offensive-Security&tr=udp%3A//tracker.coppersurfer.tk%3A6969&tr=udp%3A//tracker.zer0day.to%3A1337&tr=udp%3A//public.popcorn-tracker.org%3A6969&tr=udp%3A//tracker.leechers-paradise.org%3A6969&tr=udp%3A//explodie.org%3A6969

>Advanced Penetration Testing

danwin1210.me/uploads/F3thinker !- Hacking 2017/1. Advanced Penetration Testing Hacking 2017.pdf

>learn assembly and C

leaksource.files.wordpress.com/2014/08/hacking-the-art-of-exploitation.pdf

Attached: 1522865694928.png (680x680, 898K)

Other urls found in this thread:

youtube.com/watch?v=HHJWfG9b0-E
sans.org/summit-archives/file/summit-archive-1493862736.pdf
discord.gg/cun8BBs
root-me.org/en/Community/IRC-channel/
pentoo.ch/isos/Pentoo_amd64_default/
flare-on.com
crackmes.one/
pacman128.github.io/pcasm/
beginners.re/
amazon.com/Practical-Malware-Analysis-Hands-Dissecting/dp/1593272901
exploit-db.com/
rapid7.com/db
0day.today/
cxsecurity.com/exploit/
vuldb.com/
ibm.com/developerworks/community/files/form/anonymous/api/library/635ec0e2-2989-4663-82d2-3488f9d16dd8/document/09d6ec5f-ff2f-4901-8d44-05d10e848bc5/media
pastebin.com/tTuC7EHG
youtube.com/watch?v=iFOqQdzByJE
vmpsoft.com/)
neosmart.net/EasyBCD/
csa.checkpoint.com/index.php?page=chmain
creepmhpgibse
anyforums.com/
twitter.com/SFWRedditImages

>learn about attacking Kerberos (mentioned in the last thread)
youtube.com/watch?v=HHJWfG9b0-E
sans.org/summit-archives/file/summit-archive-1493862736.pdf

Been thinking of adding other things to the list, maybe put some stuff in a Pastebin to make way for new things? Possibly put the OSCP magnet link into it so the 2000 char limit isn't reached instantly. What do you guys think?

anime loser

Official /hmg/ discord:
discord.gg/cun8BBs

how is hack formed? how pc get pentrate?

Attached: 1530593119301.jpg (300x299, 11K)

When a mommy PC and daddy PC love each other very much...

use a usb condom or you might catch a virus

Discord is cool and everything but I really miss the old IRC culture.

anyone on handsome man general doing bug bounties?

OP. My Nigga, You've added a C and Assembly pdf to your thread. That's a step in the right direction. I won't shit on the skiddies as much this time.

Fuck off. IRC is well alive. You just have to know where to go my dude.

Same. Didn't hmg have an IRC?

That was always there senpai

?? I don't remember seeing it. I guess I distracted by the plethora of people gloating about python.

Also there are a lot of white/grey/black hat IRC channels.

> get username/password of fappening celebrities by messaging them and pretending to be some sort of apple representative
> constantly get called a hacker in the media

woww, I never knew it could be so easy

such as? I'd love to join some. I'm no pleb, promise.

Start here:
root-me.org/en/Community/IRC-channel/

and if that gets boring, lemme know.

install pentoo
pentoo.ch/isos/Pentoo_amd64_default/

You forgot to mention Flare-On CTF, which started some days ago
>flare-on.com

HackThisSite - some easy CrackMes.
>www.hackthissite.org

CrackMes.one - successor of CrackMes.de
>crackmes.one/


Free/Libre books:
PC Assembly Language
>pacman128.github.io/pcasm/

Reverse Engineering for Beginners
>beginners.re/

proprietary books:
Practical Malware Analysis
>amazon.com/Practical-Malware-Analysis-Hands-Dissecting/dp/1593272901

>pic related: fresh Mac malware I found yesterday. Happy reversing!
>> (It's probably made in .NET, so it's quite easy to reverse.)

