Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Search - "penetration testing"
-
My girlfriend doesn't talk to me anymore after I said I helped the new girl to do some penetration testing.27
-
Bruteforce IRL
So I recently bought my first house (yay!).
Whilst doing the initial viewings I saw the below on the backyard and thought "hey that's neat, I can leave a key in there for when I come in late and my fiancée is asleep.
Fast forward to moving in day and the previous owners hand me the keys so I ask "oh yeah, what's the code for the keysafe" and he just looks at me completely blank, so I'm just like "the box on the wall out back" and he's just like "oh! So that's what that is. No we've never had the code for that, bye."
Being a pen tester I'm just stood there dumbfounded thinking "How the hell can you have a locked box attached to your house and not want to know what is inside!"
Anyway, that brings us to now where I'm stood outside in December on a Sunday morning brute forcing my way into my own keysafe.
I wish this didn't run so many parallels with my work life 😂51 -
So back story... I opened up my own company a while back. I provide not only general IT and phone repair etc but I also do ethical penetration testing and patch the holes.
Before opening my own business me and some buddy's went out to a bowling ally and bar to have a few drinks. I wanted to see what their network was like... I hacked into their entire network in less than two minutes. From my iPhone. I was in their switches, I was configuring their printers and fax machines. Lord knows what I could have done if I had my laptop.
Anyways, back to the rant... I got this text today. 😂😩🔫18 -
!Story
The day I became the 400 pound Chinese hacker 4chan.
I built this front-end solution for a client (but behind a back end login), and we get on the line with some fancy European team who will handle penetration testing for the client as we are nearing dev completion.
They seem... pretty confident in themselves, and pretty disrespectful to the LAMP environment, and make the client worry even though it's behind a login the project is still vulnerable. No idea why the client hired an uppity .NET house to test a LAMP app. I don't even bother asking these questions anymore...
And worse, they insist we allow them to scrape for vulnerabilities BEHIND the server side login. As though a user was already compromised.
So, I know I want to fuck with them. and I sit around and smoke some weed and just let this issue marinate around in my crazy ass brain for a bit. Trying to think of a way I can obfuscate all this localStorage and what it's doing... And then, inspiration strikes.
I know this library for compressing JSON. I only use it when localStorage space gets tight, and this project was only storing a few k to localStorage... so compression was unnecessary, but what the hell. Problem: it would be obvious from exposed source that it was being called.
After a little more thought, I decide to override the addslashes and stripslashes functions and to do the compression/decompression from within those overrides.
I then minify the whole thing and stash it in the minified jquery file.
So, what LOOKS from exposed client side code to be a simple addslashes ends up compressing the JSON before putting it in localStorage. And what LOOKS like a stripslashes decompresses.
Now, the compression does some bit math that frankly is over my head, but the practical result is if you output the data compressed, it looks like mandarin and random characters. As a result, everything that can be seen in dev tools looks like the image.
So we GIVE the penetration team login credentials... they log in and start trying to crack it.
I sit and wait. Grinning as fuck.
Not even an hour goes by and they call an emergency meeting. I can barely contain laughter.
We get my PM and me and then several guys from their team on the line. They share screen and show the dev tools.
"We think you may have been compromised by a Chinese hacker!"
I mute and then die my ass off. Holy shit this is maybe the best thing I've ever done.
My PM, who has seen me use the JSON compression technique before and knows exactly whats up starts telling them about it so they don't freak out. And finally I unmute and manage a, "Guys... I'm standing right here." between gasped laughter.
If only it was more common to use video in these calls because I WISH I could have seen their faces.
Anyway, they calmed their attitude down, we told them how to decompress the localStorage, and then they still didn't find jack shit because i'm a fucking badass and even after we gave them keys to the login and gave them keys to my secret localStorage it only led to AWS Cognito protected async calls.
Anyway, that's the story of how I became a "Chinese hacker" and made a room full of penetration testers look like morons with a (reasonably) simple JS trick.9 -
Everytime I tell someone I write scripts and test security of new hardware/software, I get
"oh that's so cool, what's that called?"
"penetration testing"
*Room goes silent and wide-eyed*2 -
Vulnerability scanning is not penetration testing.
Vulnerability scanning is not penetration testing.
Vulnerability scanning is not penetration testing.
Vulnerability scanning is not penetration testing.
Vulnerability scanning is not penetration testing.
Vulnerability scanning is not penetration testing.
Vulnerability scanning is not penetration testing.
Vulnerability scanning is not penetration testing.
Vulnerability scanning is not penetration testing.
Vulnerability scanning is not penetration testing.
