The heorot.net forum has everything you need to walk through disk 1 including a complete walk through.   I recommend only going there after you have tried everything possible for at least a couple of weeks.  You wont learn much if you just look at the answers so try and resist the temptation.  You are on the right track so now focus on cracking passwords. Google everything you can on that subject. Also remember that some users take their own name and add a few things to it make a password so you might want to create a short password list of your own.

Thanks for keeping this site going Don. I remember when I first joined years ago and it was just a few regulars like Negrita, Oyle, etc... Nice to see it grow.

It demonstrates that they are attempting to screen applicants and my hat is off to them for that.  You might try some other course for now and reapply later.  If you are working with a credible organization you need to be very clear and upfront with your information.

So many people coming into security don’t think outside the box. To secure a network we must think like the attacker. Not the script kiddie, but someone very skilled and focused. Someone that doesn’t give up because they don’t find an exploit in the current metasploit download.   Forgive me and I hate that over used saying about the box but it’s true.  Thinking “outside the box” is such a requirement that I feel I can say you cant be a great hacker if you don’t.  I used to hate reading sayings concerning hacking, you know all that Sun Zu crap about knowing your enemy, blah blah. I just wanted the easy how to steps.  But years later I have come to appreciate what wiser folks were saying to me.  Being a good hacker is a state of mind and not just looking for a quick how to on the internet.  The problem is, there are so many ways to get into a network and looking for just one or two ways to get in that someone might post is very limiting.  Think about how a rat tries to get in.  As disgusting as it might seem, the rat really is our best example.  A rat is very tenacious and never giving up.  Its sad for me to say but there are few networks I cant breach if I am given enough time and recourses. 

So if you are the kind of person that just can’t even figure out how to make a living hacking then don’t even try. If you think the only way is to get a lot of credentials and beg some company to hire you then you are not thinking like a true hacker.  I have made a very good living just being independent. You can make over a $100,000 a year easy if you understand the process.  Yes, you should get training and ask as many questions as you can, but don’t just rely on that.  So think like a hacker and you will do just fine. Just thought I put my 2 cents in. 

Kev

Being able to “hack” through such simple restriction should be easy enough for you if you take the time to think about it.  I believe such a skill is paramount for anyone that claims to be a hacker.  There are governments that control what you can access, look at Iran or China.  No hacker is going to post how to do it. Think about why that is true.  You can discover it if you are serious and have some ability to stay with it. 

Well said Jhaddix. I agree exploits are the fun part.  Cracking a password just doesn’t have the same feel to it as rooting a box with an exploit.  Hmm, I wonder why that is?

I thought I would throw in my 2 cents and recommend the Heorot training. I am familiar with both and they are equally good, actually I would say you should do both if you are truly serious.  What I like about the Heorot training is the real life scenarios he uses.  Exploits are kept to a minimum.  In the last 2 years of pentesting I can say very few breaches were made by exploits and those few were made with browser exploits. Perhaps someone here has a different experience?   If someone thinks you can arrive at a pentest and launch their metasploit autopwn and that’s it, well that is a huge disservice to their client. Just what I have encountered. 

Ha Ha, nice try, but I terminated the account that I used for this about a month after the post.  However somebody just registered that account today. Hmm I wonder who, lol? 

You might try the Ferret tool from Errata security. I have had some hit and miss success with it.

Check out Backtrack 4.

Good job! Being persistent and not giving up is one of the major attributes of a successful hacker.

I believe there is no question about it and Ubuntu is the way to go. I use it in pentests and love it. The amount of community support and how well most security tools compile on it makes it the choice for someone new to Linux.  It was a great choice and interesting to note that it was decided to move Backtrack to this distro ,so perhaps that says something in itself. In the past Backtrack was never considered a very good distro, but a very good collection of tools. It was cumbersome to install programs on Bactrack due to its modular construction and the lack of certain libraries. 

Your command and parameter is ok. But dont use just one technique when scanning. That the beauty of nmap and its the most customizable scanner availble.  When you start combining timing options,etc... you sometimes obtain more reliable output. 

All dugg !

Nessus along with GFI LanGard.  Nessus seems to work better with fragmentation for the networks that allow frag packets.