hax - Catalog

Im a GNU/Linux user, and I know how to hack things IRL, like pick locks, spying, tracking, and I know how to operate msf with armitage, so I can send links to people and infect them thru java (etc)

What should I learn first?

Wat do?

I already checked the pinned thread, but i need to have some kind of knowledge to understand what those sites are telling me.

I like the idea of exploiting things (IRL or not)

R: 10 / I: 1 / P: 1

Modem Login

Hey guys, I've got this Cisco DPC3208C from my ISP which I want to 1337 hax (fuck around with the admin panel), but I can't log in to it

I've tried all the usual shit - 'admin'/'admin', 'admin'/'password', ''/'password', etc

Any ideas?

R: 1 / I: 0 / P: 1

Need passwords to the following webpages

http://www.ganddstudios.com/p52030491

http://www.ganddstudios.com/p534558889

Great boudior photo set with a great model but I need to get into the private photo sets.

R: 31 / I: 9 / P: 1

TRIPCODE THEFT THREAD

Sena tripcode attempts:

https://www.zerobin.net/?dace50f88f3a0948#IFGjKl23P8rMvh1faDt5gGl+CUob4D+lKNkuG8NVw80=

Amir tripcode attempts:

https://www.zerobin.net/?e5c2caf44c02d0c6#nSpkt3ytibFpVS4QnEfgLGXQ9hlrQ/STbyLRZM47miE=

Banana/green(?) attempts:

https://0x0.st/oLf.txt

USA/Opiates attempts:

https://0x0.st/oL2.txt

Thanks other anons who contributed a lot, if you try and crack trips post the attempts here.

R: 19 / I: 5 / P: 1

Durrcada

Hello. "We" are looking for highly functioning autists, To find them, we have devised a test.

There is a message hidden in this image (you don't say).

Find it, and it will lead you on the road to finding us. We look forward to never meet you, filthy sociopaths incapable of eye contact, but hopefully you'll have some fun all the way through.

Some facts:

- There are no decoys. If something is there, it's there for a meaning.

- Nothing overly complicated. Horses, not zebras.

- You don't have to unveil everything to get to the end (there are a lot of redundant hints)

- The vertical inception level is more than six, the horizontal inception level is two.

- It's kinda easy.

- There's no porn.

- No, there's no porn.

- There's no malware.

- The test is self-contained. It's possible to take advantage of online resources, but it's never necessary.

- The test is theoretically OS-agnostic; anyway, using anything but a GNU/Linux platform = asking for troubles.

- No law nor freedom has been harmed in the making of this test.

- The sha512 HMAC checksum with key "faggot" of this image is

64b4950a11fda657100664829b4a5399896d150db5c60b2ac9cd03bd0f3e773087b436be975e79c0460d3a9fb3e40d260cecce0e93921fe48531f33e1a380a8b

gl,hf

R: 6 / I: 0 / P: 1

bawtnet

Doing requests. I'm bored and have a very large botnet. Put requests of things to hit off below.

R: 20 / I: 3 / P: 1

About to make history..

Sup, about to make history…

R: 1 / I: 0 / P: 1

Anyone here ever set up an evil twin?

Any stories, advice?

R: 20 / I: 3 / P: 1

Teen Faggot needs help learning Windows and Ubuntu vulnerabilities and fixes Fast

I am a highschool student. A pretentious, philosophical, logic-oriented ball of pimples and adolescence, but please, help a future /cyb/erfag out.

www.uscyberpatriot.org hosts a program allowing Highschool students worldwide the opportunity to compete in a tournament-structured fight to see who can best find AND patch the vulnerabilities of the provided system images, cone being a Windows image, the other being an Ubuntu image. A deep knowledge of both is something i need to develop over the next month, as myself and my uddy just initiated the team, and the first round of competition takes place in November.

I need to learn various Windows and Ubuntu versions' vulnerabilities and fixes inside and out, and i haven't much time. I am at the least competent enough to custom install arch, rice, and preform some pathetic scriptkiddie-level attacks, but i have not yet gone to college, and thenceforth have no solid knowledge of the insides, vulnerabilities, and general ins-and-outs of windows and Ubuntu operating systems.

I beg of you: Help me to win this competition and show America that real programmers still exist. We're not all just scriptkiddies and app developers.

Any pdf''s, System Images, Tools, Tips etc. would be GREATLY appreciated. Thanks a ton, and i literally owe you.

>Already downloaded all good resources on this board

>Pic Windows 10 related

R: 29 / I: 3 / P: 1

PDF and Guide thread

Hello, as we can all agree, information should be free and open to whoever seeks it. As the saying goes, knowledge is power. Lets get a thread going to share some good PDFs and Guides, I'll start with a god-tier one that got me into all this.

