As 3xban pointed out, a VM might be your best bet of getting a Linux box.  If you do go that route though, pick the hyper-visor that will work best with both the host and the guest.  And don't forget that backtrack was not built to be a secure OS but a pentest OS. 

Find out what the overall objective is.  Do they have a specific objective in mind or is it a free for all and just see what you can get? Oh and ask for a "Get out of jail free card".

I know this will be a loaded question in a site devoted to white hat hackers, so here it goes.

I'm doing research for class on getting the best ROI on a pentest. In your experience how receptive have your organizations/targets been to conducting pentests?

Have you seen value to the pentest?

I know loaded.  Have fun and thanks for the input.

I got my approved email last week.  I was relieved. so Now I need to go change my certs.

There are no new certs on the horizon for me as its back to school again.

Sorry, I have been out for a while now.  Been kinda busy here.  Any way, I also just got my "Congratulations" email from (ISC)2.  It was definitely a relief to get that email instead of the "Thank you" email.  I felt drained when I got done and was not real sure on how I did. 

What industry are you looking to get into?  The DoD recognizes a few certifications as meeting training requirements.  CEH, CISSP, and CompTIA Security + are just a few. This is not an all inclusive list but it may help. However, any Ethical Hacking cert will help you gain more knowledge.  The Offsec cert is a great cert and is very hands on.  It is not for some one new to Linux or ethical hacking. Before going straight to the hacking certs, look at the Security+ and the Network+ certs.  Then build from there.

Crossover,

A vulnerability scan is a good start but can give you an incomplete picture. If you look at it from a Risk perspective, there is more you need to look at.  A vulnerability scan like that performed by Nessus, will give network facing vulnerabilities like FTP server listening.  It will not tell you necessarily if the system is vulnerable to a local privilege escalation.  For that you need other tools or methods. You also need to look at the configuration of the network, disaster plans, user agreements, etc.  The list goes on.  In the Federal space, they are migrating to NIST SP800-37 Guide for Applying the Risk Management Framework to Federal Information Systems and using NIST SP800-53a Guide for Assessing the Security Controls in Federal Information Systems and Organizations.  This process is very similar to the DoD process call DIACAP. Both are risk management activities designed to minimize risks to C-I-A (Confidentiality, Integrity, Availability). They take in the whole picture, nut just a vulnerability scan.

For locking down the system in a meaningful way after doing a risk analysis, you could also look at the guides published by DISA at http://iase.disa.mil/stigs/stig/index.html. These are a little more current that what is published at the NSA site. The key though, is to determine what you have that needs protected and how much protection does it need. Sil's analogy of a house is great and spot on. Hang in there.  We all made mistakes when we started.

Well taking the HD out is the easiest route since the data may or "probably not" be encrypted.  Since that is not an option and you are using Windows, I would suggest that you look at several of the Microsoft Security Bulletins as they may point you at a flaw in one of the executables already on the system like with Word or Excel.  One question though, can the user save files or make use of a USB drive or other peripheral?  I ask only because you say the C: drive is locked down and they cannot write to it.  Is the system boot password protected or just the BIOS? Can the 1st boot device be changed? What is the boot order?

Thanks, I'll try 'em

I just let my kids, 8 and 4, watch Tron this weekend and they loved it.  Of course they also love the original Star Wars and like making Cat5 so I'm not really surprised.  I'm going to have to sweet talk my wife into letting me go out to see it when it comes out.  May be as my anniversary present......hhmmm

Hey gang,

I know it has been a while since I had anything meaningful to say, and I'm sorry that is not about to change today.  I'm looking for a tool that will crack SQL Server passwords.  I have the wireshark capture so I have both the salt and the hashed value to go with a user name.  I just need to find a way to crack it.  I know, With the user name and the hash, I already have the keys to the kingdom, but I would like the plain text for use on other systems that might use the same password.

Thanks,
Mike


On a side note, I already know the password but that is not really the point.

I had a problem this week with getting out of the office on time because I was writing a frickin batch script of all things.  When you enjoy what you do, time just flies.

Bill,

Check user rights.  I found that on my box, IUSR was a member of the guest group and guests where denied access to the system both locally and over the network.