I agree with hayabusa, you should feel good with what you've learned and how far you've come.  The OSCP isn't an easy test, and the fact that you got part of the way there is def an achievement.  You should try to setup some of this stuff in your own lab, and do the bonus questions from the class.   I learned a valuable lesson while doing the bonus questions: It's not as easy when you can't follow along what to do.  I spent a lot of time on the extra boxes to own in the lab, which helps a lot for the exam.  These bonus boxes are especially nice as a few of them require you to figure out what to use for priv escalation etc, which is something you don't want to spend a lot of time on once you've already gotten a shell.  Congrats on how far you've come, don't give up   Although "Try Harder" is sort of a bitchy motto, it's pretty applicable to this type of stuff.  There's a whole ton of apps that you can re-create the exploit writing stuff on, and setting up redhat 9 boxes in virtualbox is cake.  This is a great community, and maybe the right place to start working on some sample configurations for ownable boxes so that people can practice this stuff in the privacy of their own PC.  Good luck on your next shot

camtasia is pretty expensive, but if you have the budget it's worth it.  All my vids I typically do on my mac with iShowU HD.  It's like 30$ and worth every penny.  For linux, the last set i did with recordmydesktop and it worked well.  I didn't do audio with it, so I can't speak to that, but I can point you to vids that I did with iShowU and recordmydesktop and you can decide for yourself:

recordmydesktop (did low res, can do higher):
http://www.vimeo.com/12651974

ishowuHD: (hd res for full screen)
http://www.vimeo.com/3036502

Oh.. another awesome way to do it that I learned about just last week.  If you have a single match for something and are lazy :

and it will auto expand to:

I thought that was neat

Technically both of those are legit.  Metasploit will only really do tab completion for fully qualified contexts but inside Metasploit it mostly addresses the modules outside of the context of aux/exploit/payload. 

So if you know what you are going after:

is functionally equivalent to:

Even payloads are addressable in a similar way (and through the generate command you can now do almost everything you can through msfencode/msfpayload now that my patch got in)

so you could:
or
[quote[use windows/meterpreter/reverse_tcp[/quote]

set your LHOST

then :

in order to create your reverse_tcp windows exploit using any encoder that works works and encoding the payload 5 times.

I believe the core part of the problem is that puts append a new line and somewhere down the line it may be doing an append of "\n" somewhere along the line.  Metasploit seems to have encountered this in the past as about everything I've seen uses put for dealing with sockets.  Switching it from sock.puts to sock.put fixes the problem for me. 

I spoke there last year and had a lot of fun.  They had Chris Hoff for keynote which was great, and they had a number of presentations that were pretty good.   A lot of the folks you see at Blackhat/Defcon and other big conferences were there.  Just going from memory @Beaker did keynote, @jjx did stuff on next generation NAC, @RafalLos did stuff on problems still causing problems for web security, @NathanHamiel did stuff on python tools for web testing, @rsnake had a good presentation on what the bad guys are up to, there was a 2 part walkthrough that was great on w3af and the social stuff was pretty good.  This year they have HD Moore and others lined up with Metasploit goodness, and if you can't catch talks at BH/DC then I think some of them will be repeated at SecTor. 

This looks like a lot of fun,   The team I did Defcon CTF with is going to try this next.  If you think you might like to give it a go register now because...

REGISTRATION CLOSES TOMORROW

Here is another post about the stuff that re-ignited this debate:

http://vrt-sourcefire.blogspot.com/2010/06/defenders-of-faith.html

I use the public disclosed information a fair amount, especially with POC.  It's even more valuable if there are things in the wild as I've written a number of custom rules based on the disclosure that protect me in some cases better than what AV already does or in many many cases, what AV says it does.  Without some of this information, it's difficult to tell how protected you really are.

There are lots of positives and negatives to both sides of this debate, but for me, I hope that the bad guys are not the only ones looking for bugs.  The question really lies in, how does one disclose something "responsibly" when the vendor says it's not a problem.  If you knew about it, and then someone else comes out with a 0day, were you responsible or irresponsible for not letting people know ahead of time how to be protected ?

The columns section basically sorts by author what is already on the home page.  The plus side is if you really like something someone posts, you can see what else they have done in the past since we all concentrate on different things.

I agree and disagree.   Most of the larger cons are whatever you make of them.  There is plenty of excellent content and you have two choices: 1) Drink until you're stupid or 2) Attend talks, and then party some after hours.  If you look at the big "Cons" like BlackHat, Defcon, CanSec, SecTor, ShmooCon, Hope,  etc then most of them have pretty good content.  There is a whole set of additional conferences coming up which seems to have great content at a much lower price and that is the "B-Sides" movement.  They have done a number of them this year, most have been streamed over the net so you don't have to "be there" but the people who are there seem to be more of the people who are into learning and social networking instead of folks who are looking for a great party. 

All in all, I go to probably 3-5 a year some of which work pays for, some of which I pay for, but I try not to miss BH/Defcon/Bsides-Vegas and ShmooCon since they are both typically very educational and a lot of fun.

 

This is a pretty good rundown:

https://365.rsaconference.com/blogs/securityreading/2010/06/14/fair-use-plagiarism-and-the-world-s-no-1-hacker-book

Anybody in the area should stop by.  There are some cool speakers from some of the bigger cons that will be here as well.   You will be able to interact with a bit more with folks which is great.  Its a smaller venue so more networking and questions.  Stop by and say hi.

This is relevant I think:
http://www.spacerogue.net/wordpress/?p=191

It is basically about the whole conversation of "We don't hire hackers".

When it comes down to it, ethics are flexible.  Mine and yours won't match up on certain issues.  There is legal and illegal, and in different parts of the world, those won't match up.  Certifying someone as ethical is like classifying porn vs art; the "I know it when I see it" concept has always been bogus. 

It all goes back to trust and risk management.  I trust that a pen tester from company X won't destroy my world.  There is a risk that he/she will, but I would have recourse in this situation.  Reputation is very important in security, and who you know is as important as what you know. 

Both, I program in c/c++/php/perl/python/ruby/lua predominantly but am not a true developer.  The reason the web stuff is harder course wise is that there is much more subtlety to what you are doing.  Do you need a ' or a " when you are doing a specific injection.  What happens when the script upper cases every command you type for command injection (unix doesn't like that much).  Those sort of things you don't have to deal with as much in the network pen testing classes.

That said, I should say if you have no programming background at all, you may find 542 even more challenging.  There are days in there to teach basic scripting, but you will be slower than your counterparts who have some very basic experience in programing/scripting.  That said, you don't have to have programming knowledge to take the course, you will do ok without it, but you will have to work harder.

Out of curiosity, did the pen testers recommend any strategic changes to your incident response procedures or any additional procedures to put in place in case this happens again ?  This is an excellent example of how having an incident response team with the proper professionals on it could have probably gotten things resolved faster.  You post this as a cautionary tale, with good reason, but it seems like there could have been some great positives come out of this that would last through a potential real attack.  Losing money is never good, but if you gotta lose money, make the most out of it that you can   I think if nothing else, some critical business points which are vulnerable to attack were exposed here.