Q&amp;A Thread

Name
Email
Subject
Comment *
File	Select/drop/paste files here
* = required field	[▶ Show post options & limits] Confused? See the FAQ.

Options	Do not bump (you can also write sage in the email field) Spoiler images (this replaces the thumbnails of your images with question marks)
Password	(For file and post deletion.)
Allowed file types:jpg, jpeg, gif, png, webm, mp4 Max filesize is 8 MB. Max image dimensions are 10000 x 10000. You may upload 3 per post.

File: 1411466059934.png (211.52 KB, 821x3309, 821:3309, 1410727038518.png)

Q&A Thread anonymouse!6EYsIxhDtk 09/23/14 (Tue) 09:54:19 No.91

Ask your stupid and not-stupid questions here.

I'll copy an answer from another thread to kick it off:

>Question regarding sqli: any resources on where to learn or practice for sqli web attacks. Im learning the syntax and practising using w3c but cant find any tut s on the find details of sqli. Only stupid youtube videos that teach you 1 approach instead of how.

https://pentesterlab.com/exercises/ Might be helpful for you, they're vm images you download and practice pentesting. I seem to remember some of them having sql, it's been a while.

Also, these: http://pentestlab.org/10-vulnerable-web-applications-you-can-play-with/

I've used DVWA and the bodgeit store, both were pretty instructive. Neither is limited to sqli, but they definitely them.

Anonymous 09/23/14 (Tue) 19:43:56 No.112

File: 1411501436794.gif (615.89 KB, 500x281, 500:281, databasewow.gif)

I think there was supposed to be a kind of roadmap for newbs but I'm going to ask here anyways:
What path would you guys recommend for becoming a 1337 haxor well-versed in the important areas of netsec? Stuff like beginning with browser attacks, then moving onto programming, actual network attacks, etc? I don't want to spend my time inefficiently doing some useless shit that won't contribute to my skill or understanding. This might be stretching it a bit but the more detailed advice you can give the better.

Player_0 09/24/14 (Wed) 03:44:41 No.119

>1 approach instead of how
too many videos of that

Anonymous 09/24/14 (Wed) 04:37:24 No.121

>>119
agreed, and also when they don't provide any input on the attacks doesn't help either.

Player_0 09/24/14 (Wed) 05:03:14 No.122

>>121
yeah
i'm saving up for a sqli book
i can't believe it exists but a book about fucking bot nets and worms doesn't

Anonymous 09/24/14 (Wed) 05:29:03 No.123

>>122
knowledge is power…

Anonymous 09/24/14 (Wed) 06:52:38 No.127

>>122

Botnet are basically remote administration tools and many languages have libraries which can be used to build said tools on the fly once exploitation is done and over with.

To be honest, Beyond the exploitation/obfuscation and retaining access of the payload, it's sysadmin work which is one of the reasons why you won't find much about it in exploitation books.

noko Anonymous 09/26/14 (Fri) 06:36:03 No.174

>>112

I'm no super 1337 h4x0r yet, but I can tell you that gaining a fundamental understanding of the tech you will be trying to attack is the best way to go, a lot of huge companies have cisco routers/firewalls, so learn the basics of IOS and all the commands you can run/what they do, how ipv4 works, how packets work, how subnetting works, dns, dhcp etc… they also mostly use windows servers (mostly 2008 from experience) that means uou will need to learn about ad and windows server vulnerabilitie

I struggle in the programming areas, I'm a network/infrastructure technician irl and never bothered to learn programming, currently working towards working in the network security field due to it being interesting and dat fat cash

Anonymous 09/26/14 (Fri) 10:18:51 No.175

>>174
You're a network technician? Interesting, I've been considering going into networking for a while, and maybe moving into netsec later. What was your major? Has it payed well for you?

Anonymous 09/26/14 (Fri) 13:02:47 No.177

What kind of setup should I have as a hack lab to test my stuff? I've heard that it's a good idea to have a couple of VMs running and then use them on each other. Is this enough? (At least until I gain enough knowledge to try a real target)

If so, what systems should I use? I assume at least Kali Linux, what about the host?

Kali (177) Yoobi!!WZyeN.RUgI 09/26/14 (Fri) 23:34:18 No.179

Apparently this blowhole has every dns not in the us blacklisted.

