Nice try Agent Stevens

>>51247021
yes
yes
yes

You lack the proper knowledge to even as a question. To get an answer you must as the right question.

>>51247038

lol

>>51247085

I thought it was pretty straight forward. Can one break into modern systems without social engineering?

>>51247076

Thanks?

>>51247085
Yes as a question

>>51247170

All he said was yes with no explanation.

>>51247147
Yes, but you have to actually know what you're doing now. No more MS08-068 auto-pwn shit like in the Win XP days

>>51247147
Oh so you want to hack into someones computer with spyware? No, this is the wrong question. Want to hack CLI like in the 1980s movie Wargames? To do what exactly send a command via IRC to your botnet? You are asking is it needed? The most simple methods still work. Going to your last line of defense is still relevant (social engineering) I get passwords daily not even with intentions of doing so.

Not sure why my "k" key was stuck too much pr0n I guess. So yes "as" the right question.

>>51247219

Okay so like writing your own exploits for vulnerabilities would be a possibility, but you would you would have to know what to look for, and understand the flaws of the particular service? So can we agree it is a pretty high difficulty level?

>>51247306
Thank you.

well it depends some machines are just vulnerable do to old un updated machine

Yeah and why don't you bluebox your landline too while you're at it

>>51247306
you sound like a prick

>>51247478
pric

In short, you don't always need an interactive shell to manipulate the target. You can develop malware that has its own protocol and its own command and control. There is malware (and other non malware used for malicious purposes) out there on the internet that is completely controlled through a point an click gui (e.g. poison ivy, citadel or hell, even netbus). In many cases, especially botnets, the operators of the malware have to control so many machines that it is not efficient to do so manually by connecting to a shell on each machine. Many of the graphical interfaces offer the ability to do batch operations over many different infected machines, which makes management of a large amount of owned machines easier and more efficient.

One could also use something like RDP, VNC or TeamViewer to manipulate remote computers. These kinds of attacks don't always require malware, you could guess or otherwise figure out the password, or exploit a weakness in one of those systems.

So, the answer is no, you don't always need malware on the system, and no, the CLI isn't always used. The fact of the matter is, malware is just a program like anything else. Malware authors do the same thing that many other software authors do, build there own administration interface using a custom protocol so that users don't have to interact with clients solely via the command line. Social engineering is incredibly prevalent, but it certainly isn't the only way to gain access.

>>51247330
Books:

* The Web Application Hacker's Handbook
* Hacking: The Art of Exploitation
* The Database Hacker's Handbook
* The Art of Software Security Assessment
* A Bug Hunter's Diary
* Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier
* TCP/IP Illustrated

Aside from the hacking specific stuff almost anything useful to a system
administrator for setting up and administering networks will also be useful for
exploring them. This includes familiarity with the windows command prompt and unix
shell, basic scripting skills, knowledge of ldap, kerberos, active directory,
networking, etc.

>>51247330
yes, it is a relatively high difficulty level, and you do need to know what to look for. It also depends on the type of exploit. In many cases now, you have to find multiple bugs for some exploits. For instance, a good windows remote on 6.2+ (especially 6.4) is incredibly difficult. You'll typically get as far as corrupting some memory, but due to the heap ASLR, you'll need a really good arbitrary write for the heap spray. In other cases, you'll get lucky and only have to deal with DEP. Just like anything, exploit writing has varying levels of difficulties.

For instance there have been some very very easy to exercise vulnerabilities in the http servers used by routers for their administration pages. Since these are embedded systems you typically don't have to deal with DEP, ASLR or any of the other protection mechanisms you'll find on modern PC/Server operating systems.

>>51248118
>>51248202
>>51248328
Great answers! Thank you.

>>51247021
Leave my domain b4 u r expunged fgt

/g/ is hackers only

>>51248118
Ansible-powered botnet when

C&C and relay servers in unison and raised at the same time in harmoney

It must be nice living a botnet farm life

>A hacker is someone whoenjoys playful cleverness—not necessarily with computers. The programmers in the oldMITfree software community of the 60s and 70s referred to themselves as hackers. Around 1980, journalists who discovered the hacker community mistakenly took the term to mean “security breaker.”

>Please don't spread this mistake. People who break security are “crackers.”

https://www.gnu.org/philosophy/words-to-avoid.html#Hacker

>>51249422
Yeah an you must be l33t. "Expunge" me then l33t h4x0r...............

File: 1440780213005-g.jpg (53 KB, 450x338) Image search: [Google]

53 KB, 450x338

The hacking community developed at MIT and some other universities in the 1960s and 1970s. Hacking included a wide range of activities, from writing software, to practical jokes, to exploring the roofs and tunnels of the MIT campus.

It is hard to write a simple definition of something as varied as hacking, but I think what these activities have in common is playfulness, cleverness, and exploration. Thus, hacking means exploring the limits of what is possible, in a spirit of playful cleverness. Activities that display playful cleverness have "hack value".

Yet when I say I am a hacker, people often think I am making a naughty admission, presenting myself specifically as a security breaker. How did this confusion develop?

Around 1980, when the news media took notice of hackers, they fixated on one narrow aspect of real hacking: the security breaking which some hackers occasionally did. They ignored all the rest of hacking, and took the term to mean breaking security, no more and no less. The media have since spread that definition, disregarding our attempts to correct them. As a result, most people have a mistaken idea of what we hackers actually do and what we think.

You can help correct the misunderstanding simply by making a distinction between security breaking and hacking—by using the term "cracking" for security breaking. The people who do it are "crackers"(***). Some of them may also be hackers, just as some of them may be chess players or golfers; most of them are not.

https://stallman.org/articles/on-hacking.html

>>51247021
fuck outta here before i pop ur box with a zero day nigguh
was good nigguh
ill rek ur shit nigguh

honestly fag if you can't even program c and operate gdb with your eyes closed you have no business even thinking about "hacking"

File: 1447013829563.jpg (48 KB, 450x338) Image search: [Google]

48 KB, 450x338

>>51249648
found it!!

>>51249673
you can only be a real hacker if you use gdb in emacs

also, wtf is hiro doing to the servers again

>>51249660
Do it, maybe you'll teach me a lesson...........

p.s. I'm waiting...... l33t h4x0r lol

>>51249737
give ip

>>51249751
But your l33t that would be too easy for a h4x0r like you, wouldn't it?

>>51249751
Maybe you social engineer me into it......

>>51249810
Social engineering does not work when the person being SEd knows that he's being SEd

>>51249831
Hence the sarcasm... lol

>>51249845
XDDD

File: 1441123148.jpg (398 KB, 1024x2692) Image search: [Google]

398 KB, 1024x2692

>>51247021
Eh Some of it is social engineering others its stuff like nmap and making your own exploits or finding public ones to get in.