/hmg/ - Hackerman general

I didn't even touch the OP but the logo, the other links that were gathered by anons are in the first reply.
What are you talking about? Why are people so sensitive about this?

>Why are people so sensitive about this?
>dont put them into the huge pastas noone will ever see them

Is vulnhub slow for anybody?

>also no nsa/cia/ASIO would have any windows
their testing network would be unclass. the snowden exercise was a testing exercise.

Cool thanks. I've done some basic shit in the past, but never from my own network, so just want to set up a good isolated lab that I can play around in without worrying about getting popped.

>Huge ass pastebin made by user, recommended for guys who don't know shit about anything.

>css
>js
>html
>angular
>node
>django
>bitcoin
>rpi home server
>no shellcoders handbook
>no advanced pentesting
>no oscp videos magnet link
>no art of exploitation
>no web app hackers handbook

Clearly the lowest common denominators have taken over. I am disappointed what was such a great intermediate to advanced thread is now dominated by absolute beginners.

I am also blown away that people think that a thread with a tag line of

>In /hmg/ we discuss pentesting, ctfs, exploits, and general being a hackerman.

means webdev and piling thousands of hours of entry level tutorials into a pasta.

Heres the bitter truth; if you find bandit too challenging, you wont make it. Oh please, refute this all you like "hurr people need to start somewhere!!!"

Yeah they do. Its with bandit.

Ive had enough. Ive watched so many generals turn into /sqt/ clones without people even realising it.

the linux generals are all stupid questions. cyb/sec turned into people continually adding shit to the pasta, and noone ever swallowing it because it was too big. look at the last thread. 200 posts about the pasta, and none on the actual CONTENTS?

i understand why vr guy flings so much shit now.

maderas was right to leave. theres nothing here.

Just fucking ignore it and keep chatting about advanced shit. Or we can move to a IRC or something else.

Then just ignore anyone who asks newb shit like "how to get invite to hackthebox" or "how to get started with bandit".

I was actually excited that I have a decent paying job to attend defcon this year. I might go, depends really.

>I was
are you not excited now?

im thinking of going to the r7 conferences in aus. its in a few weeks so i hope i can secure a spot

Its one of those moods I get in, I am excited for something, and then I think about it, and realize is it just over hyped?

I have no friends to go with.

>I have no friends to go with.
nor do i if i go to the r7 cov. which im ok with, i can see the talks i want to and not have to worry about what they want to see.

>is it just over hyped?
probably. but you might enjoy it. only way to know is to go. if i dont enhoy the r7 one i just wont go to any more.

How I can rice my Windows 7 machine to look more cyberpunk/hacker guy?

Why do you even care?
If anything you could lead by example but you prefer being a whiny bitch sperging about MUH HIG END INFOSEC CAREER, dude what the fuck head over to r/netsec or r/netsecuritystudents or whatever imageboard you like.
Who the fuck is maderas, another namefag? who the hell cares about him? Who even cares about your opinions? Just do your own shit, wire your brain to filter keywords like OTW, Comptia or whatever, if you can't do that then it seems your skin isn't thick enough to dwell in an imageboard. Or even better, create your own board in eight chan and spam it everywhere, you set the rules and be happy.

And you kill yourself.

high*, y'know, the heat of the sperging.

>How I can rice my Windows 7 machine
You don't.

where'd all the links go bossman.

Also, WHERE IS ELLIOT BOSSMAN

Why are you changing things up on me bossman?

Why do you make me so sad bossman?

>I'm already sad enough

having looked at bandit, yeah... that's where people need to start.

One cant rely on regurgitated tutorials 24/7. You have to get good at figuring things out for yourself. It takes initiative. And looking at bandit... lol that shit is EZ.

The spirit of cyb/sec is for all knowledge to be available to those who have intelligence and drive, not to feed it to the masses like the rest of this drivel.

However, due to the employment shortages, things are about to get really watered down. Stay tuned

I mean defcon is in Las Vegas, and I haven't been there over.. 15 years.

>I mean defcon is in Las Vegas
wasnt aware of any others, i knew that was the one you meant

i just mentioned the r7 ones in aus cause i live in aus

Oh it was more of a pros and cons of defcon, one pro is that is in Las Vegas.

