Pentesting General - MemeDragon Edition

This thread is for the people starting out with pentesting.

Attached: images.jpg (300x168, 6K)

Other urls found in this thread:

abatchy.com/2017/03/how-to-prepare-for-pwkoscp-noob
twitter.com/AnonBabble

How tf do i port forward

I use ngrok but most people use there routers. just look up a video on ngrok

Once I get a shell on the target machine I don't really know what to do from there.
Any suggestions for fun stuff to do?

sudo dd if=/dev/urandom of=/dev/sda

Write a virus. Does your virus have a monero miner? Does it have a keylogger? Deploy a server for phishing. Scan the network to infect more computers!

>"pentesting"

Attached: 1520003105828.png (473x456, 213K)

start with ctf challenges, while you learn basic knowledge of security

is this the new /cyb/ + /sec/ thread

>quoting when quoting text with greentext
hi newfag

>"pentesting"
>pentesting
>not seeing the difference
hi brainlet
did i offend your sensitive script kiddie sensibilities?
go back to sniffing ur little sister's naughty packets

Attached: 1528088485424.png (666x468, 215K)

Script kiddie General fuck yeah

Attached: FEE67C33-0941-4482-8211-D1E514C03DD1.jpg (1920x968, 215K)

This is the most cringeworthy thread on this board right now. "Pentesting" is just a synonym for "using a thousand useless python scripts written by other people in order to ultimately fail at """hacking""" my neighbor's wifi or my little sister's phone because i have no fucking clue what i'm actually doing". You're all braindead little edgybois LARPing at being l33t h3ck3rm3n who wouldn't know a SQL injection from a dick in your ass. Stop wasting all your energy trying to look cool in front of your highschool classmates and put it towards learning something actually useful, not fucking .. Kali Linux, like this dork: Cringiest post of them all...

I recommend using metasploit + metasploitable to get comfortable with basic exploitation. its a good place to start.

No, it's not a good place to start...
The only thing you're going to "penetrate" with fucking Metasploit is your grandmother's ancient-ass Windows 7 machine after you've snuck into her room and disabled the firewall and re-enabled SMB 1.0. Every virus scanner on the planet is going to instantly recognize anything remotely resembling a Metasploit payload. It's useless garbage on anything but shit intentionally built to be vulnerable. What's the point of using "exploits" when you have no fucking clue what they're actually exploiting or how and just typing in some shit you saw on some poo's YouTube video?

so where to start then

I fully admit I’m a script kiddie. I downloaded it to play around with and learn. Is learning wrong? I don’t pretend I’m a l33t h4x0r, I just wanted a distro with a purpose and I’ve had a lot of fun with it so far. Does that make me a dumbass? I just want to be cool like you user

No, she's just upset because she's alone during the holidays.

What have you learned, honestly? It's all pretty much useless nowadays for anything but surveillance or scraping, and maybe sniffing out a friend's password or two if they're stupid enough to ignore bad certificate warnings. You can do that with any distro. Kali is a phase that'll end when you realize how shitty and useless it actually is, both the tools and the distro itself. All shit.
Skip ahead to your future, lad.
Install Gentoo.

Attached: 1530268867980.jpg (326x273, 80K)

It’s taught me a ton in terms of utilizing bash and navigating directiories and programs via CLI because while I had Arch previously Kali has provided a suite of programs that have a purpose for me to navigate, vs installing arch and being like okay I installed it now what. Keep in mind I’m approaching this completely as a hobbyist, just a guy that’s messing around with Linux. I don’t think I’m elite for installing it, it’s just a toy to play with. So far I’ve learned scanning ports, exploiting them, scanning IP’s and domains for vulnerabilities, exploiting those, cracking WiFi passwords and exploiting devices attached to networks, and other tasks I truly don’t think I would have experienced going purely off base forms of other distros. If that makes me a script kiddie that’s okay, I’m just learning as I go and enjoying it. Is that so wrong? Where would you start if not there? I don’t mind people calling me a faggot for playing with Kali as long as they could help point me in the direction of a more efficient way of instantly immersing myself in an environment that teaches by doing

thank you user, now my SSD is faster

not gonna lie, dont attempt comedy again. ever.

Why is everyone still recommending reaver?
WPS no longer allow it.

Hey, so I bought a vps and installed an old version of Jenkins and exposed the ports, the result was what I expected some botnet got access and installed a monero miner. I managed to grab some scripts and binaries. I want to see if I can grab their credentials somehow.

The other user is angry cuz most people using Kali go this way:
>me no idea what the basics of networking are
>"Me hack Wi-Fi"
>Only able to get credentials on old ass WEP networks , thinks himself a leet haxxor
>Break install somehow , reinstall from scratch
>hurr durr nmap scan
>hurr durr metasploit a windows xp/metasploit machine and get a MS-0867 vuln
>hurr durr get shell
>....what now?
>somehow break install while fiddling with useless shit
>"Okay me more serious now , me download popular book , Art of Exploitation"
>"???? what is assembly how works"
>"???book to complicated"

But if installing Kali got you legitimately interested in pentesting/hacking , that's nice .
Here's a rough guidelines on what your overall progress should look like : abatchy.com/2017/03/how-to-prepare-for-pwkoscp-noob

I trust you have enough braincells to be able to google most of this stuff by yourself.However , if you need any book (the most popular being the Hacker's Playbooks , the Webapp handbook , and the Art of Exploitation) , feel free to ask , I very probably have all of these.

Cheers.

Attached: comfycomputing.jpg (1640x1000, 237K)

post kode

Kali isn't supposed to be installed, it's a backup OS for anyone who actually needs the toolkit. E.g. If you do any modicum of SDR work, whether for security and/or research, then it's quite useful. Configuring GNU Radio et al for the entire day is for jobless fools. There's more inside of Kali than wifi related garbage.

Literally everyone who has utilized Kali also knows about OffSec's certifications, OSCP in particular is outdated even when it's praised heavily for being s00per h4rd and I just recently achieved it. Everything you've said is a waste of time. t. OSCP holder.

Better advice would be to just learn how the systems work. Penetration testing is only a valid skill that comes after immense knowledge is already obtained.

Attached: 145368527400.png (300x384, 172K)

how does parrot compared to kali?

>Kali isn't supposed to be installed
Where people get this idiotic idea that it's only supposed to be used as a live environment? The real world isn't like Mr. Hackerman where you need to nuke your shit in the microwave after every hack... It's just like any other distro, and doesn't come by default with plenty of essential tools for professional "pentesters", take OpenVAS and TOR for example. Also whenever I'd install it, there's always plenty that needed extra configuring and tweaking, not to mention upgrading.
Every time I used Parrot, all networking would be completely fucked after the initial upgrade, without fail.

Attached: 1523235700957.png (769x595, 262K)

can i use kali as my daily driver OS

Lot of nerds here would disagree, but why the hell not, there's really no reason you can't. If you want a regular user, just leave the prompt for root password blank and it will then set one up, just like the regular Debian installer. Most of the tools can be run with sudo just fine, with a few exceptions.

Whatever , just don't use root by default for the love of God.