No.2139
This guy has a good intro to binary exploitation class
https://samsclass.info/127/127_F15.shtml No.2942
bump for more protips and links
No.2945
>>2942https://www.root-me.org/I can only speak to the bash challenges but it's as easy as ssh-ing in and getting started. Useful links come with some of the challenges, otherwise you can google stuff.
No.3057
Ive been writing a python tor botnet for the past month or so and its pretty much complete. Ive been meaning to rewrite it in a compiled language to make it harder to reverse and more so just for the sake of learning another language but pretty confused what i should go for since I only know python and have been using pyinstaller to 'compile' the code till date (Ive been thinking c++ since that's the most popular). Ill probably let the cnc be python, just need to rewrite the client-side but im too lazy to leave the comfort of my try catches due to my bad programming practices(though this is a full rewrite of my first version where things are a LOT cleaner). Any advice is welcome.
No.3058
wow thanks Alice, i was actually looking for somethings like this
No.3059
>>3057you can write server-side with whatever you want since you are the one who controls it. but for client-side you cannot be 100% sure that the target computer has all the necessary dependencies installed all the time. so the only safe choice/highest return-on-investment is c or powershell, since they just come as default and you cannot turn them off completely. especially powershell is the tits these days.
don't go with pyinstaller, that's just amateur hour. there are cases where you can write some parts of the payload with python/java/c#/c++/whatever but they are an exception and when you do it you need to do it right. stick with c, asm and powershell. and for c/c++ forget about using standard library, either use readily available methods in winapi or pick an alternative or implement it yourself if you are really desperate.
No.3060
>>3059Im kinda clueless here. Should I really go c rather than c++? How well does it handle threading, it also operates on tor so it should also be able to use socks sockets. Even more so, my main issue is just exception handling or whatever its equivalent is in c/++, how is it done? Thanks for the previous reply.
No.3061
>>2121I know some programming like C, Scheme, and Python but I feel stupid when trying to do HTB. I watched a guy on YouTube do a retired machine and he was using something called burps and capturing traffic and soykaf and it all seemed so complicated.
People who do HTB, how?
No.3062
>>3060malware/offensive software development is in the mission-critical domain. so the obvious choice is c or c++. but c++ takes space and does implementation-specific stuff in the background and if you don't know what your code is doing it is a risk, it might ring some alarm bells, it might leave artifacts behind etc. etc. payloads ideally should be smaller than 150kb w/o packing. static linking makes the binary huge, compile-time dynamic linking leaks information about your code unless you go w/ runtime linking by obfuscating/hashing/whatevering your function calls. and i don't even know how you can runtime link c++ libaries with stuff like templates, library-specific statements etc. all over the place. in theory it should be possible, and i am sure some weirdo wrote about it in his blog but i wouldn't try it. also you don't have exception handling like try, catch, else in c++ that's just syntactic sugar. either there is a thread-specific global variable/function that holds latest error level or system calls return an integer about whether it was successful or not, when unsure just read the documentation. c is simple but also very effective.
be warned though it's not that "easy" to write in c, and not even talking about malware. and even after that writing a simple keylogger in usermode and writing a filter driver in kernelmode are entirely two different things. the latter gives you a bsod when you fuck up. if your only concern is anti-reversing, either use deployment-specific encryption or forget about it. you can do everything you do to binary to python byte-code as well, the main idea is the same you just have to adapt it. also there is a compiler for python called "cython", you might want to check that out. you write the same python code with slight modifications and it spits out compiled python code (i.e. exe/dll).
No.3064
>>3063i have actually started with c++. but along the way i have noticed that it is actually a higher level language than most would assume. if i am doing malware, i want to know what i am doing. malware development is not just the payload, there is also anti-reversing, exfiltration, anti-forensics etc. and c++ standard =/= implementation. standard might say "what" it should do, but not "how" it should do it. depending on your compiler standard methods might leak some critical information in the memory. same also goes for standard c library. and also for 3rd party libraries. you can't just use boost, libcurl, libsodium etc. in your payload. this is not an accounting software. you either use what is readily available in the os or you implement it yourself. which also means no fancy stuff like "strings" and lastly if majority of your operations are string based in a c code then you are doing it wrong already. you don't have to follow what i am saying but then don't be surprised when your code is published in some entry -level reverse engineer's personal blog. malware development is not a sub-field of penetration testing or information security, for those fields you have readily available pentest tools which spit out the payload with a couple of keystrokes and languages like python is enough for a proof-of-concept. malware development is actually the same thing as software development, it's like being a programmer more than a hacker. the latter has to be a jack-of-all-trades and the former requires to be a specialist.
for learning resource, follow the recommendations here:
http://www.iso-9899.info/wiki/Books No.3065
a neighbor in my apartment block installed a camera monitoring the shared space on the floor, basically 4 apartments and doors into them and the shared stair case space.
it's stressing me out, camera obviously sees everyone, including me, all people who go in and out of MY apartment, timings and so on. moreover, the guy is likely involved with government agencies, something like that, so he's more likely than not being autistic with this, probably storing the recordings and so on.
how can i solve this issue? im gonna file a complaint checking in with the company that maintains the apartments and so on, but what if they cant solve this? can i somehow SOLVE this myself? thanks for the help in advance.
No.3066
>>3065>the guy is likely involved with government agenciesguys, i dont want you to think im a schizo or something, i dont mean he's some supersecret agent monitoring me specifically, i mean he just more likely than not works in some structure is all. people who have seen him agree that he shares those traits, basically you can tell he's someone like that.
No.3069
>>3065can you reach the camera? does it have a blindspot? maybe just try ripping it off…
No.3070
>>3065or better yet put up your own camera and point it at his door and record people going in and out of his apartment.
No.3071
>>3069no blindspot. the area is narrow, and it's in a corner.
>>3069that doesnt cut it. for a normal person with a family like him it doesnt matter, those structure workers are fine with being monitored and listened and so on, but for me it's a real stress and rather unpleasant - why should I be subjected to such discomfort in my own home, my hideout?
i thought about spraying it with paint, but i cant do it myself, too obvious. i thought about paying someone to do it, but whomstdve???
No.3072
>>3071i am sure there is an obscure local law somewhere that prevents someone from installing a 7/24 online private camera to a shared space. if you are in usa, why don't you try to contact eff about it? they are pretty anti-surveillance and i am sure they would help you out.
No.3106
Anyone know how to break out of a browser using vanilla js?
No.3108
>>2121I've been playing around with bWAPP for a little bit. I recommend it to anyone who wants to practice cracking web applications.
No.3109
>>3107those were my general thoughts too, and funny how i had an opportunity, a haggard looking dude approached me in a shop line and asked for some change, he was a bit short of money to buy a pack of cigarettes. but i was paying with card. anyways, i should've offered to buy him an entire block of cigs or just give some money so he would pull it off
however it's kinda suspicious still, even if it will obviously be NOT ME.
No.3113
I mean, probably better to have a weird thing that is not readily tied to one of your identities, than a normal thing that is. Maybe things could still be traced to you, but the more work you make that take, probably the better.
No.3179
>>2945Is this legit?
I spy with my eye the little word "reward"…
No.3690
Does anyone have any good resources for de-anonymizing tor onion services? I'm trying to do some pen testing on a .onion server I'm running that I've been messing around with to see if it leaks information. Resources on this seem very scarce so I'd love some advice or links.
