Latest Posts by silliestofmanygeeses - Page 7

Portals to Hell by hrmphfft

Well since you all asked nicely...

Time you all learn how to get into being a hacker~!

Advance warning this will be a long post and as of typing this idk if tumblr has char limits so might need to continue in reblogs?

Right, so. You may be asking "How do I get into hacking?" and find yourself here because of it.

The answer is you just did it. Right there. By clicking that keep reading link you have just entered the world of hacking, because curiosity is everything. The innate urge to learn more, to know more, that is what hacking comes down to. You do more than just using a system, you question it. Ask yourself, what does the system do when i input these characters? How does it take my input and translate it into the function? Where does it store information in what way?

Have you ever tried inputting unexpected text into a field? For example, say a website asks for a particular input like your name, but instead you start putting in numbers or unexpected unicode. That right there is, by definition, the poking around that hacking uses. You're experimenting with unexpected use-cases. Often times if you try this, you may end up finding interesting results. In my example here, say instead of your name, you put ../../../../etc/passwd into the field. Suddenly when you hit enter, you get hit with a result of a bunch of names and data. That is a hack. The database to control the storage of your name instead received a command to back out of that database, and go into the etc folder to retrieve the passwd folder, which houses user data from that system. This, of course, assumes the system is running Linux, but it is an example. All hacking is, is poking around in ways the original programmer couldn't expect to find interesting results and broaden your access into things you shouldn't have.

Now, this is all well and good, but what if you want an actual way to learn this in person? Well the good news is there are plenty of legal avenues to get into hacking and broaden your experience! Personally I use HackTheBox for my CTFs through their labs. That means they run a thing called Capture The Flag, where they give you a single IP and you have to explore that system to find two different flag files to win. They also have competitive CTFs I have yet to try, but I do have a competitive tournament coming up next month for it. Then they also have the academy to teach you more via both hands-on methods and reading work. If you know next to nothing and want to get started in a safe learning environment, you can try out their academy or my next resource. TryHackMe! This website is more learning focused, and I have been taught a lot of what I know through it! It has free lessons along with premium ones for a subscription, so just know that only a selection of what you can learn here is free, but I do recommend them if you do feel like paying for that extra bit, as I would say what I learned from it was worth it and they focus on both offensive hacking, which I do, as well as the blue side for defensive hacking and even things like digital forensics if you're interested in that!

HackThisSite. No really, hack it! This website is a legal playground to try out scenarios from the unlikely to the realistic in varying difficulties to put your skills to the test!

There's many, many more resources to look into as well, those are just the first few off the top of my head. Beyond this, I'd say constantly stay up to date in cybersecurity news and read up on new large scale attacks, as the entire industry is a constant arms race with exciting twists to learn about! Beyond that there is no one right way to go about hacking, and there's never a stupid idea to it either!

Now, all this is well and good, but what about a real case example? Well luckily for you all I happen to have a machine up and running to show off a case example of a CTF in action. Today i'll be showing you the "Lame" box from HackTheBox, the first machine they ever published, now retired. I can access it thanks to VIP.

First thing's first, I'm using a laptop that I stripped of Windows 11 in favor of Linux, and specifically Kali Linux being the exact distro. If you're wanting to get into hacking at the VERY least use a VM with linux, but i beg of you dont use windows. You're asking for trouble both in terms of lack of tools and in terms of vulnerability. You're putting a VERY large target on your back by using Windows because of how vulnerable it is. Kali Linux is a nice option as it comes pre-built with tools, but if you want something more user friendly you can go for Parrot OS.

