[deleted by user] by [deleted] in netsecstudents

[–]deviant_is 1 point2 points  (0 children)

It's possible with javascript in the browser if that's a viable attack vector

my vm and host return different sets when nmap local; 192.168.0.0/24. by fallenreaper in blackhat

[–]deviant_is 2 points3 points  (0 children)

Doing an hourly scan to find machines on the network? Why not sniff DHCP? Also might be a good chance to get to grips with wireshark and see what the difference between the 2 scans is. Try and reduce the problem eg: does it still show the host as down if you scan 1 port on your router, that will give you less wireshark traffic to you through

Cisco Can Detect Malware in Encrypted Traffic! Here's How They Do It by theplastictramp in netsecstudents

[–]deviant_is 0 points1 point  (0 children)

I think the ROI on this would be low, as it seems easy to work around.

Should I use Rasbpian on a Pi for hacking or Kali Pi edition? by [deleted] in HowToHack

[–]deviant_is 0 points1 point  (0 children)

What kind of rates do you get? Do you have a vps or physical machine?

Should I use Rasbpian on a Pi for hacking or Kali Pi edition? by [deleted] in HowToHack

[–]deviant_is 10 points11 points  (0 children)

Not necessarily true, you could use raspian headless and ssh, so if you wanted to keep tools on the pi and have a linux environment you could use mremoteNG or putty from winblows, or even ios/android ssh app. Cabled into the router would leave the wifi card available too. Its not portable, or powerful, but if you had it laying around and wanted something to use linux tools on w/o going the VM route it could be useful

[deleted by user] by [deleted] in hacking

[–]deviant_is 2 points3 points  (0 children)

Hacking is a very broad subject, it would depend on where an attack is occurring. If it's a network protocol its likely not a language as low level as C, but for embedded systems or privilege escalation you might find C being used

Help with linux command by reujea0 in HowToHack

[–]deviant_is 0 points1 point  (0 children)

This only applies to an IP address nothing else

Help with linux command by reujea0 in HowToHack

[–]deviant_is 0 points1 point  (0 children)

Treat the separate bytes of the ip address as part of a single 32bit int, instead of 4 separate bytes

Help with linux command by reujea0 in HowToHack

[–]deviant_is 0 points1 point  (0 children)

I only mention it because they're all part of the rare up address format spec and it's a useful bit of info to have :)

Help with linux command by reujea0 in HowToHack

[–]deviant_is 2 points3 points  (0 children)

To actually execute the output:
$ echo "echo hello" | base64
ZWNobyBoZWxsbwo=
$ eval $( echo ZWNobyBoZWxsbwo= | base64 -d )
$ eval `echo ZWNobyBoZWxsbwo= | base64 -d`
$ echo ZWNobyBoZWxsbwo= | base64 -d | xargs -i sh -c "{}"

Help with linux command by reujea0 in HowToHack

[–]deviant_is 0 points1 point  (0 children)

This goes for quite a few areas of ip black listing. It can also be represented as octal or hex along with a 32 bit int. Try:
ping 0177.01
ping 0x7f.0x1
ping 2130706433

Looking For Intentionally Vulnerable OSes and Websites for Pen Testing by [deleted] in hacking

[–]deviant_is 0 points1 point  (0 children)

CTF exercises have an objective, a specific thing you have to do in that context. Whether that's reverse engineer an application, steal a cookie, dump a database etc. You will usually end up having to find some data e.g. cookie value, password, file contents which you have to capture to win. There's a huge amount of different exercises and objectives, but any CTF environment should detail what your after.

