Hi, I need your help to learn pentesting.

I'm programming for several years. I'm really good in C# and can write moderately complex apps in Dart, Python and JavaScript. I'm in highschool and work for software development company as backend developer. But general programming starts to feel so boring...

I've started to watch LiveOverflow on youtube (no link, there is no wifi here and I don't want youtube to drain my data) and it was so interesting - so I tried it. I've tried few CTFs, read many writeups, and now I've discovered CTF hack the box.

When I know what to do, I have no problem googling and researching and later applying my knowledge. But I often discover, that I just don't know what I don't know.

There is one CTF challenge that I haven't completed yet. It's 20 line html page, no javascript, nothing suspicous. No cookies. It has just form with password input, which sends post request to server. Here's the problem - how do I get the flag (the password)? I can bruteforce it, but it clearly isn't the correct way. I know that the php runs on apache, debian. I've tried getting some files, I've tried going up (../), sql injection, nothing works.

And here's the general problem - what am I missing? What to learn? What should I google? I don't want ideas what I'm missing on this one example - Instead I need some sources where I learn generally about vulnerabilities I can exploit. Some blog, some website, something like this.

Could someone here recommend me some sources where I learn about this? How did you start and what things do you generally check when you face something you have to break into?

Thank you

I'm in a bit of a rutt with my journey to learn how to write software, and I really have no idea where to go from here. I've taken a bunch of software engineering courses on edx.org, and I've done a few personal projects with what I've learned, but I still don't know enough to be able to contribute to open source projects or make anything useful.

TL;DR
How can I learn to actually make things?

I hope I’m posting this in the correct place. I’ve been having a disagreement with someone over the abilities of hackers. I kinda hope Deimorz pops in because he wrote automod.

I said that the only way for someone to gain access to a subreddit to make changes is if they steal a moderator’s account password or they are added to the mod team. The person I’m having a disagreement with believes that adding text to the wiki for users to view (like the extensive wiki r/skincareaddiction has) would make it easier for hackers to insert malicious code in order to gain access to the sub. This person also mentioned being able to change the subreddit through browser tools. She insists the sidebar and wiki are potential access points for scripting attacks. Automod just so happens to be enabled which is why I mentioned Deimorz.

I’m not an IT professional. My brothers currently are which helped me learn most of what I know. I’ve supplemented that over the years with whatever info I came across online. What she’s saying sounds like crazy town to me. But since I’m not a hacker, is there a way to use the sidebar or wiki area to hack into a subreddit?

Thanks in advance to anyone who pities me by providing a detailed answer to this thinly veiled request to help me win an internet argument 🙇🏾‍♀️.

Me and my friend arrive at an arbitrary place, we have access to a network from there. Now, we want to share a file and the network connection is all we have. The challenge: make the file go from my device to my friends device in a pure p2p setting. If you know, for sure, that incoming connections are allowed this is very simple but here i want to explore which solutions exist that do not assume this.

Assumptions:

• Same network altough possibly different access points (one might be wired and the other wireless)
• We have no prior knowledge about the network, incoming traffic might be blocked (outgoing isn't for sure)
• No extra machines can aid in the transaction (no hole punching etc)
• Should work reliably for any kind of device that you have free -- as in freedom -- control over. that is PCs, android phones/tablets and macs. most of Apple's other hardware can be excluded because they don't allow for anything anyway.
• hard mode: We are both digitally illiterate

Goal:

• Send a file, p2p, from one party to another.

Me (MSc cs) and my friend (PhD cs) tried to do this last week. And it appears to be among the hardest problems in CS. I would like to discuss this and hear which solutions you might have for this problem.

Edits:

1. this is not an assignment
2. Added some specifics to the assumption set
3. we're looking for practical solutions here.
4. more specs

Right now I dual boot windows 10 and fedora, windows for gaming, fedora for everything else. I'm considering running linux as my only native operating system, and running windows in a virtual machine for gaming. This will be more convenient than restarting my pc every time I want to play a game, and I'll feel better about having windows sandboxed in a VM than running natively on my computer.

