- This topic has 36 replies, 15 voices, and was last updated 8 years, 10 months ago by
DragonGorge.
-
AuthorPosts
-
-
July 1, 2011 at 1:40 pm #6578
BillV
ParticipantWow, just after I noticed that basics of hacking book, I noticed this one coming out by several of the OffSec guys. Will certainly be picking up a copy!
Metasploit: A Penetration Tester’s Guide
By: David Kennedy, Jim O’Gorman, Devon Kearns, Mati Aharonihe Metasploit Framework makes discovering, exploiting, and sharing vulnerabilities quick and relatively painless. But while Metasploit is used by security professionals everywhere, documentation is lacking and the tool can be hard to grasp for first-time users. Metasploit: A Penetration Tester’s Guide fills this gap by teaching you how to harness the Framework, use its many features, and interact with the vibrant community of Metasploit contributors.
The authors begin by building a foundation for penetration testing and establishing a fundamental methodology. From there, they explain the Framework’s conventions, interfaces, and module system, as they show you how to assess networks with Metasploit by launching simulated attacks. Having mastered the essentials, you’ll move on to advanced penetration testing techniques, including network reconnaissance and enumeration, client-side attacks, devastating wireless attacks, and targeted social engineering attacks.
-
July 1, 2011 at 2:12 pm #40745
lorddicranius
ParticipantVery cool, thanks for the heads up BillV!
-
July 1, 2011 at 2:14 pm #40746
dbest
ParticipantNice find. If they cover more than what is on metasploit unleashed its gonna be a good buy.
-
July 1, 2011 at 2:16 pm #40747
hayabusa
ParticipantBeing that both muts and R3l1k are authoring, should be a good read. Thanks, BillV, for the info.
-
July 1, 2011 at 2:20 pm #40748
WCNA
ParticipantI will be getting this one too. I talked with muts (Mahti Aharoni) quite a few times when I took the OSCP course and he really knows his stuff. I hope the book is as good as the course was.
-
July 1, 2011 at 3:16 pm #40749
hayabusa
ParticipantLOL… Yeah, I know. Well, we KNOW he won’t beat out the course, with a book, else he’d lose a ton of $$. 😛 But I’m pretty sure it’ll be a great one, regardless!
-
July 1, 2011 at 4:35 pm #40750
El33tsamurai
ParticipantWith all the book reviews lately, I wonder if Don could get for one of the month give a way’s a year pass to http://www.packtpub.com/. That would be really cool,
-
July 1, 2011 at 6:22 pm #40751
BillV
Participant@El33tsamurai wrote:
With all the book reviews lately, I wonder if Don could get for one of the month give a way’s a year pass to http://www.packtpub.com/. That would be really cool,
If anyone can get it done, it would be Don 🙂
-
July 2, 2011 at 1:19 am #40752
Don Donzal
KeymasterI know books are great, but what do you think of the current giveaway?
I will take your advice and hit up packtpub. Just keep in mind that the giveaways are usually scheduled months in advance.
BTW – Thanks for the vote of confidence,
Don -
July 2, 2011 at 2:57 am #40753
-
July 2, 2011 at 2:38 pm #40754
El33tsamurai
Participant@BillV wrote:
@El33tsamurai wrote:
With all the book reviews lately, I wonder if Don could get for one of the month give a way’s a year pass to http://www.packtpub.com/. That would be really cool,
If anyone can get it done, it would be Don 🙂
I agree, Don I love this site.
-
July 2, 2011 at 2:39 pm #40755
El33tsamurai
Participant@don wrote:
I know books are great, but what do you think of the current giveaway?
I will take your advice and hit up packtpub. Just keep in mind that the giveaways are usually scheduled months in advance.
BTW – Thanks for the vote of confidence,
DonThe new one is amazing and in my defense this was before it was posted 😀
-
July 2, 2011 at 10:01 pm #40756
Anonymous
ParticipantYah got this one in my amazon list too cant wait for this book should be good.
-
July 12, 2011 at 9:42 pm #40757
cd1zz
ParticipantAll of you might want to cancel your Amazon order and order direct from the publisher. After the 40% discount, the book is the same price plus you get an EBook version of it as well 🙂
-
July 12, 2011 at 10:05 pm #40758
lorddicranius
Participantcd1zz beat me to it 😛 Just pre-ordered it from nostarch.com. I figured the ebook link would be sent via email or be available via the website once the book was released, but nope – I got the link to download it immediately upon pressing “submit order.” Perusing through it already!
