API tools faq
paste
Advertisement
I_am_THE_Quantos

Untitled

I_am_THE_Quantos
Dec 3rd, 2018
352
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.31 KB | None | 0 0
raw download clone embed print report
  1. [06:34:39] <ThKitten> I'm about to anonymously send my asshole boss a book. "How To Win Friends and Influence People". I'll tell her to "read and apply chapter 1 immediately", which is essentially, "don't be an asshole to people you want something from"
  2. [06:47:00] * Andrew_0010bit (~Andrew_00@host-74.91.78.101.bpsnetworks.com) has joined
  3. [08:27:50] <Androdysseass> Friendly reminder to do it with Tor at a cafe
  4. [08:28:06] <Androdysseass> If you truly want it to be anon.
  5. [08:29:44] <Androdysseass> The cafe part is almost more important than the tor part.
  6. [08:36:41] <ThKitten> turns out I couldn't do what I wanted, my account is in the negative atm lol yayyy adult life
  7. [08:37:30] <ThKitten> Androdysseass I do highly recommend, if you don't have it already, you to get a kali usb setup so you can play around with these tools. One I'm getting into right now is in the 'information gathering stage', a tool called 'recon-ng'. Really good, loving it :D
  8. [08:38:22] <ThKitten> Also something you should take a look at: https://www.greycampus.com/opencampus/ethical-hacking/phases-of-hacking
  9. [08:38:27] <ThKitten> The phases of hacking.
  10. [08:38:52] <ThKitten> 1. Reconnaissance. 2. Scanning. 3. Gaining Access. 4. Maintaining Access. 5. Clearing Tracks.
  11. [08:39:00] <Androdysseass> Like wireshark?
  12. [08:39:16] <ThKitten> noooo not like wireshark
  13. [08:39:26] <Androdysseass> Oooh where did you le- oh it's in the link cooook
  14. [08:39:29] <Androdysseass> Cool*
  15. [08:39:33] <ThKitten> Wireshark would be under the 'sniffing' and 'scanning' part, as it's a packet capturing tool
  16. [08:40:37] <ThKitten> A lot of skiddies just try to hack right away, at their own detriment. (skiddie = script kiddie, generally noobs with a lot of auto-tools at their disposal). Recon is almost entirely completely hands OFF at least at the start
  17. [08:41:55] <ThKitten> So, the first stage, is mostly research, if your target is an establishment, you create a profile for it, or a person, you create a profile, generally these are known as a 'dox'. As much personal information about that person or establishment you can possibly gather. name, birthdate, phone, address, hair color, pictures, google maps link, bank, job
  18. [08:41:55] <ThKitten> , co-workers, employer, etc. etc.
  19. [08:42:28] <Androdysseass> Whew. Glad I'm not actually trying to hack anything I dont own. Except for accidentally that thing that got me yelled at by HTB.
  20. [08:42:41] <Androdysseass> I'm reading all this btw
  21. [08:43:17] <Androdysseass> Oh I watched your videos too, and I'm working on hex/binary and cementing the networking knowledge!
  22. [08:43:28] <ThKitten> all of this info you can probably find without ever having to touch their systems to begin with. If there's particular piece of information you absolutely need but aren't ready for phase 2, you could use a more hands ON approach, such as social engineering, etc. Which in itself is a skill you can learn which can be incredibly devestating for your t
  23. [08:43:29] <ThKitten> arget(s)
  24. [08:43:37] <ThKitten> nice!
  25. [08:45:26] <ThKitten> You don't even scan a computer until you're done with your first phase, recon, but sometimes a scan can be part of that first phase. You'd need to learn how to make sure that your scans are secure for you though. Never ever touch those systems or ANYTHING related to your five phases with your own personal IP, in fact, best to use tor, a vpn, AND, b
  26. [08:45:26] <ThKitten> e at a wireless hotspot using a macchanger the entire time, and don't use the same ones either. It's best to have about ten different entire sets of anonymizing tools/locations for various phases
  27. [08:45:51] <ThKitten> once you do scan though, you're doing so passively, as you don't want to set off firewall alarms or be locked out
  28. [08:46:43] <ThKitten> Phase 3 is often a critical, yet very very quick phase. By this point you may have spent MONTHS gathering your intel and info. The actual exploit itself should be well thought out, swift, and easy for you to do.
  29. [08:47:26] <ThKitten> Once you gain access to a system, you'll want to immediately see about maintaning access, i.e. install a trojan of some form to allow you access again. After that, wipe away your tracks and make quadruple sure you can't be traced back.
  30. [08:48:01] <Androdysseass> This is where I will need most help.
  31. [08:48:25] <Androdysseass> Planning is usually 2/3 the operation, which leaves execution. I've never had to deal with exfil
  32. [08:48:38] <ThKitten> Personally, I wouldn't even perform recon scans once I'm in a network, too easy to get caught and there's no backdoor or covering my tracks done yet. I personally would wait three weeks to a month before launching any further attacks, just to make sure my entry hasn't been spotted yet
  33. [08:50:31] <ThKitten> but once that happens, you're gonna want to run through your entire five phases all over again, don't start over in the middle. Recon info may have changed, new team members hired, old ones left, new management, new address or phone, etc. At least you have a back door, so when you want to get in, you can, real quick, do your scans, see what info is
  34. [08:50:31] <ThKitten> available, steal what can be stolen, etc. etc. maybe exploit other machines deeper within the network, depends on what you want to do.
  35. [08:50:44] <ThKitten> Of courst, I'm saying all of this in the terms of a white hat hacker, not a black hat
  36. [08:52:29] * Androdysseass has quit (Remote host closed the connection)
  37. [08:52:40] <Quantos> LMAO
  38. [08:53:04] <Quantos> That's funny stuff, great spot to exit.....
  39. [08:53:08] <Quantos> :D
  40. [08:53:19] * Androdysseas (~androirc@2605:a601:a1d:3c00:a109:3282:645d:aca4) has joined
  41. [08:53:20] <Quantos> I think he goofed
  42. [08:53:23] <Quantos> WB
  43. [08:53:30] <Androdysseas> Nah, my client crashed lol
  44. [08:53:41] <Quantos> LMAO, what are you using as a client?
  45. [08:54:13] <Androdysseas> Which sucks. because I've lost all of tks kn0wledge >_> I was gonna go back through and Google keywords and shit
  46. [08:54:25] <Quantos> I have the logs
  47. [08:54:54] <Quantos> I can't repeat them here, that's spam, but I'll put it in a pastebin for you
  48. [08:54:58] <Androdysseas> Can you PM basically our last conversation to me? I would be gratefum
  49. [08:55:08] <Androdysseas> Sweet. That works too.
  50. [08:55:09] <ThKitten> did I miss something? XD
  51. [08:55:17] <Quantos> Do you only need it for this morning?
  52. [08:55:24] <Androdysseas> I uh. My phone was having a moment. Lol
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!