Ok. guys.

I am thinking to take CEH or the training from www.heorot.net. I know that one is the cert and the other is metothology and some hands practice, I want to do it both and after that OSCP. The question is: Which give me better fundation between them?.

Thanks.

Use www.virtualbox.com and use the evaluation licenses for Microsoft.

You will not bealive this: my supervisor (IT manager) with 11 years in this company says the same, no body it is interesting to attack our company.

And when one of his programm does not work he said inmediatly: Too much security, too much security.

I just read an article in a news paper about how some attackers stole $1.2 millions in a few minutes, but I begin to laugh when they begin to take actions about how the employees surf on internet and other security actions AFTER THEY GOT THE INCIDENT.

I have a supervisor that always tells me, we never got that kind of problems, so do not worry, jajajajaja, It is very difficult to change their mind. It is necessary to be pro-active.

This is the link:

http://www.chron.com/disp/story.mpl/business/6434202.html

Thanks, I saw a video using db-autopwn but there is a rpboem with BT4 beta that the database is not installed very well, also I wan to learn to do it manually so I can learn how this tool work, after that I will do it auto.

I am using Metasploit and I want to set RHOST not just one ip, around two or three, is there any form to set it? because I tried using something 192.168.0.1-5, or 192.168.0.1, 2, 3 etc and never work.

Can you set just one ip or many?

Thanks

Good statement Hayabusa0194, also we need to consider that any OS that was not tested deeply by the community could have holes open and also do not forget that the person that is using the OS is a threat too.

I read that article this morning and that show that we have to be prepare to avoid any kind of attack.

It doesn’t matter if we work for privet or government sector we have to be prepared.

I always think: I have to check my systems, not because we have something important, but because I do not want to any body to use my computers to run an attack.

Congrats.

How long did you study?

I was checking the training of www.heorot.net, the price looks good and the sylavous too.

Did anybody take this training (I am talking about the beginning)?

Ok, I was checking the rainbow tables and the rcrack tool (incluring the tutorial of this site), but when I sniff using Cain I got Kerb5 PreAuth Hashes.

Not LM or NTLM or MD5.

So what do you recommend me?

Apollo, that was great, I was thinking the same about to take any course of just keep reading the books.

Thanks.

Interesting site.

What is rainbow tables?

I am running Cain and I got kerberos5 PreAuth Hash when I was sniffing the network, so I am doing a Brute-Force Attack, I set the password length from 6 to 8 lower letters and numbers and take so looooong, that I run it for about 2 1/2 week, I did a test with one password 4 letters and I put the only letters in that password and that was fast, but that is not the normal scenario (in this case I know the passord).

Do you know another tool to Brute Force password a little fast?