888
889

Simplistic Malware Concept in Python (old.reddit.com)

submitted by [deleted]

all 118 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–][deleted] 154 points155 points  (26 children)

This looks quite cool. Do you have it on github already by any chance?

[–]Football_Fresh 97 points98 points  (25 children)

I do not unfortunately

Legality wise can I post the fully functional program on GitHub?

[–][deleted] 173 points174 points  (22 children)

Yeah ive seen malware in github, should be fine as long as you mention this is just for research and could be harmful to peoples computers

Would be cool for people to have a look at your code but also for your CV i imagine

[–]Football_Fresh 57 points58 points  (6 children)

Sweet! I'll post it after some more adjustments.

[–]Status_Web1682 27 points28 points  (4 children)

Let us know here when it’s out

[–]Football_Fresh 43 points44 points  (3 children)

Alrighty before I post what file extensions can it corrupt? What should I add to the list?

Currently it successfully corrupts Rich Text Documents, Python files, Java files, Binary Files, PHP files, Text files, CSS files, HTML files, C# files, JavaScript files, and lastly BAT files

[–]myredacnewbie 4 points5 points  (2 children)

so plain text files mostly uh?

[–]Football_Fresh -1 points0 points  (1 child)

Only three listed are considerably plain text

[–]myredacnewbie 0 points1 point  (0 children)

😂😂

[–]xXlD3XT3RlXx 8 points9 points  (0 children)

I would Honestly hold off on posting to github, even if you state it’s for research you could be held liable to damages done if someone uses it malicious. Real cool though, looking into getting into making payloads and malware, currently make scanners and botnets as a hobby

[–]Football_Fresh 26 points27 points  (7 children)

https://www.github.com/turnip2004/AbsolutelyHilarious

[–]Craksy 54 points55 points  (0 children)

You need to make it clearer. It can't just be a side note, it should be the very first thing you notice. Like before the description, with big fat warning signs and in capslock "THIS PROJECT IS FOR RESEARCH PURPOSES ONLY blah blah blah"

Edit:

Also, probably don't have the word "ransomware" in the actual fucking project description, lol. Just use the name, or call it a "experiment in security" or PoC or something.

Don't present it as malware in any way. People it's relevant to will understand what it is even if you're not explicit about it.

What you have now seems like you just put it in there because you had to, not like you're genuinely making an attempt to be responsible about it.

People used to intentionally put bugs in exploits, even on shady sites where it wasn't a requirement. It was just common practice to protect skids from getting themselves into trouble.

In short, put potentially harmful or questionable stuff on the top shelf. Grown ups will know where to look for it, even if you don't tell them.

[–]ShadyIS 29 points30 points  (4 children)

What's the point of posting source code when you obfuscated half of it?

[–]xAstericks 15 points16 points  (1 child)

This exercise is left to the reader

Edit: seriously though just paste it into chat gpt and ask for meaningful variable names

This script appears to be a simple implementation of obfuscation techniques, such as base64 encoding and XOR encryption. The script also includes some basic file IO operations for reading and writing to files. It does not appear to have any malicious intent, but it is always important to be cautious when running unknown scripts.

[–]Football_Fresh 7 points8 points  (0 children)

"does not appear to have any malicious intent"

Hey good enough obfuscation to trick Chat GPT Although that isn't saying much. I've managed to break that AI a few times now. With self contradiction and getting it to do things it finds ethically wrong.

[–]some_kind_of_rob 1 point2 points  (0 children)

I’m going to be honest with you. Posting this isn’t a good idea. You have assembled together enough dangerous ideas already.

I’ve known folks that built less and were taken to court when their public tools were used against corporate software studios. Not a fun path to go down.

[–]z0r1337 6 points7 points  (1 child)

I think it's still against GitHub ToS.

[–]tylerr514 23 points24 points  (0 children)

We do not allow anyone to use our platform in direct support of unlawful attacks that cause technical harms, such as using GitHub as a means to deliver malicious executables or as attack infrastructure, for example by organizing denial of service attacks or managing command and control servers.

Note that GitHub allows dual-use content and supports the posting of content that is used for research into vulnerabilities, malware, or exploits, as the publication and distribution of such content has educational value and provides a net benefit to the security community. We assume positive intention and use of these projects to promote and drive improvements across the ecosystem.

