Ask me a question about hacking

Talk about things not related to Sonic or Chao. Talk about other stuff!
Warning! This topic is 7 years and 6 months old! Please consider opening a new topic rather that bumping up this very old post.
Locked
User avatar
BTC4
Veteran Chao
Veteran Chao
Posts: 1066
Joined: Sat Aug 23, 2008 10:14 pm
Location: U.S.A.
Contact:

Ask me a question about hacking

Post by BTC4 »

So it's a Saturday night and I'm on Chao Island for some reason right now

I've been an "Information Security Engineer" aka professional whitehat hacker for about 7 months now. I am by no means good yet but I know more than most average people at least. In this time I've learned about most of the different vulnerabilities regarding web applications. I don't do a lot of cryptography (or any, really) and I don't do much with networking. But I can dump your database and inject JS into your forms if you're not careful.

Given that this is a forum with young people who use technology I assume a good number of you are interested in programming and the like - hacking is sort of an extension of that. And it can be an awesome career, or you can do "bug bounties" and make some money by helping companies fix their stuff. I don't recommend hacking for any other reasons btw. The money you can make legitimately trumps anything you can steal or make doing blackhat. So don't use any of this for evil please. Also it's really fun and rewarding breaking stuff, in a weird way. And you can brag to your friends and sound cool and mysterious.

I'm not allowed to say the name of who I work for or any of our clients. But I can discuss vulnerability stuff and what to look out for/how to get started.

And no I can't hack into your ex-girlfriend's facebook/email/any of the like so don't ask!

I'm not interested in building your app idea so don't ask!

Ask me questions about hacking websites because I'm bored and it's a great career that most people don't know about :omochao:
BIG THE CAT NUMBER 4
FUSION WAS A BABY CHAO MOD
:herosway: :herosway: :herosway: :herosway:
User avatar
Dr. Roivas
Veteran Chao
Veteran Chao
Posts: 1125
Joined: Fri Sep 30, 2011 11:35 pm
Motto: urine speaks louder than words
Location: \[T]/ praisin dat orb
Contact:

Re: Ask me a question about hacking

Post by Dr. Roivas »

Oh thank god there's this giant ****** stump just sitting in my backyard and I've been trying to hack the damn thing to pieces for months now. What am I supposed to do? Just get a bigger maul or...?
Capitalism Killed My Once Proud Signature
Tsui
Expert Chao
Expert Chao
Posts: 887
Joined: Fri Jun 29, 2012 5:44 pm

Re: Ask me a question about hacking

Post by Tsui »

Not sure if it's considered hacking but:

How easy is it to check where in the world a post on Twitter or Tumblr was written?
Similarly, can you check the IP of an anonymous ask on the latter without blocking them?
How secure is most social media to begin with?
User avatar
Crazo3077
Mystical Chaos Chao
Mystical Chaos Chao
Posts: 7153
Joined: Mon Nov 17, 2008 9:17 pm
Motto: xP

Re: Ask me a question about hacking

Post by Crazo3077 »

With the more recent news about Russian hackers releasing United States Democratic Party emails, I do want to ask if there is something inherently easier about hacking from one country to another or form one language to another. Did the Russians have some kind of advantage unique to being Russian, or is it all about the same no matter where you're from?
Image
Avatar Art by chocohugs; Signature by Tsui
User avatar
chaoadventures
Veteran Chao
Veteran Chao
Posts: 1381
Joined: Tue Dec 04, 2012 2:30 am
Motto: "you wanna play with gabario?"
Location: heck (still)
Contact:

Re: Ask me a question about hacking

Post by chaoadventures »

The question I have is:
BTC4 wrote:And no I can't hack into your ex-girlfriend's facebook/email/any of the like so don't ask!
Do you mean "can't" as in you genuinely can't do that or just won't if asked to?
Image


- - -
Rajikaru wrote:You're clinically insane.
User avatar
Mamkute
Chaos Chao
Chaos Chao
Posts: 2498
Joined: Sun Jun 19, 2011 6:25 am
Location: California

Re: Ask me a question about hacking

Post by Mamkute »

I am completely inept at programming, but I have been trying to become more well versed in it, even if it is just conceptually. Do you have any recommendations on where to start learning? I think high schools should probably have a required computers class, since it is such a huge industry that is only growing, but alas, I accept that I missed out on that. How did you start getting into computer wizardry?
BTC4 wrote:But I can dump your database and inject JS into your forms if you're not careful
Now to show my ignorance, what is JS? Java Script? And what would that even entail.