R: 1 / I: 0 / P: 2

hack her?

Newfag here, sorry if this is the wrong place for this but I dont know where else to post it.

I would be uber grateful if someone hacked this whore named Shekinah Glory-Hudson.

She ruined my life and got away with it.

Shes on Facebook, just search her name. Would be awesome if you could hack her pc for nudes, or incriminating evidence or even destroy her life.

R: 7 / I: 0 / P: 2

Mobile Devices

Im a complete newfag, but i figured it would be cool to use a smartphone (iPhone in my case pls no bully) as a pentesting device. So i did:

> Jailbreak

> Install MTerminal and basic stuff like wget, subversion, git, gcc, awk

> Find guide to install Metasploit on an iPhone

> Try to install the ported dependencies, realize that the only host, ininja.com, has some weird htaccess issue and wget can't download

> All the guides, forums and videos are from around 2012 and the community is either dead or there are just some skiddies like myself left

> Finally download them somehow on desktop, upload them to my own server, wget them again, install dependencies

> git clone Metasploit

> try to run ruby msfupdate

> "Illegal instruction: 4"

> There is exactly one faggot in the internet dealing with the issue, made one shitty video, says this command does the trick:

 sed -i'' ' s-\x00\x30\x93\xe4-\x00\x30\x93\xe5-g;s-\x00\x30\xd3\xe4-\x00\x30\xd3\xe5-g;'; /usr/local/bin/ruby

> run it, all it does is enter a dead and empty console just showing ">", giving new empty lines on any input

> ^C out, back to metasploit, still doesn't work

What do? Just end this misery?

R: 2 / I: 0 / P: 2

Android

Any neat Android apps that you may recommend?

R: 7 / I: 1 / P: 2
Shame this page is so empty.
Anyways I am using wireshark to monitor traffic on my wireless router. Its set to promiscuous mode. But for some reason i only get the traffic from my laptop. I have cellphones a WiiU and another computer connected also. How do i see traffic from other devices? Thanks for your expertise.

R: 1 / I: 0 / P: 2

Patreon DB leaked

#SuperExtremeShitPostingTeam hacked Patreon.

Have fun

https://mega.nz/#!IdxGgIhJ!iRRR5F8k5sHRfS1Qq6gPW9TLjxslny-yY5R1a91SYUo

R: 28 / I: 7 / P: 2

Spoonfeeding topic

In this topic, we spoonfeed people with infographics and source codes.

R: 3 / I: 1 / P: 2

Kali in virtualbox wifi problems

hey guys im here with a really noob question but ill give it a shot.

is there any way to run Kali 2.0 in Virtualbox and have access to wireless networks?without getting new usb wifi adapter?

bridged network doesnt work.

i upgraded my kali and downloaded some 06/26/10 network setting but it didnt help shit.

how am i suposed to run kali? live cd? ive seen plenty of people having virtuallab with kali…

again, sorry for retarded question

R: 1 / I: 0 / P: 2

cracking an encrypted .7z

Hey, I recently found an encrypted .7z file on an old flash drive and have been trying to crack it. I've tried John the ripper, but it doesn't seem to work with .7z files. Does anyone have any recommendations for patches or other software?

R: 8 / I: 1 / P: 2

What is the best password list? I'm currently trying to break into a WPA2 wifi network via dictionary attack and my list isn't cutting it.

Suggestions welcome.

R: 7 / I: 1 / P: 2

Safe Malware Analysis

I want to run and analyze certain malware samples. What's a safe method of sandboxing it so that my host machine isn't affected?

I was thinking about doing a Virtualbox VM within a VMware VM, because I've heard of some malware that's capable of breaking out of virtualized environments. My logic here is that even if a virus is capable of breaking out of one kind of VM it probably doesn't know how to break out of other ones, and it probably isn't assuming that it's being run in a VM within a VM.

Would this be a good idea? Or do you have any better ones?

R: 2 / I: 0 / P: 2

Setups?

Currently, I'm using an Aegis Padlock DT (FIPS 140-2 Level 2 Validated) hard drive along with Tails OS. Not to mention, even though Tails routes all connections through TOR, I use my neighbors internet connection (they don't know of course). In addition, I use sock5 proxies from VIP72 on-top of TOR. What can I do to protect myself even more or is my current setup safe enough? I've thought about investing in a hardware security module, but they're so god damn expensive.

R: 2 / I: 0 / P: 2

As an absolute beginner, where would I start? I've always been interested in this sort of thing.

