Thanks for that reply. It provides some awesome info. Especially about the ftp.  I forgot about the ability to log into that as an unclaimed user,

Ok, so i tried to use the hackerdemia live cd to learn hydra but even the new live cd of hackerdemia is still missing the hydra tutorial. is there a fix for that soon?

Some of the other stuff you mentioned i am unfamilular with such as the sql injection stuff. I have never used sql. I think i need to finish the HPTF(thomas willhelms course) course first. haha before moving into more complicated stuff.

 FYI, in case your not sure what i mean by HPTF course. Thomas willhil has made courses to teach this stuff using the de-ice. i started last night. I found my dvd from his book that has the ISSAF course.

Anyway, Back to topic. I was along the same thinking that an open port is just an open port. But ones such as ssh or ftp, that means a user can log in. BUT i do not have the user name or password. I assume my goal is to find a stupid mistake by someone(not stupid but un-logical) and that my give me a password.

Im not sure how much can be done on the lvl 1 disk but i hope i can find the company picnic pictures. I want to see htem getting attacked. haha. But the other interesting thing on the site:

"We hope that Marie M. has a speedy recovery - flowers and cards can be sent to the North Annex of "Our Lady of Unfortunate Demise, Hospital and Backhoe Rental". We will post pictures of the picnic soon, so check back later"

I see the backhoe rental hint  and wonder if i can grab peoples financial data from the rental records. IF the backhoe page does exist. Is there a way to see what other webpages they may have? IE an site map so i can see what other pages they have.

Ill do some more digging but im not sure what has been thought of in the lvl 1 disk so im not to sure what can be done and what cant be done.

Thanks for the help. Time to make a list of names and find that dang hackerdemia live cd tutorial.

EDIT. well, i guess emailing the names from gmail aint a good idea. I was guessing that it would come back as a bad address BUT i was hoping the email address adamsa@herot.net actually worked and maybe be able to get a reply from it. nope. oh well.

Any emails you find in those built in sites are probably not active but may be worth noting for another use.  Like... I dunno, creating a username list for a potential brute-force attack on some open service port that allows logons.  

And Shadow makes a good point.  You are not limited to using only the tools provided on the DVD, some of the material is old and has not been maintained.  In fact the author has moved most of the material to hackingdojo I believe.  So further in the book you go, you may need to hunt down tools to assist you further.  One version of BT I had didn't have any of the wordlists for Hydra to use, so I had to hunt them down from the net.  Found a number of even more useful lists as well.

Also go google SQLi and do a quick read on it to understand it.  It is certainly worth knowing about it since it has been used in a number of high-profile breaches.  LulzSec and Anonymous used it for many of their attacks.

ah, thank you. i will read up on ncrack to see what switches are doing. Does ncrack actaully crack the password sorta like hydra?

thanks guys. here is how i am doing this project. I hope you dont mind me telling you but i want to let you know my metho of doing things just in case some one can benifit from it. Plus you have answered my questions and i feel that i need to make sure your info is put to good use

my plan of attack:
watch the videos from my dvd course i purchased from thomas and take notes
take notes on the slides from the movie
document my notes from the movie and slides in a word file
read the required pages he has posted in the course ISSAF .2.1.b (13-61,87-169)
highlight the ISSAF reading and document the highlighted sections
Then any tools he/ethicalhacker.net discuses, write small one paragraph summaries for what i find and what they do to each device including time stamps.
take screen shoots(if i remember)
Follow the examples thomas and you guys show me for de-ice and document those examples in my word file.
take all the documentation including summaries of the ISSAF reading notes and create a technical report that i can give to someone for review.

Thats my course plan. haha

thanks guys.

And the pro penetration test creating and operating a formal hacking lab dvd is great go further and futher man dont miss practice take care

Yeah shadow zero i agree that hydra is more advanced and better and i said that before too but ncrack its not bad besides its too fast

Not sure about that... maybe he's referring to an older release of 1.110, or just recorded it wrong.

If memory serves, there was a 101.1, I have the labs at home and can take a peak later on.  There are some things that may no longer be valid since he has moved some of his material to HackingDojo.