/hmg/ - hackerman general

Now I'm intrigued, which service would you find on 7686?

>which service would you find on 7686?
EXACTLY MY FUCKING POINT. How does one fuzz an open port?

Why did you answer a joke post seriously?
Anyway, I never tried fuzzing but you should probably search for a network fuzzing tool and learn how to use it.

>you should probably search for a network fuzzing tool and learn how to use it.
>network fuzzing tool
I'm not a script kiddie. I use C and I can write a tcp/udp client/server, but I don't know the first thing about fuzzing.

Using tools does not mean that you are a skiddie. I found a tool and the tool told me that for fuzzing you:
-send "random" message to port
-check if port is up
-repeat until port is down
For the "random" messages you should probably use test cases eg. gitlab.com/akihe/radamsa/tree/master/tests
But I'll let you learn by yourself since you're no skiddie.

>Using tools does not mean that you are a skiddie. I found a tool and the tool told me that for fuzzing you:
Using other people's tools is the definition of a skiddie, but I appreciate the resource.

I don't think you're using your own OS or web browser or drivers but okay.

Lol, I meant in terms of hacking.

Using other peoples tools without the understanding of how they work, nor the willingness to understand how they work makes you one.

Something something definition of hacking but let's not continue because this will turn into a Byzantine discussion.

Bump because this thread is a good idea

this thread has a lot of autism
might as well ram yr head into a brick wall until your noggin stops working

>might as well ram yr head into a brick wall until your noggin stops working
Why?

because just feeding random data into a black box is dumb and boring

>4channel
>lot of autism
Way to go sherlock

i'm not sherlock but i know wwho you are

I don't want to sound like a faggot, but I want to get into amateur "hacking" as a hobby. Besides learning programming languages, what are some sources I can read up upon?

we get this post every time
just start reading papers and watching talks or something
figure it out yourself

Attached: 1543263308304.gif (700x921, 53K)

lmao who hurt your frail ego.

ctf.dscvit.com

Can someone help me solve this?

Attached: download.jpg (300x168, 9K)

>soul eater
are u a child

no but pls halp

In which challenge are you stuck?

Stuck at /error

I'm even confused about the first one.

I'm stuck at challenge 2.
Spoiler for the first one: all you need is in the url.

I figured as much, as there's nothing in source code. It looks like binary with decimal

I tried octal and hex, converting it to binary, doing a Caesar shift on the output, even tried XORing the output with incrementing keys. Then I realised that it wasn't actually related to hacking and stopped wasting my time.

bamp

Attached: 1540669923209.jpg (750x436, 17K)

Shouldn't a hacker be able to recognize patterns and thinking before just doing random shit?
See

I'm more into reverse engineering than identifying patterns honestly. I'm not a "hacker" though, just have a curiosity for how things work.

>hackerman general
>discord

LMAO
M
A
O

A lot of reverse engineering is identifying patterns, and identifying patterns is related to hacking because you often have to understand what kind of crypto was applied to certain strings, for example padding oracles.

I don't do crypto stuff very often. I hate maths, I stick to code and coredumps.

This

How do you beat the first challenge?

Anyone know the pedo?

Attached: sketch-1541549984325.png (1202x1080, 881K)

i've been playing cat and mouse with comcast and they've got me pegged as of late

how do i properly anonymize my computer? I've tried using macchanger -r -b wlan0 and such but no dice. i also tried clearing my cache of previous network connections but they still notice my laptop

how do i spoof my UUID or failing that, otherwise hide my true ID?

The budday?

You have to find what kind of encoding was used, it isn't binary because you have 8s and it's probably not hex because there's only numbers. Look for repeating strings.

The pedo dubs boi

Attached: paulofiddler.jpg (1002x900, 88K)

That doesn't make sense. Just tell me. I did a google search, and I'm highly suspect that it's a waste of time.

I mean, if you don't care about it then it is a waste of time.
What kind of thing did you search in google? There are plenty of ways to represent a character, the number system used is not even esoteric.

I think you're full of shit.

I know that this is 4channel but any more than this would be too much:
100 101 118 118 102 101 101 115 115 116

Posted this on /netsec/ but the thread died

Anyone else /redteam/ here?

Pic related; gear i brought for week 2 of on site red team gig

Target is on the 20th floor; with the yagi i could see beacon frames for their wireless network, but couldn't see any clients, and couldn't disclose PMK using frames with RSN IE field set. Probably a range issue

Tomorrow going to do some phone calls to try and get some more info on target. Shoulda done this last week but Thanksgiving happened

I need to get on their floor, or close enough to be about to interact with their wireless. It's all WPA2-PSK.

Also have some phishing emails to send out but i might hold off until later in the week.

Attached: gear.jpg (2814x1953, 2.32M)

you're a fucking faggot dude

>16120
>222343

If you have those, take a pic and prove it.
Why not use a drone with a travel router and have it land some where closer, and go off of the router? I would do that. Or get on the 19th floor and try from the bathroom.

Why? Cause he does red team?

