Many encoding techniques won't work with SQLi since they will not be decoded and interpreted as SQL.

One advantage of using an intercepting proxy rather than just using a HTML form is that you capture a record of the HTTP request and response. This can be vey useful for going back and seeing what you did and tweaking requests. I've also seen sites that implement input sanitisation in JavaScript and avoing the web form also gets around this.

The problem with not using official courseware is you may not cover all the material your need for the exam. If the official courseware seems bloated then perhaps the syllabus is equally bloated. I've not done the CEH exam but experience with other vendor exams teaches me that passing may involve learning all of the guff that's included that you are never likely to use.

You might look to getting a second hand copy since I doubt many people will want to keep what is essentially an exam study guide. Your hard earned cash might be better spent on some mock exams which I find very useful for exam preparation.

Regards,
Jim

You might consider monitoring the site you are attacking. If you can control the rate at which your brute force tool hits the site you can tune it, check your monitor to see if the site is working and returning pages in a timely fashion and ramp up. If you get a situation where there is a significant impact on the site throttle back.

A simple script to gather a page and measure the time taken for the response might suffice or you could set up a more complex user experience monitor.

Regards,
Jimbob

If you right click on a TCP packet in wireshark there is an option to follow the TCP stream. Wireshark will filter all the packets from the given TCP connection and this might give you what you want.

Since this filters to a single TCP stream then you might want to make sure you haven't missed out some of the traffic. Take a look at the filter string and play around with it, perhaps filtering traffic on 1683 only. I've seen the tool Netwitness reconstruct chat sessions, there's a free version of that you can try.

As for tutorials for wireshark, <insert-name-of-search-engine-here> is your friend.

Jimbob

Hi all,
I just had a call from a company offering to produce lovely documents promoting my company to law enforcement and government and the public sector. Apparently there is loads of money available to forensics companies from the government purse, despite the fact that budgets for fighting cyber crime are being slashed.

Funny, I don't promote my forensics business becauses it's pretty much non-existent. If someone calls me asking about it then they've found my details on google. They would not send me any details by email because the salesperson's PC is not Internet connecte (seriously?). So I asked for a URL to check out that they are selling.

http://www.publicsector.co.uk/

Guess what? A holding page.

That's pretty damn cheap. I may as well sign up to a Russian business directory. I know a good few people out there trying to make their way in information security and calls like this from snake oil saledroids really get my goat. Caveat emptor.

Jimbob

libpcap is free and so is WireShark. It will run on both windows and Linux, and probably some other operating systems. Kismet is really great for monitoring and sniffing wireless networks, you might want to check that out.

Jimbob

The lawsuit has been filed with Gwinnett Courts.

http://www.gwinnettcourts.com/#casedetail/case:10-a-06012-5/

Mr. Evans has John A. Moore acting as his lawyer in this matter.

http://www.moorelawllc.com/

More in google no doubt.

Jimbob

And already the sock puppets are out.


I'm tired of hearing about this guy and his bullshit. Anyone else feel the same way?

Jimbob

Most likely just random junk to try and evade spam filters.

Jimbob

That's class! I've always wanted to be able to hack a ninja.

Jimbob

p.s. Nice avatar Jason :{D

For tools to connect to Oracle check out SQLPlus, the command line tool that ships with oracle. A free GUI  called SQL Developer is available from Oracle if you want something more visual.

There are a few good oracle security tools out there and some modules in metasploit for Oracle scanning and enumeration. POET is a recently release tool for Oracle pen testing.

http://pentestit.com/2010/06/08/poet-padding-oracle-exploit-tool/

Cheers,
Jim

This is still by far the easiest way to do it. If you have a good scientific calculator it should support hexadecimal, which makes converting to hex and back again easy.

Knowing how to do hex arithmetic is a useful skill. If you're only covering 8-bit numbers you only need work with numbers in the rannge of 0x00-0xFF or 0-255 in decimal. Don't beat yourself up over it though, it does not come naturally to most and taking a minute doing a simple sum in your head can be time well spent.

Jim

You could add the records to a domain you have own, or to a zone file on a compromised DNS server. I'm not sure about dynamic DNS but that would be a novel way of setting up the records.

Jim

Pwn and pivot. Use the box your rooted as a base to attack other assets in the organisation.

Jim

Hi,
I blogged about the notion of using DNS TXT records to delivery binary files to a compromised system. Here is the link...

http://jimhalfpenny.blogspot.com/2010/06/delivery-your-malware-by-dns-http-is.html

I hope it's interesting to the folks here.

Regards,
Jim