Haven't seen one of these threads in a while, but they're the best on Jow Forums. In /hmg/ we discuss pentesting...

Haven't seen one of these threads in a while, but they're the best on Jow Forums. In /hmg/ we discuss pentesting, hardware hacking, exploits, and general being a hackerman.

- CTFs and competitive events belongs in /ctf/ -

Resources:

VMs
overthewire.org/wargames/bandit/
>easy beginner bullshit

vulnhub.com/
>prebroken images to work on.

hackthebox.eu/
>super secret club

Tools:
kali.org/
>meme dragon distro but it just werks

metasploit.com/
>scriptkiddie starting point and swiss army knife

Tutorials/Guides:
abatchy.com/2017/03/how-to-prepare-for-pwkoscp-noob
s3ctur.wordpress.com/2017/06/19/breaking-into-infosec-a-beginners-curriculum/
>From zero to OSCP-hero rough outline, and how to infosec.

youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA
>IppSec, video guides for retired HTB VMs.

Certs:
eccouncil.org/programs/certified-ethical-hacker-ceh/
>CEH, only looks good a resume to non-technical in HR

offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/
>OSCP, the big dick swinging exam, 24 hours to own 5 machines and a further 24 hours to write up a report detailing your methods.

*UNAFFILIATED TRASH - AS LULZEC TAUGHT US - TRUST NO ONE!*
Community:
IRC: #Jow Forumssec @ rizon.net
Discord: discord.gg/3Y7Mr52
Matrix/Riot: riot.im/app/#/group/ hmg:matrix.org
anonops.com/

Attached: hackerman.png (680x680, 888K)

Other urls found in this thread:

youtube.com/watch?v=2TofunAI6fU
github.com/spacehuhn/wifi_ducky
twitter.com/SFWRedditGifs

I have security orientated projects I'd love to work on and general shit I'm trying to learn, but doing it alone is tough. I don't know where I'd find anyone on roughly my skill level to do shit with - right now I either know script kiddies who'd be useless or experts where they'd just end up teaching me shit rather than working on anything together which I imagine isn't super fun for them. Where do communities exist where you can find more people into being hackermen?

How do you learn hacking?

are there any chans for hacking?

>how do you learn hacking
This youtube video puts it quite well:
youtube.com/watch?v=2TofunAI6fU

tldw - you don't learn 'hacking', you learning everything to do with computers.

Hey, so i know kali isn't a good OS to run on a laptop installed, but i do want a good flavor for laptops

What is a good Linux flavor for an old laptop with i3, 4gb of ram and 1tb memory? i kinda want to use AWS for a project so that's a consideration.

bonus points if it will let me dualboot kali/backbox easily. i want to try the "hacking" Distros and i'm trying to study the kali revealed book atm

Oh fuck haven't seen this in a while.

Ok, so, Heres some updates. A while back I made mention of

tl;dr at the bottom.

>wifi usb keylogger
A month ago I decided to pick up this project again. Re did the whole code, I ended up switching the hardware slightly
>originally it was, arduino pro mini 16mhz, usb host shield, esp8266 12f

I spend two days wondering why esp8266 would work but not the usb host shield.

I said fuck it, I grabbed my old teensy 2.0, and remembering all the problems I had, coding wise. I removed all libraries I used, updated arduino to latest version. I reinstalled only the libraries I needed. Voila! fucking thing works perfectly now, did some key remapping, I did test run for 3 days straight, not once did it power down or anything.

new hardware
>teensy 2.0, usb host shield, esp8266 12f
I also saw they have a even tinier version of the usb host shield. and a smaller usb leonardo type arduino, I may buy those two in the future just to make my hardware in a smaller form factor.

There is some problems
>cant use alt codes
>alt + tab doesn't switch properly

I may not even implement alt codes, since no one uses them. But it might end up being easy to implement.


Another project I am currently working on

>esp8266 rfid skimmer

I came across a bluetooth rfid skimmer, and figured I can do the same thing with a esp8266

I usually look on github for references to help me go in the direction to achieve what I want. Apparently there is something like this already called
>esp-rfid-tool

Its exactly what I am planning to do with mine.

tl;dr
>usb wifi keylogger
>esp8266 rfid skimmer

How do i turn a normal USB Into a rubber ducky?

This is the wrong thread to ask what distro is best to use. Go to the friendly GNU/Linux thread for that. For hacking, it doesn't matter as long as it's Linux based - all you need are the tools that Kali comes with by default.

>wifi usb keylogger
Sorry but, what? I'm unfamiliar with this concept - is the keylog data sent over usb or something?
That does all sound pretty cool though.

Can't, usb device needs a chipset that can emulate a HID (human interface device, keyboard, mouse etc...) Which in arduino that chipset (or non arduino) is atmega32u4.
>arduino leonardo
>arduino pro micro
>any teensy
theres other variants, but those are the most common.

I actually came across a repo that is called wifi ducky.
>github.com/spacehuhn/wifi_ducky

Wifi usb keylogger
You plug the usb keylogger in, and then you plug the keyboard into the usb device. program grabs keystrokes saves them to a file, and then repeats same on to the computer.
>pic related

Attached: kusb_inst1d[1].jpg (275x210, 14K)

That's just a keylogger - where does the wifi come into it? Does it have an adapter too to send data somewhere?