Once the OpenVPN connection is active and we have the Lame machine up and running, it gives us an IP and nothing more. The first thing you will want to do when this is the case is to use a tool called Nmap to scan that IP for active TCP ports. This shows you what open, and sometimes closed, connections that machine is running, along with information about them. I usually use the command with these particular flags. nmap -sV -Pn -p- (ip)

It will output the ports we want to see, dont worry about how much text there is, we're focusing on just a small segment saying port numbers and a description of them

Now that's interesting, looks like this is running Samba SMBD on ports 139 and 445, and thanks to a google search I know this is a vulnerable version. We'll take the quick route and just use a tool called Metasploit. In a typical run metasploit wont have what you need, but for the sake of time and post length, i'll just boot that up by running "msfconsole" and running a search for our exploit. On finding the one I need I select the payload.

Next up, we need to equip the options for it, setting who our target is and where to send the information back to, in this case my VPN's IP.

Once that's done, you simply say "run" and it will go! And what do you know, i'm in the system as a root user, aka full administrative privileges with access to both the user and root flag! In a typical CTF there are many more steps including usually getting into the user first, then exploiting into root. I, however, took the shorter route this time.

(The flags change every run so you cant just copy paste them from my run.)

And that's that, machine conquered! We did it! Of course, in the real world of hacking there are many more steps, and it can even take multiple days to get everything you need from a target in a stealthy manner. The faster you move, the louder you are.

Now you know the basics though! Get out there and learn, google will be your friend and its never wrong to ask questions. My DMs are open if you have more to ask or just wanna talk hacking! :3

Legal, illegal, who cares im not a cop, have fun and stay curious~!

hey netizens! i'm not sure how many people are aware, but youtube's been slowly rolling out a new anti-adblock policy that can't be bypassed with the usual software like uBlock Origin and Pi-Hole out of the gate

BUT, if you're a uBlock Origin user (or use an adblocker with a similar cosmetics modifier), you can add these commands in the uBlock dashboard (under My Filters) to get rid of it!

youtube.com##+js(set, yt.config_.openPopupConfig.supportedPopups.adBlockMessageViewModel, false) youtube.com##+js(set, Object.prototype.adBlocksFound, 0) youtube.com##+js(set, ytplayer.config.args.raw_player_response.adPlacements, []) youtube.com##+js(set, Object.prototype.hasAllowedInstreamAd, true)

reblog to help keep the internet less annoying and to tell corporations that try shit like this to go fuck themselves <3

Amazon are upping their print costs for books, which means some (possibly many) self-pubbed authors may have to also up the cost of their book(s). I'd like to say now, to make it crystal clear for the record, this is not authors being greedy.

I think someone who looks up the royalty rate for KDP and sees "60% for exclusive publishing and 40% for non-exclusive" would think "Wow, these authors are getting paid good money!" but once you calculate the amount of the list price that Amazon eats after printing costs, that percentage can be literally pennies. The minimum, and I mean the absolute bare minimum that I could sell When Dealing with Wolves for after the changes is £12.48 – and if I did that, I would make £0.00. That's zero money. No royalties.

I repeat: 40% royalties on a book listed at £12.48 = nothing.

I currently have WDWW up at £14.00. My "40% cut" from that is £0.76. After the printing cost changes go into effect, I'll make £0.61 from each sale instead. I really don't want to up my prices, because frankly it enrages me that Amazon won't let me list my book for anything under £12, when the standard price of a fiction paperback in the UK is usually around £8.99 – but writing isn't my priority job, so I have that luxury. I'm not trying to make a living off my writing so much as using it to supplement what I make from the freelance career, which is a choice I made because I knew I could never cope with the workload required for a ""serious"" self-pubbed writing career without sabotaging myself. The £0.15 difference in royalties from one book sale isn't going to be the difference between me eating or not; it just really really annoys and disheartens me. (And, also, is further proof that I can't sustain a full-time writing career, because I'd run myself ragged for too little gain and then I wouldn't be able to eat).

But there are plenty of authors who are writing as their primary source of income, either because they can't do anything else or because they took the plunge they're building their career (and it shouldn't matter to you why someone is writing full-time, by the way. You want fiction media to interact with, then you need writers, and writers need to be paid in order to live in order to make more media). It's these authors who will have to up their book prices, and I feel in my bones that it's these authors who are going to face the backlash.