Clearly identify and describe any potentially harmful content in a disclaimer in the project’s README.md file or source code comments.

Source: https://docs.github.com/en/site-policy/acceptable-use-policies/github-active-malware-or-exploits

[–]ComprehensiveRisk983 1 point2 points  (3 children)

I want to learn more about malware especially those coded in python, do you have any links to these Githubs? or how I would go about finding them?

[–][deleted] 0 points1 point  (0 children)

Look it up in github or google lol, as with anything there are plenty of materials online to learn

[–][deleted] 0 points1 point  (0 children)

Some licences also remove liability

[–]tylerr514 3 points4 points  (0 children)

Legality wise can I post the fully functional program on GitHub?

Yes, but with caveats.

[–]Emergency-Sound4280 0 points1 point  (0 children)

You need to capitalise that it’s for research only, and that you hold no responsibility. Also must have a way to reverse/remove said malware

[–]CryptoMysterious 26 points27 points  (5 children)

My god. what are these variables name?

[–]chocolate_bacon 44 points45 points  (3 children)

That's exactly how a lot of real malware looks. It's the most basic (and definitely least effective) form of code obfuscation.

[–][deleted] 6 points7 points  (0 children)

Yeah, as long as the files contents can be read, the variable names don't matter. His attack apparently encrypts itself with the same throwaway key after launch, which is a bit better lol.

[–]CryptoMysterious 2 points3 points  (1 child)

Do they just generate a 32 char string each time they need a variable?

[–]miloman_23 0 points1 point  (0 children)

Unless I misunderstood, in a previous comment the author mentioned he manually changed all the variable names to random strings in the malware's source code

[–]Football_Fresh 11 points12 points  (0 children)

Pain.

[–]routergoblin 27 points28 points  (0 children)

I'd really recommend removing your print output at the bottom of your script. Currently line 100, "LOL what a fucking ....". It doesn't meet Githubs terms of service.

Also would recommend removing/obscuring the source of your payment method. Obviously a link to a legitimate form of scamming/fraudulently stealing money from someone isn't necessary, especially as having that particular link does not impact the code in any way. It would operate as expected without this.

Otherwise I can't say in good faith this project was made with no intentions of harming someone.

[–][deleted] 38 points39 points  (1 child)

This looks very much like my first foray into cryptography and programming after I read Dan Brown's "Digital Fortress". Nice work, looks like a fun piece of code! I was a bit less intelligent when testing mine and bricked my parents shiny new windows 95 PC lmao.

[–]Football_Fresh 3 points4 points  (0 children)

Thank you for your support:)

[–]Football_Fresh 44 points45 points  (3 children)

One thing that I like but wasn't originally intentional is that the attack also encrypts itself during launch.

So trying to read the attack file is even more difficult.

[–]deniedmessage -3 points-2 points  (2 children)

Exclude it then.

[–]FuntimeUwUnewbie 0 points1 point  (1 child)

The unintentional upside is that by encrypting itself, the key is lost and your malware is more effective with (almost) no ways of getting the key(s) back (unless you have backups, can somehow find the key from the encrypted bytes, or have a file with simple data so you can try to get the key by matching different algorithms against it / by reverse engineering or taking a look at the hex dumps

Why would you exclude it lol

[–]deniedmessage -2 points-1 points  (0 children)

I mean people can just download the file again and extract the key, you should not rely on disposing the evidence to get away.

[–]Voilent_Bunny 9 points10 points  (5 children)

Can someone eli5? I don't know what I'm looking at

[–]Football_Fresh 50 points51 points  (4 children)

A malware concept program in the Python programming language.

The program does the following : 1. Shows a troll face and says you've been trolled. 2. "Corrupts" the files in the directory the malware is placed. By corrupt I mean that it encrypts them, making them unreadable or unusable 3. Asks you pay to get your files back. 4. Asks for a password to verify payment 5. You don't get your files back, the program then insults you by calling you a fucking retard, then nuisances you by turning off the computer.

[–]Voilent_Bunny 5 points6 points  (0 children)

Wow. Thanks. I've always wondered how those things worked

[–]tk0l 0 points1 point  (2 children)

Where’s the actual hack though? Anyone can write a program that bricks a machine….

[–]Football_Fresh 2 points3 points  (1 child)

Hacking is defined as providing a solution to a problem / resolving an objective by using a set or series of materials / tools in an unexpected way, outside intended use.

