#networking

Was funny to watch, but heck I don't even do PDP anymore

He's just too crude

pdp was cool when he did amnesia gameplay

after that it got boring

he used to be cool, but now he's just sad

Sometimes I feel bad for Marzia but then again she got that money money

my problem with youtube

when I open it

it only suggest shit I've already seen before

and if I go explore new videos, all is trash

yeah

especially nowadays

@tame carbon it was removed. I think I'll give the router back this afternoon

@supple hare after you removed the CPL and all the other stuff

run that winmtr again

see if there's a difference

might want to restart the router as well

Winmtr is the app I downloaded yesterday ?

yeah

Ok

@supple hare it should be 0%

https://i.imgur.com/An970JE.png

100% just means, that that specific router ignores all your pings

Host was 1.1.1.1 right ?

yeh

that's cloudflare DNS xD

What's that x) ?

90% lost on bbox.lan

wtf

Can't even send a message on disc

ok that modem is trash.

get a new one.

Ok xD

@supple hare it makes no sense though

Tysm for your help anyway

it reports address conflicts internally

which would be correct, the symptoms match

though I don't understand where this conflict is coming from

usually, its just some device with poorly configured IP settings

if you have two devices with the same IP on the same network

it doesnt know where to send the data to

and most of it will get lost

Oh yeah makes sense. Let's just hope the 3rd router doesn't have the same problem

@supple hare are you 100% sure there isnt anything else connected to it?

Yeah

including wireless?

Yeah, 2 cables, one coming from the fiber box and one to my pc

@supple hare can you take a picture of the network rig?

Might not need that crappy bbox

On the website it doesn't look like anything is connected to it except sometimes my PC turns on

If its a common interface from the fiber box

might be able to get your own router

@peak cloak I am so confuzzled by his problems lol

@tame carbon sometimes even if it's an sfp doesn't mean you can

his router reports an IP conflict

the conflicted MAC address, has a vendor ID, of the very router that is reporting the issue

Before someone had an sfp going it to his router but it was gpon so it wouldn't work on another sfp device

Huh

Yeah.

huh.

That's the box which receives the fiber. Sorry for the terrible pic btw. Already packed the router to change it, the shop closes soon

AHH

CHINESE

jk

xDD

@supple hare can you show the back please?

@supple hare and then, I'm interested, in what your router reports on the WAN

I want to see what authentication it uses

if its PPP

you can just get your own router instead of the bbox

hook that up to the fiber box, and go :D

@peak cloak Its PON btw

@peak cloak any hints on common implementation details with that? is it just DHCP ?

Yeah

PON

At least with fios, it's just dhcp

@supple hare alright, cool, now log into the bbox, and go to WAN or Internet settings

I want to see how it negotiates the address with the fiber box

@supple hare

@peak cloak lol, we should make a directory. Keep information on how every ISP implement their handover

Sorry, I'm already on my way to the store... They were only open till 3:00pm and I won't have the time to go there next week

@supple hare fair.

@supple hare though if its really a problem with the bbox, you'll probably have the issue after you swap the device

come back if you still have issues, we might be able to set you up with an alternative

What is this?

Oh its a little fiber box

@static knoll that's his ONT

Fiber in, ethernet out

Seems very small

@static knoll they can be even smaller ;D

so cuteeeeeee

I think the FIOS one is gigantic

Not sure tho

Fiber -> SFP+

Dang that's small

I assume for rack use

Yeah I planned on doing this

@static knoll https://i.imgur.com/IKAPj8o.jpg

@static knoll they plug directly into your equipment

Ah so yes for rack/switch use

A box which receives the fiber optic and then "gives" the internet to my modem

Not for the typicaluser

@supple hare just call it a fiber modem

that's really what it does

Yeah, more convenient, didn't know the term

aren't modems mainly for converting phone lines to internet or something

I forget sometimes

modems modulate and demodulate a digital signal from one medium to another

A modem – a portmanteau of "modulator-demodulator" – is a hardware device that converts data from a digital format, intended for communication directly between devices with specialized wiring, into one suitable for a transmission medium such as telephone lines or radio

Its an umbrella term for this technique

https://www.youtube.com/watch?v=o0WzD0oaoBg

@static knoll main difference with active and passive fiber networks is the layer 2 implementation

Ah yes

on PON, your fiber connection is shared, each 'box' has its own MAC

I assume PON is not as good as the alternative

active optical, is a seperate fiber for every subscriber

@static knoll well, PON is a bit like coaxial

Better but more expensive I think?

