/r/hacking

Photograph via snooOG

A subreddit dedicated to hacking and hackers.

Constructive collaboration and learning about exploits, industry standards, grey and white hat hacking, new hardware and software hacking technology, sharing ideas and suggestions for small business and personal security.

A subreddit dedicated to hacking and hacking culture.

What we are about: quality and constructive discussion about the culture, profession and love of hacking.

This sub is aimed at those with an understanding of hacking - please visit /r/HowToHack for posting beginner links and tutorials; any beginner questions should be directed there as they will result in a ban here.

Guides and tutorials are welcome here as long as they are suitably complex and most importantly legal!

Bans are handed out at moderator discretion.

Another one got caught today, it's all over the papers. "Teenager Arrested in Computer Crime Scandal", "Hacker Arrested after Bank Tampering"...

Damn kids. They're all alike.


Rules:

  1. Keep it legal Hacking can be a grey area but keep it above board. Discussion around the legality of issues is ok, encouraging or aiding illegal activities is not

  2. We are not your personal army. This is not the place to try to find hackers to do your dirty work and you will be banned for trying. This includes:

  • Asking someone to hack for you
  • Trying to hire hackers
  • Asking for help with your DoS
  • Asking how to get into your "girlfriend's" instagram
  • Offering to do these things will also result in a ban
  • No "how do i start hacking?" posts. See /r/howtohack or the stickied post. Intermediate questions are welcomed - e.g. "How does HSTS prevent SSL stripping?" is a good question. "How do I hack wifi with Kali?" is bad.

  • No "I got hacked" posts unless it's an interesting post-mortem of a unique attack. Your nan being phished doesn't count.

  • Sharing of personal data is forbidden - no doxxing or IP dumping

  • Spam is strictly forbidden and will result in a ban. Professional promotion e.g. from security firms/pen testing companies is allowed within the confines of site-wide rules on self promotion found here, but will otherwise be considered spam.

  • Off-topic posts will be treated as spam.

  • Low-effort content will be removed at moderator discretion

  • We are not tech support, these posts should be kept on /r/techsupport

  • Don't be a dick. Play nice, support each other and encourage learning.


  • Recommended Subreddits:

    /r/hacking

    2,766,754 Subscribers

    4

    Do PortSwigger labs require the premium version of Burp Suite?

    I just started using this platform, and it seems like I need to have access to the premium version to access certain features. Does this apply to all the labs in Burp Suite? What do you guys do....the ones who have experience...do y'all skip the labs or what do y'all do?

    8 Comments
    2024/12/03
    10:51 UTC

    31

    🚀Evil-M5Cardputer v1.3.6 is HERE! Network Hijacking!🚀

    Here's what's new in v1.3.6:

    ---

    New Features

    DHCP Starvation Attack :

    - Flood the target DHCP server with fake client requests.

    - Exhaust the IP pool, leaving legitimate devices unable to obtain an IP address.

    - Automatically forces the target network into a vulnerable state, ready for takeover!

    https://preview.redd.it/k5bx1h3pcj4e1.jpg?width=1654&format=pjpg&auto=webp&s=e58d794d5fb095cd8becf719ad74edff064ab59f

    ### **Rogue DHCP Server**

    - Respond to DHCP requests with **malicious configurations** after starvation.

    - Redirect DNS queries to your **Evil-Cardputer IP** for further exploitation.

    - Fully integrates with the **Captive Portal**, redirecting HTTP traffic to the portal page for maximum control.

    - Can operate **independently** without DHCP Starvation if the target DHCP server is slow to respond.

    https://preview.redd.it/a95tbzeqcj4e1.jpg?width=1652&format=pjpg&auto=webp&s=e580b17d62fdcd8bc51e43c86795e5392dea8439

    ### **Switch DNS**

    - Dynamically switch between emitted Wi-Fi DNS and local network DNS configurations.