Attached: mw.png (963x876, 86K)

I mean, if we're all just going to add resources to make this thread more intuitive, you might as well add things such as
exploit-db.com/
rapid7.com/db
0day.today/
cxsecurity.com/exploit/
vuldb.com/
and challenge skiddies to learn C / assembly and fork exploits to run on one of rootme's systems, or atleast keep a VM to run exploits on for some home practice. Also there is an apple exploit uprising going on.
>Muh Trillion dollar phone company
Check out the latest CVE's on macOS. They're popping like whores in on Instagram.

>ibm.com/developerworks/community/files/form/anonymous/api/library/635ec0e2-2989-4663-82d2-3488f9d16dd8/document/09d6ec5f-ff2f-4901-8d44-05d10e848bc5/media
not sure i trust that

Who here likes bash scripting?

pastebin.com/tTuC7EHG

Can you guess what this does?

Fucking lamers, do you ever write any of your own tools?

Start simple. Make a script to ping scan a network.

post results here

Why on earth would I need or want to, considering fping exists and is better than anything I could script up anyway?

I currently write an i386 disassembler in C.
Fucking CISC!

But there is no need to write your own tools, if there is already one available BUT you need to know how it works!!

Writing your own tools is something I'm suggesting for noobs so that when you run into an edge case where no tool exists you can make one.

I'm just talking about using bash to glue things together anyway.

You are never going to find a tool called "hax everything" but if you know the process of what the other tools are doing you can write a script to glue them all together and automate it.

>an edge case where no tool exists
>being able to ping a network
Hmm

It's almost as if you didn't read all my comment and you're a complete assbanging faggot.

>Writing your own tools is something I'm suggesting for noobs so that when you run into an edge case where no tool exists you can make one.
That's actually a good idea. The best way to learn in my opinion.
(You can also learn math quite well, if you write a program which calculates your math exercises.)

>You are never going to find a tool called "hax everything" but if you know the process of what the other tools are doing you can write a script to glue them all together and automate it.

Exactly! The problem is, that most skiddies don't want to learn something new and mostly never touched C and ASM, even when it's far easier than most people think.

I could do this in Python, how ambitious would it be in C though?

I'm glad someone here has a brain, thanks for restoring some of my faith in humanity.
Language is completely up to you.

I like to stick with bash scripting so I can run shit on embedded systems (busybox) easily.

scans for random IPs, pings them, and returns "There are a lot of interesting machines on here."

Yea I get that, but in Python all I really have to do is
import socket

while in C I'm assuming there's a lot more groundwork to even reach that point, but I'm not sure, still learning it.

I got access to running a privileged process on a extremely locked-down PC running Windows 7 SP1 at my uni, from my attempt of fucking with the IT guy. there are some stuff I want to do, but I thought the funniest thing to do would be to install, say, Hannah Montanna Linux. the bios setup, however, is locked behind a password, so I can't boot from the USB using the usual method for doind so. as I said earlier, I have a program I wrote running as administrator on said PC, so how would I go about overwriting the MBR on the HDD so it boots from the USB instead?

Unix or Win32? they look almost exactly the same. also it's not that hard. If on windows, search for winsock2, if on unix, for unix sockets

Linux, obviously. I'll take a look at that though, thanks. When I get home I'll post my Python solution, if I get anywhere with unix sockets I'll post one in C too.

It’s almost like I’m waiting for you to provide an instance of these said “edge cases” so i have some clue what the fuck you’re hammering on about, and how getting people to write poor network sweepers will help them with these “edge cases”

Okay idiot. Instead of trying to do shit you clearly don’t understand, remove the fucking cmos battery and it’ll clear the password.

Well done.
It also portscans for ssh, telnet and webservers on those machines.

Now imagine piping that output into hydra...

wax on
wax off.

If you have any brains you'll work that out.

I know it can be done through grub, but I don't have write access to the HD from my linux laptop, it needs to be done from Windows. you're right I don't really understand a big portion of what I'm trying to do, but that's part of the reason I'm doing it in the first place. sounds fun, it's a learning experience, and the IT guy is a cunt. removing the CMOS battery is too easy. and also, disconnecting the computer from everything and removing the screws in front of 20+ people in a lab is not very subtle, and I don't want to get expelled

>I don't want to get expelled
>but I want to fuck up school property because I’m a faggot

this topic is so consistent that it makes me wonder if this isn't a recruiting program

How do I get a job at information security?
Do I need to start as a helpdesk cuck or can I start as a developer and migrate later somehow?

