Going very slow on Flujab, wish it was a skiddie friendly machine. Also, has someone pwned Querier? I just get a reset connection package
Levi Flores
SO i'm trying to prepare for my OSCP and i found a grant program that will pay me to take certs, but i have to start with A+ and it'll take 8 weeks to learn how to install a printer an shit like that, which i allready know how to do without issue.
would it look bad against me in the job hunt if i skipped A+ and went straight to Sec+ or even higher level certs? Right now i'm playing around with kali and wargames, as well as working on my python skills, and i really only get 1 cert paid for by grant, so i don't want to waste it on A+
Jonathan Miller
Pretty sure flujab is some advanced red team shit which I need to learn before OSCP. im not an employer but word is comp.network and security is the only ones worth getting.
Evan Reed
>Pretty sure flujab is some advanced red team shit Not really sure what you mean by that, but I think that the hardest part of it is the big attack surface. Doing the blind database thing with a side channel is slow as fuck.
Blake White
I'm on mobile rn, how manys points is it worth? I need to own one more box or 3 users to get myslef from script.kiddie to hackerman
Jack Flores
40. If you follow your enumeration checklists you should have no problem on getting one more, just be sure to not ignore the clues inside the machines.
Kayden Martin
can someone help me with bandit6? how do i get started?
Ryder Walker
Irked was real good.for.root....its cool that even when im frustrated trying everything i end uplearning a shitload about how linux werks
Luke Hernandez
Post the problem and ill help u out. U can just google walkthroughs tho...esp for bandit
Liam Collins
I don't know if it is an unpopular opinion but I didn't really like bandit, as in I ignored it and went to natas, because it feels likes you learn some really niche things that are useful mostly on very weird CTFs.
Connor Powell
The password for the next level is stored somewhere on the server and has all of the following properties:
owned by user bandit7 owned by group bandit6 33 bytes in size
this is the issue. and i don't even see the directories to look in even with ls -a
this is my first hacking experiment and i managed to get this far. should i be trying natas too?
>should i be trying natas too? Maybe play bandit until you feel comfortable moving inside a server from the terminal, then you should really do natas since it will teach you the most basic vulns on web pages.
Charles Bailey
i can do that movement easily, like if i know where a file is on my laptop i can terminal there with ls and cd commands
how much bandit should i do?
fuck me you're right, i'll finish it up tomar. my internet time is almost up
Tyler Baker
>how much bandit should i do? Really depends on you, I got bored fast since it becomes just terminal fuckery, that might be useful sometimes but only once you're already "inside".
Aaron Roberts
right, like reading hidden files an shit.
question for all
if i'm trying to get into infosec and prepare for my OSCP to try and break into the industry, would
be a good starting point or should i try something else, like Sec+
Austin Sanders
In my quest to learn everything, I'm thinking of starting a repo to organize my research and notes. Whenever I have a question about how something works, or how to make something, I'll form a hypothesis and try to make the smallest possible examples that are heavily commented with primary sources from documentation showing how I arrived at that knowledge. It will look like this guy's:
This should work better than having a bunch of disorganized folders named "test" full of crap I never look at again, which ends up with me trying to re-research the same things over and over again. I work with a security researcher who has a PhD and notice he brings a paper journal around everywhere he goes to write down thoughts, so there must be something to keeping an organized mind.
Cameron Kelly
Where is the RCE in redcross? Do I use action.php post vars to trigger a sendmail rce, or in otherwords wtf am i doing wrong?
Ryder Hernandez
Do you have the admin cookie? From my half assed notes: first you have to do xss and then you literally have command execution (as in natas tier shell_exec) in one section of the admin panel.
Xavier James
just completed bandit12. never felt like such a hackerman! thou i just did xxd then file then whatever decompress was needed and then repeated that till i reached text. Anyway to do it in like one command?
Lincoln Lopez
and so, the hackerman general finally dies
Luis Miller
I just completed it as well last week and figured you could write some type of shell script that finds the extension and decompresses accordingly. Fuck if i know how to implement it though haha
Mason Butler
it would be a cool project and utility in fact id be surprised if a universal compressor didnt exist already that you could just run recursively. Lol computer just shut down and lost my password for level 13! lucky heaps of walkthroughs. i'd be cooler is the servers updated passwords periodically thou so u couldnt cheat.
Mason Brown
Not used Kali in over 7 years when it was known as Backtrack. Recently started using it again to break into my neighbors WiFi and I'm having some issues. Reaver is useless now as most routers instantly lock you out. Fluxion will capture a handshake but people never connect to the rogue AP, and every handshake I upload to cracking sites like GPUHash yield no results. Anything else I could try? Also any fun tools that are included with Kali. I've not really looked at anything outside of the WLAN section
Owen Miller
Ded
Brandon Wood
Any tutorials on hacking the Pentagon?