where you have 1 fiber for the entire neighborhood

PON is less reliable, lower throughput

though if deployed properly, can be just as good as active

active optical networks have some other benefits

@static knoll datacenters and long-haul is all active

ah

I only hate coax because of two things

One, the cable sucks

its a shared medium

Two, the connector is one of the most annoying I have ever dealt with

@static knoll biggest problem with coaxial is improper filtering/faulty gear

if one person has a faulty modem or adapter

it can create interference/noise

which can go over the coaxial

knock down service for everyone

Yeah, I will probably get the coax at home switched over this summer

Coax is faster than DSL

but not as reliable

DSL funny enough, will work over the shittiest of copper cables

DSL is still in my Uncle's house, and LTE is faster than it

slow af tho

maybe not with a high speed, but reliable nontheless

fiber is... super reliable

fiber is nice

@static knoll https://i.imgur.com/x6SFUOC.png

0 link downs :D

You have 10Gbps?

@static knoll ok thats cheating

Or is that local cabling

I have 10G locally

1G external fiber (250M speed for internet)

yeah i thought so

I mean, 250 ain't bad

fiber optic converter is on other side https://i.imgur.com/klBwQN0.png

Since its only a 1G fiber, I don't have a need for SFP+, so I use a cheapo media converter

https://www.tp-link.com/us/business-networking/accessory/mc220l/

this one ^

like 20 bucks

@static knoll When I signed up for fiber internet here

?

Ah

they just ran a plastic tube to the front door outside

bruh

they were planning on installing it like half a year later

Why didn't they do it properly

but we were renovating at that time (and in the middle of moving between houses)

Yes

@static knoll we took a drill to the wall

That's an old one is it not

and then on the inside, used a wallchaser to cut a groove to the attic

👀

the fiber tube ended up in the attic

and when the technician arrived, to install the patch box

I mean, I have cabling stapled to the doorframes in my house lol

he was all confused, since it was the first time he had to go to the attic

Then?

lol, I got a package in the mail

with just an SFP module & 3 meters of fiber patch cable

best. ISP. ever.

LOL NICE

What ISP?

https://www.weserve.nl/nl/fiberfttx/

No

I just got fios like in November

Seems nice, website is pretty cool

tbh idk where my ONT is lol

probably inside the tv cabinet or in the crawlspace

@static knoll they only recently started doing FttH, they have been in the datacenter and hosting business for about 15 years

Probably on the side of your house

@static knoll and the network they are on, is corporate

Gray box

No wonder they're so nice

so peering is amazing :D

😄

Don't think there's one outside it, but I'll check eventually

@static knoll handover is just DHCP over a VLAN

lucky you

IPTV is on a 2nd vlan, with IGMP multicast

even the settop boxes

IPTV is honestly the future of cable, cable tv sucks

are just generic brand

so no monthly fees

damn you have it lucky

@static knoll oh no

this shit is expensive as hell

xD

LMAO

13,50 euros/month for just the fiber itself

(physical infrastructure)

since that is a different company

Wait, if the settop boxes are generic why do you pay for them?

monthly at least

oh those boxes?

you get those for free

but you need a subscription

so not free

Total per month?

FIOS is $80 a month for gigabit (940/880)

then ontop, 79/month, for 250mbit data, 23 bucks for premium tv ( I dont watch TV, but others do)

I could care less about tv

ontop of that comes an additional 16bucks, because I have an additional /29 IP block

Don't think this is outside my house

Yeah sometimes they just have a desktop ont like in my pic

so effectively

So the total per month comes down to?

2 euros/month/ip

@static knoll just under 130 bucks

excluding taxes

I mean, you do live in NL

It's 20 bucks for a static ip here

Per month

@static knoll I have my own business

On top of your residential package?

On top of a business one

I don't have a static

@static knoll and the fiber line is shared with two other companies

Ah, no wonder

I just invoice them for 50/50mbit like, 50 euros a month

So essentially free internet huh

ye

nice

See, in the US of A with FIOS a business connection using static IP is $240 per month for 940/880

