/r/HowToHack
Welcome! This is your open hacker community designed to help you on the journey from neophyte to veteran in the world of underground skillsets. Ask, Answer, Learn.
Visit us on discord
http://iso.linuxquestions.org/
We teach you how to do it, use it at your own risk.
/r/HowToHack
Google colab is a service meant for data science, machine learning and education. It offers access to an environment with a Jupyter python notebook and a linux environment with root access.
Ofcourse there are rules so anything offensive done from the service will result in termination but the service is great for automating tasks and developing.
Python with selenium webdriver works well on there which makes it very interesting for automation.
And while collab notebook data is reset when the instance shuts down, you can mount your google drive and store files there permanently.
You can also get a reverse ssh shell if you like but I think that is against the terms of service.
Not sure if anyone will read this, but if you decide to hack a (competent) target and fail, chances are they will:
Very quickly close/fix the loophole you attempted to exploit. Probably much quicker than the time you took to find it.
During their analysis, they will probably find and fix various performance issues or bottlenecks (not even related to your hack attempt) that will improve their systems going forward.
So all that time you spent trying so hard to find a loophole to exploit will probably come to nothing and will ultimately have the inverse effect.
I find the man pages for lots of tools to be very difficult to understand as a beginner. Is there somewhere that is better at describing tools. I usually resort to youtube
My router (a decommissioned postpaid device) is running off of a “first-release” firmware and the manufacturer is keeping firmware updates behind doors unless the device who sold it releases an update for it. The carrier said they don’t have any plans on releasing an update since it’s already 2 years old. But if the device was bought directly from the manufacturer, they can push my device a FOTA update remotely.
I used Wireshark to check how the router asks for updates to the server and I found that it pings the update server (which is also visible) first to check the connection then the device sends some data followed by a response from the server to which it appears to be the device info like the S/N and some data for the router to compare whether it’s updated or not (seems like the exchange goes: “Hello I need updates”, “What is your serial”, “1234abc”, “what is your version”, “v1.0”, “we only have v1.0 for your serial number”, “ok thanks”.)
Now what I plan to do is replicate these exchanges between the router and the server to trick the server to see the device requesting for an update is using an older firmware with a different serial - then giving it to the device to update. I don’t know where to begin with. Maybe someone here knows how to do it?
The built-in sslstripping feature (http.proxy.sslstrip) in bettercap is not working against HTTPS websites in this issue I will be using cygwin.com and winzip.com as an example, as we can see they are not HSTS preloaded https://hstspreload.org/?domain=cygwin.com https://hstspreload.org/?domain=winzip.com.
I am using bettercap v2.32.0 (built for linux amd64 with go1.21.0)
my os is
```
Distributor ID: Kali
Description: Kali GNU/Linux Rolling
Release: 2024.1
Codename: kali-rolling
x86_64
```
I am using --caplet script.cap as a command line argument
script.cap contains:
```
net.probe on
set http.proxy.sslstrip true
http.proxy on
set arp.spoof.fullduplex true
set arp.spoof.targets 192.168.0.100
set net.sniff.local true
arp.spoof on
net.sniff on
```
Full Debug output: https://pastebin.com/qZF21fdY
Steps to Reproduce
Run the script.cap provided above make sure to change the IP address accordingly
Go into an HTTPS website on the victim machine
Expected behavior:
Successfully ARP spoof the victim
Successfully sniff data from http websites
Successfully downgrade HTTPS into HTTP
When downgraded successfully sniff data from HTTPS websites
Actual behavior:
Successfully ARP spoofed the victim
Successfully sniffed data from http websites
Couldn't downgrade HTTPS into HTTP (loads as HTTPS)
Since I could not downgrade HTTPS I was not able to sniff any data from HTTPS websites
--
Now as I final note I want to add my own interpretation of this; Generally when bettercap detects HTTPS websites while running SSLstrip it logs something like spoofing the domain or HTTPS detected downgrading etc. but in this instance it is not so maybe this is a bug where it is not correctly detecting HTTPS pages therefore not even trying to downgrade them???
