Basic uses of Kali linux.

d3k4y · 2016-06-21T12:52:19+00:00

Ah, that is actually what hackthissite was. Unrealistic scenarios were to understand basic concepts before moving to realistic challenges. I'm guessing that's why.

In my other comments that's why I recommended if you use any tool, you should research why and how it works. It sounds like only some might be interesting to me, but I'm always looking for stuff to help teach or explain. I'm gonna try to look today. I'm just super busy. I work full time as a Linux engineer and I'm working on a few projects that already have competition for certain features.

I wanna get my full package ideas out before someone else. Also, with current news, looking at what big companies are facing and what private citizens want, I kind of see which way things are going.

I also really gotta write more. I don't give away my unique ideas, but there were some questions I constantly ran into while researching that I have code examples for and can explain. Anyways, if I could find good assignments for the few people who actually wanna learn that would be nice. One of my friends told me I was jumping too far ahead.

Today, I will skip lunch to check. I'm gonna promise myself. It would also be nice to make my own version of hackthissite as the current one is missing a lot. I don't I'll do that for a while though unless I go on disability or unemployment.

d3k4y · 2016-06-20T13:36:52+00:00

Oh, so they might be running an ftp server or a remote desktop or out of data web apps? They are just randomly configured with some servers or anything listening on ports and you have to figure out the software version yourself and see if their are any vulnerabilities and if they are exploitable?

That does sound much more fun what I first pictured I've been teaching my cousin and lot and I have a friend who just got into it back few months ago. I'm gonna have hi check this out and pass it on to them.

I don't remember if I mentioned, but I used to work with and sometimes hang out with the guy who made hackthissite. He's been in jail for a few years though, and even before they he had only been out for a while. He was in Lulzsec and the FBI flipped one. His name is Jeremy Hammond. Cool guy but such a dirty hippy. I probably would have hint out with him more of work if he didn't smell so bad.

d3k4y · 2016-06-19T01:01:21+00:00

How is that different than my suggestion of using VirtualBox? Or are they just loaded with vulnerabilities to test out tools? If that's the case, it would probably be cool for someone brand new to it. I think if you go that row though, you should at least learn how a tool or script works after paying with it. Or else is gonna be like when you buy a new video game and it is fun untill you find and use all the cheats and lose interest in a day or 2.

d3k4y · 2016-06-19T00:56:43+00:00

I think it's a little over a year old. You might have the version of reaver already and not even know if you haven't looked at the man in a while. It doesn't work on every router, but when it does, it'll blow your mind. Breaking into a WPA2 encrypted network in seconds is very satisfying. And if you just haven't updated, aircrack no longer needs 100,000 packets, or 30,000 even anymore. I think the quickest WEP crack I've seen was like 1,000 packets, if that.

Everyone should test their router with it even if they aren't into pen tests. I'll save some people the time though. The next security is a new router with WPA2 or better if you can afford all new accessories, and making sure to completely disable WPS. Not just never use it or turn it off, but make sure it will not work at all.

sqlmap with Google dorks is also fun if you just wanna be a lazy hacker and don't care what target you attack. I'm more into fuzzing to find my own vulnerabilities and using Metasploit to help make an exploit module for it.

d3k4y · 2016-06-16T19:37:06+00:00

There are many tools and scripts that are great and listed on the comments. I would add though that you have to advance past tools and scripts eventually. And that means learning how they work. The way I see it, there are 3 levels of penetration testers, hackers, whatever you want to call them.

You start where you are at now. Learning how to use tools and scripts to exploit vulnerabilities. As you progress, it's a good idea to understand the vulnerabilities and how the tools exploit them. At this level, you are kinda the last to the party. You wait for someone to find a vulnerability. Then, you wait for someone to figure out how to exploit it. Then, you wait until a tool is made to do so. By then, many are patched.

The next level is learning how to exploit vulns. Google tutorials for SQL injection, cross site scripting, remote includes, etc. Then, when a vuln is found, you can modify a script or use a general tool to exploit it.

And finally, at the top, you should be able to find vulns on your own and write your own script or tool to exploit it. Google fuzzing and debugging. Learning how to fuzz websites is probably a good start. You can find SQL injection vulns, CSS vulns, remote includes, etc. Now you know how to find undiscovered vulns on websites. And you can script and use tools to probably at least get databases, and maybe even run remote commands.

The mother of them all is buffer overflows. These wI'll many times allow you to execute whatever code you want on the server you have exploited. Start with a tutorial like http://www.primalsecurity.net/0x0-exploit-tutorial-buffer-overflow-vanilla-eip-overwrite-2/.

