|
EH-Net
|
|
May 21, 2013, 01:19:22 AM
|
 Show Posts
|
|
Pages: 1 ... 3 4 [5] 6 7
|
|
62
|
Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Re: Project documentation
|
on: March 08, 2010, 05:21:21 PM
|
I have been working with VB forums, cuz i cant install the additions or guest tools. They are assuming its because my VB's are using ISO files rather than an install. An i have no idea how to install the ISO of BT to my drive.. haha
thanx
I didn't have a problem installing BT 4 on VB (I have it installed at work and at home). in the gui: create new, set it up with linux, linux 2.6 (or ubuntu for BT4), create new hard drive (make sure boot hard disk is checked), select your size, I usually use fixed. Make sure you have the iso under file>virtual media manager CD/DVD tab. Click the guest, go to settings, make sure the iso mounted to the drive under storage. Boot, (drops you to a root prompt) startx, double click the install shell script icon. Guided - use entire disk, IDE1 blah blah blah VBOX HARDDISK For the guest additions afterward, you have to change the cd (can be done by clicking the cd icon on the bottom of the guest screen), mount the disk usually mount /dev/cdrom /mnt will work. cd /mnt to get to the directory then ./"filename for your version of linux here" installed and done. total time roughly less than 30 minutes (depends on the memory of the virtual machine). (doing it on my fedora box at work while typing the post). sweet action dude thanx. so gonna do this after homework |
|
|
|
|
63
|
Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Re: Project documentation
|
on: March 08, 2010, 01:18:42 PM
|
Well I'm not sure, but I've actually installed all my virtual machines. So you can try to install and see if it works  Edit: Just googled around a bit, and it seems you need to install "guest additions" for VirtualBox. Guest Additions for Windows, Linux and Solaris. VirtualBox has special software that can be installed inside Windows, Linux and Solaris virtual machines to improve performance and make integration much more seamless. Among the features provided by these Guest Additions are mouse pointer integration and arbitrary screen solutions (e.g. by resizing the guest window). There are also guest additions for OS/2 with somewhat reduced functionality.
I have been working with VB forums, cuz i cant install the additions or guest tools. They are assuming its because my VB's are using ISO files rather than an install. An i have no idea how to install the ISO of BT to my drive.. haha thanx |
|
|
|
|
65
|
Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Re: Project documentation
|
on: March 08, 2010, 12:29:42 PM
|
Personally, I really like vmware a lot. I haven't tried other software, because I haven't found the need yet. I have no problem copy pasting stuff from a Linux virtual machine to my main desktop which is running Windows 7. I pretty much do everything in Word 2007, because I'm comfortable with using it.
Usually I save the stuff I need in a text file on the virtual machine, then drag and drop the file on my main desktop. Works well enough for me.
I keep hearing good stuff about VirtualBox, but I haven't tried it. A while ago someone told me that it's much slower than vmware, but I don't know if that's true.
DANG, i cant get info to paste from my virtual guest to my main host. I was going to use word but thats why i went with google docs cuz at least in the machine i can access it. I do not have BT2 installed,its just running from the ISO in VB. maybe thats why i cant paste to and fro. |
|
|
|
|
66
|
Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Re: hydra help
|
on: March 08, 2010, 12:04:02 PM
|
Yea be sure to use the right parameters. Especially pay attention to the -t -w and -f parameters. You usually want to use -f to make hydra stop when it gets the password right. If you don't do this I believe it will just keep running and try other passwords.
Though, it seems you're attacking something that doesn't accept connections.
i used xhydra form the cli. I followed a video tutorial from the purehate blog(google search) and followed it to a T. I even have the same router as he uses in the video. WRT54G non flashed. Just the normal firmaware. thanx for the input. |
|
|
|
|
67
|
Ethical Hacking Discussions and Related Certifications / Network Pen Testing / hydra help
|
on: March 07, 2010, 11:35:55 PM
|
|
Ok so here is what i have done. my home network is on the 192.168.2.0/24 network and i have BT2 bridged via virtual box. i perfomr this command:
nmap -sV -P0 192.168.2.0-255
finds all my interesting stuff along with banner grabbing. So i notice it finds my router and tells me the exact type and what not. Very cool. So i point firefox to the IP provided and it asks for user name and pass. For lab purposes i set user name to admin and a simple password(7 digit number. this might be the problem). I make sure that hydra is set to verbos and that its pointing to the wordlist.txt i set protocol to http-get and set username to admin pointing to target ip of 192.168.2.1. after 15 minutes of waiting this is what appears on my output. even though i grabbed it at 19,441 or so. it was still going at 50,000+ tries.
