Thanks ajohnson, your post was very informative.  I'm planning on starting the labs after I finish the entire book.  I'm almost finished with chapter 5 so that might be a while.

I've been thinking about playing around with Nessus and Nexpose, and this thread has been really informative.  Thanks guys!

If you can get a SQL error message that displays your input, then you might be able to provide a script tag as input to do XSS.  However, this would require that the output isn't sanitized.  More importantly, error messages tend to have a fixed length, so how much XSS you can inject would be limited.

Thanks dynamik, I'll try different orderings of my list and see if it makes any difference.

What's the best way to combine wordlists?  Just cat them all, and then run sort/uniq?  I've noticed some wordlists have duplicate entries, is this because some password crackers (like Hydra) can miss words?  If I run uniq this would remove all the duplicates, would it be better to just add the lines that aren't in one file to another when combining them?  Sorry for the newbie questions, I've never made a custom wordlist before!

SephStorm, here's the link I ultimately ended up using:

http://blog.thireus.com/crack-passwords-using-john-the-ripper-with-multiple-cpu-cores-openmp

It was super easy to setup, but I'm not sure if all hash formats support multi-core, need to try a few more things

Thanks ziggy, I'll try that.

Thanks guys, got it.

Now I have 2 versions of john on my system.  Can I just replace the john directory in the /pentest directory with the new one, and then overwrite the old /bin/john with the new one?  It's a bit confusing, if I type john instead of ./john it uses the old version.

Does anyone know a good link that explains how to setup jtr to use multiple cores?  I found some links but they were a few years old.  Considering I have the latest version (1.7.9) I just wanted to make sure I didn't break jtr by using info for an older version.  Multiple cores are nice, but if I break it, 0 cores are bad

I'm running backtrack 5 r1 x64.

I tried using hashcat, and while it uses multiple cores and is very fast by default, it was only able to crack 1/3 hashes, whereas john was able to crack all 3 using the --rules option with its default rules.  So if anyone knows a good rules file for hashcat (and maybe a tutorial), that would be useful as well.

Thanks.

What sort of hacking are you interested in?  Network, web, system?

Web hacking really only requires a tool like Burp Proxy which is not too resource intensive.

Network hacking requires that you run a lot of VMs, unless you have the actual systems to hack, which would require a lot of memory.  Network and system hacking can also require password cracking, which means you'll need a relatively fast processor.

If you're not sure what kind of hacking you're interested in, you might want to try eCPPT to get exposed to different areas of security.

Damn, I wish the web cert was a little cheaper than GWAPT.  Considering it looks to be the same price, I'd probably just go for GWAPT.

Ok, so I'll definitely buy Burp Suite Pro once I get a paying job.  (That and the GWAPT class).  Until then, I'll use the free version and try out ZAP. 

I'm getting more serious about web security as I'm going through the WAHH v2, and I'm wondering if Burp Suite Pro is worth the price.  I definitely think it would be worth a one time price of $299, but $299 a year seems quite steep.  Is it updated enough to justify such a huge subscription price?  Just thought I'd get the opinions of people who have the pro version.

Thanks.

Congratulations, this is a great prize!

By the way, has anyone taken DEV522/GWEB?  How does it differ from GWAPT?

I like knowing how things works, so I appreciate the code