    - Spoof DNS responses on the fly for targeted redirections.

    https://preview.redd.it/usgjmvircj4e1.jpg?width=1652&format=pjpg&auto=webp&s=d8afe9c4085e992cdf2d3fe1e6a42169b7602706

    ---

    Automated Workflow

    - Execute the entire attack process with a single command:

    DHCP Starvation

    Rogue DHCP Setup

    Captive Portal Initialization

    DNS Spoofing

    - Interactive guidance for step-by-step demos included!

    ---

    Demo Video !!

    Check out the attack in action here:

    https://www.youtube.com/shorts/htfcb1ta51U

    ### 🚀**Get the Update Now!**

    - Available on GitHub:https://github.com/7h30th3r0n3/Evil-M5Core2

    - Already pushed to **M5Burner** for easy setup.

    Enjoy!!! 🎉🥳🔥

    2 Comments
    2024/12/03
    01:23 UTC

    78

    18 hacking books for $36 (Hacking 2024 Humble Bundle)

    If you're interested, we've got 18 hacking titles for $36 in our Hacking 2024 Humble Bundle (just dropped). Full list below. Have at it.

    $1 tier:

    • Real-World Bug Hunting
    • The Tangled Web

    $10 tier adds:

    • Cyberjutsu
    • Penetration Testing
    • Black Hat Go
    • Malware Data Science

    $18 tier adds:

    • Linux Basics for Hackers
    • Ethical Hacking
    • Foundations of Information Security
    • Practical IoT Hacking
    • The Ghidra Book
    • Attacking Network Protocols

    $36 tier adds:

    • Windows Security Internals
    • Evading EDR
    • Hacks, Leaks, and Revelations
    • The Android Malware Handbook
    • Evasive Malware
    • The Art of Mac Malware, Vol. 1
    7 Comments
    2024/12/02
    19:20 UTC

    49

    Would you be able to ddos someone using several virtual machines?

    Probably a stupid question but it was a thought that popped into my head while I was in class, I'm currently learning about how ddosing works.

    41 Comments
    2024/12/02
    17:58 UTC

    12

    Deleting BIOS data

    I couldn't think of another sub to ask this. If this isn't the right one, please tell me which one to direct the question in the comments

    So, for some fucking reason I put a password to enter bios mode more or less 1 year ago and I have no clue what the password is anymore. I tried removing the CMOS battery for 25 minutes already and it still asks me for password. Do Acer laptops store the bios settings in a different place or something? That wouldn't make much sense because then what would be the use of the CMOS battery anyway? Regardless; is there any other way to achieve the same thing?

    --SOLVED--

    20 Comments
    2024/12/01
    14:00 UTC

    5

    Next steps for vulnerability disclosure

    I ended up finding a vulnerability on a well known company’s website in accordance with their bug bounty program scope and ended up reporting it. HackerOne’s triage team told me that another researcher already submitted a report on that vulnerability and closed my report out as a duplicate.

    I did see that they linked the other person’s report along with its status and submission date, albeit I couldn’t actually access the contents of the report. That person reported it coming up on about 2 years ago and it has been sitting under “Triaged” status the entire time. It’s a low severity vulnerability that probably wouldn’t be difficult at all to fix.

    Though based on the report date and how long it’s been sitting there, I’m starting to think that maybe they just don’t care. So with that said, would I be able to publicly disclose the vulnerability given that they closed my report and have been sitting on the other one for 2 years now?

    5 Comments
    2024/12/01
    08:59 UTC

    57

    An offering of insight to those aspiring, just starting out, and perhaps some skilled who feel as if it hasn't "clicked" yet to allow for you to prove your mettle. I see all the time people around here who would do well to hear this. Widen your perspective. Take what you can use, leave the rest.

    Hacking isn’t about memorizing tricks or collecting tools like a keyring full of exploits to try on every random lock you find. That’s a beginner’s misconception—a surface-level view that misses the essence of what hacking actually is. Think of it more like puzzle-solving, where you start with a fundamental understanding of how systems work, and then apply creativity, logic, and critical thinking to figure out how to make those systems behave in ways they weren’t designed to.

