These labs are fantastic and totally free!

Is there a forum for discussing the vulnerabilities that exist on each application, or maybe a full rundown of each application detailing the exact vulnerabilities?

^^like^^

Congrats! Who's the new outfit?

I was at a UK millitary establishment in Wiltshire last year and given the nature of their work ALL mobile (cellular) phones are prohibited and have to be checked in at Security. To enforce the policy they used scanners which will detect phones, even when switched off as they will still emit RF (unless the battery is removed).

I don't know the make of the scanners but this link from the US might be the answer.

http://www.ntia.doc.gov/files/ntia/comments/100504212-0212-01/attachments/REI-ORION-NLJD-Detects_Cell_Phones_In_Prisons.pdf

The subnet should be 192.168.1.x. You would be advised to set the NIC for both guests to Custom - vmnet2. The de-ice distros set their own IP address. The clue to what that is is in the name, e.g. 'de-ice 1.100' which would be 192.168.1.100.

Set your Backtrack VM to the same subnet and you will see the de-ice VM.

If you still can't see the vm try using NMAP to search for port 80 on the subnet. You should hit the live IP.

I seem to recall not being able ping the de-ice vm too but NMAP will pick it up. It's been a while since I last used it so apologies if I'm off track!

Andrew, who would you recommend for buisness grade broadband in the UK?

Steve.

Hey folks,

I have a question which I hope you can answer from drawing on your own experience or knowledge.

Have you come across any security safe-guards, implemented by your ISP, which have impacted or even prevented your remote scans for the purpose of conducting an authorised pentest?

My ISP (SKY) has an AUP which as I understand it allows 'Authorised' scans:

"You must not use Sky Broadband to violate Sky Network's security or any third party's system or network security by any method including:

• unauthorised access to or use of data, systems or networks, including any attempt to probe, scan or test the vulnerability of a system or network; "

Do ISPs generally block traffic such as NMAP packets or is that left the end user to employ IDS, etc.?

Steve

As mentioned, it's an old exploit and since patched. You could try seeing if kb823980 is installed separately in Add Remove programs and uninstall. This will work.

The RHOST IP should be the victim machine's IP ie x.x.x.67. RHOST is remote host, not local.

Steve.

In posing the question I'm very much playing Devil's Advocate. I do value the benefit of going beyond a simple vulnerability assessment and looking to demonstrate an exploit.

I do agree, it's a balance between business continuity and exposure to risk. A malicious hacker won't care less if the server blue-screens, other than maybe attracting attention to their nefarious activities.

So it's a case of saying who do want to be the first to find these vulnerabilites? A pentester, working in agreed boundaries, or a hacker who doesn't play by the rules?

I have seen (not many) security companies offering Penetration Testing services who claim they do not run buffer overflow exploits against live systems. Are they pulling the wool over their clients eyes?  maybe!

Steve

Should pentesters be runing these types of exploits against live servers? Sure, I understand any Ethical hacker worth his salt will go at great length to explain the risks involed with testing in a production environment and the need for system backups, and no doubt there will be wording in any agreement to this effect, but should pentesters be taking such risks?

In my expereience of having pentests run against my companie's network I have had servers hang and firewalls fail to push policies. In a recent penetest Domain Admin was only compromised by running a buffer overflow against an old Symantec vulnerability (Domino). Was this wise?

Are pentesters too concerned about gaining 'root' at any cost? After all, you wouldn't expect to DDos tools run against your live network! So are buffer overflows any different?

Steve

Jamie,

I saw this today. A London based security company looking for a Junior Pentester:
http://www.theitjobboard.co.uk/?Mode=AdvertView&AdvertId=8540714&SearchTerms=Penetration+Tester&LocationSearchTerms=UK&JobTypeFilter=0&xc=1&utm_source=jbe&utm_medium=email&utm_campaign=jbe&lang=

Steve.

There are some very interesting comments from a thought provoking article.

The increase of virtualisation in corporate networks and the growth of cloud based services provide challenges to the security community to adapt to these changes. Server virtualisation is now commonplace and so too will be desktop virtualisation, along with switch virtualisation (Cisco Nexus 1000).

In response to what seems to be the general question of the value of a virtual only lab versus physical hardware; I was wondering if anyone had any experience of GNS3 which is a graphical network simulator that can simulate networks of switches and routers; of all flavours, such as Cisco and Juniper. My experience has been very positive and I have found it reasonably easy to integrate with my VMWare lab.
http://www.gns3.net/

Another option I have found that works well, if your looking practice against a Check Point firewall is to install their SPLAT OS as two virtual guest and configure a policy server and firewall - which Check Point will allow for 15 days unlicenced.

Steve.

If you want to tinker with AD for free Microsoft have quite a few pre-configured VHDs for Microsoft Virtual Server. 

http://technet.microsoft.com/en-us/bb738372

I've used these in the past, mainly the Exchange servers for evaluation and testing. With the standalone 2008/2003 servers you can easily create an AD environment just by running the command DCPROMO from RUN. A simple wizard will configure AD on your server.

Steve. 

OK. What is the server OS and vulnerability? If it's Windows then Meterpereter (as mentioned by BILLV) is always a favorite of mine.

Steve

A couple of hiccups with receiving emails but I got registered and handed over £480 once I was happy with the VPN connection to the labs.

Due to start the course on Sunday 20th November. Looking forward to it!

Steve.