I could definitively use it! 

But I don't deserve it... 

Definitively Sil !

He kicks ass!!!

Thanks Equix3n-

I bought it about 2 months ago and didn't have time to open it. I will start with this one.

@mambru and @Dark_Knight: I appreciate your comments!

I think I will go through some books instead for the next few months. I haven't seen anything convincing so far. Again, I pay everything myself and before putting $4000 on a course + travel or pay $500 for a bunch of PDFs, I may as well read a few books!

I am pushing right now! 

I will go through a few books on web app pentests and I will see. I may then by a GWAPT practice exam and see where I stand. I did that for GSEC and finally passed the exam without the course!

Thank you everyone for your comments!

You are right xXxKrisxXx, I am really looking at a course dedicated on web app pentesting.

Heorot's 3DCPT looks indeed quite interesting, however:


I wonder if we really have to take the other course first... 

Ok, I just gave it a try  and it didn't work. But that being said, I know what the problem is:

1) I have installed tftpd version 2.21 on Win XP, SP1 English

2) I tried the following (with the proper IP address) just to see if it crashed the application:
And it did crash the application. So far, so good!

3) I tried your perl script and although it crashed the application, I didn't get the calc.

4) While I was looking around around, I decided to check my version of Windows, just in case. And "dummy me", I was trying it on Windows XP SP2 English!!!  

So bottom line, I don't have a WinXP SP1 available, but as soon as I have a minute (in a few weeks probably!!), I will adapt your script to make it work on WinXP SP2...  

But good job pizza1337, it obvious you wrote a nice piece of code!!!

Thanks secureseven.

In the review, they said:


I will be looking forward to this!!!

Here is what we do for our applications:

1) Passwords are hashed (SHA-1) and stored in a database
2) We NEVER print passwords anywhere. So we never display them on the screen, print them on paper, etc.
3) We make database backups. Once a month, they are sent to a vault in another location.
4) The administrator of the system can reset any password, but since they are hashed, he cannot see them.
5) In the event of a disaster, we rebuilt the servers from the backups
6) If we would really, really have problems, we can manually go in the database and reset them.

We this, you will never lose data because of a disaster or lost passwords.

So don't print any passwords anywhere. Instead, make sure and administrator can reset them.

Hope that helped!

@secureseven Did you take the eLearnSecurity course yourself? I looked at it the other day but I wasn't sure...

@mambru Thanks

@pizza1337 If I understand you well, you have developed this exploit on Win XP, SP1 and you just want somebody else to validate your work by trying it on a similar machine?

I couldn't test it yesterday but for sure tonight I will have time. I will let you know how it went right after.

@yatz A Buffer Overflow vulnerability is exploited when a user (attacker) enters especially crafted code instead of expected data. For example, pizza1337 used netcat to send a lot of "A" to the application using the GET request. This is called fuzzing:


This made the application crashed. He then replaced the "A" with his exploit and a payload. He finally created a perl script to send the exploit to the vulnerable service. He used the metasploit framework to generate his payload with this line:

But if you want to run this exploit, you won't have to use metasploit because no bind or reverse shell will be created. If it works, a calculator will appear on the victim's machine.

Hope it helped

@mambru Did you colleague say why he is not satisfied with the GWAPT course? I am curious why...

@xXxKrisxXx Thanks, I did forget about it! In the course description, they say:

I wonder what is the difference with this course and, let say, buying 6 or 7 books...

I think I am gonna take it. For $300, you can't go wrong. I will write a review as soon as I am done, probably late in September.

I liked this book too! So I am looking forward to take a look at your new book!

BTW, I like this simple and neat cover!

Please post again in October when the book is ready.

Great achievement!!!

pizza1337, do you have a link to where I can download and install tftpd32 v2.21?

I may have time tonight or tomorrow to test it on Win XP, SP1 English.

It's $99 USD per practice exam (in addition to the two you will get).

Hi,

I will soon be ready to take a Web Application penetration testing course. My goal is to learn in-depth web app security. I have been a web app developer for 10 years and I have been in the security field for about 2 years now. So I am looking for an intermediate/advance course. I am looking on courses dedicated on web apps.

Also, I pay everything from my own pocket, so I am looking for the best value.

So far, I found:

• SANS 542: Web App Penetration Testing and Ethical Hacking (GWAPT) - $4000 with the exam
• InfoSec Institute: Learn to Pen Test and Secure Web Apps - $3825
• BlackHat: The Web Application Hacker's Handbook - Live Edition - $1895 (late registration)
• BlackHat: Web Application (in)Security - $1895 (late registration)

Do you know about other courses? Which one would you suggest?