Residential, on the other hand, is only $80 in a contract

Surely a static IP doesn't cost an extra $160 a month

Residential is heavily throttled I think

Shared bandwidth

No we get 940/880 consistently

• neighbors have like 100Mbps at max lol

If you constantly had gigabit traffic, then fios would throttle you

@static knoll yeah but not to every bit of the internet

some routes are still slow

and thats why some people pay double for less bandwidth

because they get better peering

ah

yeah I'm not running servers to every part of the world 24/7 so

should be fine lol

@static knoll your ISP pays other entities for peering agreements

bandwidth is not free

big ISPs have it easier

because they have their own network

Technically it's against TOS to host servers on fios but I doubt they care about small ones

and there, peering is essentially free

@peak cloak thats such bull

F

Yeah

took me months to learn how to write around the filter lol

https://bgp.he.net/

its only 1 small server

To check peering

Agreed

my ISP gives me 8 public IPs

specifically for hosting

https://www.verizon.com/about/terms-conditions/verizon-online

my public facing VMs on my server, just get their IP address from DHCP on a vlan lol

@peak cloak yeah thats what happens if you dont have net neutrality

. You also may not exceed the bandwidth usage limitations that Verizon may establish from time to time for the Service, or use the Service to host any type of server. Violation of this Section may result in bandwidth restrictions on your Service or suspension or termination of your Service.

It was always like that

Yeah

but this is not net neutrality

Yeah

they shouldnt be allowed to discriminate between types of data/traffic/services

I agree that c-pornography is illegal

I just got shocked by my TV's display

Out of nowhere

but that is illegal by law, and not by ToS

you may write into the ToS that the use of the service, should be within the limits of the law

which is kinda... obvious and common sense

@peak cloak selling the service on, as in, running your own ISP

that is debateable

Yeah

Reselling

but that's different from hosting your own services

that's just, using the internet.

Verizon thinks they are only a gatekeeper to the big platforms, and all else is to be crushed

@peak cloak I guess you can always try https://ec.europa.eu/immigration/node_en

Nah

@peak cloak lol I remember in 2016 after inauguration, that the canadian immigration portal went offline due to heavy load

Otber state

Nj kinda sucks

isnt NJ a trap?

for people who want to move out of NY

cus NY is kinda crap rn, but NJ is even worse

or something like that

I overheard this somewhere

Oh NJ as in the state

^

Louis rossman?

probably

I lived in NY

@peak cloak his bike ramblings I sometimes watch

I've been to NY once in my life

for like a weekend

slept on 21st story overlooking broadway

Very nice

I haven't even been to like most ny tourist attractions

Haven't been in times square

Times square was too crowded

with my hypersensitivity that comes with aspergers

I couldnt really stay there for more than 20 mins

And the first time I got confronted with actual racism was also in NY

I was born in NYC, never been to the top of liberty

My gf and I came out of the AMC

and we were walking back to the hotel

and some guy started talking me up

trying to sell his mixtape

I just didnt catch on what he was doing, until like a minute

and then he got mad when I politely turned him turn

Me neither, was on the middle part as part of a boy scout trip

and he started going off about how, we white tourists dont give

we only take, and dont care about the people that live here

some ramblings

and then I asked: what does me being white have to do with that?

and he went off on like: we blacks are better stronger have bigger dicks and such

told him good day and started walking

really weird

bigger d argument

yeah idk

didnt feel safe though

@static knoll I thought racism went only one way, but I guess it goes both

I fixed the fortiwifi he acts as wireless client (bridge) and lan ports works to

No more moca 😆

@static knoll other states I've been to

Florida

I forget, orlando, that's a county right?

Went to epcot and magic kingdom

and then also been to Maine and Masschussets

It does, and sadly that's the issue

I still like Massachussets the most

Never been

New England has beautiful countryside

The farthest south I've been is Virginia

I've been to louisiana

I grew up with divorced parents, my dad was kinda loaded when I was a kid, and took us on holidays to US twice

Walmart culture is real there

Those major cities in the US, are so insanely big

Scale compared to my country ,is completely different

And US infrastructure is kinda terrible

train is awful

Amtrak

Never taken it

Trains yeah

I remember in maine during christmas

I've been on nj transit, it works

everyone driving pickups with snowplowers

You should check the train in israel if you think the train in US is awful

The emergency brake is automatic self destruct?

NY NJ probably has the best public transport

Out of the us

@peak cloak here in netherlands, trains go in every direction, every 30 minutes

its been synchronized like that

so that your 'route' with 2 stops

is always the same

busses are twice the rate

for city centers, every 15 minutes

some stations have multiple busses, so you may only need to wait 2-3 mins

sundays, all is halved

busses quartered

and rush hour, it is doubled for trains

like Arnhem Nijmegen -> every 10 mins train

Two major cities

I can understand that the US can't ever achieve this

Netherlands is dense

yeah

you can travel north to south in under 2.5 hours

maybe 3 hours now

since max speed on highway has been reduced

from 130 down to 100

@peak cloak if you ever in germany and drive a fast rental

go on the autobahnn 7am on a sunday

Autobahn go deja vu time

you can do 250 without anyone on the road

Aunt and Cousins live in germany

Was supposed to go this year but covid happened

Germany has truck ban on sunday

so its basically, a deserted road

@static knoll I've driven someone's BMW7 to Dusseldorf airport to pick up someone

@tame carbon when you went to the us you probably saw all the crooked electrical poles lol

from my home in the netherlands, was like 45 minute ride

normally takes 1:20

@peak cloak yeah all the coaxial uglyness

Was it fun?

