>use the man pages >read the over the wire pages carefully, when they specify port use / to search for port in the man pages of ssh
Landon Kelly
No worries. I am able to connect to the web server but using the web injection does not seem to work. I must be fucking up somehow but I don't know how.
Cameron Gray
oh shit, this is like highscool all over again thanks buddy
Aiden Young
yeah, i missed that for some reason, didn't even register such a retard move on my part a few months ago i was learning php and my code wasn't working because my file didn't have an extension, this is just the way i fuck my shit up
Nathan Diaz
Retardanon here: > Please play nice:
> * don't leave orphan processes running > * don't leave exploit-files laying around What do these mean?
Caleb Moore
How confident are you with the commands you are executing? what commands are you executing? you could abandon nc and create a msf payload and set up a http server with python and use wget or curl to download it
gotta start learning to read shit carefully, and not overlook details. but dont worry bro, ive been there
dont start processes and leave them, you kinda need to do it intentionally when using ssh, using tmux or something delete your shit after you make files or directories
Jonathan James
I mean fairly. I broke down and looked at a walkthrough and even the exact commands they used did not work. I will figure it out though.
Hunter Ortiz
My professor told me if I do a while(1) in C it would freeze and crash my PC if I ran the program and jokingly said that he taught us to make a virus, except he was being serious. He also thought if you don't call free memory then your PC would eventually run out of RAM and you'd need to restart it, rip.
Hello tenure n teaching retarded first years that won't speak out
William Collins
What level did you end up getting to ?
Carson Young
post the commands dude. don't worry about looking at the walkthroughs when you're stuck though, just remember what the walkthrough teaches you and use it in the next applicable circumstance
Jeremiah James
i'm just starting out right now i'm looking at the usefull[sic] tools right now that you see when you login all gibberish to me
Jackson Garcia
if you're still curious, this is where i'm at right now this is very enjoyable better than vidya, which i stopped playing a while ago
You better believe it which is why I am pissed that I can not even get through it. Only thing holding me up is the netcat reverse shell.
Isaiah Long
you're probably doing it wrong. read a book
Evan Nelson
Yeah you are right I am but I am not sure what it is. Even copying the commands from the walkthrough do not work but who knows.
Isaac Martin
bros, did i cheat? is there a better way of doing this? i used "sed" instead of the recommend commands question: overthewire.org/wargames/bandit/bandit8.html my answer: sed -n '/millionth/, Sup Forums p' data.txt output in pic related
Aiden Cook
i'm going to take a break from this to go eat, thanks for the help anons i'll start being part of these threads in the future i stopped at level 10, but i think i can do it sed is my best friend
Lincoln Bailey
all you need to do is get the password, there is no cheating other than looking up the walkthrough
Do any anons have any tips on the USV 2017 vulnhub?
Liam Gonzalez
Can anyone log / grab some ones IP for me?
Nathan Robinson
install beef and send them a hooked site. its easy as fuck, do it yourself
Asher Wilson
i recommend penetration testing by georgia weidman but to not set up the environment and follow the examples on your computer since it's outdated. use VMs you find on line like the one you're doing now
Jack Rivera
Portugal caralho!!
Cameron Murphy
Any of you guys play TIS-100 for fun?
Ayden Rodriguez
Hi newfag here I'm not sure if it's a problem but my IP keeps changing on its own I can't remember what it was before the change but it changed to 49.197.176.162 is this ment to happen?
Levi Flores
This is due to your device most likely having a dynamic IP address which is in fact the default for a lot of software.
Cooper Clark
Thanks wasn't sure
Ayden Walker
I just got back from the deloitte cyber threat competition
we won the technical shit by a mile ahead of any other school but then got docked for our presentation
Nolan Reed
Congrats mate.
Samuel Morales
Hey guys, what projects are you working on? no need to go into great detail if you don't want to.
>arduino keylogger Lets be real I barely touch this thing, I am planning to add esp8266 to retrieve log files >tfw your local library has 3d printer Which is perfect to print the custom usb case I need. What I noticed is even if you pick US keyboard layout, it will still send different raw usb HID codes, I guess it will make it too easy if it was all the same.
>building my own rolljam >rolljam is a arduino based device that captures wireless key fob packets, and being able to unlock vehicles. This project is mainly for fun, for it to work, to my understanding is to decode the signal, which I don't think it can be automated. Maybe *shrugs* I will find out later down the road
>bitcoin swapper in python This was quick python script to do on a friday night, it just checks clipboard manager for bitcoin wallet address, and if it find one it will swap it with yours. Maybe look for one in the sticky notes file, too.
Too distracted watching twitch streams to be consistent with these projects.
