Newfriends are encouraged to search in these two links, and the ones in the OP, everything they might need. If that doesn't work, try your favorite search engine.
Additional resources: Huge ass pastebin made by user, recommended for guys who don't know shit about anything. pastebin.com/PDLdrsuq
Anyone got good checklists for securing a VM and fully isolating it from the rest of your network? Also, do you guys use premade stuff like Kali, or do you build up your own setup using a standard distro?
Thomas Wilson
WHY IS HE SO FUCKING U- Wait, wrong person, carry on
Noah Diaz
>Anyone got good checklists for securing a VM and fully isolating it from the rest of your network? Basics: kb.help.rapid7.com/docs/setting-up-a-penetration-testing-lab Or just grab a book from libgen.io. There's a few decent beginners guides listed under Penetration Testing. When the list comes up click on the "Year" column to sort them new to old. Grab something written in the last couple of years.
Luis Reed
Don't you dare to insult the siberian hackerman.
Kayden Walker
I don't suppose there are any other sources than Vulnhub, for victim machines in ISO format? Or maybe some vulnerable Windows VM's that aren't XP? I've kind of run the gambit of exploits for the XP examples that are readily availible.
Asher Hernandez
>just found out my local pc shops exit system can be bypassed with compressed air >no latch >no alarm >no nothing I've not tested thinking of heading down tomorrow and telling them since they've always been nice to me, hopefully they don't think I was planning on robbing them
Ian Smith
omg no i dont approve of the new logo
pls bring back rami
where the fuck are the old resources
dont put them into the huge pastas noone will ever see them
Brody Kelly
>vulnerable Windows VM's that aren't XP try rolling metasploitable 3
Aaron Ward
I didn't even touch the OP but the logo, the other links that were gathered by anons are in the first reply. What are you talking about? Why are people so sensitive about this?
Jace Gutierrez
>Why are people so sensitive about this? >dont put them into the huge pastas noone will ever see them
Joseph Hill
Is vulnhub slow for anybody?
William Williams
>also no nsa/cia/ASIO would have any windows their testing network would be unclass. the snowden exercise was a testing exercise.
Cooper Peterson
Cool thanks. I've done some basic shit in the past, but never from my own network, so just want to set up a good isolated lab that I can play around in without worrying about getting popped.
Jace Moore
>Huge ass pastebin made by user, recommended for guys who don't know shit about anything.
>css >js >html >angular >node >django >bitcoin >rpi home server >no shellcoders handbook >no advanced pentesting >no oscp videos magnet link >no art of exploitation >no web app hackers handbook
Clearly the lowest common denominators have taken over. I am disappointed what was such a great intermediate to advanced thread is now dominated by absolute beginners.
I am also blown away that people think that a thread with a tag line of
>In /hmg/ we discuss pentesting, ctfs, exploits, and general being a hackerman.
means webdev and piling thousands of hours of entry level tutorials into a pasta.
Heres the bitter truth; if you find bandit too challenging, you wont make it. Oh please, refute this all you like "hurr people need to start somewhere!!!"
Yeah they do. Its with bandit.
Ive had enough. Ive watched so many generals turn into /sqt/ clones without people even realising it.
the linux generals are all stupid questions. cyb/sec turned into people continually adding shit to the pasta, and noone ever swallowing it because it was too big. look at the last thread. 200 posts about the pasta, and none on the actual CONTENTS?
i understand why vr guy flings so much shit now.
maderas was right to leave. theres nothing here.
Dominic White
Just fucking ignore it and keep chatting about advanced shit. Or we can move to a IRC or something else.
Then just ignore anyone who asks newb shit like "how to get invite to hackthebox" or "how to get started with bandit".
Aaron Gomez
I was actually excited that I have a decent paying job to attend defcon this year. I might go, depends really.
Oliver Thompson
>I was are you not excited now?
im thinking of going to the r7 conferences in aus. its in a few weeks so i hope i can secure a spot
Liam Cook
Its one of those moods I get in, I am excited for something, and then I think about it, and realize is it just over hyped?