The only pentesting shit i need is a ford f250, a farmer's supply of AMFO and a map with the DNC HQ circled

Also how can I try red team or get started?

I don't have a drone lol. All this gear I've purchased so im definitely missing some stuff. I buy a few new toys every year at defcon. Yeah we're going to try that tomorrow probably; just don't want to arouse any suspicion from the guard. It's an open lobby so we shouldn't even have to tailgate.

Hard work and luck. You can teach yourself everything i know with google and a stack of books. Get good at a few programming languages, learn basic sysadmin on Windows and Linux. Build a home lab with active directory. Start learning how it works. Do hackthebox and vulnhub until you can do it in your sleep.

Congrats you're a pentester. Now do it for 2 years, bust your ass working days and nights and weekends to git gud. Get OSCP. Keep excelling and eventually you get the red team work

Attached: h.jpg (1080x1920, 1.16M)

I do have some knowledge on "hacking" but I guess doing it to get paid without worrying to go to jail is a plus. Maybe I should look into this to actually get better

>build a home lab with active directory
I know about a home lab, I use to have one, just a couple linux based boxes, and windows box ended up collecting dust with them, but what do you mean by active directory?

Is there a good way to simulate doing some kind of network operations in a real world corporate environment? I.e. a CTF that doesnt just involve one box and actually forces you to pivot and shit. I like CTFs but i feel like they're nowhere near representative of what a real engagement would look like at scale.

>not opening your engagement with the easiest most dumbfuck method of gaining a foothold

Nice expensive epeen my dude. Enjoy your webdev job where you fantasize about doing real shit.

>what do you mean by active directory?

Attached: DENIRMzXUAAEhxL.jpg (403x448, 16K)

I never had any reason to know about active directories before. *shrugs*

>I do have some knowledge on "hacking"
and
>what do you mean by active directory?

are mutually exclusive.

but considering
>active directories
and
> *shrugs*

I r8 this b8 notgr8/8. Enjoy your (yous) faggot

Attached: 2e2bb857590c514788d7f34bd2ce1e03eea2bcaf737f9dc3a79558ce0a9460d3.png (500x471, 130K)

Please don't. The industry is overrun with skids that watch mr. robot and google salary numbers for security analysts and think they can do it. Then you go get a shitty degree from some community college, join some fucking clubs and miraculously get an internship with some actually reputable company and fuck everything up. If you're older than 14 and you haven't done anything meaningful by now (wrote a tool, actually gotten a cert, actually submitted a bug bounty) you need not apply. We're good.

Navigating corporate networks requires familiarity with Windows and active directory

OSCP and rastalabs.

Client wants a full test. Doesn't matter what's easiest, I gotta hit everything

What did you do before turning 14 years old?

>Client wants a full test.

Then youre not red teaming. Red teaming is about impact and/or adversary simulation. Red teams provide the client with an understanding of business impact for a breach and emulating tactics that real world attackers like APT's would actually use. You're doing a vuln assessment or, at best, a pentest. No threat group worth their salt needs to buy a fucking wifi pinapple or a drone because theyre smart, they dont waste effort 'testing everything'. They know that their very best chance at gaining a foothold, outside of compromising an edge service like a web server, is phishing because people are always dumber than computers. You're either full of shit, trolling, or a really shit at your job.

Two out of the three things I listed my dude. I wrote a tool that I still use on engagements as do my colleagues (a powershell c2 framework in case youre fucking curious) and submitted a bug bounty for $500. It wasnt anything major but my point is that I was invested in the industry before I gave a shit about 'getting paid and not going to jail'. Security demands passion because its a bleeding edge field. If you dont care enough to actually do things before you're registering for college then you will not survive, period.

Cool call it whatever you want to call it. Spend a year in industry or consulting, and you'll realize that none of these labels actually mean anything.

We're emulating what an adversary (2 guys) can do in a month. Yeah i could probably sit on my ass at home and phish, or i can tell the client where their actual weaknesses are, instead of just "your users are dumb".

How old are you now?

>Yeah i could probably sit on my ass at home and phish, or i can tell the client where their actual weaknesses are, instead of just "your users are dumb".

Again that's not red teaming, thats a vuln assessment. Also, if you think the labels don't matter then you're definitely full of shit. Not only do they matter specifically for consultants from a billing perspective, but also if you're not explaining to clients why these service levels are different then you're doing them a disservice. If a client like you're describing said to me "Hey i wanna know what some shmuck with a raspberry pi taped to a drone can do to our network" it's my responsibility to say 'Ok i could let you pay me 250 an hour to play with a drone and my dick, but I can absolutely guarantee you will never actually fucking see that happen ever.' You know how most real world breaches start? Phishing. You know why? Because it works. If you're not accurately representing to your client the risk of certain attack vectors then you are a shitty consultant. So you're either that, a fucking fraud, or a shyster. My money might be on all 3

This might be a retarded question, but is a meterpreter shell supposed to be a fully functional shell? It seems that way since I see guides for "upgrading" to a meterpreter shell, but I can't do a lot of things with one. Like piping something through grep, for example.

