>>55439349
Nice op.
Kill yourself

>>55439349
OP, will you just give it a rest. /g/ would rather talk about gaming graphics cards or smartphones than security.

>>55439349
I for one, appreciate this thread.
>>55439454
Screw these guys, I'm a seasoned developer and I'm lurking.

>>55439454
sql injection and cross site scripting exploits are boring and lame as shit
that's why nobody is interested

>>55439466
You're not lurking, you're posting.

Fucking faggot.

>>55439510
A few years /g/ managed to pull a very funny prank on a school system database. I doubt modern /g/ is smart enough to pull that same prank off.

Do routers block outgoing spoofed packets by default? I can't seem to fire off spoofed packets.

>>55439591
/g/ - /g/raphics cards

>>55439661
It's pretty sad the current condition of /g/

Whats the easiest way to infect a pc?

It is no longer windows xp era.

m$ office document? View only will not let execute scripts.

pdf.exe? UAC

Browsers? secure as fuck, flash will vanish soon, each tab in different process, whole browser in sandbox.


How are they doing it?

How do you find and develop exploits?

>>55439765
Study your victim, then search exploit databases, if the victim knows how to protect and update his machine then learn fuzzing. You know what? Learn fuzzing anyway

>>55439765
>m$ office document? View only will not let execute scripts.

>latepayment.docx with gibberish in it
>"if you can't read this doc, turn on macros"

You're looking at shit the wrong way m8
It's not the system you're supposed to exploit.
It's the people that don't know jack shit about computers, what you're exploiting. As cringy as it sounds.

UAC is even worse, mostly everyone will click on 'yes', no matter what the situation

>>55439765
>compromise router
>telnet
>cat /proc/net/*conntrack
>check if it browses any http sites, eg: download.com
>set up clone site
>change dns settings via their router
>bdfproxy'd exe
>profit

>>55439834
Do you have any interesting sources/writes up about fuzzing?

I am learning about it, it looks like those days security is more about math anything else.

>>55440022
Where are the maths in all this?

>>55439842
This, don't try to aim for the smart computer users, aim for the dumb ones and you'll always succeed.

>>55440038
https://www.reddit.com/r/ReverseEngineering/comments/smf4u/reverser_wanting_to_develop_mathematically/

>>55440086
/netsec/

>>55439510
>boring
>doesn't get paid to find these "boring" vulnerabilities.
Super duper pleb

>>55440022
I knew one which also teaches assembly and cpu basics(only relevant to hacking) , but couldnt find it .
However this one looks good

https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/

Also learn packet sniffing and about http forms. And other protocols.
Also watch things happen in action , not only theory and practice.

>>55440235
>does boring activities for money
who's the pleb?

>>55440496
How old are you?
Most of people that are 18+ and without babyfund have to work

>>55440575
yeah, but only a pleb would choose to do something so lame for work
choose a job that is at least somewhat enjoyable

>>55440679
t. webdeveloper

>>55440679
>choose a job that is at least somewhat enjoyable
You can only do this if you have infinite money for overpriced education.

Guys, can you sql inject this command?

Insert into users (userid, username,userpass,useremail,date) values (null,$USER,$PASS,$EMAIL,$DATE)

>>55440844
if you can make money in web security with no degree, then you can just as easily make money programming with no degree

>>55439349
who is that qt?

File: Raymond_Eric.jpg (28 KB, 400x450) Image search: [Google]

28 KB, 400x450

>>55440983
that'd be eric s raymond

>>55439953
How do you compromise a router?

I'm a competent developer and I tried to get into hacking once. Got as far as gaining the credentials to a neighbors network, and didn't know where to go from there..

Tl;Dr : does anyone want to provide some resources or ideas when you've gained access to a network?

>>55441379
how did you get the credentials? arp spoofing or smth?

>>55441403
Aircrack-ng suite of tools. Pretty much plug and play, no thinking involved. Very easy to use.

>>55441379
Here's an even better question : what can I do on my own network? If I connected to my network with a new device, is there any way I could see the traffic?

Lol, it's funny. I've been programming for years and these two posts just made me realize how little I know about the Internet. I don't even understand how a device gets traffic in a basic sense. I imagine the strategy would be to 'sniff packets' as they come in / go out of the network? How is this done? So many questions. Where are the good books?

Suppose, I discovered a possible remote execution vulnerability on Steam. How much money can I make out of this info once I verify it? Who would buy it?