R: 5 / I: 0 / P: 2

How Do I Pull This Off?

Hey, /hax/, I was told to come here from /tech/. I made a thread there earlier about getting passwords when I have physical access to one's computer. Here's what I wrote in the OP:

Not asking for l33t hax0ring, but close.

There are people not ex-gf since never had one whose passwords I want to get, and I might get access to their pc/laptop/pad/phone.

How do I do it?

For Firefox, I know I can just go to the settings or whatever and get the passwords, and I think Safari is the same. For Chrome, it asks for admin password, but that doesn't matter since I can just see which sites it has passwords for, go to the log in pages of those, and inspect element of the password and change it to "text".

I made a simple temporary keylogger that can run off a USB and log the inputs in a JPG to be opened later with notepad, just in case they have no saved passwords on their browser (I'll handle pulling this one off, don't worry about the details), but I still don't think it's enough.

For the phone (if Android), I'm thinking about convincing them to install an app that would help locate their phone if lost (called Lost Android), but isn't simply that; it allows the owner to log in to their website and gain control of the phone and has many functions. Is there anything similar for the iPhone?

There's another thing called Mouse Server. It's an app that can remotely control a PC that has its program installed on it and on, but only if they're on the same Wi-Fi network. It has limited uses for what I want, but I'm wondering if there's anything like it that can show the screen from the phone?

Is there a way to see passwords on a phone like inspect element and changing to text?

I'm asking all this because I have a target I'm getting to in a month, and won't be seeing them for perhaps another year or two. My other option would be social engineering, which I've never done before.

>vid unrelated

R: 5 / I: 1 / P: 2

Newfriend Advice

Sup /hax/. I've been lurking this board infrequently since the first exodus and it seems like it's mostly dead around here, but there appear to be a handful of regular posters, so:

I realize there are a plethora of links on the sticky and many resources out there available to people who want to into pentesting and NetSec, but all of these resources for learning either presuppose a significant amount of general knowledge on computers, software, networks, etc., or they should. Because who wants to be a skiddie, right?

So, I'm thinking of this as the sort of thread for major noobs to get advice on where to start before getting into /-/@xX01^1Ng. To what extent do you need to know how things work before you can start breaking them?

I say individual computers and networks, but I feel like there's a lot more detail to those two things that I'm not aware of and possible other aspects of computing that I'm not aware of and that I need to know.

R: 1 / I: 1 / P: 2

HOLA FIREFOX PLUGIN SOURCE.

https://mega.co.nz/#!NtBHjZqA!YWkygjOdPCgFJX4EyyzN2imVCYrXKc5VDKNLoL_wAnE

Unobfuscated. Unprotected. Have fun.

R: 2 / I: 0 / P: 3

Newfag, I know

Bandit Level 12 → Level 13

Level Goal

The password for the next level is stored in the file data.txt, which is a hexdump of a file that has been repeatedly compressed. For this level it may be useful to create a directory under /tmp in which you can work using mkdir. For example: mkdir /tmp/myname123. Then copy the datafile using cp, and rename it using mv (read the manpages!)

Commands you may need to solve this level

grep, sort, uniq, strings, base64, tr, tar, gzip, bzip2, xxd, mkdir, cp, mv

Helpful Reading Material

Hex dump on Wikipedia

Hey guys, if anyone could help me that would be awesome. I run the data.txt file with the xxd -r command to reverse the hexdump, then run it through the strings -a command so it I read it, but I am stuck and don't know what to do past that point.

step 1. cat data.txt

0000000: 1f8b 0808 34da 6554 0203 6461 7461 322e ….4.eT..data2.

0000010: 6269 6e00 013f 02c0 fd42 5a68 3931 4159 bin..?…BZh91AY

0000020: 2653 5982 c194 8a00 0019 ffff dbfb adfb &SY………….

0000030: bbab b7d7 ffea ffcd fff7 bfbf 1feb eff9 …………….

0000040: faab 9fbf fef2 fefb bebf ffff b001 3b18 …………..;.

0000050: 6400 001e a000 1a00 6468 0d01 a064 d000 d…….dh…d..

0000060: 0d00 0034 00c9 a320 001a 0000 0d06 80d1 …4… ……..

0000070: a340 01b4 98d2 3d13 ca20 6803 40d1 a340 .@….=.. h.@..@

0000080: 1a00 0340 0d0d 0000 000d 0c80 6803 4d01 …@……..h.M.

0000090: a3d4 d034 07a8 0683 4d0c 4034 069e 91ea …4….M.@4….

00000a0: 0f50 1a1a 1ea3 40e9 ea0c 80d0 0346 87a9 .P….@……F..

