Who here can _actually_ (((hack)))?

I can "hack" into a Windows account
I'm so 1337!

What should I know to become a fine pen tester?

learn more than just script kiddy tools like metasploit. it might seem daunting at first but look into assembly to gain an understanding of how things work on a literal bit level.

a paranoid webdev is a good candidate for the job

>I just learned hex and can now do it (unnecessarily) by hand

What did he mean by this?

I'd like to be able to. Where do I start as a complete beginner?

by learning what you want and actually comprehend how things works and eventually reverse engineer

I should've been more specific, I mean convert from decimal to binary to hex etc and all points in between by hand

>convert from decimal to binary to hex etc and all points in between by hand
spotted the underage

>converting binary to hex by hand means you're underage

I don't think so Tim

Define "Hack". I just say this as I will admit I am a bit of script kiddie at times, sometimes I even end up using "Social Engineering". Honestly I don't even try to get monetary gain at the moment. As I'm just slowly learning while at college. As a side thing. So far I've literally been testing on my college to mess with the IT Department a bit. Or Give them a laugh. Such as the time I made the printer touch display come up with "Hacked by Russian H4x0r5!!11!!!!1". Fuck knows they need a bit of humour with the tech illiterates where I go. Even those studying IT related areas.

Not to dick measure or one up you, but at my old college I found the helpdesk admin password in a .bat file on a shared folder drive lel

I ended up doing remote desktop into their servers from public wifi spots that didn't have cameras (while my mac and computer name was spoofed of course). I made myself a new admin account in active directory but was afraid to use it much after that. Never did anything harmful of course, I was just curious and looked around.

This was about as much of a "hack" as a friend stealing your phone and posting "hacked xD xD" to your twtiter. But it was still fun

It would be nice of you guys to share more stories, this is a comfy thread.

No one except Sombra.

>be me
>be 17
>register free www/ftp server
>register free domain that points at this server
>write userscript that hooks forms on every webpage and does POST XMLHttpRequest with hijacked data to my php script through https web proxy found in google
>install this alongside with tamper/greasemonkey to webbrowsers of my classmates
>name script like „adblocker 9000" & hide icons, so it won't be this suspicious for a normie
>check out ftp next day. few logins caught, hilarious, repetitive passwords that could be used on every major website

>be week later
>suspect somebody can get suspicious when I'm sitting on pc of my classmate when he is school absent and old method is too slow. I want to gain credentials of more classmates
>reverse engineer how plugins are actually installed in chrome, firefox, opera
>write python script that modifies desired files and configuration of browsers' so plugin with userscript can be automatically installed/registerd in webbrowser in few seconds, leaving browsing history, rest of the plugins/settings intact
>py2exe on pendrive
>it's school break, 20 minutes. Teacher left class open, everybody out, me inside
>infect every machine in whole room
>thinking about infecting teacher personal laptop
>fuck it - i made it just in time, feel the adrenaline rush

>check out ftp, got almost every classmate credentials + teacher
>female teacher, nothing fancy at her email, social media
>be upset

anyone can "hack", it's just using your knowledge of the hardware and software your working with to make it do something it shouldn't. Also, a lot of tech nowadays has almost no security, making it incredibly easy to exploit. For example, if you google "how to hack security cameras", read what comes up, and use that information to make more specific searches, you'll probably be ready to hack your first camera within 15 minutes.

>be week later
>i need to have access to everybody account in this school
>patiently wait for class swaps with other classes or replaced teacher, so he can bring us to different classes with machines
>in the meantime, improve script, obfuscate it, if web server is accessed via webbrowser, redirect it to adblock page
>deeply go into analyst of plugins
>remove icons of plugins
>write style for firefox that loads custom CSS at addons page, so greasemonkey is invisible and unremovable
>reverse engineer chrome *.pk files (which are simple archives with javascript and css templates)
>mfw write python script which adds custom CSS class for addon entry with greasemonkey in chrome://addons so plugin is now physically unremovable and invisible in chrome
>modify manifests of these plugins so they can be forcefully installed on every version of webbrowser

>week later
>infect every webbrowser in whole school
>mfw all credentials still work after 3 years
>mfw I got teachers and school hr personnel (teacher laptops are swapped)

This happened today, not sure if real hacking but here I go. In my university they have a tool where u can test your c code see it it compiles and if it runs. Turns out they didn't protect it from the system () function from stdlib.h.

