ae3erdion

I'm looking for a mentor. Somebody that can guided me

Thank you

I seen it and used it in the past. I'm more of the active learner, and I like to learn by doing or watching somebody else do it. That is why I would prefer a person that can guide me.

This might be the wrong place to ask. I'm looking for somebody in MS or online willing to assist a noob in becoming a better hacker. I would like to meet somebody that can become an guide on my development as hacker.

I dont use Webmin.

this is my virtual host config VirtualHost *:80> ServerAdmin webmaster@localhost ServerName aftercoffeedesigns.com ServerAlias www.aftercoffeedesigns.com DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost> <VirtualHost *:80> ServerAdmin webmaster@localhost ServerName beginnings.rocks ServerAlias www.beginnings.rocks DocumentRoot /var/www/html/beginnings </VirtualHost> # vim: syntax=apache ts=4 sw=4 sts=4 sr noet

I have port 80 and port 443 open in the firewall. And also have .well-known in the root of my http Im using apache and I had it redirecting all web traffic to port 443. I try to stop the redirect and renew, but it didnt work

this is the error when I try to renew. I try installing it again and create a new cert, but I still getting the same error Performing the following challenges: http-01 challenge for aftercoffeedesigns.com http-01 challenge for www.aftercoffeedesigns.com Waiting for verification... Cleaning up challenges Failed authorization procedure. aftercoffeedesigns.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching https://aftercoffeedesigns.com/.well-known/acme-challenge/CXyPhPWzamPS3GEv3tdYYKiSgiruAY9zLu6IPp7eeec: Error getting validation data IMPORTANT NOTES: - The following errors were reported by the server: Domain: aftercoffeedesigns.com Type: connection Detail: Fetching https://aftercoffeedesigns.com/.well-known/acme-challenge/CXyPhPWzamPS3GEv3tdYYKiSgiruAY9zLu6IPp7eeec: Error getting validation data To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided.

Im having some errors trying to renew the ssl cert. any expert that can help me

google it

I played with it for a while

Thanks guys. What I did what to setup a man in the middle attack to listen to the traffic and study it

Guys Im trying to learn as much as I can. I would like to know if any of you are located or know people in MS willing to meet and share their knowledge and hack together

I would like to know your ideas on what to do to a router to gain access and persistence on the network even when you leave the network. I was thinking in redirect the access of one site to a fake site that I control to infect every machine that connect to that network.

there is multiples talk at defcon where they explain ways on how to do it. this is the one I was able to find https://www.youtube.com/watch?v=oHf1vD5_b5I

Could you point me to some trusted resources where I can learn more about it?

the problem that I have encounter is that when I execute an exploit with metasploit is that when i exploit the target that I know is vulnerable to my exploit and it works on my local network (my machine and target machine share ips in the network) outside the network i cant get metasploit to connect back and open a session

Ok, so you are suggesting to create a virtual network outside my network? that will be easy to do. I think I was overthinking it. What I'm trying to accomplish is to learn how I can exploit a network or machine from outside the network.

I get that part. Let me be more clear on my setup so you can get a better idea of what I'm trying to do. 1. I have a couple virtual machines in digital ocean connected to a vpn at home with other virtual machines. 1.1 digital ocean machines are a web server and an ftp server facing the internet 1.2 machines at home are metasploitable, domain controler, and a few more vulnerable systems to practice 2. my goal is to be able to "compromise" my servers facing the internet and gain access to the VPN by lateral movement and eventually gain control of the system 3. as i learn I want to improve my security and make it more challenging every time Hope is more clear now

Im create this lab where one of the machines is facing the internet. My goal is to be able to exploit it from outside the network, like public internet access, and in the future do some lateral movement in the internal network of the lab. Where I can look for information on how to do that?

I was scanning and found a Chinise ISP with a vulnerability that will give me access to their server. Should I try to exploit it and reported, or reported without knowing if it can be exploit?

Im doing this CTF and I found this file. the tip says that has been encrypted 13 times Vm0wd2QyUXlVWGxWV0d4WFlURndVRlpzWkZOalJsWjBUVlpPV0ZKc2JETlhhMk0xVmpKS1IySkVU bGhoTVVwVVZtcEdZV015U2tWVQpiR2hvVFZWd1ZWWnRjRWRUTWxKSVZtdGtXQXBpUm5CUFdWZDBS bVZHV25SalJYUlVUVlUxU1ZadGRGZFZaM0JwVmxad1dWWnRNVFJqCk1EQjRXa1prWVZKR1NsVlVW M040VGtaa2NtRkdaR2hWV0VKVVdXeGFTMVZHWkZoTlZGSlRDazFFUWpSV01qVlRZVEZLYzJOSVRs WmkKV0doNlZHeGFZVk5IVWtsVWJXaFdWMFZLVlZkWGVHRlRNbEY0VjI1U2ExSXdXbUZEYkZwelYy eG9XR0V4Y0hKWFZscExVakZPZEZKcwpaR2dLWVRCWk1GWkhkR0ZaVms1R1RsWmtZVkl5YUZkV01G WkxWbFprV0dWSFJsUk5WbkJZVmpKMGExWnRSWHBWYmtKRVlYcEdlVmxyClVsTldNREZ4Vm10NFYw MXVUak5hVm1SSFVqRldjd3BqUjJ0TFZXMDFRMkl4WkhOYVJGSlhUV3hLUjFSc1dtdFpWa2w1WVVa T1YwMUcKV2t4V2JGcHJWMGRXU0dSSGJFNWlSWEEyVmpKMFlXRXhXblJTV0hCV1ltczFSVmxzVm5k WFJsbDVDbVJIT1ZkTlJFWjRWbTEwTkZkRwpXbk5qUlhoV1lXdGFVRmw2UmxkamQzQlhZa2RPVEZk WGRHOVJiVlp6VjI1U2FsSlhVbGRVVmxwelRrWlplVTVWT1ZwV2EydzFXVlZhCmExWXdNVWNLVjJ0 NFYySkdjR2hhUlZWNFZsWkdkR1JGTldoTmJtTjNWbXBLTUdJeFVYaGlSbVJWWVRKb1YxbHJWVEZT Vm14elZteHcKVG1KR2NEQkRiVlpJVDFaa2FWWllRa3BYVmxadlpERlpkd3BOV0VaVFlrZG9hRlZz WkZOWFJsWnhVbXM1YW1RelFtaFZiVEZQVkVaawpXR1ZHV210TmJFWTBWakowVjFVeVNraFZiRnBW VmpOU00xcFhlRmRYUjFaSFdrWldhVkpZUW1GV2EyUXdDazVHU2tkalJGbExWRlZTCmMxSkdjRFpO Ukd4RVdub3dPVU5uUFQwSwo=

What book you recommend? Books in security, hacking pen testing, or anything else that you recommend to increase knowledge

I want to know what is in your bag when you go out to do some engagement. Devices(Hardware, OS) I'm trying to decided what kind of hardware to carry with me.

I tried the subsystem and its annoying. Do you recommend a dedicated pc/laptop with kali install or run kali as a live distro?