Anyway, Kali is all sorts of fucked right now. Repositories are garbage, and unless you like configuring for hours for a distro that should be a run once and burn, it's not worth it. Look into other distros. A few good ones have been dropped around here. Look.

Anonymous 09/27/14 (Sat) 19:38:27 No.185

File: 1411846707518.webm (298.97 KB, 426x240, 71:40, like2nomore.webm)

Here is a question that I have been doing research on for a while.

Perl vs Python, which one should I devote the most time to in order to use it
for real life situations (as I am now I plan to learn both & others)

I have seen some simple perl scripts to write port scanners ect and dump the results to a file. I understand that perl is powerful however it is slow and troublesome to learn. (outdated resources)

Would I be better devoting my time to becoming proficient in python first? At the moment I find myself learning languages however I have not learned any real practical use for them so I was wondering if its best to slug it out with learning perl or switch over to python.

(I have lots of time on my hand so trying to spend it wisely)

As far as pentesting goes I am aiming to learn more of the web attacks hence prior questions on sqli.

Also is anybody aware of any real world situations that I could use to practice a specific use for programming. e.g when I learnt HTML,CSS and parts of PHP it was so I could build websites with an email form. I seem to learn faster having real problems to solve so I would be forever grateful if I could have some opinions on this.

noko Anonymous 09/27/14 (Sat) 22:41:41 No.186

>>175

I'm in the UK and did not go to uni, there are many routes in to the field, I started on a 1st line broadband support desk, moved up to 2nd/3rd line tech support then did a CCNA and CCNP I found it a lot easier to get to that level than a lot of people I met who did go to uni due to the vast support experience I had, employers like that.

Networking is quite a fun area of IT, but I guess that comes down to personal preference, its payed off well for me (30k gbp at age 23) but I want to move in to netsec/infosec within the next few years but there is a lot to learn.

If you want to get in to it the only thing that is worth a damn (at least in the uk) is cisco certification, download boson netkit (tpb) and get networking, its probably the best way to get in to it, there are a lot of resources online to help people just starting in the field, but I dont think a college education is really all that necessary (at leat in the UK)

(Sorry for the grammar/spelling, I'm on my mobile)

Anonymouse!6EYsIxhDtk 09/29/14 (Mon) 21:43:35 No.209

>>185
I like python, it's good, useful for a lot of different things and very popular. I don't know perl, it's probably good too. I can't really recommend learning python over perl, but I can say python is very good to know.

>>186
That's interesting, thanks, it's about what i'd heard, I'm getting >>186
in uni and working from there, should be fairly flexible.

Anonymous 09/29/14 (Mon) 22:23:17 No.210

>>112
A good place to start basic penetration testing would be to go through the Wireless LAN Security and Penetration Testing Megaprimer on Security Tube.

>http://www.securitytube.net/groups?operation=view&groupId=9

He takes his time breaking down and explaining the way packets work, and not only HOW to do things, but WHY they work.

Anonymous 09/30/14 (Tue) 02:10:02 No.211

>>186
>Networking is quite a fun area of IT

I concur it is very fun and interesting i'm reading a book about it right now and i LOVE it.

>>185
also learn python it looks really good i decided to start over on programming and such and start with learning about networking
i comprised a list of languages to learn
i already know c++. Python is on that list of languages to learn.

Anonymous 09/30/14 (Tue) 14:52:42 No.212

>>211

>python it looks really good

Yea I agree, and I know its powerful its just perl got cpan.. The trouble with perl is that it is strict and the resources for it are little outdated.

Tbh all programming feels the same to me I dont really have a favourite its just learning the syntax.

I could learn any of them if I spend enough time on it.

Ill give python a few spins alongside some of the other stuff and see how it goes.

Ty for feedback all. :)

Anonymous 10/02/14 (Thu) 23:54:39 No.220

Browsing the likes of fullchan, what should one be ideally browsing it on? proxies? specific browser etc?

Awesome thread btw

Anonymous 10/03/14 (Fri) 00:35:40 No.221

>>220
I think you should use whatever you feel best.
If i were you i'd use a VPN.

Anonymous 03/03/15 (Tue) 09:21:47 No.593

toplel

Anonymous 08/05/15 (Wed) 00:32:36 No.706

We're trying to play around with MITM attacks with wireshark and arpspoof, but for some reason, it worked once, but then it never shows the 200 OK for some reason.

Tried resetting the router, but still can't see what I'm typing to google on the victim computer. Any ideas why this is happening?