I watched the first two episodes of that terrible show do people really have passwords that are just a word followed by 2 to 4 numbers? are people really that stupid or is it the show
Mason Ross
I made an account on htb about 2 days ago. How long did it take you to get in?
Carson Rogers
Are those OSCP videos worth watching? They seem quite old, with some mention of fucking BackTrack in the PDF files.
Tyler Sullivan
Yeah, they are that stupid. Ive cracked a few passwords owned by friends and family members. The majority had >*word that means something to them* *birth year/month* its fucking ridiculous
Jackson Martin
An hour so when I did it, did you use curl or burpsuite or a browser extension?
Jaxon Scott
Yo, i'm also doing priv esc on htb. Scratching my head at the moment. Get tom yet?
John Torres
on node*
Justin Lee
I only have mark so far, haven't been able to figure out how to go from mark to tom.
Kayden Parker
I used burpsuite. It took me about the same time, but i had a massive setback for 15 minutes because i forgot i was running a vpn so i wasnt getting the correct HTTP headers for ages so i couldnt make the post request. i feel like a fucking dumbass
Samuel Jenkins
Same. Been sifting through the system for 3-4 hrs now. I see the 2 processes running as tom, but can't find any calls to anything writable as mark, nor anything I can run with escalated privs.
Leo Harris
Anyone here going to the Department of Energy competition in April?
Landon Jackson
Why do people use python2 for stuff? It literally sucks
Adam Perez
What's the alternative you propose?
Xavier Baker
There’s a github repo of the top million dumped passwords
Where you think rockyou came from? It’s a good list of normal people passwords
Andrew Russell
its a scripting language with libraries witch makes it easy.
Aaron Martinez
It’s free. Free information and content. Of course it’s worth it, given the price of admission for you is zero dollars, instead of 800 for the latest ones.
Benjamin Bell
I am glad the last thread died. Too many people leaking in over from cyb. Bad thread that one. I am Mirin hard that whatever op made this thread used my pasta with the links in it. It’s like watching a Pokémon evolve as it gets traded; I modified OG OPs pasta, now someone else’s using mine when I needed a break from this thread for a while.
I’ve been working on my sysadmin skills. Got some textbooks from work on server 03 course material, and I’m gonna build labs using it. So much lighter than 2012, I can actually do the installs on hdds instead of NEEDING ssds. This is something I feel I am lacking in me pentest studies; sysadmin skills.
Gabriel Turner
I want to become a hacker. I have zero knowledge besides shitposting. I know I will need to learn programming, but would this book be a good starting point?
Colton Garcia
Also, what programming language should I learn first? Mind you I have zero knowledge about the subject. I was thinking assembly first....
Josiah Johnson
No. Learn python and learn that the comptia certs are useless and out dated.
William Flores
This book is 2 tests out of date current is 901 and 902 and it also teaches no programming it's for repair techs
Oliver Brown
>learn programming, but would this book on BASIC HARDWARE REPAIR MEANT FOR SHIT EATING RETARDS be a good starting point? you tell me.
How about you carefully, in order, follow all the links in the OP, and never come back.
Jacob Stewart
>I was thinking assembly first.... I cant see that becoming immediately practical, assembly could be useful in the future if you want to do low level reverse engineering, but for now learn a higher level abstracted language. This. Learning python will help you understand the concepts of programming and how extensible it can be. Python will also help you write scripts for >generating passwords for brute force lists catered to the victim >writing and using priv esc scripts >writing and using exploits >automating boring shit when your doing simple recon
I suggest learning python from this video, because its fast and has no bullshit that you dont need to know when you're first starting out youtube.com/watch?v=N4mEzFDjqtA and start learning bash and do OverTheWire bandit (link in the OP)
Michael Flores
Python 2 or 3?
Evan Rogers
3, its the most recent version once you know python3, you pretty much know python2 anyways. the only real differences are print functions and small things like xrange(10) becomes range(0, 10), so its easy to migrate the code if you need to.
Jackson Nguyen
Got it. I asked because apparently most of the libraries are Py2
Christian Stewart
Thats not really true, there are a few libraries lagging behind, but most people are using python3 nowadays.
Owen Rogers
Ok, I'm trying to ssh into bandit0 and I keep getting the password wrong even though the site says its bandit0. Is there just something wrong with it right now or what? I've done bandit a while ago in the past and had no problems.
James Wilson
Good to hear. Have you read either Black Hat Python or Violent Python? If yes, which one would you start with?
Brody Lopez
saw this in another thread, make sure you're using the right port (2222, i think)
Jason Wood
Are you getting the user right? I.E user@ip
Benjamin Ward
are you on the right port?
Ive read a bit of black hat python, it was a little outdated but there are some good take aways. I am wanting to start reading violent python, i might start now and report back in a little while. I suggest getting a good grasp of python first.
