I just started using this platform, and it seems like I need to have access to the premium version to access certain features. Does this apply to all the labs in Burp Suite? What do you guys do....the ones who have experience...do y'all skip the labs or what do y'all do?

Here's what's new in v1.3.6:

---

New Features

DHCP Starvation Attack :

- Flood the target DHCP server with fake client requests.

- Exhaust the IP pool, leaving legitimate devices unable to obtain an IP address.

- Automatically forces the target network into a vulnerable state, ready for takeover!

https://preview.redd.it/k5bx1h3pcj4e1.jpg?width=1654&format=pjpg&auto=webp&s=e58d794d5fb095cd8becf719ad74edff064ab59f

### **Rogue DHCP Server**

- Respond to DHCP requests with **malicious configurations** after starvation.

- Redirect DNS queries to your **Evil-Cardputer IP** for further exploitation.

- Fully integrates with the **Captive Portal**, redirecting HTTP traffic to the portal page for maximum control.

- Can operate **independently** without DHCP Starvation if the target DHCP server is slow to respond.

https://preview.redd.it/a95tbzeqcj4e1.jpg?width=1652&format=pjpg&auto=webp&s=e580b17d62fdcd8bc51e43c86795e5392dea8439

### **Switch DNS**

- Dynamically switch between emitted Wi-Fi DNS and local network DNS configurations.

- Spoof DNS responses on the fly for targeted redirections.

https://preview.redd.it/usgjmvircj4e1.jpg?width=1652&format=pjpg&auto=webp&s=d8afe9c4085e992cdf2d3fe1e6a42169b7602706

---

Automated Workflow

- Execute the entire attack process with a single command:

DHCP Starvation

Rogue DHCP Setup

Captive Portal Initialization

DNS Spoofing

- Interactive guidance for step-by-step demos included!

---

Demo Video !!

Check out the attack in action here:

https://www.youtube.com/shorts/htfcb1ta51U

### 🚀**Get the Update Now!**

- Available on GitHub:https://github.com/7h30th3r0n3/Evil-M5Core2

- Already pushed to **M5Burner** for easy setup.

Enjoy!!! 🎉🥳🔥

If you're interested, we've got 18 hacking titles for $36 in our Hacking 2024 Humble Bundle (just dropped). Full list below. Have at it.

$1 tier:

• Real-World Bug Hunting
• The Tangled Web

$10 tier adds:

• Cyberjutsu
• Penetration Testing
• Black Hat Go
• Malware Data Science

$18 tier adds:

• Linux Basics for Hackers
• Ethical Hacking
• Foundations of Information Security
• Practical IoT Hacking
• The Ghidra Book
• Attacking Network Protocols

$36 tier adds:

• Windows Security Internals
• Evading EDR
• Hacks, Leaks, and Revelations
• The Android Malware Handbook
• Evasive Malware
• The Art of Mac Malware, Vol. 1

Probably a stupid question but it was a thought that popped into my head while I was in class, I'm currently learning about how ddosing works.

I couldn't think of another sub to ask this. If this isn't the right one, please tell me which one to direct the question in the comments

So, for some fucking reason I put a password to enter bios mode more or less 1 year ago and I have no clue what the password is anymore. I tried removing the CMOS battery for 25 minutes already and it still asks me for password. Do Acer laptops store the bios settings in a different place or something? That wouldn't make much sense because then what would be the use of the CMOS battery anyway? Regardless; is there any other way to achieve the same thing?

--SOLVED--

I ended up finding a vulnerability on a well known company’s website in accordance with their bug bounty program scope and ended up reporting it. HackerOne’s triage team told me that another researcher already submitted a report on that vulnerability and closed my report out as a duplicate.

I did see that they linked the other person’s report along with its status and submission date, albeit I couldn’t actually access the contents of the report. That person reported it coming up on about 2 years ago and it has been sitting under “Triaged” status the entire time. It’s a low severity vulnerability that probably wouldn’t be difficult at all to fix.

Though based on the report date and how long it’s been sitting there, I’m starting to think that maybe they just don’t care. So with that said, would I be able to publicly disclose the vulnerability given that they closed my report and have been sitting on the other one for 2 years now?

Hacking isn’t about memorizing tricks or collecting tools like a keyring full of exploits to try on every random lock you find. That’s a beginner’s misconception—a surface-level view that misses the essence of what hacking actually is. Think of it more like puzzle-solving, where you start with a fundamental understanding of how systems work, and then apply creativity, logic, and critical thinking to figure out how to make those systems behave in ways they weren’t designed to.

Injection, XSS, buffer overflows, and all the other techniques aren’t the "keys" themselves. They’re more like conceptual crowbars or leverage points—ways to interact with the system’s inner logic. But here’s the kicker: the real magic isn’t in the tools; it’s in your mindset. You need to train your brain to look at things differently. When you see an application, you shouldn’t just see its intended function; you should see the network calls, input/output boundaries, data flow, and assumptions baked into the code.

Think like this: hacking is about asking “what if?” What if this input isn’t sanitized? What if this field is vulnerable to overflow? What if I can inject unexpected data and change the program’s behavior? What if I can bypass the gate instead of unlocking the door? This isn’t about “using a tool” or “learning a trick.” It’s about figuring out where the cracks in the logic lie—and the tools are just ways to exploit those cracks once you’ve identified them.

