Image
 
Latest Additions
 
EH-Net Login
Welcome Guest.






Lost Password?
No account yet? Register
Who's Online
We have 9 guests online
EH-Net Donations

Enter Amount:
$

Google Ads
ChicagoCon 2008f
chicagocon2008f_125x200banner.jpg
ChicagoCon 2008f
EH-Net News Feeds
Latest Additions
Book Recommendations





 
Advertisement

You are here: Home arrow Forum
Ethical Hacker Community Forums
August 07, 2008, 07:56:16 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Registration Now Open for ChicagoCon 2008f Oct 27 - Nov 2! Visit www.chicagocon.com.
 
  Home Help Calendar Login Register  
  Show Posts
Pages: 1 [2] 3 4 ... 23
16  General Discussions and Related Certifications / Other / Re: Can you teach me to hack? on: July 28, 2008, 03:49:07 AM
Congrats BillV, enjoy it Cheesy

(p.s. was expecting a completely different thread when I read the title Wink )
17  Resources / News from the Outside World / Re: Spam King Breaks Out of Jail on: July 27, 2008, 04:12:05 AM
I just hope he likes it hot, I've heard you can get a serious tan where he's going.... Angry
18  General Discussions and Related Certifications / Programming / Re: Steps for The Ethical Hacker to learn programming on: July 26, 2008, 07:33:10 AM
Try this EH Thread (dive into python)

Read the rest of the programming board threads for some great resources.

And remember, the search box and google are your friend......
19  General Discussions and Related Certifications / Forensics / Re: Dismantling a Fraudulent Website - HELP Rewarded! on: July 25, 2008, 03:06:48 AM
Senss,

if this is a criminal matter the best advice is to report it too the authorities. Even if your actions are 'justified' you may end up on the wrong side of the law. Hiring third party investigators probably isn't the way to go.

Failing this contact the providers of the domain to attempt to have the site taken down. Additionally you could try contacting the Internet Storm Centre (ISC)

RR
20  General Discussions and Related Certifications / Ethical Hacking / Re: ARP Poisoning, to do or not to do? on: July 24, 2008, 07:18:43 AM
Ketchup,

if you are trying to sniff traffic for defensive purposes your can configure span ports (on Cisco devices, I believe similar features exist forother manufacturers). This will allow you to see traffic at packet level without restorting to re-directing traffic with arp spoofing.

However as you state, the bad-guys will likely have no qualms attempting an ARP spoof technique as the fallout of network failure isn't going to effect them. Might be a good idea to see how the network would handle such an attack. As with everything in this area make sure that you have fully explained the risks to your employer/client before trying these techniques and CYA, in writing, at all times.

RR
21  General Discussions and Related Certifications / Hardware / Re: more than one internet connection for the same box ? on: July 22, 2008, 07:04:24 AM
Teamer,

couple of things
"my answer depends on each of your network connections having a separate, static IP address" < yes every connection has it's own static IP , seperate .
All good, first fence hurdled.

my quesion is : "configure Apache to listen on each IP for each domain as appropriate and set DNS records for each domain" < HOW Huh
The links that BillV has provided should point you in the right direction. However without knowing the exact config of your environment step-by-step instructions will be near impossible. But the setup you describe should be fairly simple, just read and experiment.

"f you're using Vista I'd suggest some form of hardware firewall if available, resorting to software f/w at a minimum" , i don't need a firewall cuz this webserver will be shutdown when me and the other programmers complete our project .
Fair enough, your call. What's your IP by the way?......
22  General Discussions and Related Certifications / CEH - Certified Ethical Hacker / Re: CEH v6 Outline on: July 22, 2008, 02:59:29 AM
Cheers for the heads up BillV.

Slightly concerned about module 67 though....

Quote
Module 67: Identifying the Terrorist
(Emphasis is mine)

 Shocked Huh
23  General Discussions and Related Certifications / Hardware / Re: more than one internet connection for the same box ? on: July 19, 2008, 04:45:51 AM
Teamer,

first things first, my answer depends on each of your network connections having a separate, static IP address.

The bandwidth you quote for the connections: are they the upstream figures? Bear in mind that as standard (in the UK at least) even a 20Mbps ADSL connection may be limited to as little as 256kb upstream. Which is the important aspect if you are trying to server content.

Also check with your telco's t's & c's as there may be restrictions on hosting content of the connection, possibly with some inbound ports being filtered.

All that said, some solutions....

Simplest solution would be to configure Apache to listen on each IP for each domain as appropriate and set DNS records for each domain. Job done.

I'm assuming that there is some issues with this however. Do you routers pass through public IP addresses or NAT to a private range? Make sure that you get your NATs configured so that external traffic reaches the correct internal IP/service.

If you're using Vista I'd suggest some form of hardware firewall if available, resorting to software f/w at a minimum.

One issue you may face is the default gw settings in Vista. I've had issues in the past trying to dual-home a 2003 server using native windows infrastructure. Not sure if Vista will have the same or similar issues, but if you encounter problems this may be a place to look.

