/r/HowToHack

Photograph via snooOG

Welcome! This is your open hacker community designed to help you on the journey from neophyte to veteran in the world of underground skillsets. Ask, Answer, Learn.

Visit us on discord

https://discord.gg/ep2uKUG

HowToHack Community

3rd Party Links

3rd Party Challenges

Related Subreddits:

Security Advisories

CVE, CWE, NVD, WVE

Download Linux

http://iso.linuxquestions.org/


We teach you how to do it, use it at your own risk.

/r/HowToHack

470,378 Subscribers

1

Fud rat in images or pdfs

Hey guys is it possible to embbed fud rat in images or pdf files or is there any other way you would suggest

0 Comments
2024/11/14
07:04 UTC

0

Urgently need help

Hi everyone. My girlfriend recently received scarry messages from fake acc. I would like to ask is it possible to get an info who is it behind that fake acc or check other accounts used from that smartphone from that person? I am ready to pay for that kind of help.

Thanks a lot 🙏

6 Comments
2024/11/14
04:58 UTC

0

How to bypass admin pin

I recently tried to bypass my computers admin pin by using command prompt recovery and doing the command net user administrator restarting the pic which should in theory give me the password of blank or exit. Instead I didn’t realize but the admin account has no password and only a pin how should I counteract this?

4 Comments
2024/11/14
01:36 UTC

0

Why this happens?

When I use zphisher or Shellphish in Kali, the link for false website its ok, but in Termux, (androit linux terminal emulator) it doesnt show any link although it builds the server. Some help???

0 Comments
2024/11/13
20:31 UTC

0

Importance of WAF

If site has no SSR (no backend validation) and has only WAF can a hacker bypass it using Burp suite ?

0 Comments
2024/11/13
18:33 UTC

3

How instagram fake followers were made?

I say this based on two things:

  1. I saw some ads saying that they offer 10K, 1K followers as well as likes

  2. I have seen some people have followers which does not seem like real accounts

So how these are done, i guess they could create many google accounts via different different IPs and create lots and lots of instagram IDs.

Am i missing anything, any idea on this?

36 Comments
2024/11/13
16:02 UTC

3

A way to bypass software token OTP?

I have a One Time Password set up for an account, which sends a software token to my phone and it changes every 30s. Unfortunately the token is either incorrect or unsynced from their servers. I have logged into the account many times before, and have all other relevant information to log in. Is there any ways to bypass the code or find out how much time it is unsynced by?

16 Comments
2024/11/13
12:18 UTC

7

Textbooks - Ethical Hacking and Penetration Testing

Hi everyone!

I am in the process of completing a first level Master in Cybersecurity.

The subject I am most passionate about is ethical hacking, especially in the area of penetration testing, and I would like to delve into all the techniques that belong to this world (VAPT, malware analysis, sql injection, trojan creation, phishing, website violation, ...).

Do you have any books to recommend me that cover these topics? Both texts for beginners that go into the topics properly and manuals for people with a certain level of knowledge already would be fine (in the course we didn't discussed all the topics, so I have knowledge in some of them, while in others I don't have a deep knowledge).

Thank you all very much 😊

2 Comments
2024/11/12
08:25 UTC

5

Silly Nmap question

So i am working through a SANs course and I am going over some of the basics of Nmap.

Now this is where the silly part comes in. This is the command and output:

sec504@slingshot:~$ sudo nmap 10.20.20.5 -sS -sV

Starting Nmap 7.93 ( https://nmap.org ) at 2024-11-11 11:23 UTC

Nmap scan report for ll-nmapports-listener-IduFhwQX.ll-nmapportranges (10.20.20.5)

Host is up (0.000025s latency).

Not shown: 998 closed tcp ports (reset)

PORT STATE SERVICE VERSION

22/tcp open ssh OpenSSH 9.1 (protocol 2.0)

53/tcp open domain ISC BIND 9.18.13

MAC Address: 02:42:0A:14:14:05 (Unknown)

Now this is just on a VM with test scenarios. My question is, in the book it states an extra line under the last port that says [service info: Host: [hostname]; OS: Unix]

It never appears for me, even if i use the -sn or -sV tags. Am i missing something obvious, i just know there is a question to get the hostname using nmap in the exam.

Now obviously this isn't a real world test and it could just be the limitation of the VM I am using, but i would like confirmation.

8 Comments
2024/11/11
11:44 UTC

2

How can I find IDOR in web apps using OAuth v2?

I've noticed that many web apps that are using OAuth and/or OpenID Connect, rather than having a "static" page ID, instead fetch an ID relative to the logged in user by first looking at the OAuth/OIDC tokens and then fetching the data.

For example, say we are looking at a basic social media website that has a "Posts" section, resembling a blog. Rather than hxxp://socialmediasite.com/posts/8038493 for all posts on the site, it may either have hxxp:///socialmediasite.com/posts/5 , where it first checks the token then in the back-end, it looks up that specific user's post #5. I've not found a way that IDOR can even work in a system like this because there is no absolute URL to even check from another account, because when I make account #2 and try to browse to hxxp://socialmediasite.com/posts/5, it simply says "post doesn't exist" because relative to the current user's account, there is no post 5 (only Account #1 has a post #5 in this case). Most of the apps I have been testing work like this, yet I keep hearing that IDOR is still very common. Any tips?