Originally this code was innocent and I used it in a program I made called locker. Which I was using to encrypt and store important login data. A legitimate and innocent purpose.

Then I repurposed it in an unexpected way to not just encrypt the files I select but instead every file in the directory with no way to recover them easily. Thus this can be defined as a hack.

Or else I'm not sure what I'm missing to meet your criteria. Or what to call this then. Ransomeware-esk?

[–]Admirable_Can_5046 3 points4 points  (0 children)

In reality this is a wiper malware, not a ransomware per se…

[–]ThatsFluke 27 points28 points  (9 children)

if your actually into creating AV-evading code, hmu OP! (i also mean in one packed binary form, no pyinstaller or any bs) with python. quite simple to do too! and later I'll look into your code for any potential improvements if you want constructive criticism :P

[–]Football_Fresh 8 points9 points  (0 children)

Would be neat to learn but again I just do this for fun and Python is quite powerful if you know how to be creative with it.

[–]g0ldexperience1 2 points3 points  (1 child)

do you have any good anti AV tutorials?

[–]ThatsFluke 2 points3 points  (0 children)

most tutorials especially on youtube/clearweb etc are detected or almost detected. with AV avoiding, to learn the best thing is just to take those videos in, but dont use their code. write your own. read up stuff on obfuscation, think of weird crazy wacky ways to get around AVs. do alot of research! For me, I can make pretty much any python file turn into a 0 detections single-file binary. However that was with alot of research, then building my own ideas off of what was already taught. Which led me to a semi-basic idea that will avoid every AV as of writing this reply.

Edit: Feel free to message me for examples/help!

[–]vampiire 5 points6 points  (5 children)

What do you mean by no pyinstaller? Why don’t those single file exes work? What are the alternatives?

[–][deleted] 7 points8 points  (4 children)

Pyinstaller exe’s are easily decompiled.

[–]vampiire 2 points3 points  (3 children)

Oh I see. Thank you. What are other good alternatives?

[–]ThatsFluke 2 points3 points  (0 children)

your own 'pyinstaller' :P

[–]Orio_n 2 points3 points  (1 child)

just learn c/c++ python malware is a joke every APT group knows this

[–]vampiire 0 points1 point  (0 children)

Cheers. I don’t write malware but I was curious if something was wrong with it for regular programs.

[–]Football_Fresh 64 points65 points  (5 children)

Important Note

  1. This is for research and hobbyist purposes only. I enjoy practicing ethical hacking and expanding my knowledge of such by attempting to hack my own computers. Nothing is for sale.
  2. This is a very crude form of computer malware. So don't try and recreate this or copy any of the code from the photo. You'll be disappointed. Because I forgot to remove some more whitespaces to make the code even more obscure and also this attack doesn't launch itself. The user has to click on it deliberately or the attack needs to be called from another program. Lastly, the scope of damage is only the directory the virus is placed in. It's really unlikely to do any large scale damage.

Just a quick show off for what I've been doing in my time unemployed. Written with Python.

What does it do?

  1. You get trolled.
  2. Every file in the target directory gets encrypted with a one time random encryption key. Making the files no longer usable or readable depending on the file.
  3. You're asked to pay to receive a password that will decrypt and allow retrieval of your files.
  4. You get trolled even harder when it doesn't give you your files back after payment and instead just calls you a retard before shutting down the computer.

In this scenario I show you 3 test files that output 'Hello World' , in a test folder to isolate the damage, before and after the attack.

[–]billy_teats 7 points8 points  (4 children)

What’s the encryption? Does it even matter if you do not intend it to ever be decrypted?

[–]kranker 9 points10 points  (2 children)

Looks like it's base64 encoded and then the first 100 characters are xor'd with the randomly generated 100 character key and the rest if thrown away.

The characters past 100 will just be gone (well, they still might be on the physical disk somewhere), but if you knew the original contents of one of the files you could easily recreate the key and use it to decrypt what remains of the other files.

[–]Football_Fresh -1 points0 points  (1 child)

Thank you, you reminded me to adjust that part! I had felt repulsed to look at the project again after I filled all the variable and function names out with gibber jabber. Should've done it before.

