That is a beautiful analogy :-) Thanks!

1. Just because the port says 'open' doesn't mean a firewall isn't present. A firewall is likely configured with a rule to allow traffic on that port. So, if by definition a firewall controls the flow of network traffic, it may very well be there and doing it's job but it's not "protecting" that port if it's allowing traffic to pass. Assuming you mean protecting as in blocking, in which case the port would be closed and traffic would not be allowed through.

Hopefully I understood what you were asking there.

2. Your FTP port will appear open until you stop the service. If you stop the service, and FTP is no longer running, then the service won't be listening and the port will be closed. You also won't be able to connect using your FTP client or upload files. You would need to start the service again, thus opening the port back up. Ports don't open and close dynamically with a session like you've described - unless maybe you're doing some weird port knocking stuff.

search iis for IIS exploits in metasploit

Aside from what this site is about, why would someone want to pay you for software that is two major revisions behind? That's like saying, "hey, I wrote this new exploit for ms03_026 and I'll sell it to you for $5"

Not to mention, there have been other cracks around for other older versions of core impact as well. And I'm pretty sure Core probably watches this site, so they're likely to check into your activities too.

I'm pretty sure we can all read the Mile2 website, no need to copy it here in a post.

Or maybe it wasn't found in some porn, maybe it was found elsewhere and these guys were just using the "found it in this porn video" excuse as their own cover up

Were you told to bring your own system to attack from or will that be provided for you?

Certainly, in addition to the technical skills, they will want to see how well you can report on it. I would recommend reading this blog post:
http://pen-testing.sans.org/blog/2012/02/09/maximizing-value-in-pen-testing

I would want to see that you can summarize the findings in a non-technical summary and that you can present the risk appropriately. I would want to see what your thought process is on how you rate risks - in other words, for this purpose, I wouldn't care what you rated findings so long as you provided thoughtful support. I would also be looking at how you tell me to fix the problem.

Well, considering metasploit doesn't officially support iPhone deployments, I think you're going to have to search around to figure it out. Where did you get the package that was installed?

Personally, I had it installed on an older iOS on my iPhone but didn't bother with it later on due to keyboard limitations. You're also likely to have problems with some of the SET features without a mail server.

On a side note, nice F-18 picture, ambient. My brother-in-law is a F-15E pilot.

Well, for one, you likely need 'session_start();' at the top of your script to even have a PHP session.

Second, use the $_COOKIE variable to grab the session identifier if that's what you're after.

I commented out your header redirect and cookie portions, rewrote with the above and echoed the session id (and your log.txt still works and writes the session ID in there).

What are you looking for?

Try /opt/framework/msf3

You should have access to various DoD-related training material. If you're current position qualifies or considers you as IA then there are different things out there. You may want to look into the CERT VTE as well. Lots of good training there that may be free for you (CISSP, SSCP, Sec+, Net+, CEH and a whole host of others).

Not free (and no idea how well it works) but happened to see this in the SkyMall magazine on my flight yesterday:

http://www.skymall.com/shopping/detail.htm?pid=203635521&c=

edit: lol.. just noticed the small text at the bottom that says 'up to iOS 3.21'

As I'm sure you expect, having lingered around for a while, we're all anxious to welcome you to the community.

Sounds like you're well on your way and starting down a path. Do you currently work in IT or is this just a hobby/interest of yours that you'd like to eventually make a career?

Feel free to shout with any questions. All sorts of people willing to help out here.

Bill

This link contains everything you'd ever need to know about Wireshark:

Wireshark

Welcome to EH-Net.

BackTrack is pretty well organized in that you can look through the menu or sift through the directories to find both 'network' and 'web' attack tools.

We can help you once you have specific questions.

You may want to take a look at these two sites:
BackTrack Forums
BackTrack Wiki

You may also have an interest in this:
Samurai WTF (Web Testing Framework)