/netsec/ - Net Sec General: Hack the Gibson Edition

How the fuck do you program for TOR?

The official site says to use SOCKS but I can't figure out what the fuck that means.

Say I use SDL_Net and open up a TCP socket to connect to some random chat program through TOR, how does SOCKS come into play, would this even work?

So.. somebody got into a social networking site of mine that I never use.
The website that they posted links to has an ip address of
>pic related
and an array of basic ports that are just wide open.
>also pic related

I don't care enough to fuck with them, but wanted to pass the info along to you guys if you weren't too busy playing tug-of-war with a boat.

Have fun.

what program did you use to scan the ports?

a russian hosting company? neat.

69

tor.stackexchange.com/questions/3421/route-c-through-tor-using-socks

"Tor is a socks5 proxy.

here is a guide to how socks5 works with tor read this, it is VERY useful

if using sockets (I assume c++ uses sockets) you will need to

connect to tor (127.0.0.1:9050 by default)
Send authentication (5,1,0) see rfc part 3
Receive the tor response (5,0) see rfc part 3
Send Client's Connection request (5,1,0,3 + host length + a binary representation of the host and port) see rfc part 4
receive the tor response (5,0,0,1,0,0,0,0,0,0) see rfc part 6 (there can be a bunch of errors here, so watch out)
Send a binary representation of a http request to tor (Tor will forward this to the destination)
Receive the http response (will send the header first then the web page)"

I work as an information security professional doing Red Team operations. First, bug bounties are a waste of time. Sure you gain some experience, but in the end the companies will pay you from $100 to max $10,000 for a vulnerability with PoC. They are doing this because an information security assessment (which goes through documentation), and an information security evaluation (which finds all possible vulns on a system) costs more than $50,000. Thus companies are taking advantages of kiddies with no jobs.

Second, this thread is pure cancer. The only good links are the wargames and maybe the SANS institute links (SANS are a bunch of scammers, they literally take your money and just teach you how to become a skid).

You want to be a real hacker? Research stuff yourself, reverse engineer protocols and software. Also, do not neglect documentation. A penetration tester or Red Team operation takes advantage of the low hanging fruit (first vuln found). An information security assessment and evaluation actually attempts to find ALL vulnerabilities. Understand that there are non-technical vulnerabilities such as lack of policies and procedures, undocumented behaviours, users who are not compliant with policies, etc.

thanks a bunch m8, this is very helpful

What did your resume look like before you got hired?
What do you have to put on a resume to get hired as a red team tester?

Forgot to add that, if you think it is all technical, you will have a bad time. Like I said, most of the time you will be creating your own tools (don't fall for the CEH meme that just run preexisiting scripts), and reading documentation (policies, procedures, leaked unshreded company documents through dumpster diving, etc.). Most of the pre-made tools all have a footprint that an IDS/IPS will catch. Again, this is okay if you are doing an InfoSec Evaluation. But if you are doing a red team operation, you WILL most likely need to either create your own exploit tool on the fly, or heavily modify a pre-existing one.

What is more important than technical skills? Reporting and your ability to read and understand policies and procedures. For example, if the organization lacks a password policy, you can be sure that employees will mostlikely use garbage passwords and reuse them. With a password policy enforced, you will encounter less users using garbage passwords (if any), and you will probably need to modify your brute forcing tools. Otherwise you might cause DoS to ALL the organization cause they might have an account lockout set.

Reporting is another valuable and peharps the most important. ANYONE can run a vulnerability scanner, ANYONE can run Metasploit and crack a box. But it takes a true professional to document the findings and turn the report into something management can understand. Sometimes the tools will find false positives, e.g. it will report a server is vulnerable because its banner says its an old version. But the reality is, the company compiled that package and fixed all the vulnerabilities. Validation is key.

In the end management doesn't care about a terminal popped on a box. They care about Cost Avoidance.

Answer me.

My resume looked very empty as I lacked "business" experience.

What I did was work as a system administrator for a local school, then rapidly took a junior position as a penetration tester. Most pentesting companies DO NOT require certifications or any previous BUSINESS experience. HOWEVER, they will test you on the interview on both theory, non-technical things (policies, laws, procedures), then they will most likely set up a lab so you can break into. Most of the points are focused on the end documentation (which is what gets you the money).