I think of it more of a stupid error from them than me hacking

Pic related: the shell I made in the server

Nothing illigal I told the teacher afterwards.

If you can't exploit a stack overflow with no canaries you don't belong on this site

is it really true you can hack wifi? like lets say theres a secured wifi network in your area. Is there anyway to get on it?

also lets say you DO get on a wifi network, is there anyway to see what each device connected to it has been doing? as in what sites they have been visiting. I wanna see what my little sister is up to

Stop trying to catch your sister watching porn you fucking weirdo

go away and get back to your boring life

You're the one came in here begging to know how to look at your sisters internet traffic lmao. You just get outta school bud? You know the rules say you have to be 18+ right? Unless you are still living with your parents when you're an adult, which is even sadder.

>he wouldn't want to know what a potential qt3.14 grill is doing a lone in her room on her laptop

feminized beta male detected.

Or I could just go watch porn and not jerk off to my sister lmao
Is she the only girl you talk to?

in case any of you doubt this, I just hacked one to prove this. pic related. time stamp in the bottom right corner and proof that it was for this thread in the tab that i didn't erase

That isn't hacking fuck off
You literally just found a security cam with no auth in front of it. If you aren't exploiting you aren't hacking.

6502 nes hacker here

actually gaining access to authorized or unauthorized data is "cracking".

It isn't unauthorized, it's literally open for anyone to see. If you can't go to jail for it, it isn't hacking.

WoW CaN yOu hElP mE hAcK a Fb AcCoUnT?

so he literally just went to a url that shows a security cam open to the public? lel

I hack ROMs
Join us at /vr/rhg/

Yes lmao

>windows 10

now thats how i know you aren't a hacker

Nobody does exploit dev for Windows on linux

rom hacking master race

Where did you study?

>found iphone 4
>guessed the password
>9876

r i a h4x0r yet?

at the good ole' college of R. Olepla Ying

Do you have a legitimate answer? Because I would like to become a Pen Tester, but I have no idea where to start or where to go for study.

It's a myth that all hacking is illegal. The dictionary definition of hacking and what it is portrayed as in the media are very different things. Technically speaking, hacking existed before computers, because it's possible to modify mechanical machines to use them in ways they're not intended to be used. Also, although it doesn't have any security, that's probably because whoever owns the camera doesn't know how to set up a password, and not because they're ok with anyone who has an internet connection gaining access.

Do ctfs, get Ida, read msdn, reverse engineer and read other people's work.

protip, you don't go to college for it.

they have meme degrees for it now

It’s not very impressive

It's not a myth that if you're burning 0days to get into a company without access it is illegal, as you're forcing their software to execute in an unintended manner. Visiting a webpage that isn't behind a NAT or authentication is the responsibility of the owner, it is working exactly how it was meant to work.

hacking is just solving problems, really

Currently doing a module on security, including pen-testing. One of my pieces of coursework is pen-testing. They’re very clear that we’re not learning “to hack” though.

Yeah you won't learn anything from them though. There's a few colleges that have legitimate binary exploitation courses, I.e. RPI and ISIS at NYU, but you're most likely not going to get into them, and they aren't security degrees, they are compsci degreees

the only "real hackers" are people whose job it is to find problems with a website's security, activists who leak classified information, and criminals after personal information, usually for identity theft. I will admit that i am none of the above, but you don't have to match any of those groups to get bored and hack things with low or no security.