I am using esp8266, has its own hidden AP, or I can connect to existing wifi and send the file every day at midnight.

This is a good idea for the hackerman thread

i think the most basic hackermanning would be stealing wifi like a nigger and hiding it.

How do you do that, hackerman general.

Ahh I thought that might be the case. Do you have any intended uses for this like actually logging someone without them realizing or is the hardware too hard to hide?

Please don't come in here and just go
>how do I hack??
complete with reddit spacing and all.
Take a look at some of the guides in the OP if you want to get started, or ask specific technical questions about what you're already trying to do.

You mean how to steal wifi? Easiest way Is just to just park near a business that has wifi available and use your phone or laptop. Most are either unprotected or have insanely simple passwords. Not technically stealing I'd guess, but kind of is since most intend the wifi as a perk for customers.

You walk in and ask them their wifi password.

fine how do i crack a wifi password with bruteforcing methods found on a standard kali distribution and ran from a liveusb while also hiding the fact that i'm doing so.
You know i'm a 4channer since like fucking 06 and you have the nerve to call me reddit just because i 'm self contious and like to spellcheck my shit wen it's not all fucking cramped like my dick in your moms pussy and i've always typed like that shit and everyone fucks with me for it. like fuck man i have bad spelling and it's easier for me to spellcheck everything
I only need the internet for browsing Jow Forums,Jow Forums, MAYBE /asp/ if i feel it, and downloading packages for programming while i'm trying to teach myself more about hackermanning and botmaking. and i have adhd real bad and i'm trying my best to make this all work but it's hard and i can't find anyone to sell me adderal and it's taking a while to find a psych

so i try to find little projects i can do and figure out why they don't work to teach myself because every time i sit down to read books they all go on weird tangents on file management or weird math i sorta get and i don't understand it and i want toget back to playing vidya but i know i need to foucs on work instead and it's hard so plz be nice and help me a bit.

*sigh*
usually I'd tell you to fuck off but you poured your heart out so much I feel a little bad.
The general process is:
>sniff for WPA authentication packets with your laptop
>send out deauth packets to speed up packet capturing
>get a long password list and mount a dictionary attack on sniffed authentication packet
If the password is weak you'll likely get it. If not you'll have to look into key reinstallation attacks which I don't know much about. You do all this with the aircrack suite, and you hide the fact it's you by changing your MAC address.

aircrack-ng you criminal retard, imagine using a fraction of the time you took writing a long form essay to use the information superhighway and search for that.

thank you. I'll do this when i get home
also i figured it would be a good general topic that others would like to know about so if i figure this shit out i'll write up a pastebin for the OP or something so others can hackerman too.

Can macspoofing be beaten? Or is it a meme that you need to fry your chips like elliot after a hack or if someone is backhacking you? I Know TAILS Has aircrack and macspoofing, are they easy to find/use on kali when it's a liveusb? What about running it from a virtual machine?

Honestly you probably don't even need to spoof your mac but it's an effortless task so there's no reason not to. The more likely instance of you getting caught is being the only guy sitting there with a memepad on security cam at the same time the deauth packets were detected, but again this is assuming anyone will ever even know or care you 'hacked' their wifi.
Eliot micowaving his shit is a meme yea. The only times you would ever need to do that is if your hardware had the possibility of being seized in a raid and examined with cyber forensics, ie you literally hacked the FBI or some shit. Which in fairness I suppose eliot did literally do.

>try diminutive of downstairs neighbour's daughter as wifi password
>it actually fucking works
jesus christ
i did actually break some other ones that were WEP and WPA with WPS enabled, but those were lower signal

Most likely not, I like to do stuff like this just as a learning experience without actually applying it IRL, I guess im LARPing in a way.

Ok not the fag you've been replying, but sound like me except moms pussy bit.

>fine how do i crack a wifi password with bruteforcing methods found on a standard kali distribution and ran from a liveusb while also hiding the fact that i'm doing so

Openwrt on a portable router. Especially if the battery is already included. You can hide it in your pocket.

what do /hackermen/ use as daily distro?
debian with forensics-extra or centos/fedora with forensics tools repository?

Arch, obviously.

Nah really though it's Debian all the way for me. However, OpenBSD is always worth throwing in a VM or ssh box, as it's basically a security-orientated hobby distro.

kali is debian based so I don't see problem using debian.

I was using Fedora myself since the trackpoint on muh thinkpad works smooth af and has a very nice mapping on the touchpad with the libinput driver. But the package manager is way too slow and forensics tools aren't on red hat systems repositories. I wonder how they do their pen testing then, it would be funny if they don't use red hat on their laptops; I've read they make a server to compile those tools for the security team or something amongst those lines, it should be smoother than our hippie distros but now I can see nothing beats the convenience of debian. Gonna make a full encrypted ssd install on muh thinkpad right now of debian stretch.
But more than anything fuck arch babies

This would be more social engineering, right? I don't know/want to know anything about my neiborhood. I am moving to a better one

So if mac spoofing is easy, how do people get caught being hackerman

also what does TAILS do that makes it anonymous? Could you make a script for, say, gentoo that makes your surfing just as user? or is tails a meme?

OpenBSD

second

Attached: 0J9B644.gif (1166x875, 212K)

meetup.com

I realised that I know nothing about networking. What is a good read to become an iptable master?