00000b0: a006 8193 4340 d320 c403 2064 00c4 000c ….C@. .. d….

00000c0: 8640 0d00 0d06 8340 0c9a 0068 0000 6468 .@…..@…h..dh

00000d0: 1854 0084 0008 38c4 7c28 66b3 bf1f 366d .T….8.|(f…6m

00000e0: 3971 1c93 f09a 6287 0cfe 04d3 efa9 4164 9q….b…….Ad

00000f0: 0ad1 1828 6c55 75ff 6922 dedd 8cfe 5936 …(lUu.i"….Y6

0000100: e351 7ae8 0590 6c01 0446 5f2a ba7e 8503 .Qz…l..F_*.~..

0000110: a710 a38c d8c1 9781 5249 b909 8d92 5e09 ……..RI….^.

0000120: b343 32a1 9890 cc63 74f2 a3a1 f260 3afa .C2….ct….`:.

0000130: 4f55 cc30 f7a3 5c20 d610 a588 1ab4 543c OU.0..\ ……T<

0000140: 71b3 d052 8980 010a b270 4112 89c4 ad7a q..R…..pA….z

0000150: 8386 125d a460 3a11 3da3 4949 a01f 9e7d …].`:.=.II…}

0000160: 8f5e fef5 e13a 4537 dfb3 a898 92e8 cca0 .^…:E7……..

0000170: 155c fb29 d0e1 08cf 0cec 7006 b1bc 8f39 .\.)……p….9

0000180: 51bc 1b7b e1ef 161f f020 6830 b1fd d69c Q..{….. h0….

0000190: e096 54a1 1a03 47ce c4f1 00c7 e520 2e02 ..T…G…… ..

00001a0: 5577 63ac 3dc9 0f84 200a 745d 0503 f8f4 Uwc.=… .t]….

00001b0: b9fb 1152 1c22 a410 572e 11ac cf9e 5ff6 …R."..W….._.

00001c0: dbf4 ef68 3010 7e36 026e aa38 19fd 4c37 …h0.~6.n.8..L7

00001d0: 392c a262 f646 8710 9231 4ee4 5200 c601 9,.b.F…1N.R…

00001e0: 529a fec3 8c89 f85d 5f12 5c2f 9073 4544 R……]_.\/.sED

00001f0: 4fed fb97 a851 f831 cd9a 69d7 e80b 12b5 O….Q.1..i…..

0000200: fb37 ba20 86e9 92a7 78c5 5092 2bac 6269 .7. ….x.P.+.bi

0000210: 01c7 09a1 fda4 ef8b 7c14 1832 a30f db92 ……..|..2….

0000220: d345 a9b4 de57 8996 4dc7 8ee8 b334 02b2 .E…W..M….4..

0000230: 8dc4 a6a6 08ea c285 d28c 9f60 6779 540a ………..`gyT.

0000240: 2b97 5e3f f82c 1800 80f1 32b0 32d1 7724 +.^?.,….2.2.w$

0000250: 5385 0908 2c19 48a0 d123 d96f 3f02 0000 S…,.H..#.o?…

step 2. xxd -r data.txt | strings -a

data2.bin

BZh91AY&SY

6m9q

(lUu

L79,

sEDO

`gyT

No clue what to do after this.

R: 11 / I: 0 / P: 3
Hey, I heard actual hackers and SEs hang out and help here!

I'm trying to take over a forum running MyBB. I SE'd the version and plugins which he is using (1.6.6 with plugins: ThankYou/Like, Google SEO, Goodbye Spammer, GoMobile, Edit Time Limit, Default Profile, Courtesy Edit, Board Messages, ProStats, reCAPTCHA).

Now, here are some vulnerabilities which I found with his forum http://www.cvedetails.com/vulnerability-list/vendor_id-4407/Mybb.html

How do I use these vulnerabilities correctly? I need to gain access to the admin control panel and log in as an admin.

Thanx u in advance

R: 3 / I: 0 / P: 3

How can I hack into Twitter accounts if I know the email addresses attached to them, /hax/? So far, I have found no helpful information regarding this.

How the fuck do people hack into Twitter accounts?

R: 2 / I: 1 / P: 3

Shell for /hax/

Hello /hax/,

Here is a small shell I put together in a few hours for people to use in their pentesting. I will add it to the spoonfeeding thread for long-term storage.

The shell is easy to understand, and modify.

Functions:
-View files
-phpinfo
-shell
-eval
-udp flood
Basically the bare minimum.