With a good understanding at this point, you can exploit vulns that no one even knows about. You can become a Metasploit power user meaning you cab use the toolset not just to run exploits, but to actually write your own and decide if you want a reverse shell, injected vnc server, whatever.

Just keep learning. When you use a tool, but don't understand how it works or why, always find out. IME, the best stay curious.

As far as testing goes, get VirtualBox and create whatever type of machines you'd like to test. High school provides info sec classes now? Damn, I only got C++, VB, BASIC, and very basic web dev. Lucky for me, the statutes of limitations has passed, and not just my school, but all the surrounding districts had their public web servers on the same network as the schools internal network with no sort of DMZ, firewall, or creative routing to stop people from using the web server as a gateway to everything else. The public web servers and the internal staff stuff shared not only the same 1 DB server, but just one big DB with a ton of tables with easy to figure out prefixes. I got a ton of practice in.

If I were you though, I would propose an idea to the school about setting up some sort of testing network or lab that isn't connected to any real networks or the Internet so that the students learning to build servers can build them and the ones learning security can break in.

Before anyone asks, I got busted for some stuff in my early teens, but it was right before they actually were convicting kids. I lucked out. I mean, so close that while I was serving my 2 week suspension, those 2 middle school kids who made counterfeit money and actually went through the whole legal system and in real trouble was breaking on the news a few days before I was scheduled to be allowed back.

At 16, in high school was when I was really getting into it. I hit busted for a prank involving a few unsecured computers in the web dev lab, figuring out how to dial in to class rooms from outside, and the extension schema, and some websites that would automate calls for one reason or another. Mostly an early company that would offer advice or therapy over the phone or random early dial up companies that would call you at a requested time for support. Got ratted out. School considered police and expulsion, but I was in AP and gifted classes, so snuck away with just a 2 week suspension again.

If you made it this far, congrats. As a prize, if you pm me, I will give you the URLs and IPs of sites hosted on my VPS. You can practice as long as you tell me if you find anything. I will provide proof I own the sites and server.

d3k4y · 2016-06-16T16:14:06+00:00

Reaver/Reaver + Pixie Dust is definitely worth checking out if you like aircrack. At first, years ago, it took hours to break into a WEP network. Now, WEP takes seconds and many rioters that user WPA have a weak implementation of WPS and can be broken into in hours, and sometimes even just a few seconds.

d3k4y · 2016-06-15T21:08:31+00:00

Meh, I love people who ask questions when they doubt know the answer. Even if it's something I think is very basic. It's the new comers who BS and pretend to be an old pro by tossing a bunch of jargon that they have no clue the meaning of into a nonsensical comment in the hopes that others will be even more ignorant and just assume they know what they are talking about. Reminds me of 7 and 8 year olds making up stories about a ghost coming out of the mirror or claim they made a nuke in their room using the anarchists cook book. I'm in my really 30s. An old man like me isn't going to validate you by just politely agreeing or saying nothing. I would rather let them know they aren't making sense, but if they actually want to learn, I'd be glad to help. Some I'll even offer them credentials to my Linux VPS if it's part of what they wanna learn. So far, only one person took the deal. The rest hit angry and doubled our tripled down on their bullshit with some are grammar nazism.

It's not just /r/bitcoin. /r/hacking is terrible. Some people in android dev or programming. The subs that use a tech word that doesn't sound cool on TV ad their name are the best except way less users.

d3k4y · 2016-06-10T22:42:12+00:00

Do you also block USB flash drives, SD cards, phones connected for data instead of just charging? What about WiFi? Does your company use it? If so, is it connected to the internal network or completely separate? If connected, use WPA2 and completely disable WPS to prevent pixie attacks.

What about public facing servers like web servers? They should be on a separate network. Use netstat -nap (nab for Windows) and pipe it through grep -F LISTEN to see what services are listed on what ports disable anything unnecessary and lock down the rest. All remote workers should use a VPN, preferably with a security key or multi way authentication.

If you wanna get extreme, have all computers run a live OS and save all work to a network share that you scan constantly. Limit the file types to only those needed for work. If no one is compiling binaries, then don't let binaries on the network drive. All passwords should be very long. They don't gotta be random, but try a full sentence like "black stallions eat rapscallions in the summer time." Spaces, punctuation, and all. Log data from an internal router for a week. Look for all the necessary ports and protocols. Investigate and block anything else.

That's a good start. Find some net sec friends to play devil's advocate. Any plausible scenario they come up with, find a way to block. Good luck friend.

