true, but giving the context where O_o is operating in (a virtual environment playing at home in a pentest lab) the ultimate goal is root, not whipping up a report for his CIO pointing out all the vulnerabilities. i agree that finding more vulnerabilities and pointing out what can be done with his data is more useful that focussing on just one and obtain root access. Sorry for the misunderstanding, i will try to be more specific next time.

did not know about the ultimateLAMP server, thank you! another fine addition to the pentest lab!

O_o: look up my pentest lab post: there are tons of downloadable pentest iso's which can be hacked for your pleasure!

hayabusa and cd1zz, you guys crack me up

O_o: i just gave you some pointers on the other question, this one i think you can solve by yourself, and remember: have fun!

1.  we are hackers, our mission is to manipulate a system in such a way it will do what we want it to do, which is in none of the case a DoS. DoSing wont help you get access to a computer, ever! so forget about DoS exploits, which are fine for disgruntled n00bs who have some sort of beef with a specific target.

2. here some pointers, remember that access isnt always enough. the ultimate goals is root/admin rights, also known as rooting the box! here a few things of the 1000s that can be done: with null session you mean you gained access to a windows share right? next i would see if i had write permissions and upload (malicious) code, preferably in the language of a service i could access through another way (see where i am going with this?) try to access the filesystem to, if an old box, download the sam backup file to brute force login credentials offline. be creative and see what you can find (perhaps batch scripts that contain login credentials?)

sounds good josh! good luck with it!

not my first (which was a complete fiasco because i was into security for about two weeks, firing random exploits and such) but a funny one:

i was doing a pentest on a web application that offered e-commerce functionality. it was possible to view the service after you purchased it. after providing your credentials it did around 2 or 3 authentication checks, but then you were redirected to an url that had the ordernr as an url parameter. changing this provided you with the order information of other customers. now the funny part was that all the information was provided in formfields, but were not editable. in the code there was a parameter like: CanModify=false. setting this to true lets you change the order and contact details of the person...

any reply from the ones who did attend? how was it?

hmm, if you can bring up the discipline to really study every day(!) for about 2 hours and put some more in during the weekend, it can be done. i probably did it the same way you will. remember that it will take a lot of time from you, and besides that, get ready to be exhausted after studying for that long in a row, i have days i am tired from just working, and i am sure i will not be able to study when i get home.

bottom line is only you can make that decision if you are able to pull it off, just dont underestimate it...

whats the full name of the file that you try to upload? it may be possible the application does not accept .php files (even with modified content-type). try something like evil.php.gif or evil.php%00.gif...good luck!

Congrats! and kudo's on the wifu video's on security tube, those are very good!

same here, still have loads of fun with it 

Like Kris and cd1zz said, i am sure nobody will trade you their course, because of the previous stated reasons. also the CTP course is a bargain compared to other courses, which cost 3 or 4 times more, easy! and you have the benefit to practice in the labs. just save up for a few months (buy a few less games and you will be fine  ) and take the course yourself, in the end it pays off and as a little bonus you will receive the certificate.

Thank you, but dont get me wrong, i could not care less about the backpack

@bickmade: good to see you are getting somewhere, i received the training kit from the institute i took the course at, so i dont know how long it took them to receive it...

thanks! too bad CEH is the only ec-council cert they are covering...

for the archive:
if people are looking for CISSP and other ISC2 test exams, check out http://www.cccure.org/.

good luck! i guess we won't be seeing you around here much the next 60 days