Did you use that recent win 10 priv esc that's been in the news? unpatched as of now.

What I would do is put a keylogger on it and hope to get some tasty teacher passwords.

So many people on this board think of themselves as good coders yet none of you can crack Denuvo, why is that?
I'm saying as a guy who is not in IT and can be called programming illiterate.
>Can anyone of you crack/bypass it if they wanted?
Not asking for distribution or anything just if it is easy or not for a ordinary coder.
>Can top guys from Harvard/MIT do it if they wanted to?

Attached: denuvo.png (761x394, 42K)

Neither heard nor care about them.
I preliminary google tells me it's something vidya/windows related so I don't give a shit.

yes.
I don't want to actively fuck up with the uni or anyone that uses the computer (it's a public one, at a lab), nor mine anything. it's not that I find it unethical, I just don't wanna do it. I do, however, do something fun, like installing linux on the thing. the IT guy will probably get it fixed the next day, and won't bother much with finding the culprit. if I can't install some linux distro, I'll probably tweak with a my little pony theme and whatnot

knowing how to code is one thing, knowing what the reversed engineered garbage that gets spilled out and changing it to bypass the DRM checking and the game still be working is another

I am not a good enough reverse engineerer to crack Denuvo. Ask again in some years.
Programming isn't a problem.

But for those, who are interested:
youtube.com/watch?v=iFOqQdzByJE

>>Can top guys from Harvard/MIT do it if they wanted to?
As far as I know, you don't learn reverse engineering in a University. (atleast all universities in my country won't teach you) You need to learn it yourself. It's easier than you think but needs lot of experience (=time).

A malware analyst or vulnerability researcher with some years of experience is able to crack it maybe.

Programming isn't reverse engineering you faggot.

Then install keylogger and find an excuse for the IT guy to come have to log on at your machine. Be creative.

So the guys who do it are immensely talented with years of experience in reverse engineering?
They don't use high level language like python or c++ do they?

while I do not have the password, I have a process running as admin already. what I want to do is install linux on the thing, but without using the boot from usb option in the bios (it's password locked). I tried searching on the internet but I'm sure you can imagine what "installing grub on windows" and similar queries lead to. fucking. nothing.

Uncle gave me his step-sister's phone cause he stopped paying on it and it's locked to her passscode and Apple ID, I already restored it, but I don't know her stuff, and I believe they aren't on talking terms.

Am I fucked? Or is there a way around this, I really need a new phone.

Attached: 36855569_980106972167663_5220342399632408576_o.jpg (1080x1080, 82K)

Please don't shit up the thread

You aren't thinking outside the box enough.
If you have the IT guy password you can create far more havoc for him.

Give up on installing grub because every hacker would just remove CMOS battery.

I'm asking for a tech way around this, sorry it's beyond your skills.

Give the phone back from who you stole it from nigger, nobody here will fall for your tricks.

>hacking
>worried about illegal activities

>So the guys who do it are immensely talented with years of experience in reverse engineering?
Just some years of experience in reverse engineering and ambition.

>They don't use high level language like python or c++ do they?
They use, but you just need to write little scripts. No big applications and code quality doesn't matter so much.

For example:
Denuvo is based on VMProtect (vmpsoft.com/)
VMProtect generates for every executable an unique virtual machine with own bytecode
To understand it, you have to reverse engineer the virtual machine (which is filled with trash and anti-debugging measueres) and then
write a plugin for the bytecode of the VM for your disassembler.

IDA has a language called "IDAPython", which is like Python, while Radare2 supports C.

We aren't helping dumb niggers steal phones.

>you are fucked. Give the iPhone back, thief!

skiddy detected.
hacking != illegal.
See companies like Zerodium or Exodus Intel.