I also think Crazo's question, in terms of recent events, is really interesting. Do you have any deep insider thoughts on hacking government agencies? What about the ethics of revealing of the sketchy information (DNC being anti-Sanders, most recently) obtained through illegal means?
Image
Chaos the Light Chao
Shining Chaos Chao
Shining Chaos Chao
Posts: 2750
Joined: Tue Jan 13, 2009 1:07 am
Location: Nort Southh's Asylum for the Sane

Re: Ask me a question about hacking

Post by Chaos the Light Chao »

What are the go-to weaknesses you check for when you get a new contract?
Dr. Roivas wrote:Oh thank god there's this giant ******* stump just sitting in my backyard and I've been trying to hack the damn thing to pieces for months now. What am I supposed to do? Just get a bigger maul or...?
You don't hack stumps. You hit them with a firewall.
User avatar
PoodleCorp
Egg
Egg
Posts: 1
Joined: Mon Sep 05, 2016 7:46 pm
Contact:

Re: Ask me a question about hacking

Post by PoodleCorp »

You should join us at PoodleCorp.
Long Live Poodles #PoodleCorp
https://twitter.com/poodlecorp
User avatar
Mooncow
Administrator
Administrator
Posts: 1755
Joined: Sun Jul 31, 2005 11:06 am
Motto: Cut your path through an uncertain future...
Location: Chao Island Capital
Contact:

Re: Ask me a question about hacking

Post by Mooncow »

Hi Mr. Big the Cat #4, can you hack into the Chao Island RPG and complete it :herocool:

Glad to hear you've found a career path you seem to be enjoying!
Chao Island Twitch Channel for Chao streaming!: https://twitch.tv/ChaoIsland/
I have dragons as my servants and I have almighty powers.
Image
JmTsHaW: (list of CI users, as Sonic Battle characters) Chaos - Mooncow (He barely appears, Chaos also barely appears.)
(00:45:53) xninjy: ur not old mooncow. old is 50 or 45.
Pufflehugs
Courageous Chao
Courageous Chao
Posts: 455
Joined: Tue Aug 25, 2015 6:25 pm

Re: Ask me a question about hacking

Post by Pufflehugs »

PoodleCorp wrote:You should join us at PoodleCorp.
Are you really Keemstar like BDTV said?
Good thing I saw this because it reminded me he has a livestream right now
User avatar
BTC4
Veteran Chao
Veteran Chao
Posts: 1066
Joined: Sat Aug 23, 2008 10:14 pm
Location: U.S.A.
Contact:

Re: Ask me a question about hacking

Post by BTC4 »

Hi Mr. Big the Cat #4, can you hack into the Chao Island RPG and complete it
hahaha oh man I forgot all about that

Someday I will complete it :omochao:
I am completely inept at programming, but I have been trying to become more well versed in it, even if it is just conceptually. Do you have any recommendations on where to start learning? I think high schools should probably have a required computers class, since it is such a huge industry that is only growing, but alas, I accept that I missed out on that. How did you start getting into computer wizardry?
On programming in general I would start with something like codeacademy or learn python the hard way to learn generic concepts. Then find a thing you want to build, fail at it and be frustrated, and build it, even if it sucks. Then build more stuff. If you want to break things like I do I would start with this video - https://www.youtube.com/watch?v=L5l9lSnNMxg
What are the go-to weaknesses you check for when you get a new contract?
The main vulnerabilities are applications that let you run JS on them and mess with their SQL (database) queries. Other than that are permissions and stuff to do with tokens and cookies and the like. Spend some time looking up how HTTP and the Internet in general works I guess is a good start for this kind of thing.
Now to show my ignorance, what is JS? Java Script? And what would that even entail.
JavaScript, see above youtube link. Basically if you develop a web application you need to treat all user input as something that could potentially be malicious or evil and scrub it of any dangerous characters that could execute code.
Do you mean "can't" as in you genuinely can't do that or just won't if asked to?
Can't and won't
With the more recent news about Russian hackers releasing United States Democratic Party emails, I do want to ask if there is something inherently easier about hacking from one country to another or form one language to another. Did the Russians have some kind of advantage unique to being Russian, or is it all about the same no matter where you're from?
Nah not really. You probably hear more about "Russian hackers" and the like due to political reasons. They do the same stuff I do though. Also hacking other language websites is really annoying, particularly ones in Chinese >_>
How easy is it to check where in the world a post on Twitter or Tumblr was written?
Similarly, can you check the IP of an anonymous ask on the latter without blocking them?
How secure is most social media to begin with?
No idea about twitter and tumblr. Most social media is pretty secure I'd say. I've seen IP information leakage at a number of places among other things like server information, internal filepaths, crazy verbose Java errors etc
BIG THE CAT NUMBER 4
FUSION WAS A BABY CHAO MOD
:herosway: :herosway: :herosway: :herosway:
User avatar
retrolinkx
Veteran Chaos Chao
Veteran Chaos Chao
Posts: 6323
Joined: Thu Sep 04, 2008 5:33 pm
Motto: I can't believe I ate the whole thing.
Contact:

Re: Ask me a question about hacking

Post by retrolinkx »

Let's say the government or another company picked you up to do some unethical work with your skills (the work won't hurt anybody physically), and the pay was good (like CRAZY good. Your current yearly salary 5x over or so). Would you take it?
Image
Picka and Fox's Partner, Retro's Legend.
Fox Boy wrote:fusion+pie=fusion pie!
User avatar
Wolf
Veteran Chaos Chao
Veteran Chaos Chao
Posts: 6570
Joined: Sat Dec 13, 2008 5:16 am
Contact:

Re: Ask me a question about hacking

Post by Wolf »

when you've successfully hacked into something, do you say in a hacker voice, "i'm in"?
Locked