15
submitted 1 week ago by [email protected] to c/[email protected]

This may sound like fedposting, so feel free not to respond. I'm asking if people knowledgeable about cybersecurity, penetration testing, etc. could help me learn either through advice or more personal guidance. I'm familiar with Maia Crimew's blog post, but as with most of this stuff it's just vague enough to be difficult for me to push off from. I am really good with computers when using them as intended, but going off the beaten path and finding flaws or footholds is where I struggle. If you have advice or want to guide more closely, you can leave a comment here, a DM, or you can get me on Matrix @cupcake-of-spice:matrix.org

The site hackthebox dot com has battlegrounds with two teams hacking each other's virtual machines while hardening their own. If anyone wants to start a team for that, I'd be up for joining, though at my current state I may not be so much help...

you are viewing a single comment's thread
view the rest of the comments
[-] [email protected] 2 points 1 week ago

Oh word. You're well on your way already. While there's plenty out there that can't be cracked in a reasonable time, I find that half the battle is knowing what to try based on the SSID format. Have you run across this table?

https://forums.hak5.org/topic/39403-table-of-wifi-password-standards/

For example, if spectrum is prevalent in your area, grab a copy of the spectrum-netgear wordlist.

https://github.com/andrewjlamarche/PSKracker/tree/master/dicts/netgear-spectrum

this will run through a combo of adjnoun and then 3 digits for each combo. takes about an hour on a 1050ti

hashcat.exe -m 2500 "C:\hashfile.pcap.hccapx" -a6 netgear-spectrum.txt ?d?d?d

I also always throw phone number combos of my local area codes at it. tbh, this is usually what does it if they've got a custom SSID.

hashcat.exe -m 2500 -a 3 -1 ?d "C:\hashfile.pcap.hccapx" 555?1?1?1?1?1?1?1

Honestly, I totally get it, I've got more fluff in my skull than brains. So it's very hard to keep in mind everything I should. I mostly just had some favorite techniques I relied on to do my basic exploration and then once I have a system I can set my sights on that's when I did research and built a plan of attack. I would say definitely check out those syngress books. In case I didn't express that well enough, they're basically hypothetical scenarios wrapped around actual techniques. Great for getting the juices flowing and thinking big picture and how different techniques can tie in to each other. Definitely read the hackback papers.

In minecraft, I would recommend really sitting down and thinking about what it is you're trying to do with these skills and then build up profiles of the types of organizations you would like to work with in the future. Check their job listings for software and hardware they use, try and build org charts to find out the people you would want to get in contact with, etc. From there, the jhaddix methodology is a great start. https://github.com/jhaddix/tbhm

this post was submitted on 25 May 2025
15 points (100.0% liked)

askchapo

23019 readers
13 users here now

Ask Hexbear is the place to ask and answer ~~thought-provoking~~ questions.

Rules:

  1. Posts must ask a question.

  2. If the question asked is serious, answer seriously.

  3. Questions where you want to learn more about socialism are allowed, but questions in bad faith are not.

  4. Try [email protected] if you're having questions about regarding moderation, site policy, the site itself, development, volunteering or the mod team.

founded 4 years ago
MODERATORS