@static knoll never driven that fast

Ah

so kinda neverracking

lol

also didnt want to overheat the tires

so didnt go that fast for that long

but cruising at 180km/h

is nice

that's 111mph

@peak cloak this is what city infra looks like in Arnhem: https://i.imgur.com/LjqQCaI.jpeg

those cables are for trolley's

Just goes so fast that the tires burn

Yeah, seems really invigorating to do

https://i.imgur.com/eygHcCC.jpg

this is Korenmarkt, most crowded place in the city

this is where all the nightclubs and pubs are located

https://i.imgur.com/pPixcqB.jpg

typical old dutch houses

@static knoll grid system like the US, we don't have here

its all twisted, organicly grown some planned

in the US only big cities are in grids

https://i.imgur.com/l6YxFdj.jpg

in the suburbs and other areas everything is turns and twists

Col-de-sacs

@static knoll https://i.imgur.com/AV9jWtd.jpg

Do you know what these blocked areas are? :D

Hmmmmmmm

Farms?

Residential Areas?

close

Server farms?

they are all greenhouses

They produce 80% of our aggricultural exports

on tiny plot of land

Ohhhhh that's why they're all so white

Very cool

@static knoll and craziest is

https://i.imgur.com/xxqiu6z.png

Thats agricultural exports per country ^

Hoo boy indeed

dutch greenhouses are incredibly modern

computerized, automated

everything

very fancy

https://upload.wikimedia.org/wikipedia/commons/thumb/c/cf/Lichtvervuiling_kassengebied_Luttelgeest.JPG/1280px-Lichtvervuiling_kassengebied_Luttelgeest.JPG

In some areas, it never gets fully dark at night

you always have this orange glow

sunsets here are like this

From?

@static knoll that picture is in the middle of the night

that's from the greenhouses

Wow, that's amazing

All of the light creates a mega nightlight

@static knoll yeah.. opinions on this are divided

local residents are not fans

yeah its not exactly the best for actually sleeping

creates a ton of light pollution

but then again, think of the money

ah, no wonder people are not fans

I've stayed with someone for a weekend once, who lived in this area

yeah, it was quite strange at night

foggy weather makes it even worse

since it scatters the light even more

That's not good

I guess sometimes you have to prioritize survival over comfort

Bad things would happen if those greenhouses shut down

Lol, I am from the east of the country

not my problem xD

here, there are still undeveloped areas

or just farms

better than all of the light pollution lol

yeah

When it snows it's pretty light outside because of the light pollution from ny

major cities also have a lot of light scattering ye

@peak cloak When I came back from france after 2 week holiday

and came back to dense populated areas in netherlands, the first thing i noticed

was the smell of trash

like, typical garbage dump smell

you dont notice it if you are always in it

NY had the same thing for me, when I got out of the plane

air pollution

snow and rain is nice, it wipes all of that from the sky

Yeah

NY during the summer smells

Only reason I go to ny is because friends and family live there

In queens

yo queens gangggg

Where in queens?

Finally the vod from my tv provider working perfect

@peak cloak where in queens? I'm a queens boy

maspeth

Ah maspeth, more west

I live on the far east of queens, Little Neck

pretty lit senior community, safe too

good schools and all

my parents used to live in Greenpoint

used to be a big polish community

my area has bunch of polish ppl

Ah, out in LI?