-
July 12, 2011 at 11:37 pm #40759
cd1zz
ParticipantSuper bad ass!
-
July 13, 2011 at 4:55 pm #40760
dbest
Participantjust found out about the nostarch option from my colleague and am gonna be purchasing the book. 🙂
-
July 13, 2011 at 5:27 pm #40761
hayabusa
ParticipantGreat read, so far. (Obviously got the pdf, already)
-
July 13, 2011 at 6:53 pm #40762
impelse
ParticipantHow is the information between this book and the information in the offensive-security site?
-
July 13, 2011 at 7:09 pm #40763
hayabusa
ParticipantHonestly, I haven’t even read it, with regards to doing any comparison, to this point. But I’ve liked what I’ve read so far, and am looking forward to some of the stuff in the later chapters (some of the expanded info on SET and FastTrack, Karmetasploit, etc.) It’s particularly refreshing to see continued effort at documenting the framework and working with it, rather than all the emphasis, elsewhere, on paid tools and commercial versions.
I haven’t looked closely at Metasploit Unleashed in some time, personally. The book does start emphasizing PTES more, and following the PTES methodology (which is starting to be more common, from what I see and hear,) than I recall having seen anything of in online. They go more deeply into building your own exploits and modules, and putting them into the framework, too, than what I recall from Unleashed. The overall material just really looks good, and grabbed my attention.
Maybe once I finish this book, I’ll see about doing a comparison, from my viewpoint, between the book and Metasploit Unleashed, although, personally, I’m still happy to have both. The nice thing about books, for me, is that once you get the hard copy, or print it out, you have something you don’t have to sit in front of a monitor to look at, for a change.
-
July 14, 2011 at 12:25 pm #40764
tturner
ParticipantUse coupon code REDTEAM for the discount. I did not see it mentioned in this thread (but I may have missed it) so figured I’d let people know about it.
-
July 14, 2011 at 5:09 pm #40765
cd1zz
ParticipantI’ve read both the Unleashed and have skimmed the PDF for this new book. I would say that if you’re not very experienced with metasploit, the book is great. It seems well written, clear and covers a lot of topics. There IS a lot of overlap with the Metasploit unleased online reference but you get much more rich content in the book. Explanations etc…
However, if you’ve spend any decent amount of time in the framework, there isn’t too much new information. I do like the karmetasploit stuff, aux module stuff and most of all, the porting exploits to the framework section.
I do think its valuable for anyone as a solid reference because its organized into one location!
-
July 14, 2011 at 5:39 pm #40766
hayabusa
ParticipantIn total agreement, based on my reading, thus far.
-
July 15, 2011 at 1:33 pm #40767
Don Donzal
KeymasterOfficial review coming from Jason Haddix soon.
Don
-
July 16, 2011 at 5:32 pm #40768
impelse
ParticipantGreat
-
July 18, 2011 at 5:53 pm #40769
nicklauscombs
Participantofficially ordered the book from no starch and really looking forward to browsing through this book.
to those that preordered the book and pdf did they put the pdf up for download right away? been a few days and havent seen it available for download yet….
-
July 18, 2011 at 6:06 pm #40770
hayabusa
ParticipantYou should be able to sign into your no-starch account, and under orders, see the book, and the link to the pdf was there, too. It was available immediately, as soon as I finished ordering.
-
July 18, 2011 at 6:54 pm #40771
nicklauscombs
Participant@hayabusa wrote:
You should be able to sign into your no-starch account, and under orders, see the book, and the link to the pdf was there, too. It was available immediately, as soon as I finished ordering.
yeah that’s what i thought…. but no luck. i shot them an email to see whats up.
-
July 22, 2011 at 1:45 am #40772
Tancred
ParticipantI had to log out and then log back in for my download to register as available, but it was there minutes after I’d actually made my purchase. Any update, nicklaus?
-
July 22, 2011 at 3:05 am #40773
nicklauscombs
Participant@Tancred wrote:
I had to log out and then log back in for my download to register as available, but it was there minutes after I’d actually made my purchase. Any update, nicklaus?
not sure if there was a problem but after emailing them they quickly got back to me and made the download available. about halfway through the book and really enjoying the read so far.
-
July 22, 2011 at 4:06 am #40774
Tancred
ParticipantAwesome, was just curious because I’d had a similar issue. Can’t wait til my physical copy arrives, but I wanted to pre-order so I could have it right away.
