a thread to talk about cybersecurity in
singularity edition
/cyb/ /netsec/ /sec/ /hmg/ /infosec/
Jacob Moore
Other urls found in this thread:
legend.octopuslabs.io
tuts4you.com
jcjc-dev.com
pacman128.github.io
beginners.re
flare-on.com
fireeye.com
join.eset.com
crackmes.one
hackthissite.org
stackoverflow.com
web.mit.edu
pastebin.com
twitter.com
Bentley Cruz
If one was to run a number of Twitter scripts to troll that would preclude one from using the official api, what would be the best anonymization tool to do so with?
I like that backbox has it preinstalled, how do I get that level of work in ubuntu?
Adam Garcia
How to free ipv4 to IPv6 tunnels?
Jacob Morgan
>I like that backbox has it preinstalled,
has what preinstalled? anonymization tools? I would just use a VPN that you know isn't filtered by twitter
Levi Perry
I was doing a box on HTB and the privilege escalation method was doing a shared lib hijack, ldconfig and the binary that used the shared library had SUID.
So I made my own library, used ldconfig to link it(?) (I'm still not sure what it did because the ldconfig man page sucks) and I had to add the folder with my lib to LD_LIBRARY_PATH (here was the problem).
So the question, I'm used to export variables by using the export keyword so I tried that and the output of ldd pointed to the correct library (my library) but when I executed the binary it was still using the system's library, so I tried exporting the LD PATH variable without the export keyword, ldd config gave me the same output but when I executed the binary it used my library.
Why would using the export keyword not work in this case?
I searched about the difference but the only think I could get is that the export keyword allows the sub-processes to use the variable, which in this case, I think it shouldn't really be a problem.
Justin Martinez
is zero-knowledge the future?
Logan Peterson
Finally something Jow Forums is qualified for.
Jonathan Foster
Friendly Reverse Engineering Post
Tutorials:
>The Legend of R4ndom
>legend.octopuslabs.io
>Lenas Reversing for Newbies
>tuts4you.com
>Reverse Engineering a Router Part 1 - Hunting for Debug Ports
>jcjc-dev.com
Libre ebooks:
>PC Assembly language
>pacman128.github.io
>Reverse Engineering for Beginners
>beginners.re
CTFs and Recruitment Challenges:
>Flare-On
>flare-on.com
>Binaries & Solutions
>fireeye.com
>ESET Recruitment Challenge
>join.eset.com
CrackMes:
>CrackMes.one
>crackmes.one
>HackThisSite
>hackthissite.org
Hudson Wright
I really want to learn reverse engineering but every time I try to learn about it my brain shutdowns.
John White
The start is really the hardest.
I started by reading the Legend of R4ndom and reading an assembly book ( pacman128.github.io
Try to start with something very very simple, like a self-written C program:
#include
#include
int main( )
{
char *password = "passw0rd";
char input[9];
printf( "password: \n");
scanf( "%s", &input ); //i know, it's a vuln
if( strcmp( input, password ) == 0 )
printf( "True" );
else
printf( "False" );
return 0;
}
Compile it and try to crack it.
Then pack it with UPX and try to unpack it.
Eli Thompson
Just download a list of proxies and switch them around randomly to send the requests through
Juan Collins
what debugger/disassembler has the biggest community support? I want to learn one and be done. IDAPro is so fucking expensive and I'm paranoid about using something paywalled because I might lose my license
Julian Perry
You could do it this way:
Y... You or your Server
P... Socks4/5 Proxy
O... Tor
V... VPN
T... Twitter
Y -> O -> P -> T
Y -> V -> P -> T
I would write a Chromium plugin and let it run on a cheap Linux box with chromium-headless.
Through this, your bots really act like a normal user.
For better experience, set a country for every user and only connect through a proxy in the this country to your account.
Maybe set a max. number of bots per IP.
It is very suspicious, if you connect daily from 3 different countries to one account.
Twitter will ban them.
btw: Social bots for trolling aren't illegal, as long as you don't use them for psychological warfare.
Twitter bans you, if you create too much accounts over one IP.
Ayden Wright
>IDAPro
Radare2 and/or Cutter as a disassembler.
x64dbg as a debugger.
Jace Foster
>Twitter bans you, if you create too much accounts over one IP.
that's why you'd using a VPN, so you access multiple IP's. nordvpn has a bunch
Lucas Scott
it seems so clunky to have to swap between a separate debugger and disassembler
Joseph Walker
Radare2 is able to debug too, but it's a terminal application.
It's awesome for static analysis, but personally I prefer a GUI for debugging.
Cutter isn't able to debug yet, but it's based on radare2 and they will implent it soon.
Dev told it some days ago in IRC.
IDA wasn't able to debug applications for a very long time too.
Evan Gomez
how can I tell if my mouse is compromised
Adrian Allen
Read this. It also works for your mouse.
jcjc-dev.com
Chase Morales
export variable paths only work for privilege escalation if a privileged user executes them. So if say sarah is an administrator and she has your home directory as the first path in her $PATH then whenever she executes ls, it will run your script instead of the one in /bin. Thats how I understood it. Your question is a little hard to understand though. Which machine is it?
Julian Bennett
The machine was Dab, there was no need to wait for a privileged user since the binary had SUID.
Colton Rivera
Well your question is a little confusing. Are you asking why export worked when you used it for LD_PATH and not LD_LIBRARY_PATH?
Charles Cox
Sorry, both of those were LD_LIBRARY_PATH.
#didn't work
export LD_LIBRARY_PATH=/tmp
#worked
LD_LIBRARY_PATH=/tmp
But both methods gave the correct output with ldd.
Christopher Reed
oh, iirc I think export only works on child proccesses run from that shell, and maybe the binary you used starts its own proccess? Honestly I can't tell you for sure but I know its something along those lines where export only affects the current shell.
Carson Cook
Can't really see another process created.
What I have found is that 'export' should let me share the variable with sub-processes:
stackoverflow.com
Which is weird, since I would expect that sharing the variable with sub-processes would be more useful than just using it for the shell.
Cooper Robinson
a light read to explain kerberos from 1988
web.mit.edu
Oliver Taylor
Just wait till IoT fucks us all over boys.
Henry Ward
I thought we were going to fuck IoT all over.
Dominic Martin
Hey you fucks, where is the pastebin?
Jonathan Johnson
pastebin.com
you're welcome
Luis Thompson
figured I'd post here since I can't figure this out
I have a 2.4G wifi IoT app-controlled device on my network that I'm trying to compromise. It appears to be running two network devices - one resolves with DHCP to an IP, and nmap/nitko reveal it's running a webserver on that IP with only GET functionality, and the only webpage I've been able to find just lists the network configuration. All other ports are closed.
The second device is only showing a mac address in my router, and does not resolve to an IP. Sniffing the 802.11 traffic shows communication for that mac address, but I don't get any when sniffing my wlan in promisc. I've attempted deauthing the device, but I'm not getting an EAPOL handshake (no problem capturing the EAPOL on other 2.4G devices on my network).
Any suggestions? Pretty ignorant when it comes to networks, but is it communicating on layer 2 or something?
Brody Baker
what about "The Art of Intrusion" and "The Art of Deception" ? are still relevant to read?
Ryan Ramirez
if it doesn't have an IP address it has to be communicating on layer 2