Anyways, I did not have any certifications and my degree was in Math. However, from an early age (about when I was 8) I learned how to take advantage of buffer overflows. So I had a pretty good idea about exploitation and data exfiltration.

In the end, resume for my current Red Team operation job looked like:

Math Degree, system administration work, penetration tester work, infosec assessment junior, red teaming.

The only certifications I have now is cisco's CCNA and Security+. Again this was long after I got my job here.

Tip: look for openings as a pentester, you will see they dont care about GPA or certifications or any past jobs. They want you to understand laws, procedures, documentation, and how to leverage vulnerabilities. These are things books will never teach. Set up a home lab and practice practice practice.

Thank you user.

there was an user in the last thread who was reversing an android game and was using an on-phone proxy to bypass tls encryption. i am curious if the app was charles proxy or something else.

bump

looks like nmap

What do you guys think of wireshark? Is it good to view every single connection on the network?

...

are you looking for something specific or just paranoid?

Call you paranoid all you want, but I'm curious and want to know what exactly is leaving and entering my network at all times.

based
this is very much helpful for me

Then wireshark is the right tool, since it's so easy on the eyes. You should really try to learn wireshark filters on the fly, it'll make your protocol analyzer time much more productive

Soft on router that catch all your traffic + some box that automatically analyze it would be better idea.

For example if there would be some communication with chinese or russian servers/tor traffic or other suspicious traffic you would be informed automatically with mail

Seeing as you seem to know what you are talking about, could you recommend somewhere to start learing this stuff? From what i've heard (and you seem to agree with this) textbooks and online courses don't really teach you anything except how to become a skid. Basically what i'm asking is where did you start? I'm willing to spend plenty of time on it aslong as i feel like i am actually learning something.

Bumping this.

I spent 4 years as a pen tester

be a quick study, familiarize yourself with systems you may not have seen before. Good research skills.

The thing most people forget is you need to be good at talking to all kinds of people. At the start of the job you need to get the IT guys and gals to help you familiarize yourself with their systems. At the end of the job, you are talking with corporate types about remediation and expanding budgets / expanding the scope of the review/ selling them shit

just my two cents

How did you even get an interview?
>My resume looked very empty as I lacked "business" experience.

All of my resumes always come back with "Lacking qualifications" or "Lacking experience".

Thoughts on this book? thinking about buying it.
Also bump

a friend of mine is hacking since he was 12 years old. today he has a company that exploits security vulnerabilities in enterprises to offer protection services

get a pdf and skim it before you actually buy it.
I didn't even like the page format so I didn't even so much as read a single line

It's very Windows-centric, but it does have some neat information about scripting your own debuggers.

reccommend any good books on reverse engineering/0day dev?

Make friends with real hackers. Hackers in the sense of people willing to tinker with hardware/software. The first time I learned about a buffer overflow was because a friend taught me this on a library, and he learned that from the Morris Worm. The community is what helped me get started, Phrack, 2600, and all those hacker communities. There was no course, hacking is not a pre-set of rules you can find on a book. Hacking is literally an art. I suggest you read up on the old phrack and 2600 articles, join up an IRC and ask questions. Do a lot of hands on practice, and ALWAYS ask the question "Why does this work like this? Can I make it do something its not supposed to?" It may take you years, but nothing as satisfying as a good hack.

Documentation wise, learn about the NIST SP 800's, boring to read, but the advice is great.

Learn about the laws and regulations out there. Patriot Act, Electronic Communications Privacy Act, DMCA, HIPAA, Sarbanes Oaxley, etc.

Lastly, learn about networking VERY WELL. This will help you learn how to pivot from public network to a private network.

As I mentioned, I looked for pentesting job ads that mentioned they do not care about prior experience. They will test you on theory and documentation, then the last phase is technical, so be ready, dont waste their time.

All these certifications are nice, but you are really wasting your money by trying to get them all. It is all a fad, making people script kiddies for a bunch of money $$$$. If it all really worked and was as methodical and perfect as they show, then there would be no more cyber security issues!

Remember, there is no such thing as security. Tools are just tools, a 3 year old can run Nessus, Metasploit, Hydra, etc. The real smart man is the one who made them. Are you a skid, willing to just blindly run tools and be happy with their "results"? Or will you find a new 0day, or create a new tool that redefines the security scene?

