Just got started on Bandit and hoping to finish it within the next week. Also taking a software vulnerability course at my college that seems like it could be cool, albeit a little too abstracted thus far.
As a sidenote: Should I just bite the bullet and dual boot Kali onto my laptop instead of running it through a VM?
dual boot it NOW, on a VM there are many options that arent usable, or retarded as fuck to configure, and you will use your full power of your machine, go on fren
Hudson Diaz
Will do user, I figured I would have to go that route since I was experiencing a non-negligible amount of stutter since my daily is a pretty weak gpu wise, I just needed the peer pressure to make the leap hehe
Ayden Clark
I run kali on a vm and just give it 4gs of ram and a little extra storage, no problems
Asher Hill
Any anons want to explain the hackthebox reddish to me? Ippsec just finesses that box and after 10 min im totally lost. Seems like high level networking....whats some good resources for networking for being a hackerman? Should I start with comptia network?
Henry Sanders
Took a quick look at ipsec video and, at least for me, it seems that he is over complicating things for the sake of teaching the thought process. I remember that it had two main problems you had to deal with: 1. Lack of tools, you're forced to write shell scripts to do the scanning (Ipsec seems to do that), or you can just upload your favorite tools for the job. Hint: You'll need static binaries. 2. Port forwarding, you're forced to learn port forwarding to pivot between machines, I wouldn't call it high level networking but it's a very useful skill. artkond.com/2017/03/23/pivoting-guide/ If I had to make a short explanation about the box I would say: "Get a shell, upload your tools, enumerate, pivot to the next box". At least that's how I did it, I'm pretty sure you could even automate the exploitation just using the webapp but I was too lazy to try it.
Justin Turner
I've lost the motivation to learn, what things can help to recover it?
Elijah Campbell
synthwave and drugs
Chase Cox
What are some good sites that are useful for keeping track of the latest vulnerabilities that have been discovered?
Bentley Lewis
Porn
Camden Thomas
your fucking nigger ass, it just keeps you depressed, go nofap, it helped me
Charles Jenkins
Apparently I'm too much of a brainlet to use hashcat. Anyone care to help? I'm trying to crack hashes created with this python script: import hashlib import binascii
password = input('Give a password to hash: ') salt = b"2213dcd3820c18c559cc389c8bd22e6b3b0b3f410f01ecf1aac95faf1716e169" pwdhash = hashlib.pbkdf2_hmac('sha512', password('utf-8'), salt, 100000) pwdhash = binascii.hexlify(pwdhash) print((salt + pwdhash).decode('ascii'))
For testing I'm trying to crack the hash when you input "foobar" into the program.
I wrote this python script to put the hash into the right format for hashcat: import base64
with open("passwords.hash") as f: content = f.readlines() content = [x.strip() for x in content]
f = open("passwords2.hashes", "a") for hashes in content: beginning = "sha512:100000:" salt = hashes[:64].decode("hex").encode("base64")+":" password = hashes[64:].decode("hex").encode("base64") hashCatFormat = (beginning+salt+password).replace("\n","") f.write(hashCatFormat+"\n")
I also created a textfile foo.txt which just reads "foobar" for testing.
Then I run: /hashcat -m 12100 -a 0 -o cracked.txt passwords2.hashes foo.txt
but I cannot recover the example hash. What am I doing wrong?
Anthony Peterson
You get depressed because you're a namefag, that has nothing to do with porn.
Andrew Martin
I'm a total scrub without a couple days worth of experience with C++ am I in for pain if I try and jump into OSCP?
Jackson Russell
I usually just use jtr but try just using hex format instead of base64
Tyler Nguyen
Yes, you'll probably want to kill yourself for wasting 800 bucks.
Cooper Harris
This just gives a Token encoding exception. Thanks tho, I'll try jtr
Evan Adams
why not just use the liveUSB?
Blake Hughes
is Abatchy a good place to start then?
Lincoln Murphy
Mind trying it was jtr? Apparently it supports pbkdf2_hmac with sha512 but I can't get the format right...
Evan Morales
you need jtr_jumbo version(startpge is your friend); honestly its hard to tell you what your problem is with hashcat w/o seeing stderr, but I'm guessing something to do with the hashfile being formatted incorrectly.
Leo Smith
A what? Do challenging vulnhub or difficult hackthebox.eu vms if you want something close to the oscp. There was a pdf floating around from an older offensive security course that gives you a basic idea what to expect. Search the Jow Forums archives.
Matthew Young
the blog in the OP, ye dingus
Kayden Peterson
I tried hotwiring my Van this morning unsuccessfully for 20 minutes until i realised the fucking battery was flat
How's your morning?
Cameron Collins
Disagree with this completely. Give an example of something you can't do on a VM.