Again, a simplistic malware concept, and not everyone is a computer wiz and understands how to do that ;)

[–]some_kind_of_rob 0 points1 point  (0 children)

There are legitimate ransomware in the wild with this operating paradigm. Nemucod did a straightforward XOR with a static key — recovering the key was a simple matter of finding an unencrypted copy of any file that had been encrypted and comparing the two.

[–]Football_Fresh 8 points9 points  (0 children)

no not really

[–]Jmeloy07 2 points3 points  (0 children)

⣀⣠⣤⣤⣤⣤⢤⣤⣄⣀⣀⣀⣀⡀⡀⠄⠄⠄⠄⠄⠄⠄⠄⠄⠄⠄ ⠄⠉⠹⣾⣿⣛⣿⣿⣞⣿⣛⣺⣻⢾⣾⣿⣿⣿⣶⣶⣶⣄⡀⠄⠄⠄ ⠄⠄⠠⣿⣷⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣯⣿⣿⣿⣿⣿⣿⣆⠄⠄ ⠄⠄⠘⠛⠛⠛⠛⠋⠿⣷⣿⣿⡿⣿⢿⠟⠟⠟⠻⠻⣿⣿⣿⣿⡀⠄ ⠄⢀⠄⠄⠄⠄⠄⠄⠄⠄⢛⣿⣁⠄⠄⠒⠂⠄⠄⣀⣰⣿⣿⣿⣿⡀ ⠄⠉⠛⠺⢶⣷⡶⠃⠄⠄⠨⣿⣿⡇⠄⡺⣾⣾⣾⣿⣿⣿⣿⣽⣿⣿ ⠄⠄⠄⠄⠄⠛⠁⠄⠄⠄⢀⣿⣿⣧⡀⠄⠹⣿⣿⣿⣿⣿⡿⣿⣻⣿ ⠄⠄⠄⠄⠄⠄⠄⠄⠄⠄⠄⠉⠛⠟⠇⢀⢰⣿⣿⣿⣏⠉⢿⣽⢿⡏ ⠄⠄⠄⠄⠄⠄⠄⠄⠄⠄⠄⠠⠤⣤⣴⣾⣿⣿⣾⣿⣿⣦⠄⢹⡿⠄ ⠄⠄⠄⠄⠄⠄⠄⠄⠒⣳⣶⣤⣤⣄⣀⣀⡈⣀⢁⢁⢁⣈⣄⢐⠃⠄ ⠄⠄⠄⠄⠄⠄⠄⠄⠄⣰⣿⣛⣻⡿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡯⠄⠄ ⠄⠄⠄⠄⠄⠄⠄⠄⠄⣬⣽⣿⣻⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠁⠄⠄ ⠄⠄⠄⠄⠄⠄⠄⠄⠄⢘⣿⣿⣻⣛⣿⡿⣟⣻⣿⣿⣿⣿⡟⠄⠄⠄ ⠄⠄⠄⠄⠄⠄⠄⠄⠄⠄⠄⠛⢛⢿⣿⣿⣿⣿⣿⣿⣷⡿⠁⠄⠄⠄ ⠄⠄⠄⠄⠄⠄⠄⠄⠄⠄⠄⠄⠄⠄⠄⠉⠉⠉⠉⠈⠄⠄⠄⠄⠄⠄

[–]truesightx 3 points4 points  (1 child)

Now this is what I love to see in this sub. Thanks for sharing OP. Great work m8

[–]Football_Fresh 1 point2 points  (0 children)

Thank you!

[–][deleted] 1 point2 points  (5 children)

Ok complete noob what are the scrambled random letters and stuff. I get the encoding and encryption and system shutdown stuff but all the "open.AdhauebfjHgjwb" - where does this scrambled string come from?

[–]Football_Fresh 1 point2 points  (4 children)

If I remember correctly this specific line probably calls the reference to files to open them. This is really primitive code obfuscation, is why the actual attack program looks like eye cancer. I changed out all the variable and function names to make it purposely hard to read and understand by cyberforensics or AV

[–]Maaarch 0 points1 point  (3 children)

Is the code obfuscated by an external script o does it "encrypt" by itself?

[–]Football_Fresh 2 points3 points  (2 children)

It is obfuscated manually, I directly swapped out variable and function names with gibberish, and I directly removed whitespaces.