Unfortunately not.

As far as Reverse Engineering goes, I mostly just read blogs posted to /r/netsec and experiment. I haven't read any books on the topic (much less on 0day development).

There is "A Bug Hunter's Diary" for learning how to find things you can write exploits for: nostarch.com/bughunter

It's not really so much about reverse engineering (Though there are bits and pieces) or the actual development of 0days, but it definitely will be something you will need to know in order to exploit software.

As for reverse engineering itself, look at the methodologies that other people use to reverse things. This isn't so much about software, but it's super-interesting and kinda shows you the way someone might attempt to reverse engineer something:
youtube.com/watch?v=WOJfUcCOhJ0
youtube.com/watch?v=b_PZX6t_EF0

My biggest tip is to decrease your feedback loop when you are attempting to reverse engineer things. If you can set up something where you can test and take notes with pretty much zero effort, you have an incredible head start. I personally use Emacs Org Mode, but any literate programming system with live code blocks will be a great help. (If you can't find a full-blown literate system, then start with a language that has a REPL you can incrementally build things with at least.)

This thread ruins hacking.

While it may seem convenient to put every link there to help others, you are also spoon feeding them. The beauty of hacking is finding everything out yourself, and when you ask someone, they should not give you a spoon fed answer, rather than a clue for you to continue your journey.

These threads need to stop because they advocate lazyness, and hinder the research spirit every hacker needs. Hacking is no longer mysterious, if you google you could come up with these exact results in less than a second.

STOP ADVOCATING MEDIOCRITY

seconded

Oh, also, the last link is dead.

>tfw skiddying my way through vulnhubs boxes

Actually, the speaker here, Natalie Silvanovich, is one of the more notable members of Google Project Zero now.

None gives a fuck about your modded mimikatz "wow it fools av im so fuckin leet skids get out I taught myself" circlejerk bullshit. People have to start from somewhere, and this anti-skid crap has led to the shithole neckbeard cons that are defcon and BH. If this thread sparks some 15 year olds interest in the security community than its done its job.

skid detected

this a good book lads?

computer networking a top down approach 6th ed

GR8 J0B NSA WEW RECRUITING FROM IMG BOARDSSSS

R8 8/8

>implying laying everything out and spoonfeeding will spark interest
gj retard

You must be some of these frustrated kids that always toyed with SubSeven or NetBus because you couldn't get good.

kys

>implying that defcon and BH arent skid cons

Should be named KEK Con, LOOOOL

Nah. It's interesting to see the sorts of things that people make.

I was thinking of going to Defcon this year actually. Someone invited me a little while ago.

Lads?

He has never been to defcon. Skids and feds all over LOL OP probably dreams of working with the feds running automated tools with no knowledge whatsoever ROFLLLOLMAO

kys

kys

I love you too, user.

Kill yourself

Good lord, this thread is shit.

Well the talks are neat most of the time , however most of the talks went from technical to political after those NSA leaks. And the con it self got way too mainstream that's why you have those blue haired dyke landwhales everywhere and 40 year olds using memes in the slides. My 2 cents at least, never been to defcon since eurofag

nobody read this book?
Any other networking books to recommend instead?

Idk lol just learn about the mainstream protocols and then look how the lower layers below it work

Cancer

Looks like I struck a nerve. Newsflash: the level of interest in security is at an all time low. VX scene is dead, your precious BO/netbus/s7/bifrost insults are irrelevant and are ancient history now. The various scenes were founded on the contribution of knowledge, not elitism. If you can't think back far enough to remember OTHERS sharing code snippets for EPO COM infectors or even sandboxie detectors for rats that's because you were never part of the communities that actually created anything, now stfu.

you mean just wiki that shit or what?

question:
whats more worth it?