So, the shift you need is this: don’t focus on learning tools to fit locks. Focus on learning to recognize how locks work, why they exist, and how to think like the person who designed them. The more you understand about the systems you’re dealing with, the more you’ll intuitively see opportunities for interaction where others see none.

I figured this would best fit here. I’ve been in the cybersecurity field for quite some time and want to create a fun raspberry pi project. What would be a good “hacking” project idea that I can use my raspberry pi for. Something like the pwnagotchi would be fun. Thoughts?

So I keep reading that the majority of users on nulled.to and hackforums.net are younger. So are most cybercriminal forums just for kids? What about InfoSec forums or things like the Hack the Box Discord?

Hey there guys I learned some labs and gained some knowledge about xss, sql inj, authentication, csrf, ssrf and completed this labs from Portswigger labs.. I even tried to search vulnerability but nah.. Unable to find any is this knowledge enough? Or what I need to know what next about learning path? Do I still try about searching vulnerability or where can I get enough knowledge about it??

I watched Fireship’s video about the Real World hack (hilarious btw), and was wondering how this was done? I know that the hackers took advantage of a chrome command, but what was it exactly?

I mean the attacker would already have access to victims email account but the 2fa code is not sent in the email but it comes from a third party 2fa App or sent using SMS to the victim. Using the password reset link the attacker logs into the victims web account because the web app directly logs the user into the web account after the password reset instead of redirecting to a login page.

essentially title - but ill be more precise about the problem. this isnt an ssh server on qemu, but a ssh server that once a connection is established, runs qemu, and connects it to the ssh terminal. the qemu machine itself doesnt have any sort of compiler or internet access.

im trying the kcrc challenge on pwnable.kr, and i want to upload a binary i compiled to the remote ssh.

what can i do? i tried writing a python script that slowly writes commands that write the file using base64, but the binary is too large and this fails with pretty high probability, some lines just get cut off and stuff like that. there might be a very standard and easy solution that im missing, help with this is very appreciated!

Edit: There seems to be some misunderstanding about the environment.

When you ssh to kcrc@pwnable.kr, the remote (at pwnable.kr) launches a virtual machine and connects the ssh socket to the virtual machine stdin and stdout. I have access to a shell inside the VM, nothing more. The machine itself doesn't have internet access, no compiler, just a BusyBox Linux kernel with nothing on it.

The user acut3hack worded it way better than me

sshd runs on the host. When you ssh into the server, it launches a VM and connects the ssh session to the VM's console. You can see it booting. Then you're logged in as an unprivileged user inside the VM. The VM doesn't even have a configured IP address. It can't connect to anything.

So you're using ssh, but it's like you're sitting at the console of a system that doesn't have any network access. You can type stuff on the keyboard, but that's it.

This is his comment just copy pasted.

I am looking for a wordlist generator that also mixes words, so for example if two of the input words are 'Keyboard' and 'Demon' the wordlist should generate passwords that include 'Keymon', 'Deboard', 'Dekey' and so on. Extra points if the tool can also leet only some characters: 'Kem0n'.

Does a tool like this exist or do I need to make one myself?

My target is to make sure pdf runs on a single system and for that i need to collect basic sysinfo. How can that be done?

Minimum: create a uuid or hash based on sysinfo and push to server so if pdf is opened on another pc, i will know. Best case: also include process running. I do not need anything related to user

I don't know how to do that as Javascript can be disabled in pdfs. And if i hide a binary in it, it could trigger antivirus or need admin privileges

I have a custom.png file, which i tried to restor it from its corrupted stat. If anyone can help me, thanks. For being a hard one, i'l give anyone that can solve it a cookie :)).

The original file : https://www.mediafire.com/file/skhm0bxtd7sp4y8/custom.png/file

The one i modified it : https://www.mediafire.com/file/nc6qsm7myul90vh/customnew.png/file

Let's say a plane was circling overhead. Would there be a way to determine if that plane was using an IMSI catcher? What sort of equipment and software would be required? Thinking SDR as a possibility here.

Is it theoretically possible to somehow see the images that were sent in the real world shit just by like the ids of the image in the leaks?

working on a training virtual machine where the idea is that google.com is completely broken and once they can access it, they've finished all the tasks.

i want to resolve google.com to localhost to add another layer of difficulty (beyond breaking dhcp and so on), but the hosts file is a pretty obvious spot to look. i was thinking of setting up the virtual machine as its own dns server, but that sounds like a headache.

anyone have thoughts?

Hello,

Network Engineer for 3 years, System Engineering & Admin for 4. I also have 8 years of Military Comms experience.

I really need to fill my background with DoD 8140 certs due to my military and civilian job requirements. I know in this community CEH is not widely popular.

Currently have my Sec+ & CCNA. Passed Sec+ in a week and CCNA took 3 months. Is the CEH or CySA+ harder. I know one focuses on Ethical hacking concepts while other focuses on SOC. But I need one to advance. Any idea which one is harder, beneficial in the eyes of HR, which one is more practical.

Once i get this requirement out of the way I will pursue PJPT.

Specs and details here > https://bret.dk/raspberry-pi-pico-2-w-this-time-its-wireless/

I would love to see this being used for similar projects like marauder, ghost, ect.