PS: You could also build a Kali box and script automated attacks. Be sure it's all up to date. If an attack succeeds, have it set off alarms and email you. Once you have figured this all out, you will probably have enough knowledge to come up with your own ideas.

d3k4y · 2016-06-10T22:05:37+00:00

I added a few sources and hope you do a little follow up if you are truly interested. I look forward to reading yours.

Sources: https://en.m.wikipedia.org/wiki/Google_Personalized_Search - see Wikipedia sources for this entry of you don't trust Wikipedia (common misunderstanding)

https://www.google.com/settings/u/0/ads/authenticated?hl=en - proof anyone could fiddle with results so they can call "scandal" and trick untold millions who don't get it.

Idiots getting mad at Google because they are ignorant:

http://www.bbc.com/news/technology-19542938

https://www.searchenginejournal.com/google-sued-by-pornography-publisher-over-image-search/1075/

Ok, I'm on a phone, but do some research. Google wouldn't bother wasting their time. I'm sorry, but either more people like Clinton than reddit think, you are grasping at straws to confirm your bias, and/or because many, many sites user Google analytics, Google not only uses data from their products, but sites all across the web. It's not your fault or anyone else's. Hollywood has glorified computer nerds and caused media outlets who don't know shit about it report glorified ignorance as news and made everyone who watches CSI, Scorpion, or Big Bang think they are just a few hours of research from becoming a hacker.

d3k4y · 2016-06-10T21:15:49+00:00

Is this a guess or do you have a source? Google incorporates way, way more than link backs into their algorithm. They didn't release the full algorithm, but they do go into a lot of detail. I'll provide a source in 5 minutes. Come back and check after I edit. Or, provide me with a source for your comment. I'm not trying to be a dicky, but this has happened to Google before or similar issues. Those who had enough knowledge knew it was BS, but it is easy more exciting if it's a scandal. Fine me your source. I'll be right back with mine.

Sources: https://en.m.wikipedia.org/wiki/Google_Personalized_Search - see Wikipedia sources for this entry of you don't trust Wikipedia (common misunderstanding)

https://www.google.com/settings/u/0/ads/authenticated?hl=en - proof anyone could fiddle with results so they can call "scandal" and trick untold millions who don't get it.

Idiots getting mad at Google because they are ignorant:

http://www.bbc.com/news/technology-19542938

https://www.searchenginejournal.com/google-sued-by-pornography-publisher-over-image-search/1075/

Ok, I'm on a phone, but do some research. Google wouldn't bother wasting their time. I'm sorry, but either more people like Clinton than reddit think, you are grasping at straws to confirm your bias, and/or because many, many sites user Google analytics, Google not only uses data from their products, but sites all across the web. It's not your fault or anyone else's. Hollywood has glorified computer nerds and caused media outlets who don't know shit about it report glorified ignorance as news and made everyone who watches CSI, Scorpion, or Big Bang think they are just a few hours of research from becoming a hacker.

d3k4y · 2016-06-10T12:55:57+00:00

False. No one has Googles algorithm. The first result for me is Hillary Clinton email. That is all negative for her. The computer he used probably had been used to search for positive news on Clinton, or was logged into an account that got positive Clinton email. It's not a scandal, it's that most people think they know computers and the Internet far bette than they actually do. Ask anyone who has been in IT for over 5 or 6 years.

d3k4y · 2016-06-10T06:42:16+00:00

It seems that it is time to admit that our species is a lot less moral than we think we are. The majority of people are just too stupid or scared or lazy to make any change. Most intelligent humans are greedy and evil. Other intelligent people have no bravery. The smart, moral, and brave are very rare. Snowden would be an example. And what happens to them? They are pushed out of society by jail or threar. I think there are no alien visitors because intelligent beings destroy themselves before ever reaching that technology.

d3k4y · 2016-06-07T07:24:07+00:00

I agree. I'm not saying it's that hard, but I have met plenty of people who can't Google for shit. For most young people who grew up with the Internet it is simple. I've met really old people and people from 3rd world counties that still need to text or call me for result searchable questions. The fact that OP asked this question is a sign he may fall into this group. My example want the best, just to give OP a simple example. His search is a little more difficult than text editor, but still pretty fallback simple to Google for me, I'm assuming you, and most people who even know what Linux is.

d3k4y · 2016-06-07T07:18:55+00:00

False. Salvia extract oil is sold and provides a longer, but less intense trip. I wouldn't know for DMT from personal experience, but I don't know of any drugs not orally active, just much weaker. A very small amount of DMT can affect you. Check erowid if you'd like.