Jonathan Hernandez
Have any of you taken and/or passed the OSCP exam? Is it more CTF or real world or a mixure of both? Wheres a good place to look at pro reports? Whats are their labs like compared to HTB? Im not ready yet but will be in about 3-6 months
"Hacking" is the most braindead thing ever. 90% of the time people's solutions to CTFs is "just use this tool I found on SourceForge lol" without knowing what it does or how. Have fun feeling like le hakur known az anonymoose
Xavier Brooks
What are some good techniques for getting around cloudware and other boxes where no direct IP access is allowed?
Landon Sanchez
samefagging this hard
Samuel Hall
henlo that first reply is me, I'm just refering to the name change and the fact this general keeps dying
Brody Bailey
All the recent grad and junior positions around me for hackerman jobs require 2-5 years experience. What should I do now?
The only way that I know to bypass the no direct ip access is to not use the IP to connect, as in you have to use a domain name. It is basically a WAF telling you there are subdomains/virtual hosts so you have to connect via domain name.
Cooper Reed
As somebody who hasn't had much experience with CTFs and isn't running a distro pre-packed with pentest tools - where should I start/go to get gooder. I've never used pwntools, have the most minimal experience with wireshark or looking at pcap files. I made my way through Bandit but most of that was just shell commands. Most of what I've picked up so far has come from watching a few YouTube channels devoted to the CTFs.
I'm currently working on TAMU CTF and am sitting in 918th place out of 1600 or so. Pwn1 is a typical nc / elf challenge and supposed to be "easy" but nothing is obvious to me and a hexdump doesn't reveal anything I can see besides the first two expected inputs. The last is obfuscated somehow. I don't know much about elf files or debugging/decompiling them.
Oddly Pwn4 is "medium" and was stupid simple. Pwn5 was almost as easy as Pwn4 but remains unsolved for me because (spoiler?) Vim closes as quickly as it opens meaning I can't get to shell from it.
I really need to force myself to use Git more. My current method is to create a directory for the CTF and sub-directories for the individual challenges. Challenge files and flag.txt's go in the subs.
The main directory gets a WriteUp plaintext with comment lines of all the challenge names regardless of whether I've attempted them yet. Any attempts, research, solution methods, etc for a challenge gets added under its respective comment line. I've no idea how a professional write-up should look or be formatted but for simplicity a minimal plaintext will let me go back and format for MarkDown, TeX or whatever.
Samuel Sullivan
this general is dying, why not merging it with /cyb/?
Carson Fisher
Apply anyways senpai
Lucas Taylor
>where should I start/go to get gooder Really depends on what area you want to focus. >Pwn1 is a typical nc / elf challenge and supposed to be "easy" but nothing is obvious to me and a hexdump doesn't reveal anything For binary exploitation you really need a way to check what functions you can use, try objdump -d, too lazy to debug but there is literally a print_flag function in pwn1 so you probably have to jump there. Using checksec to verify that NX (no execute stack) is enabled can also give you a hint on what you must do, as in no shellcode. For the rest, it really repends on what you feel comfortable with, r2 or gdb-peda check which debugger/dissasembler is easier for your. I didn't really feel the need to learn pwntools until dealing with return to libc+leaking offsets, because you can often finish easy CTF pwn challenges just by echoing the payload. Last time I was there they were very rude about the whole "hacking" deal.
Sebastian Perry
Samefag trying to kill this general for some reason...instead of trying to kill it just go post in /cyb/ faggot
Jayden Peterson
Post link for CTFS plz
Jaxson Perez
not a regular here, you must be mistaking me for someone else. just a guy who lurks sometimes
Evan Moore
I prefer this one. Feels much more personal
Jacob Perez
Because they're not the same thing.
Andrew Price
Hey guys, I have a question, I made myself a bishop fox rfid reader, I got a great deal on it 120 USD, anyways. I build mine differently, esp8266 to store the reads, I noticed my read range is affected when I have the esp8266 on, the wifi somehow affects the rfid reader, maybe its an electro magnetic field? Even though the radio frequencies are no where near each other.
So I ended up making a button to turn the wifi on and off, but still power the device, and store the readings.
It seems to help a little bit, but when my esp8266 isnt powered I can read 3 feet away, but with esp8266 and toggle wifi I can read at least a foot and a half, which seems to be a little better then before.
