I too suffer from a healthy dose of paranoia caution. I used netcat to view it.

Pretty sure you posted a the same question here before. You were advised to upgrade your WordPress installation and plugins.

There's always someone better?

I'll give you some constructive criticism. Please don't take it the wrong way, but look at it as a way to improve your tutorial and future tutorials that you write. I think it's admirable that you want to write a guide to help newbies out, but I believe it could use a bit of work.

First, your tutorial is all over the place. Basically everything you wrote could be condensed to:

1. learn programming
2. read books
3. setup virtual lab
4. use BackBox

However you don't actually provide any detailed information about anything. If I'm looking for a guide on how to write Android apps, and I find someting on the Internet that says "Ultimate Guide To Android Programming", and tells me nothing other than to use Google and buy a book to read, then what's the point of the guide?

If I were a newbie I wouldn't understand what you've written, therefore it's failed as a guide to newbies. What's Backtrack? What's Backbox? Why is it different? One has Flash and one doesn't? So what? Can't I install Flash on BackTrack? I should learn Assembly? Why? What can I do with it? Why is CEH better? Better than what? OSCP? SANS?

Then you talk about hacking a wireless router, but you're not going to show how it's done? So you're pointing me to another guide that does what yours doesn't?

In essence, you've created a contents page telling me, if you want to learn how to do ______, Google it.

I'm afraid that doesn't help newbies at all.

I suggest having a look at some of the other guides online, and learning from their structure and content. A thorough guide takes time, certainly more than a day to work on.

Finally, and this is just my own personal opinion, I suggest changing the title to something less script-kiddie-ish.

Again, please don't take my comments as an attack on your work. Good articles, papers, and books go through multiple drafts and reviews before they get published.

Good luck!

Pictures or it didn't happen!

No one can answer that for you, so try it yourself and decide. It's free after all, you've got nothing to lose.

A lot of the tools on either distribution can easily be ported into any other Linux distribution. If you're familiar with Backtrack, then you should be able to quickly notice any differences in Backbox and decide whether you like it or not. Personally, I prefer Backtrack to Backbox, simply because I'm used to it and I like where everything is stored.

MIT OpenCourseWare is another free resource: http://ocw.mit.edu/index.htm

That will come in handy. Some attacks require you to analyze network traffic (fuzzing, man-in-the-middle, etc), and having a solid understanding of networks will help you when it comes time to pivot through internal networks.

Python is easy enough to pick up that you should learn it anyway. You probably won't need anything overly advanced, but you should be able to write some simple scripts that use sockets.

If you're new to this, you should expect to struggle for the first few attempts. As you progress you'll start to learn what to look for and things will become a little easier. There will always be some degree of trial and error, especially when you get to more challenging machines, but there's no substitute for experience and lots of practice.

This is also a pretty handy resource, using vulnserver: http://www.backtrack-linux.org/forums/showthread.php?t=203

Seems broken. This one works better: http://www.exploit-db.com/exploits/15203/

Couple of points:

This is meant to be run on Windows, so compiling it with gcc and trying to run it on Linux will fail. So you have two options: compile it on Windows, or figure out how to compile it on Linux (hint: read up on mingw)

Lots of exploits are designed to be broken to prevent script kiddies from using it... or worse, the shellcode could be be designed to wipe out your system or open a backdoor. Learn to create your own shellcode (hint: read up on msfvenom and msfpayload).

For instance, that exploit you found could have been easily generated with msfvenom:


Also, in order for the exploit to work, the user running it needs to be part of the Administrators group (or SYSTEM). Otherwise you'll just get an access denied error. So it makes more sense to use it as shellcode for an exploit.

Finally, you seem relatively new to this, so unless the machine you're targeting is your own, I suggest treading carefully. Doing things blindly can cause more harm than good.

Good luck.

I recommend learning some programming. At the least, shell scripting and python to start with. Python is quick to pick up. That should at least give you the ability to make sense of code written in C. Once you've mastered one language, you'll be able to learn others much quicker. Knowing programming will give you an advantage when it comes to hands on pentesting courses.

You'll need to write your own tools sometimes to speed things up, or modify exploit code, or even write your own.

If the problem is with WordPress, you should probably upgrade it, and all the plugins to the latest release. Make sure you have strong passwords as well. Depending on the what was vulnerable, your entire system could be compromised and you may need to format and reinstall to wipe out any backdoors. Some WordPress vulnerabilities allow attackers to execute remote code on your server which eventually leads to remote access.

Not sure about that... maybe he's referring to an older release of 1.110, or just recorded it wrong.