Based loosely on the popular "git" command, I am happy to announce my new product, "hit"!

Essentially, hit hooks into "git blame" and automatically slaps the shit out of whoever wrote this garbage.

It uses SOHTTP (Slap Over HTTP) to deliver a nice firm wallop to any subpar script kiddie that had the audacity to come up with this bullshit.

Careful, the user is not immune to the effects

I reversed engineered the network protocol for a game.
I uploaded the source code to GitHub and made a post on UC Forums.

I kept getting bombarded with messages from the same person, it went something like this:

Him: "I can't get this hack to work, pls send finish hack, thanks"
Me: "First of all this is not a complete hack. You actually need to know how to code to use this library."
Guy: "Ok, can u help me make hack for game?"
To keep this short, I basically told him:
"No. Look through the code, learn it, use what you learned."

Couple of hours later he replied:
"Ok. I look through code but don't know how work. Send me code pls."
From the kindness of my heart I made a extremely simplified wrapper for the already simple code and sent him the project files.

He replies with: "Thank for hack, I not able make it work. I build I try inject game but no work. How to run dll file."

At that point I gave up...

If I have a bug in my Java program, please don't tell me "Use Python. It has a library for that, you can do it in 2 lines".

Motherfucker, I'm not asking for a solution in Python, nor am I asking you to pick my language for me. The rest of the project is in JVM languages, and I'm not gonna rewrite the whole damn thing so i can use your precious little script-kiddie language

If I show you Java code, I don't want Python. I never want Python. FOR THE LOVE OF ALL THAT IS FLUFFY, STOP TRYING TO FORCE-FEED ME PYTHON

I just had my worst hackathon so far and need to puke my whole toxic hatred, the rant will be full of hate so be warned. (I just don't want to let it go on my girlfriend, but I need to shout it out loud somewhere)

First of all, it is alright to be a beginner at a hackathon. It is also alright to not know that much about coding and want to learn. But it is not alright to lie about your skill, pretend to be a senior programmer and waste my fucking time.

Don't even fucking dare to say your are "fit" in Android development if you just have done some foobar tutorial on YouTube, don't even bother to read the document and have literally non existent knowledge about computer science.

Why the fucking hell do you need to pretend to be a seasoned programmer if you are just a bloody beginner? I mean you are in a hackathon full of computer nerds so soon or later your impostor ass will be debunked so what is the point?

And the other guy. Why the fucking hell did.'t you say that you just begin Python for 3 months? You are not a fucking developer if you just started coding for 3 fucking months. Learn some fucking coding before starting with machine learning you fucking punk ass bitch script kiddie.

Alright, maybe I was too naive to not check my teammates' background before make a team with them. Fuck me and my fucking stupid ass. My dumb ass monkey brain fell for big mouths, I deserved the headache right now and none less.

Lesson learned!

So my previous alma mater's IT servers are really hacked easily. They run mostly in Microsoft Windows Server and Active Directory and only the gateway runs in Linux. When I checked the stationed IT's computer he was having problems which I think was another intrusion.

I asked the guy if I can get root access on the Gateway server. He was hesitant at first but I told him I worked with a local Linux server before. He jested, sent me to the server room with his supervision. He gave me the credentials and told me "10 minutes".

What I did?

I just installed fail2ban, iptables, and basically blocked those IP ranges used by the attacker. The attack quickly subsided.

Later we found out it was a local attack and the attacker was brute forcing the SSH port. We triaged it to one kid in the lobby who was doing the brute forcing connected in the lobby WiFi. Turns out he was a script kiddie and has no knowledge I was tracking his attacks via fail2ban logs.

Moral of lesson: make sure your IT secures everything in place.

Some of the penguin's finest insults (Some are by me, some are by others):

Disclaimer: We all make mistakes and I typically don't give people that kind of treatment, but sometimes, when someone is really thick, arrogant or just plain stupid, the aid of the verbal sledgehammer is neccessary.

"Yeah, you do that. And once you fucked it up, you'll go get me a coffee while I fix your shit again."

"Don't add me on Facebook or anything... Because if any of your shitty code is leaked, ever, I want to be able to plausibly deny knowing you instead of doing Seppuku."

