1
Networking / Re: Why wont WIFI work in Kali Linux?
« on: February 27, 2016, 02:29:10 pm »
This thread hurts my eyes.
Closed.
Closed.
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
2
Beginner's Corner / Re: Creating cheat sheets
« on: February 25, 2016, 07:05:40 pm »Hello:
[Problem]
I'm learning a lot the last time but it's getting too much to remember all the commands. I made a how to for myself for the install of arch and configuring, but for the commands of for eg airmon or iw i would like to create a cheat sheet.
[Background]
I've learned many commands but have it heard to remember.
[Things I have tried]
Install cribr in Arch with wine. Was no success. Installed cribr in Windows, doesn't look good.
I've been looking for alternatives but I don't trust all the online options (some of them force you to publish your cheat sheet).
Latex is named as an option on several internet website, but it seems to have a steep learning curve. As I'm now finally learning other things, I would like to learn Latex as a last thing.
[Where I am stuck]
How do you guys remember all those different commands? I know man exists but knowing the commands is much faster.
What or how do you guys keep track off all your know commands?
I'm not talking about installing or configuring things, I have a how to for this, but about the commands like iw, airmon, knowing you should change /etc/resolv.conf for NS, etc..
I don't have a problem with sharing my finally created cheat sheet, but as I'm very beginning I don't know you could use it
I don't see them as commands. every tasks requires a different tool and thats the way I like to think about it.
Even after years I find myself using help and man quite often.
Also most commands have a very sensible name and so do the options which is pretty consistent the result is that you can use the same flags for many different tools, the '-v' makes a good example.
Autocompletion is something you have to hammer into your brain, use tab for everything , if it doesnt do anything make sure you hit frequently and with increasing force, you shall complete! I am making it sound like a joke but I am serious , I see many newbies typing , I get tired by even looking at it.
That said, ZSH is my main shell and it makes life a whole lot easier , eventhough I think beginners should learn BASH first ZSH adds some extra dimensions, for example scrolling with tab over items is a great feature.
If it works for you do make a cheatsheet but I would encourage you to learn by doing and seeing the logic behind seemingly random letters and commands.
Also those commands you posted show me that you wanna jump to the fancy shit before learning to walk , start with file operations / networking / service mgmt etc.
3
Found it on the Webs / Re: classifier - cool python script for quick organization of files
« on: February 25, 2016, 06:53:58 pm »
I try not to do the 'thanks posts' but this is a great find, I often find myself lost in my junk folders, this would certainly help.
4
Operating System / Re: So I installed Arch
« on: February 25, 2016, 06:31:01 pm »Meh I didn't want to do it like that, figured I could just booted it up from VBox like everything else I have lol but nopeAre those programs you want to run heavy on CPU/MEM/GPU ?
What do you run if I may ask
If not I suggest you run windows on KVM and do your stuff in there or do as I do and have a box you can RDP into to do certain tasks, fixes all my problems for sure, plus you can still run heavy programs on the machine if required.
Everything else runs linux pretty much.
As for the thread hijack , I think this is a nice place to discuss such topics so if other staff members agree I will let this continue in such fashion.
iTpHo3NiX checking in, I agree ProxX. This was kind of a Linux experience thread
5
Hacking and Security / Re: User PW Validity
« on: February 25, 2016, 06:20:51 pm »thats cool bro, but i promise that all 10,000 of your employees will NOT be using a password manager and enforcing a rule where they have to would be stupid and add unnecessary complexity. (and 9,950 of them will only use your companies password in it anyway.Thanks, I didnt know where to start with the punk below, well said.
change once a year, maybe once every 6 months if user security is that high on the totem pole, use two factor if feasible, and dont allow reuse or simple passwords.
realistically most hacking situations involving user passwords being compromised happened because they reused it on something you DONT control (some bs website that got their db dumped, their cellphone, w/e) and in that case what really matters is UAC and ensuring the rest of your network is up to par.
6
Hacking and Security / Re: User PW Validity
« on: February 23, 2016, 08:38:15 pm »Seriously? That sentence made me cringe!You can not require from a human being to remember 12 new hard pwd's per account per year, its insane.
Instead 2 factor auth or padlocks provide a more secure method which also lowers stress on the users.
7
Hacking and Security / Re: User PW Validity
« on: February 23, 2016, 08:30:17 pm »I think passwords should be changed every 4 weeks if the environment requires a high level of security and like Kulverstukas said, the password complexity and reuse can be configured as rulesSo you write it down and put it under the keyboard?
Thats what happens IRL
8
General discussion / Re: Subway Slasher Crimes in NYC
« on: February 22, 2016, 01:07:51 pm »
Hypes are bad foundation to change a way of living, don't get me wrong change or perspective is something I would encourage any time of the day but this is just another news article of just another slacker with a sick mind.
The fact that there is media focus causes great imbalance to proptional thinking, incidents tend to derail our thinking on a global scale.
So yes I understand the 'this is close to home' feeling , personally I wouldnt worry much about such things eventhough it's hard not to let it influence one, it's a numbers game.
Apart from going full bountyhunter style it doesn't seem like the public can do much about this apart from the regular stuff.
The fact that there is media focus causes great imbalance to proptional thinking, incidents tend to derail our thinking on a global scale.
So yes I understand the 'this is close to home' feeling , personally I wouldnt worry much about such things eventhough it's hard not to let it influence one, it's a numbers game.
Apart from going full bountyhunter style it doesn't seem like the public can do much about this apart from the regular stuff.
9
Operating System / Re: OS Advice?