>>55441379
>mapping via zmap, also use zgrab in order to grab banners
or
>use shodan
then
>get the target's router manufacturer (it broadcasts it)
>check for existing exploits
or
>RE the target's router firmware
or
>use something like centrifuge dropbox to determine exploits
>exploit

http://centrifuge.tacnetsol.com/

most of the dodgy routers like ZTE have universal exploits that still work to this day

>>55441009

My sides..

>>55441468
such an exploit could potentially be worth many millions of dollars
depends on a number of factors, such as how effectively one abuses such an exploit and and how long the exploit goes undetected
the second point is difficult to predict, because there are several unknowable factors such as
>how long before an employee happens upon the bug without being alerted to it and patches it
>how long before some other nigger finds the exploit and causes it to be patched either intentionally or unintentionally because they're retarded

>>55439655
some routers do, but your home router might not?
which router is it that drops the packets?

>>55441944
I don't know, the reason I'm asking is that when I send spoofed packets to a local server behind a router, they do arrive, but when I send to an outside network, they don't arrive. I think it's my ISP maybe maybe blocks spoofed packets, although I can't see why they would waste resources on that.

File: Capture.png (7 KB, 1079x58) Image search: [Google]

7 KB, 1079x58

>>55441980
they might get stripped at the driver level, are you using any padding?

also

https://en.wikipedia.org/wiki/Ingress_filtering
https://en.wikipedia.org/wiki/Bogon_filtering

>>55442138
Can't really tell, i'm using hping3 with --rand-source. And it's run with sudo since root priveleges are needed for forging packets. It should be enough to work I think.

>>55439349
Thank you for this general, /g/ needs more pragmatic threads and less shitposts.

>esr in the op image
>more disgusting than usual image of him at that

>>55442530
>/g/ needs more generals

aaaand filtered, saged, and hidden. congratulation.

>>55439349
thanks OP...keep making these

>>55442530
Who died and made you king of /g/?

Anyone got any decent lectures worth watching

>>55443207
Youtube defcon
There are some useful and funny shit there.
Also watch bank pentesting https://youtu.be/mSqHjBlFf_I

>>55443186
The normalfags who make up /g/ hate content that isn't a phone or GPU.

>>55441980
Most ISP's block spoofing by default.
There barely are any legitimate uses for spoofing anyways.
Also, you're looking at egress filtering, not ingress filtering >>55442138

>>55442513
Try spoofing the source IP to one in the same subnet as your public IP.
Most ISP's filter simply by subnets. As long as the source is in the range given out by your ISP, it will get through

>>55444998
Thanks for this suggestion, will try.

What >>55441824 said.

>>55441743

Also, you need contacts and help, as it will probably be difficult to pull it off alone.

Search for an exploit broker.

>>55445328
Also bump.
/g/ needs some chemo.

>>55442665
Funny that this is one of the few generals I DONT filter...

Where can I learn more about viruses?
I want to understand how they work.

>>55439349
These wargames seem pretty neat.
Most of the one I'm doing right now (overthewire) seems like an exercise in learning bash commands to find files, which while helpful, isn't exactly what I imagined.
When does it move beyond that?

>>55447258
are you familiar with assembly? if not i would suggest getting into that first

>>55448364
bandit is about bash commands, the rest are security stuff. The other OTW wargames are probably more to your liking, altough you should know assembly for most of them.

>>55445772
This general is mere days old

>>55448771
oh okay, thank you

Slow thread but keep it alive thanks

>>55449340
bump it yourself, lazy fag

>>55440962
>implying I want to sit and look through commits all day
At least Web security is somewhat adventurous
>all Web security is is running different scans and writing reports
Please wait until your 18 to post here.

File: tetra1_1024x1024.jpg (73 KB, 1024x1024) Image search: [Google]

73 KB, 1024x1024

Thoughts?
https://www.wifipineapple.com/

I have messed around with WEP, WPS, WPA handshake cracking its all good fun but get boring after a while.

Who here /mrrobot/?

>>55451200
you can install the tools running in the wifi pineapple by yourself:
http://wiki.khairulazam.net/index.php?title=Wifi_Pineapple_Mark_V_on_TP-Link_MR3020
I'm not sure if this still applies, though

>>55451715
>OpenWRT
I can install this on a rpi with a wifi stick and it should still work right?

>>55451774
I haven't tried the stuff I linked, but the binaries are for MIPS CPUs, obviously. dunno if there are binaries for ARM systems, but if that was the case, making the wifi cards work will be a mess, I guess.
my suggestion: just buy the mr3020 or some similar router. afaiu, they use the mr3020 only because of its smal format

>>55451715
btw, just checked, this is the binary you have to download:
https://www.wifipineapple.com/downloads/nano/1.0.6

Been learning binary exploitation and wondering if it has any uses outside CTF nowadays, are buffer overflow vulnerabilities still common?