Ryan Jones
Man I really want to get back into some of this stuff, but I'm bad at motivation and consistency. I have some shit from back when I was popping WiFi networks to get free internet and shit. Got an old Alfa awus036h antenna that was real good for a bunch of stuff. Got a lan turtle from hak5 coz I thought it looked sweet, haven't done anything with it. Got a tool kit with some pentesting gear in it.
I also have some esp8266's and other random crap around that I was planning on selling. Some orange Pi's, a raspberry pi 1 model b, etc. What are some neat things that I can do with all this stuff before I just bin/sell it?
Haven't used Kali or anything like that in a long time (4-5 years), so would be interested in getting back in and playing around. Tips?
Chase Taylor
Find people to help you keep you motivated.
Jordan Butler
You can make some awesome shit with a Pi. Make a "can of worms" for example. Put the Pi inside a pringles can, install aircrack warez and external battery, hide outside target building, ?????, get access to target wireless network and continue pentest.
Get creative with this powerful mini compooter man. Dont bin it!
Nathan Clark
Man has Kali really been out that long? I swear it was only like 2-3 years ago backtrack was the big thing before Kali released, we even used it in our uni class like 1.5 - 2 years ago
Jose Martinez
I know this feel. I just booted up backtrack r5. Wild. Comfy.
Asher Jackson
Backtrack was like more than 4 years ago, Kali was coming out right as I was stopping. Was just using it to pop wep WiFi networks and steal some free internet and the occasional password.
Where? I'm not interested into getting into anything illegal/stupid again which is where the most people congregate for this sort of stuff.
Yeah I have thought about that, and I usually get excited, research the piece I need, buy all the pieces and by the time they arrive I'm not interested anymore. Basically what happened the the lan turtle I bought, and all the esp8266s.
Those orange Pi's look cool as fuck though, way tinier than the raspberry. I've been wanting to do something cool with them, but I'm not very creative or handy.
Easton Cox
Lads, I'm a bit confused about the OP pasta. Lets sake, for the sake of argument that I want to be a leet hax0r, alright? So, you have overthewire, and vulnhub, which seems quite good, also a walkthrough here: abatchy.com/2017/03/how-to-prepare-for-pwkoscp-noob
However, is it that + OSCP enough to land aj ob in this area? I feel like there's a bit of scripting and a lot of networking missing from these rough guidelines. I don't mind much about prog because I'll learn ASM/C this year when I start college, but what about the network mumbo jumbo? Is there something in the OP that I'm missing about these topics, or aren't them as necessary as I would have thought?
Cheers.
Oliver Brooks
i brute forced porn sites in the mid 00s. am i a hackerman yet?
Hudson Wood
How come the mr robot ctf is never mentioned?
Nathan Taylor
Anyone want to run through the bandit simulation together ? I can drop a discord if people are interested
Jonathan Morris
that one was quite a lot of fun, but it was super easy.
Dominic Reed
No, you're right. A lot of the networking and other basic stuff is missing from OP's post. I think he just had a base level of knowledge in mind when creating the OP. Would you really want 100+ links on shit like OSI levels, Ports, VLANs, Subnetting, VLSM (fuck this so much), and meme level "what's a computer" stuff?
I mean the whole idea for most of the entry level stuff is to figure it out yourself with a nudge in the right direction.
Ian Torres
Think you'd be up and willing to teach ? I'm trying to get into this but find I am needing a mentor or someone to parallel self teach
Ethan Hughes
Not him but have you done the OTW stuff? A lot of this shit is reading and googling.
Caleb Long
I'm willing to share as much as i know, and help do research on anything you might need. However, im not that good. I can do basic stuff, and i know what to learn when im trying to get something done, but im no expert by any stretch of the imagination. But yeah, sure. What are you going to start with?
This, a big part of pentesting is learning as you go. For example, you're doing a CVE and you run a nikto scan, you will see vulns that you have never heard of before so you spend a lot of time looking at what you actually need to do to exploit them.
Eli Davis
I don't man. Talk to Dan Borges. Join your local 2600 meet up. Fuck if I know but you need to find someone or you are going to die. You are going to fucking die!
Joshua Mitchell
can a C guru help me understand how to exploit this? i know that you can provide the format string and because snprintf accepts a variable list of arguments it will start popping things off the stack, but i don't know how i can write 500 to i's memory location. especially since at most 64 bytes will be printed, so you could at most feasibly set it to 64 as i understand it #include #include #include
int main(int argc, char **argv){ int i = 1; char buffer[64];
snprintf(buffer, sizeof buffer, argv[1]); buffer[sizeof (buffer) - 1] = 0; printf("Change i's value from 1 -> 500. ");
printf("No way...let me give you a hint!\n"); printf("buffer : [%s] (%d)\n", buffer, strlen(buffer)); printf ("i = %d (%p)\n", i, &i); return 0; }
Jaxson Robinson
i'll do it, i'm the retard from the start of the thread i'm at level 10, but i can start from 0 again
Anthony Hall
piggybacking off our comments again, but the command man (whatever) will be your friend
If the CTF you're running wants you to unzip a bunch of tar shit, type: man tar, and read the documentation to figure out how the command runs and what other inputs you can give it.