« on: February 21, 2016, 04:12:31 pm »That there are a lot of "useless" applications is evident the moment you install it. Of course what's useless to me could be useful to you, so I speak only for me. For what concerns the queries being uploaded to "enhance" the OS and the ads showed to you, I simply don't trust them anymore since they introduced that feature. I see it as a betrayal of the philosophy behind GNU/Linux. Surely you can say they somehow have the right to do so since Ubuntu is their product, but I don't feel like trusting Canonical as of now. Nor I feel like recommending it.I don't like it either but then again who the hell would use the desktop edition
Just my two cents obviously, feel free to disagree.
10
Operating System / Re: OS Advice?
« on: February 21, 2016, 03:17:59 pm »I would go with Debian, stable and easy to use, all in all. Stay away from Ubuntu, it's bloated with useless things and it spies on you.Show me the evidence , the only incident of which I am aware is the search queries in the desktop thingy being uploaded to 'enhance' it , this is no longer the case iirc.
Happy hacking
Afaik there is no proof against ubuntu or the company behind it nor do they really earn such acquisition.
The server edition is perfectly fine to work with , quickly patched , new features ,solid etc.
It is unlikely though that them kids here need to run a server park, for this reason I would also suggest something other than ubuntu but it isnt a bad place to start.
11
Hacking and Security / Re: Cybercrime Data - Who to allow access
« on: February 21, 2016, 10:25:11 am »Hi all,
so I'd like to hear you opinionon this.
I am currently building a system that provides the possibility to search and analyze undeground markets (boards selling credit cards, stolen identities, ...) - you probably know such boards yourself.
The service is far from finished but I plan to bring it online in the next months.
Now my problem: The nature of this service is that data from underground boards is made accesible for users. The data will very likely contain information that can be misused e.g., Credit Card Data. How can I make sure that this service is not used as something like "all you can grab" buffet for cyber criminals ?
I thought about restricting access to people who "identify" themselves e.g., via their LinkedIn profile but
I want the system to be usable by many people.
I could implement some methods that try to hide/remove sensible information but I am quite sure that these methods will miss something.
Another possibility would be to restrict the number queries allowed for non registered users - as done by Shodan. This still has the risk that sensible information is exposed within these few queries.
Any ideas/tips/...
Thank you !
At least make sure it isn't easy to scrape , use js to present data this will keep most punks out, just face it , whatever you put out there will be abused by someone.
Exactly what I was thinking , ratelimiting the amount of queries would work but it would also make it lame
At least forcing a login and whatnot would make it harder for them kids to massively suck on that db.
12
Hacking and Security / Re: Fuckin Punks
« on: February 21, 2016, 09:42:01 am »
Im gonna give this punk a cookie for making me laugh.
13
General discussion / Re: I got caught scripting??
« on: February 21, 2016, 09:37:06 am »In my English class we have this really boring thing we have to do every week where we have to go to this site (membean) and study vocabulary words for 135 minutes every week. So I made a script in Javascript that did the membean for me by continuously clicking this button called "pass" that I found hidden inside the website's html (they didnt do a good job hiding it). I don't know why they implemented such a thing in their html code, but nevertheless, the "pass" button would automatically count the question right and move on to the next question so my script simply continuously pressed this button until my weekly dose of membean was done. I used this script for a few months until my teacher announced that membean learned about people using scripts to do membean and they made methods to catch scripters like me, probably by logging me whenever the "pass" button was activated. I unfortunately had used my script the day before the teacher announced this. So now, my minutes of doing membean for this week were negated and I was given a 0 for this week. The teacher said she would be very mad at people who were scripting. She announced that scripting was illegal (which many of my friends doubt). Still, I am quite worried now. Can I get away from this situation? Should I continue finding better ways to "effectively" do my assignments more carefully or should I just do the work? Please help me and please provide constructive criticism if needed.So you bascially have perfect scores due to this ?
In that case it would be more than obvious something is wrong.
How about timing , there is no human being capable of hitting 40 correct variables in 0.08s , see where I am going?
14
Hacking and Security / Re: A couple of questions about key logging
« on: February 17, 2016, 07:36:29 am »In my opinion what matters the most is a good crypter. If the keylogger has the "melt" option it will install and won't be detected that easy. But you need a good crypter for it,and be careful. Almost all crypters posted for free in forums are backdoored (infected).Read again , OP talks about doing it himself, not using some green glowing skidthingy.
@OP
Python would work just like any other language , the downside to it is that it would be easy to peel down or hard to hide, windows doesnt ship with an interpreter so you would need something like py2exe to make it portable, this is not as pretty as it sounds.
Also a C or assembly program would be much smaller , if you only expose the binary it will be harder to reverse engineer.
Problem is not so much in the logging part its about moving the data in a way that can go undetected, the traditional FTP methods are likely to set off all sorta windows toys.
Anyway there should be plenty of examples , looking at your post it is pretty clear you will have to learn how to code.
Start with something easier and think of the problem in the meanwhile.
You could template it in python , make sure you understand the networking and the OS part of the story, then move up to another language, there are plenty choices.
15
Hardware / Re: Intel Mini ATX build ideas
« on: February 16, 2016, 01:45:49 pm »That involves a lot of tools I don't have and resources which are too expensive for this project IMOGet one of those aluminium briefcase and use that these are easy to work with when it comes to modifications, use the lid for some old TFT screen, something I always sorta planned on doing, mainly because its kewl , other than that it becomes semi portable which can be useful.
Ofcourse you will have to consider airflow or use a big ass passive cooler which would be much more suitable in this case.
You could build a gateway/firewall with AP or something like that, install SQUID+adzapper/caching DNS server perhaps use it as a openVPN or IPSEC box to be able to connect to your home network etc.