Have fun with it! Put any function requests here.

https://www.zerobin.net/?1a0026db485bc20c#eIS5V087SKJwNoNVcDElmxhT+Fz+kV1nyykR6DZ8m/8=

R: 7 / I: 1 / P: 3

>tl;dr

>working on some shit for /baph/; calling it /baph/logger

>need to make it wangblows friendly

>using batch scripts to compile java from source

>Part of the logger includes sending the logs back to the server

>needs the ip address and port #, but would rather not have a separate file, just baked into the source itself when compiled

>to do this through batch, I'm separating the file that needs source and port into 3 different parts to I can use

copy part1 + ip + part2 + port + part3 client.java

>messy as fuck

Is there a better way to do this?

Yes you faggot, I did google.

R: 1 / I: 0 / P: 3

verifying death

So this isn't about hacking per se, but it's something that some of you guys are likely familiar with. I'm trying to figure out definitively if someone is dead. I need some sort of official record or an obituary or something. I've tried searching newspapers in the area, the social security death index, and google. I don't know if my sources just suck, but I can't find shit. Yet at the same time, I have it on good word that she's been gone for a while and judging by her criminal record that's true. Any ideas?

R: 1 / I: 0 / P: 3

Faggot from /hax/ here. Shameless self advertizement

Unless you are blind you will have seen this:

https://8ch.net/hola.html

Thinking of a solution that isn't to hard, or just looking for a way to entirely disrupt Hola. Nothing is off of the table, if your idea involves mass persistent denial of service, then suggest how to do it anyways.

>Mapping out ips for it

If there was a common port that hola uses (doubtful) it would be easy to scan for it on a mass level. The innovation of mscan & shodan makes this task faster. Then there could be a large list of ip's that could be downloaded, and forced to use the Tor cookies.

>Mapping it p2

You could also map it by reversing hola, and makes all outbound connections fail. Then you ping a set website through as many circuits as possible to harvest ips. This takes much longer than the first mapping idea, and would work better than the first if a consistent port range was not used.

>Crippling

You could easily cripple the network through a mass scatter attack. Simply by sending extremely large requests in high volume to as many circuits as possible would do the trick. For this to work, you need a challenging network of the same or greater size.

>Crippling p2

Since all nodes are exit nodes, you could easily start making poisend nodes that inject things into the requested web page, as well as track activity through browser finger prints. A few thousand bad nodes injecting mailto link spamming would be enough to discourage many users from it.

Add your ideas here. There are threads on /tech/, /g/, /hax/, and /i/. Check them out when you get the chance.

R: 3 / I: 0 / P: 3

Help get a feminists number

So there is this die hard feminist right? Well how can we figure out her phone number so it can be attached to spam bots.
https://www.facebook.com/KelseaMcBelsea

Pic not related

R: 2 / I: 2 / P: 3

/i/nsurgent here

https://voat.co/v/announcements/comments/103376

>I promise that, if voat ever becomes financially stable, I'll set up a "hacker fund" to reward people who discover security issues.

happy hunting friends

R: 3 / I: 0 / P: 3

Eugen shell leaked source weeeeee.

https://www.zerobin.net/?2a67e6715f9cd07f#ii44A8dbgCE8KVaAbXmH/WDwCXBF1h/LcSbTMQ3O7AU=

OR

https://www.zerobin.net/?2a67e6715f9cd07f#ii44A8dbgCE8KVaAbXmH/WDwCXBF1h/LcSbTMQ3O7AU=

"Private"

R: 1 / I: 2 / P: 3

M007YK1N5 4 D4 D4Y

Is there anything that could be done to crack this for maximum lulz?

*https://sys.4chan.org/j/admin.php

R: 2 / I: 0 / P: 3

Does anyone know where to get free virtual phone numbers?

R: 20 / I: 6 / P: 3

tools thread

http://www.technonerdz.org/2014/08/top-50-hacking-tools-that-you-must-have/

what's your favorite hacking tool?

(Remember kids, Ironic shitposting is still shitposting)

R: 10 / I: 0 / P: 3

So basically I'm a dumbass with no knowledge of how websites work

and I need help with this. There's a forum running Web Wiz 7.7a and I want to delete some users from it's database if I can. I read that the KW thingy on the search feature is vulnerable to SQL injection, and I know I'm supposed to type in ' and then a command right? But I'm a noob at this and I don't really know what to do.

The search thing looks like this:
/search.asp?KW=stuff&SM=1&FM=3&OB=1&SI=TC

but when I type that SQL stuff in it gives me this error:

Microsoft SQL Native Client error '80040e14'

Incorrect syntax near the keyword 'AND'.

/forum/search.asp, line 364

I think that's supposed to happen but I don't know what to do after that. Please help?