Not sure if there is an audience for these but it's worth a shot. Beats every consumers general thread.
>Where do I find wargames?
* http://smashthestack.org/ connect over ssh and exploit binaries
* http://pwnable.kr/ connect over ssh and exploit binaries or solve puzzles. Write exploits for a remote server application.
* https://microcorruption.com/login Use your browser to exploit fictional electronic locks. You get a realistic in-browser debugger and the locks are realistic embedded controllers using MSP 430 assembly.
* https://www.stockfighter.io/ Haven't tried this yet. Shares at least one developer with microcorruption, I assume it'll be decent.
* http://www.hackertest.net/ Haven't really tried this, looks like babbys first useless javascript "hacks". My impression could be wrong, perhaps it gets interesting later on.
>Help how do I do this shit?
Some books on the subject:
* Hacking the art of exploitation
* The shellcoder's handbook
If anyone has more games or more resources, please do tell. Try not to spoil any levels when you ask questions or when you reply to them. It's way more rewarding when you solve it yourself.
>>54017443
no.
Microcorruption is definitely my favorite; had to do some ROP chaining and make alphanumeric shellcode for some of the levels.
A good babby tier is canyouhack.us. Everything on the domain is fair game and it's used as a recruitment tool.
>>54020055
Glad there is at least some interest
>>54020068
ok
>>54020127
Hmm I don't recall ROP or ascii armored shellcode in any level I completed. I think I'm two levels short of completing it. Microcorruption is definitely a lot of fun, highly recommended.
I'll take a gander at canyouhack.us later on, thanks for the suggestion.
>>54020650
A "gander" where you from anon
Doesn't look like this thread will take off. /g/ really is consumer general after all. Too bad.
>>54021754
English is not my first language. I picked it up reading or speaking to other people online. Isn't it a fairly common way of saying 'taking a look at'?
>>54022241
maybe if you're like 80 years old lol
>wargames
>posting picture of hackers...
why not post a picture from the wargames movie?
It was a far better hacker themed movie
>only good response is to not respond
>>54022310
Better movie but it didnt have Angelina Jolie topless (back when she was quality stroke material).
>>54022241
"Taking a gander" isn't used by anyone under 70 years old, friend.
More of this plz
>>54022241
This looks interesting, I've been wanting to get a better understanding of hardware for a while and microcoruption looks a bit more fun than jumping directly into hefty textbooks.
>>54022385
I don't see why it can't be used in the year 1946 +70.
You guys should check out vulnhub
Lots of vulnerable virtual machines developed for penetration testing exercises spanning various levels of difficulty available for free download.
>>54022310
Yep, it's a better movie. I thought about that just as I posted the thread.
>>54022645
It really is fun. If you've ever used an assembly level debugger you should be able to jump right in, no hefty textbooks required. The 'Hacking: the art of exploitation' book is really not a dry book though, so if you're looking for some more info you can just read the chapters that are relevant.
>>54022966
Welp, I'm sold. I'l sign up when I wake up. Goodnight anons.
>>54017443
What about OverTheWire?
http://overthewire.org/wargames/
They have a few games starting from the simplest (bandit) all the way up to some pretty challenging shit.
Bandit is actually suitable for people who've never even used linux before and know nothing about infosec, I know because it was my first ever taste of linux.
The first "level" is completed by simply managing to ssh into the bandit server. Each subsequent "level" teaches you the tools to use the system and gradually introduces some security concepts.
With a strong focus on teaching you to RTFM and look for further information yourself.
I'm very fond of bandit for how much it taught me.
These aren't honeypots are they? What precautions should I take?
Also nice book recommendations. Checked them out and found something called RTFM which I'm literally about to buy.
>>54023437
>These aren't honeypots are they? What precautions should I take?
Yep, this is a giant sting. If you weren't behind 7 proxies to visit this thread you're fucked already.
>>54023437
>These aren't honeypots are they?
The NSA are calling from inside the house.
