It's a nice day today. My ticket queue is basically empty (I do general IT), it's raining heavy as hell outside so it's a wee bit chilly but the floor has heating on so it's toasty af, and my favourite general has come back.
Im going to spend the rest of today working through kioptrix level 3. I learnt a metric fuckload going through 1 and 2 last week, particularly about bash reverse shells.
Also if anyone has a direct PDF link to hackers playbook I'd appreciate it.
Ian Hernandez
Did uhh
Did you look at all for it?
It's literally the third fucking result when searching hackers playbook PDF..
Also, that doc.lagout.org site has quite a few handy pdfs, you should check it out.
Nathaniel Smith
Oh dang thanks man/woman, you the real MVP
It's too warm to bust out my fingerless gloves but I would if I could
Jose Long
how 2 bcome a kraker g0d???
Brandon Reyes
One of the games I'm playing is giving me the fucking shits, and I'd love to be able to just drop a money cheat in to help me win.
Sadly the game has no fucking cheats.
What sort of tools am I looking at to poke around in the memory to work out what I'm looking for and to make a cheat?
James Adams
also if you guys are on htb and want a team drop your name and I'll invite.
Thomas Diaz
if you don't know calculus and linear algebra, you're not a hacker
Gavin Ward
Ok anonymous dude on the internet who has no credentials to back up his statement
Isaiah Flores
how are you going to understand ML if you don't know the math? you DO use ML in your hacking right? pls don't tell me you use deterministic fuzzers
Brayden Smith
tips for getting a job in netsec after school? cs junior here
Hudson King
Post your >age >location >size of botnet
Aaron Martinez
You can stop at any time, mr buzzword
Brandon Wood
Ask the sec thread. This is an extremely specific thread for a very specific purpose. This isn't a netsec general, and it won't ever be.
Lincoln Phillips
>18 >canaderp >zero bots
it's a bad feel senpai
Aiden Perez
>not realising this is a variant of asl from icq Goddamn you are young
Austin Murphy
I know you fucking mong
Since when are you not allowed to reply to shitposts
Jaxon Martinez
when you post pham. if that word is in your vocab youre too young to be here.
Jonathan Hill
Wow, I had no idea hiro put filters on tee bee aych and eff ay em
Or maybe that was part of the joke desu senpai
Carter Collins
>Or maybe that was part of the joke desu senpai >I was only pretending to be retarded!
Justin Evans
thanks user. you are beautiful
Charles Young
>posting the word senpai is retarded >on fucking Sup Forums
wew lad. at least I'm not assmad about random dudes on the internet being younger than me.
Charles Garcia
Right this is an interesting game so far; the sql cheat code does not work on the lotusCMS log in, but it does get me into the phpmyadmin site.
It gives me fuck all privlages though, as I can't make a new db, and can't execute any sql so I can't do some fuckery there
Jaxson Nelson
I am a hackerman, please don't arrest me.
Nicholas Rivera
which game?
Nathan Price
OTW probs
Jason Harris
Level three of kioptrix
The rabbit hole gets even deeper dude; running a Nikto scan reveals a gallarafic app, and hidden in the source code of the HTML is a commented out line for an admin page.
Of fucking course this one does not respond to the cheat code either.
Aiden Kelly
well looks like i missed something really fucking obvious; metasploit has an exploit for lotuscms. i tried it when i first loaded up the game but it didnt take. tried it again and it worked, not sure whats different this time..
anyway at least i have a base on the system now, and its a meterpreter session so i can try escalate
Evan Miller
As much as I personally hate it, my first move is to check metasploit. Sometimes it just werkz even if it feels skiddy.
Levi Hall
>hackers playbook Shit man I'm 1/4 in and so far I've learnt nothing new. Do I have the wrong idea about this book or something?
Jordan Russell
Reread it with a bit more focus. You've missed a lot if you think it's of no value
theres so many linux commands i want to run the shell doesnt recognise. cant do uname, run scripts or binaries, fucks sake.
Joshua Hill
only a retard doesn't know Sup Forums has word replacements for banned words
when you see the two words used right next to each other, this is a sure sign they aren't actually posting these words like a god damn weeb
Colton Jones
doooooooood
we need to organize a /sec/ vs /hmg/ ctf
Luis Bennett
As srs as those guys take themselves, they won't even get the invite code from HTB.
I've made this general 5 or 6 days in a row now (all except the original one were me) and I've seen so much more work and progress reports in the week it's existed than the last six months of cyb.
I tried my best to make that general a good place for this sort of shit. No one cared, because everyone was too busy posting sad aesthetic pictures and adding useless shit to a very ugly pasta.
Michael Wood
For faggots who don't know where to start >cybrary.it go there and pick the pentesting course.
Charles Hughes
Going top to bottom on the resources of the OP is a better method, really
Leo Gray
so what do you hack besides wifi passwords?
Grayson Johnson
CTFs and boot2roots
Jason Howard
The Gibson
Samuel Russell
Ya missed s m h my man
Owen Baker
I'm stuck at level 5 in overthewire, every file is empty, what the fuck?
Dominic Watson
Never mind i'm so fucking retarded holy shit
David Howard
WHY IS HE SO FUCKING UGLY!?
