/hmg/ hackerman general

do people really scroll through the catalog instead of ctrl-f'ing?

I try learning new things rather than shitting up the same avenue I started on.

I am pretty sure I know the book you are talking about too. I am getting at that it is starting to be apparent to me that there is little point to using the inferior virtualbox even if it is open source due to the fact you need to use a proprietary plugin anyways just to use usb 2 and 3 devices in your virtual machine.

ahh yeah i used to use vbox but i switched to vmware yesterday getting my stuff set up for georgia's book. now i have to find a copy of xp

Yeah about to do the same.

Bio hacking welcomed here? specifically nootropics

btw on vmware i can't boot from usb either if that's what you're trying to do. but i can access the usb for memory if that's what you're trying to do. i partitioned the usb to have persistent memory though so it may work if it's a standard usb

While nootropics are awesome I do not think this is the place.

alright no worries lad

Nah I meant using stuff like USB wifi adapters like my Alfa.

Just went to my first BSides.

Lots of autists and overinflated egos in the field.

What kind of shit should I learn to be a hacker? Programming, SQL, Kali software? Should I become proficient in C before reading Hacking: The Art of Exploitation?

Follow the OP's links for one.

ruby or perl for hackermanning? obviously metasploit is ruby but perl is part of the linux standard base and is installed everywhere

Both.

python. who the hell uses perl

>Should I become proficient in C before reading Hacking: The Art of Exploitation
No
>What kind of shit should I learn to be a hacker? Programming, SQL, Kali software?
Yes to all 3. Top 3 programming langs i rec would be python, C, and assembly.
Another book I rec is penetration testing a hands on intro to hacking, but getting the software set up is a pain in the ass

Hmm. I wonder what is the best way to do passive recon using google while also being a paranoid fuck.

which would you pick first? i'm leaning towards perl
python is the go to for sure but it can't hurt to learn another

do people really voluntarily ignore everything that lies outside their little comfort zone shit for nothing lives?

Go ahead and get started on the art of
Exploitation. It has a pretty good intro to C.

Yeah this. I scroll to look for new, interesting shit. While I enjoy familiar threads from time to time I do like new shit

Daily reminder that 95% of security incidents are caused by misconfigurations. Zero Days are overhyped memes.

>using the catalog

Ruby is shit imho, perl is considered good but I find it impossible to learn. Stick with python

>VM/CTFs:
>overthewire.org/wargames/bandit/
>>easy beginner bullshit
>
>vulnhub.com/
>>prebroken images to work on.
>
>hackthebox.eu/
>>super secret club

Who the fuck puts a title below the text it's supposed to highlight?

Ruby is great as a first language to learn and can do a lot. BUT as much as I love writing in Ruby learning Python made actually doing my job easier.

it looks nice

but it is fucking retarded

Your mom is nice looking and retard, at someone fucked with it, right?

...

No.

What is truly the best way to start? roll through the abacthy blog and get familiar with appropriate applications then start fucking with the wargames, or is the more study material to digest to have an easier time during beginning courses?

>What is truly the best way to start?
ask this question on a musicians forum and receive 12,000 different answers. ask this question on an artists forum and receive just as many different ones yet again.

they all boil down to the exact same thing though; just start

>just start
This. People get way too caught up trying to figure how to start. Just fucking do it.

The only reason you'd ask this question is because you don't know how to program at all. This is fine, but the answer is neither. Learn Python. It's easier and more common than both now-a-days. You'll be able to use Ruby and Perl effectively after an afternoon or two of practice after you've learned Python, all of these languages are very similar.

If by some miracle you DO know how to program and you just hate python, go with Ruby because metasploit framework.

but how do I start

>roll through the abacthy blog and get familiar with appropriate applications then start fucking with the wargames, or is the more study material to digest to have an easier time during beginning courses?
you gave two ways you can start.

That guide posted in the OP is a good start. Learn as much as you can.

where did the hacker man touch you user

python, perl, and ruby all fill basically the same niche except perl is unreadable, perl6 (or rakudo, whatever they're calling it now) has a miniscule community, and ruby has a dying community. if you want to learn another, learn C

Anybody got any advice for trying to get a decent grasp on reverse engineering in about a month? I got tapped for a CTF competition that is happening in March and I would like to try and not be totally shit.

lets try summon VR guy

talk about about how nmap and metasploit are real hacking and he can come give you some advice

reversing: the secrets of reverse engineering is one i bought but haven't had the chance to start reading yet. heard it's good, i'll let you know in a few years after i finish my backlog

whats wrong with nmap and metasploit? or you're going to use a chisel for a job needing a jackhammer?

Huh looks neat. Guess I'll be telling you in about a month how useful it was if these threads are still here.

Lets ask him when he turns up like he does in every other handsome man general

>i'll let you know in a few years after i finish my backlog
Top zozzle

>Not making your own Metasploit and nmap

Fucking script kiddies GET OUT

...

I'll tell you hwat boy, the cysca2014 ctf in a lab challenge is kicking my fucking ass. This isn't like a boot2root, I'm so far out of my element here..

>worked through Penetration testing a hands on approach
>sat through CEH prep videos
>flicked through hackers playbook as I need ideas

I still feel like I don't know a thing. Basic boot2roots are a struggle for me and I feel no matter how much I learn there's millions more to learn.

The next books I'm going to work through will be web app hackers handbook and art of exploitation; hopefully these two will fill me in more.

Then, I dunno. I don't have a clue. If I'm not confident doing vulnerable machines after those two, what the fucks next?

You could always fake your own death

I can't get gdb to show me the eip register in the program I'm disassembling, it says "Invalid register 'eip'". I have disassembly set to intel, am I doing something wrong?

