Holy shit /hmg/ is revived again? I tried to keep it going for like a week but it eventually died, glad to see it back I suppose. Haven't touched pentesting for a whiiiile, should really get back into it.
Jaxson Kelly
Yeah, previous thread(from yesterday): Some interesting discussion in there. I post it every so often, but I'll never stay consistent. Hopefully others will carry it out as well.
Lucas Kelly
bump
Ryder Taylor
any military cyberwarfare boys ITT? just started jcac and had some questions
Jeremiah Walker
I want to be a hackerman. Seriously, what's the best method for learning how to discover and writing programs for exploits?
David Smith
>best method for learning how to discover and writing programs for exploits much reverse engineering binaries
Julian Smith
Run them through a debugger or disassembler? What about binaries that obfuscate from debuggers like on mobile apps?
Ian Parker
I've played most games on overthewire and left it halfway through vortex because it got repetitive, where can I learn new stuff with other people and shit? I'm an aspie with anxiety who cant talk to people.
But 90% of vulns are bad configuration or faulty logic.
Jayden Ramirez
>Certs:
I thought this garbage was only useful for getting through HR.
Justin Rogers
i think most of it is. if you want a job then it's probably a good idea, unless you have a degree
Noah Thomas
I missed Oz points because I had no idea about template injection, don't be like me.
Benjamin Johnson
Anyone know if any good radare 2 tutorials? I have the actual manual, but it's hard to put it to use
Joseph Williams
Tutorials? Why would you need a tutorial? What aren't you sure how to do?
Nathaniel Gutierrez
Whats better; a career as cybersecurity specialist or as an embedded system engineer?
Henry Gray
Whichever you like the most
Eli Lee
Webdev
Kayden Brooks
Im actually doing a community college study for that, I regret it with passion. Luckily I can afford to study something usefull afterwards at a college university level.
Brayden Davis
I have a MS in Computer Science, some years experience in Software Engineering / Architecture and Web dev. How hard would it be for me to get into IT-Sec? Would those certs be enough?
Juan Rogers
>Haven't touched pentesting for a whiiiile, should really get back into it.
but you won't
Josiah Roberts
certs are great if you actually study to learn shit instead of just getting a piece of paper...
Samuel Miller
^ this
Connor Hernandez
Post the last thing you hacked or you're a lamer.
Sebastian Diaz
A genome database of some description. Far from my most elaborate job, just a relatively simple SQL injection.
Dylan Davis
Has anyone played overthewire's warzone?
Michael Gomez
Yeah, it's good. I've done the bandit challenges, they are a good introduction. However the fun starts with leviathan. That one is hard, i've only solved the first few so far.
Austin Cook
Any of you nerds know a good tool for cracking pdf passwords. Google is recommending trash
Lucas Murphy
I think the CTF way is to use magnum version of JohnTheRipper with pdf2john and use a wordlist like rockyou. You could also try hashcat. Other than that you could try social engineering or your quantum computer.
Joseph Adams
Is 26 too old to become a hackerman? I wasted away my youth wage slaving. I'm a barely competent programmer. I graduate soon though but the hackerman field is huge. All my cs knowledge doesn't help me at all from what I see. I'm starting at 0 the more I look into it. Tons of 15yos that can hack circles around me is a bit discouraging
With an MS + industry experience you should be fine especially with a cert but why make the jump?
Aaron Cooper
I have very little understanding of programming and technical things with computers. If I wanted to hack user accounts, are these the resources that I want to study?
Hunter Ortiz
>Is 26 too old to become a hackerman? With that attitude? Yes. Personally, I think you should do it because you enjoy it not just for a dick measuring contest (even if you later do that for fun). I don't have industry experience thought, so I can't talk from a bussiness perspective, but if you want to learn (and that's what hacking is about) then there's no age limit. And even if you're too old to be hired then you can focus on bug bounties.
Elijah Scott
what do you mean hack and what os are you talking about
Dylan Turner
In the same boat as you The Web Application Hacker's Handbook was recommended in the last thread if my memory serves me right. Found it online for free, haven't started reading yet so can't say if it is good or not
>what do you mean hack Access one's personal account without knowing their login credentials.
>what os are you talking about I'm focused more on online social media accounts and cloud software accounts such as iCloud.
Austin Cruz
What are some good online (paid or free) WPA2 handshake cracking services?
Asher Evans
to most people this is quite interesting, however I've never dived into this stuff once. What can you do with this knowledge other than a career in security? > inb4 hack pentagon
Joseph Roberts
I would be using Windows 7 or 10 to perform the hacks
Isaiah Powell
I helped write it's original curriculum
Andrew Mitchell
I want to learn it for personal use, to secure my own shit. Also try to break things in a controlled environment seems like a nice hobby
Cooper Gonzalez
how 2 hack te=he govermnent??????
