In /hmg/ we discuss pentesting, ctfs, exploits, and general being a hackerman. Elliot edition > Resources: VM/CTFs: overthewire.org/wargames/bandit/ >easy beginner bullshit vulnhub.com/ >prebroken images to work on. hackthebox.eu/ >super secret club ctf.hacker101.com >part of hackerone, a bug bounty program. Find flags, get private invitations to bug bounty programs
Tools: kali.org/ >meme dragon distro but it just werks metasploit.com/ >scriptkiddie starting point and swiss army knife
I can't hack a single htb machine, that means that I'm a complete useless and I must end my life?
Asher Parker
Give 'Access' a try, getting user is really easy you just need to keep pocking around. Supposedly 'Help' is straight forward too but I haven't got around to trying it yet. If you're more in the camp of 'no idea where to start' though, just watch ippsec's videos and google any tool he uses you're not familiar with.
Nathaniel White
What's a good fuzzer for black box? I've been reading up on AFL but that's more of a white box setup.
Kayden Gutierrez
I'd start with otw. It's progressive
Ethan Taylor
Additional info:
I've used both AFL and WinAFL but those are both used to instrument the source at compile time. I need a true black box fuzzer, both for compiled binaries and network protocols
Daniel Garcia
niggers
Ryan Martinez
Just do the easy ones and keep learning....it took me a month to get my first user and three months to get my first root.
James Thomas
how good do y'all think National Cyber League is? I was able to place pretty well in it because I bashed head to wall for 30 hours in a 48 hour window but I question if it has any real value.
Jason Evans
Nah man that's where everyone starts.
I know this might feel like "cheating", but watch or read some walkthroughs when you get stuck. Do something like this: 1) set up the VM and try your best. 2) get stuck. 3) watch a walkthrough up to the point where they do the step you're stuck on. 4) pause video. 5) go to 1. There is *NO POINT* in getting stuck on something for hours; you might eventually get it but since you wasted so much time, it's just not very efficient. But always try everything first, of course. Even the idea you think has a 0.1% chance of working. Because every 1000 times, that works ;) Eventually you'll need the walkthroughs less and less, and one day you'll be making your own!
Some good Youtubers: Ippsec, LiveOverflow, Derek Rook, OJ Reeves, Kindred Security, and a lot more!
Caleb James
How long did it take you autists to start hitting bug bounties? Assuming basic Linux and programming knowledge
Dylan Long
how to crack/bypass a basic http autheticator? it's a challenge that's part of the application process for a summer internship position
Brandon Price
friend was doing it before me, really wanted to do it, did my "first" one yesterday, I fell in love and want to pursue it more, it's the best damn thing I've done in 5 years, and 5 years ago I could have done it, idk what was holding me back. Pursue it fucker.
Is running through hacker101 a good way to get up to speed or is that a meme?
Christian Adams
its still info, your call, but I would say yes.
Dylan Johnson
Yes to good idea or yes to meme?
Gavin Hughes
yes to good idea.
Charles Peterson
Today I learned how to secretly embed shitposts into images I upload (didn't do it to this pic in case your wondering). Also learned a bit about networking and data packets. What a productive day.
lol, thats all you did? slacker. Learn networking stacks front to back then you can show your face around here.
Nathaniel Lewis
Kek I am Slackerman. Downloading meme dragon right now. About to pop this skid cherry
Connor Young
I got user on access but Im stuck because I know very little about Windows CMD, I know its some stupid little thing. I got root on Carrier which was awesome. The latest box is def on par with Reddish, super advanced and hard. When I can own a box like that I'll know Im ready for OSCP.
As a separate issue, I asked this before, how do I do an nmap scan on a website that using a service like Cloudflare or a load balancer? I want to bypass Cloudflare and connect directly to the website, if anyone knows where the research materials are Id appreciate it.
Aiden Russell
Its nice for fundamentals and actual real world bug bounties. I learned a bunch about SQL and real world stuff, and got an invite to own a website for cash which is awesome. Being able to be a hackerman without the 3 letters after you and get paid is great
Cooper Wilson
I use hackthebox as learning. If you can't get anywhere use it as a point to learn. Learn nmap, learn burpsuite, learn dirb. Learn how to find cracks in the system. Learn how to think like an admin, and where they might have been lazy. Even if you can't get a flag right now if you're learning its not time wasted.
Cooper Moore
> Im stuck because I know very little about Windows CMD I'm in the exact position as you user. Just keep googling shit and hopefully we'll both figure it out. I'm unfamiliar with Carrier. Is that a retired box? If not, how hard was it? I might take a look. I'm unfamiliar with how Cloudfare really works, but nmap is very good at getting around restrictions placed on it's probing. I would google around it, maybe look at specific nmap commands and you might find something.
Ahh, I had looked over it because the difficulty bars didn't all seem stacked to the left, but looks like user is a lot easier than root so I'll try it.