Brooklyn

Oh

There's a green something in LI

Forgot what

starter base is so insane when you use mods

https://i.imgur.com/nFE6Msg.png

instead of 4 ore types, there's like 12

What game is this

@static knoll factorio https://i.imgur.com/RxFjoSD.jpg

factory building game

Oh factorio

I heard about it, but the actual ads didn't attract me into it

Looks cool tbh

its very steam-punky

i enjoy steampunk lol

but not too over the top

needs some futuristicness

I'm working on my new copper processing plant

https://i.imgur.com/e6cb0J4.jpg

there's this 2nd process you can do to get cobalt

@static knoll with mods its a lot more complicated

https://i.imgur.com/pXNzUNQ.png

but thankfully, there are ingame calculator mods

Ah ok

Is it multiplayer?

yeah

you can run a standalone server

its cross platform

i went to my router's setting but the problem is that i dont know what to write in source IP

https://cdn.discordapp.com/attachments/724361581156237333/807554984086208532/help.png

ooh that's cool, imma look into it

@oblique marlin you can leave source IP blank

i watched a video on youtube it told me to put my static ip there

@oblique marlin nah

just leave it blank, enter the internal host and ports, as well as the external ports

but my udemy course guy didnt mention anything about static ip

you can fill out that source IP to port forward for one specific IP address

if you leave it bank, it will translate any incoming

w8

lemme explain you what i am trying to do

You're port forwarding?

i am practicing ethical hacking

hmmm

and i have created a payload

i want to listen for connections which are coming outside of my LAN

hmmm

the udemy guy showed how to configure router

@oblique marlin you're behind a NAT right now, aren't you/

but his router is different than mine

so you want to port forward

yes

If you really want to learn hacking, learning networking is critical

bleep bleep

@tame carbon tthanks

i want to one day be able to bypass any public internet locks

@oblique marlin if you fill in say: 123.120.10.1 in that source ip

lemme try by without putting source IP

screw "open" networks with a password

@oblique marlin it would only port forward, for connections originating from that specific source ip

if you leave it blank

then

anyone can access a service on your public IP that you have forwarded

ohhh

like a webserver on port 80

i get it

i need one more help

your public IP points to your router

with NAT, you can designate a port, or range of ports, to an internal host

behind the NAT

do you know what a payload means?????

yes

its a crafted message with a specific intention

payloads are a term used all over computing

not just in hacking

my payload is reverse http

i am using port 80 for listening

spawning a backdoor webserver

yeah, that's not unheard off

as long as you stay out of my network, I'm cool

;)

honestly don't learn on the internet

go to like something like hackthebox

i paid

learn on their machines

dobbleoof

on their own vpn

why........

for what

their openvpn has a problem

it gets stuck at loading

@peak cloak you don't really learn from CTFs

kinda do

i checked their forums

I learned a bit tbh

by completing CTFs, you get good at completing CTFs

yes

not at actual hacking

i am begginer

well you learn basics, and what tools to use

do I hear CTFs

@oblique marlin learning the tools is far more valuable

I enjoy it

which is what CTFs aim to do

i am currently doing that only

Thats a nono from me tbh

fortunately i am not a script kiddie

learning the actual skillset you need to achieve xyz, not the tooling.

not skillet

https://tenor.com/view/gordon-ramsay-what-are-you-an-idiot-sandwich-pissed-mad-gif-4781186

all tools are same in one or other way

well the tech behind it and how it works?

@desert briar idunno, I've never really done pesting seriously.
I've written enough php and java to know how to write bad code

@desert briar mitmf/bettercap/ettercap

I've sqli injected some shitty sites before

just for the sake of seeing if I could do it

lol

Yeah well, you wont use any of those if you are testing a real network. Man in the middle attacks are too noisy and invasive.

@oblique marlin I found a website from some asian accupuncture salon

• they have a pretty big chance of screwing up networks 😄

defaced it with a bunch of china memes

but you cant just skip a whole topic

it happened once

ouch, dont do that. Kind of illegal.

@desert briar I was 15.

Ah yeah well, childhood. lol

Still, be smart about what you do 😛

exactly xD

i remember once i was trying a mitm attack with port forwarding off

I'm white hat now

SMORT

@oblique marlin here's a fun hacking project:

IMAGINE BEING THIS SMORT

write a browser XSS payload, that attempts to login to a users' router with default password

and then overwrites DNS settings

port forwarding has nothing to do with man in the middle

lemme turn port forwarding ON first

it does

Well, you do you then, lol

Im all ears

@desert briar works in cybersecurity right? I think he knows what he's talking about

@oblique marlin most routers give away their name and model in the login screen.
So you can just have a list of passwords, to try and get in

Yeah 😄

Crystal, that wont work either

except mine

@desert briar how come

if you havent enabled port forwarding in your pc then the traffic wont pass through your PC @desert briar

You can try to log into the router, but usually changing settings is done via a POST request. You'd need to know the specific endpoint, specific parameters to send and hope the page doesnt have something like an anti-csrf token

btw i lied, i didnt paid for udemy course

😆

Its not called port forwarding though

@desert briar you think asus routers are protected against this?

