It'll go to my "replenish the bourbon" fund. ;-)

Not yet - I need to still do a full pentest to make sure I'm not missing something. If there is an issue, I'd like to find it. If there is not an issue, I'd like to know for certain. If anyone sees anything, please let me know - thanks!

...and if you follow their recommendation to see what the compromise is, it comes back negative.

http://www.google.com/safebrowsing/diagnostic?site=heorot.net

Yeah, I saw that. Not sure how it's coming to that conclusion.

I did a talk at deacon about three years back on this exact topic. It was titled "hacking WITH the iPod touch."

The issues and advantages addressed in that talk are still relevant.

Yep! In effect now... The Hacking Dojo has hooked up with Hakin9 and PenTest Magazines to offer free six-month subscriptions after signing up with the Dojo. Check out HackingDojo.com for specifics.

I finally got around to posting a sanitized network diagram of the lab, if anyone is still interested in this topic - go to: http://HackingDojo.com -> "Online Hacking Lab" (at the top).

Out of curiosity, why do you want to scan all the ports? I understand trying to be thorough, but there are only so many exploits out there, and when you boil it down, there aren't that many "interesting" ports. Chances are, you'll hit a vulnerability on the well known ports long before you find some hidden application running on some high-end port... plus you might get false positives anyway as different apps use different high numbered ports for dedicated communication.

My undergrad was a.....


...wait for it...

B.A. In History. It has been extremely helpful for my job as a Sr. Security Consultant (network pentester). I'm not joking, either.

Actually, in my book "Professional Penetration Testing" I brought up this exact problem - how can you learn to hack something when you already know the solution? Which is why I created the De-ICE disks; they are liveCDs that you can run on a system or in VM, and begin to hack immediately. Check out http://forums.heorot.net to download them.

I have some De-ICE images in the Hacking Dojo lab, but not just those. You might also want to install other systems as well, especially older windows platforms, in order to practice certain exploits... finding vulnerabilities is one skill, effectively exploiting them is another, especially with all the options available on the various tools we use.

I can answer that...

Right now there is a mix of Linux and windows systems that are all exploitable. However, over the next week there will be other systems added that are not exploitable, in order to provide a realistic example of an internal pentest. By the end of this week, there will be switches and routers added as well, with additional network(s) within the lab so students can practice network hacking. There will also be layer 2 attack options added, along with web hacking.

The lab is designed, like I mentioned, to simulate what can be done in a real world pentest. We have the targets and the hardware inline... we are just adding them one at a time over this entire week to make sure everything works smoothly.

Not yet - Philip is the only one that has asked for it, but didn't take it due to time constraints. Still waiting for the first person to step up.
 

Wanted to let people know that the HackingDojo now has an online lab, accessible by students 24/7. The lab is designed to emulate a real world internal corporate network so that students can practice basic through advanced skills in a realistic setting. We're adding (and will continue to add) additional targets and complexity, based on the requests of students and hacking trends.

Access to the lab is included as part of a student's monthly subscription - no additional costs are required, and there is no time allotments / restrictions either.

Thanks!

- Tom Wilhelm

Keep in mind, also, that the OPTION header can lie. I never trust its output and always verify things manually. I've been lied to too many times to count. Just wanted to add that tidbit.

Just wanted to share this image (seems you have to be logged in to see the pic) - wish I had taken a picture with all of them before I started boxing the others up. It was kinda neat seeing all of them together, stacked in front of me.

FYI, I actually really enjoyed running this giveaway, and will be doing it again, for anyone enrolled between September 1st, through October 15th. Just to give everyone a heads up!