How2hacksistersN00dz?!!

>>55440962
Duuuude like I bought a powerball ticket and just won $1mil it works maaan! you should invest all you have in tickets, you'll get massive returns!

>>55456223
rohypnol and your cellphone camera

>>55443537

blackhat and defcon tend to post the materials pretty quickly, but what's up with other cons almost never releasing the presentations? it's hard enough to find the original papers.

>>55439349
Quick addition to wargames: http://wechall.net has a decent collection of other wargames on top of their own. They even provide tracking/ranking

>>55456426
Edit the wiki so that the next time someone will make this thread, they can just copy paste from there

To everybody saying you should learn assembly to be elite hacker, thats bullshit , assembly is boring, not useful today unless you want to make programs go faster or smart menory usage, other than that its old dust, however you must learn the basics of assembly and cpus and memory, for writing exploits (buffer overflows for example) , to be a good hacker got nothing to do with hard and boring stuff, you just need to know how stuff works.

I'm looking to use VNC to get into a really nice database server, preferably a new poweredge or proliant system so I can use it as my own personal VPS, I see on shodan there's a ton of unsecured Chinese webservers and file servers, but they all run Windows XP and they look like pentium 3 shitboxes, does anybody know how I can narrow down my search to specfic systems?

>>55447258
Learn programing (be familiar with c) and learn about computer's hardware basics and how they are connected,
After you are good with it , look up famous viruses source code and read their analysis

What does esr and his howto have to do with netsec?

>>55457635

No other suitable pic to use

>>55440905
If you don't sanitize the input parameters, yes

>>55455720
Yeah, but they're harder now

>>55447258
You can read some AV blogs
If you want to analyze malware yourself, get into winapi and c++, then reverse engineering

here is geohot fast run on vortex, you can mire good vim skills

File: comfySmile.jpg (908 KB, 3529x2730) Image search: [Google]

908 KB, 3529x2730

>>55458898
https://www.youtube.com/watch?v=aZJM-iIpbqc

>>55458936
>tfw I wouldn't be able to solve shit without googling how to manage endianness in python
;_;

>>55460982
also, sockets...

>>55457533
All you need to hack nowadays is a good psychology book.

I hate C/C++.

>>55463012
C++ is sexy as fuck.

>>55439661
/g/ - Fizzbuzz general, Headphone general, Windows general, People fighting over superficial matters on linux distros

Is it possible to make a script or program that runs itself without the user having to run it?

>>55448364
narnia is p good. It's actually about exploiting C files.
overthewire is not too bad, yeah, it's elementary, but some stuff I didn't know before, like ssh keys and so on.

>>55464719
s/overthewire/bandit/

Lets make a ctf team to win the defcon.

How to hack?

>>55465557
read C by K&R

>>55464167

No

>>55448776
/hackg/ has been around rarely many weeks before this

>>55465047

ok first make a team of super moot hackers

>>55470156
>>55470159
Wow you really really hate this thread huh

>>55440962
Because programming is so much fun and not lame and not only staring at tons of code finding where you got one sign wrong.

You are a complete autist. Congratulations.

>>55470017
There was a team for this year's defcon, no one was very skilled though, I'm sure a better team can be made for the next year.
We just need a logo.

>>55457611
XP machines are golden, and I doubt you'll be doing anything too intensive. Network speed is what is care about

>>55470159
Go back to >>>/v/ manchild

109.122.123.66

>>55439765
Easiest way to infect unknown targets is warez and free proxies. The communities that share links rely entirely on virustotal to determine trustworthiness of files, so just make sure your code bypasses all the checks on there and you're golden. For specific targets, you can send infected docs to their email and hope for the best. Ideally you'd do some surveillance and find out who they trust, and what they care about beforehand.

>>55472567

Are those boxes really worth it? How many are honeypots?

>>55470648

You need caffeine pills, noopept, armodafinil and luck.

Articles to read on automatic server audit? I need some simple & cheap resource wise tools to know if/when a machine has been compromised, starting from constantly pushing login history elsewhere.

File: 1460541255755.png (8 KB, 473x500) Image search: [Google]

8 KB, 473x500

ITT: people complaining about shitposting

By saying this thread is better than the rest of /g/ you've made it just as bad as the rest of /g/. Congrats.

