Well done mate

@impelse, I did OSWP first as I wanted to get a taste of Offensive Security training courses without going the full training of OSCP even though I've only ever heard good things about it.

They are both great courses, however if you really are a beginner I probably wouldn't recommend OSCP as a first course but OSWP instead is much much easier to digest as a beginning course

I had been using BackTrack and several other linux distributions for a few years and I must say I was struggling with the course alot more than I had hoped, but it all paid off in the end xD

Really tires you out, but a challenge is a challenged enjoyed

I tend to recommend the Alfa AWUS036H/N adapters to people, purely because of how sensitive they are.

I did WiFu using the AWUS036H and had no problems with it

I haven't heard much about the N model, but I assume the only major difference is the support of N which is always a bonus

That's correct

Cheers MaXe

@impelse, I didn't have any "commercial" experience with pentesting before I started pwb, I do some on the side occasionally but mostly in the lab only

Hi,

Just got my OSCP exam results in

Now another cert to add to my signature hehe

TheXero

SephStorm, my favourite way of getting root is

or simply pwning as service that runs as root

SephStorm, it's all about getting as much information as you can.

Sometimes there is an available privilege escalation exploit, other times you have to really stalk it.

What I tend to do is have a look at all of the processes, see what is running with more privileges than me and if there are any ways of interacting with that service to get code execution.

Offensive Security's Pentesting With Backtrack is a great course that gets you really thinking about all of this, finding out this for every piece of software and configuration file takes a long time and you get really desperate, and all you get is 'Try Harder!'

I would recommend the course if you really like a challenge and the skills you learn alone are worth the price of the course

~TheXero

Hi eh-netters,

I've come up with a short list of machines to include in my next pentest lab.  Hopefully this will help inspire others to create their own labs as well.

This is what will be in my next lab, however I would appreciate some more ideas for machines that I can add, so feel free to add this this list

De-Ice 1.100
De-Ice 1.110
De-Ice 1.120a
De-Ice 1.120b
De-Ice 2.100
Metasploitable
Damn Vulnerable Linux
CentOS LAMP
Ubuntu LAMP
Windows Server 2003 Domain
    --> 2x XP
    --> 1x Win 7
NETinVM
Kioptrix

I agree with chrisj on this one

I suppose it goes down to how well you know the other person, but to be on topic it is all completely possible

Think about the possible laws in the US and Russia though, they have been quite stern recently with China recently with attacks

I'm like 30 days into pwb so I really hope that there isn't too much of a change

BackTrack 5 is being released in 4 days time :O

I don't see too much of a use for that book right now

As Ziggy_567 said, do an ARP scan

According to the IPv4 module machines have to respond to ARP requests.

The problem with ICMP is that it can be blocked just like ports whereas ARP should never be blocked inside of a network.  ARP can't travel beyond a router but locally should work just fine.

~TheXero

I'm doing PWB/OSCP at the moment, signed up for the 60 days lab bundle.

I was doing about 6-8 hours in the lab a day for 6 days straight before my brain was mushy.  It got to the point where my head was hurting so much that I took a couple of days away from the lab.

I'm not that far into the course yet, but don't take it all at once, it get's quite painful (mentally).

Good luck