8 Comments
2024/11/11
03:16 UTC

2

Old online games question

I been playing my childhood online game for many years now. Somehow there is no customer service, hotline is wrong number, and even company address is wrong. They stop updating and disappear for many years now. So is it possible to hack any items i want in the game? And where to start?

Any one willing to guide me to do it ? Willing to pay for your teaching and help. Thanks.

7 Comments
2024/11/11
00:08 UTC

2

DNS enumeration?

So when i discover that port 53 is open on some device, what does that mean? Does it indicate that the device is a DNS resolver (meaning it's able to make DNS queries to different nameservers in order to return a certain record), or does it indicate that the device is a nameserver, as in it holds DNS records? I'm kind of confused since i understand how DNS works, and i understand the components of it, running dig google.com for example makes sense in the sense that i'd be analyzing the queries my DNS resolver made in order to get to google.com which i assume would give me more attack vectors since now i might attack the nameserver responsible for google.com (correct me if i'm wrong). But running dig on a machine that has port 53 open in a CTF scenario for example, what does that mean? And how else am i supposed to enumerate that port? I've seen that i can check for the version.bind record which i still don't really understand how it fits in the picture of having port 53 open.

11 Comments
2024/11/10
09:16 UTC

4

Are mod menus for games really that simple?

I did a bit of research on mid menus for games like COD, and I found that it’s pretty much just getting the DLL files and changing some code, then using a DLL injector to put them back in. Is it really that simple? Why would they not block people from viewing the code?

5 Comments
2024/11/10
01:58 UTC

0

Jumping in, how to find exploits?

Now just before we jump too far, let me explain what I mean.

I'm talking about exploits that are asked for and legally authorized to find, like through the exploit for pay websites, you find a exploit and get paid to tell em about it.

So via Nmap or etc I figured I could potentially find some exploits but I want to learn more like how do I recognize one ? How fo I find 1? Is Nmap a good start?

11 Comments
2024/11/10
01:30 UTC

1

Malicious code

Hi, I was wondering if anyone could point me in the direction of information on how to identify malicious code? I’m really new to this so I’m not sure this is a question that could have one simple response. My question might be rather complex. Things I’m specifically looking for are (Java):

  • cookie loggers
  • password stealers
  • rats
  • Or really anything that could be used to steal someone’s account.

I want to download pre written script to exploit for my executor but I’m scared they’ll be able to get my account after I launch.

23 Comments
2024/11/09
20:45 UTC

4

Hydra Help

Can someone assist with my Hydra syntax for a http form? I was able to successfully obtain the password using Burp, but I cannot replicate the results with Hydra. Hydra gives the results that every user name and PW combo is a successful match. I believe it's an issue with my 3rd location in the syntax of F, but I'm not sure what to put there. Here is my current:

hydra -L users.txt -P password.txt <IP> http-post-form "/login.php:username=^USER^:password=^PASS^:F=Incorrect username or password"

The login page is at ip/login.php. Whenever you enter an incorrect password a message loads on the page that says, "Incorrect username or password". I've confirmed that username and password are the actually syntax passing in the post as well.

Appreciate any and all help!

1 Comment
2024/11/09
15:12 UTC

55

i wrote my first security tool!

For the last 1.5 months I've been working on a blind sqli brute forcer. It still a bit messy, but it works, and its pretty darn fast to boot! I know sqlmap is one of the most reliable tools that pentesters use but i needed a project and this seemed like it was going to be within my skill set. I haven't done a project since college and I'm very pleased with myself for actually (mostly) finishing something. Please consider checking it out and giving me any feedback you have!

The repo is here:

https://github.com/c3llkn1ght/BlindBrute

14 Comments
2024/11/08
07:34 UTC

3

Trying to make sense of TryHackMe solution for tcpdump arp question

Hello!

Total newbie here (just started last week after taking some PTO) and first time poster in this sub. Please lemme know if I'm breaking rules or would be better served by posting somewhere else. As far as I know, this is the place for these beginner sorts of questions.

Alright! So I'm in the Tcpdump: The Basics room on TryHackMe, and I was trying to sort out a solution to the following question: "What is the IP address of the host that asked for the MAC address of 192.168.124.137?"

I answered the question in what I think is a brutish (normal for me) way by using
tcpdump -n -r traffic.pcap arp | grep 'who-has 192.168.124.137 tell *'

and got the answer right, but first I was looking at other folks' solutions and saw multiple workups (think I'm using that term right) using

tcpdump -r traffic.pcap arp and 'arp[24:4] = 0xc0a87c89'

where they converted the IP 192.168.124.137 to hexadecimal c0a87c89. I'm confused about the arp[24:4] and the 0x at the start of the hexadecimal. Could someone explain that and/or (better yet) provide some link to where I can learn more about how to use tcpdump with arp in this way or, if it seems appropriate, where I can learn more about how arp works?

