/hmg/ Hackerman General

Resources:

VM/CTFs:
overthewire.org/wargames/bandit/
>easy beginner bullshit (bash skills)

vulnhub.com/
>prebroken images to work on.

hackthebox.eu/
>super secret club

Tools:
kali.org/
>meme dragon distro but it just werks

metasploit.com/
>scriptkiddie starting point and swiss army knife

Tutorials/Guides:
youtube.com/watch?v=2TofunAI6fU
>The Secret step-by-step Guide to learn Hacking

abatchy.com/2017/03/how-to-prepare-for-pwkoscp-noob
>From zero to OSCP-hero rough outline

youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA
>IppSec, video guides for retired HTB VMs.

Certs:
eccouncil.org/programs/certified-ethical-hacker-ceh/
>CEH, only looks good a resume to non-technical in HR

offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/
>OSCP, the big dick swinging exam, 24 hours to own 5 machines and a further 24 hours to write up a report detailing your methods.

Resources:

>web app hackers handbook.
Thanks IBM!

ibm.com/developerworks/community/files/form/anonymous/api/library/635ec0e2-2989-4663-82d2-3488f9d16dd8/document/09d6ec5f-ff2f-4901-8d44-05d10e848bc5/media

>OSCP videos

magnet:?xt=urn:btih:f91feb6d2ea93f1c3c03b6be52051c2df72da1b7&dn=CERTCOLLECTION+-+BASELINE+-+SANS+%26+Offensive-Security&tr=udp%3A//tracker.coppersurfer.tk%3A6969&tr=udp%3A//tracker.zer0day.to%3A1337&tr=udp%3A//public.popcorn-tracker.org%3A6969&tr=udp%3A//tracker.leechers-paradise.org%3A6969&tr=udp%3A//explodie.org%3A6969

>Advanced Penetration Testing

danwin1210.me/uploads/F3thinker !- Hacking 2017/1. Advanced Penetration Testing Hacking 2017.pdf

>learn assembly and C

leaksource.files.wordpress.com/2014/08/hacking-the-art-of-exploitation.pdf

Attached: hackerman.png (680x680, 898K)

Other urls found in this thread:

74.62.91.143
twitter.com/SFWRedditVideos

Best distro a workstation?

Hannah Montana Linux.

stupid question here, so i got kali from kali.org, they say to verify the hash, i did and its legit, allegedly. my beef is if i got the iso from them and they provide the file and the hash whats the point of bothering to verify it, they could have given me a file full of lolicon and named it kali.iso and i wouldnt know the difference. how am i supposed to verify a hash properly.

Attached: Phineas+and+ferb+early+years_410f9b_5710926.jpg (607x960, 105K)

fedora kde

This,

nigger that's the point, the hash basically validates THEY have given you the file. Good luck finding out the "official iso" is tampered with a hash256sum coincidence. The point is not to find out if the iso content has something bad, it just confirms they have given it to you so you can trust it. They run the same algorithm (a function of the file) on the file to get the same code so both files are the same. Lurk some more Tyrone

>literally no small tight not communities and IRC is dying


Anyone know if any good Matrix channels? Is the cock.li chat good?

>not justin beiber
kys

The only true FREE linux distro, made by the best coder on the world and great leader Kim Jong Un himself, the Red Star OS

>Comptia message missing
>still has LARP “advanced penetration testing” book
>no link to high on coffee sheets but a link to metasploit and Kali instead
>no mention of lab building

Sage goes in all fields.

what if someone mitm'd the website and changed both the ISO and the hashes?

Did anyone here do the Google CTF challenges? They seem incredibly hard, so much so attempting one somewhat demotivating me at simply how much I still have to learn. Not the beginner quests, they're fairly trivial, the real challenges. In particular I took a look at 'Perfect Secrecy' and with some research I managed to realize that the key would be to exploit it's lack of padding, but then when reading through the write up on github for how one of the teams did it I was completely lost. Are these actually just really hard or am I brainlet?

Since you don’t understand what a MITM is, you don’t have any business worrying about this shit.

inb4 BUH IT COULD HAPPEN

then get a vanilla Debian install from one of 12000 billion trusted resources and install your tools manuals

i pressed the off button on a computer when i was a child and became the smartest person in my family
did this happen to anyone else?

Like everything else, it'll just look intimidating at first. Just keep learning and doing more research

Hey fellow hackermen. I bring ArcheryOS updates.
>Now with openrc (im thinking of adding a runit option on install, but im still not sure, thoughts?
>Actually have my own repository
>Online installer, to ensure you have up-to-date packages from the get go
>More package selection in the installer, including a choice of DE/WM (rather than whatever is on the iso)
>The ISO now ships with both xfce4 and i3, so you can choose what to boot at the DM (just in case you're not super autistic and want an actual DE)

Does anyone have any ideas on what else I should add?

What has everyone been working on?

First time I've caught you talking about this - can you elaborate on what ArcheryOS is? If I had to guess, Kali but Arch?

