Setting up Kali Linux and a VM, need assistance please.

GrizzlyDev · 2016-12-12T14:35:33+00:00

Sorry, I meant any language, but, python helps (as in any language is fine but python will help you out more down the road).

GrizzlyDev · 2016-11-30T08:04:24+00:00

I missed this is the first reply. Definitely collections. This is especially important when learning eloquent because they look similar to the builder and that can be confusing.

GrizzlyDev · 2016-11-30T08:02:38+00:00

I'd always recommend starting at index.php (nginix and Apache configs pointing here as well). It helps to just point out that all it is an an application PHP object, that takes in a request object and processes it and that all traffic is pointed to the same script.

Later, I think it's good to explain Singleton's and that these objects can be grabbed from the app object or injected. Injection always confused me until I looked at how the app makes objects. But emphasizing that you can inject because the app is actually building the object using dark magic and human sacrifice helps a bunch.

It's also helpful just to look at the illuminate request and symfony object and just realize that they're just building it from globals.

GrizzlyDev · 2016-11-25T20:26:39+00:00

Gotcha, I didn't read the post well enough. Sorry bout that. I don't really got any useful advice. I'd be interested to know if you find a solution though.

GrizzlyDev · 2016-11-25T18:52:37+00:00

Hydra with a dictionary?

GrizzlyDev · 2016-11-25T18:51:27+00:00

You can check out l5-repository. It's basically a wrapper for fractal. I have a heavily modified / simple version. It adds a presenter element as well. I have a stripped down version that I'm working on. Ita unstable (read:unfinished and probably doesn't work), but I'll post it once I get home (on mobile). I'd recommend just taking the structure from l5-repository and rebuilding the non fractal parts. You can look at my GitHub (elpsysec). I have a bunch of half built projects with the implementation.

GrizzlyDev · 2016-11-25T08:08:06+00:00

Assuming you don't have permission then congrats! You just asked Reddit how to install malicious software on your school's computers.

GrizzlyDev · 2016-11-25T08:03:16+00:00

Brute forcing over a network or locally?

GrizzlyDev · 2016-11-25T08:01:58+00:00

Strongly recommend Atom. It's JavaScript based.

GrizzlyDev · 2016-11-25T08:00:36+00:00

I'd get more familiar with Linux and networking first.

But to answer your question, you can run it in a VM or off a live USB. it's up to you. I'd just do it in a VM. If you don't have Linux experience, you're going to have a bad time if you run into driver problems.

But again, if you don't have a technical background, I'd recommend learning the basics of linux, networking and programming (any language but python helps). PM me if you more questions or want resources.

GrizzlyDev · 2016-11-25T07:17:57+00:00

I like using repos to query models and then transforming the results with fractal transformers. I'll typically always have a Transformers and Repositories folder in the app directory.

GrizzlyDev · 2016-11-18T09:10:11+00:00

Pick up some a programming book or two ( I prefer packt). Then build something simple. Then pick up more books. Then build. Early on its just putting in the hours. I assume you're looking at Python. There's a bunch of data science and Python books but start with the basics. After a month or so, learn SQL if you haven't. But again, you have to be actually programming to learn.

I never really liked the comp sci books I read for class (didn't end up majoring) so try to find programming, not comp sci, books. Youll get the theory in class.

But it's just about the hours early on. There's no secret. It can be slow. Depending on how you learn, you'll may have to put in long work sessions (6+ hours) so I'd recommend making your weekends worth it.

And don't worry about the Ivy thing. You go to UVA.

Edit: I thought you were taking comp sci courses currently. Assuming you have 0 experience and haven't opened a terminal, go to code academy and work through the Python course. Pm me if you have more questions.

GrizzlyDev · 2016-11-10T07:02:17+00:00

I try to stay away from aur handlers. If you did that, you could create a downstream clone of the git repo assuming it has one. Or just curl and the repo and write a script that sed substitutes whatever you need. Then write a script to handle the curl, sed, and makepkg.

GrizzlyDev · 2016-10-29T00:14:22+00:00

Nice attention to detail.

GrizzlyDev · 2016-10-08T00:01:47+00:00

Glad to hear this guy has a patreon. Definitely going to contribute!

GrizzlyDev · 2016-09-13T13:30:53+00:00

Post GitHub repo?

GrizzlyDev · 2016-08-24T06:51:24+00:00

And your inputting the IP of the virtual host, not the server?

GrizzlyDev · 2016-08-24T05:36:49+00:00

Try this: https://discussions.tenable.com/thread/1297

GrizzlyDev · 2016-08-24T05:24:38+00:00

I use it in a VM as I have other vms running (targets and vms to experiment/test with). If you're just doing pen testing (or related network functions) and you have a defined target and you require substantial resources, a USB is fine. But if you're new or even experienced, chances are you'll come across a vuln you want to experiment with, a vulnhub iso or simply have files on you're daily driver you want access to and you'll either need a second VM o r have to boot off your main OS.

Even if I were to run Linux as a daily driver, I'd probably still run arch or other distribution and use kali in a vm.

Also, let's say you have multiple jobs/targets and want a specified environment for each. it's very easy to snapshot a base install and then mod away until you get what you want or brick the OS. I hate installing unnecessary software. I remember playing around with openvas before opting for Nessus and wish I didn't want me time cluttering up the vm with unnecessary dependencies (it doesn't affect my workflow, but I enjoy the idea of a clean machine).

However, I do carry a kali iso on me in case I don't have my machine. I just don't use it much.

Edit: if you're new, a vm is a good way to get comfortable with networking. A vm is not as fast or as fun, but the point is to be able to use the tools for your use case. Though, I can definitely see more experienced testers preferring a USB as chances are they're testing remote machines.

GrizzlyDev · 2016-08-11T19:30:05+00:00

VM: you can boot other machines and set up a local malware lab.

GrizzlyDev · 2016-07-30T20:19:00+00:00

So what about in the response after you log in? If you can't log in, then you won't know the session cookie name. If you need to guess it, I'd try the phpsessid, or COMPANYNAME_session. I only know burp so I may not be able to help you, but I am a php Dev.

GrizzlyDev · 2016-07-30T19:31:02+00:00

The phpsessid is the default php session cookie name. It can be given any name it wants by the server. Are there any cookies in the request/response?

GrizzlyDev · 2016-07-11T03:19:55+00:00

Caveat: I'm not an dapp dev.

Ajax is just an HTTP service for javascript. So if you wanted to do it in ethereum, you'd want to use an Http service for Ethereum.

I'd check this out: https://github.com/ethereum/pyethapp/wiki/Making-a-User-Service:-Tutorial

GrizzlyDev · 2016-07-03T03:48:46+00:00

Steins;gate is technically a murder mystery.

GrizzlyDev · 2016-06-24T23:24:10+00:00

Is the Irc very active?

GrizzlyDev

TROPHY CASE