19487: Can not connect [timeout], process exiting
Process 19424: Can not connect [timeout], process exiting
Process 19425: Can not connect [timeout], process exiting
Process 19426: Can not connect [timeout], process exiting
Process 19427: Can not connect [timeout], process exiting
Process 19428: Can not connect [timeout], process exiting
Process 19429: Can not connect [timeout], process exiting
Process 19430: Can not connect [timeout], process exiting
Process 19431: Can not connect [timeout], process exiting
Process 19432: Can not connect [timeout], process exiting
Process 19433: Can not connect [timeout], process exiting
Process 19439: Can not connect [timeout], process exiting
Process 19440: Can not connect [timeout], process exiting
Process 19441: Can not connect [timeout], process exiting
It never found my password but it sure knocked my internet connection around.
What could be the issue?
thanx for all your time, effort and input you have given me so far here. I know i ask alot but i hope i can find something to give in return.
Matt
|
|
|
|
|
68
|
Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Re: Where to start??
|
on: March 07, 2010, 06:37:23 PM
|
As already recommended, take a look at the forums of heorot.net, as you will certainly find a few tips and guides on how to proceed with the de-ice discs. If I remember correctly, there was for example also a video-tutorial made by purehate.
I would also recommend not to use them, though, until you are really stuck. Although you might learn the other way round easier, I think it is important to try it this way. There is not always the possibility to look at an already existing solution when you are stuck. Trying it right from the beginning this way might help if you experience similar scenarios in future.
If you haven't done already, look through this forums for a while, as others have often asked the same question (where to start), where you might find one or another good reply which might help you as well, even if the origin might not be the exactly same.
I wonder if toms book follows the same way as purehate does. I watched the first video and thought it was pretty cool. |
|
|
|
|
70
|
Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Re: Offensive security lab setup
|
on: March 07, 2010, 05:37:31 PM
|
Not too sure if any of the server targets are windows based. I know that students are assigned an XP machine to run tests against it throughout the course.
I want to claim in the final challenge when your suppose to root boxes that some are red hat linux boxes, one may be a windows server - but I'm not absolutely positive since I haven't started the class yet. There's a couple OSCP's on here that I'm sure will help out - I do know OSCP's aren't suppose to divulge much about the final challenge personally, but I hope they'll help - I'm curious as well!
thanx. HAHA. let me re word this cuz last time i said the same thing on another forum and got banned. I know that they have a security policy and privacy statment in place so not to much can be told about the actual challanges, i assume. But if i can closly imitate the lab setup that they use that would help me out alot so that i can practice with the material i have, such as those BT2 labs from my professor. Not every company uses linux servers so i need to learn to practice against windows as well. thanx |
|
|
|
|
71
|
Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Re: Project documentation
|
on: March 07, 2010, 05:07:08 PM
|
It comes down to what you are most familiar and comfortable with. ESXi is a pretty cool product, because it is a bare-metal hypervisor. I ran into some hardware compatibility issues with it though.
lol, well. i have never used any of them for more than 2 hours. haha. first time i used them was when i picked up Toms book. never knew what virtualization was and how it worked. |
|
|
|
|
72
|
Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Re: Offensive security lab setup
|
on: March 07, 2010, 05:05:43 PM
|
So the target systems are xp sp2 machines of either flavor of xp. Are there any server targets that are windows based? I appreciate the help. I have a few backtrack labs from my professor i wanna try out but they are for BT2 so i am not sure what type of lab setup i needed for that. My linux professor told me about backtrack and said i should research from here the lab setup and what not. thanx |
|
|
|
|
73
|
Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Re: Project documentation
|
on: March 07, 2010, 04:07:34 PM
|
Yep, you certainly can. You can have a host-only, NATed, or a Bridged network. The host-only is obviously self-contained. The NATed and Bridged options will be able to go "outside." There has been talk of techniques to breach the host-only security. I am not sure how successful they are at this point. You can always just remove the virtual Ethernet adapter in VmWare.
Hmm. VMware server or VB??? tough question |
|
|
|
|
74
|
Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Offensive security lab setup
|
on: March 07, 2010, 03:38:42 PM
|
|
as of right now you know that i am following toms book. I have created the virtual laba and what not. What i would like to do is imitate the lab setup that the offensive security(remote exploits course) lab students use so when i take that course i can be better prepared for it. If any one has taken that course it would be nice to hear from you on what type of OS's they used in there labs that you attack. Do they have winxp home or pro?
thanx
Sorry for so many posts. just trying to get all my ducks in a row.
|
|
|
|
|
Loading...
|
OSCP - Offensive Security Certified Professional : Failed my first attempt at the OSCP exam