i downloaded the whole courde from a website

i trust the UDEMY GUY

@desert briar I've demonstrated this before

which one is it, zaid sabih or heath adams (tcm) ?

which router is the best???

company

zaid

@oblique marlin depends

what do you need xD

depends

Yeah, that guy is an entrepreneur and a fraud, lol

what

his tutorials are good

He only tries to sell you more of his courses, his content is dated at this point.

but he replies when you need help

in 15 hrs as per udemy policy

i see no fraud

idk, I like hackthebox tbh. Not that hard so far, most boxes are free and their discord is full of help

of course so far I haven't done any real world scenarios

but they have some boxes that simulate that

no csrf tokens on my asus

@desert briar ❤️

Im just saying that he is more worried about selling you the product than helping you 😉

@desert briar so I was right?

they still havent fixed it lol, this was 3 years ago

Meh, I still dont think it would be achievable. Because you'd need a way to save a cookie in the users browser

@desert briar I know the browser somewhat limits this

and since ur just making an XHR request, theres no way for you to "receive" that cookie and send it in the next request where you change the DNS

but its not the first time that chrome anti XSS doesnt work

there are a lot of protections like this, lookup same origin policy. A bit offtopic, but applies nontheless

Sure

It dictates what can and cant access cookies

@desert briar but I still think there can be a generic suite that is built around this concept

there's lists and lists of default passwords

so you can just throw bait in the water

and see what sticks

HackTheBox is cool for learning. I have over 30 boxes on that platform, but you eventually hit a point where it stops being fun. It becomes very grindy, the boxes get repetetive

this is why I am so sketched out by advertising lol

because they are great driveby vectors

and you say the community is useful, Id say the contrary. Imo its very toxic

@desert briar everyone and their opinions

:3

https://xkcd.com/386/

ha!

anyways @oblique marlin , dont get hung up on concepts like man in the middle. You wont get to do that sort of a hacking for a long time anyways, focus on what matters. That being web applications mostly, unfortunately

https://xkcd.com/2414/

Learn about web vulnerabilities. SQL injections, cross site scripting, broken access controls, serialization issues, xml entities, list continues

Look at OWASP Top 10, and try to learn about those things 1 by 1

Injection is a general big topic

you can do a weeks worth of seminars

on just injection

I whole hearthedly (or whatever its spelled) recommend this book - https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470

user input -> system, you always have to be 100% what you are doing

which country are you guys from???

doing an SQL injection on customer's records be like

@desert briar this one company I worked for, had this batch processing system that would generate all kinds of document format in output, and one of the exploits I found

was that they allowed the user to supply a filename

which was not properly escaped to shell when written to disk

I write this kind of stuff completely different. I generate a random name for the file, and keep a metadata database

anyone indian???

Not me

and then just change the filename in the http header when the user goes to retrieve it

india has the worst net

brb 3 mins

i pay for 50 mbps

i get 25

or 20

are you on DSL?

idk about other countries

whats DSL

???

twisted pair, copper. old telephone wires used for broadband internet

4 wires

https://en.wikipedia.org/wiki/Digital_subscriber_line

@tame carbon what should i write in mapping name

?>???

@oblique marlin thats not part of the networking standard

so whatever

should i write my pc name???

if its 25565, I'd put 'minecraft' in there

its just a nickname

ohh

for you, the human

i wrote Old HP as mapping name then i got error(invalid mapping name)

@oblique marlin are you just forwarding for a webserver?

because then you don't need UDP

no

custom

That works. User input should always be treated like its evil

@desert briar I always use metadata

nowadays you dont get a lot of security aware programmers

Never pass user input to any software logic

and even if, even the best ones tend to slip

i wrote 0001 as mapping name

thats why its so important to pro-actively test

worked great

can i ask you guys something???

@desert briar I hacked my work's own kanban board (touchscreen tv) we use for standups, build status and PR's

shoot

@desert briar one of the co-workers wrote a little gitlab hook

but didnt escape the html, so I just put <script> into one of my commit messages

i have seen people tracking people on omegle, how tf is it possible. IP address just tell rough location

and made the background pink

?