Noah Fisher
I could tell you but I would have to kill you
Isaac White
So, I've been around computers since I was 8 years old. I didn't start "hackerman" until I was 21. I am 29 now. For 8 years I did hackerman stuff on and off cause I tried to rush learning things.
All im saying is. If you tried to do this, don't rush it, I did cause I thought 21 was too old to start. if I didn't I would know much more than I do now. I know a decent amount, but I know I would know more.
Colton Ortiz
I'm having some trouble with metasploit. I'm not sure if I'm setting it up right. Whenever I use an exploit successuflly, I get dropped striaght into a shell. Aren't I supposed to be able to list sessions first. I tried with both a windows/meterpreter shell. How can I get back to msf> without dropping the session?
Anyone did Reddish on HTB? I've been enumerating it for like 3 days and still can't find the fucking app.
Jason Mitchell
>software engineer He told you why
Juan Diaz
>haven't started reading yet so can't say if it is good or not I was the user who recommended it in the last thread. It is better than good, it is the best book you'll ever read on the subject.
Hunter White
im almost halfway through it. issa good.
Kayden Ramirez
I don't really want to give you advice because I hate faggots that spam shit like this. >how to hack facebook accounts? >how to hack Why do you want to target individuals? Complete fucking faggot. Anyway, learn what phishing is. I'm only telling you because I don't think you'll be able to do it successfully.
Cooper Ramirez
Should be called Crackerman General. Hacking is something different.
Anthony Gray
bandit was so much fun, is there something similar (with focus on shells and GNU/Linux)?
If youre making a website, you'll better secure it. Your persona;l security will be better
Gavin Myers
Thanks to the user in the previous hackermna general who reccommended ctf.hacker101.com before doing bug bounties. It focuses on fundamentals and more SQL, XSS, path injections and easier learning curves after getting my brain broken doing hacktheboxes.
Parker Johnson
oh lol. brute-forcing an 8 character long password takes 8^50 iterations in the worst case.
You're welcome. Are you the user who joined the group? If so, I've seen you found some more flags, congrats! We should set up an IRC or something. Could even try finding bugs together/split profits, if you want
Daniel Bell
Something I wouldn't want to do. They're most likely poor already. Could you imagine how happy they are to have a phone? It'd probably crush them if you fucked shit up.
Dominic Miller
Not advocating for rooting these devices, people need to update android and fix it.
Alexander King
Like others have said, you need to secure your own applications. In order to do this, you need to learn how to break into shit. There's also bug bounty programs, some of which pay thousands, hundreds of thousands, or even millions of dollars. There's the dark side, you can sell your findings on the black market, or exploit them yourself, if you want to be evil. You can share this knowledge, write a book or something and get some cash. You can teach lessons to others. You can potentially land yourself in a government agency, if that's what you want to do. You can start your own security consultancy. I mean, there's tons of shit, the list is endless.
Ethan Powell
>overthewire.org/wargames/bandit/ is this basically just to teach you how to use the terminal? i'm pretty good with the terminal already how much will this teach?
Christopher Barnes
>Like others have said, you need to secure your own applications. In order to do this, you need to learn how to break into shit. Which is why I will never stop shilling InfoSec. There are so many simple mistakes people can make when building software that can be devastating, and are perfectly avoidable.
Things as simple and a no brainer to us like scrubbing your inputs but for whatever reason people just don't do it.
It bugs the fuck out of me that security fundamentals aren't taught alongside normal CS degrees.
/rant
Colton Price
why the fuck would they have ADB over network enabled?
James Watson
On some cheapo devices it may be enabled by default
Kevin Taylor
Chinese shit ships with it, especially multimedia devices it seems.
Brody Harris
Damn. I would've thought that cheap shit is even more locked down to where you can't even enable developer options. Not surprised that Chinese producers don't care about security though.
Cameron Campbell
What sort of OS should i use when learning this? Will be using a VM since I'm currently stuck with a macbook. Suggestions for VMs are also appreciated
Juan Robinson
Every tutorial will most likely use Kali. Like OP says, it's a meme but it just werks and has everything you need to get started.
Once you're familiar with how you're doing things you can branch out to other OS's.
Kali provides prebuilt VMs for download on the OffSec site, so you're perfectly fine starting there.
You could actually if you wanted to, kill these ADB sessions remotely and disable it. If you want to white-knight and show your face in the media.
Connor Miller
Ave you ever tried playing CTFs? >Are you the user who joined the group? >I've seen you found some more flags S-stop stalking me. A way to communicate could be cool, to be honest I really feel like I've hit a wall on learning so I'll probably focus on reading some books for a while. Those last 5 boxes on HTB are a pain in the ass, and I had to decline the first Hackerone invite because it looked way too out of my league. I wonder if we could set up a somewhat stable hmg ctf team, I've always played the defcon quals alone and they're really fun but I never get too far.