Anyone know of a good place to learn assembly?

>>55475243
Assembly Language Step-by-Step is p. good

>>55475264
>NASM
>Linux because syscalls
>Rated pretty highly
Sweet. Thanks anon..!

I notice it says it focuses on 32-bit, though the only real difference between that and 64-bit AFAIK is the name of the registers (Like EAX vs RAX and so on), so I don't think that would be a problem.

>>55457628
This isn't really necessary. Most exploit development is done using ruby and or python. As you get deeper you need knowledge of machine code but I'd say knowing how to use python sockets is much more necessary.

>>55475332
It's not a huge leap from 32-bit to 64-bit, you'll adapt easily if needed

>>55475332
there are some ABI and memory-management differences IIRC, calling conventions(parameter passing) and such but nothing too big

>>55475521
>>55475763
Ah... Either way, different styles of Assembly are usually pretty easy to jump between I hear.

For example, even though Z80 Assembly has entirely different mnemonics and conventions, I hear it is a cakewalk if you already know x86.

I always wondered the same thing as well and the first thing that comes to my mind is using router to spoof the traffic with it but no clue how to do that. Does OpenWRT allow that?

>>55475912
the real difficulty with assembly isn't the syntax or the keywords it's the concept, i. e. being able to quickly understand what a given set of instructions does

>>55439349
Currently stuck on Bandit Level 23 of OverTheWire. I breezed through most of it, but I can't for the life of me figure out what to do here

>>55477716
description?

>>55478555
http://overthewire.org/wargames/bandit/bandit24.html
I figured it out like half an hour ago, it involved a three-line script

>>55473309
>automatic server audit

You do realize that there are lots of companies which charge a good deal of money for basically this? Nessus/OpenVAS and NMAP with a bunch of scripts pumping the data into a SIEM system using syslog format messages. OSQuery is what Facebook uses, but you need to know what it can do and how to configure it. Tripwire/Samhain/OSSec and others are decent at basic monitoring as well. You need to learn about Indicators of Compromise and the tools to detect them then write a lot of scripts so you don't have to do command line stuff every time you want to check on something.

>>55475912

x86/64 is a nightmare of CISC craziness so anything RISC is a cakewalk. CPU arch differences can be pretty big, but they all fundamentally operate on a load/store principle due to Von Neumann architecture. Things like PUSH, POP, JMP, MOV, CMP, TEST, ROR, SHL, MUL, ADD, SUB, DIV, etc. are standard instructions implemented in most CPUs. Things like SSE and AVX and AES and VT-X are less common and much more complicated, but older RISC like PowerPC has had virtualization instructions for decades.

not mentioning vulnhub.com
OP clearly out of the loop

>>55476845

you can alter most of the parameters of openwrt networking just like you can a standard linux distro (sysctl). most isps block spoofed packets and many routers block things like source routing and gre tunneling. proxies are more important than spoofing unless you are operating in 3rd world countries with shady isps.

>>55478875
it's on the wiki, not sure why it's not in the OP

>>55460982
>>55461039
pwntools

>>55439349
Does anyone have a list of security recommendation pasta?

>>55439349
>Netsec
>http links

>>55480902
you're free to fix them on the wiki
check if they do support https though

>>55439349
who's that grill kissing esr. thats not his wife

>>55478767
I meant usage audit and not security audit, but thanks for the pointers on monitoring systems

>>55480969
For a Web server, you ideally build logging into your Web app's code. When a sensitive task is done, you log it to a log file outside the public folder and have it generate an email for the admin if needed.

>>55480902
>>55480923
I checked all the links and most of them will automatically go from HTTP to HTTPS, I took the liberty of having the link already be HTTPS if they supported it.

>>55477521
What's a good instruction set for beginners? MIPS?

>>55482197
no idea what's good for a beginner but from what i know
ARM & x86 are the only architectures left in widespread use. IBM has some shit in mainframes but eh
ARM is phones+embedded and x86 is PCs and (most) servers
x86 has a lot of old leftover stuff but it doesn't really affect you too much.
check the assembly language general that recently got archived: >>55413629

>>55482197
oh, i didn't mean to dissuade you from assembly language step by step, sounds pretty good to me

>>55480969

Yeah, logins go to remote syslog unless you are using Windows then it's remote Event Log Collector Service. Those are the two big standards unless you want to create your own. Most apps use APIs that plug into those two logging subsystems. SELinux/auditd and the Audit Subsystem in Windows are used for auditing all kinds of things from logins to file system access to kernel object access and maybe system call usage.

