Here is the link: https://github.com/shreyaschavhan/python-for-awae

Just wanted to share! Have a great day;)

Hey guys, i'm a software engineer trying to get into hacking. So i'm trying to understand how kali linux is used by the people in the field.

In currently with a dual boot of windows 10 and ubuntu and i'm not sure if people usually make a vm to run kali or just add as another OS in the system.

How do you guys who use kali, do it?

Hey, I was thinking of buying a YubiKey 5c nfc but I was wondering if it would be possible for someone to clone it while it’s in my pocket or something. Do any of you know if that’s possible? And if so from how far away could that be done? I can’t seem to find much on the internet about it except from possibly bias sources, like the YubiKey subreddit for example.

Im not really too worried about people hacking me, but im playing a Apex and I want to call out a bunch of cheaters/hackers without being traceable back to myself. They are really good at hacking, and I wouldn’t be surprised if they tried to expose me for exposing them lol. So if I post a YouTube video, is there anyway for them to trace it back to me?

What exactly does it mean when burp intruder doesnt get a response and has an error check in the error column of the results?

Im doing throttling testing on an API and often see this, but I’m not sure what this actually means.

Is it an error with burp? Is it an error with the API endpoint? Could it be either? Port swiggers site says its for network errors, but that could be anything.

So I wake up this morning and decide to continue dicking around with a C2 server I had setup to demo some hacking related things to friends a while back...

And discovered about 100 apparently live connections from machines I have never seen or interacted with before.

Quickly killed the C2 and promptly began freaking tf out.

These machines should not be there ---

Checking the logs it doesn't look like there was any commands issued to them...not a whoami, nothing... just connections so I am hoping this means no one has been using my C2 for thier own nefarious purposes.

I nmaped my c2 server's bridge port, and also tried to netcat into it - neither of these things made a new connection appear in the C2's list... which means all these machines I am seeing are probably not just bots port scanning stuff...

I have the dropper hosted on a little http server on the same machine, it's just an exe that sits there... as far as I know, basically the only way to get a connection to the C2 is to 1. Disable your antivirus 2. download this file 3. Run it.

So like... I guess my questions are:

1. How much shit am I in? As far as I know there's not been any commands issued from my C2 to these zombies or whatever you want to call them. But is just making a connection to it a problem? Even if these machines did so apparently of thier own accord?

2. How the fuck are these machines even here?

3. Is it possible these machines might be securty researchers or honeypots, waiting to see if they make a connection to this C2, what type of commands might come from it. Or like "let's download this malware and see what it does so we can figure out what it's trying to do and if it's part of some kind of larger illegal activity so we can stop it" type thing?

Most of the host names and usernames look legit... there are a couple basically random strings as host names... but some of them are a bit too on-the-nose, "John, fred" etc. Like too much like "oh I'm just a dumb user who doesn't know anything about computers, please attack me" type vibes.

Gave me quite the scare this morning, was not expecting that. I suppose if I want to demo this stuff I'll need to think of another option that I can somehow hide from the prying eyes of... I guess people who purposefully download and run, as far as they know, malicious software? Lesson learned I think.

Just curious. How are websites like breachforums able to host their site while maintaining good Opsec? My guess is there are cloud hosting services and domain services that provide their stuff for something like Monero. What do you guys know?

I was curious if anyone could help guide me on potentially uncovering the admin tools password of a program called Serials 2000. Versions 7.0b or even better, 7.1 (though they could be same pass for all i know). I have the software. I am guessing many of you know what it was for. I am interested in this purely for nostalgia sake. I know the admin password for previous versions and have all the tools that were made to not need access to that menu but I just want to know it. This ware was a huge part of my teen computing years lol.

I have minimal programming knowledge but I have messed around with decompiling it with IDA and trying stuff with memory and debugging with Olly. But I honestly know very little about what I am doing. I have seen the dialog using Resource Hacker but I want to experience using it. I have reached out to some of the crew members from that software's golden era but either have not received replies or the person did not know or remember it at this point.

I also believe the code is obfuscated or encrypted to some degree but am not certain of this.

If reverse engineering is not the solution or too difficult or impossible due to possible obfuscation or encryption is there a brute force tool that would work well with a password prompt that would need a actions taken between each password try? Like it would need to OK the error box after failed attempt then do File -> Administration Tools and then enter another pass and hit enter again. So I guess something like a macro that can pull words from a dictionary file like rockyou or something? I don't know. Any help or advice is greatly appreciated. Thank you for taking the time to read.

Edit: exe is 32bit windows executable. unknown language/compiler...

Hello guys sorry if this question is often asked or if im in the wrong sub. So, i started learning pentesting a few weeks ago. Im currently using a Thinkpad x395 on W10 and i run Vms on it. I want to change my os to linux but i dont really know which distro. I want something clean with a desktop environment (Mac os style), capable of running Multiple Vms. I was looking into pop so is it a good thing ? should i stay on w10 ? Thanks guys

I just wanted to preface by saying this is for a semester project for my cyber security class. My group and I are trying to access our school gym without actually having an account by using a forged barcode.

You need a barcode to be scanned which is generated on your phone when you log into the gym’s app. We were wondering if we can somehow connect our forged barcode with an existing account (something we have access to).

Do sites like bug crowd or Hackerone only take 0 days?

I've been getting back into cyber sec for the last few years and have found several known CVEs in the wild (no 0days). I have approached all the people affected by these directly and they either all ignore me or tell me they dont care. In every case this has happened.
Once I even found full read write access in a database that contained medical information , dox and surgery pictures online.
This medical DB was in another country from my own.
The people who owned the box, the people who owned the medical clinic, the forigen governments intel and cyber sec agency all gave me 100% radio silence .
I eventually contacted CERT of the US, they apparently dealt with the issue and I got nothing out of it .

Some general guidance on what I should do when I find non 0 day CVE would be appreciated.

I recently saw a youtube tutorial in which he decrypts a password protected video file. When asked about his ppvm decryptor software, he said it's for his personal use only and he has no plans making the software public. This is the video. If any one knows how to crack a ppvm file please let us know.

So I was trying out setoolkit (#5 mass emailer), to send an email from my gmail #1 to gmail #2. I typed in everything correctly, including my email pass, several times. But the result says:

It appears your password was incorrect.

Printing response: a bytes-like object is required, not 'str'

I don't receive the email. I dunno what's up. I can login with the email with the pass that i typed into SET.

Any thoughts, please?

(Running Kali on VMWare)

I have mt7921e (reported by inxi -n) that came with a Lenovo laptop. Does this card support packet injection? I tested hcxdumptool --check_injection and it showed packet injection working on 2.4ghz with average ratio. But after i tested aireplay --test, it showed no answer. 0 APs.

Then again i tested hcxdumptool --check_injection, this time hcxdumptool reports no PROBERESPONSE, packet injection is not working. Surrounding APs are exactly same as before, none was turned off. Is the card not supporting capabilities for wireless attack? Or is it the drivers?