A good example is trying out how to decode a rot13 text file. It only takes one command but it takes a while to figure out how to do it.
Kevin Turner
Perhaps we can make a pastebin with all these links to shit. Beginner to 1337hax0r. Ill work on one and post it here in the next few hours.
Jayden Young
you're a legend if you do it
Jaxson Sanders
>report a security issue affecting around 15 different NASA websites >they fix the issue >no response
Fuck you NASA.
Evan Robinson
That's a lot of stuff man. Basic to me means knowing nothing about computers but how to maybe post to facebook, and "the internet" is a desktop icon.
Going from that to 1337 hacker requires way too much for a simple OP post
Oliver Scott
just add 3 lines, top of the links one line saying redux - bottom of the links 2 lines: extended - pastebin.gay/all_the_shit
Asher Martinez
Sorry for the sort of lazy approach but I've been really interested in a career involving network security and wanted to know what I can realistically expect. I have 4 years of work experience in telecom doing some semi related work and I'm going to finish a MS in communications engineering soon. Is there anyone working in the field that can give me a rundown of their day to day work? I'm worried I'll end up in a role that isn't challenging and has me running scripts to generate giant reports for the sake of shifting blame if something does go wrong. Ultimately I'm tired of working with a bunch of charlatans.
Jackson Wilson
I was thinking something along the lines of; basic computer hardware, intro to networking (OSI/LAN/WAN/VLANs and the works), Operating Systems, Software/Tools, basic CLI (both win and nix), Security, Information gathering tactics, enum and scanning, Basic scriptkiddie hacking, programming(python, java, C, ect), reverse engineering, exploitation and persistence, malware creation, and torrent URIs to various libraries and learning materials.
Ill post what I have so far soon. Its more work than i thought lol
Brayden Sanders
>but the command man (whatever) will be your friend this. but it is $(date +"%Y"), you should alias person="man"
>If the CTF you're running wants you to unzip a bunch of tar shit, type: man tar, and search the man page with /
>A good example is trying out how to decode a rot13 text file there are plenty of things on google about rot13
Jaxon Evans
so how do I not get bamboozled by a hackerman?
Xavier Gray
you need to become hackerman yourself
Nicholas Gomez
just dont be retarded and click on everything and download everything
Sebastian Clark
what if I connect my device in a public wifi and the hackerman is around?
Brandon Lopez
use https so the hacker can't see what you're doing. You're pretty safe on public wifi, ARP (address resolution protocol) poisoning is pretty hard to do and i havent figured out a good way to do it yet, so its unlikely you'll be being redirected to site clones that the hackerman owns.
Josiah Stewart
your pc will mine bitcoin for him
Benjamin White
> (You) >>but the command man (whatever) will be your friend >this. >but it is $(date +"%Y"), you should >alias person="man" Wait, can you break this down? I'm inches away from finishing my BaS in Networking and all I've ever been taught is man
>>If the CTF you're running wants you to unzip a bunch of tar shit, type: man tar, >and search the man page with / I generally skim through the man pages to get a general idea on what it does and the inputs I can give it. I guess the search function is good if you keep forgetting inputs (which I do, I should do this to save me time using page down to get where I need to)
>>A good example is trying out how to decode a rot13 text file >there are plenty of things on google about rot13 True, the first few times I ran into a rot13 I just googled the command and ran it to decode it. Took me losing a bet against a schoolmate until I actually spent the time to figure it out.
Easton Edwards
>Wait, can you break this down? I'm inches away from finishing my BaS in Networking and all I've ever been taught is man Its a bad nerd joke. >$() indicates its a command, it allows you to put commands inside commands >date +"%Y" just prints out the current year, so 2018 >alias allows you to rename commands or strings of commands >alias person="man" would mean you could write person %command% to get info about it, its a joke about feminism
>I guess the search function is good if you keep forgetting inputs you will never be able to remember every argument for every command you use. fuck, i mean i forget the args for programs i wrote. the search function will save you so much time.