I have no friends to go with.
Bentley Diaz
>I have no friends to go with. nor do i if i go to the r7 cov. which im ok with, i can see the talks i want to and not have to worry about what they want to see.
>is it just over hyped? probably. but you might enjoy it. only way to know is to go. if i dont enhoy the r7 one i just wont go to any more.
Ian Russell
How I can rice my Windows 7 machine to look more cyberpunk/hacker guy?
Levi Flores
Why do you even care? If anything you could lead by example but you prefer being a whiny bitch sperging about MUH HIG END INFOSEC CAREER, dude what the fuck head over to r/netsec or r/netsecuritystudents or whatever imageboard you like. Who the fuck is maderas, another namefag? who the hell cares about him? Who even cares about your opinions? Just do your own shit, wire your brain to filter keywords like OTW, Comptia or whatever, if you can't do that then it seems your skin isn't thick enough to dwell in an imageboard. Or even better, create your own board in eight chan and spam it everywhere, you set the rules and be happy.
And you kill yourself.
Benjamin Bennett
high*, y'know, the heat of the sperging.
Liam Ortiz
>How I can rice my Windows 7 machine You don't.
Joshua Hughes
where'd all the links go bossman.
Also, WHERE IS ELLIOT BOSSMAN
Why are you changing things up on me bossman?
Why do you make me so sad bossman?
>I'm already sad enough
Asher Thompson
having looked at bandit, yeah... that's where people need to start.
One cant rely on regurgitated tutorials 24/7. You have to get good at figuring things out for yourself. It takes initiative. And looking at bandit... lol that shit is EZ.
The spirit of cyb/sec is for all knowledge to be available to those who have intelligence and drive, not to feed it to the masses like the rest of this drivel.
However, due to the employment shortages, things are about to get really watered down. Stay tuned
Dominic Martin
I mean defcon is in Las Vegas, and I haven't been there over.. 15 years.
Xavier Jackson
>I mean defcon is in Las Vegas wasnt aware of any others, i knew that was the one you meant
i just mentioned the r7 ones in aus cause i live in aus
Lincoln Watson
Oh it was more of a pros and cons of defcon, one pro is that is in Las Vegas.
Isaac Brown
>one pro is that is in Las Vegas. right, gotcha
if anything itll be good to go so you can say you went, at the very least
you morons this is all you need, at least up to OSCP level. fuck you, fuck your pastas, fuck your op, fuck the cyb fags, fuck your irc, discord, riot servers and fuck the other whiny morons that do nothing but cry.
Cooper Fisher
alright want to move into some IRL pentesting how's this for a kit? >ethernet >usb to USB C >micro sd, sd, lightning, micro usb converor >portable ethernet switch >portable usb hub >usb to ethernet >usb to usb c >lock picks >power pack >water resistant low profile backpack with a usb port (for charging or interacting with wifi pineapple, laptop etc.) >wifi pineapple anything I'm missing or is this good for basic IRL pentesting?
Hudson Green
Good equipment; however, skills are far more important.
Jordan King
got any book recommendations or youtube playlists or anything?
Wyatt Roberts
Ty for the link dude. Here, have this to calm you down :)
Luke Johnson
Hacking: the art of exploitation Penetration testing Advanced penetration testing: hacking the worlds most secure networks Those should get you started.
Dominic Lee
thanks pal
Isaac Cox
i've read hacking the art of exploitation and i'm on chapter 13 of penetration testing: a hands on approach. i have a Zim notebook where i keep my notes and i just found a bunch of infographics and pdfs i made out of HTAOE. have them linked into it. have a nice little knowledge base i can pull up anywhere since it's on github
Eli Carter
> i just found a bunch of infographics and pdfs i made out of HTAOE Care to share? Share to care.
Wyatt James
Info for you anons: Cisco has a certification called CCNA: Cyber Ops that they offer free scholarships for that will teach you some basic network security concepts. It'll look good on a resume too. Just google it.