CCNA
CCSA

>tossing this much bullshit in order to lie to an image board into thinking you are from the scene

wow dude, fucking cry about it

newsflash: kill yourself, hacking is by the community but they do not go out spoon feeding niggers. just look at the model railroad club how they accepted EVERYONE who had interest and researched

you are a fucking milennial

kys

KILL THYSELF OP FUCKING NIIIGGGEEEERRRRRRRRRRRRRRRRR

REEEEEEEEEEEEEEEEEEEEEE I WANNA MAKE A THREAD AND SPOONFEEEEED EVERYONE ON HACKIINNNNGGG BECAUSE I CANT RUN METASPLOIT ON KALI REEEEEEEEEEEEEEEEEEEEEEEEEEEE

>Hackforums the post

tell me honestly how did you achieve this level of butthurt? orally or anally?

why is it that sometimes these threads are good and people answer scrub questions like is X book good? and other times it's just full on shit flingin

More or less yeah , just look at everything you can find

Not him , but wow such comeback so strong wew
This thread is nothing more than i wenna werk in infosec what corporate cert should i waste my money on that does not mean anything and shuld i use nessus or the meatspin framework to pentest the latest client its basically the Sup Forums version of infosec

how do i hack some satellites

if you want to honestly work in any sec area you need certs if you dont know that you should inform yourself about sla´s and compliance

You are wrong, interest in security is at an all time high.

Companies hire more and more "information security professionals"* in order to avoid fines and losses.

*Information security professional in the business world is bullshit spewed certification monkeys that know jack shit about security. *

DEFCON and BlackHat are designed by governments to steal ideas from researchers. Yeah, DEFCON meant something back in the day, when there were just 10 faggots (including me), getting high as fuck and trashing the place. Exchanging knowledge and phreaking, now its a fed honeypot and a dick measuring contest. Fuck Jeff Moss, he made so much money out of that shitty con because he cant even hack into his own pants.

If you trully wanted to help and spark interest, don't spoon feed. Provide advice, and guide a person. If you give them all the answers, you do more wrong than good. After all, it is the learning path that has the most value.

Feds use these threads to create monkeys like you in order to justify the increased surveillance.

I for one wish people knew how to hack, we can bombard the fucking pentagon and crush governments. Fucking skid, understand that full disclosure is shit, and instead of making the world secure, you are handing exploits and techniques to the feds, creating a surveillance state.

Fuck you, and fuck full disclosure.

#Antisec

Sometimes you have to talk smack to get those who normally stay silent to speak up, I believe what I said but not that vehemently. What year/scene?

I'm not that guy.

you jest but we had a great theory thread about this at one point.

Beautiful quads are not to go unnoticed
It is ALMOST a palindrome number too... so close

>I for one wish people knew how to hack, we can bombard the fucking pentagon and crush governments. Fucking skid, understand that full disclosure is shit, and instead of making the world secure, you are handing exploits and techniques to the feds, creating a surveillance state.

if you honestly belive that full discolure helps the "bad" guys more then the "good" or anyone in between you should unplug.

>creating a surveillance state.
that boat has sailed a while ago

Fed spotted

Kill yourself faggot

i'm a noob. Just got this from a Russian thingy some time ago, that's all. I'm an idiot trying to learn.

Zeus botnet translated. It's the 2009 version though. I know fuck all about programming. I asked some bloke on the dark net and he told me to start programming with APL, but I made the switch to linux and I can't load the right key board font even though terminal brings up apl fairly easily. Then some other bloke said to try A+ instead because it accepts the ASCII stuff and the European layout. But every A+ is about emacs and cancer. I kid you not, no A+ tutorials worth mentioning. They told me APL and A+ allows you to try cooler shit because you're allowed to do more stuff. Then they told me to move onto C but only after I got A+ or APL. I tell them that the zeus translation is in c++, c and php for the command and control bits, and that i'd need a copy of windows server 2010. Not server, the windows thing you use to write c++, the thing that has c#. I have mono of course but fuck if i know how to use it.

retard

R E T A R D
E
T
A
R
D

bad person

AND THE FAGGOT OF THE YEAR AWARD GOES TO

THISSSS FAGOOOOTTTTTTT

major in math

CANCER CANCER CANCER CANCER CANCER CANCER CANCER CANCER CANCER CANCER CANCER CANCER CANCER CANCER CANCER CANCER CANCER CANCER CANCER CANCER

grow up kids
surveillance states are already setup just because they dont bother you doesnt mean they arnt there

and if you belive that disclosure messes up security i got some magic boxes to sell to you

you quoted me wrong mate
pay more attention next time

are u retarded? of course they stated it exists and they are fucking angry about it

u most be drunk or a fucking fed