So, if you must be pissed off at someone, be pissed off at Amazon. The authors are probably pissed off, too (I certainly am!), so you'll be in good company.

(And if you can, buy the ebook version because we get better royalties, or see if the author has their own store where you can get the book, since they'll have more control over their own prices there).

Watching the difference between the Twitter migration mentality vs. the Reddit migration mentality is fucking hilarious.

Like, when Twitter users started moving over here everyone was pulling out all the stops and bringing back old fandoms that they were into and basically firing rent lowering shots by being super cringey.

And then all of the sudden when the Reddit refugees start showing up we're like, "ah yes, pull up a log and gather around the dumpster fire. We'll teach you how to not get killed by people hunting down bots and carve out a little area for you guys to relax and get used to the site before we throw you into the deep end of this hellsite that we call home. Tomorrow is Let Papyrus say Fuck day so you can prepare for that if you want. You want some hot coco and a blanket?"

Do NOT feed the Reddit refugees!!!

They must learn to hunt on their own, lest they become dependent on the native Tumblr lifeform for food and shelter!!!

"You can't be a lurker on tumblr." Yes, you absolutely can. I've been quietly reblogging things since 2014 and I haven't interacted with anyone in years.

Tumblr Migration 2: Reddit Boogaloo

We all know about the Twitter immigrants, but there seems to be radio silence on what's happening now with Reddit users from certain subreddits doing a similar thing.

What's happening?

Reddit is restricting their API later this month and killing off third-party apps. An AMA (Ask Me Anything) with the CEO Steve Hoffman was held and it was clear that he would continue with the changes.

In protest, thousands of subreddits across the site are planning to go dark for 48 hours on June 12th. Some are planning to continue indefinitely until the changes are reversed.

Okay, so how does this affect Tumblr?

Some subreddits (mainly queer and left-leaning meme ones, don't worry too much about Reddit Atheists™ overrunning us) are encouraging their users to jump ship to our beloved - and beloathed - hellsite. There will be another influx of new users and many will be unfamiliar with how the site works.

What do us Tumblr users do?

Show them how to use the site; introduce them to the site's culture, tell them to reblog shit and curate their dashboard. Sorta like how we welcomed Twitter users back when they flocked here. Kungpowpenising optional.

I'm new from Reddit, what do I do here?

CHANGE YOUR PROFILE PICTURE AND BANNER TO SOMETHING OTHER THAN DEFAULT BECAUSE THIS SITE IS FILLED WITH BOTS AND YOU MIGHT BE MISTAKEN FOR ONE. This is the FIRST thing you should do after getting a blog.

Other folks can help you with stuff like curating your dashboard or creating sideblogs (or you can look shit up) but please, PLEASE just give yourself an icon and reblog some stuff so people don't mistake you for a bot

i hate that fucking right-wing nudniks have ruined these topics for us but if you ever see a meme or funny post and the subject is like, ancient rome, medieval europe, military stuff, or guns, check the OP before reblogging. Half the time it turns out to be some brand of fash and 30 seconds of scrolling on their blog will find some racist shit or something similarly hateful

please report any hate speech you find and block them. bonus is that their chud buddies are usually reblogging the OP too so you get a free report/block list

Very Brief Guide to [tumblr], for Reddit refugees

Shit You Must Do Right Fucking Now:

Change your profile picture, blog header, and title to something other than the defaults. Do it right now. You will be mistaken for a bot otherwise, and blocked.

Go into Settings -> Dashboard, scroll down to Preferences, and turn off the options in the picture. This will get rid of most of the algorithmic stuff.

Turn off Tumblr Live. You have to snooze it once every 7 days for some stupid reason. It's hosted through another company and will steal your data if you use it.

Go to your blog settings (under the little person menu) and turn off these two settings:

Turn off infinite scroll (lags the site) and turn on timestamps on posts, in the same menu as Preferences.

