/r/blackhat

Photograph via snooOG

Focused on the ongoing discussion and documentation of vulnerabilities and exploitation techniques. Please read the rules before posting here.

We seek to discuss vulnerability and exploitation theory and [evading] the countermeasures used to deter exploitation. This is also a place to discuss general blackhat rules, etiquette and culture. We welcome:

  • Writeups (not CTF or HTB)/talks detailing new vulnerabilities or techniques (there should be enough information to reproduce the exploit/technique)

  • Proof of concepts of old vulnerabilities or techniques

  • Projects

  • Hypothetical questions

 

Rules:

  • Be excellent to each other.

  • No Solicitation

  • Stay on topic.

  • Avoid self-incriminating posts.

  • Pick a good title.

  • Do not post non-technical articles.

  • Ideally, the content should be original, we don't care about your crappy ARP poisoner or Kaspersky's latest scam.

  • No pay / signup walls.

  • No coin miners

  • No "Please hack X" posts

  • Well thought out and researched questions / answers only.

  • If your project is not free / open source it does not belong.

  • Please limit your posts (we don't want to read your blog three times a week).

  • If you want to submit a video, no one wants to listen to your cyberpunk music while you copy/paste commands into kali terminals.

The mods are ban-happy, you have been warned.

 

Other helpful links:

/r/blackhat

97,510 Subscribers

0

How do I bypass Administrator privileges?

How do I give myself admin privileges on a limited access pc?

Hi, I am at work and wanted to use an unused pc to try out hacking and stuff as I am trying to get into the cyber Security branch of where I work, and besides having some fun, I wanted to exercise accessing a PC with just the PC at my disposal without external media devices, I tried asking on r/hacking about how to do this particular task, but I was met with negative response about this being illegal and unethical (its neither, pc is empty and only used to access a local area website to write reports) and that I would be fired (no, I work in a place where I won't be held accountable for fiddling with some PC about to be replaced anyways, besides that I am automatically hired for reasons I won't go into, and am encouraged to show my prowess in different areas of security(cyber or otherwise) so I can get sent to more suit able Department etc etc...)

So, after this wall of text, what should I do? Keeping in mind that I don't necessarily have access to external media.

19 Comments
2024/10/29
14:36 UTC

0

Can you spoof a reaction in text?

I am an iPhone user and the suspect is an android user. I saw a text notification on my Home Screen that android had reacted to their own text. I thought maybe they were trying to copy & paste and didn’t bother to check it out. Today, android is stating I was the one who reacted and it does show my name under the reaction. Which I promise I only react other iPhone users.

Google told me that you can spoof reactions to text to make it look like someone else liked or disliked your text. Wanted to see how easy it would be to do something like this.

Edit to add: found out we are both iPhone but they are using 3rd party app to text me from (unsure what the app is). I am using the normal green messages app for iPhone. Basically want to make sure it can’t happen again or that they can’t hack my phone.

6 Comments
2024/10/29
04:06 UTC

30

Methods to reveal IP behind Cloudflare?

All I know is DNS history and censys are all possible ways, are there any other potentially better ways?

12 Comments
2024/10/28
14:02 UTC

17

Law Enforcement Hacked Infrastructure of Redline and Meta Infostealers

*Not fully confirmed yet

According to the website which was discovered through Redline related Telegram channels, law enforcement was able to hack the infrastructure of Redline and Meta Infostealers and obtain critical data

With the message being that more information is to come.

Find more information here – https://www.operation-magnus.com/

https://preview.redd.it/9ci8wu16qgxd1.png?width=962&format=png&auto=webp&s=8688bd0cf019e508502fa6b72e7d30fdee33b9a9

0 Comments
2024/10/28
09:04 UTC

0

Does anyone know how to get access to someone else’s instaa account?

8 Comments
2024/10/22
14:03 UTC

11

IPhone management tool on Linux

Hi i was wondering if there is a tool on Linux that is free and can help me manage my IPhone like installing firmware and manufacturing software restore and more...

thanks for the help

1 Comment
2024/10/20
23:41 UTC

4

Android Game Data Mining & File Digging

Hello there, there's this game called Fun Run 4 and I've been you could say "data mining" for unreleased characters, powerups and more. I've been doing this for about 6 months now and I've been posting the leaks into a Discord server meant for Fun Run 4.

I simply used my Android to install a app and with that app I open the game directory and open the configuration within the JSON reader app. That's how I started off with getting unreleased characters etc.

I decided to go a bit deeper and that I did. I decided to start using my PC to my advantage, so I installed a software called "AssetStudio" and "AssetRipper". With those I was able to see the character models/meshes and I discovered a SHA1 hash key. So I got my friend to decrypt it for me. So he did, but we got another hashed key which I'm waiting for him to decrypt once he's available.

With all of that said, I simply wanted to post this to see if any of y'all experienced human beings would help me into digging deeper into this game. Our goal is to either get access to the API of the game or simply create a mod menu.

Keep in mind, I am not doing this to actually harm the developers or the game but simply for ethical purposes. If anyone is willing to give a helping hand, please let me know in the comments.

0 Comments
2024/10/20
18:36 UTC

0

Any good forums left?

Unfortunately, I can't find any good forum (even on the darknet) related to blackhat content. I desperately need to do some networking, as my previous teammates are long gone (probably dead/arrested). if you know anything good, please, share, coz so far, I've only found forums of scammers and noobs.

16 Comments
2024/10/18
03:56 UTC

11

How are they fooling youtube's preview system?

