|
EH-Net
|
|
May 21, 2012, 02:28:45 AM
|
 Show Posts
|
|
Pages: 1 2 [3] 4 5 ... 87
|
|
31
|
Ethical Hacking Discussions and Related Certifications / Wireless / Re: Question on wireless pen testing
|
on: April 07, 2012, 05:58:25 PM
|
|
Something I've seen, working with Linux connecting to some AP's...
Check the adapter's wireless preamble settings, if you can. Sometimes if it's set a certain way, on some cards, they don't like to connect, especially if using DHCP, and when dealing with 'normally' hidden / non-broadcast SSID's.
Used to give me fits, a lot, before I figured that out.
|
|
|
|
|
33
|
Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Re: Lab setup Help Needed
|
on: April 03, 2012, 09:36:22 AM
|
You'll probably want to add more RAM to those at some point, but you have more than enough to get started with. You could get 20 systems going if you average 512mb RAM per VM.
Full agreement. Was just saying that if he started throwing up app servers, the memory was lean. But ajohnson is absolutely correct. For the basics, you've got a good setup to start loading a lot of barebones os's up on. |
|
|
|
|
34
|
Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Re: Lab setup Help Needed
|
on: April 03, 2012, 08:38:25 AM
|
|
Hey Jamie.R,
In addition to what cd1zz said (and that is very important...)
I would set it up to (as closely as possible) mimic a real-world scenario:
1.) use the routers to define at least two 'corporate locations'
2.) Put a web or app server in a DMZ, on one or both sides, and a windows / sql / sharepoint or whataver other, inside the network, but accessible by the stuff in the DMZ (to replicate what most places will have)
3.) setup your vlans on the 2900 switch, as if in the main corporate office
4.) since you have extra servers, use one with some VM's (likely the beefier one) to simulate some clients and other machines in the network.
5.) get comfortable with NAT configuration, and how it affects things
6.) download, setup and configure firewall / IDS / IPS so you can begin to see how they behave, and how your activities do / don't trip them, etc.
That's what I'd do to get some things going, although, if you're starting out for sysadmin learning, etc, focus on the earlier stuff, first (routing / switching and the networking aspects.) Get comfortable with those, as they'll play more roles in security for you, later on.
(Note - you'll likely want to be acquiring some more RAM for those servers, as you'll be limited with what you can do with them, on the lower boundaries you've got, if you want to use them as Windows / app servers.)
|
|
|
|
|
36
|
Ethical Hacking Discussions and Related Certifications / Wireless / Re: wireless card help
|
on: April 03, 2012, 06:24:13 AM
|
|
'Some' of the Linksys models work. You need specific models / versions, to make sure they have the right chipset.
I can't speak for every card on that list (I didn't write the list, and it's more of a community effort.) But like I said, you need to ensure, if you're testing it, that the model and revision are the same. rev 1.1 of a card might have a suitable Atheros chipset, where rev 1.11 changed it. The list is sometimes VERY specific. You might also have to load extra modules to make a card work.
If you want help with a specific card, I'd suggest posting specific info (all details) of it, and we can look into it. But without the card, in hand, we can't test it to confirm it works, unless one of us has that exact card.
Good luck, keep trying, and let us know card details, and we'll try to help further.
|
|
|
|
|
37
|
Ethical Hacking Discussions and Related Certifications / Web Applications / Re: Disclosing web application issue
|
on: April 02, 2012, 11:56:56 AM
|
|
I was hoping your reasons were as such.
Either way, it's up to you if you want to discuss with them, or not. Again, just note, that if you weren't asked or contracted to analyze them, you'd better be ready to play really dumb when they ask you why you were posting dummy credit card numbers, etc. They could 'possibly' interpret that as credit card fraud, as well. (Depending on where you stored it, and why...)
Just be cautious...
|
|
|
|
|
38
|
Ethical Hacking Discussions and Related Certifications / Web Applications / Re: Disclosing web application issue
|
on: April 02, 2012, 10:40:51 AM
|
|
Just curious, Jamie...
How are you finding these issues? How is it you know where things are stored, and how they're stored?
This isn't exactly something you should randomly be looking at websites for, if you're not asked / contracted to...
That said, depending on the site, you could contact them to resolve it. However, be warned that they might wonder why you were poking around their site to begin with. Some folks might not take your actions lightly, even if well-intentioned... So it's up to you.
|
|
|
|
|
41
|
Ethical Hacking Discussions and Related Certifications / Wireless / Re: Requesting help with attack response...
|
on: March 30, 2012, 08:49:51 AM
|
|
What timing. I was typing much the same thing as BillV, and must've hit send right as he did. Mine didn't come across, as I also had a new Personal Message notice, here, at the same time, and I lost it,
But I'm 100% in agreement with BillV's response, and it's almost exactly the reply I was preparing.
Let us know what you find, sonofzell.
|
|
|
|
|
45
|
Resources / Links to cool sites. / Re: Course review - "Codename: Samurai Skills"
|
on: March 23, 2012, 03:33:36 PM
|
Bwahahaha!  N-I-C-E comeback! Not procrastinating... I'm fully back at it, in my home lab. But admittedly, this pulled me away for a short time. Exam is May 4, as I knew with work and some other personal commitments, that I'd want just a little extra time after my lab had expired, anyway. Believe me when I say... "My mind is back in OSCE study mode, HARD!" (and THANKS for the gentle nudge!) |
|
|
|
|
Loading...
|
Forum 
?!!!!!
Tutorials : Backtrack Quiz
Links to cool sites. : CODENAME: Samurai Skills Review at Darknet