I dont have many ideas, and one of them is just 3d printing an enclosure, and wire it outside of the reader, and maybe mount the enclose on the strap maximize the read distance while storing reads.
Why are cyberpunk and cybersecurity in the same general. Actually cybersecurity should be in this general since its more hackerman related and cyberpunk is more of an aesthetic. You might as well have cyberpunk and mechanical keyboard general
Cooper Davis
How much for an rfid reader? Id like to see whats on my passport rfid now that we live in 1984
Kayden Diaz
Passports use 13.56 mhz frequency. So you can buy an arduino one, and build a reader with that, hell bishop fox found a 13.56 rfid reader that can read a few feet away (if only I knew about this when rfid was insecure on Credit cards in 2011+)
Ayden Williams
Oh wow I just realized I never answered your question, the one I bought, they normally go for 300+. (125khz, maxiprox 5375)
On ebay they sell 13.56mhz real cheap, couple bucks, This is the reader I have on arduino for other projects >mf rc522
Gabriel Wilson
So I took the time to check the pwn1 and it really isn't binary exploitation, it's reverse engineering. If you check with IDA it becomes clear.
Camden Moore
>playing with Kali and wargamez
This doesn’t preclude you from having a firm grasp on A+ material. It’s not just like basic printer shit, it’s about the actual physical computer and basic OS stuff.
Obviously it’s not very impressive because it’s the easiest to cert to get, and everyone’s “first cert”, but there’s a reason it’s the first one. Because it’s foundational. Yeah it’s easy bro and you’re super fucking smart ssh-ing into overthewire games, but see if you can answer these couple questions without looking it up. All of these are like real-world things that will pop up on basic IRL troubleshooting
>what current DDR_ # RAM are we on right now?
>what socket type does AMD use?
>what are the three most common storage device measurements
>what is raid 1? raid 5? Raid 6?
>what is ZFS
>name at least 5 file systems
>how do you connect to a server in macOS
>what motherboard size is the smallest and which is the most common
>what ram goes in laptops?
>what is ECC ram? What is it used for?
These are all A+ questions. Unless you are currently employed as a network engineer, you should take the A+. Playing with Kali is not impressive, technologically. You need a good foundation.
Study it for literally 4 weeks and take the tests and you’ll be glad you did. You never know what you don’t know, especially if you refuse to study it because you think you’re a leet hax0r for using terminal.
Yes I am triggered by people sticking their nose up at the A+ when they literally don’t know anything and have no certs and they still think they’re too good to get the most basic baseline knowledge of computing.
Adding to this: do you know how to change a computers domain name? Find the serial number from the bios? NTFS file permissions? The port numbers for IMAP4, POP3, SMTP? What type of encryption SNMPv3 uses?
The A+ is also a good idea for your first cert because Jesus dude it’s you’re first fucking cert. do you even know how to study? What resources are you going to use? What is your study schedule gonna look like? Etc. etc. etc.
Unless you have a CCNA, you are not too good or too smart for the A+. It’s the first cert for a reason.
Henry James
Off the top of my head:
Raid 1 is mirroring.
Raid 5 requires 3 disks I think and had faukt tokerance of 1.
Raid 6 needs 4 disks and has fault tolerance of 2.
ZFS is expensive meme for FreeNAS bois to feel elite over RAID plebs. Have fun rebuilding it all from scratch when you accidentally torrent more foot fetish porn than you meant to.
Joseph Murphy
I wish I had your confidence.
Jayden Edwards
>but there’s a reason it’s the first one. and that reason is gone now it used to be because it was one that doesn't expire, but today it does
Bentley Murphy
you won't get anywhere if you're unable to do a bit of lying
Isaac Anderson
how did you do the stego part ?
Gavin Martinez
Found the password and uploaded the image to an online decryptor website. I really enjoyed the priv esc part tho...that seemed to me less ctf and morE real world.
Kevin Wood
Post enum checklists...i always feel like im forgetting some
Oliver Perry
Didn't mean it as an actual list, just don't forget to nmap/dirbust everything, check the samba/ftp shares with anonymous login and try to destroy every input on webpages. Overall, most boxes just focus on the technique that they want you to use so once you know the technique the path becomes clear.
and don't feel bad about it either. A lot of people did it at some point. My friend went abroad searching for a better life and I bet he got noticed and hired there because he lied about working at one company for a year. Now he's changed like 4 jobs, all better than the previous ones and got away from being a helpdesk monkey in under 2 years. Just don't overdo it and keep it reasonable. It's the HR's and interviewer's job to research and confirm your statements anyways.