BTW ofcourse I cleared all the web browser cache, I tried both chrome and edge, also I disabled secure DNS on both.
(Research purposes only) Besides the Hack RF-One with portapac h2, Signal jammers, GPS/tracker locators, and key reprogramming tools what else would allow somebody to gain access to a vehicle fast and undetected?
So, I just started OTW as complete beginner in Linux, I had no idea at all of anything involving terminals, and I read that it was suggested for people like me.
I have done about 12 levels in like 4 days. I had to look up almost all of them. I could do about 3 by myself. Some of the answers seemed hard for me to find myself. Even right now I'm stuck on level 13 and can't seem to find out how to do it except a walkthrough. Is there some other resource I should use first or keep going with OTW?
Hello
I need to gain access to website that located in Guyana-South America
And that site is only allowing guyaneese IPs only to have access to it - I need a way to get guyaneese IP or a method to gain access to the website
I've searched a lot and couldn't do it
I'm pretty new to Cybersecurity and I've recently learned about ARP and DNS spoofing and I am trying it out on my own network. I just setup a Kali VM and I have a seperate windows computer I want to spoof. I am using bettercap and I followed some tutorials and it all works when I do the ARP spoof with my VM and windows OS on the same computer, but when I try to spoof the other computer I don't get any of the HTTP requests that I wanted to see. I don't really know what is wrong. I am using Kali with a bridged adapter and it has promiscuous on. Here is a sample of what I am trying:
set arp.spoof.fullduplex true; set arp.spoof.targets 192.168.1.1, 192.168.1.16
arp.spoof on
I checked to see if it picks up any HTTP packets from the other computer and it does not. The only difference is that I am getting destination unreachable (port unreachable) errors.
Also a side note, when I try to do a DNS spoof on my computer it just instantly blue screens. I don't know if this is a common issue with beginners, so I thought I might mention it.
Looking for a program I can use for a cyber crime story I’m making in English class. It is about a kid who accesses school cameras and systems by using an unnoticeable virus or program into the system. Allowing him to access school cameras and the schools systems via his phone or computer. Are there any real life programs I can put in this story that he uses. They need to be untraceable and as unnoticeable as possible. Being able to upload it to the system via a USB. Possibly a program you just download to a usb and access it from a pc at home or something
Hello,
I have this line of code which causes a segmentation fault, where ptr_h is an input from environment variables.
if (ptr_h != NULL && 64 - strlen(ptr_h) > 25){ ... }
but if I reverse the condition, no segmentation fault occurs.
if (ptr_h != NULL && strlen(ptr_h) + 25 < 64){ ... }
I don't quite get what is happening here
Well as the title of the post states.
There seems to be far too many people that think downloading Kali Linux will let them immediately be able to compromise a system or hack into a network. With little knowledge of the systems they are working with.
Just a curious question to the more experienced users. After learning the ins and outs of your preferred tools and suites.
Do you still use Kali, Parrot etc. Or do you just use Ubuntu or your preferred Linux flavor and install your tools?
Also far preferred Parrot OS over Kali, anyone else on the same ship?
I should add I am new to this sub, I was hoping to help people with their ethical hacking exercises. Though after reading through a lot of these posts most appear to be unethical in nature, with a disclaimer mentioning it is for their own learning. I've read through around 40-50 posts. Is this normal in the sub?
Setup: Raspberry Pi 1 B+ with RFID-RC522 on GPIO pins lam trying to read credit/debit cards using python and a RFID-RC522, I am currently using the mfrc522-python (v0.0.7) library to interface with a RFID-RC522 on my GPIO pins, I have tried the SimpleMFRC5220.read0 function to try it but get an auth error, I'm assuming that I will need to use the more advanced functions but after looking at the source code, it appears like it's mostly just values that you either do or don't know and I unfortunately don't, if anyone would be able to point me in the right direction then it would be greatly appreciated, thanks in advance. Note: This is entirely just a passion project, the hardware will never leave my room, it will only ever be tested on my own cards.