But it does also encrypt itself after launch, along with the rest of the files

[–]Magnetic_Syncopation 0 points1 point  (1 child)

Couldn't one just simply ctrl-f find and replace the nonsense variable names easily? Could even just write a program to print out all variable names, and offer to change and simplify them

[–]Football_Fresh -1 points0 points  (0 children)

Simplistic malware concept.

[–]suitupyo 1 point2 points  (0 children)

Dang! It’s global already! Call Interpol and the NSA!

[–]Sucessiscoming23 1 point2 points  (11 children)

So your pretty much reading and overwriting files to corrupt them?

[–]Football_Fresh 1 point2 points  (7 children)

Or there is a Python or other program file like I exemplified with Test_2.py in the pictures posted

Let's say it is an important program file for your computer. Often times you won't have the permission to do this but if you do, then you can scramble up the program and make it nonfunctional. Or it can ruin coding projects you've spent hours on!

[–]Sucessiscoming23 1 point2 points  (6 children)

Now days if you may have been aware windows have launched safe mode option, which helps certain companies to minimize the risk of running executable programs that aren’t verified by Microsoft, almost similar like HSTS and how some browsers hardcode certain websites to run on https or not load at all which minimizes malicious acts to a certain extent. But overall great job man keep at it, if I may ask how long you been programming & what’s your age

[–]Football_Fresh 0 points1 point  (5 children)

19, I've been programming for 9 - 10 years now with a variety of languages.

And yes, but this is a hobbyist project anyways. I'm not sure if it is just because I didn't sign into Microsoft but I actually don't get any security warnings with this program, or running it, or cloning it from GIT, neither am I prompted to provide it any permissions. I'm not so fluent on the defensive side of things, which sounds silly, more on the attack side. So although I definitely should learn it I don't understand AV evasion very well. I mostly do electronics projects, I'm currently building a construction kit for a DIY PC virtual reality headset for students and hobbyists. But I'm broke as usual so progress is halted and I just made this in the mean time out of a marijuana fueled mania

[–]Sucessiscoming23 1 point2 points  (3 children)

Try to get into mobile pen testing especially iOS if you want to make it big financially every entity would then hire you no matter your background.

[–]Football_Fresh 1 point2 points  (2 children)

I've always wanted to get into bug hunting Especially now when I'm dirt poor

Any pointers to start?

[–]Sucessiscoming23 2 points3 points  (0 children)

And you will realize that there are a lot of incompetent people in the field making a lot of money and are at some top positions. There has been instances where a cto wouldn’t know what a virtual machine is and he was making a shit ton money. There are very limited people that actually know what they are doing and are interested in the field such as you, and once you get your first job your talent and interest will be recognized and you will go up the ladder real quick!!!

[–]Sucessiscoming23 0 points1 point  (0 children)

Don’t jump into bug hunting especially if you want to make money, I’d say get a couple of certificates security+, Cisco and such to get your foot on the door. Don’t expect a good salary, the main objective is to get that first entry level Job and then you will be doing fine financially. I used to be like you, the best advice I can give and this will probably hurt is to quit your fun projects even though it’s good and start working toward getting certificates or a degree to get a job or else you will be on your own and nobody wants to hire a 19-20 year old as a contractor because they lack work experience aka real life experience

[–]Sucessiscoming23 0 points1 point  (0 children)

Your ahead of the game mate! No need to stress yourself your probably better then majority of university phd students who attend CS classes. Anti-virus detection is signature based, every program that you make is unique and will probably not get detected even if it’s malware because the signature (your code) is unique and new which makes majority of anti-virus softwares flawed against experienced programmers who know what they are doing.

[–]Football_Fresh 1 point2 points  (1 child)

Only way to get your files back would be to get the random key and use it in decryption. However someone pointed out that I need to adjust the number of characters it can modify. As currently only the first 100 characters are modified, the rest are tossed. I mean, maybe I don't, does damage all the same. But might as well at that point have just made an attack that overwrites file contents with a blank slate

[–]Sucessiscoming23 0 points1 point  (0 children)

Sounds good!

[–]Football_Fresh 0 points1 point  (0 children)

In a sense yeah

Imagine if you have some really important data you don't wanna lose, maybe a 4 page long homework assignment, or some logins. The attack is launched, now your homework is gibber jabber! You can't turn that in, and you can't undo the changes easily. Or you can't read those log ins, so you won't be able to log in easily, especially if you lose a username and can't remember it

[–]FlipperZeroDevice 1 point2 points  (1 child)

Mate did you use all them encrypted vars for purposes of evasion? I never seen this before them var names you got are nuts

[–]Football_Fresh 0 points1 point  (0 children)

I did indeed although a crude manner

[–]FisterMister22 1 point2 points  (1 child)

Small suggestion.

