This article indicates that there may be a whole new family of exploits about to hit the streets.

http://www.securityfocus.com/news/11477

The poc is going to be shown next week at the Black Hat Security Briefings in Las Vegas - anyone on here going ?.

The annoying thing is that the exploit is built around a vulnerability in IIS5 that was notified to MS in Dec 2005 - how slack is that !

From Page 6 of the official users guide.

http://framework.metasploit.com/documents/users_guide.pdf

Hiya Thombose

The easiest way to do this is to execute the msfconsole user
interface.

Start > All Programs > Metasploit3 > Metasploit 3

Browse to http://localhost:55555 and access the Console link from within your browser.

You'll get the command line interface within a web page.

Enjoy 

Some good resources there Blackice.

I particularly liked the 'Challenges' section on the hellboundhackers.org site.

Anyone studying or considering studying OSCP would get a lot of valuable experience with these challenges - noobs can get a lot of good pointers as to how to complete the challenges by reading the posts in the 'Articles' section, under the HBH Challenge Tutorials' section.

Be prepared to have to use your brain though - these are not 'walkthroughs' but more of a shove in the right direction.

Excellent find - thank you.

You may ROTF but I still have users who wonder why their PC is slow when they have 23 excel spreadsheets open, they are talking via skype, sending a 600MB email, synchronizing an 8GB database and trying to conduct trade with a value greater than the GDP of a small African nation via eBay all at the same time   

Pass me the Valium

I thought I'd write a quick review of a book I have found useful.

In his book "Secrets of Network Cartography: A Comprehensive Guide to nmap" James Messer assumes no previous knowledge of networking and protocols and quickly explains the basic principles of connection oriented and connectionless protocols with some good analogies.

He quickly moves on through the 3 way handshake and gives examples of how to execute the various types of scan.

Rather than just regurgitating the man pages from NMAP each example combines a graphical representation, the command line to be used and the sample output that is seen on screen. He also explains the advantages and disadvantages of each given scan type and where and when they should/shouldn’t be used.

From here he moves on just as comprehensively through the various ‘ping’ options, OS fingerprinting, host options, port options, logging options, window specific options and timing and tuning options.

The book winds up with a final chapter with several real life scenarios and shows how a network or security administrator can use the seemingly endless features within nmap as an aid to identifying virus outbreaks, to conduct vulnerability assessments, security appliance testing, asset management and firewall auditing. As before these are all shown with the exact command used and the output that is derived from the scan.

Although the document is available in HTML format I found that all the Google ads that went with it were too distracting and so bought the pdf version and am sure glad I did.

If you buy the pdf version you also get a bonus quick reference chart that is a useful as an aide memoir when your trying to remember that obscure option (essential for the CEH exam).

The subject matter does not, and will never lend itself to generating a book that will become a bestseller. However James Messer has taken a complex product and broken it down into its component forms and documented it in a manner that will be useful to noobs and seasoned pro’s alike.

Secrets of Network Cartography: A Comprehensive Guide to nmap book can be found here http://www.networkuptime.com/nmap/index.shtml

To expand slightly on heffnercj's post......

MAC to IP resolution is done using the ARP protocol.

ARP is non-routable so as heffnercj says "Any machines separated by a router will not see each other".

To track someone on the internet via their MAC address would therefore require some external mechanism ie software rn directly, as a worm, etc to feedback the IP address/MAC address relationship back to a central location. This approach would also need to ensure the information from devices that were behind firewalls or devices that were NATed could be captured as well.

Just imagine if Google ran some kind of script every time you accessed their site that did this correlation and held it in some kind of big database - EEEK!!. Scary thought and not beyond the realms of possibility. 

Oyle, Firstly well done on nailing the problem.

Secondly,

My dad gave me some sagely advice once when I was deliberating what to charge a client, he said "Men who work for nothing and women who do it for nothing will always be busy and poor."

Too true - and once they've got you to do one job for next to nothing they'll expect the same every time with the added bonus that everything that goes wrong with their system from here on in will be your fault ! Oh the joys of being an IT whiz 

My advice would be to stay away from mom and pop shops and try and target small companies with around 10 pc's. They're not big enough to employ someone full time but are obviously at a size where they realise their dependency on IT and have the financial resources not to query a $35 an hour charge (or greater  ). Don't sell yourself short.