I spent my entire highschool infecting teachers' computers with RATs. I occasionally mess with them during classes which I don't attend.

>hurr, words don't change their meaning in 50 years
>hurr, terms are always clearly defined, it's not like "hacking" is a buzzword and one big meme

quintuples and you're all getting hacked tonight

I think It's time for bed Jimmy.

I once overflowed a buffer and overwrote te return address on the stack does that count

So fucking close..

Are u high? There are vuln research company's whose soul purpose is to reverse software, find vulns and weaponize them to sell to customers. NSA pays a shitload of money for 0day, Raytheon, BAH, Northrop, they all have giant vuln research departments.

More so than 99.9% of the people on this site lmao

>le kali loonix is for hacking
kys underage

trips and i hack ur mum tonight

dubs and i hack trumps twitter

Never seen anything in catalan in here, wew I'm actually surprised. What university?

By that argument the software is working as intended. Its on the programmer to make sure there are no memory corruption errors, otherwise its assumed the programmer meant for there to be open access to the machine.

Of course this isn't the case.

A bug != Not setting permissions

Don't tell anyone, but my old alias is zero cool. That should tell you enough.

It's not meant to be. I'm literally a beginner.

That's why my original post in this chain basically says "I'm not a hacker but I'm trying to learn"

Now calm down. No one is challenging your apparent superiority. Your ego can now rest.

There's no reason to know hex by heart

ya im a hacker
idk why people get so autistic over the topic of reversing and exploit development
just chill out i know most of u aren't smart enough to do what i do

That's true since there are always conversion charts available. However, I did it anyways and now I understand it better than if it hadn't done it all. It was a positive thing for me.

Why does this bother you?

>ya im a hacker
sure kid

For assembly it's required to know.

Dream on kid, reverse engineering some firmware and making an exploit isn't 15mins work.

nice meme dude but u wish u were as smart as me

t. the dumbass in your class that always raises his hand to explain X after someone already explained X

Started my career as a pen tester 15 years ago. It sucked. Moved on to greener pastures.

Security is more fun in the dark side.

>Do ctfs, get Ida, read msdn, reverse engineer and read other people's work.

IDA? Christ.

Radare FTW.

WRITING HIS OWN SHELLCODE DAMN LEET MOTHERFUCKER RIGHT HERE.
Oh...fucking poser gtfo

strace ftw desu

I can

>not writing ur own shellcode
back to hackforums, kid

>For assembly it's required to know.
It really isn't, Ida converts the opcodes to assembly, and windbg will convert hex to decimal super easily in the cmd window. Knowing how it works you need to know sure, but you don't need to convert arbitrary values 24/7 off the top of your head
Fuck off I know one of the main r2 devs, it's a prank nobody actually uses that garbage

What do you do then? Hardware fag? SDR?
Maybe microcontroller shit? I would say that most of that + protocol rev would go with exploit development though.
Ooo....please tell me a telecomm guy, phreaks are great.
Microwave electronics?

Sarcasm.. my friend.

That's the reversing equivalent of printf debug.

Or watching anime by decoding HEVC by hand, with pen and paper.

any idiot can find web cams on shodan.io, not much to it.

blog.malwaremustdie.org/

>I hacked into a linux(+GNU because that has to be correct now apparently kek) computer once

You on freenode? You should jump in #bkpctf, it's going on in like a week

avrs are super cool.
i only really deal in software though but hardware hacking is a field that i do find enticing. i think i'll probably give it a shot proper some time soon/inthe future.

ya i was kidding, but i do like using strace to examine socket operations at a more abstracted level sometimes. primarily i just use GDB for debugging, and radare2 or more recently binja for visualising disassembly and making notes. it'd be really cool if binja allowed u to display offsets relative to the start of the function though... like what gdb does

>security based blog
>uses http

christ dude. Use a "Let's Encrypt!" certificate. It takes like 5 minutes to set up and is completely free.