-
July 23, 2011 at 6:30 pm #40775
hayabusa
ParticipantPaperback arrived in today’s mail. Now I can mark it up… :-p
-
April 23, 2012 at 4:02 pm #40776
DragonGorge
ParticipantWondered if I could get some questions answered on the whois/netcraft section of this book.
In the Passive Information gathering section of Chapter 3, the book lists a whois performed on secmaniac.net which results in domain servers of XX.DOMAINCONTROL.COM and goes on to say that these servers are not owned by secmaniac.net:
Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
Domain Name: SECMANIAC.NET
Created on: 03-Feb-10
Expires on: 03-Feb-12
Last Updated on: 03-Feb-10
Domain servers in listed order:
NS57.DOMAINCONTROL.COM
NS58.DOMAINCONTROL.COM1. How do we know these aren’t owned by secmaniac? Is the tipoff the fact that it’s “DOMAINCONTROL.COM” as opposed to “SECMANIAC.COM”?
The next section deals with NETCRAFT and lists the output below followed by an assertion that “this site appears to be hosted inside the author’s home, because the IP block appears to be part of a residential range.”
msf > whois 75.118.185.142
[*] exec: whois 75.118.185.142
WideOpenWest Finance LLC WIDEOPENWEST (NET-75-118-0-0-1)
75.118.0.0 – 75.118.255.255
WIDEOPENWEST OHIO WOW-CL11-1-184-118-75 (NET-75-118-184-0-1)
75.118.184.0 – 75.118.191.2552. As before, I’m not clear on what in the printout indicates this is part of a residential range. I’m used to seeing 192.168.x.x but this one is new to me.
On a different note, I noticed that performing the same steps in BT yield different information. The different IP addresses (96.126.127.220 as opposed to 75.118.185.142) and different outputs on whois. The different IP addresses don’t surprise me but the whois listing for 75.118.185.142 yeilds 4 lines while the current IP yields much more info. And does the book’s ip listing still comes up because the whois database hasn’t been updated?
-
April 23, 2012 at 4:23 pm #40777
sil
Participant@DragonGorge wrote:
1. How do we know these aren’t owned by secmaniac? Is the tipoff the fact that it’s “DOMAINCONTROL.COM” as opposed to “SECMANIAC.COM”?
We know these aren’t OWNED by secmaniac because of the domain: DOMAINCONTROL.com which is a separate company altogether. You can dig out THEIR information using another whois:
whois -h whois.geektools.com domaincontrol.com
Then match up who owns those domains
@DragonGorge wrote:
2. As before, I’m not clear on what in the printout indicates this is part of a residential range. I’m used to seeing 192.168.x.x but this one is new to me.
You’re confusing things here. The IP address IS ALLOCATED for residential use. It is the PUBLIC IP addresses his provider assigned to him
@DragonGorge wrote:
On a different note, I noticed that performing the same steps in BT yield different information. The different IP addresses (96.126.127.220 as opposed to 75.118.185.142) and different outputs on whois. The different IP addresses don’t surprise me but the whois listing for 75.118.185.142 yeilds 4 lines while the current IP yields much more info. And does the book’s ip listing still comes up because the whois database hasn’t been updated?
You assume his addresses remain the same over time. If you took a look at his domain’s history, you can see he has changed it 2x since the book: http://toolbar.netcraft.com/site_report?url=http://www.secmaniac.com
-
April 23, 2012 at 7:32 pm #40778
DragonGorge
Participant@sil wrote:
We know these aren’t OWNED by secmaniac because of the domain: DOMAINCONTROL.com which is a separate company altogether. You can dig out THEIR information using another whois:
That was what I was getting at – without researching DOMAINCONTROL we wouldn’t automatically know that it wasn’t the same company that owned secmaniac.net, right?
You’re confusing things here. The IP address IS ALLOCATED for residential use. It is the PUBLIC IP addresses his provider assigned to him
I’m confused by the line in the book that states “we can tell that this site appears to be hosted inside the author’s home, because the IP block appears to be part of a residential range.” To rephrase my question, how can we tell from the printout that this is a inside the author’s home (part of a residential range) as opposed to a business?
-
April 23, 2012 at 8:12 pm #40779
sil
ParticipantLet’s take an example IP from a business: (IP is random)
[root@kenji ~/]# whois -h whois.arin.net 74.95.180.0
#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=74.95.180.0?showDetails=true&showARIN=false&ext=netref2
#
Comcast Business Communications, LLC CBC-PHILADELPHIA-33 (NET-74-95-160-0-1) 74.95.160.0 - 74.95.191.255
Comcast Business Communications, LLC CBC-CM-4 (NET-74-92-0-0-1) 74.92.0.0 - 74.95.255.255
What do we notice with my example? Comcast Business Communications, What about normal Comcast cable users?
