In /hmg/ we discuss pentesting, ctfs, exploits, and general being a hackerman

Anybody have a bug bounty walkthrough they actually got paid for? Trying to put my penis in my first website, regular tricks have been patched it seems...at least im learning...but i havent seen a resource for reading old bug reports

Anyone else here actually smart enough for the super secret club?

I owned first root and user on one box and user on another....practice 8 hrs a week...

Fuqu3 u i is el1te 1337 haxx0r

Owning boxes feels amazing, just rooted giddy a few hours ago, 8th box.
Should I go for ethereal?

If you have to ask...
Never have done keylogger shit but I can see three* steps that you need to overcome.
>1) Are you capable of writing your own keylogger or modifying one?
Unless you find a keylogger that does what you want, and because you're posting here I guess you didn't, you'll have to make your own. I would start here github.com/GiacomoLaw/Keylogger .
>2) If you're rolling your own keylogger you have to find a way to infect the computer via USB
I really have on idea of this, are autorun files still a viable way to infect a computer? An executable hidden as a movie would suffice? Can't really help on that.
>3) Bypass NAT (Firewalls?)
On most networks you'll only have to bypass NAT, which means you have to send the data back to a server with a public IP (you'll have to find a host outside the jurisdiction of your country I guess).
For more important networks, with the real juicy info, you'll have to probably bypass some kind of firewall. I think the best but slow way to bypass a firewall would be DNS tunneling. Maybe this can give some clues (sans.org/reading-room/whitepapers/dns/detecting-dns-tunneling-34152)
>*) Antivirus?
This could fuck you up on any step and ruin the whole plan. A never ending game so you'll have to define your own limits, only ever done it with msf payloads.
This could be an starting place:
- shellterproject.com/
- null-byte.wonderhowto.com/how-to/hack-like-pro-evade-av-software-with-shellter-0168504/

Really, it all depends on how much time you want to use and the level of your target.

Sure why not lol...i pwned carrier and user for access(so close on root....goddamitt. Its tricky). Next target is Flujab which starts as a cloudware server called clownware lol

Pretty much, but it depends on what your goal is. In reality it's mostly trying to understand obfuscated code and extracting interesting endpoints and keys, followed by your usual web hacking. But cracking a game usually means diving into native libraries with IDA.

btw, anyone here know a working way of intercepting Android traffic in [current year]? Which means >=Oreo, SSL pinning and ignored user certificates. Xposed modules, magisk, frida, default gateway instead of proxy, tunneling through openvpn and sending it to a transparant mitmproxy, ... Nothing really works, and I'm pretty much out of options now.
>inb4 just patch every single app

I've done access, what are you stuck on, I may be able to push you in the right direction

Whats wrong with python 3. I prefer it to 2.7

Meh...the r**** command...i know what im supposed to do but not the exact phrase for how to do it. Funny thing with hacktheboxes too, if u get stuck dont forget to reset the box...i hinted one guy root carrier and he couldnt get it because the box needed a reset.

Is it safe to do hackthebox scans on mobile running anlinux debian in termux? It doesnt have acces to my storage so that should be as good as a vm right

Oh yeah that one had me for like 2 days, I was typing the right thing in, but I didn't have the right syntax, look at the help for runas and you will eventually get it

Ive tried so many times.basically gave up

I actually don't remember the exact thing I typed in, I'll go ahead and root it again for a refresher then I'll help you out some more

Was able to access the admin desktop with one command (which ive forgotten now) but not read root.txt.

Also give ypuffy a go, that's a real fun one

Cool thx. Seems a but unfair too since the box will throw me off or freeze often.

Will try....carrier was me breaking my cherry, its a lot of fun...strongly reccomend. Hint:use burp

rooted that one the other day ;D

Damn you pro hackerman....any general tips? Goal is to increase my speed and pwn harder boxes (such as reddish) to prep for oscp

Nail your methodology, and if in doubt, enumerate more

I don't really know, everytime I try the same payload on 2.7 and 3 I get different results.
eg: "A"*40 + b'\xef\xbe\xad\xde'
Python2.7 correctly returns to 0xdeadbeef
Python3 returns some gibberish thing like 0xde32adbeef
It's also just one random byte wrong, I guess it can't be stack padding since it's the same binary. The only answer I could get was that by using strings on python3 it would output unicode characters so you have to use byte strings (that was the correct answer for the stackoverflow post I can't find again) but it still doesn't work for me.

>0xde32adbeef
I meant 0xde32beef

Good info, ill chime in on some stuff.

Find a language you like, for me, I wrote a keylogger in python for windows, and in Golang, I actually moved to making physical keylogger device using arduino, and esp8266 with wifi, this project is done code wise, I just need to go in blender, and 3d model a enclosure for it, but ive been putting it off for months.

Anyways, This is something you need to do coding wise.