Henry Gutierrez
I have jtr_jumbo. It just says $pbkdf2-sha512$100000$saltInBase64$hashInBase64 (can't post full thing since it thinks it's spam) is the wrong format. With hashcat I'm not getting any errors, it just doesn't find the password. So yes my hashfile probably is formatted incorrectly, the question is how. Any ideas?
Hunter Brooks
bump bring up my post
Henry Turner
Wheres a good resource on using netcat? Ned to learn
Carson Taylor
unironically, just get arch linux, download the archstrike repos, and install whatever tools you want. If you're going to use kali though, just dual boot it. Not worth getting it to work on a vm
Jason Perez
Why it works fine for me
Nolan Bennett
kinda slow for me on old hardware. if it works for you, however, then I guess you're good to go.
Jonathan Powell
Fuck, its been a while since i have seen this bread. What is everyone learning?
Kali is a meme, use parrot for an easy to use, debian based, pentesting distro
What made you want to start learning pentesting in the first place, user? Find a part of pentesting that you do still enjoy, and teach yourself how it works.
This general gets posted nearly everyday glowinthedark/rebbit man
Evan Howard
>you dont waste that much time on Jow Forums >you must be from leddit Well memed, friendo
Kayden Peterson
>You dont waste time on Jow Forums So dont, leave
Austin Evans
To be fair, wasting time looking for this dead general everyday instead of learning is very dumb.
David Richardson
No, i have a free day today faggot
Jordan Mitchell
Do the VM, INSTALL KALI LITE and install what you need, there u go
Charles Barnes
INSTALL PENTOO
Chase Ross
It literally sounds like peepee in Portuguese
Bentley Parker
>Learning Learning what, which distro is the best?
Elijah Sullivan
>Learning what Not gonna make it
Adam Fisher
>Can't understand english nice try pajeet
Brody Price
Not really sure what you're talking about so I'll just call you a retard. Retard.
Bentley Scott
no retard, he isn't a retard, i'm going to call you retard, retard
James Jones
I received a mysterious .dta file from a sketchy coworker at my previous job last year. It's obviously from his "side gig". He was offering me a ludicrous amount of money if I could extract the data from it, but he wouldn't tell me where exactly his contact got it from.
I opened the file in a text editor and noticed it had strings containing peoples' personal info and names of magazines. I'm guessing it's subscription info. I've since left the company due to some serious issues and rediscovered the file today in my USB drive.
I tried analyzing the file with TrID and it says it is 100% a VXD (Virtual Driver) file, which doesn't make a whole lot of sense since the file itself is known to be a database and is dated to 2017.
Are there any other file type analysis programs I can use? Better yet, does anyone know of a database system that uses .dta files? I've already tried all the obvious ones (MySQL, SQLite, mongoDB, SATA, and others) and they were unable to open it.
It's probably a database or spreadsheet encapsulated in another format. If you don't know where to go from here, it's probably a lost cause.
If you check for recurring data and find it (repeated names for example) it might mean it's not compressed, which could mean you could extract useful data just by exporting strings.
Tools I'd recommend are 'file' 'lsblk' 'dd' and 'xd' I'm not going to try and explain the process I'd use because I have nothing to gain, like I said, if you don't know where to go it's probably a lost cause. The fact that you can find names in the file means it's probably unencrypted, and possibly uncompressed, which means reading it should be a piece of cake. Worst case you'd have to reverse engineering a proprietary data format which isn't hard just time consuming, and doable with nothing but python (or dd xd and cat if you're crazy)
Julian Rodriguez
I don't think it's compressed either since I can plainly read names, addresses, magazine names, and more.
I'm honestly just curious what the fuck is in there and why that sleaze was willing to pay so much for it. The reason I want to track down the original program is in the off chance there's something interesting not in the plaintext.
Isaiah Sanders
Well id use Unix 'file' to check the magic bits, and also just read the file header and Google it. A vxd is a somewhat generic type of proprietary file, and if it has that header it might be another proprietary format unrelated to vxd. If it is a vxd, you need to track down the driver to read it. It's likely that you can find additional headers inside the file for whatever the true format is (if it's actually a vxd file, which is a type of container or virtual disk), if you can find additional headers you can simply read from those headers until the data begins to appear corrupt then assume you've found the end of a file. A crude way of operating on this file could be to run file recovery (or 'undelete') software on it. To do that you might have to register the file as a device, on Linux you do this with the 'losetup' command which let's you point a loopback device to this file. I don't know how windows and os x do it.
There are also plenty of programs that will dump all the strings of a given format (ASCII, utf8, etc)
Also keep in mind that many file formats are unencrypted but nevertheless require a password to open in their application (an example of this is Microsoft's JET format which Access uses)
Evan Wright
Nvm figured out how to do it with hashcat
Jaxon Phillips
>What is everyone learning? the absolute basics of pentesting
Jose Parker
Hello /hmg/ I beginner with RF, and I am attempted to clone a garage door at my work so I have my own. I recorded the signal, twice, for each button. Theyre near identical but near the end of the signal seems to be slightly different (maybe its still within the microsecond tolerant threshold?)