Basic Features of the Site:

Reblogs drive the entire site. If you'd upvote something on Reddit, you'd reblog it on Tumblr. You can add text, images, or tags to a reblog, but you're not required to.

The dashboard is the equivalent to your Reddit feed, and contains the posts of all the people you follow, with the newest at the top

You can send an ask to someone, and it'll appear in their askbox for them to answer. You can receive them too, or turn off the settings if you don't want.

Tags aren't actually used for finding stuff (search function is dogshit), but are more for categorizing. People also talk in tags. Because Tumblr is weird, you can't use quotation marks (") or commas in them without fucking it up

You can filter both tags and phrases under Account Settings; doing this will put a filter over a post that contains them, which you'll have to click through to see the post itself. Useful for avoiding hate speech or blocking out annoying stuff

You can make polls in posts. Here's one now.

Likes are useless. They literally do fuck-all except send a notification to the OP.

Stuff Tumblr Does That Other Sites Don't:

Very old posts (I'm talking from like 2012) often circulate on this site. There's no such thing as a post being "too old" to reblog

Blocking is highly encouraged; you can block someone for any reason. Even for just being annoying.

If you and someone else are following each other, you are mutuals. Mutuals are fucking awesome and are treasured like friends. Mutuals are a thing on other sites but Tumblr treats em differently.

You can screenshot someone's tags if you like them and add them to a reblog. This is called "peer review"

Sometimes someone will find a blog and go through it and like/reblog a bunch of posts. This is totally fine and not "creepy" like it is seen as on other sites.

Tumblr jokes often rely on Continuing The Bit and a "yes, and?" attitude. Goncharov is probably the best example of this.

We are fucking infested with bots. They will either have totally blank profiles or be filled with porn. Block and report on sight.

Censorship is pretty lax here. I can say "I want to brutally stab Elon Musk to death and watch him bleed out in front of a crowd" and nobody gives a shit.

General Etiquette:

Don't try to do epic clapbacks here, you'll probably just get laughed at or blocked. If someone is bugging you or spouting bigoted bullshit, block them.

Reblog art!!! Artists often struggle to gain traction on here; reblogging will give them a boost.

Not every reblog needs a comment or tag in it

You can go all out with tagging your stuff to organize it, or you can just leave it all blank. Someone might ask "hey, can you tag these posts as [x]?" and you can decide if you want to do that or not. It's generally polite to oblige, but "no" is still reasonable.

Avoid discourse like the plague. Filter it, block people who start it, scroll past it when you see it. Just don't get involved in it. Ever.

Don't put fandom tags or jokes on someone's posts about serious matters or personal shit

You're responsible for curating your own dashboard; if you complain about constantly seeing stuff you don't like, that's probably on you. Don't be afraid to unfollow.

Follower count doesn't matter much here and you don't have to make yours known if you don't want to.

Reblog, don't repost. Reblogging keeps the credit and doesn't "steal" engagement like Twitter retweets.

If someone likes something a LOT, they might reblog it like 30 times in a row. This is normal

Having a post blow up is actually kinda a bad thing, since it floods your notifications. There's a sort of in-joke about how having a big post is awful and people jokingly try to stop their own posts from blowing up, often in vain.

Tips:

Get XKit Rewritten if you're on desktop, it's a really helpful extension

In the little drop-down menu next to the 'Post now' button you can either save a draft, schedule a post, or add it to your queue. The queue lets you post things in order at a certain interval, which you can change. It's good for spreading stuff out over time.

You can use Shift+R to quickly reblog stuff and Shift+Q to queue!

Filter your notifications under Activity - you can also see some neat graphs

Find each other! If you want your old Reddit communities to stick together, seek out other refugees and follow them.

Have fun on [tumblr], everyone!

Hi hello neurodivergent people who love clicky button, i am a neurodivergent person and I am interested in what kind of hyperfixations are most common! If you have multiple current hyperfixations (me too), choose the main one!

if you are willing to please reblog so I can reach more neurodivergent people and get more interesting results!