arisuchan    [ tech / cult / art ]   [ λ / Δ ]   [ psy ]   [ ru ]   [ random ]   [ meta ]   [ all ]    info / stickers     temporarily disabledtemporarily disabled

/cyb/ - cyberpunk and cybersecurity

low life. high tech. anonymity. privacy. security.
Name
Email
Subject
Comment

formatting options
File
Password (For file deletion.)

Help me fix this shit. https://legacy.arisuchan.jp/q/res/2703.html#2703

Kalyx ######

File: 1525264632893.jpg (7.05 KB, 211x228, dwarfsx0.jpg)

 No.2760

Greetings, so in the first year our Networks teacher told us that if we could pull off a hacking stunt on their network he would reward us greatly. What could I learn, search and apply practically in order to gain some better knowledge on netsec and hacking? What specs should I know from their network, to take advantage?

My experience so far is on C, Python and anything network architecture related. I'm mostly looking for practical ideas and actions I could do to become able to apply anything, as long as I get to learn new stuff, and potentially fuck a bit with my teacher.

 No.2764

>>2760

How about using social engineering? I don't know if you would learn something new but you could definitely fuck with your teacher.

 No.2765

Port scan the network and start researching vulnerabilities in services/internal web applications.

 No.2766

In my college it was easy(while on campus) to spoof their email system and do fun stuff.

 No.2770

>>2764
Social engineering seems a bit off, since I'll have to apply tactics that are generally not on the field of CS. Seems really interesting though.

>2765
I'll run a port scan in the upcoming days, when I get there and actually get my hands on a port scanner, or lean how to actually handle one. Any suggestions for port scanners out there?

>2766
Spoofing seems interesting as well. Though my professor is some really good netsec dude and I doubt that the network is defenseless. He lectured us on some malicious ways that hackers used and he seemed well aware of spoofing and how to protect the network.

I was looking at Server Side Request Forgery the other day and it seemed really promising, assuming that it is a newly found and obscure method to bypass a firewall. How could I leverage this, if I don't know the inner architecture of a network? Is there any way to find where the users and their passwords database is for example, or what to ping in order to look into the traffic?

 No.2771

>>2770
>Any suggestions for port scanners out there?

nmap is the standard

 No.2774

Send the bomb threat before difficult exam, don't forget to use TOR and free college wifi for extra OPSEC.

 No.2777

>>2770
>my professor is some really good netsec dude and I doubt that the network is defenseless
Professors usually aren't in charge of that kind of stuff, unless it's like his main/second job.

>if I don't know the inner architecture of a network
If I were you I would:
- Pay some attention to small/internal stuff that you already have access to like: a boardrooms booking system in the library or any internal communication system… and find out what they run
- Study the network's layout. There are many tools for that, but you can literally just use tracert and a piece of paper(assuming an small campus) or whatever stuff you learned to use in your class.
- Visit seedy places of the web where not-so-old vulnerabilities get passed around and see if any of them fit what you need.
-If your professor uses the wifi during class(he probably does, we're all human) honeypotting him should be doable.

Also, my college had some pretty draconian rules against compsci students having this kind of fun, so maybe thread carefully.

 No.2779

Im not too sure myself, but there are many hacker tools which you can get around the dark web (or so I have been told).
Try installing some on a memory stick and running them… see what happens…

 No.2784

Something weird happened 2 days ago. The whole sire was down due to a 500 internal server error. I compiled a list of errors I found while browsing the site during downtime and also found the /claroline/backends documents that consist of many .php elements (ill upload a picture). After a downtime (sometimes request would get through) of about 13 hours the site was back up and a new error.php file was uploaded in the /backends containing error logs from 2013-May 5th 2018. Does anyone know any vulnerabilities for Claroline type websites?

The error.php text has a lot of interesting stuff, potentially showcasing the internal architecture of the system. I'll upload pics when I'm back.

 No.2877

>>2784
please do

 No.2878

>>2877
I think they're long gone, Chisa.

 No.2971

>>2877
>>2878

Oh man. I haven't delivered soykaf, I totally forgot I'm super sorry. Got caught up with the second semester doing an android app / an Apache website with some teamates (aka ended up writing 60% of the java/php/js in a team of 5 people) and finished 3 days ago doing some OS stuff for the end of the semester. Totally forgot because I had to carry people. I'm home for now and away from my desktop, will probably return next week, since the only thing I can do here is drink/smoke/fuck around with friends. I need to go back and start tackling websec and my dissertation for next year.

Only update I can give is that the error log is long gone from the directory, but I saved it. Thing is, to look at the thing and actually try to understand anything.

 No.2973

Run a 'host -t mx <domain>' on their email, telnet to the host, and start sending emails. It's easy enough to spoof your IP (or do it from a public computer) because those show up in the headers.
That one's pretty easy. My college's blackboard (online assignment submission system) ran on HTTP so it was also trivially easy (cain & abel) to steal credentials from other students and post to class forums as them, or submit garbage as their assignments. Of course, I only showed my professor proof of concepts and didn't do anything to anyone.

 No.2974

>>2973
>That one's pretty easy. My college's blackboard (online assignment submission system) ran on HTTP so it was also trivially easy
Or deploying a keylogger/form-grabber implant at a public (class) computer in case their web infrastructure is secure. It is surprising how many faculty staff logs into their account by using public computers which usually have no PSP software besides a soykafty DeepFreeze-like kernel level disk driver which can be easily bypassed and even weaponized.

I found a similar scenario in my university campus where also BIOS was not password-protected in which case DF is useless. When I reported it to IT they said this is not a real threat vector and somebody needs to be Mr. Robot good to do something with it. Let's just say I didn't report any of my new findings afterwards. :)

In 2018, we are pretty much living in the cyber-era and carelessness of people regarding such matters makes me cringe. They still think just locking their doors and having a soykafty security guard made of "random middle-aged dudes" is enough to keep them secure. This is not USA though, they already have enough Mitnicks, NSAs or whatever to make them care a little bit.

 No.2994

>>2974
hacker_vs_salt_shaker.txt

 No.3056

File: 1531811375100.png (141.72 KB, 1830x896, Comp1.png)

OP here, a little late, I should have done this about a month ago. I want to know whether this error file that was uploaded on the claroline/backends is usefull at all. A sample of this file is number 1. In number 2 is a snippet of the same file that kept repeating from April 2018 till 2014.

And on 3 is a pic of the claroline/backends and waht it contains. I really like hearing to your ideas and exploits, even if I believe myself too inexperienced to try them out. Also, am expecting some parts for another pc I could use solely for said purposes


[Return] [Go to top] [ Catalog ] [Post a Reply]
Delete Post [ ]