Attached: zerodium_mobile.png (906x686, 85K)

that's true. I'll do that, even though I don't plan on fucking with them too much. nice thing is that the lab computers are connected to the internet without restrictions (opened pornhub and Jow Forums), so I can set it up to access it remotely

I would start mapping the internal network that you can see from the machine you are on.

I'm not that great at cmd scripting more of a bash guy, otherwise I'd knock up a script and help.

Also see if any new fileshares that become visible with these elevated privileges. Are there places you couldn't view before you can now on the local intranet?

neosmart.net/EasyBCD/ is able to install GRUB on Windows.

oh, that's perfect. I'll probably just install something as a backdoor and try to catch the admin password, though, but I'll keep it in mind

It's good user, although a bit wordy in my opinion. Lots of little gotchas though.

Thanks for such informative post.

Culture evolves and systems change. Discord and IRC are just tools to be used for your benefit.

>Discord
Not a chance my glowing friend.

Attached: cia.jpg (218x232, 17K)

There are 100s of ways of doing this, Jamal. There are litterally 1000s of exploit tools to bypass Apple's encryption, but the odds of anyone being as stupid as you are to post the answers on one of the most monitored image boards in the U.S is far from likely. You see, Jamal, the people here are a lot more ethical than aiding some dipshit nigger into cracking a phone he stole, just so he can brag about having an Apple product to Sheniqua and Fondisha. I'm not going to tell you to go to a pirate website and find the tools you need. I'm not going to tell you how to go to a familiar wifi access point to the phone and set up a DNS server to extract its information, or bruteforce the pin. I'm just going to let you be a dumb nigger that that steals phones without knowing how to steal correctly, Jamal. You should go back to stealing bikes and swisher sweets. At least your gang will still appreciate you. PROTIP: The latest Drakie Minaj ft. Cardi B album is out. You should be dancing.

10/10 post.

Attached: open_air_case.jpg (1589x1191, 297K)

Fucking savage. This needs to be posted in every "how do I crack this phone" thread.

Who let you out of cuck shed?

Bend over for demonstration

>hating anime on Jow Forums
There us a reason why reddit exist. All Yotsuba based image boards on the fucking internet steam from Japanese culture, and things all things that surround it. Reddit is your board. Stay there.

HTB machines are fun as fuck so I've been stuck playing them. Are these machines good for learning things that can be used on the "real" world (as in getting certs)? Or am I a shitter?

Hows your job at Walmart doing /sec/?

Attached: fuck_hentai.webm (852x480, 2.95M)

Not bad, not bad at all. How are those McBurgers coming along?

Anyone give me a hint on how to get the payload to work on HTB Bounty? I've been at it for hours and I feel like a fucking brainlet, only ping works, no other command ever returns

>Looking at paper
The internet has videos.

What the fuck is the internet?

It's not my fault that you're too stupid to hide your identity.

Worst attempt at assuaging obvious fears of surveillance ever glownigger.

>heads on fire

>using proprietary software
>not using irc
Try again.

Attached: 7 years.jpg (640x480, 28K)

So I'm dicking around on some random deepweb site and decided to look at the page source and found some binary, which took me to another page. I did the same and found pic related. (would have put pic into this post as text but it was flagged as spam)
What is this? At first I thought it was base64. Am I being really dumb or?

Attached: therabbit.png (1137x29, 4K)

nevermind it is base64, just triple encoded

Once again shilling this CTF
csa.checkpoint.com/index.php?page=chmain
it's good user, I promise

Is it CP?

Just finished The Ultimate Minesweeper. Fuck that shit I was stuck for 3 hours.

Decoded a few times it becomes

creepmhpgibse

I'm not liable for what happens if you try to decipher it further. I'm not seeing where that shit leads. That base64 is a bit tricky to type out from an image due to the font making 1 and l (L) very similar.

Hello /hmg/

I'm ready. Ita time to stop being a skid and get my career going. Teach me. I see the links but where should I begin?
Is there a beginners guide or starter pack?

Attached: 16190842.jpg (640x412, 33K)

Just like, hack things.

Read UNIX for dummies