"Yep, and that's the point where some dumbass script kiddie will come, see your fuckup and turn your nice little shop into a less nice but probably rather popular porn/phishing/malware source. I'll keep some of it for you if it's good."

"I really love working with professionals. But what the fuck are YOU doing here?"

"I have NO idea what your code intended to do - but that's the first time I saw RCE and SQLi in the same piece of SHIT! Thanks for saving me the hassle."

"If you think XSS is a feature, maybe you should be cleaning our shitter instead of writing our code?"

"Dude, do I look like I have blue hair, overweight and a tumblr account? If you want someone who'd rather lie to your face than insult you, go see HR or the catholics or something."

"The only reason for me NOT to support you getting fired would be if I was getting paid per bug found!"

"Go fdisk yourself!"

"You know, I doubt the one braincell you have can ping localhost and get a response." (That one's inspired by the BOFH).

"I say we move you to the blockchain. I'd volunteer to do the cutting." (A marketing dweeb suggested to move all our (confidential) customer data to the "blockchain").

"Look, I don't say you suck as a developer, but if you were this competent as a gardener, I'd be the first one to give you a hedgetrimmer and some space and just let evolution do its thing."

"Yeah, go fetch me a unicorn while you're chasing pink elephants."

"Can you please get as high as you were when this time estimate come up? I'd love to see you overdose."

"Fuck you all, I'm a creationist from now on. This guy's so dumb, there's literally no explanation how he could evolve. Sorry Darwin."

"You know, just ignore the bloodstain that I'll put on the wall by banging my head against it once you're gone."

Most kids just want to code. So they see "Computer Science" and think "How to be a hacker in 6 weeks". Then they face some super simple algebra and freak out, eventually flunking out with the excuse that "uni only presents overtly theoretical shit nobody ever uses in real life".

They could hardly be more wrong, of course. Ignore calculus and complexity theory and you will max out on efficiency soon enough. Skip operating systems, compilers and language theory and you can only ever aspire to be a script kiddie.
You can't become a "data scientist" without statistics. And you can never grow to be even a mediocre one without solid basic research and physics training.

Hack, I've optimized literal millions of dollars out of cloud expenses by choosing the best processors for my stack, and weeks later got myself schooled (on devRant, of all places!) over my ignorance of their inner workings. And I have a MSc degree. Learning never stops.

So, to improve CS experience in uni? Tear down students expectations, and boil out the "I just wanna code!" kiddies to boot camps. Some of them will be back to learn the science. The rest will peak at age 33.

Hey hackers! It's me again 😀

If I wanna be an awesome pentester / bug hunter , what should be my main focus?
Network?
Data sciense?
Algorythm?
Low level programming?

I've already passed network + and basics of ccna and I already know pentesting using kali and I know c and python as well.
Just not sure where to go next and keep using kali packages makes me feel like a script kiddie (which is aweful 😬)

Dreaming to be able to write my own exploits and have my own 0day bugs👑

Thanks for any recommandation you would

devRant already replace SoundCloud as my orange app in the main screen...

To be fair, SoundCloud was just there to complete the rainbow.

Rant: this app told me that my rant would be safe if I closed the Post Rant window (since I can't post more than one rant per hour or something) but it didn't save my awesome tags! I feel betrayed.

Master Foo and the Script Kiddie
(from the Rootless Root Unix Koans of Master Foo)

A stranger from the land of Woot came to Master Foo as he was eating the morning meal with his students.

“I hear y00 are very l33t,” he said. “Pl33z teach m3 all y00 know.”

Master Foo's students looked at each other, confused by the stranger's barbarous language. Master Foo just smiled and replied: “You wish to learn the Way of Unix?”

“I want to b3 a wizard hax0r,” the stranger replied, “and 0wn ever3one's b0xen.”

“I do not teach that Way,” replied Master Foo.

The stranger grew agitated. “D00d, y00 r nothing but a p0ser,” he said. “If y00 n00 anything, y00 wud t33ch m3.”

“There is a path,” said Master Foo, “that might bring you to wisdom.” The master scribbled an IP address on a piece of paper. “Cracking this box should pose you little difficulty, as its guardians are incompetent. Return and tell me what you find.”