Omegle is p2p

thats all they get, a rough location

Yeah

@desert briar this is plain injection, right?

but people on youtube tell the street name

more or less XSS at that point, an HTML injection

how is that possible

yeah well, youtube isnt always the source of accurate things

lol

@desert briar well, when I pushed the commit, the board updates, and sees that string as commit message

and doesnt escape it

runs it

no i am not saying that
i am saying that they get NEARLY exact address

practical joke

my coworkers didnt think it was funny

a lot of html tags can execute js, some even have dedicated attributes like onload= , thats why you need to be careful

I just emailed him a git oneliner that would rebase the repository to remove the commit xD

i tried tracking my own IP
all i got was my state name

i am sure they make the other guy click links

Omegle is p2p

huh???

expalin what p2p means, guy has no idea

Yeah true

Basically

im eating a fish, trying to not choke on bones

@desert briar framework I use to do web stuff with java, I wrote myself. The template engine is using handlebars, which automatically escapes everything

yes i am noob

@peak cloak explain please

@desert briar the actual implementation of such escaping, I rather leave to professionals

me = noobie

@oblique marlin does OSI say anything to you?

ik bout OSI

ok, phew.

A lot of languages have dedicated escape functions. In php you for example have htmlspecialchars() which will filter the "malicious" chars before outputting them

open system

not phew

ingterconnectiong

interconnection

ah

phew

@desert briar I expect anyone who does any sort of hacking, to know at least about OSI

the fundamental system we hack on

presentmonkey is bout to drop a big para

Instead of there being a central server for video and packets first going to the server then the next person, the packets go directly from one person to the other. The effect of this is much lower server costs but you can get the other ip through something like wireshark to capture and inspect the packet headers such as destination ip address

POSIX and OSI

are two most important things to really read up on, and understand

Its most common system interface you'll find on devices

there should be a cyber-security channel

@desert briar shh

#networking is the place where all software and networking experts end up

😄

this is the only place where windows is frowned on

bruhhh
i used wireshark to get source IP of the UDP packet coming
i am saying that how do they get EXACT ADDRESS EXACT EXACT FROM Ip address, its not possible

They don't

they do

You sure about that

@oblique marlin you know what you should look into? network taps

Agreed, windows networking SUCKS BUTT

you can put PC <--> Tap <--> Router

Plus residential IPS are dynamic

and then read all the traffic between those devices

but

really, understanding how ethernet networks operate

and what can be used ontop

idk, like, finding exploits is a bit like solving a puzzle

look at https://www.professormesser.com/network-plus/n10-007/n10-007-training-course/, worry about hacking later

@desert briar do you think learning basic programming is a must for any pentester?

like, I am a developer by education, but I picked up some of this stuff on the side

In all honesty, it kind of depends. Scripting is definitely an advantage. But you usually have people from many backgrounds, be it dev or networks. Devs usually lack on the networking side of things, network people lack in the programming side

I've dabbled with wpa2 cracking

using a GPRS connection

xD

tiny device

using a raspberry pi

all you need is money

like, 5 bucks

and you can crack any wpa2 network

You seem to pick up either as you go deeper into the field. In all honesty though, you cant avoid it. If you get deeper into "serious" penetration testing, aka red-teaming you will often have to write your own toolkits. Stagers, C2s, process injectors etc. etc. You kind of need to know how to code for that 😄

the script, would send a deauth, grab the handshake

and then connect to your aws account xD

spin up the biggest gpu instance you can, loading a prepared image, which basically has cudacat

and just bruteforces the password

~15 minutes

Cracking wifi is kind of impractical imo, at least they way they teach it nowadays. Nowadays most enterprises use stuff like radius, eap and what not. Standard procedures of "deauth->capture hash" dont work anymore

@desert briar I used this on my travels with a bike

before they removed roaming costs in EU

what you did has a term. Its called "wardriving"

oh, really?

xD

WEP was even easier

Yeah, but you used a bike instead of a car 😄

you could do that with a laptop

with WEP you dont even need AWS

and you'd be surprised how many people dont protect their wifi xD

Yeah well, again. Surprised or not, shouldnt be your concern 😛

@desert briar ofcourse, I used a VPN to dialout

not going to run my traffic through a honeypot by accident

you should have boundaries which you dont step over. Stay ethical and what not

not joking, just telling you to not be a d. Cant finish the word or id get my second warning

I spoof macs

neighbors

only reason I would really break into a network is for free internet access

@desert briar I've built these tools all on a pi before, during my youth

otherwise, i don't necessarily want other people's data

Ethics dont mean a thing to you guys, do they

lol, but you need realworld targets

thats where the fun lies

I'm not going to anything illegal on their network

just lifting off their bandwidth

thats where the jail lies too

lol prove it was me

exactly

better than paying for cellular lol

@static knoll broadband is flatrate

I paid like 1 euro/MB

Yeah well. It shouldnt be the "prove it" argument. It should simply be about ethics. You do not utilize your skills to cause harm

no, like i would rather mooch off of other people than pay for my own cellular data

@desert briar what harm has been done

Im pretty sure gaining access to networks without authorization is harmful, lol

How so

@desert briar you know what a greyhat is right?