Caleb Bennett
So, is this book still useful?
Justin Barnes
five posts up. five of them. i bet you can even see without needing to scroll up
Isaac Sanders
Actually no, shitty res here, my bad though.
Grayson Brown
>Care to share? Share to care. what purpose would that serve? those are his learning materials, and you will get nothing out of them, avatarfag. read the fucking book.
Evan Jackson
>i just found a bunch of infographics and pdfs i made out of HTAOE >found a bunch of infographics >found You sound like a skid. Stop shitting up this thread.
Kevin Long
>i made out of HTAOE >i made holy fucking hell can you read?
have you ever studied anything ever? you create your own material, thats for YOU to use! other poeple wont understand your note taking style, and they dont need to!
Connor Harris
Have you studied english? You've never used another person's notes? Are you him? Like I said stop shitting up this thread, retard.
Tyler King
>Like I said stop shitting up this thread, retard. lol fucking make me
Angel Ortiz
>What should i upgrade first why are you asking this thread
Adrian Wilson
go back to PC Building General.
htb has a few active and more than a few in the retired pool.
I just did MANTIS is the days before it went retired, which was a full Domain Controller setup.
cracking wifi is not easy. you're best bet is debian and the tool fluxion (its on github)
Zachary Flores
> Your pic > "Got to gulag, c'mon!" > Incorrect word order > In Russian you can freely change word order to empathize tone of a sentence, or "flavor". > Sounds more like mild encouragement, something akin to rooting for someone at a sports event. For whatever reason it made me feel even more uncomfortable. I almost wish that was intentional.
Asher Johnson
I assumed AAban was the name of the guy being sent to gulag. I am disappointed now
Jeremiah Gray
That reads as Daavaii. IANAR tho.
Levi Campbell
Davai. Means “come on”.
t. brmonkey waiting for the next train to Bлaдивocтoк.
Mason Bell
>Russia hacked the DNC
Do people still believe this fake news?
Henry Kelly
You don't?
James Gomez
Been watching some ippsec vids. Man they are good. It makes me want to get better at using keyboard only for lots of stuff. I've gotten out of the habit since I started having to use Windows for work, and stopped using tiling wms at home.
Keen to get this good at some point.
Caleb Johnson
Why does my Kaspersky anti-virus keep sending data to Facebook servers in the US? Is it because Putin is a closeted big black person?
Evan Reyes
>>bait.com/retarddepartment
Julian Fisher
I appreciate the subtle humor of the pic.
Gavin Baker
How can I create a Twitter account that can't be traced back to me?
Ryan Torres
Everything can be traced back, its just about making it more difficult to do.
Nolan Mitchell
What goes on Vladivostok?
Justin Wood
What this guy said.
I make burner fb accounts all the time in disposable VMs. I do this via tor and a proxy, because it’s usually the first step in a process.
These fb accounts, made using a 10min mail account, inside a vm freshly made and never used for anything, on a clean machine that does not get used by anyone except me (keep in mind I do not have my own fb account, so the contamination doesn’t come that way)
When the account is set up and made, it suggests friends. It suggests friends to me, that I personally know, and are located near me. This includes my girlfriend, who I know has never used my clean machine because it’s linux and it frightens her.
So it’s not using cached sessions from my machines, given I’m using tor ontop of a proxy, it’s not knowing what my original IP is.
Is it scooping up geolocation data? Perhaps, I’m not sure what from.
They are cheeky and crafty cunts, that’s for sure.
Ryder Taylor
I suggest guerrilla mail, i have found it works a little better, but i do the same thing other than that minor detail.
Michael Richardson
The end of my trans siberian trip. Tallinn -> St Petersburg -> Moskow -> Yekaterinburg -> Omsk -> Irkutsk > Ulan-Ude -> Ulan-Bator -> Ulan-Ude -> Khabarovsk -> Vladivostok.
All while keeping things working back home, by doing remote work.