I've done some googling and looked at activedirectorytools.net/arp-command , users.softlab.ntua.gr/~sivann/books/tcp-ip-illustrated/arp_addr.htm, geeksforgeeks.org/arp-in-wireshark, and linuxconfig.org/how-to-use-tcpdump-command-on-linux, but none of them seems to have an explanation for this arp[24:4] bit or the '0x' at the beginning of the hexadecimal representation of the IP address. (I also went back to the networking essentials room on tryhackme and couldn't find anything informative there for the ARP stuff above.)

Thanks for any help you can provide! :)

3 Comments
2024/11/08
04:12 UTC

0

Help

I need a full guide on how can i become ethical hacker or cyber security expert..cuz if i dont do anything am gonna die cuz i am a bad son..so kindly help me guyz

1 Comment
2024/11/07
11:24 UTC

0

I need insight.

Hey guys! Long story short my girlfriend's Instagram is hacked by a sociopath who goes above and beyond to sabotage our plans, lives and also had a hand bringing problems to her sister's life too. I'd like to have some insight about what programs he may be using and if I can fight fire with fire.

1 Comment
2024/11/07
00:49 UTC

4

Help with executing GC2-sheet

Been trying to get this malware to work and have been following the github down to a T, but everytime I try to launch the compiled executable I either receive no error message and no connection to Google Sheets or I compile the executable as (go build gc2-sheet.go) but receive the following error message when executed:
[-] Failed to pull new command and ticker: an error occurred while pulling command and ticker from remote source: %!w(<nil>)
Any advice on how to get this to execute would be greatly appreciated.

1 Comment
2024/11/07
00:20 UTC

0

Can some one show me how to preform a deauth attack on kali linux to the whole wifi router

i alr have the needed stuff

Gen 1 tp link wifi adapter

kali linux computer

15 Comments
2024/11/05
23:22 UTC

4

Need to implement a CVE as a CTF for a final project, any ideas?

I have to pick an existing CVE, implement the vulnerability, exploit it and create a proof of concept capture the flag game.

I'm not looking to some super complicated CVE, I got other things to do, any help would be appreciated.

8 Comments
2024/11/05
15:58 UTC

5

John the Ripper

Hello everyone! I am using John the Ripper to crack some hashes. Is the default setting using the GPU and not the CPU? If so how do I get John to use the CPU? Hashcat can do the same file in 3-7 hours while John takes 30+ hours.

Any John pros that know how to set CPU use instead of GPU??

9 Comments
2024/11/05
12:50 UTC

0

Apk modding

I am facing an issue and i am new to modding. As i am trying to change some file in Clash of clans just a small change like changing its profile picture using apk editor and then saving that apk but apk editor signed apk with its custom key. So, the problem is even iam changing coc profile picture and after creating a signed apk of that (i dont have a rooted phone) and when i install that apk that is modded it just open and then close. App is not opening. So, i want to know if it is happening due to the signed key issue ? Or something else?

6 Comments
2024/11/04
06:21 UTC

0

Cyber Punk Programmers

Anybody used them? Anybody scammed by them? They claim to provide a software app that allows you to monitor an iPhone from your own phone. Is it just BS?

28 Comments
2024/11/01
11:59 UTC

40

Is Bluetooth spoofing even possible?

Backstory: I'm a taxi driver, and our orders come through a company-issued Android phone with a locked-down system. We can only use it for orders, navigation, and a few other limited functions.

Here’s my issue: when I’m waiting at home (about a 3-minute walk from my car), I have to get to the car within 2 minutes of an order coming in so my phone can connect to the car's Bluetooth hub. If I’m not within range in time, I lose the order. If I run, I can make it. Bro, I don't want to run everytime :-)

I've been wondering if Bluetooth spoofing could solve this. I tried with several devices—desktop, laptop, two Bluetooth dongles, and a Raspberry Pi using Kali Linux—but every attempt failed, likely due to manufacturer restrictions.

Is it even possible to spoof a Bluetooth? Would this even work?

Does anyone have another suggestion how I could make it see that my phone is always connected to my hub?

26 Comments
2024/10/31
21:14 UTC

3

OllyDbg bits

I'm debugging a program in OllyDbg x32. After closing and restarting this program and Olly several times, it is now not recognized anymore in the Attach window of x32 Olly. The x64 OllyDbg recognizes it tho, but it still a 32-bit program according to Task Manager's Detail tab. If I restart windows, it goes back to normal 32-bits. Does anyone know how to fix it?

1 Comment
2024/10/31
13:28 UTC

0

How do you hack

I wanna try and hack stuff but idk how too do it and what to use any1 got tips

4 Comments
2024/10/31
03:11 UTC

1

Can I Capture a WPA2 Handshake with an Incorrect Password Attempt?

I have a question about capturing WPA2 handshakes. I set my laptop to monitor a specific access point and then tried to connect my phone using an incorrect password. To my surprise, it indicated that a handshake was captured.

Is it normal for a handshake to be captured even if I entered the wrong password? If I use a tool like Hashcat on that handshake, will it help me find the correct password, or does the handshake only reflect the incorrect attempt?

8 Comments
2024/10/30
12:52 UTC

Back To Top