I sort of went down the same path as you (hacking VM's etc..) when I first got a computer and abut the same time I bought "Pentesters Open Source Toolkit".  It was one of the best books I have read and I still refer back to it all the time.

As for telnet, here's a link to some commands

http://technet.microsoft.com/en-us/library/c.aspx


Cheers

Syn

Not sure if you are still looking but I took a look at the NetTools Toolkit after hearing Mubix mention it on the Exotic Liability site (I think it was Mubix).  It has a load of stand alone tools in there and although I have now got rid of the VM that I had it installed on the site does list it as having a HTTP Server.

http://users.telenet.be/ahmadi/nettools.htm

It might do the trick.

All the best

Syn

Useful to know.  Thanks. lovin this SQL Injection stuff though.  As soon as I figured out how to read the errors and tune my injection against the right columns to get the usernames and passwords out I was totally diggin it.

Cheers

Syn

Agreed.

The question was really not "what should we do" but more "what are people doing in webapps". This is the first live web app I have looked at and I was curious if this was type of encoding was common.

Thanks for the links.  They look pretty interesting although a bit over my head at the moment.  Maybe it will all make sense one day :-)

Cheers

Syn

Just a followup on this. 

I tried encoding my known password (using the encoding page on clez.net) and after comparing it to the stored password and found it to be base64 but reversed.  So i tested this on a password which I didn't know and bingo!

Maybe this might help someone else out there.

One other question to anyone who may be experienced in this, is this a common method of storing passwords? Are there any other common ways of storing passwords?

Cheers

Syn

Hi

I’m currently learning abut SQL Injection and as luck happens I was asked to have a poke around at an internal web application that we have to see if it has any problems.  I’m by no means a pen tester just someone who likes to poke around at stuff.

I was quickly able to find a way to return logon names and passwords from the SQL database using SQL injection but password seem to be encoded/encrypted.

Is there a way to tell what encoding/encryption is used?

What I could see was that many accounts have the same stored password (12 characters and always starting with a = symbol) which I guessed correctly is “password”. However, my stored password (which isn’t “password”) is 16 characters and also starting with a = symbol. Other accounts that I now are not “password” are also 16 characters.

I have verified my findings with the backend database but I would like to demonstrate that although I can retrieve information on all the accounts I can then use the credentials to log in.

I have run the stored passwords through encoders on clez.net but it doesn’t decode my password to what I know it should be.

Thanks in advance for any help.

Regards

Syn

PS. I have permission to do this testing.

After setting up macports the apps i use seem to download and work pretty good.  But i an see myself having a Linux VM to hand just in case.

Rather than VM Fusion i opted for Parallels though, being a total Mac newb could you tell me if VM Fusion is preffered and why?

Cheers

Syn

Kris

Regarding tools on Helix, there is a tool for file recovery called PC Inspector thats on the Helix CD.  I cover it's usage (in a basic way) in a blog post I made a while back.

http://synjunkie.blogspot.com/2008/12/story-of-insider-part-3-playing-at-csi.html

This might be of interest for the future.

Regards

Syn

Thanks, i aim to please :-)

Bazpaul

Not sure if its any use to you but did a blog post on bypassing mac address filtering a while back.

i'm sure there are better guides but it might be of use.

http://synjunkie.blogspot.com/2007/12/bypass-hidden-ssid-mac-address-filter.html

Regards

Syn

Kris

in answer to your question "When will they get it?" in regards to securing the networks.  I don't think the masses ever will.  It's something the majority of people will never understand and that's why the vendors and the manufacturers should be putting more effort into selling devices that are secure by default.  But that means that a few things break, so what happens?  Convenience will win once again! But at least if devices are secure by default then fewer devices will be made insecure by people fiddling and the majority of devices will be secure.

If your interested, a recent HAK.5 episode talks about a bootable ophcrack usb setup.

There is a guide here

http://www.pendrivelinux.com/creating-a-bootable-usb-ophcrack/

Regards

Syn

I 've been looking forward to this tool since he spoke about it on pauldotcom a while back.  I can't wait to get my grubby little mits on it.

Cheers for the links.

Syn

Malware

Why do you choose linux rather than OS X, is it familiarity or a shortcoming with OS X as a pentest platform?