The stranger bowed and left. Master Foo finished his meal.

Days passed, then months. The stranger was forgotten.

Years later, the stranger from the land of Woot returned.

“Damn you!” he said, “I cracked that box, and it was easy like you said. But I got busted by the FBI and thrown in jail.”

“Good,” said Master Foo. “You are ready for the next lesson.” He scribbled an IP address on another piece of paper and handed it to the stranger.

“Are you crazy?” the stranger yelled. “After what I've been through, I'm never going to break into a computer again!”

Master Foo smiled. “Here,” he said, “is the beginning of wisdom.”

On hearing this, the stranger was enlightened.

Following on from my school having terrible passwords. Turns out they stored all our passwords in plain text somewhere - so some script kiddie (Do you even need to be a script kiddie to find this - probably not, but the guy who did this was a script kiddie) could just remote log me out twice, log in as me, be a twat, and have a conversation in Notepad.

I get an email about an hour before I get into work: Our website is 502'ing and our company email addresses are all spammed! I login to the server, test if static files (served separately from site) works (they do). This means that my upstream proxy'd PHP-FPM process was fucked. I killed the daemon, checked the web root for sanity, and ran it again. Then, I set up rate limiting. Who knew such a site would get hit?

Some fucking script kiddie set up a proxy, ran Scrapy behind it, and crawled our site for DDoS-able URLs - even out of forms. I say script kiddie because no real hacker would hit this site (it's minor tourism in New Jersey), and the crawler was too advanced for joe shmoe to write. You're no match for well-tuned rate-limiting, asshole!

I don’t just want to learn how to scrap together applications.

I want to become an engineer; one that can wear that badge properly.

I spent a day or two reading my peers code base in .NET Core to start learning its wizarding ways. I found myself emulating some of the patterns.

Then I found a tutorial series on putting together a correctly decoupled RESTful API...the same chap wrote an SDK for Azure CosmoDB.

THIS is what I am talking about.

I can’t believe these guys at work have twenty years C# experience between them and they are churning out this shit for more than 1.5x my salary.

I want to become this but I swear half the coding world does NOT care.

The moment when you find your old school books (1998), the orgasmic feeling doing 1st time in programming while doing some script-kiddie Fun with your schoolmate ✌️.

Um just an script kiddie, any body doing Cyber Security?

If you're a "software engineer" with 10+ years of experience, but you've never written a unit test.... you're just a script kiddie with no right to call yourself a "software engineer".

At what point can I claim to not be a script kiddie anymore?

Like, I've built compilers, and interpreters for an excel-like syntax, I refactored a pdf-parsing library from the ground up. I managed databases and wrote protocols for communicating with hardware.

But most of my experience is with python / nodejs / golang. It is only recently that I started playing with C and rust for actual efficient system code.

When I was 6yo I was playing next to my dad with his old PC on a good old CRT a game called “Sperms” where you catch sperm with condoms and every time you do it made a really loud “YIPPIE” sound. I was playing this game for 4 years.

Somewhere around when I was 10 my dad told me we should build a PC and I was asking “Why does everyone has to make their own PC?”, I didn’t yet know what an cheap ass my dad is, so we did. Had a lot of fun and was very scared of the PSU, like really scared.

It blew up a few months later because I switched the toggle on the back from 220v to 110v, and got even more scared of PSU’s until I started an electricians apprentice.

Anyways, one day my dad and I where at a friends place and I played Tux Racer on his super loud Maschine that would crash if you kept the side door of the table closed, it ran some kind of Linux and I was fascinated how “simple and clean” it looks. I got a mini-cd to install it at home and immediately was hooked because the windows installation was such a pain in the arse those years. I did that all by myself just because I also wanted to play Tux Racer at home.

Anyways, somewhere right before GTA IV came out I started with VB.Net and ever since I was totally hooked and spend more time doing that than actually going to school.

My dad didn’t care and just let me do this, my mum just made sure I would have been up at least after the first lession, I don’t miss the bus and that I went to bed in a timely manner, which never happened because the PC was in my room and my mum slept downstairs and couldn’t notice that I was doing script kiddie things after an hour or so of “sleeping”.

So yeah, they didn’t care and were happy I didn’t annoy them.