Tyler Young
Top kek
We've all been there user
Owen Evans
It's the bug eyes
He really does have the druggo look
Anthony Evans
depends on my mood but i've reverse engineered and developed exploits for some proprietary software in the part but yeah general appsec stuff when i'm actually feeling like it usually
Parker White
>left college in first year >planning on going back (for a cybersecurity course) in September >fascinated by hacking shit Should I just ignore it so I can learn this stuff in college or should I keep learning on my own and then have to do things I already know when I'm in college? >Just don't go to college bro Can't, I don't want to miss out on the college experience
Carson Parker
>College Experience. Debt. Venereal disease. Low income side job. Friends that can't wait for you to finish homework. No life.
Damn lucky bro enjoy the experience.
Austin Williams
>Debt. I'm not a third-worlder, I can get grants from the government so the taxpayer can pay for my college. I'll do it for free. >Venereal disease. Condoms. >Low income side job No side job. >Friends that can't wait for you to finish homework. At least I'll have friends. >No life. I have no life now, there's no possible way I could have any less of a life when I go to college than I have now.
Adrian Thompson
how 2 rop like a g0d?
Thomas Nelson
>The password for the next level is stored in the file data.txt and is the only line of text that occurs only once >and is the only line of text that occurs only once Shit's getting intense over here How the fuck am i supposed to do this
Colton Nguyen
Look up sort and uniq
Jason Lewis
>uniq is intense
You poor child Have fun with cron and nc
Jeremiah Bennett
What is the name of this program? So I can simulate a bad connection.
Andrew Campbell
f = open('data.txt') dictionary = {} for line in f.readlines(): if line in dictionary: dictionary[line] += 1 else: dictionary[line] = 1 for k, v in dictionary: if v == 1: print(k)
should do the trick unless the lines are too long to be used as the hash in python
Ryan Foster
if you don't want to use a dict you can also sort them lexicographically and then iterate through
Aiden King
>scripts Oh shit i totally forgot i can automatize my autism better get on ruby
Elijah Young
Can you guys teach me how to hack missiles so I can destroy hitlers cloaked marauder class attack ships?
Liam Davis
If you're considering ignoring it as you say, you can't be that interested. This also isn't the thread for you.
Carter Gray
ruby's dying because rails is dying. good language but i'd start with python if i were you
Andrew Wood
Got to successfully test out my first couple webapp exploits the other day when the potato Dev that our client provided to work with us decided to mix mvc routing with our angular frontend. Fucking idiot stuck the search parameters in the header on the page using a view bag so that it was rendered before angular, meaning I could write inline angular into the search bar and have it render on the page. Combine that with angularjs 1.5 exploits to escape the sandbox and I was able to write xss into the page, store it in a URL and send it.
His solution was client side regex. For fucks sake all he has to do is pass down the search parameters with the model and have angular render it but he's such a fucking idiot that he couldn't figure this out. So now you can't write the xss into the search bar, but you can still write it in the URL and send it to someone.
He also put in regex to stop people from sticking in image tags into items returned by the search results (he wanted to allow html for some bizarre fucking reason). He put this in because I added a shaking dog gif into the search just before he was going in to present his search to the CEO. I changed my html from
To And it showed up again while he was presenting it. Apparently they may be in talks to fire him now kek
Kevin Clark
>"18" >VA >smol, 1351 http GET bots. I don't use it much, but i maintain one for the rare occasion that i need it.
Andrew Mitchell
shut the fuck up, joey
Juan Gutierrez
web dev are scum
Colton Watson
holy hell Disobey had a full panel about shitty developers, are they actually like this? who hires them and based on what criteria???
Noah Ross
I know both but I'm not a hacker :/
Benjamin Carter
Bandit12 is such a bullshit, holy fuck.
William Campbell
I couldn’t get past 23. The script worked, but didn't have privileges to retrieve the pass. The cron job should have run it at an elevated privilege level, which should have allowed it to function, but it still didn’t work. I don't know why. I couldn't get it to output any debug information, either. It's like it got deleted without being run at all, which I understand to be impossible. Maybe I’ll give it another shot someday.
Justin Garcia
What was 23? The one who deletes the script on the folder?
Dominic Phillips
You have to chmod 777 the script and the /tmp/ folder you want the password saved in. It also might take a few minutes for the cronjob to do it's magic.
Chase Johnson
12 is literally the hardest bandit level
Jeremiah Brooks
I think I tried those, but it's been a while. I should check that out. Thanks, user.
Yeah.
Jason Hall
Quick, what's the syntax for copying a file from an SSH'd machine to your machine?
90% of the time this is how I shuffle linenum over.
John Watson
>good C# decompiler on Linux >IDA you already mentioned it
Luke Perry
It disassemble, but since when does it decompile shit?
Jackson Evans
when you compile the assembly :^)
Jackson Moore
anyone read Violent Python here? could be going to get a PhD at the same place he's getting his. except he has a million certs and was in the army for like a decade and i'm no one
maybe he'd become my senpai
Anthony Ward
Are you talking about the author or something? You changed track there very suddenly