Hello,

I am searching for a job and work permit . I am hard worker and self motivated guy who able to learn the thing quickly and love to solve problems. My current Skills in 1. Penetration Testing 2. System Administration in Linux and Windows


Education:

1. Secondary School.
2. Higher Secondary School.
3. Diploma in Networking.
4. Diploma in Software Engineering.
5. Self-study in Computer Security(3-4 years).

I am interested in any position(Computer related) of System Admin, Support tech, Penetration tester.

Note: I will need sponsorship for my visa(Work Permit). If you don't want to sponsor as you don't know me then i can work remotely too (VPN,RDP,SSH etc). But I really need to relocate as soon as possible.

If you have any opportunity or any help, suggestions or For Full CV please send me a pm

Regards,
easy

Hi MaXe First sorry for delay reply and thank you very much for a valuable reply. Really some important things you explained.

I have to read this reply several times....


I also think that it is WAF . You understood my problem.. So once again i want tell that what char are not working:

When i

I have tried once your the base64 encode method and it did not work. But i will try more harder...

Still it needs single quote ['cmd']

Cool history... I know you maXe that you are also cool.

Can you tell us that how you apply ? It is over online or locally etc. I am also trying to manage a visa for any country (UK,US,German, Australia etc)...

At least Penetration tester should have a good performance Computer/Laptop. If you are going to buy low performance laptop then in future you will be having some problem(It happened for me)...

Some Problem if get a low performance laptop:

1. You need low budget for buying a Low performance laptop. So Screen may be lower than 14" and after some month you may loss your eye power ''' heh.
2. What if you are going to crack a hash or a list of hash? Your laptop will be too slow and you will be unable to do others work at a time.
3. multiple tasking will be boring.

In my opinion if you budget problem then wait for some time then go for "good".     

MaXe thanks for your suggestions ...

At this i need any computer related where i will be able to get experience and practices.Just help me please to get a system admin job?

I will take these certs as soon as i get out from my country. Without a job offer dunno if it is possible to get visa (US,UK etc)... not sure actually.

I did not write any poc/paper(I will) ... Because i think it is my reading and learning time, I think i will learn if i read more and more . Without it i have some worry about my English too. I know becoming a real hacker is not so easy but i love to follow to be a Computer Security Genius like you, hd moor, petervan(Corelanc0d3r) and others. I am having some big personal problem and this is attacking on my brain and wasting important time.

Can you kindly provide any good job posting link where i can try sometime too?

Coping mean == cheating with own brain

Hope you guys will help me...


Thank you very much  

My education also not good perhaps . 1. I passed H.s.c(Higher school certificate) and have 2. Networking + Software Engineering diploma(1 networking + 2 software) 3. B.B.s third year(Not computer related , i love computer and that is i learned computer hacking and want it as career). Most of company want certs ... But my master problem is payment, I can't send money to abroad, Does not support paypal etc. That is why i did not able take any certs but i believe that i could pass CEH or CISSP if i attend for "self study option" (But i can't send the registration fee).

If i would have a simple job then it would better taking these certs .


Not understanding what i should do.

I am self-trained. Just i learned the pentesting , learning and continue i will learn more and more. For a long time study and research(3+ years, I think this time still is not enough for getting 100% expert, But i learned quickly because i spent my full time for becoming a hacker) i earned some knowledge. For some reason i am having some big problem and it is disturbing me a lots for security researching(Bored+angry). I Like to get a job and moving to any country anytime. Below is my skills:

1. Web pentesting(Tools + Manually).

2. System Pentesting with some tools and manually.

3. Buffer Overflow(Learned from Corelan tutorials and self research . I am still learning it )

4. Understanding programming language such as Python(Coding), html, php, C(basic), Assembly(Understanding For buffer overflows) , SQL etc.

5. Running various pentesting tools. My favorite Pentesting distro is BACKTRACK.

6. Quick learner.

I don't have any certs . I did not able to take any, because I have some great problem in my country for sending payment to outside country(sucks).  But i will take one or two certs after getting a job(Because just i can't send money to abroad. I think self study exam will do reason i have that motivation).

I am agree to move any country ...

Is it possible to get job without any certs?

Help me please writing my CV and getting a pentesting job

Thanks for reading my post and helping me.

OK now this is worked...

But some problem that i can't write anything on the server.

Suppose i am executing the command ${@system(ls)} and it out put all file but when i try like ${@system(ls /etc)} it is not executing.

All single command is working but whenever i try something advance(SO need space), it is not executing at all.

Perhaps this problem is for single quote and space. I was encoded but no luck yet

Any advice please?

Strange:

Here some result
1. ${@system(ls)} (It is fine)
2. ${@system(ls /etc)} :
<script language="javascript">document.location="default.html";</script>
3. ${@print(iamhere)} (It print out fine)
4. ${@system(i am here)}:
<hr>Query was empty

When i tried with ASCII encoding:
${@system(6920616d2068657265)}
The result: <hr>Query was empty

When i tried with random number without encoding:
${@print(692)}
Result:
692<script language="javascript">document.location="defualt.html";</script>

bah.

Not understanding what the hell is going on!!!

Please help ?

I tried .... I have seen the source code......Because first tried it by burp too.

Only source with a javascript redirect location (document.cookie=login.html)

If <? system(ls) ?> or other command then it just :

<script>document.location=login.html</script>

If md5 hash
hashhere<script>..........</script>

That is all i am getting.

I am counfused that how i can Combination other command with ${@(md5(something))}.

Thank you guys for replying . But actually i am not understanding what command i need. Because none command is working without ${@print(md5())}.

I tried many other php command such as systme or exec . But no any result.

Perhaps i need some hint or any link please?

I heard Offensive training is practical . if So then off course it is good one.

I have scanned my website with acunitix. And acunitix warn for high risk of php injection. The acunitix query was "${@print(md5(acunetix_wvs_security_test))}.

For verifying manually i tested and yeah its really output hash.
Suppose the site: www.testme.com/user.php?user=something&password=${@print(md5(worked))}  

And it Output the hash of "worked" so it make confirm that it is something bad. But when i try like:

www.testme.com/user.php?user=something&password=<?php system(ls) ?>

nothing happened.

Again when i try invalid command ${@print(nothing(system(ls))} then it output "EMPTY query"
So i think it is really vulnerable. But why this is not accepting other command ?

PS: I was encoded all query

How can i exploit such a vulnerability. Anyone can explain it please?


 

Thank you guys for reply.
I have got the bug hunter's diary... Just read some pages , seems something interesting.

I heard Coding for penetration tester is good book...

Looking for it

1. Coding for penetration tester
2. A bug hunter's diary

Anyone have read these two book?

Good Book?

I have read the old one and 2 days ago i got the 2nd which 920 pages.

This book is very good to get started - intermediate.

Good Luck