Vulnerability scanning is not penetration testing.
Vulnerability scanning is not penetration testing.
Vulnerability scanning is not penetration testing.
Vulnerability scanning is not penetration testing.
Vulnerability scanning is not penetration testing.9 -
Watch out for these fucking bug bounty idiots.
Some time back I got an email from one shortly after making a website live. Didn't find anything major and just ran a simple tool that can suggest security improvements simply loading the landing page for the site.
Might be useful for some people but not so much for me.
It's the same kind of security tool you can search for, run it and it mostly just checks things like HTTP headers. A harmless surface test. Was nice, polite and didn't demand anything but linked to their profile where you can give them some rep on a system that gamifies security bug hunting.
It's rendering services without being asked like when someone washes your windscreen while stopped at traffic but no demands and no real harm done. Spammed.
I had another one recently though that was a total disgrace.
"I'm a web security Analyst. My Job is to do penetration testing in websites to make them secure."
"While testing your site I found some critical vulnerabilities (bugs) in your site which need to be mitigated."
"If you have a bug bounty program, kindly let me know where I should report those issues."
"Waiting for response."
It immediately stands out that this person is asking for pay before disclosing vulnerabilities but this ends up being stupid on so many other levels.
The second thing that stands out is that he says he's doing a penetration test. This is illegal in most major countries. Even attempting to penetrate a system without consent is illegal.
In many cases if it's trivial or safe no harm no foul but in this case I take a look at what he's sending and he's really trying to hack the site. Sending all kinds of junk data and sending things to try to inject that if they did get through could cause damage or provide sensitive data such as trying SQL injects to get user data.
It doesn't matter the intent it's breaking criminal law and when there's the potential for damages that's serious.
It cannot be understated how unprofessional this is. Irrespective of intent, being a self proclaimed "whitehat" or "ethical hacker" if they test this on a site and some of the commands they sent my way had worked then that would have been a data breach.
These weren't commands to see if something was possible, they were commands to extract data. If some random person from Pakistan extracts sensitive data then that's a breach that has to be reported and disclosed to users with the potential for fines and other consequences.
The sad thing is looking at the logs he's doing it all manually. Copying and pasting extremely specific snippets into all the input boxes of hacked with nothing to do with the stack in use. He can't get that many hits that way.4 -
Me: I'm a computer major along with an added specialisation in Information Security. So besides learning code and software development, we also do a variety of security related stuff like penetration testing and so on.
Others: Oh great that means you must know how to hack Facebook.
*makes me flip every time*6 -
So one of the apps I develop and maintain is going to get penetration tested.
I recieved an email if I could whitelist all their ips so they could get acces to the system. Without any further details.
Like wtf? Arent you supposed to be testing if you can get acces xD
Next thing they will be asking passwords and keys xD and if I could build in a backdoor.3 -
We had 1 Android app to be developed for charity org for data collection for ground water level increase competition among villages.
Initial scope was very small & feasible. Around 10 forms with 3-4 fields in each to be developed in 2 months (1 for dev, 1 for testing). There was a prod version which had similar forms with no validations etc.
We had received prod source, which was total junk. No KT was given.
In existing source, spelling mistakes were there in the era of spell/grammar checking tools.
There were rural names of classes, variables in regional language in English letters & that regional language is somewhat known to some developers but even they don't know those rural names' meanings. This costed us at great length in visualizing data flow between entities. Even Google translate wasn't reliable for this language due to low Internet penetration in that language region.
OOP wasn't followed, so at 10 places exact same code exists. If error or bug needed to be fixed it had to be fixed at all those 10 places.
No foreign key relationships was there in database while actually there were logical relations among different entites.
No created, updated timestamps in records at app side to have audit trail.
Small part of that existing source was quite good with Fragments, MVP etc. while other part was ancient Activities with business logic.
We have to support Android 4.0 to 9.0 of many screen sizes & resolutions without any target devices issued to us by the client.
Then Corona lockdown happened & during that suddenly client side professionals became over efficient.
Client started adding requirements like very complex validation which has inter-entity dependencies. Then they started filing bugs from prod version on us.
Let's come to the developers' expertise,
2 developers with 8+ years of experience & they're not knowing how to resolve conflicts in git merge which were created by them only due to not following git best practice for coding like only appending new implementation in existing classes for easy auto merge etc.
They are thinking like handling click events is called development.
They don't want to think about OOP, well structured code. They don't want to re-use code mostly & when they copy paste, they think it's called re-use.
They wanted to follow old school Java development in memory scarce Android app life cycle in end user phone. They don't understand memory leaks, even though it's pin pointed by memory leak detection tools (Leak canary etc.).
