Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [06:34:39] <ThKitten> I'm about to anonymously send my asshole boss a book. "How To Win Friends and Influence People". I'll tell her to "read and apply chapter 1 immediately", which is essentially, "don't be an asshole to people you want something from"
- [06:47:00] * Andrew_0010bit (~Andrew_00@host-74.91.78.101.bpsnetworks.com) has joined
- [08:27:50] <Androdysseass> Friendly reminder to do it with Tor at a cafe
- [08:28:06] <Androdysseass> If you truly want it to be anon.
- [08:29:44] <Androdysseass> The cafe part is almost more important than the tor part.
- [08:36:41] <ThKitten> turns out I couldn't do what I wanted, my account is in the negative atm lol yayyy adult life
- [08:37:30] <ThKitten> Androdysseass I do highly recommend, if you don't have it already, you to get a kali usb setup so you can play around with these tools. One I'm getting into right now is in the 'information gathering stage', a tool called 'recon-ng'. Really good, loving it :D
- [08:38:22] <ThKitten> Also something you should take a look at: https://www.greycampus.com/opencampus/ethical-hacking/phases-of-hacking
- [08:38:27] <ThKitten> The phases of hacking.
- [08:38:52] <ThKitten> 1. Reconnaissance. 2. Scanning. 3. Gaining Access. 4. Maintaining Access. 5. Clearing Tracks.
- [08:39:00] <Androdysseass> Like wireshark?
- [08:39:16] <ThKitten> noooo not like wireshark
- [08:39:26] <Androdysseass> Oooh where did you le- oh it's in the link cooook
- [08:39:29] <Androdysseass> Cool*
- [08:39:33] <ThKitten> Wireshark would be under the 'sniffing' and 'scanning' part, as it's a packet capturing tool
- [08:40:37] <ThKitten> A lot of skiddies just try to hack right away, at their own detriment. (skiddie = script kiddie, generally noobs with a lot of auto-tools at their disposal). Recon is almost entirely completely hands OFF at least at the start
- [08:41:55] <ThKitten> So, the first stage, is mostly research, if your target is an establishment, you create a profile for it, or a person, you create a profile, generally these are known as a 'dox'. As much personal information about that person or establishment you can possibly gather. name, birthdate, phone, address, hair color, pictures, google maps link, bank, job
- [08:41:55] <ThKitten> , co-workers, employer, etc. etc.
- [08:42:28] <Androdysseass> Whew. Glad I'm not actually trying to hack anything I dont own. Except for accidentally that thing that got me yelled at by HTB.
- [08:42:41] <Androdysseass> I'm reading all this btw
- [08:43:17] <Androdysseass> Oh I watched your videos too, and I'm working on hex/binary and cementing the networking knowledge!
- [08:43:28] <ThKitten> all of this info you can probably find without ever having to touch their systems to begin with. If there's particular piece of information you absolutely need but aren't ready for phase 2, you could use a more hands ON approach, such as social engineering, etc. Which in itself is a skill you can learn which can be incredibly devestating for your t
- [08:43:29] <ThKitten> arget(s)
- [08:43:37] <ThKitten> nice!
- [08:45:26] <ThKitten> You don't even scan a computer until you're done with your first phase, recon, but sometimes a scan can be part of that first phase. You'd need to learn how to make sure that your scans are secure for you though. Never ever touch those systems or ANYTHING related to your five phases with your own personal IP, in fact, best to use tor, a vpn, AND, b
- [08:45:26] <ThKitten> e at a wireless hotspot using a macchanger the entire time, and don't use the same ones either. It's best to have about ten different entire sets of anonymizing tools/locations for various phases
- [08:45:51] <ThKitten> once you do scan though, you're doing so passively, as you don't want to set off firewall alarms or be locked out
- [08:46:43] <ThKitten> Phase 3 is often a critical, yet very very quick phase. By this point you may have spent MONTHS gathering your intel and info. The actual exploit itself should be well thought out, swift, and easy for you to do.
- [08:47:26] <ThKitten> Once you gain access to a system, you'll want to immediately see about maintaning access, i.e. install a trojan of some form to allow you access again. After that, wipe away your tracks and make quadruple sure you can't be traced back.
- [08:48:01] <Androdysseass> This is where I will need most help.
- [08:48:25] <Androdysseass> Planning is usually 2/3 the operation, which leaves execution. I've never had to deal with exfil
- [08:48:38] <ThKitten> Personally, I wouldn't even perform recon scans once I'm in a network, too easy to get caught and there's no backdoor or covering my tracks done yet. I personally would wait three weeks to a month before launching any further attacks, just to make sure my entry hasn't been spotted yet
- [08:50:31] <ThKitten> but once that happens, you're gonna want to run through your entire five phases all over again, don't start over in the middle. Recon info may have changed, new team members hired, old ones left, new management, new address or phone, etc. At least you have a back door, so when you want to get in, you can, real quick, do your scans, see what info is
- [08:50:31] <ThKitten> available, steal what can be stolen, etc. etc. maybe exploit other machines deeper within the network, depends on what you want to do.
- [08:50:44] <ThKitten> Of courst, I'm saying all of this in the terms of a white hat hacker, not a black hat
- [08:52:29] * Androdysseass has quit (Remote host closed the connection)
- [08:52:40] <Quantos> LMAO
- [08:53:04] <Quantos> That's funny stuff, great spot to exit.....
- [08:53:08] <Quantos> :D
- [08:53:19] * Androdysseas (~androirc@2605:a601:a1d:3c00:a109:3282:645d:aca4) has joined
- [08:53:20] <Quantos> I think he goofed
- [08:53:23] <Quantos> WB
- [08:53:30] <Androdysseas> Nah, my client crashed lol
- [08:53:41] <Quantos> LMAO, what are you using as a client?
- [08:54:13] <Androdysseas> Which sucks. because I've lost all of tks kn0wledge >_> I was gonna go back through and Google keywords and shit
- [08:54:25] <Quantos> I have the logs
- [08:54:54] <Quantos> I can't repeat them here, that's spam, but I'll put it in a pastebin for you
- [08:54:58] <Androdysseas> Can you PM basically our last conversation to me? I would be gratefum
- [08:55:08] <Androdysseas> Sweet. That works too.
- [08:55:09] <ThKitten> did I miss something? XD
- [08:55:17] <Quantos> Do you only need it for this morning?
- [08:55:24] <Androdysseas> I uh. My phone was having a moment. Lol
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement