/r/blackhat

Photograph via snooOG

Focused on the ongoing discussion and documentation of vulnerabilities and exploitation techniques. Please read the rules before posting here.

We seek to discuss vulnerability and exploitation theory and [evading] the countermeasures used to deter exploitation. This is also a place to discuss general blackhat rules, etiquette and culture. We welcome:

  • Writeups (not CTF or HTB)/talks detailing new vulnerabilities or techniques (there should be enough information to reproduce the exploit/technique)

  • Proof of concepts of old vulnerabilities or techniques

  • Projects

  • Hypothetical questions

 

Rules:

  • Be excellent to each other.

  • No Solicitation

  • Stay on topic.

  • Avoid self-incriminating posts.

  • Pick a good title.

  • Do not post non-technical articles.

  • Ideally, the content should be original, we don't care about your crappy ARP poisoner or Kaspersky's latest scam.

  • No pay / signup walls.

  • No coin miners

  • No "Please hack X" posts

  • Well thought out and researched questions / answers only.

  • If your project is not free / open source it does not belong.

  • Please limit your posts (we don't want to read your blog three times a week).

  • If you want to submit a video, no one wants to listen to your cyberpunk music while you copy/paste commands into kali terminals.

The mods are ban-happy, you have been warned.

 

Other helpful links:

/r/blackhat

87,479 Subscribers

8

Linux Privilege Escalation For Beginners | Nebula Exploit Exercises Walkthrough | Level 13-15-19

We covered the solution walkthrough of levels 13-15-19 of Nebula exploit exercises that let you practice your Linux privilege escalation skills. This includes exploiting SUID bit set binaries, cron jobs, environment variables, misconfigured file permissions, python vulnerable modules such as pickle module, path expansion, shared libraries & coding errors.

Video P1

Video P2

Writeup

1 Comment
2024/03/25
17:51 UTC

0

Dis Cuzzo yall...Made some weird stuff

https://youtu.be/2nCvDFlGVQk

Obfuscating Py in shell maybe

0 Comments
2024/03/25
00:48 UTC

12

Flipper Blackhat: A Linux-Based WiFi tool

As an electrical engineer, I asked the Flipper community a while back what hardware add-ons they would like to see developed. The top reply was "evil portal that supports WiFi passthrough" meaning the user is connected to the internet after the portal attack.

This got me thinking: the ESP32 is a powerful but simple, bare-metal microcontroller. They're awesome but limited in ways.

If you put a powerful Linux microprocessor on top of the Fipper and connect two WiFi radios, you'll end up with a very sophisticated device.

So that's what I'm working on, and I made an update video here: https://youtu.be/RVjA3HURUa8?si=hbplsUVfqiI7IYF2

AMA, and thanks for the support and project idea!

0 Comments
2024/03/23
12:06 UTC

1

BurpSuite Repeater, Sequencer & Encoder/Decoder | TryHackMe BurpSuite

We covered other components of BurpSuite such as BurpSuite Repeater, BurpSuite Sequencer, BurpSuite Encoder/Decoder & BurpSuite Comparer. Additionally, we covered BurpSuite extensions along with practical examples covered from TryHackMe other modules & Repeater room.

Video

Writeup

0 Comments
2024/03/20
12:51 UTC

5

Ideally where would you point for someone to start learning techniques as a a beginner

I understand there’s no one and done correct path for learning and for the more experienced people if you had to suggest a path for beginners where would you point them to?

6 Comments
2024/03/19
14:47 UTC

0

Install discreetly Concealed Raspberry in my library. Pi operating as a static proxy, harnessing the library's Wi-Fi network.

Setup

Raspberry pi zero

Wireless adaptor

Powercable under vendor machine

IS It good idea?

6 Comments
2024/03/19
06:34 UTC

0

This connection "Ethernet 2" belongs to a VPN which i uninstalled, is there a way i can delete it or should i ignore it ?

9 Comments
2024/03/18
03:13 UTC

3

Darkweb

How to find valid urls in .onion? There is a section on reddit where People share links? Or some forums? If yes so which? Fuel like all the links cant be found on research or maybe Im nit goodbye enough to find them

7 Comments
2024/03/17
22:59 UTC

6

Living Off The Land Binaries Explained | TryHackMe

We covered Living Off The Land Binaries that are frequently used in red team engagements. Living Off The Land Binaries are applications and executable that come pre-installed with the operating system. An example is bitsadmin.exe in Windows operating system and ping in Linux. The LOLBAS project contains all binaries that are categorized as living off the land and GTFO bins is its equivalent for Linux operating systems. This was part of the solution walkthrough of TryHackMe Living Off the Land.

Video

Writeup

1 Comment
2024/03/17
10:00 UTC

0

LINUX UBUNTU OS facebook, tiktok. Is ok to run 3Proxy tò manage One 4g mobile proxy and anti-detect browser simultanely same PC

I have Powerfull CPU , CORE BASED, i want run 3proxy ti manage 1 sim and Incognition on linux Ubuntu

6 Comments
2024/03/17
06:34 UTC

0

Is Tails really anonymous?

I've been wondering about this. I know about how it works and all, having played a bit with it myself.

Hypothetically, if a hacker wants to hack someone (not a website, but someone or some device that's connected to internet) without getting caught. Is Tails enough? And is Tails enough to find the real IP and not the "public" ip?

Note: I do not want to do this on someone. This is for my own personal education only.

I'm experiencing with it and want to see if I can hack "myself" through another router/internet connection.

Would all of that be possible with Tails?