Now 3.5 months are over, that competition was called off for this year due to Corona & development is still ongoing.
We are nowhere close to completion even for initial internal QA round.
On top of this, nothing is billable so it's like financial suicide.
Remember whatever said here is only 10% of what is faced.
- An Engineering lead in a half billion dollar company.4 -
Tonight was the regionals of CPTC, a relatively new competition about penetration testing. Here's our master plan, dont tell anyone ;)5
-
!rant but seeking für help
Hi!
So my boss came to me yesterday and asked me if I could do some penetration / security testing for a web application our company made.
Interested in learning it and being familiar with HTML, PHP, JavaScript and MySQL I said yes.
Though I have some really basic knock edge of the subject (E.g SQLInjection) I was wondering if you know any good website / udemy course or whatever that can get me started.
I don't mind if there will be a certificate at the end but it is not necessary.
Thank!8 -
Do you think a dual core laptop with 2gb RAM on it can run Ubuntu and Kali Linux? The solely purpose is for programming (ubuntu) and ethical hacking / penetration testing (linux) ?
tbh, I’m learning linux because I want to try a new OS. Any tips so that I can easily adapt to this OS?
PS. I know this is a googleable question but I just want a perspective from this community.10 -
Has hacking become a hobby for script-kiddies?
I have been thinking about this for a while know, I went to a class at Stanford last summer to learn penetration-testing. Keep in mind that the class was supposed to be advanced as we all knew the basics already. When I got there I was aggravated by the course as the whole course was using kali linux and the applications that come with it.
After the course was done and I washed off the gross feeling of using other peoples tools, I went online to try to learn some tricks about pen-testing outside of kali-linux tools. To my chagrin, I found that almost 90% of documentation from senior pen-testers were discussing tools like "aircrack-ng" or "burp-suite".
Now I know that the really good pen-testers use their own code and tools but my question is has hacking become a script kiddie hobby or am I thinking about the tools the wrong way?
It sounds very interesting to learn https and network exploits but it takes the fun out of it if the only documentation tells me to use tools.3 -
I've deployed an instance of OWASP Juice Shop on Heroku, if anyone wants to practice and/or learn pen testing or just web based vulnerabilities in general it's an amazing application to learn from and practice on.
Your progress is dependant on the cookie, so it won't affect one another.
owaspshop.herokuapp.com
It's free, so if you want to deploy your own instance you can.7 -
Anyone have much success with Kali/WiFi penetration testing?
I've been tasked with trying to break WPA security within a couple of hours without a dictionary attack - is that even possible?
I have an Alfa AWUS036NHA capable of monitoring mode if that makes any difference. It's my first time trying anything like this.10 -
A long way to go from Windows to Linux...
from GUI to CLI
from Wifi to WifiCracking
from Website to WebPenetration
from Windows file system to Penetration testing
from Windows to Gnome
from dir to ls
from ipconig to ifconfig
from google to information gathering2 -
Hey guys, I'll be starting my oscp/pwk course soon, any suggestions as to what should I study beforehand or types of attacks I should practice?
Thanks2 -
When your job description says you are a mobile developer, but when you started working, you have started handling teams and doing web penetration testing. Then after 2 yrs of that still no salary raise. =.=3
-
!rant
Coworker: *Watching a DefCon talk*
Me: *walks over and notices an image on the slide of a woman sticking a cotton swab in her mouth with text saying "get paternity testing"*
Me: Paternity testing? But that's a woman!
Coworker: *silent for a second* What? Oh! *gets closer to screen, chuckles*
Coworker: It actually took me a second to catch that because I wasn't looking at the video, I was looking at the side "related videos" or the ad and I was like "no... did you mean Penetration Testing?" But even then, this is DefCon, so there aren't any women--or at least less than 3. And then I saw it in the corner and was like "Oh, I see it. But yeah, Paternity.... Oh wait..."
Me: Jeez, it really did take you a while...
Coworker: Yeah. All the while I was thinking "What the heck are you on," and then there was the "Oh, I get it" moment
Me: At least you got there -
Made a new friend with my lame social skills lmao. So I was walking around in Uni Library, looking for prescribed books for my courses, ran into some senior looking for some Penetration testing guide, since there weren't any so I just passed him some of the stuff I always carry with me, DRM-free content and all lmao.1
-
!rant
Cheap laptops for running Kali/Arch? Will be used for learning penetration testing.
Was thinking an older Lenovo Thinkpad or something like that?1 -
In Website Penetration Testing , It's actually a war between Who knows best about the services and practices the other person has implemented.