Anyway, general recommendations based on my experiences with various distros:
openRC is solid, obviously providing people the choice to easily switch is always good though.
I do hope there will still be an offline option though?
Package selection at install is great - I would recommend having users chose their DE/WM first, then give them the options of what DE/WM specific packages they want from there. For example, with Debian if you chose 'KDE' at install, you get the full blown DE with knobs on, but if you only install core utils then KDE from apt, you get bare bones KDE, allowing you to specifically chose the utility packages you want like calculators and task managers.
I very much approve of the default DE. To be cool though I would have Wayland as the default and replace i3 with Swing.

>First time I've caught you talking about this - can you elaborate on what ArcheryOS is? If I had to guess, Kali but Arch?
ArcheryOS is an arch based pentesting distro, thats targeted to people who actually know how linux works. For example, Kali ships with armitage and zenmap, archery doesnt do this because you are expected to know how to use the cli, and not rely on a gui, which is why in the previous version ArcheryOS only shipped with a selection of WM's (which i later realized was a little too autistic)
>Anyway, general recommendations based on my experiences with various distros:
>openRC is solid, obviously providing people the choice to easily switch is always good though.
My main problem with adding runit support is that it is still a little buggy, and I dont want to deal with issues that are actually the devs problem. Perhaps i will though. Should i release a systemd version as well?
>I do hope there will still be an offline option though?
There is no reason i cant add an offline install, but that works on just copying the filesystem over to the new disk, so that would remove the package selection.
>Package selection at install is great - I would recommend having users chose their DE/WM first, then give them the options of what DE/WM specific packages they want from there.
Which is exactly what i have done. First there is an option to install the bare DE/WM, e.g. xfce4 or openbox, then directly after there is an "Install Extras" menu, where the user can select xfce4-goodies, obconf, and a bunch of other pkgs like themes, firefox, etc. Then i have one last entry where people can type out software not included in the menus.
>I very much approve of the default DE. To be cool though I would have Wayland as the default and replace i3 with Swing.
*sway
I can look into that, but im not sure how compatible wayland is with openrc.

If you have recommendations then post them and we'll integrate them into the next /hmg/. That's how these things grow.

74.62.91.143 yeet

>74.62.91.143
What is that?

Research says it's some sort of network appliance by a company called Blueprint RF marketed towards hotels and airports. I'm assuming that means that this is an appliance at one such institution.

Why the hell would they give it a public IP though? That seems incredibly risky.

I got my old pixiv account logged into by some Portuguese nigger today. I quickly deleted the account and checked the IP pixiv server emailed me, and it led me to his MikroTik RouterOS cloud based router login page.
Password was secured already, and he was on up to date version 6.42.7 or whatever.
I tried the latest Mikrotik exploits on exploit-db and those packaged with Routersploit on a Kali VM behind a VPN, but it looks like there's no working exploits publicly available for this version.
Shame cause I woulda pranked his router settings on him if I could have.
This has gotten me a bit more excited about offensive security again, and I had fun going through some the python based exploit scripts and trying to make sense of what they were doing and stuff.

You're a fucking nigger and too stupid to be using kali linux if you cant figure out what good a hash is for.
A hash is there to confirm that network activity disruptions didnt result in transmit of a corrupt package, and to ensure that their downstream line isnt hijacked and being injected.
They typically host the hash in plaintext on the website too, so you know your downloaded hash key is not also injected.
This is how CCleaner notoriously got hacked, the hackers verified their corrupt package as an official release, and since CCleaner dont host hash files, everyone using it got a payload dropped right into their systems that opened them up for a 2nd rootkit payload and a 3rd low level hardware infection payload.

Fucking niggers and their l33t hacker OS cant even fucking understand hashes.

Could this possibly be a target?
>no https lmao

Attached: derrgedurdur.png (1919x1013, 41K)

Browser? Is that like a chromium fork or theme?

Torch, I have no idea

Attached: idc.png (1919x1079, 351K)

Yes, it is a chromium fork.
Idk bout you but I would just use ungoogled chromium, since it's just as effective at rendering and you have more confidence in your privacy.
If your browser let's you use the chrome store directly to install extensions, instead of forcing you to manually download them and install them, its gonna be paging Google everytime you use your browser and telling them system details and extension list details and shit.

Sounds like an even edgier kali but I dig it. On an semi-related note wouldn't it be cool to have a pentesting distro made for pi's. Could call it a blackberry pi.
Anyway, yes you should allow the option for systemd. Don't let Jow Forums autism get in the way of freedom of choice.

>Sounds like an even edgier kali but I dig it.
Thanks dude, its not so much edgy, just more aimed at having a more personalized pentesting workspace. If you want edgy check out blackarch.
>On an semi-related note wouldn't it be cool to have a pentesting distro made for pi's. Could call it a blackberry pi.
Kali has an arm version, but there is no reason i couldn't make one
>Anyway, yes you should allow the option for systemd. Don't let Jow Forums autism get in the way of freedom of choice.
Ok thanks for the advice.