Hope this is of some help.
RR
24  General Discussions and Related Certifications / Ethical Hacking / Re: Ethical. Needs. on: July 15, 2008, 04:17:42 AM
dig...and dig...and dig.

especially if you like DNS enumeration;)

(sorry, I'll get my coat)
25  General Discussions and Related Certifications / OSCP - Offensive Security Certified Professional / Re: Starting OffSec101 on: July 15, 2008, 04:16:10 AM
Dale,

Easiest way to learn (at least for me) is just to play with it. Mutz has a nice video showing it's us to document pen-test findings, not sure if it is world viewable or students only. If I can find a public link I'll update.
26  General Discussions and Related Certifications / OSCP - Offensive Security Certified Professional / Re: Starting OffSec101 on: July 15, 2008, 03:05:07 AM
its trying to teach you to document, which is important once you start taking a look at alot hosts and then trying to remember what was open on what and what was vulnerable to what, etc.
Documentation is so important specially working with a large network. Leo is not the only way to keep notes, but it does give you that nice "tree" effect.

Agreed guys, I'm starting to get the hang of it. The 'tree' view seems to fit in with how my brain works. Also it's nice (and extremely useful) to slowly see the information gathered about the network grow as you work through the activities.
27  General Discussions and Related Certifications / OSCP - Offensive Security Certified Professional / Re: Starting OffSec101 on: July 14, 2008, 09:15:18 AM
Cheers Vijay,

I got access to the course material yesterday and so far it's great. I've watched the videos for the first two modules and gone through the exercises (inc. extra mile) for module 1.

Haven't had too much opportunity to hit the labs yet due to the nature of the first few modules. But from what I've seen there is plenty to play with and I can't wait to get more involved. I'm having to try really hard to stick with the course material and not just dive straight in with hacking around the lab.

Biggest issue I've had so far is getting my head around using Leo. Think I'm starting to figure it out and I'm starting to see the benefit of using it. Just wish there was some mention of Leo in some of the preperation material so I could have gained experience before getting the material. If any one is planning on taking the course spend at least a bit of time looking at Leo for documentation.
28  General Discussions and Related Certifications / OSCP - Offensive Security Certified Professional / Re: Starting OffSec101 on: July 13, 2008, 03:43:59 AM
Cheers for the responses guys, just got access to the course material today (wish I was at work, the download would be faster Sad ) Printer is currently in overdrive Wink

I know it states that programming knowledge isn't really needed but throughout the course you do write useful bash scripts. If I were in your position I'd get a better grasp on using your choice of an IDE (Muts uses nano throughout the course I believe) to write bash scripts.
Hopefully the programming section shouldn't be too much of an issue, I come from a development/Linux admin background so know the basics. (plus I use nano too Smiley )

just watch the videos, read, and work thru the labs and ask questions after you do some thinking and googling.  I found some of the people (non-offsec people) in the forums and irc to be less than helpful.  kind of annoying.
I've been hanging around in the irc channel for a few days, seem to be similar to most communication places on the web. Plenty of useful helpful people providing you can take the high-road and ignore some of the less usefull comments.
29  General Discussions and Related Certifications / OSCP - Offensive Security Certified Professional / Starting OffSec101 on: July 11, 2008, 02:36:45 AM
Hi All,

I've just signed up for the OffSec101 course starting 13th July. At the moment I'm bouncing around like a kiddy at christmas waiting for it to start Cheesy

Basically I was looking for some advice from those that have already taken (or currently taking) the course with regard to the best way to study the material.

Also from posts I've read here and elsewhere the final exam sounds a bit evil. Any advice on which aspects of the material to learn 100% would also be apreciated.

Thanks in advance, just hoping talking about the course may calm me down some Smiley
RR
30  General Discussions and Related Certifications / Malware / Re: question about building a perl exploit using metasploit on: July 11, 2008, 02:23:39 AM
Nicely done Apollo

and thanks for posting the solution aswell as the problem.
Pages: 1 [2] 3 4 ... 23
Powered by MySQL Powered by PHP Powered by SMF 1.1.5 | SMF © 2006-2008, Simple Machines LLC
Joomla Bridge by JoomlaHacks.com
Valid XHTML 1.0! Valid CSS!
Page created in 0.063 seconds with 21 queries.
 

EH-Net's
2nd Annual
Tweener Party
 

Join us for FREE BEER on the Thursday between Black Hat and Defcon.
Click HERE for details.

Polls
Best for daily desktop use:
 
Support EH-Net
chicagocon2008f_125x200banner.jpg
ChicagoCon 2008f


Support EH-Net by
Buying all of your
Amazon items using
the search bar above.

cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!
Recent Forum Topics
Vote For EH-Net

progenic.com
Click here to Vote!

Sadikhov.com
Top IT Cert Sites

binarica.com
Binarica Logo

Add to Technorati Favorites
technorati fave

chicagocon2008f_125x200banner.jpg
ChicagoCon 2008f
 
         
Advertisement

© 2008 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.