Dominic Foster
[email protected] is what I'm using I use -p to indicate the port right? when I did -p 2220 I got yelled at saying i was vulnerable to a man in the middle attack or something
weird, this worked for me with password bandit0 ssh [email protected] -p 2220
Carson Fisher
Ok I unironically have a question, is San Francisco / silicon valley area, really a hackers playground?
Hudson Cooper
Try a web ssh client.
Carson Diaz
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the ECDSA key sent by the remote host is SHA256:98UL0ZWr85496EtCRkKlo20X3OPnyPSB5tB5RPbhczc. Please contact your system administrator. Add correct host key in /home/rat/.ssh/known_hosts to get rid of this message. Offending ECDSA key in /home/rat/.ssh/known_hosts:1 remove with: ssh-keygen -f "/home/rat/.ssh/known_hosts" -R [bandit.labs.overthewire.org]:2220 ECDSA host key for [bandit.labs.overthewire.org]:2220 has changed and you have requested strict checking. Host key verification failed. this is what I'm getting.
Jason Phillips
>"smart" shit and IOT stuff every where Yup. Lots dumb asses and k0d3 monkeys
Owen Reyes
phh remove the key with the command it gives.
Noah Fisher
have you tried running this, like it suggests? >ssh-keygen -f "/home/rat/.ssh/known_hosts" -R [bandit.labs.overthewire.org]:2220 is your username/home folder called rat?
Lincoln Morris
yeah, I guess the warning kinda scared me a bit
Liam Nguyen
Its just a key thing. may think that its a corrupt key or hijacked.
Juan Edwards
Well thanks anons for the help, I got in.
Jacob Walker
Mate I told you last thread youre using the wrong port. I tried your steps and tried port 22, it doesn’t work. Had to be the one specified on the bandit site
Luis Clark
That was a different user last thread. but the problem has already been solved.
Elijah Anderson
How strange. This must have been a VERY recent change if two dudes in two threads have the same issue.
All things being said when I did it this time last year, I swear it was port 22..
Julian Cox
cool thread, thanks for showing me htb, this is a fun way to get to know radare better
Nathan Hall
only if you can avoid showing your power level
Luis Allen
is this legit?
Jeremiah Smith
no, it's old pasta. do a web search for "2B6DAE482AEDE5BAC99B7D47ABDB3", just one key i picked at random. dates back to 2016
Anthony Miller
user..user.. here's what your going to do. your going to buy a raspberry pi. your going to learn how to get it setup and running. you are then going to try and setup a server on your network at home that you can ssh into. This is going to be difficult and take some time. now.. assuming you get that far you will then start to ask your self what next? well.. there's a few options here.. my recommendation would be to setup a simple web app. for this you will need mysql,php and apache. you will also need to learn some html. make a simple todo list app or find a website and make a webscraper. dont get stuck in the weeds.. follow the simplest path.. the path of least resistance. when you get stuck for more than 20 minutes.. walk away and come back later. sometimes this means coming back the next day. its important to stick with a problem though and to solve it. figure out what you want to do (big picture) then break the problem down into the simpler steps. then break those problems down into simpler steps until your mind can understand the problem. Also A+ is for retards. I've given you the keys to the castle. go forward and be awesome.
Kayden Moore
thanks late night. I paid it forward helping a newfag.
Lincoln Taylor
I'm the OG OP so this has come full circle. I made it someone added, I re-made when I saw the thread was dead all day.
Dominic Morgan
I have a data server running on alpine os though....
Zachary Reed
Sup man, any luck on tom or root yet?
Leo Phillips
You don't need to learn programming to become a hacker. What you need to learn depends on what you aim to do and what kind of hacking you are interested in. You can hack into any server with zero programming knowledge.
Joshua Martinez
negative, I took a break and I'm going to back to looking for another channel since I'm just not getting the vulnerability if there is one in the ***.js files.
Xavier Peterson
>how to be a script kiddie Social engineering can be incredibly useful, but you still need a basic knowledge of how things work to be any good at all
Cameron Perez
Same, I've wasted so much time fucking around with mongo trying to get those to run. I cannot for the life of me understand how that works.
Benjamin Perry
You have a funny idea about what "hacking" is.
Colton Russell
I've actually seen passwords even worse than that. You'd be suprised by how dumb normalfags are.
Samuel Scott
>You don't need to learn programming to become a hacker Ah, yes, copying and pasting from Stack Overflow.
Brayden Reyes
You can have an understanding of how things work without knowing how to write code. It has nothing to do with being a script kiddie and you don't need to be one to get shit done. Has nothing to do with SE either. You can break into practically anything without programming, without metasploit/skid tools and without social engineering.
You're just too stupid to realize this and think outside the box if you disagree. That's why Sup Forums and the majority of "hacker" communities are a joke.