Edit: spelling
Somebody in a group of people I know stole my earbuds. They obviously don't wear them when I'm around, so I'm thinking: can I emulate the earbuds Bluetooth signal and detect which device tries to connect to it?
I have the MAC address of the earbuds because I used them with my windows machine some time ago.
I did some research but couldn't find any info about emulating a BL signal, maybe with an ESP32 or with an app on my Android phone.
Do you guys can help me?
Hi, I am new to John the Ripper and trying to make a custom rule. I need some advice on generating all possible combinations of specific character substitutions within a word. I want to replace every 'a' with '4' and every 'e' with '3' in all possible combinations, but I'm not sure how to set up the rules in John the Ripper to achieve this without knowing the positions of the letters ahead of time.
So I tried this
[List.Rules:CustomSwap]
:
sa4
se3
sa4 se3
but this just gives me searches, se4rches, s3arch3s, s34rch3s
but I want all the combinations
s3arches, se4rches, search3s, s34rches, s3arch3s, se4rch3s, s34rch3s
this is the picture of the port and this is the link to the webpage I bought it off of what kind of stuff can I use with it and is there any other alternate firmware for it?
Let me explain better, there is a video that I want to watch, but to unlock it I must first log in to Patreon and make a paid subscription.
How to get around this and watch the video without paying?
Hello, I am new to the concept of reverse shells and payloads The issue I'm facing is , I created a port forwarding payload using ngrok and it worked the first time but once I closed the terminal and again start by running the exploit multihandler on the port I used the first time but it says that failed to bind and sometime it starts but even after installation of payload on my device I don't get any connection Or can we not use it again and again, is it a one time only use type of thing idk Please help
Hey guys.
So, I'm trying to copy chapters from VitalSource Bookshelf which is a little different than Pearson eTextbook workaround of highlighting text and left-click drag. I can highlight small amounts of text and drag to google docs (with only placeholders for images) but if I manually highlight the chapter or try a ctrl-A as I did for the Pearson workaround, it will not allow a drag.
Any workarounds for this?
Is there any way to Install amd drivers on kali linux my gpu is rx 6600 xt I need an accurate way and step by step
I need to demonstrate SSTI on Jinja2, I researched but couldn't get anything related. Need to demonstrate for my college project
Hey everyone, i was practicing on a box from vulnhub (driftingblues4) and got stuck. I was able to brute force ftp login but now I am supposed to add an ssh key to another users home directory (i have rwx). The home is initially empty and these are the steps I took:
On local machine I did “ssh-keygen”, cp the public key some where else and name it “authorized keys”
On ftp I did “cd /hubert”, “mkdir .ssh”, “cd .ssh”, “put authorized keys”
on local machine I did “ssh -i <sshkey> hubert@10.0.2.6”
I get error “permission denied (publickey)”
Fyi: I have followed a walkthrough on nepcodex and 2 on youtube, yet they seems to be able to login when I cant
Thanks in advance
I'm trying to decrypt some old whatsapp messages using this repo. . All I have is the 64 digit HEX file (in plaintext not .key format). I tried to do the really dumb thing and paste it into a file and add the .key suffix; but that didn't work. Does anyone know how to produce the key file from the original hexadecimal? Thanks so much!
The two tools that have had some renown in the past, powersploit & powershell empire, have both been deprecated. What are some reliable tools that you guys use and recommend?
Hi.
I'd really appreciate some help. I'm using Johnny (JtR GUI) to figure out a disk image password I forgot years ago. I know what some of the likely parts of the password might be, but it's the combination and iteration that I'm not having success with on my own, so I'd like to tell JtR what those parts are to help it with breaking down the password.
Is this possible? If so, what method would I use and how/where might I put in the wordlist to point JtR in the right direction and hopefully speed up the process. I'm guessing that It's probably 4-6 characters, maybe a symbol, and then some iteration of 6 digits that I commonly use.
Any help anyone can provide for this noob would be greatly appreciated.