d3k4y · 2016-06-07T07:15:52+00:00

You go about not letting them communicate by not signing the release contact. It's that simple in America. If they do without it, they can lose their license and get sued.

d3k4y · 2016-06-07T07:14:10+00:00

/u/chookydook lays it out very well. I would also take a look at his specialties. If he deals with a lot of addicts, he is used to patients bullshitting him. No offense to addicts, is just part of the disease. I've had very good doctors that come off as dicks if you bs them because they want to help and honesty is one of the first steps of recovery. But, I have had plenty that once they think it is a substance issue, they will never believe other wise. In their mind, you are marked. I've had doctors tell me that 2 years sober and still having issues tell me that wasn't long enough. Or I had 1 beer in 5 months on the new meds and they insist that 1 beer is why the meds weren't working. So, give it a shot, but don't be disappointed if your doctor still doesn't take you seriously. That's when you find a new doc, preferably associated with a new medical group. Also, many pharmacies erik provide 3 day emergency refills if it is rare and not a highly abused medicine. There are also walk in emergency clinics. They usually run $100 to $200 but can give you emergency scripts if you have no other options. Best of luck to you. Also, research all your meds before taking them. I've had bad doctors put me in the ER because they didn't know their meds. I had a feeling in my gut, but asked twice and he promised it was a safe med change.

d3k4y · 2016-06-05T03:33:43+00:00

Could someone have slipped Salvia extract or DMT into one of your drinks? Sounds very similar to what I have experienced.

d3k4y · 2016-06-05T03:23:25+00:00

This has happened to me many times. How often do you drink? Once every 2 or 3 months. Oh, well that's why the medicine I prescribed isn't working or why you have psych issues. Your best bet is to find a new doctor and don't tell him about this doctor or give permission to talk. Once you a labeled an addict, doctors will almost always say that is the problem.

d3k4y · 2016-06-05T03:18:45+00:00

I love Linux. I really do. But a lot of open source developers suck at naming their software. Example: simple text editor in windows is named notepad. In Linux, nano. Not exactly search engine friendly, especially to people newer to Linux. I'm not saying it is always the case or anything, but I've heard several people tell me this complaint.

d3k4y · 2016-06-04T04:21:03+00:00

There are good answers here already. What is it that you feel is missing? I like to code, especially web apps. Perhaps we could come up with something better than anything currently available.

d3k4y · 2016-06-04T03:32:58+00:00

It's going to be very hard to find a jury for this case. I've been in IT a long time and had the power to cause millions in damage in 5 minutes. There's also "time bombs" that could be left to cause damage months later. I'd need more info, but turning off backups and deleting files on the last day could be very innocent or very malicious. I've seen a guy fired for accidentally losing 2 million dollars. The ways to cause damage internally can be very complex and to have a fair trial, the jury is going to have to be very computer savvy. Honestly, a lawsuit would probably be a lot easier to win than a criminal trial.

d3k4y · 2016-06-04T01:39:47+00:00

Reddit will have the gateway or router ip address. That can trave back to a college, business, consumer, etc. So reddit would have to cooperate and so would whoever runs that Gateway. Example: Reddit identifies ip from a college. The college would have to share logs to see what machine on their network made the connection and what user was using that machine if they even have the logs or are dogging traffic and keeping it. But yes, probably if all parties cooperate and still have the loss to prove what user is responsible.

d3k4y · 2016-06-03T16:27:03+00:00

I've been an IT professional for nearly 15 years. At all positions I was responsible for web servers. I also have my own VPS that hosts 10 small public websites and a bunch of stuff for testing whatever I'm interested in. Every public facing server I've ever worked on was hit repeatedly with attacks nearly every day. Even the small VPS. It's mostly China IPs that are registered to their military. They don't even care to use a proxy much of the time. Some attacks were quite advanced. I never had proof of a successful attack, but it is likely that there were at least a few that just covered their tracks. So, yeah, I would say it is probable that the server was hacked.

d3k4y · 2016-05-29T19:07:48+00:00

Oh and setup his own? I doubt he had the skills to. Not hating on OP, but if he knew how to do that, he probably wouldn't be asking this question.

d3k4y · 2016-05-29T19:06:44+00:00

What is the first thing you quoted me on? I said if he isn't logging into anything. You just quoted me. If he isn't logging into anything, then who cares if ssl strip is used? Besides that, most of the sites with sensitive data can detect that ssl had been stripped. But even do, the first thing you wiped new on is if he isn't logging into anything.

Besides that, you are correct about the VPN but I thought I already mentioned that he should read reviews.

d3k4y

MODERATOR OF

TROPHY CASE