If you're not accessing their data, surely using the internet access is alright?

If people run poor wireless security, I lift when I want.

Especially if it's locked behind a stupid rewards program or something

I don't create botnets or DDoS. that shit is disgusting

but I do small time hacking, as practical utility

like, my neighbors who play justin bieber in the garden at 2am

Router is l3 switch is l2

I got so fed up

I just set a deauth script running and went back to bed

Router does ips switch does mac's

no more docking station. xD

greyhat is still very much illegal, lol

I know

@desert briar but like I said, prove it was me.

whatever, im not here to correct ethics. Just dont do stupid stuff

and if you do

dont brag about it on the internet, is all

Yes, that is something I'd say is ethical

Considering that it's 2 am and you're trying to sleep

@desert briar found an open wifi network today, it was a chromecast

@static knoll the last time this happened, I went out at night with a bathrobe and a maglite

they were so drunk, that the dad and son started cussing me out

I think I know who it is, I should tell them

Lol

like monday morning 2am, fuck sake xD

Oh goodness

@static knoll I say: i Have to work in the morning

and the dad says: me too! so quit whining

🤷‍♂️ , you can bring it up in a conversation. Sure thing. Depends on the relationship you have with your neighbors

they put like 9 cameras all around their house

Good older neighbors

including our garden

Wow

Such an idiot

and flooring sportscars at like 3am in the morning lol

after they go home from the party

Even worse

Like, I don't mind a party

you can go late on saturday

but please, dont do this on sunday

We shoveled snow for them, his wife gave us a whole big crumb cake.

@static knoll lol, so they got word we are seriously pissed

they bring a cake

as a sorry statement

and then 2 weeks later

again

xD

yeah at that point I'd just shut off their internet and force them to call the ISP over and over again

@static knoll I just left a script running for like 1h

Calling your ISP and getting them on site is a pain in the butt

that would just boot devices off their wifi network

I mean, I'm thinking long term here lol

aircrack-ng is ❤️

https://www.aircrack-ng.org/

question, can you do that on android?

Yea

Ooh

I might do that for my school (if covid ever ends)

https://www.aircrack-ng.org/doku.php?id=cracking_wpa

there's a tutorial on wpa hacking

or rather

cracking

its not hacking.

Then sure, bring it up. Like hey guys, do you have a chromecast by any chance? I noticed it pop up on my phone, maybe you should ask ur son or whatevr to do something about it

But does that mean i can gain access to the network?

@static knoll not all phones can do this though

At this point I probably am going to load linux onto this thing

Android has outlived it's usefulness

@static knoll https://github.com/kriswebdev/android_aircrack/blob/master/README.md

@static knoll you can do this on a pi

as long as your wifi interface supports monitor mode

you do need a rooted phone

Don't have a pi rn, it's in the US

https://i.imgur.com/zI3kTwN.png

I did this on my old Nexus 5

I have a razer phone 2

My dad just got a new phone, he has used his s5 active for like 6 years

I'll try to root the s5

Dunno what chipset i have

Don't understand why people buy new phones every year

845 SoC

but a pi is far more versatile in this case

I don't have a pi rn so....

@peak cloak planned obsolescence

Yeah it sucks

because people need a new iphone every year says apple

My mom also got a new one, used the iphone 5, got the iphone se 2020 now

and smartphones also die

because its an object that is used

all the time

you have no idea how many people drop theirs in the toilet

when they sit and read the phone

it falls out

and splash

iPhone 4, Nexus 5, Nexus 5X, and just recently I switched to a Galaxy A50

A series isn't too bad

Ain't the fastest thing on the market tho

if I would buy a new phone rn

I'd buy the pixel 4a

My old j3 died suddenly once. Screen just stopped working. Checked the connections, but nothing. Already replaced the screen once, and decided it just wasnt worth it to buy a new screen. Now I got the a10e

My parents are anti google, don't want a Google phone

But android is basically google

You can just flash LineageOS on it

People in my country are trying to use J2 Primes to play Genshin Impact

Their phones are blowing up and it's hilarious

hello everyone, i own a DELL PowerEdge T110 II with an iDRAC, he's connected to my network with ip 192.168.1.33 but when I try to access to the interface with my web browser
It gives : 192.168.1.33 refused connection

can you ping that IP ?

yes

try https?

not working

http?

not working

🤔

don't you need a client for this?