Evan Rivera
ah, thanks
Joke ______
My head
And yeah, I spend way too much time, and way too many keystrokes looking for shit in man pages
Jack Adams
This , also anyone can passively collect packets from any public wifi however nowadays most wifi access points use WPA2 which is somewhat secure excluding a very situational KRACK attack recently found. Other encryption algorithms are broken. At the same time the actual owner of the access point will be able to see your traffic if you'r not accessing it over SSL. I usually open a tunnel to a raspberry pi back at home. Just ssh -D 1080 host and setup your Firefox browser proxy to use Socks localhost 1080. You can also use a VPN. Also select the option to use the proxy for DNS queries as well. This is helpful if you don't want your company to see your traffic. They install a certificate that allows their gateway to claim they're the certificate authority (someone can correct me on the exact details because this could be a bit misleading) essentially letting them see all your encrypted traffic. Just don't overuse it for videos or something stupid because they might become suspicious if the tunnel has too much traffic.
Dominic Wood
Yeah, i used to hate reading man pages and go to google instead, but i much rather man now that i know to use the search.
If you want to save some time, alias all your shit you always use >alias h="cd ~" will make it so h brings you to your home folder >alias d="cd ~/Documents" and d to your documents folder
Levi Bennett
cd with no args will take you home.
Lucas Perry
I know, but that was just a suggestion another example, i have apt install set to apti, so its faster to type
Carter Morris
yeah, haven't really messed around with aliases other than setting "fuck" to "man" since first trying linux out in grade school and getting irritated at CLI
It's fun saying fuck gzip or whatever when I don't remember the arguments
Jacob Cruz
download thefuck when you run the command fuck, it corrects your last command so if you type: cd ~/douments fuck >do you mean: cd ~/Documents [Y/n]
Christian Long
no one is stopping you from starting one.
Adrian Williams
fuck that's awesome, thanks
Cooper Roberts
yeah no problem man
check out this if you want more cool commands commandlinefu.com
I hadn't thought that. Well for those who want it. .bash_aliases alias ev='evince' alias tt='totem --gapplication-service --fullscreen' alias nt='nautilus' alias sc='screen' alias cs='clamscan -vaor --allmatch' alias gdb='gdb -q' source ~/.docker_aliases source ~/.dir_aliases
curl4chan() { clear thread=$(printf "$1" | awk -F'/' '{print $4}') let count=0 for i in $(curl -sSL $1 | egrep -io 'i\.4cdn\.org/'$thread'/[[:digit:]]+\.(webm|gif|jpg|jpeg|png)'); do [[ -f ${i##*/} ]] && continue let "count++" printf "[*] Found a new file: #$count\n" curlthis $i clear done if [[ $count = 0 ]]; then die No new files. return 1 fi echo So Update: $count new files fetched. }
pyc() { python -c "print $@" }
Brandon Gray
not sure. some are useful tidbits of history expansion, the at one a few lines down is dangerous to normal retards who don't know about injecting arbitrary shell code and what printf '%q' or "${var@Q}" are for in bash.
I don't know.
Ethan King
Some autistic fuck tried to trace my ip using an ip logger. Any way to get back at the fucker?
Jordan Wright
A multitude of ways but none that you're capable of if you're asking such a stupid, general question
Gabriel Smith
Please, no larping.
Lincoln Wilson
>apt-clean good idea
additional functions # does recon with nmap and nikto and saves to file recon() { nm=$(sudo nmap -p- -sV -O $1) echo $nm >> recon_$1 echo $nm nk=$(nikto -h $1) echo $nk >> recon_$1 echo $nk }
mkcd() { mkdir -p $1; cd $1; }
#shows google search links function google { Q="$@"; GOOG_URL='google.de/search?tbs=li:1&q='; AGENT="Mozilla/4.0"; stream=$(curl -A "$AGENT" -skLm 10 "${GOOG_URL}${Q//\ /+}" | grep -oP '\/url\?q=.+?&' | sed 's|/url?q=||; s|&||'); echo -e "${stream//\%/\x}"; }
#defines a word dict() { curl -s dict://dict.org/d:$1 | perl -ne 's/\r//; last if /^\.$/; print if /^151/../^250/'; }
Jack Gutierrez
>literally all of them are "find this file at this location" I just cheated by going to home directory and home/bandit26 ez pz
Hunter Hall
before y'all post bash stuff, can you guys use shellcheck first? thanks.
Where do I start as someone with IT experience, scripting experience, a bachelor's. Have used things like Python before, bash etc. Been using Linux as my daily driver at home for 6+ years. What's some stuff that's fun and will keep my interest?
Dylan Hughes
not larping.
What info do you want?
Jeremiah Taylor
>Got the keys to most of my neighbors Wi-Fi networks. >Put friendly anonymous letters in their mailboxes informing them of the fragility of their networks (some are still using WEP). >One month has passed and all of their passwords are still the same.
Come on.I didn't even need to use any software for at least 4 of them,because the network was named after their children and the password was his birthday.People never protect themselves...