Nolan Johnson
>me understand how compooter work without understanding how compooters actually work. me can breek into anything by klicking on pretty pictures
Anthony Walker
why do people like you insist on shitting up my thread
Jackson Gomez
yes you will be hacked by Blume and someone will whip out their phone and with one button press everyone has your nudes
Parker Gonzalez
you do have to understand networking and general infrastructure, though, and being able to write scripts definitely helps (for your example of popping a server) unless you're talking about physical stuff or something like that. I get what you're saying and generally agree, though. Security is a fucking limitless field.
Brayden Wilson
Yup that's right, you need an understanding of how things work. It's just that doesn't necessarily mean programming, which is what I was trying to say. In my opinion, learning how to use linux is more important for a hacker than learning how to write code. But in the end it all depends on what you're trying to do and I'm just coming off one angle with a single opinion.
William Ramirez
For sure. You don't have to write exploits to be a hacker, and not writing exploits doesn't automatically make you a script kiddy. Sup Forums might not agree with or understand that, but it's the truth. hell, there are plenty of ex-repo men/con men/thieves out there that now work in sec that focus on physical stuff and SE that aren't all that technical, but it's all a part of the same world
Carson Gray
proud frogposter
Jeremiah Jackson
Found the skid 0day is the only real security field calling some retard on the phone and (((socially engineering))) them is skid shit
David Johnson
>being this wrong >not understanding the breadth of security or how enterprise shit works at all how's the job hunt treating you?
Carter Barnes
not him but honestly from my experience "enterprise" software tends to be riddled with vulnerabilities and being able to find and exploit them can at the very least turn some heads and earn you some pretty valuable recognition, especially if you're young and lack working "experience"
Christopher King
I've been at a defense contractor for 2 years, currently making 180k + commission on my bugs How about you, how much is calling people on the phone bringing in for you
Henry Edwards
Totally agree, that was part of my point though.
David Ramirez
So one small part of sec is a supplemental hobby for you and you think that's the only ""true"" area in the most diverse field in technology, cool.
Brandon Gomez
there are high paying (contracting) jobs in every field but it's not really representative of the industry as a whole. i'm a somewhat competent reverse engineer and i've written my fair share of 0day exploits but i literally work in a call centre, albeit not actually taking calls.
Camden Lopez
>Supplemental hobby I do vr at a contractor champ, they pay me commission on my bugs on top of my salary
Caleb Nguyen
Whether you're telling the truth or not, you are grossly undermining security both as an industry and from a conceptual standpoint, and you're misusing/misunderstanding/abusing the term "skid" and applying it to anything that you are not. Super toxic and narrow-minded of you, "champ".
Dylan Walker
Keep using burned 0 day I wrote 2 years ago after a cve drops and someone writes a metasploit module for it champ
Xavier Sanchez
I haven't even mentioned what I do in the field lol, you're either a larping baiter or an intolerable narcissist, either way congrats on potentially discouraging others from working their way up in the field like a true gatekeeper, full of shit or not
Gabriel Sanders
>He thinks there is no in-between to finding 0days and social engineering
Tell me the name of your company so I can show you how quickly it can be pwned by someone who won't use any code, programming or skid tools. Also provide your email so we can get an NDA signed where the attacker doesn't get in trouble. If you don't agree to this then get outta this thread.
Easton King
I'm wokring on a box on htb and I wonder if I have an aes128 private key is really brute force is my only way to crack it? If yes can I use it to somehow decrypt intercepted traffic without knowing the pass phrase ?
Hunter Lee
You do not have a single chance of cracking that mate. Enumerate the box again, you must have missed something if you are thinking of trying to brute force aes
Thomas Anderson
ah yeah the key always ask me for the password and I knew brute forcing was kinda dumb method, I need to find something else thanks user
Xavier Edwards
I just wrote an email addresses extractor. After two minutes, my output files contains 600'000 email addresses, i'm quite proud of this program. I don't know if it can be useful, maybe for spammers or for people that crack email addresses, but it was fun to write.
Grayson Collins
you're stupid.
just saying.
Jaxon Clark
Extracting emails from where?
I want to write one for extracting emails from LinkedIn. Or just the names and surnames of people who work for a specific company, and then build the email addresses from that
Logan Barnes
From hacked-emails. You just have to give a file path in argument that contains email addresses. The program will use hacked-emails api to search all pastes for the email addresses in your file and write it in an output file.
There is also a recursive-mode: when the program finishes the given file, he takes output files.
Landon Collins
>Waaaah im a real hacker stop gate keeping me even though I don't have any understanding of computers or operating systems Retard skid
Any retard can spearphish, it's not impressive
Jaxson Clark
Oi oi, what's this?
Isaiah Clark
A yagi antenna.
Jayden Rivera
Hell yeah! I unpacked it today and I'm already in love.