Dont use timers, hook the .dll file.

>have program first start by checking for antivirus installed, google around on how to check for AV.
>if there is antivirus, modify the system registry to accept your program as safe
>make a throwaway gmail and have keylogger send a text file every few hours or use a cloud service, and read the API documents on uploading files through your program.

Ok so deploying your payload.

Theres a book called
>social engineering: the art of human hacking
I would recommend reading

There was a couple of examples I read about planting USB devices from that book.

Examples:
>put a usb flash drive in the bathroom of the building youre trying to infiltrate, on the floor or on the sink counter
>or break/lunch room
>parking lot near cars

Those will probably be the most successful, Now, You can bind your program into a zip file, and name it something someone would be curious
>The Fappening PT 3 doesnt sound too bad

Make a team on HTB so I can beg for some hints.

U wanna form a team? Do some ctfs maybe?

No, still re-figuring out the runas command XD

I can't hack a single htb box, what now, i should kill myself?

Look for Ippsec videos and try to learn the flow.

checked, just use LOIC

Oh yeah what's your htb username, I'll look at your stats and we will see

My stats arent great, one root + user and one user...usernname is "overwrite"

Try easy ones first....dont kys trying the harder ones. Basically, my method is do 8 hours straight with little breaks. But the most important thing is to learn. Learn nmap, dirb, bruteforcing in metasploit. Learn burp. As long as youre learning its not a day wasted. Learn to think the right way....like an admin or web designer and how they might have fucked up.

I've done really well and learnt a lot on some HTB boxes. But the more CTF style ones where you're supposed to pull the stego out of an image can go fuck themselves.

>Meh...the r**** command

Some of these god damned hint patterns do more harm than good.

What's everybody's OS / hardware?

R8 H8
deb8
mastrb8

Attached: screenshot.png (1366x768, 500K)

Arch + Linux Hardened + Blackarch repos
On a thinkpad x240.

Ethereal root is fucking killing me

is this the new /cyb/er /sec/urity thread

>hackthebox.eu/
where do we get invite codes from

Is there any pentesting or hacking cert that's worth a damn?

Attached: 1536789675062.jpg (162x311, 7K)

Thank you very much for the help anons much appreciated, will come back and share my successes or failures

Attached: image0-1-1.jpg (957x1024, 146K)

>feel free to hack your way in
Learn to read

I want to get started on hackthebox.eu

What website will help me learn enough to hack in? Will hacker101 be enough?

Jow Forums.org/c4ph-certified-Jow Forums-professional-hacker/

lets do it together user join the irc

Its on the general you numb fuck you

Just hack in, idk why it's so hard lol

My house doesnt have internet. I'm on my phone which has unlimited data.

Unrelated I just made it into bandit0.

I have no formal education in computers so after learning how to use linux commandlines and figuring out ssh just through looking at the puzzle, I'm happy. Onto bandit1

>Unrelated I just made it into bandit0.
bandit was fun I gave up after like 7 Id do that user if I didn't have home internet

Well I'm fairly popular at the local library and I do have laptops. Eventually I'll just use my phone once I bypass hotspot restrictions.

Unrelated, so I opened readme on bandit1 with nano, but I cant copy-paste it. Do I need to escalate my privilage to copy-paste it or do I just type the password out manually?

Also thank god for termux

bump

you use the password to gradually login to the next bandit

Nah I got the password, I just cant copy paste it.

I'll take from your answer that privilage escalation is not needed and I should just quit being a baby and type out the password manually like a fucking luddite

write it down

Just copy it from your terminal, for me it's ctrl + shift + C for copy and the same but + V for paste

he's on a phone

bamp

Was talking to a friend about kali linux. He said some people put it in raspberry pi, make it as portable and disposable as humanly possible.
Dunno, should I try this out? Last thread talked about duat booting vs live booting vs VM but no one ever brought something up like this.

hack the planet

>what is pwnplug
>what is jasager / pineapple
First you should be familiar with using kali and its tools from a big screen. Then you can try the portable way. This because it's the same shit, just done either automatically, or commanded with another handheld device, like your cellphone, connected to the kali device with wifi or bt.
If your're not already familiar with the environment, this can be painful.
But when you're confident about your skills, you can pack a small device with kali, hide it in your bag, or leave it in a office, and crash your targets with no survivors.

CTFs are pointless
Just go break some real shit

bamp

>btw, anyone here know a working way of intercepting Android traffic
I guess it depends on how Android handles SSL certificates. You'd need to find away to force the use of a certificate for which you have the key. Can Apps stipulate which certificates it should use refusing to work otherwise?

>medium.com/@appmattus/android-security-ssl-pinning-1db8acb6621e
>medium.com/@felipecsl/bypassing-certificate-pinning-on-android-for-fun-and-profit-1b0d14beab2b

Now this I like

>Can Apps stipulate which certificates it should use refusing to work otherwise?
That's SSL Pinning in a nutshell, yes.