To get gaming performance out of a virtual machine, I'm planning to have two gpus. One for linux to use, and one reserved exclusively for the virtual machine.

Have any of you set up a computer like this before? What was your experience like? How was the performance?

Trying to get a sense on how the networking would go down?

If I had one public IP address and say 4 Docker containers on the host, how would the SSH connections work? Would I have to reserve ports for each container?

Okay, I know the obvious answer is the history of the files. But how can I, from the command line, really understand what is hiding inside that .git directory?

Today I was doing one of my periodic disk space audits, trying to figure out where my usage goes. This comes from having a 64GB drive mounted as /home on my Linux laptop. I found some 15G of old video files to delete today, so I'm no longer as pressed for space. But my interest was piqued by one thing I have downloaded from Github that is ~120 megs for a very simple program. Poking around further I find that most of that usage is a single file:

$ ls -lh withExEditorHost/.git/objects/pack/pack-df07816cd15fb091439112029c28ebc366501652.pack
-r--r--r-- 1 elijah elijah 102M Mar 14 23:28 withExEditorHost/.git/objects/pack/pack-df07816cd15fb091439112029c28ebc366501652.pack
$ file withExEditorHost/.git/objects/pack/pack-df07816cd15fb091439112029c28ebc366501652.pack
withExEditorHost/.git/objects/pack/pack-df07816cd15fb091439112029c28ebc366501652.pack: Git pack, version 2, 299 objects
$

Is there a unzip or tar xzf equivalent for Git pack files? Naive usage of git unpack-file is only generating errors for me.

I have to do an assignment for university soon-ish, and it requires Angular. I'm not very fond of that framework specifically, but I would be interested in making it more interesting as a learning project. I've also recently discovered PureScript, which I have no experience with right now.

Searching online, I've purescript-angular, which hasn't been updated in years. I also couldn't find much else. Of course, I may be missing something simple (for instance, it's actually supported by default in Angular these days), so I wanted to ask if any of you know if this is possible, and if so, how?

I'm going to be flashing a custom ROM on my Nexus 5X device, and I was just curious if I'm understanding all the components involved. I currently have CopperheadOS on my device, but that ROM may be dead based on current events. I'm not switching because of this news, but mainly because I just want to try something else for the hell of it. I think I'm going to make the switch to Lineage, but there are way more options involved versus flashing CopperheadOS.

It seems the main components to consider when flashing are the following:

• The ROM itself (CopperheadOS, Lineage, PureNexus, etc.)
• The custom recovery (TWRP, etc.)
• The kernel (ElementalX, Franco, etc.)
• root (magisk, etc.)
• Play Services (OpenGApps, etc.)

CopperheadOS was kind of it's own package, so I didn't have to consider all of these other options.

My understanding is the minimum decisions I need to make if I want a custom ROM, is picking the ROM itself, and a custom recovery. In my case I'm going for LineageOS and TWRP.

Choosing a custom kernel seems to be optional. I think I might go with Franco on this one based on the little research I've done. But to flash a custom kernel, I think I need root, right? So now I'll need to get root access which requires another tool. I was going to go with Magisk based on not much. Just seems to be common. So that's 4 main things there. The ROM (LineageOS), the recovery (TWRP), the kernel (Franco), and root (Magisk). I personally don't want any Google services on my device, so I'm fine with skipping that part. I currently don't have any installed, and I'm doing fine without them.

So does my view on this seem correct? Are all the things I mentioned necessary for what I want to do? If I want LineageOS then I need a custom recovery right? If I want a custom kernel, then I need root which requires a separate tool, right? Just making sure I'm not doing more than I need to if I decided to go through with this. As a side convo, please recommend whatever ROMs, kernels, or root tools that you want. I have a Nexus 5X, and I'm hoping it doesn't bootloop after I'm done doing all this flashing =)

I've just used Tildes on my phone for the first time and FUCK! MY EYES! I know I can't change the color of Safari, so I looked in the app store but couldn't find anything. Can you reccomend me a good browser with a dark theme?