Ryan Scott
Pretty cool, are you in this field? I've been meaning to do the same with SEA/CN/TW/JP. But gotta figure out a budget to begin with.
Jaxson Garcia
Well yeah since they were caught like a dozen times by different agencies of many countries. But if you want to define fake news as true but unpleasant then go ahead.
William Cook
Was it more of a social engineering job than hacking per se?
Levi Bailey
The freshly made VMs are overkill. Just use snapshots.
Carson Hughes
pineapple nano arrived, updated it and none of the modules work, they go start>starting...>start time to dive into the logs I guess, anyone had this issue? google didn't have any useful results
Levi Gomez
Hence why the paste is for "beginners who dont know shit". And the art of exploitation and shellcoders handbook is in there, just have to follow the library links. And can anyone provide a magnet for the OSCP vids? Cant seem to find any complete ones
Nathaniel Jackson
are there any cheap wifi adapters for aircrack-ng the tp-link one is v2 now,so it doesnt have the Atheros chip needed for the l33t h4x at pajeet budget im too much of a poor fag to afford those Alfa adapters with 6 gorillion antennas sticking out of them,plus they look suspicious af
Cooper Powell
Can someone explain to me how the bitcoin wallet.dat decryption works?
If AES-256-CBC is not deterministic how the fuck is is able to be decrypted and have the correct private keys?
>Wallet encryption uses AES-256-CBC to encrypt only the private keys that are held in a wallet. The keys are encrypted with a master key which is entirely random. This master key is then encrypted with AES-256-CBC with a key derived from the passphrase using SHA512 and OpenSSL's EVP_BytesToKey and a dynamic number of rounds determined by the speed of the machine which does the initial encryption (and is updated based on the speed of a computer which does a subsequent passphrase change)
Wyatt Powell
Don't bother with him, he's a crybaby. That faggot aside, I checked rutracker and had no luck with it.
Nathan Diaz
Im looking to gain access to the files on someone's computer. Ill have to hide the payload ina word document which im almost certain theyll open. What kind of payload can i use? An ssl connection is enough for me but im unsure of how im going to open one. Are there any kali tools for this?
Connor Butler
Metasploit or setoolkit. Very easy to create a macrod PDF or doc
Jason Powell
Aren't they detected by anti-virus though?
Ryder Long
>getting this salty about a pasta that's not even in the OP You're the assblasted user that was in the last thread, right? I hope this place continues to degrade since it angers you so much.
Owen Scott
I know how to embed a payload im just wondering what payload i can use. If you mean that they have these payloads then thanks and ive misread your post.
Xavier Murphy
what a sperg
Cameron Fisher
How about an android phone with NetHunter on it, with a mUSB to female USB cable and a wifi card that supports packet injection? I made a nethunter device and it is pretty handy for EDC
Gabriel Allen
AES-256-CBC is deterministic. This is saying that that your private wallet keys are encrypted with a randomly-generated master key, which is then itself encrypted with a known value (your passphrase).
Luis Price
I plan on having a sort of go bag, a laptop with kali would do the same right? might invest in a phone though bit more low profile, what's the easiest?
Carson Perez
You can turn a raspberry pi into a linux machine, it runs pretty well
Jackson Brown
His name was Seth Rich
Cameron Butler
Personally I use a Nexus 5 that i picked up for about 80$ and then used the NetHunter OS. I find its much more incognito because you dont even have to have a bag, just your pocket. Same tools as kali and inexpensive. You can also get a USB to Ethernet adapter so you can throw console cables into everything you see. Get crearive with it
Ian Moore
what're some hacker shops lad, to buy lockpicks and premade dropboxes etc?
Josiah Watson
Forgot shitty pic
Andrew Perry
That looks like autism incarnate my duderino
Eli Martin
pretty cool, whats the most fun you've had with it?
Noah Barnes
lmao you're going about it wrong, there's no such thing, the only shop you got is a search engine, persistence and creativity. Also hello fbi