For logging in general, you'll want to reference Common Criteria and Enterprise Assurance Level certification as they are the continuation of the DoD Rainbow series. Information assurance is closer to what you want.

>>55439349
>http://www.enigmagroup.org/
I've been an admin on this site since 2004, ama.

>>55487343
Prove it

Any shell coding articles full of tips and tricks?

should I just start with overthewire.org ?

so i will move into a shared flat, and want to spy on my roommates, hopefully even get data from their macbooks (fucking graphic students).
I have full access to our shit router provided from our ISP.

what should i learn/ look into to get their stuff ?

>>55489594
You want to be an asshole to your roommates but you also want to be spoonfed here

>>55489594
Webcam in the bath it's better

File: 1468074038908.jpg (12 KB, 255x142) Image search: [Google]

12 KB, 255x142

>>55439349
Any advice on how to get a nice classic look for programs? Circa 2002?

>>55489594
Grow up kid.

For those of you asking, "how do I hack?", then you're asking the wrong question. I am not a hacker, but you can't just go from everyday person to hacker by simply doing a tutorial or reading a book. You need to learn the 'boring' stuff first, like how to write shell scripts and use the unix command line, and how to program in a variety of languages from the low level C to scripting languages such as Python.

>>55491909
>don't know anything about topic
>post advice anyway

>>55491909
lmao, or just install kali linux and follow yt tutorials on how to use the tools xD

>>55489594
Kilk yourself you pathetic loser.

Network security doesn't mean being a power hungry, creepy faggot.

>>55492297
Welcome to all of /g/ and most of 4chan.

I've been working in infosec for 6 years. Mostly do SOC type stuff professionally, and just about everything else in my free time. AMA.

>>55492297

And what is wrong with what I said? Explain.

>>55489594
ARP spoofing, wireshark.

Any good resources on how to reverse engineer a program that encrypts its network traffic. Basiclly I want to know its protocol so i could fuzz and exploit it

>>55490035
i know what hacking is about, but i am still a beta fag that wants to see hot chicks naked!

>>55493309
Breakpoint winsock functions, then find a decryption stub and finally analyze how packets are being processed.

If encryption is trivial -- which in your case might be --, you can just use Wireshark, WPE Pro or any other network sniffer and collect packets while doing a series of methodological tasks to find similarities.

>>55439349
Eric very ugly, so how he get cute girl? He cheat? I think so.

>>55493636
are you chinese

>>55493795
Never, I am South Korean.

>>55493837
same thing

(yes i am trying to trigger you)

>>55493877
I am not face to face so I can not get mad.

>>55493877
>(yes im trying to trigger you)

I want reddit to leave.

>>55439349
https://www.google.es/url?sa=i&rct=j&q=&esrc=s&source=imgres&cd=&cad=rja&uact=8&ved=0ahUKEwiys-vWl-fNAhWIQBoKHYy9D48QjRwIBw&url=http%3A%2F%2Fwww.theregister.co.uk%2F2015%2F11%2F06%2Flinus_torvalds_targeted_by_honeytraps_says_eric_raymond%2F&psig=AFQjCNGTIg6w3EL2kwUNwc3dZQswLoRo-Q&ust=1468181296967623

>>55439349
Bamp

>>55493877
>(yes i am trying to trigger you)

Careful not to cut yourself on that edge, lil buddy.

>>55493635

And what if it was AES-256 encryption?

>>55497538
if they're using a library like openssl you can just compile your own that prints the key as it's passed
or hook the functions at runtime
etc.

>>55439591
>smart enough
It doesn't help that web sec is a lot stronger in most school systems.

File: 1467905981676.png (648 KB, 606x678) Image search: [Google]

648 KB, 606x678

If I were to gain access to a wifi router, and arp poision everything to my laptop. what is the best way to view all the traffic going in/out?

Not sure if this is the right thread to ask but I'll give it a try.

Is there free software that will let me manage my Asus router and my two Linksys range extenders (with the same SSID as the router) all at once?

Thanks.

>>55439466
>samefagging your own thread

low, OP.

>>55493309

Stream encryption means you won't be able to fuzz the protocol, silly.

>>55499467
install gentoo

>>55478847

About the differences, Sparc uses input registers for function parameters and output registers for function return values. X86 uses the stack and/or registers for function parameters and X64 uses registers for function parameters. Other architectures vary as well.

>>55500315
>so i could fuzz it
i. e. generate input, encrypt it and then send it. he needs to know how to encrypt it.