So i came across this youtube video which is somehow tricking YouTube's preview system and it also bypassed the copyright detection engine.

Now it's definitely using two or more streams (multiple streams),but i can't understand what else they have done.

I tried to make a multiple stream mp4 with modified metadata and uploaded it to youtube but it doesn't seem to work.

Edit: Since the original video got made private here's a another similar one,see the video previews after around the 2 hour mark.

6 Comments
2024/10/17
05:59 UTC

3

Penetration Testing 101 | TryHackMe Pentesting Fundamentals

The article below provides an introduction to ethical hacking, covering the key concepts and processes involved in penetration testing. It emphasizes the importance of cybersecurity in today’s world, explaining the legal and ethical aspects of pentesting.

The article discusses the Rules of Engagement, various testing methodologies (OSSTMM, OWASP, NIST), and the different types of penetration testing such as black-box, grey-box, and white-box testing. It also includes answers to key questions from the TryHackMe Pentesting Fundamentals course.

For more details, visit the article.

0 Comments
2024/10/16
07:53 UTC

2

phone IP change

there is an app that can only create one profile per device; is there some sort of VPN that can make a phone read as a new/different phone so someone can make a new account? any and all help would be greatly appreciated, even if it's a better articulation of my question lol (iOS)

5 Comments
2024/10/10
01:35 UTC

4

getting long abandoned torrents

hello everyone, I am looking for a file called blackspigot.sql. It is contained in a breach collection torrent called "Raw", maybe some of you know it. I think i have searched everywhere, even hosted my own rats-search crawler and indexed over 5PB of data, still, only one torrent.

Said torrent has a lots of peers (116 right now) but the availability is at 20.2% and hasn't changed for 2 weeks. I have downloaded everything possible, but have only 6.3% of this database.

Does someone have this file or know where else can I search?

3 Comments
2024/10/09
23:30 UTC

0

Noob question about the /p argument for system shutdown

If someone were trying to troll a friend and make their PC shut down unexpectedly, with no forewarning, would the /p argument be the best choice? I've seen suggestions for /f /s /t0, but why not /p?

6 Comments
2024/10/08
23:47 UTC

0

Pegasus and antivirus

Can an antivirus spot pegasus? I was told that the BDSM discord server I joined might've had their links infected by pegasus. I use bitdefender but I would like to know if other antivirus companies can do it or at least have a history of detecting pegasus. Also would like to know how effective antivirus is against pegasus.

Edit: they just say it's infected by pegasus. Antivirus is also acting strange, like it's been over 30 minutes and still not close to full scan complete

8 Comments
2024/10/06
07:35 UTC

6

What can a photo be used for maliciously?

I was planning to go to a discord server and needed age verification with my government ID. The problem is my photo. I can blur out everything except photo in my ID and birthday and I have to be in the photo. Would I be possibly be compromise if someone used it with bad intentions?

10 Comments
2024/10/05
10:08 UTC

11

All-in-one Information Gathering Toolkit

Hi everyone,

I developed a tool called Argus designed for information gathering, and I think it could be quite helpful. I'd love to hear your thoughts and any suggestions you might have to make it even better.
https://github.com/jasonxtn/Argus

1 Comment
2024/10/03
21:13 UTC

5

Create Local Administrator Accounts without elevated Administrator Priviliges.

Hey there! I am kind of new to the hacking scene. I recently bought a ThinkPad E16 off my school with the premise that its mine to keep. I am logged in with my school account on this Computer. I currently have access to CMD, as well as Advanced Restart CMD (I think the Advanced Restart CMD has administrator priviliges?, but not the normal CMD). Is there a way i could create a local administrator account that would work when the UAC prompts where i would need to ask a school ITK Desk helper would work? Meaning that i could do whatever i wanted on the pc?

5 Comments
2024/09/27
07:46 UTC

0

Is there such a thing as an online defaming tool/service?

Recently I saw someone's business start being marked on Google's knowledge panels as a scam by random websites like "Scamadviser" or "APIVoid" for no reason at all. Is this kind of a thing that people can pay to set up? Sorry if this isn't the right sub, I really have no idea where I would go for this.

3 Comments
2024/09/27
00:31 UTC

8

decrypting a unity .asset file

I’ve looked around and there’s a lot of mixed signals and from what I’ve seen not much documentation on decrypting a .asset file if you can share resources or tools put them down below im mainly doing this to jump into reverse engineering and because I want to see what updates are coming to the game myself thanks (and no asset studio does not decrypt it)

2 Comments
2024/09/26
12:38 UTC

1

What are the advantages and dangers of jailbreaking an Android?

I found an Android hack series and was gonna put to practice in the future but I wanted to see the full potential of an Android so I thought about doing a jailbreak. But I just wanted to quickly ask you guys if there were any dangers I should look out for or if there was anything useful you’d attempt to take advantage of when using a a phone like that.

10 Comments
2024/09/26
04:05 UTC

0

Telegram groups for blackhat SEO

Got any recommendations?

9 Comments
2024/09/23
19:16 UTC

0

looking to learn about phishing links

best place to learn how to create a phishing link for super beginners ? (i know nothing about computers) sorry if this is against the rules im ignorant

10 Comments
2024/09/22
15:32 UTC

0

What exactly is the goal?

I know white hats are the ethical moral high ground hackers. But what do grey hats and black hats want to do with their skills? Do they just want the freedom to access stuff or to just have fun with anything that they can access? Or are the black hats called bad so that the government has a reason to call them terrorist when they try to delete student loan debt?

10 Comments
2024/09/22
07:44 UTC

Back To Top