Nice tut there sandrodado, and I like the other stuff on your site as well Biquads and solar power - cool 

Having seen this situation from both sides of the fence (tech and management) I would also take into account the actual issues being experienced in the business.

Like any techie I love to get to grips with the nuts and bolts that hold the systems together and get them all working securely and at peak efficiency but there are times when you can get carried away on the core systems and lose sight of why the company has the systems it does - usually to make the employees more efficient.

Its fine to have the most secure network with the best backup and recovery strategy but if the users have issues with the systems or their PC's then you haven't significantly added any value back into the business.

You can really make an impact and create allies very quickly by helping cure quite insignificant (on a tech front) problems that people are experiencing.

When starting a new job/contract or when I visit a branch office for the 1st time I make a point of finding out what issues they have currently got with IT. Fixing these problems, many of which are usually minor and take no time, soon win you credibility and allies which is always a plus. If I can't fix their problem there and then, I make it my job to get it fixed by one method or another - at least be seen to be trying to be helpful.

In my experience too many techies lose sight of the bigger picture and tuck themselves away in server room and only ever come out when major problems occur - my advice would be to get pro-active with the users - the jobs tend to go smoother, quicker and with less stress if the users are on your side.

I'm a couple of months into the OSCP and I am finding it a steep (but VERY interesting) learning curve. If, like me, your study time is limited then you don't want to spend hours Googling for decent study resources when you could be spending time in the labs.

I thought I would put up a couple of links to stuff that has helped me gain a greater understanding of this frustrating / fascinating business.

First a whole raft of video tutorials (not the usual rubbish) including tuts on NMAP, Netcat, Wireshark, Socket Programming and Encryption.
http://www.security-freak.net/videos.html

Lots of security tutorials here. The site is not in English but a lot of the info is written in English and is generally available in .PDF format.
http://www.ol-service.com/sikurezza/

And here are some good fuzzing resources.
http://www.infosecinstitute.com/blog/2005/12/fuzzers-ultimate-list.html
I hope someone finds this useful and that anyone else with good resources  will post them up here.

Regards

Ian

Great post Kev - succinct and to the point. Food for thought.

One for my little black book.

Thanks

Hi Monkeymind

Don't worry about the Linux aspect, as zr0crsh says if your using the BT distro then a simple understanding will be fine. As long as you can move through a directory structure, chmod files, move files, copy files, manipulate network configs, etc then you shouldn't have a problem.

I'm 3 weeks into the course (having been on holiday for the last week) and can honestly say this course is superb. The videos are great and are mirrored exactly in the documentation, so if you haven't got access to a PC then you can at least read about the subject.

The exercises are well designed and stimulate exploration of the concepts being taught and the support is excellent - muts and/or ziplock are nearly always available through IRC to iron out any problems you have with the labs and then theres always the forums to revert to, though the forums aren't busy the info you find there is definitely worth noting and I think is fair to say, should be thought of as the FAQ for the course.

The bit I've found most difficult to get to grips with is the programming side, specifically bash scripting and python programming as I have very limited experience in that area - having said that Google is your friend here and there is plenty of sample code available for you to dissect and learn from - not hard but takes time.

Time is the one thing that always seems to be in short supply - I started this course thinking I would nail it inside a month but I reckon for your average Networking Joe with only limited pen testing experience and family commitments then 3 months would be more realistic to do it justice as (if your like me) you'll end up doing a lot of reading around the subject and experimenting with associated ideas. This has got to be a good thing as ultimately gaining the  cert shows a thorough practical knowledge of the subject and not something that can be done via reading a few braindumps.

I'm finding the course extremely interesting and stimulating and would recommend it to anyone - if your currently sat on the fence deciding what to do - GO FOR IT !. You won't find a better value course anywhere and no I am in no way connected with the providers of the course I'm just very impressed.

All candidates who take the training have to sign a pretty exhaustive legal agreement, part of which specifically excludes the redistribution of the course material. I'd be very surprised if you got any offers.

Compared with the price of other training this should a steal at $300.

Do yourself a favour and do the course.

I've just signed up for OSCP - my course is scheduled to start 14th May.

I'll keep you posted as to my thoughts and progress.

This is my 1st security cert that I'm going for - I've been a net admin for 7 years and feel the time is right to move onto something a bit more specialised. I'm hoping to do CEH and ECSA in September with koenig-solutions.com in India of all places.

Hope to chat to soe of you guys on #offsec in the coming weeks.