Hacking Environment

[Jonnycake]

Okay, so, I'm just adding some programs to my computer. Currently, I have:

* john the ripper (which I'm actually going to write a front-end in python for so that I don't have to open bash)

* kdevelop (a programming ide)

* zenmap (which is only because I want to play with the features it has rofl)

* metasploit (which I doubt I'll ever use, but whatever)

* ettercap (don't know why since I'm on a desktop so it will kind of be useless, but whatever)

* a nice shell script that I wrote make it easier for me to run exploits (well, I just don't have to cd to the directory (and I wanted bash scripting practice rofl))

* shortcut to gdb

What else do you think I should add? There has to be more that I'm missing. Suggestions?

Maybe a shell-code generator? Only thing is, metasploit has a shell-code generator in it so that might be a bit overkill. Of course, I have like 500 gB hd so I can add whatever rofl.

Edit:

BTW, by hacking I mean programming, reverse engineering, security, etc. Anything of that nature I'll probably add.

[metatron]

Okay, so, I'm just adding some programs to my computer. Currently, I have:

* john the ripper (which I'm actually going to write a front-end in python for so that I don't have to open bash)

* kdevelop (a programming ide)

* zenmap (which is only because I want to play with the features it has rofl)

* metasploit (which I doubt I'll ever use, but whatever)

* ettercap (don't know why since I'm on a desktop so it will kind of be useless, but whatever)

* a nice shell script that I wrote make it easier for me to run exploits (well, I just don't have to cd to the directory (and I wanted bash scripting practice rofl))

* shortcut to gdb

What else do you think I should add? There has to be more that I'm missing. Suggestions?

Maybe a shell-code generator? Only thing is, metasploit has a shell-code generator in it so that might be a bit overkill. Of course, I have like 500 gB hd so I can add whatever rofl.

Edit:

BTW, by hacking I mean programming, reverse engineering, security, etc. Anything of that nature I'll probably add.

scapy/scapy6

fragroute

tcpdump

[dr0p]

sslstrip

VM+Olly/IDA

[lopez1364]

why would you not want to use metasploit? You're obviously underestimate its power.

[digip]

why would you not want to use metasploit? You're obviously underestimate its power.

Maybe he is intimidated by it?

[deleted]

Notepad++ is a must have (works great in wine too).

[metatron]

Notepad++ is a must have (works great in wine too).

no, just no. VI or GTFO

[reZo]

Notepad++ is a must have (works great in wine too).

A rather sad and depressing post right there!

gEdit man, gEdit!!! (If on GNU/Linux).

[DingleBerries]

asm2shellcode.py

fasttrack

multiple word list... I dont think john can read them if they are larger than 2GB

Apache

Perl

Ruby

Python

a folder with all your scripts..

milw0rm.com

I dont really have a method to my maddness but it all seems to work.

[Jonnycake]

Thanks for your responses.

@reZo: I'm a vi/nano kind of person :P.

@lopez: Idk, I just sort of feel like a skiddy when using it. Of course, it's not really different than using a regular exploit, but since I don't know ruby it's harder for me to look through the exploit and understand it if I'm going to use it. None-the-less, I'll probably use it eventually so I figured I might include it in the environment.

[lopez1364]

Good call. Sure its scripts but what isn't. Everyone writes scripts. You just don't have to anymore. Honestly though, metasploit is very powerful. Metrepeter? Fast-track's auto ownage. Game over.

[DingleBerries]

Metasploits good if they are running a vulnerable service.. if not then meterperter and some social engineering comes into play. Ettercap with some filters and meterperter is a really good way to start. There are so many tools that its hard to say, well get this and this and that. If you dont know how to use them then there is no use for them. Best thing to do is find a target, asses possible exploits, nmap, and go from there.

Example:

Local Cafe

What can you do? Well, for starters ARP. Next run NMap and get a list of clients. Ok few targets running windows lets check their ports out. Ok so port 80 is open... nothing of interest. Can we ARP poison the network? Yes? Ok lets do that. Now we redirect there traffic to my local hosted site. Meterpeter some exploit to php or just have then download the file and RC back to you.

There are other scenarios that are much more difficult but that is the easiest to explain, and possible the easiest to exploit.

[H@L0_F00]

Soldering iron

Solder (Non acidic)

Flux (Non acidic)

Soldering iron cleaner or damp sponge

Broken hardware

Working hardware

Miscellaneous components

Array of different tools of varying shapes and sizes

Optional:

Caffeine of some sort (soda, coffee, energy drink, etc.)

Lighting that doesn't suck

Semi-comfortable chair

Music

Gaming system/rig for when you just need a break

Decent ventilation

[Jonnycake]

@Halo: thanks! Music and caffeine is a given :P. I just wish I had money so I could buy equipment to get started with electronics :(. I have all of the optionals though :D.

@lopez: Yeah, I've decided I'll actually start reading the documentation for metasploit and also try to learn at least a little bit of ruby so I can understand the exploits and feel less like a skiddy (and because it won't hurt to know a bit of ruby) :D.

@DingleBerries: Yeah, I guess you're right which is why I'm gonna try to read whatever documentation I can find on all of the programs that were recommended so far and hopefully set up a vulnerable environment to use them in (<3 vmware) :).

Edit:

I use smilies way too much -_-.

[MBP]

Why argue fools nano is obviously the coolest text editor around