>one pro is that is in Las Vegas.
right, gotcha

if anything itll be good to go so you can say you went, at the very least

s3ctur.wordpress.com/2017/06/19/breaking-into-infosec-a-beginners-curriculum/

you morons this is all you need, at least up to OSCP level.
fuck you, fuck your pastas, fuck your op, fuck the cyb fags, fuck your irc, discord, riot servers and fuck the other whiny morons that do nothing but cry.

alright want to move into some IRL pentesting how's this for a kit?
>ethernet
>usb to USB C
>micro sd, sd, lightning, micro usb converor
>portable ethernet switch
>portable usb hub
>usb to ethernet
>usb to usb c
>lock picks
>power pack
>water resistant low profile backpack with a usb port (for charging or interacting with wifi pineapple, laptop etc.)
>wifi pineapple
anything I'm missing or is this good for basic IRL pentesting?

Good equipment; however, skills are far more important.

got any book recommendations or youtube playlists or anything?

Ty for the link dude. Here, have this to calm you down :)

Hacking: the art of exploitation
Penetration testing
Advanced penetration testing: hacking the worlds most secure networks
Those should get you started.

thanks pal

i've read hacking the art of exploitation and i'm on chapter 13 of penetration testing: a hands on approach. i have a Zim notebook where i keep my notes and i just found a bunch of infographics and pdfs i made out of HTAOE. have them linked into it. have a nice little knowledge base i can pull up anywhere since it's on github

> i just found a bunch of infographics and pdfs i made out of HTAOE
Care to share? Share to care.

Info for you anons: Cisco has a certification called CCNA: Cyber Ops that they offer free scholarships for that will teach you some basic network security concepts. It'll look good on a resume too. Just google it.

So, is this book still useful?

five posts up. five of them. i bet you can even see without needing to scroll up

Actually no, shitty res here, my bad though.

>Care to share? Share to care.
what purpose would that serve? those are his learning materials, and you will get nothing out of them, avatarfag. read the fucking book.

>i just found a bunch of infographics and pdfs i made out of HTAOE
>found a bunch of infographics
>found
You sound like a skid. Stop shitting up this thread.

>i made out of HTAOE
>i made
holy fucking hell can you read?

have you ever studied anything ever? you create your own material, thats for YOU to use! other poeple wont understand your note taking style, and they dont need to!

Have you studied english? You've never used another person's notes? Are you him? Like I said stop shitting up this thread, retard.

>Like I said stop shitting up this thread, retard.
lol fucking make me

>What should i upgrade first
why are you asking this thread

go back to PC Building General.

htb has a few active and more than a few in the retired pool.

I just did MANTIS is the days before it went retired, which was a full Domain Controller setup.

youtube.com/watch?v=_IB4SM5YwSA&t=

Install linux! Other than that you're good. Unless you're gaming, your hardware can handle win10 and maybe a couple of VMs.

>60f107433da5f2cb
what did he mean by this?

Just googling a hash. You can do that, and sometimes the hash is common enough that you the original text.

>Hackerman
legit af

arstechnica.com/information-technology/2018/01/dutch-intelligence-hacked-video-cameras-in-office-of-russians-who-hacked-dnc/

> boohoo they ditched my TBBT Netflux hero,

how to crack wifi on macbook on lunix.

>on macbook on lunix.
wot

cracking wifi is not easy. you're best bet is debian and the tool fluxion (its on github)

> Your pic
> "Got to gulag, c'mon!"
> Incorrect word order
> In Russian you can freely change word order to empathize tone of a sentence, or "flavor".
> Sounds more like mild encouragement, something akin to rooting for someone at a sports event.
For whatever reason it made me feel even more uncomfortable. I almost wish that was intentional.

I assumed AAban was the name of the guy being sent to gulag. I am disappointed now

That reads as Daavaii. IANAR tho.

Davai. Means “come on”.

t. brmonkey waiting for the next train to Bлaдивocтoк.

>Russia hacked the DNC

Do people still believe this fake news?

You don't?

Been watching some ippsec vids. Man they are good. It makes me want to get better at using keyboard only for lots of stuff. I've gotten out of the habit since I started having to use Windows for work, and stopped using tiling wms at home.

Keen to get this good at some point.

Why does my Kaspersky anti-virus keep sending data to Facebook servers in the US? Is it because Putin is a closeted big black person?

>>bait.com/retarddepartment

I appreciate the subtle humor of the pic.

How can I create a Twitter account that can't be traced back to me?

Everything can be traced back, its just about making it more difficult to do.

What goes on Vladivostok?

What this guy said.

I make burner fb accounts all the time in disposable VMs. I do this via tor and a proxy, because it’s usually the first step in a process.