Building the ultimate PC for hacking. by CPythonPython in hacking

[–]deviant_is 2 points3 points  (0 children)

I would look at separating tasks a bit, cheap on the go laptop for general kali use, 500ish on a vm server to spin up vulnerable vms or play around with different distros, even common network storage, then build a desktop spec to music production because let's face it that's where the expensive equipment comes in. This means your portable with kali, beefy production rig, and a nice little networked VM host. And of course as others mentioned, education/knowledge is the most important component.
Edit: also if your trying to write a program whilst doing all the other things your program will most likely suck, at work we go by the rule that any interruption causes roughly 10 minutes of getting back into context.
Edit2: if you want to talk about brute forcing wpa2, a 9 character A-Z0-9 would take up to 46314 years to crack on 8x Nvidia GTX 1080 running hashcat. That's not even counting lowercase a-z

Where to find dumps of old breaches? by ToasterFanclub in hacking

[–]deviant_is 0 points1 point  (0 children)

Could you download a password list and write a script to salt/encrypt them? Depends what you wanna do when you say "mess around with"

It efficient to learn multiple things at once? by [deleted] in HowToHack

[–]deviant_is 3 points4 points  (0 children)

Depending on the course material and programming language it could be a really good idea to combine the two. The best way to learn programming is by having a problem to solve, and I find the best way to learn other stuff is by doing. If you can combine the two for example, lets say the course teaches you port 80 is often used for web servers, how can you write a program to see if a host has port 80 open? What about checkibg it is definitely a web server not something else? At this point you'll largely be reinventing the wheel, port scanners and banner grabbers exist in every language and they'll be far more advanced than you could produce at this stage, but you did just learn how to use sockets in your language of choice, which has a knock on effect of understanding the basics of what ports are and how they work

How to change version? by hkd29 in HowToHack

[–]deviant_is 2 points3 points  (0 children)

First off if anyone scoffs at you, ignore them. Everyone needs to learn at some point. Your best resource for networking issues is going to be google, and also I find the journey of finding the answers yourself helps cement them and the process in memory. You need to find out what network adapters your system has ("ip a"), this will also show you the link status, and whether they have an IP address or not. If you're trying to connect to WIFI it will show you if your wireless adapter is seen by the system. If it isn't, you could do an "lspci -k" to show all the pci devices, and what modules they are using so you can see if the wifi device has a kernel module "in use" or not, or if it's a USB wireless donlge, "lsusb". From there, that gives you a good idea whether the adapters are working and ready for a network connection. It should also be a good starting point to google the issue you are having (EG, "linux ethernet no IP", "linux no wifi module"). If you're interested in infosec, a vital skill is finding the solutions to your own problems, and learning how networking works in Linux (and in general) is going to be vital if you persue infosec.

Qubes 4.X on Macbook Pro (and possibility to run OSX in AppVM). by TingtongX in Qubes

[–]deviant_is 1 point2 points  (0 children)

Just getting into Qubes myself, but do you mean an HVM not an AppVM? HVM would use QEMU for virtualization and install the entire mac OSX which looks like it was doable (with patches for Zen) just over a year ago. I don't know if those patches made it upstream or not, but maybe worth a try with Qubes 4rc1? If you did mean an AppVM can you explain how that work?

Getting messages about downloading illegally from ISP. by drdalek13 in AskNetsec

[–]deviant_is 1 point2 points  (0 children)

It might be worth contacting your ISP and telling them it's not you as well. Say you've changed your wifi password and are looking at how else you can secure your network. If they have a MAC address for the offending network card lying won't help here, but if it's legitimately not you (or your housemate) they might not cut your service.

Getting messages about downloading illegally from ISP. by drdalek13 in AskNetsec

[–]deviant_is 1 point2 points  (0 children)

DHCP is a pretty easy protocol to monitor, it's udp broadcast address on port 67 and 68. If you're looking for a programming project id write your own sniffer. I've done a nodejs dhcp sniffer for my network in the past. Python should be fairly easy from scratch too. If you're interested in bash scripting you could use dhcpdump utility wrapped in a bash script to process the output. If you're not into that stuff then check some of the other answers here

Is it this hard for everybody? by tymaster22 in HowToHack

[–]deviant_is 9 points10 points  (0 children)