>>54023367
I love how the bandit concept sounds. It looks like it's a great way for someone to start exploring this when they are absolutely new to wargames and how they are played.
>>54024944
Absolutely, I can't recommend it enough.
>>54026902
Some of the overthewire games are not all that fun in my opinion. Both the natas and leviathan games are just puzzles, one in the browser and another on the filesystem. The Krypton wargame is very very basic, and really only covers mono and polyalphabetic substitution cihpers. 16th century crypto doesn't make for very interesting wargames.
Which isn't to say all the games are bad. I still like the concept of bandit and some of the other games seem more in line with what one would expect from a wargame.
>>54022241
It's a very Britannic saying, so I'm guessing >>54022263 >>54022385 are Americans. We say it here in Canada pretty often across all groups. I've heard Aussies and Kiwis use it too, can't recall any brits though, but I haven't really met a lot of them.
Last bump for today.
Any games for bash? Or would it be better for me to learn some ssh?
Good channel for this stuff.
https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w
>>54032889
bandit at overthewire
>>54017443
Thanks, OP! I haven't played any in ages.
>>54023367
OverTheWire are the only ones I tried. Bandit is awesome for learning. Gives you just enough hints to make you read the relevant manuals.
Monxla was pretty fun too, I love it when there's some sort of scenario.
Not strictly related but I enjoyed these and thought I'd share: http://challenges.re/
>>54033363
That's done in Bash?
I'm just getting the impression that ssh is better for hacking and security stuff. Could be being naive.
>>54033449
???
You log in via ssh and then you use bash.
>>54033449
what exactly are you looking for?
you sound very inexperienced, bandit is made for that
>>54033856
>>54033493
Am rather inexperienced. Have been learning C for a few months. I know decent bash.
Where can I learn about shells, protocols and anything else in that area?
>>54034163
bandit over the wire
>>54034210
Thanks dude.
Any other resources? Such as books or PDFs?
>>54017443
Doesn't qualify as "wargame", but there's a lot of nice security challenges on:
* www.ringzer0team.com
* www.root-me.org
> Ring Zer0 has creative ctf-like challenges
> Root-Me has challenges closer to real life with linked PDFs to learn
Finally got Vladivostok. Wasn't that hard eventually. Either their debugger has improved since I last played or I missed the #define functionality last time I played.
>>54034327
Just saw this thread, rarely contribute to /g since its mostly consumer threads and shill shit. Many many thanks anon for this.
>best thread on /g
>>54035522
>/g
>>54035522
O-okay. Why are you replying to my comment to say that? I didn't make the thread.
>>54020127
I got to, and past, the ROP level now. Do they keep adding new levels? I didn't think I was that far behind the available levels last time I played but now the leaderboards have people with far higher score.
Lena151 tutorials for RE are nice introduction.
>>54037186
Yes and no. A lot of it deals with using really shitty tools to clean up the headers of PE executables so you can dump them in an unpacked form or other such annoying tricks to deal with anti reversing measures taken most often for copy protection reasons. Most of that does not carry over into vulnerability exploitation.
>>54036694
>>54020127
Too bad after a moment, their debugger is just a pain to use.
The text box doesn't focus back automatically, and the disassembler doesn't show code edits, and, the binary code used doesn't properly decompile with the standard msp430 binutils, forcing you to use their shit.
And I think the assembly mnemonics aren't actual ones but the one used in ARM asm.
Still better than webshit I guess.
>>54037843
The debugger not showing code edits is why I quit on the ASLR level last time around. I don't even think they had "chained; commands; back; then", which is what I used this time in the ASLR level.
Still, it's one of the more enjoyable wargames I have played. It's well polished and the silly manual pages roasting their engineers for fucking up are a nice touch.
The microcorruption ascii level is being a bitch. I'm not familiar enough with the instruction set. It's a slow process of finding useful opcodes and chaining them together.
page 9 is a bad page.