I am self taught, I never tried to break into a computer outside of my shitty home lab, I never set one up since I knew I wouldn't do this for very long.

I mostly just build shit to "hack" for me.

For example, couple projects still working on, its mostly done just re doing the code to optimize it

>wifi usb keylogger
>esp8266 rfid skimmer

I just started radio frequency, and just last weekend I was able to replay readio signal to make my cheap doorbell go off.

So I don't stick to one thing for too long... Hell at least I am asking now and learning more shit since this red team stuff seems interesting, and can incorporate multiple things into it.

meterpreter shells have specific functionality for postexplotation, i.e. loading mimikatz for cred dumping, setting up pivoting, etc. They have grep tho so idk what your issue is.

Older than i used to be, it's impolite to ask

>If you're older than 14 and you haven't done anything meaningful by now (wrote a tool, actually gotten a cert, actually submitted a bug bounty) you need not apply. We're good.
How does it feel to larp on an imageboard full of nodevs for asspats?

Lurker here, also a security consultant who does red teaming. What this man says is the truth, though clients are almost always idiots who will pay for whatever you tell them, especially if they think it's cool.

just nuked it lol
*dab*

lmao look at this faux boomer doing the gatekeeping.

look at him!

Come on grandpa, don't you think that the game has changed since there is much more focus on security than it used to be?
Someone told me to try bug bounty on one of these threads and I found that it's full of farmers taking all easy shit, I obviously suspect that the chance of finding something critical that is not found by the farmers is very low and probably not worth the time.

LOL gr8 b8 m8 I r8 8/8

Sameposting - the other issue is that clients typically buy this stuff (from me, at least) to meet a compliance requirement for ISO or PCI. Sometimes a SOC 2 report requirement.

Those certs and attestations don't have much real criteria for what constitutes a vuln assessment, a pentest, blah blah blah. They also don't often allow phishing as part of an engagement since it reduces staff trust (no matter how effective it actually is.)

> clients are almost always idiots who will pay for whatever you tell them, especially if they think it's cool.

Hence why has a neato bag of shit that no actually threat group would touch with a 10 foot pole.

I never said i was 45 fucking years old, even if I did put my real age what reason would anyone have to believe it. Also, i'm not telling people to stay away from security specifically because of how old they are, the point is if you really didn't give a shit about security until you're out of or near out of high school you probably dont really care enough to be truly successful.

Well yeah if you're just trying to meet compliance standards you probably want something that's as minimally invasive as possible. I dont want my doctor putting me through 6 medical trials if im just there for an insurance physical. Most clients i've had that wanted PTRT shit was because they're just coming off an IR in the past few months and they want to test their teams response/test the efficacy of all the new monitoring, hardware, and services they undoubtedly just bought.

So meterpreter shells can only run commands that they explicitly work with?
I'm just messing with metasploitable and the specific thing I tried to do was to privesc by spawning a root shell with an suid-set nmap.
My meterpreter shell won't let me run nmap but a regular old shell will. So I got confused since I got the impression they were supposed to do everything a regular shell can.

Makes sense. I wish more of my clients were like that.

dude, what the fuck are you talking about? "threat group"? you are full of shit.
Please tell me how you're going to phish your way into a company with 15 employees within the span of a month.

You can call it a red team, an adversary emulation, a widely scoped pentest, i dont give a shit. The request was "we want to know if it's possible that we can be hacked." I have one month to do it.
What should i call it so your fucking head comes out of your ass?

*"we want to know if it's possible to hack us"
sorry im not proofreading these posts because you arent paying me

>Please tell me how you're going to phish your way into a company with 15 employees within the span of a month.

This is literally the question they hired you to answer. If you cant answer it you're in the wrong line of work Go read some actual statistics from real world engagements and educate yourself. God help any company that hires you they might as well have burned the money or hired literally anyone else from this fucking thread.

I had the good fortune to work for a company early on that had a pretty large, pretty diverse client base so I get good referrals.

If you need to run actual bash commands you can drop into a real shell from meterpreter but I think what you're trying to do doesnt make sense.

A meterpreter shell on a host sends commands to *that* host, you're not running stuff locally. So unless the machine you have the live shell on has nmap installed you cant run nmap from the shell, meterpreter or otherwise. It's like SSHing into a box, its as if you're sitting down at the cli on that box meterpreter just has a different feature set than bash because it's designed for postex

Sameposting So if you want to run nmap 'from' that machine you should be pivoting through it or install nmap on it and drop into bash to do it. Meterpreter might have built in hooks into nmap though I cant really remember offhand.

Read this: offensive-security.com/metasploit-unleashed/

Good on you my dude. I currently do about 75% offsec work and 25% compliance auditing, but I'm working on building out a PTRT/labs department that will hopefully give me more autonomy to take it the way you've gone.

What the fuck are you talking about? I really hope you arent a consultant.
If a client asks you to tell them how vulnerable they are on every attack surface, what should it be called?
you think every breach has happened because of phishing?

I don't even know who's the pro hacker and who's the lamer in here.