[root@kenji ~]# whois -h whois.arin.net 67.175.82.0
#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=67.175.82.0?showDetails=true&showARIN=false&ext=netref2
#
Comcast Cable Communications, Inc. COMCAST (NET-67-160-0-0-1) 67.160.0.0 - 67.191.255.255
Comcast Cable Communications, Inc ILLINOIS-19 (NET-67-175-0-0-1) 67.175.0.0 - 67.175.127.255
Notice the differences? Now let’s look at what Rel1k posts in his book:
[root@kenji ~/]# whois -h whois.arin.net 75.118.185.142
#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=75.118.185.142?showDetails=true&showARIN=false&ext=netref2
#
WIDEOPENWEST OHIO WOW-CL11-1-184-118-75 (NET-75-118-184-0-1) 75.118.184.0 - 75.118.191.255
WideOpenWest Finance LLC WIDEOPENWEST (NET-75-118-0-0-1) 75.118.0.0 - 75.118.255.255
Most BUSINESSES will have their business information posted on the whois. We see none of this, alongside that statement, there is no indicator of any business name or secmaniac or maniac or sec or any other worthwhile identifier to state this IP space belongs to the author. So let’s see who owns the IP space and what type of business they are in: WideOpenWest Finance LLC WIDEOPENWEST (NET-75-118-0-0-1) 75.118.0.0 – 75.118.255.255 Doesn’t seem like a security company to me, its a cable provider (http://www.wowway.com/).
Let’s try this with Microsoft:
[root@kenji ~]# nslookup microsoft.com | sed -n '8p' | awk '{print "whois -h whois.arin.net "$2}' |sh|grep "^Org"|sort -u
OrgAbuseEmail: abuse@hotmail.com
OrgAbuseEmail: abuse@microsoft.com
OrgAbuseEmail: abuse@msn.com
OrgAbuseHandle: ABUSE231-ARIN
OrgAbuseHandle: HOTMA-ARIN
OrgAbuseHandle: MSNAB-ARIN
OrgAbuseName: Abuse
OrgAbuseName: Hotmail Abuse
OrgAbuseName: MSN ABUSE
OrgAbusePhone: +1-425-882-8080
OrgAbuseRef: http://whois.arin.net/rest/poc/ABUSE231-ARIN
OrgAbuseRef: http://whois.arin.net/rest/poc/HOTMA-ARIN
OrgAbuseRef: http://whois.arin.net/rest/poc/MSNAB-ARIN
OrgId: MSFT
OrgNOCEmail: noc@microsoft.com
OrgNOCHandle: ZM23-ARIN
OrgNOCName: Microsoft Corporation
OrgNOCPhone: +1-425-882-8080
OrgNOCRef: http://whois.arin.net/rest/poc/ZM23-ARIN
OrgName: Microsoft Corp
OrgTechEmail: iprrms@microsoft.com
OrgTechHandle: MSFTP-ARIN
OrgTechName: MSFT-POC
OrgTechPhone: +1-425-882-8080
OrgTechRef: http://whois.arin.net/rest/poc/MSFTP-ARIN
Notice two things 1) the information for the COMPANY and 2) the AMOUNT of information being returned. Most whois lookups will return A LOT of information for companies whereas for most ISPs, the return will be a line or two long. That’s first. The second thing to notice is the names of the business itself or the association with the domain you are looking up and the return information.
[root@kenji ~/]# whois -h whois.arin.net 96.126.127.220
#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=96.126.127.220?showDetails=true&showARIN=false&ext=netref2
#
NetRange: 96.126.96.0 - 96.126.127.255
CIDR: 96.126.96.0/19
OriginAS:
NetName: LINODE-US
NetHandle: NET-96-126-96-0-1
Parent: NET-96-0-0-0-0
NetType: Direct Allocation
Comment: This block is used for static customer allocations.