10 Comments
2024/03/17
06:26 UTC

8

Firmware Vulnerability Scanning & Security Testing with BugProve

We covered analyzing firmware images and scanning it for vulnerabilities and security misconfigurations using BugProve as an effective firmware vulnerability scanner. We explored the various features that include a dissection of the discovered vulnerabilities, weak binaries along with a graphical representation of the severity related to each vulnerability.

Writeup is here

Video is here

0 Comments
2024/03/14
06:27 UTC

15

Firewall Evasion Techniques | Full Tutorial

We covered firewall evasion tactics that are needed when conducting a red team engagement. Firewall Evasion tactics encompass using nmap scanner to send modified packets in addition to using networking tools such as Ncat and SSh to perform port forwarding or tunneling.

Video is here

Writeup is here

0 Comments
2024/03/12
13:53 UTC

1

Is it possible for an adversary to somehow break in to my computer (physically)

I run linux and have encryption protection my question is could someone somehow tamper with the computer and install for eg. Spyware, especially without me knowing.

8 Comments
2024/03/12
10:38 UTC

0

1 year pen testing, need help with scammers (btcopj.com) coin scam

Ran basic stuff, they are using cloud flare connected to a (ns1.name.net) I’ve had a few friends lose a couple thousand and these guy’s disappear. They did it all through what’s app 🤦🏻‍♂️ I know. It was a to good to be true event. But they paid them dividends until they went up to vip and invested more, then they disappeared. I’m considerably new, looking for an obi one to help direct me and possibly mentor me and direct me. Shot in the dark I know but these scammers need a lesson. I have so much info if anyone is interested.

17 Comments
2024/03/11
02:03 UTC

0

On a project sniffing a website quite secured one help me out boys

5 Comments
2024/03/07
04:07 UTC

0

How tò Sending PC screen to phone using hdmi video capture for tiktok live ( pre record video) I GOT Black Screen Using A Capture Card To Stream pc Screen To iPhone camera

I don't won t use "tiktok live studio" i want spoofs the native camera input stream

Need go live using my iPhone and Not from my Pc

My setup Is :

Hi! I am attempting to use an HDMI capture card to stream pc screen with OBS tò iPhone without jailbreak. I have an IPhone-plug to HDMI adapter plugged into my IPhone. And HDMI cable plugged into that. And an HDMI capture card plugged into that, with the USB end plugged into my laptop.

OBS studio I added a video capture device, and then selected my usb input. The screen is black.

Does anyone know if there is a setting on my IPhone that could be preventing the card from reading the PC screen? Or is using a capture card to put pc screen in OBS studio impossible on an IPhone? Thank you!

4 Comments
2024/03/05
15:44 UTC

7

NW PT Query

Hello r/blackhat

I need a help on NW PT.

During external PT, all ports are coming as filetered.

Host is up, received user-set (0.0000010s latency).

All 65535 scanned ports on xxx are filtered because of 39222 net-unreaches and 26313 no-responses

However, client consistently maintain the stand that there are open ports.

My IP is correctly whitelisted and i can reach to the ip via traceroute.

the IP is of Cisco Meraki MX68 from an external IP (https://meraki.cisco.com/product/security-sd-wan/small-branch/mx68/)

Already tried (full NMAP scan, Nessus scan, Stealth scan, Fragmentation, Massscan, Angry IP and other different nmap switches) - result is same.

How do we proceed? Please Suggest any method, tools, or way.

Any insights or advice would be greatly appreciated!"

7 Comments
2024/03/05
08:10 UTC

6

Prevent cookie stealing / session hijack

I have downloaded stupid stuff in the past and gotten my cookies/sesssion and passwords in the frequently used browsers stolen. You might actually have some of them yourself.

But I DO like staying logged into email accounts. I don't mind logging in socials each time. (don't use them often enough)

Question : Is there a way to keep my gmail/outlook sessions secure without running the risk of emails getting stolen.

I thought of using Thunderbird / Windows Mail I doubt they are completely STEAL proof either. Plus..kind of cluttered. (Thunderbird eventualy starts to take up like 4-5 gigs fo space.

2 Comments
2024/03/04
10:46 UTC

0

Anyone ever used verif.tools?

Has anyone ever used verif.tools to get past KYC and did it work? To me, the quality looks good but obviously, the info like passport numbers etc wouldn't be found in any database if it ran through one.

2 Comments
2024/03/02
04:03 UTC

4

Help Needed: Ransomware - MongoDB Docker Container

Hey fellow Redditors, I recently deployed my API and database using Docker on a server, only to face a nightmare. The database I restored in the Docker container kept mysteriously getting deleted. Upon investigation, I discovered a new database named READ__ME_TO_RECOVER_YOUR_DATA with a ransom note.

https://preview.redd.it/ryp3ywide6lc1.jpg?width=997&format=pjpg&auto=webp&s=27596caa406562e60adc15873477f5d54a0218a3

https://preview.redd.it/drvffwide6lc1.jpg?width=1340&format=pjpg&auto=webp&s=5d459743c17f10eacc0662874325b9083054e6fa

After scanning my auth.log file for "authentication failure," I found numerous entries. As a precaution, I disabled login via password. Now, I'm concerned about the security of other files. How can I determine if other files are compromised, and what steps should I take next? Your expertise is greatly appreciated! 🆘

7 Comments
2024/02/27
19:02 UTC

0

Anyone try their hands at a fully automated AI channel on YouTube?

It automates, the script, the video with footage from archives and the title and the thumbnail ALL together. You just type like 10 words on a screen and it creates a beautiful hour long video without any effort on your end. Ive been seeing some of it out there just saying. I’m wondering what the program they’re using and how it all plays out. Sounds like a really easy idea to generate crazy money?!?

9 Comments
2024/02/27
13:42 UTC

Back To Top