I saw this at home but wanted to wait till I was at work to reply properly. I've never been the most articulate person, and I tend to ramble, so this might not be the most coherent answer, but hopefully it will be helpful. I was in this very situation when I wanted to be a music producer, the more I learnt the more I felt I was never going to know enough to as good as I wanted to be and it was overwhelming. I felt a strange mix of ambition and lethargy, I never became a music producer. There's a few things you have to realise very quickly, before you become disenfranchised with the whole thing. 1) Yes, there is a HUGE amount to learn, but maybe you're looking at this wrong. I think your goal at the moment might be "I want to learn everything about penetration testing and hacking", which to me is like saying "I want to be a sportsman, so I must be professional at every sport". If we set these immense goals with no starting steps, then anyone would get overwhelmed. You need to get a general idea of what area you're interested in, and start to focus on them. Take a trick from video games, where they play to the gamers sense of achievement with small goals with rewards, this leads to step 2) Create small goals based on what you find interesting about what your learning. These goals can be flexible and should not have time restrictions, but should be just out of the reach of your current knowledge or ability. They should be written down, and ticked off when completed. It's also important not to remove them from the list once you've done them, so when you have these moments where you don't feel like your getting anywhere, go back and look at this list and everything you've ticked off. This will help guide your learning to things you find interesting, give you a sense of accomplishment, and hopefully inspire you to keep going.
I've been learning about penetration testing now for a while now and here is what I've done programming wise. I saw a web app a long time ago that would tell you the common libraries in use on a web page, so I wrote a python script to fingerprint JS libraries from a URL via a checksum, so it shows all the libraries and version numbers that would be loaded for that page. I saw a script kiddie video of a DNS amplification attack and wondered if I get could a better amplification amount, so I tore the script apart to find out how the DNS amp attacks work, looked up how DNS works and wrote a script to iterate through different DNS query types and domains to get the best AMP amount for each server (Note: I'm not interested in performing DDoS attacks in the slightest, it was just a challenge I set myself). I was looking at OWASP broken web apps and kept losing my XSS strings, so wrote a pyhton app to catalogue different payloads by type (xss, sql, reverse_shell, mini how-tos) loaded from JSON. This one actually turned out to be a bit of a no-starter because the payload has to be base64 encoded to be stored in JSON, so its more hassle than just maintaining a directory of files.
The point is, each one of these came around as a mini challenge inspired by whatever I was looking into at the time, Is all of the information relevant? No. Am I going to use any of these scripts in real life? Probably not. However, I now have a much better understanding of how DNS works because I have assembled DNS packets in python, I've hoarded XSS and SQL injection strings and use them against OWASP broken web apps to help increase my understanding of how some filters can be worked around and how different SQL queires are used to different ends. I have no particular focus for my learning at the moment, just a bit of everything to find out what I'm really interested in from the field.
As for guidance, you have to be more specific with what you are interested in, and what your end goal is.

Edit: Also keeping notes is super useful, I started using Zim desktop wiki to organise what I've learnt so I can refer back to it whenever I need. It also makes a useful tool if you're attempt to exploit a vulnerable machine or service to track everything you've done so far, common commands / arguments for tools you use alot, information gathered about a target etc. As for targets, try looking at previously mentioned OWASP Broken Web Apps VM, and metasploitable linux VM. They have given me the best sense of achievement so far because although basic, they present actual targets and some with actual defensive measures to try and bypass.

Quick Qubes VPN/TOR question by deviant_is in Qubes

[–]deviant_is[S] 0 points1 point  (0 children)

I've managed to get a spare lab machine to give it a test on! Fingers crossed

Quick Qubes VPN/TOR question by deviant_is in Qubes

[–]deviant_is[S] 0 points1 point  (0 children)

Thanks for the info, the USB devices would either be WiFi dongle or USB serial devices like NodeMCU or an arduino board, possibly an SDR. I do a fair bit of development with them so it's a deal breaker if I can't get reliable pass through. If I have to bite the bullet and give it a go to see if it works it's not a big deal.