RegDate: 2011-05-06
Updated: 2012-02-24
Ref: http://whois.arin.net/rest/net/NET-96-126-96-0-1
OrgName: Linode
OrgId: LINOD
Address: 329 E. Jimmie Leeds Road
Address: Suite A
City: Galloway
StateProv: NJ
PostalCode: 08205
Country: US
RegDate: 2008-04-24
Updated: 2010-08-31
Comment: http://www.linode.com
Ref: http://whois.arin.net/rest/org/LINOD
OrgNOCHandle: LNO21-ARIN
OrgNOCName: Linode Network Operations
OrgNOCPhone: +1-609-593-7103
OrgNOCEmail: support@linode.com
OrgNOCRef: http://whois.arin.net/rest/poc/LNO21-ARIN
OrgAbuseHandle: LAS12-ARIN
OrgAbuseName: Linode Abuse Support
OrgAbusePhone: +1-609-593-7103
OrgAbuseEmail: abuse@linode.com
OrgAbuseRef: http://whois.arin.net/rest/poc/LAS12-ARIN
OrgTechHandle: LNO21-ARIN
OrgTechName: Linode Network Operations
OrgTechPhone: +1-609-593-7103
OrgTechEmail: support@linode.com
OrgTechRef: http://whois.arin.net/rest/poc/LNO21-ARIN
RNOCHandle: LNO21-ARIN
RNOCName: Linode Network Operations
RNOCPhone: +1-609-593-7103
RNOCEmail: support@linode.com
RNOCRef: http://whois.arin.net/rest/poc/LNO21-ARIN
RTechHandle: LNO21-ARIN
RTechName: Linode Network Operations
RTechPhone: +1-609-593-7103
RTechEmail: support@linode.com
RTechRef: http://whois.arin.net/rest/poc/LNO21-ARIN
RAbuseHandle: LAS12-ARIN
RAbuseName: Linode Abuse Support
RAbusePhone: +1-609-593-7103
RAbuseEmail: abuse@linode.com
RAbuseRef: http://whois.arin.net/rest/poc/LAS12-ARIN
So who is this? What kind of company is it? I will let you answer this question now. It all boils down to power of logic and reasoning when unsure. You can i) Visit the website a whois returns to see more about the type of business associated with
the address and so forth.This is THE BIGGEST REASON that I am a stickler for understanding the common grounds of networking and systems before even attempting to venture out into security.
-
April 26, 2012 at 3:26 pm #40780
DragonGorge
ParticipantFor the challenge on the current (as opposed to the book’s) whois/netcraft results…
Performing a whois on secmaniac.net yields:
Domain name: secmaniac.net
Registrant Contact:
Whois Privacy Protection Service, Inc.
Whois Agent ()
Fax:
PMB 368, 14150 NE 20th St - F1
C/O secmaniac.net
Bellevue, WA 98007
US
Administrative Contact:
Whois Privacy Protection Service, Inc.
Whois Agent (vmhpxgmj@whoisprivacyprotect.com)
+1.4252740657
Fax: +1.4259744730
PMB 368, 14150 NE 20th St - F1
C/O secmaniac.net
Bellevue, WA 98007
US
Technical Contact:
Whois Privacy Protection Service, Inc.
Whois Agent (vmhpxgmj@whoisprivacyprotect.com)
+1.4252740657
Fax: +1.4259744730
PMB 368, 14150 NE 20th St - F1
C/O secmaniac.net
Bellevue, WA 98007
US
Status: Locked
Name Servers:
ns1.secmaniac.net
ns2.secmaniac.net
ns3.secmaniac.net
ns4.secmaniac.netNot a lot of company related info here (as opposed to what we’d get from yahoo.com) and the Netcraft query yields 96.126.127.220 for the ip and the owner of the netblock being Linode. Additionally, the “C/O secmaniac.net” would be a clue that we’re dealing with some kind of hosting/proxy service.
So looking at the results of your previous posting on the 96.126.127.220 we again see a info pertaining to Linode and further inspection of Linode indicates this is a web hosting company, i.e. this is not a residential. Yes/No/Partial credit?
Curiously, doing a nslookup on secmaniac.net yields a different ip and doing yet another whois on that ip yields the following
> set type=any
> secmaniac.net
Non-authoritative answer:
Name: secmaniac.net
Address: 184.106.97.209
whois results:
Rackspace Hosting RACKS-8-NET-4 (NET-184-106-0-0-1) 184.106.0.0 - 184.106.255.255
Slicehost RACKS-8-1292257565649418 (NET-184-106-96-0-1) 184.106.96.0 - 184.106.99.255
Which appears to be yet another web/cloud hosting company.
However, I can ping 96.126.127.220 but not 184.106.97.209 so my conclusion would be that the nslookup info is stale and secmaniac.net has been moving around quite a bit since the book was written.
I’d still like to do the same analysis on a real residential site.
-
-
AuthorPosts
- You must be logged in to reply to this topic.