Anyways I noticed this garage door opener has dip switches, and was watching samy kamkars video on garage door openers and the one he was talking about dip switches.
My question is, how can I tell what type of encoding (if any) is being used, and if garage door openers are using dip switches (this one seems to be all in the down position) could it still be using rolling code, or is it fixed code?
Liam Howard
i'm doing meme exploit ctfs for funsies m-maybe i'll do something worthwhile
kali? can't I just install the pentesting tools on my dd if it's already linux?
Isaac Price
Yes, kali is just a linux OS with installed tools.
Joshua Morgan
anyone here actually write exploits? i have no idea where to start...
Kevin Walker
Different kinds of exploits. Which are you looking at to learn?
Charles Sanchez
android APKs and windows binaries like a fag at the moment
Nathan King
How do I write a privilege escalation exploit to get boyfriend access to a cute girl?
Caleb Cook
money works well but you gotta shill out time for that proprietary shit
Robert Garcia
I know the main difference between 32bit systems and 64bit systems is the memory space, but how does that translate for exploit writing? All the books I find are for x86 arch and intel asm (mostly this).
on a more fundamental level, the 2**32 times larger memory space means brute forcing to find memory addresses for shellcode isn't feasible, and you therefore need an information leak in addition to a memory corruption vulnerability
i made this image if you guys want to use it for next thread btw
>Are there any other file type analysis programs I can use?
Binwalk?
Jaxson Jackson
Well in linux if you used Strings command, it will extract the strings and you can go through it.
Matthew Long
first u need to find a bug. then u can turn it into a primitive if it's reproducible then u can start playing around in yr favourite scripting language
Depending how deep you go you might need to learn C and or Assembly, both are commonly used for malware analysis, reverse engineering, binary exploitation, and exploit development. This also will require you to learn things like GCC, GDB, IDA, Hopper, and all the fun stuff. But this can be really really hard to learn, but is incredibly rewarding.
so a couple felonies for corporate espionage should do the trick or?
Austin Reed
Where has everyone been why isn't this a constant thing like /agdg/ is? Can we start up a discord? What's everyone learning? Is there an irc channel yet? What is it if there is one?
Lincoln Stewart
heres an idea why dont we make an irc server and constantaly attack it
Hudson Wood
Look at it this way, a new protocol means new flaws on implementation.
Lucas Bell
vm machines are easier to setup on our own user
Joseph Smith
An irc was already created and it died, because there's a big difference between hacking and game development, for example, showing what you have done is not as easy or exciting as videogames. There's also the difference between the people that wants to do it for profit and the people that wants to do it for fun, and also the fact that time used posting here is time not used learning new things.
I would really like to join a Jow Forums cyber security discussion even if it's outside Jow Forums but idk where the IRC is and this thread didn't help too much.
My background: failure computer science major but learned a shitload, and now going back to community college for a cyber security degree. Just more interested in security in my 30s than I thought I would have been in my 20s and love learning. Pls invite to any discussions.
Nathaniel Anderson
I made a irc called #Jow Forumsentoomen on rizon. I use pidgin and I go and add irc.rizon.net and then just join #Jow Forumsentoomen
Jack Carter
so the object was to have a place people can congregate and provide something that anons and have fun with by attacking and defending.
Anthony Johnson
#Jow Forumsentoomen is up!
Connor Jones
ok I might join when I go to my bed
Nathan Stewart
I'll only join if there are girls
Aiden Miller
girls are cool
Kevin Brown
I'm a girl
I-I'm cool right?
Owen Rodriguez
*pretends to be semi-chad* Yeah I guess you're ok
Juan Martin
just talk the talk and have a decent CV with IT experience under your belt. people can tell if you're the real deal. when I applied for my first IT job (in software development for a university) -- which wasn't security I already had experience doing unpaid/volunteer IT tech/web dev/ security work for a few local businesses and charities. but my emphasis upon applying was always on my interest and experience writing exploits and participating in CTFs in my own time; eventually I managed to work my way into a security analyst role at the same establishment after only a year of working for them.
Roommate owns these zmodo brand 720p cameras, and a zmodo doorbell, quality is actually pretty good
Question is I like these little cameras, I might buy some if I get my own place, but I dont want these cameras reporting back to ching chong, and my question is
What can I do to where I can still remotely view these cameras away from home, but still cant talk to ching chongs.
I was thinking of making a separate network, just a router, and have the cameras connect to it. Then I would ssh into the router over wifi and have ssh connection routed to me to view the feed.
But that seems it will still connect back to the ching chongs. SSH wont be open all the time so IDK
Jaxson Ramirez
don't connect it to the internet or root it and set up some nice iptables rules. you could alternatively configure your router to do the same if it has decent firmware. like you suggested; using a jump box might be one of the easier methods if your router sucks or an exploit for the device isn't readily available or infeasible to produce.