I've started my first pentest Lab successfuly and thanks to all friends here that helped me alot to do that and i started my first pentest process

i tried to exploit my windows xp sp3 machine with the MS09_002_memory_corruption exploit with BackTrack 4

and when the target tried to open the browser IE6 not IE7 i got this at the Metasploit shell :

Sending Internet Explorer 7 Uninitialized Memory Corruption Vulnerability to 192.168.1.2:1074 ...


is that because im using IE6 not IE7 i thought i can use this exploit at both of them !!

??


and one more thing what exploit was i talking about in this video :

http://www.youtube.com/watch?v=lhIk5Cix3DU

that guy demonstrated way to force the victim to go to his exploit server that he made with metasploit

and i tried ti this since its aweosme way to not send the victim any link or anything to ur server

i tried to do this with ettercap i edited the etter.dns and :

added the A record as the following

*            A    192.168.1.4

and then used the exploit in metasploit

the problem is when i used this exploit and if i didn't configure the options "URIPATH" it takes random path that i have to send to victim

so the new path will be for example http://192.168.1.4/gegwsgf

and the ettercap will redirect the traffic to 192.168.1.4 only without /gegwsgf

and when i tried it the victim spoofed successfuly to my ip 192.168.1.4 but no connection established at the metasploit :S why ?

that guy on the video didn't type URIPATH and didn't get random path like i did 192.168.1.4 only without the 192.168.1.4:80/fedfwgvsw

why ?

what if u took CCNA certificate exam ,, can that makes me take the CCSP ?

or should i take CCNA + SND ?

but i think now that i can't take CCSP be4 CCNA security so i should take CCNA security first right ??

thanks alot for the links : and i want to ask personal Question if u dont or others mind

im taking CCNA course and im about to finish it and im asking

i want to go for security field and i wanted to take CCNA security course

but i see that CCSP more detailed course about CCNA security

so if i take CCSP i wont need CCNA security ??

or should i take CCNA security be4 i take CCSP ??

please if u can answer advice me so i wont take needless course

thansk in advance all of you

no no i will make it more clear ...look here some people get public IP from ISP and DSL service okay ? for speed lets say 2 mbps and those people buy this speed not for personal usage .. but for make money by sharing this speed on others by making his own LAN Router switches etc anc connect many people in his zone with some cash per month for sure
and that guy im part of his LAN and im his friend and its no worry at all with pentests on his LAN and i only do this on his pc under his permission i can't do this on other members because i dont like to mess with others inocents people


ya im downloading more books already for this to know as much as possible info


about the client-side exploits what for example i knew he using firefox or Google Chrome .. can u point me to some links or videos talking about different client-side browsers exploits ?

i think friend you missunderstood me on some thing :


how that possible ,, since im scannign 10.0.0.3 if u saw my nc scanning that u told me to do its local ip not public right !! ?


on that thread when i asked about client-side attack and cant' get to work and asked for LHOST ip that was other friend at remote network thats why i asked should i put my internal ip or external and other friend in the forum explained to me that i should put the external ip so the reverse traffic can go to my WAN ip and then my router pass that traffic to my internal ip (LAN) since i forward port in the router to my ip right !!!! ?


at this part in the beginning i didn't figure out by saying "what device are you scanning" and i told you after i understand what ya trying to say that its PC

its normal network with many users inside
 

at this part i dont know how to enumerate vulnerable application at remote host :S ....or you mean service scanning for application ?

i dont rely on forum only dude dont forget that pentesting world is so huge and collecting as much info as u can is hard from only good right ?
i'v been many years trying to ..


no at this one we were at different network

ya i know that one thanks for extra info


i wasn't talking about this as same LAN i know this one i was talking about Remote network but thanks for helping and  additional tip

what do u mean ?

thanks alot being such a Gentel

ok thanks alot i want to ask : should the victim has acrobat reader installed on his system in first place to infect him with the Malicious file or even he is not installed it he will be infected too ?

as i said be4 and i bet you didn't see it : that that guy is my friend and he is the Lan owner and if you checked my old old threads u will find that i were trying to do the same that im doing lan Learning at his Lan and now im trying to be part of pentest so far on his pc and yes its under his permisson

is that okay with you ?

yes thats Right he is the Lan owner and im part of it and im testing his own pc

and yes we are connecting at the same router

WoW you read my mind Ketchup yes i think too that i have to go around client-side attack but anyway i will not hack hack him i just want to learn for educational purposes and this thread i learnt alot and thanks to you guys

but Question : can i do client-side attack with any other extension than .pdf ??

but what that to do with my friend pc ? you talking about router

but as u said that opened ports at router is alot but can't exploit them :S:S

port 53 dns is 1 of them UDP port

no he is connecting to internet via Mikrotik router we are at the same lan

he is the Lan Admin he is the owner its Mikrotik server what he made

whats on ur mind ?

ooh no when i said i tried this and test it on my friend pc my friend let me do this he accepted the nc on chatting easy and opened it he even typed the command i told him to

but to make port forward i can't since the router is mine to open thats why i can't make it work dun have access to the router that im associated to

oh yes sorry about this i thought its S not Z at the command nzvu i typed nsvu

anyway thats only what i got :
nc -nzvu 10.0.0.3 69
(UNKNOWN) [10.0.0.3] 69 (?) open


yes yes i got it now yes its a computer not router or anything else its PC



sorry one more thing forgot to say :

i used wireshark to check the ports that u said with no success to get any traffic between

ip.addr == 10.0.0.3 && udp.port == 69
ip.addr == 10.0.0.3 && udp.port == 161
ip.addr == 10.0.0.3 && udp.port == 162

for this one couldn't get anything because i got this error :



with Nmap i got this :



i think that yes Ncat got false positive results

yes tried and didn't get any reply so i think yes that Ncat was messing around those ports not open

i didn't get this one what do u mean ...what device ?

and Surprises has been shown up

i have to say u r great teacher u were trying to do some UDP scan at specific ports

i tried already to this with Nmap btw after u told me with no use but when i tried nc i got this :


nc -u -v 10.0.0.3 69
10.0.0.3: inverse host lookup failed: h_errno 11004: NO_DATA
(UNKNOWN) [10.0.0.3] 69 (tftp) open

nc -u -v 10.0.0.3 161
10.0.0.3: inverse host lookup failed: h_errno 11004: NO_DATA
(UNKNOWN) [10.0.0.3] 161 (snmp) open

nc -u -v 10.0.0.3 162
10.0.0.3: inverse host lookup failed: h_errno 11004: NO_DATA
(UNKNOWN) [10.0.0.3] 162 (snmptrap) open

then tftp , snmp & snmptrap is opend up .. i expect from u to say that next step is exploit them however i didn't get what service exactly running right ?

so i think i should make intensive scan on this ports but to get service

it might be snmp enumeration what do u think ?