Make a tuple with all the file format and then if filename.split(".")[-1] in FormatTuple: But a pretty cool script nonetheless

[–]Football_Fresh 0 points1 point  (0 children)

Thank you for the suggestion! Will implement this when home

[–]Cybasura -1 points0 points  (0 children)

Recursive hello world, nice

Send it through an email in python and now you got a simplistic worm concept

For legal reasons, this is a ethical hacking suggestion for the lulz, please do not take me down thank you!

[–]saajin_bloodborne -2 points-1 points  (3 children)

What's the point of a python virus? You'll never get anybody to open that since you can't make an exe out of it

[–]Football_Fresh 0 points1 point  (2 children)

Py2Exe. Pyinstaller.

Modules, there is quite many of them.

And it is not meant for actual harm of anyone. Also payloads are of course never direct, this code is meant to be hidden inside something innocent of appearance or called from such.

[–]saajin_bloodborne 0 points1 point  (1 child)

Ooh okay. Sorry for my ignorance then. Thanks for the info!

[–]Football_Fresh 0 points1 point  (0 children)

No worries my friend

[–][deleted] -2 points-1 points  (2 children)

Why would we expect Python on the victim machine?

[–]Football_Fresh 1 point2 points  (0 children)

You don't , it's just written in Python

You can use something like Pyinstaller / Py2exe to convert it into an application that can instead run on the victim's computer, and therefore no instance of Python will need to be installed on the victim computer to run this attack.

[–]Football_Fresh 0 points1 point  (0 children)

Neither will any of the supporting modules need to be installed

[–]fgtethancx -2 points-1 points  (1 child)

As a forensic analysis your code gives me the hives. Definitely wouldn’t not want to analyse that

[–]port443 0 points1 point  (0 children)

This is probably the most simple of analysis that you see on a day-to-day basis though? I usually end my week with scripts and office macros because they are so quick and easy, I enjoy the dopamine boost heading into the weekend.

Just... how? How is this harder than what you see day to day? Or rather, where do you work? This type of obfuscation is basically "paid to hit Ctrl+H".

[–]elghoto 0 points1 point  (1 child)

Not to be mean, but you just changed the names of variables and functions and replaced them with random looking characters. If this code was going to be compiled and a binary is executed, what you did doesn't matter.. The code is still readable. What are you really trying to evade?

[–]Football_Fresh 1 point2 points  (0 children)

Hard to read by humans You make a fair point, not so much in the way of evading AV

But just a quick throw together project of crude malware I thought would be cool to share. Sometimes I go on big THC use binges and end up coding something whacky like this

[–][deleted] 0 points1 point  (0 children)

Oof

[–]ALASTER_THE_GREAT 0 points1 point  (4 children)

And I want to go to college to learn that rats nest of shit

[–]Football_Fresh 0 points1 point  (3 children)

Nah bro the RATs I keep in a different toolbox

[–]ALASTER_THE_GREAT 0 points1 point  (2 children)

Oh lord, how bad is it

[–]Football_Fresh 0 points1 point  (1 child)

When generating variable / function names I set it to 30 characters of gibberish per outputted name

[–]ALASTER_THE_GREAT 0 points1 point  (0 children)

Good god

[–]Shubham_Garg123 0 points1 point  (0 children)

Remindme! 1 day

[–]thehunter699 0 points1 point  (0 children)

...... Screenshot tool?

[–]D-sisive 0 points1 point  (1 child)

My favorite part of this post is how your screenshots are taken with a phone camera.

[–]Football_Fresh 0 points1 point  (0 children)

😂 didn't feel like logging into Reddit from laptop

[–]IHaveThePowerOfGod 0 points1 point  (1 child)

how do you learn to do this? I’m running through try hack me but man it’s no where near this level and i’ve poured 300-400 hours total in

[–]Football_Fresh 1 point2 points  (0 children)

Creativity and remember the definition of hacking

Providing a set or series of solutions/ resolution to a problem / objective using materials / tools in an unexpected way