An important lesson I learnt was to make sure you check UDP ports as well as TCP.

Only checking the TCP could mean that you miss a critical vulnerability

This is where I'd start running "sqlmap" with a --dumpall xD

Hey

A previously unpublished Article I wrote about ASLR can be found at ASLR.pdf tell me what you guys think

Regards,
TheXero

Professional Penetration Testing - Tom Wilhelm

Definitely a good book I would recommend to a new comer, after all hacking isn't all about using metasploit to compromise a target by looking at all possible entry points and not relying on a single tool for the job.

In the book he states how to perform a professional pentest as well as the setup for corporate and home pentest labs in order to gain experience, which can be used by tools like metasploit and development of your hacker methodology by forcing you to think outside of the box when attacking certain scenarios.

http://www.amazon.co.uk/Professional-Penetration-Testing-Creating-Operating/dp/1597494259/ref=sr_1_2?ie=UTF8&qid=1334068828&sr=8-2

The whole reason that I use Hacking-Lab is because of a lack of spoilers (no taking the easy way out) and actually learning something.

I'm sure many others here will agree that spoilers ruin the challenge and I personally do not agree with spoilers being given here.

Good advice cd1zz xD

Just remember that with OSCP you are on your own, you just need to try a few things and think outside the box in order to achieve specific goals.

Thankyou very much Don

I am looking forward to it very much, and will keep you guys posted.

Thanks again

Privilege escalation can be one of the most challenging and exciting parts, so good luck

Many people attempt these boxes all day (they get reset on the hour) so just try again and see if you can do exactly the same again

wlandymore are you doing a hacking-lab.com challenge, ie 'got wurzel' or 'got root'?

These challenges I found quite hard (not complete 'got root' yet) but being able to break out of rbash is not something I have come across before.

Focus on what you can execute (in ~/bin) and and you should be able to break out of it fairly quickly

You could always look at HatForce, I'm pretty sure that would end up cheaper than some other places.

 esojzuir, I used 'screen' in my exam and I would recommend it

Can't wait

I was a bit skeptical about the series when I first heard about it, but I really enjoyed the series and can't wait for season 2

The only downside I can see is that I can't watch it online or on tv here in the UK.

I might purchase some used Cisco equipment off ebay soon

My lab currently is mostly System based with 1 router (running DD-WRT) connecting the lab to my normal network.