I didn't take it as rude.  The guy who designed the site is an ass.  I found a way to bypass the login to the database a month ago, and it took him a month to fix it!  So he's not really good about getting back to my friend or me.  In his defense, he probably realizes once he gives us all this stuff, he's going to get fired!

So right now the plan is just to make a list of all the problems and things we need and hopefully get it eventually so someone else can handle the site.

He doesn't know what algorithm he's using, someone else handled making the site.  And I'm not assuming it's secure, I'm just going to finish testing the rest of the site and THEN go back to the hash.

Thanks, as long as you and I can't crack it easily, I'm going to tell him it's secure    For now anyway.

Can anyone help me with this hash?  I was trying to check the strength of the hashing algorithm my friend uses on his site, and it must be amazing because JTR can't crack it

This hash is supposed to be "password"

04c2bb68c40e147048aeaf319ff00c3a609bd50f

And here is the salt:

d5f58c19ade4233e3eb2478c489ebd171992f514

JTR recognizes it as raw-sha, but I went through all the formats and it couldn't crack it.

Can anyone else crack this?  Am I doing something wrong?

Thanks

I had 5 1-hour phone interviews for a Security Engineering job with a large company that sells books before I flew to Seattle and interviewed with more people.  All the interviews were very technical.  The only stuff I didn't know was about routing.

Honestly, after going there, it didn't seem like that great a place to work.  Meaning even if I had gotten the job, I don't know if it would have been worth all the phone interviews and flying to Seattle for 3 days.  Plus it would have cost me more money to buy books because of tax if I worked there.

That being said, study up on routing and good luck.

I have checked skip sensitive devices   And I have Nikto integrated into Nessus.  I also set the max TCP connections very low, so I don't think I'll have a problem.

We'll see though...

And I just ordered Burp Pro.

Thanks, I was planning on doing both.  Running a server scan without credentials (External IP Scan), and then a web app scan with credentials.  I will have safe scans enabled.  If I have all the plugins enabled, safe scan will ensure that the non-safe ones aren't run right?  The server is run through a PaaS provider, so my friend isn't sure about all the services running so I want to be thorough.

I've never run a scan on a live, external server before, so I'm just trying to be cautious.  I kind of wish I had an external server to test the scans on first, but oh well.

Thanks

I'm testing a friend's website running on Amazon's EC2 servers.  He put in a request to allow me to test it next week.  The terms are pretty standard, don't DoS the servers.  I'm planning on running Nessus (regular server scan and web app scan), Nikto and BurpSuite Scanner on the site.  Is there anything I should know, settings I should change in the scans before I start?

Thanks.

Thanks Agoonie, I was wondering how this prize worked out for you.

Already signed up, guess I'll have to wait for next month's giveaway!

Excellent, the new stuff looks good, going to sign up this weekend!

That's what I've been doing for two years!  Unfortunately, no room for a desk given my current living situation.  Right now I just put my computer on a table with a towel under it to protect the table from heat/scratches.  Thought I'd try something different now.

I know this is a bit off topic, but can anyone recommend a good laptop stand?  I primarily want it to provide a more ergonomic typing position, but I also want to prevent a desk/table from getting hot (and marking up my mom's kitchen table because of it--I'll only make that mistake once )

Thanks.

I don't have R2, but I had trouble installing it on R1.  I ran this script to update Backtrack, didn't expect it to fix Flash, and I just kind of assumed I couldn't get Flash to work on x64, then a couple of days later I noticed Flash was working.  I can't guarantee that this will fix it since I tried a whole bunch of things to fix Flash, but it's worth a shot.

http://sickness.tor.hu/wp-content/uploads/2011/06/backtrack5_update.py

I just did update all.

NOTE: I have not tried this on R2, nor have I tried to update R1 to R2 using this script.  I will at some point, I'm just busy now and can't afford to have things break

l33t5h@rk I just wanted to say thanks for the book recommendation.  I'm about 100 pages into it, and it's pretty good.  I can still write a C++ or Java program faster than I can script, but I'm learning.