Actually I didn’t wanted to become a developer because I always wanted to have it be a hobby or something and I liked woodwork more, but then people more qualified than me were more stupid than this script kiddie that still just wanted to play Tux Racer. That’s it.

So I started working at a large, multi billion dollar healthcare company here in the US, time for round 2,(previously I wasn't a dev or in IT at all). We have the shittiest codebase I have ever laid eyes on, and its all recent! It's like all these contractors only know the basics of programming(i'm talking intro to programming college level). You would think that they would start using test driven development by now, since every deployment they fix 1 thing and break 30 more. Then we have to wait 3 months for a new fix, and repeat the cycle, when the code is being used to process and pay healthcare claims.

Then some of my coworkers seem to have decided to treat me like I'm stupid, just because I can't understand a single fucking word what they're saying. I have hearing loss, and your mumbling and quiet tone on top of your think accent while you stop annunciated your words is quite fucking hard to understand. Now I know english isn't your first language and its difficult, I know, mine is Spanish. But for the love of god learn to speak the fuck up, and also learn to write actual SQL scripts and not be a fucking script kiddie you fucking amateur. The business is telling you your data is wrong because you're trying to find data that exists is complex and your simple select * from table where you='amateur with "10years" experience in SQL' ain't going to fucking cut it. Learn to solve problems and think analytically instead of copy fucking pasta.

RIP Atleast he doesnt get called a "Script Kiddie"
😂😂😂😂😂

Has hacking become a hobby for script-kiddies?

I have been thinking about this for a while know, I went to a class at Stanford last summer to learn penetration-testing. Keep in mind that the class was supposed to be advanced as we all knew the basics already. When I got there I was aggravated by the course as the whole course was using kali linux and the applications that come with it.

After the course was done and I washed off the gross feeling of using other peoples tools, I went online to try to learn some tricks about pen-testing outside of kali-linux tools. To my chagrin, I found that almost 90% of documentation from senior pen-testers were discussing tools like "aircrack-ng" or "burp-suite".

Now I know that the really good pen-testers use their own code and tools but my question is has hacking become a script kiddie hobby or am I thinking about the tools the wrong way?

It sounds very interesting to learn https and network exploits but it takes the fun out of it if the only documentation tells me to use tools.

Exploit development is a really great topic.
The best decision I have made so far.
I tried to do that sort of thing 8-10 years ago, but that was the script kiddie me... To that comes that that my attention span was very low. That is showing the state of my low will power.

You really got to hang in there to go further.
Without extreme will power, you simply won't make it. You will become very frustrated. That's normal. Just never give up on it. Keep retrying. In the end it pays out.
It has a steep learning curve, but in the end you learn so many fricking things.

Since I started my routine of checking bug logs every morning, I've had 2 instances where a website vulnerability scanner was run against a production website and generated over 2,000 Coldfusion errors.

At the time, I was super nervous about the apparent hack attempt, and hyped that the attackers never actually got in. It's nice to know that despite the various errors indicating vulnerable / breakable code, they were ultimately unsuccessful. I know now that a determined attacker could probably have wrecked our production websites. Since then I've made a ton of security-related updates and I'm actually thankful for the script kiddie getting my attention with that scan.

PS. We're now building a website for a local security company who is going to work with us to pen test the site when it's finished! Gulp.

Does anyone here know how to make a rubber ducky? i dont have money buy it on Hak5

Nextjs is for script kiddies. This is such a fucking CHILDISH framework. The way you write queries is such fuzzy wuzzy BULLSHIT that u cant even write raw sql. Coming from hardcore java spring boot backend of 5 soon 6 years of experience i cannot believe how bullshit it is. Ill stick with java. I need to be oldschool. Im sick of this shit with constsnt new bullshit popping up sugar coated kiddie shit

When a script kiddie doesn't know how to run a python script and calls himself a hacker ( hax0r to be precise ) * inserts a jesus facepalm pic *

Probably !dev

How should I inform a government website that one of their user password combinations is in a short metasploit password list. The list name is tomcat_mgr_default_userpass

The top exploit db vulnerabilities for tomcat verison did not work so kudos to them on that. I am just a script kiddie

Edit :- Forgot to mention I am an Indian citiizen