    Injection, XSS, buffer overflows, and all the other techniques aren’t the "keys" themselves. They’re more like conceptual crowbars or leverage points—ways to interact with the system’s inner logic. But here’s the kicker: the real magic isn’t in the tools; it’s in your mindset. You need to train your brain to look at things differently. When you see an application, you shouldn’t just see its intended function; you should see the network calls, input/output boundaries, data flow, and assumptions baked into the code.

    Think like this: hacking is about asking “what if?” What if this input isn’t sanitized? What if this field is vulnerable to overflow? What if I can inject unexpected data and change the program’s behavior? What if I can bypass the gate instead of unlocking the door? This isn’t about “using a tool” or “learning a trick.” It’s about figuring out where the cracks in the logic lie—and the tools are just ways to exploit those cracks once you’ve identified them.

    So, the shift you need is this: don’t focus on learning tools to fit locks. Focus on learning to recognize how locks work, why they exist, and how to think like the person who designed them. The more you understand about the systems you’re dealing with, the more you’ll intuitively see opportunities for interaction where others see none.

    12 Comments
    2024/12/01
    08:48 UTC

    15

    Raspberry Pi hacking projects

    I figured this would best fit here. I’ve been in the cybersecurity field for quite some time and want to create a fun raspberry pi project. What would be a good “hacking” project idea that I can use my raspberry pi for. Something like the pwnagotchi would be fun. Thoughts?

    22 Comments
    2024/12/01
    06:53 UTC

    113

    are most hacking forums for kids?

    So I keep reading that the majority of users on nulled.to and hackforums.net are younger. So are most cybercriminal forums just for kids? What about InfoSec forums or things like the Hack the Box Discord?

    45 Comments
    2024/12/01
    06:29 UTC

    5

    Some guidance about learning

    Hey there guys I learned some labs and gained some knowledge about xss, sql inj, authentication, csrf, ssrf and completed this labs from Portswigger labs.. I even tried to search vulnerability but nah.. Unable to find any is this knowledge enough? Or what I need to know what next about learning path? Do I still try about searching vulnerability or where can I get enough knowledge about it??

    2 Comments
    2024/12/01
    02:05 UTC

    0

    How did The Real World get hacked?

    I watched Fireship’s video about the Real World hack (hilarious btw), and was wondering how this was done? I know that the hackers took advantage of a chrome command, but what was it exactly?

    9 Comments
    2024/12/01
    00:44 UTC

    9

    Is 2fa bypass using password reset feature considered a valid PoC ?

    I mean the attacker would already have access to victims email account but the 2fa code is not sent in the email but it comes from a third party 2fa App or sent using SMS to the victim. Using the password reset link the attacker logs into the victims web account because the web app directly logs the user into the web account after the password reset instead of redirecting to a login page.

    11 Comments
    2024/11/30
    16:20 UTC

    1

    how do i upload a file over ssh to a server that runs qemu

    essentially title - but ill be more precise about the problem. this isnt an ssh server on qemu, but a ssh server that once a connection is established, runs qemu, and connects it to the ssh terminal. the qemu machine itself doesnt have any sort of compiler or internet access.

    im trying the kcrc challenge on pwnable.kr, and i want to upload a binary i compiled to the remote ssh.

    what can i do? i tried writing a python script that slowly writes commands that write the file using base64, but the binary is too large and this fails with pretty high probability, some lines just get cut off and stuff like that. there might be a very standard and easy solution that im missing, help with this is very appreciated!

    Edit: There seems to be some misunderstanding about the environment.

    When you ssh to kcrc@pwnable.kr, the remote (at pwnable.kr) launches a virtual machine and connects the ssh socket to the virtual machine stdin and stdout. I have access to a shell inside the VM, nothing more. The machine itself doesn't have internet access, no compiler, just a BusyBox Linux kernel with nothing on it.

    The user acut3hack worded it way better than me

    sshd runs on the host. When you ssh into the server, it launches a VM and connects the ssh session to the VM's console. You can see it booting. Then you're logged in as an unprivileged user inside the VM. The VM doesn't even have a configured IP address. It can't connect to anything.