These fb accounts, made using a 10min mail account, inside a vm freshly made and never used for anything, on a clean machine that does not get used by anyone except me (keep in mind I do not have my own fb account, so the contamination doesn’t come that way)

When the account is set up and made, it suggests friends. It suggests friends to me, that I personally know, and are located near me. This includes my girlfriend, who I know has never used my clean machine because it’s linux and it frightens her.

So it’s not using cached sessions from my machines, given I’m using tor ontop of a proxy, it’s not knowing what my original IP is.

Is it scooping up geolocation data? Perhaps, I’m not sure what from.

They are cheeky and crafty cunts, that’s for sure.

I suggest guerrilla mail, i have found it works a little better, but i do the same thing other than that minor detail.

The end of my trans siberian trip.
Tallinn -> St Petersburg -> Moskow -> Yekaterinburg -> Omsk -> Irkutsk > Ulan-Ude -> Ulan-Bator -> Ulan-Ude -> Khabarovsk -> Vladivostok.

All while keeping things working back home, by doing remote work.

Pretty cool, are you in this field?
I've been meaning to do the same with SEA/CN/TW/JP. But gotta figure out a budget to begin with.

Well yeah since they were caught like a dozen times by different agencies of many countries.
But if you want to define fake news as true but unpleasant then go ahead.

Was it more of a social engineering job than hacking per se?

The freshly made VMs are overkill. Just use snapshots.

pineapple nano arrived, updated it and none of the modules work, they go start>starting...>start time to dive into the logs I guess, anyone had this issue? google didn't have any useful results

Hence why the paste is for "beginners who dont know shit". And the art of exploitation and shellcoders handbook is in there, just have to follow the library links. And can anyone provide a magnet for the OSCP vids? Cant seem to find any complete ones

are there any cheap wifi adapters for aircrack-ng
the tp-link one is v2 now,so it doesnt have the Atheros chip needed for the l33t h4x at pajeet budget
im too much of a poor fag to afford those Alfa adapters with 6 gorillion antennas sticking out of them,plus they look suspicious af

Can someone explain to me how the bitcoin wallet.dat decryption works?

If AES-256-CBC is not deterministic how the fuck is is able to be decrypted and have the correct private keys?

>Wallet encryption uses AES-256-CBC to encrypt only the private keys that are held in a wallet. The keys are encrypted with a master key which is entirely random. This master key is then encrypted with AES-256-CBC with a key derived from the passphrase using SHA512 and OpenSSL's EVP_BytesToKey and a dynamic number of rounds determined by the speed of the machine which does the initial encryption (and is updated based on the speed of a computer which does a subsequent passphrase change)

Don't bother with him, he's a crybaby.
That faggot aside, I checked rutracker and had no luck with it.

Im looking to gain access to the files on someone's computer. Ill have to hide the payload ina word document which im almost certain theyll open. What kind of payload can i use? An ssl connection is enough for me but im unsure of how im going to open one. Are there any kali tools for this?

Metasploit or setoolkit. Very easy to create a macrod PDF or doc

Aren't they detected by anti-virus though?

>getting this salty about a pasta that's not even in the OP
You're the assblasted user that was in the last thread, right? I hope this place continues to degrade since it angers you so much.

I know how to embed a payload im just wondering what payload i can use. If you mean that they have these payloads then thanks and ive misread your post.

what a sperg

How about an android phone with NetHunter on it, with a mUSB to female USB cable and a wifi card that supports packet injection? I made a nethunter device and it is pretty handy for EDC

AES-256-CBC is deterministic. This is saying that that your private wallet keys are encrypted with a randomly-generated master key, which is then itself encrypted with a known value (your passphrase).

I plan on having a sort of go bag, a laptop with kali would do the same right? might invest in a phone though bit more low profile, what's the easiest?

You can turn a raspberry pi into a linux machine, it runs pretty well

His name was Seth Rich

Personally I use a Nexus 5 that i picked up for about 80$ and then used the NetHunter OS. I find its much more incognito because you dont even have to have a bag, just your pocket. Same tools as kali and inexpensive. You can also get a USB to Ethernet adapter so you can throw console cables into everything you see. Get crearive with it

what're some hacker shops lad, to buy lockpicks and premade dropboxes etc?

Forgot shitty pic

That looks like autism incarnate my duderino

pretty cool, whats the most fun you've had with it?

lmao you're going about it wrong, there's no such thing, the only shop you got is a search engine, persistence and creativity. Also hello fbi