Second link = patching. Not always the easiest, and that's assuming apktool want to recompile the app again.

>bypassing nat
You can configure your router to route NAT tagless (I forgot the name) connections to your ip. Firewalls are pretty easy - just set up a shitty website on a third party hoster in another country and use your keylogger to initiate HTTPS connections to there and encode data inside. Virtually no corporate firewall blocks web connections originating internally. I would think virus scanners and AD would be more difficult. Standard corporate AD policy restricts installs, some disables USB thumb drives completely (I happen to know my local PwC branch does this). I'm not sure if obfuscators would work well enough, but any unobfuscated open source code is a big no. Definitely have signatures on the scanner.

>Virtually no corporate firewall blocks web connections originating internally.
I guess I had too much CTF and lack real world.
Thinking about it, wouldn't an IPS/IDS be more common than a firewall nowadays?
Depending on the IPS I guess sending back to a mail or even a facebook would be more safe? I think some of them inspect packages by statistics so a weird ip/host may trigger something.

>IPS/IDS
Anything larger than medium sized firms have the works. IPS/IDS, firewall, endpoint protection and AD are considered industry minimums. I have much less experience with IPS/IDS - just did some short work on my schools QRadar - but you are right in that they primarily work on traffic/time analysis and destination. They do support signature matching, but none of them can crack HTTPS or other public key encryption unless for some werid reason they have your receiving server's private key.

ibm.com/support/knowledgecenter/en/SS42VS_7.3.1/com.ibm.qradar.doc/t_qif_adm_decrypt.html

If you send data in irregular clumps when data is transmitted it should stop the typical RAT/real time keylogger appearance. And of course you'll want to only send traffic when your infected computer is being used, not at 2am in the morning. In practice, IPS/IDS have no authority to stop traffic. It's always done through the (human) SOC team in the 3 tier system. You're right that a weird ip or url will flag things. Not because of software - there would be riots if a company implemented an internet website whitelist. But because when any suspicious traffic gets flagged, the first thing the tier 1 analyst does is check the destination. QRadar provides something I think called X-Force intelligence, it's a list of known or suspected evil sites. Other SIEM tools probably have an equivalent - a custom site won't raise anything. BUT the analyst will suspect something if your website is bogus and they see some guy - or maybe multiple guys - start all continually going to it.

You could mitigate this by programming you malware to alternate between different sites or by programming your site to swallow the keylogger data then redirecting to a legit site so when the analyst tries to access it it looks OK. This is a bit overkill because if you don't flag any time based filters, no one will be checking your traffic. Tier 1 analysts have time limits to clear tickets.

I've been doing it on and off for 8 months and the plajeets always beat me to the low hanging fruit. Also haven't found a single paid bounty yet. So maybe you will. Good luck

You have to use a conversion function in Python3 instead of just casting your string to a byte value. So b'string text here' would not work, but bytes("string text", "utf-8") should work. Reason for this I believe is python3 needs to know the encoding type for strings. And if UTF8 doesn't work, try ascii.

just got my invite to hackthebox and i cant even fizzbuzz am i hackerman yet

>mfw while playing bandit
youtube.com/watch?v=PKg2ZzPKl2M

Python string encoding with binary was always a mess even in 2.7 it was just a mess that was well traveled that people learned to deal. Python 3 is kind of shit show for some things.

I remember I wrote something simple like reading from the std input a csv file and it was like 5x slower in python3 than in python2, might not be the case now though.

Most of us here probably learned like that too, then went into some form of employment or education in the field.

and get caught because you're shit bc you never practiced your skills, glow more faggot

Do a fizzbuzz then you will be.

i would post my fizzbuzz in python but im too brainlet to post code on g

[mohammed]
allahu akbar
[/mohammed]

or use pastebin and post the link?

do you guys fuck with those hack kits like the one hak5 sells? looking to invest into something like that if it worth.

Where can I find an exact SHA-256 documentation? How exactly it's doing iterations, step-by-step

Ok let me give you my insight.

Theyre overpriced, what are you wanting to do? the kits are just openwrt devices with pre installed programs nothing special.

sorry guys, I found it

ya thats what I was thinking as well. Saw it was $200 and I wanna do pen testing, just got into hacking and it was the most interesting thing in the field to me

Learn to program, that will help, once you start to understand programming you realize how easy it is to do this shit.

Write it in c nigger

Attached: fn.png (870x339, 12K)

I feel like if I took notes on professormesser's compTIA class it would take too much time and I'd end up getting bogged down in the minutia of networking. How much of this stuff is really important if the suggestion that comes along with his compTIA class videos is to play them at 1.25 or 1.5 speed?

What language do you think would be most useful, I'm familiar with C# as it is the language I've been using in my shitty mis classes.