    So you're using ssh, but it's like you're sitting at the console of a system that doesn't have any network access. You can type stuff on the keyboard, but that's it.

    This is his comment just copy pasted.

    30 Comments
    2024/11/28
    23:41 UTC

    1

    Alternatives to CUPP that splits and mixes words?

    I am looking for a wordlist generator that also mixes words, so for example if two of the input words are 'Keyboard' and 'Demon' the wordlist should generate passwords that include 'Keymon', 'Deboard', 'Dekey' and so on. Extra points if the tool can also leet only some characters: 'Kem0n'.

    Does a tool like this exist or do I need to make one myself?

    6 Comments
    2024/11/28
    21:14 UTC

    3

    Geetung basic system info with pdfs

    My target is to make sure pdf runs on a single system and for that i need to collect basic sysinfo. How can that be done?

    Minimum: create a uuid or hash based on sysinfo and push to server so if pdf is opened on another pc, i will know. Best case: also include process running. I do not need anything related to user

    I don't know how to do that as Javascript can be disabled in pdfs. And if i hide a binary in it, it could trigger antivirus or need admin privileges

    2 Comments
    2024/11/28
    12:28 UTC

    232

    Make sure you guys dont use linpeas from linpea.sh. It contains code that collects data

    31 Comments
    2024/11/28
    07:35 UTC

    7

    Daily CTF - corrupted image

    I have a custom.png file, which i tried to restor it from its corrupted stat. If anyone can help me, thanks. For being a hard one, i'l give anyone that can solve it a cookie :)).

    The original file : https://www.mediafire.com/file/skhm0bxtd7sp4y8/custom.png/file

    The one i modified it : https://www.mediafire.com/file/nc6qsm7myul90vh/customnew.png/file

    2 Comments
    2024/11/28
    07:01 UTC

    4

    Detecting IMSI catchers

    Let's say a plane was circling overhead. Would there be a way to determine if that plane was using an IMSI catcher? What sort of equipment and software would be required? Thinking SDR as a possibility here.

    5 Comments
    2024/11/26
    21:57 UTC

    0

    Are you able to see the images from The Real World leaks that were sent in chat?

    Is it theoretically possible to somehow see the images that were sent in the real world shit just by like the ids of the image in the leaks?

    8 Comments
    2024/11/26
    21:03 UTC

    256

    When you have RS-232 and the password is admin

    15 Comments
    2024/11/26
    07:08 UTC

    4

    any way to modify the DNS cache beyond the hosts file on Windows?

    working on a training virtual machine where the idea is that google.com is completely broken and once they can access it, they've finished all the tasks.

    i want to resolve google.com to localhost to add another layer of difficulty (beyond breaking dhcp and so on), but the hosts file is a pretty obvious spot to look. i was thinking of setting up the virtual machine as its own dns server, but that sounds like a headache.

    anyone have thoughts?

    6 Comments
    2024/11/26
    02:56 UTC

    4,811

    Hacking is illegal and for nerds

    145 Comments
    2024/11/26
    02:52 UTC

    1

    CEH vs CySA+

    Hello,

    Network Engineer for 3 years, System Engineering & Admin for 4. I also have 8 years of Military Comms experience.

    I really need to fill my background with DoD 8140 certs due to my military and civilian job requirements. I know in this community CEH is not widely popular.

    Currently have my Sec+ & CCNA. Passed Sec+ in a week and CCNA took 3 months. Is the CEH or CySA+ harder. I know one focuses on Ethical hacking concepts while other focuses on SOC. But I need one to advance. Any idea which one is harder, beneficial in the eyes of HR, which one is more practical.

    Once i get this requirement out of the way I will pursue PJPT.

    8 Comments
    2024/11/25
    16:00 UTC

    0

    Do you think the community will port similar ESP32 projects over to the new Raspberry pi pico 2 W?

    Specs and details here > https://bret.dk/raspberry-pi-pico-2-w-this-time-its-wireless/

    I would love to see this being used for similar projects like marauder, ghost, ect.

    6 Comments
    2024/11/25
    15:18 UTC

    Back To Top