Learn basic system administration.

this is the best advice in that shit thread, 100% of people here can't even use or understand iptables.

>100%
iptables -A INPUT -s 104.16.0.0/16 -j DROP

Nigger, what are you doing? Try rip instead if you're using amd64.

what's wrong with cloudflare (which is /12, btw)?

Sup Forums is hosted on there. Just a joke btw. That won't actually block it. My first line in input is:
iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

Interdasting. I'm a code monkey, but very interested in System/Network administration, gonna start a small home server just to learn more.

According to the iptables-extensions(8) you accept only the requests that belong to a connection, or that intend on starting a new one. Why that? I mean, what's the problem with the other ctstates?

Yes, you're right. Those states only allow connections that have already started or part of new, forming that I initiated. The other states aren't useful. You don't want to allow invalid traffic or untracked through, same for new; that would defeat the purpose of denying unknown connections. Tl;dr I block any incoming connection that isn't initiated on my machine first. It makes it harder to hack my machine.

I am a haker mon lel, ho do i modify sudoer file hurr

What's a good software to encrypt my laptop's hard drive?

wiki.archlinux.org/index.php/Dm-crypt/Encrypting_a_non-root_file_system if going only for the /home partition, otherwise you should've set up the FDE with LVM on installation.
For a portable solution, check out veracrypt.

FDE at install and also veracrypt/Tomb for important files within your fully encrypted hard drive.

Wow, being this stupid. You realize that nmap scans are louder than your autistic screeching. Wide nmap scans are not used in blackhat hacking or on redteams. It's too fucking obvious, it's going to alert the sys admins. And jesus christ, metasploit is great for learning and using on vulnhub boxes, but for hacking in the wild, its going to be hit or miss. Most AVs will catch that shit and alert the sys admins. Look up APT, and you'll learn about advance hacking techniques. Shithead script kiddies, if you want to collect stickers and badges, and call yourselves hackers; fine, but if you think you know anything about computers or how hacking works: shut the fuck up.

What you say is fair but we have to start somewhere. I think people that use these tools and think they are elite hackers are silly cunts but you have to be reasonable to those still learning. What do they use instead of nmap btw?

got curious had to read
>abatchy.com/2017/03/how-to-prepare-for-pwkoscp-noob

>Few months ago, I didn’t know what Bash is, who that root guy people were scared of, and definitely never heard of SSH tunneling. I also didn’t like paying for the PWK lab time without using it, so I went through a number of resources till I felt ready for starting the course.

lmao the absolute state of Sup Forums
get the fuck out of here you sperg lords, aren't you guys missing another episode of mr robit?

Pre-NSA Truecrypt is still the best. Else use LUKS + whatever

youtube.com/watch?v=75gBFiFtAb8
> leotindall.com/tutorial/an-intro-to-x86_64-reverse-engineering/
github.com/wtsxDev/reverse-engineering

My uncle from DHS says they have trouble with Veracrypt all the time. I would say go with that.

Wow, this is actually refreshing. You've garnered my respect. Nmap is ok to use. Just scan one or two ports you suspect are used. Don't scan first, do some recon, if it has a webserver; look into it. What do they do? Do they have a backportal somewhere? Do they have a mail server(mail.target.com)? You want to be stealthly as possible. Think about what your attacks and requests look like on their side. Read Advanced Penetration Testing: hacking the world's most secure networks. Like I said, metasploit is fine for learning, but you need to understand why it works too. Most AVs rely on hashing suspected files, and comparing them to what they have in they're databases. Read the source code for your implemented attacks. After you know how it works, change things around and upload it to virustotal.com. if your file get no hits or is detect by some obsecure AV like qihoo, then you know you're doing something right. Keep learning, and stay safe!

just run nmap stealth scan noob

Reminder that certs are for skids

You sound liek a 1337 haXXX0r. What makes a syn stealth scan "steathly?" What is the three-way handshake. Are constant FIN packets from a single ip undetectable? Do you program in LISP? I swear, the life that a fucking autist leads; it's a wonder you don't wake up and put a gun in your mouth.

ok yeah DuDes buT now it is time for the real 1337 h4cking

u mad

Not really, just had some mini-quiches; probably just low blood sugar. Regardless, don't try act like you were trolling; you thought you were being clever.

x86 assembly, ida, radare2, x64dbg, a bunch of complicated maths that i dont understand, linux is a given , hex, learn how to exploit vulnerabilities (stack canaries, buffer overflows, race conditions, stack overflows, ) a bunch of linux commands that I don't understand and never will, learn how to find vulnerabilities , Python , a CLI text editor and a lot of time. Also study how memory management works in C based languages (pointers, malloc, free) and how it looks in assembly.

(disclaimer, i don't know what any of these things are)

Thanks, I've wanted to get my OSCP pretty bad. Think it's as miraculous at getting an infosec job as they say?

Not really. Unironically see if your area has a 2600 quarterly meeting. Find friends because those people will know big names in the industry.

You'll find this crowd doesn't like questions like that. If you come up on a bump, we'll help you, but this is part of the experience. If you continue down this path, you'll understand.

Sounds like you nees your CCNA. (I don't mean that in a dickish way)

I get the sentiment but you're getting a little spergy.

Eh.

This. I hate certs, and I think they ironically limit you, but knowing networking is a mist.

Lmao at your entire fucking life. You aren't VR guy and I can see you know fucking nothing about the things you think you know

I read a lot of a book just to understand a basic of stack. write a blog about that fucker finish 7 months later.

>I hate certs, and I think they ironically limit you
what

how