CPT Practical – Feedback Please…

Viewing 133 reply threads
  • Author
    Posts
    • #5816
      bm5034
      Participant

      Greetings all:

      I am in the process of taking the practical portion of the IACRB CPT exam. As most of you well know, you’ve got 60 days to complete and submit. I’m on the final step of the exam, which requires cracking of the root password on a Linux host. For me, this step seems to be taking quite a long time (15+ days now). While I realize that real-world password cracking can take days, months, or even years (depending on complexity), I’m curious to see if others have had the same experience. Also, what are your general feelings on the CPT and the amount of weight it carries in the pen-testing field? I’ve passed the CEH (InfoSec training) and have been considering the OSCP.  Thoughts on that?

      My planned direction is to “break into” this field starting next year, and I’m looking for suggestions on a sound approach. Ideally, I’d like to work as an independent, providing services to small companies (in the long run), but I realize that true pen-testing is seldom a one-man show.

      Thanks in advance!

    • #36424
      SephStorm
      Participant

      Hi, welcome to EthicalHacker.net! While I will leave your questions to others with knowledge of the subject, You say you took the InfoSec Institute training? I would be very interested in hearing your review of the company and its training. If you have time, please, let me know your thoughts in this thread, or by PM. 🙂

    • #36425
      hayabusa
      Participant

      Welcome!

    • #36426
      sil
      Participant

      @bm5034 wrote:

      Greetings all:

      I am in the process of taking the practical portion of the IACRB CPT exam. As most of you well know, you’ve got 60 days to complete and submit. I’m on the final step of the exam, which requires cracking of the root password on a Linux host. For me, this step seems to be taking quite a long time (15+ days now). While I realize that real-world password cracking can take days, months, or even years (depending on complexity), I’m curious to see if others have had the same experience. Also, what are your general feelings on the CPT and the amount of weight it carries in the pen-testing field? I’ve passed the CEH (InfoSec training) and have been considering the OSCP.  Thoughts on that?

      My planned direction is to “break into” this field starting next year, and I’m looking for suggestions on a sound approach. Ideally, I’d like to work as an independent, providing services to small companies (in the long run), but I realize that true pen-testing is seldom a one-man show.

      Thanks in advance!

      You may want to find a better wordlist. I cracked IACRB’s password in under 3 minutes. My method for cracking the password portion of the exam was to create a pseudo distributed system to do the cracking. I took 4 machines with about 2gigs of memory each, downloaded a couple of wordlists, made some voodoo regex’s of the files, put them on different machines and fired them up. At best I think I was able to generate about 20 million attempts per minute,

      The pw cracking portion was easy to me. It boils down to a few things when cracking passwords: 1) The PW cracker you’re using 2) the wordlist(s) your using 3) the processor speed/memory of the machine doing the cracking. Here is a quick primer on password cracking: http://geodsoft.com/howto/password/cracking_passwords.htm without giving up the keys to the kingdom, this portion should not take you that long.

      Did you manage to finish the second portion of the test or did you just start? There are always two ways to skin a cat you know 😉 But that’s all I will say on the exam.

      As for the OSCP, points of view differ on this. Depending on what exam you receive for the CPT (I’m assuming here they have a few different deliverables), my technical exam was difficult as I had to work around my own exploit on a Bastille hardened version of Linux. Trust me when I tell you this, there was NO publicly available exploit for me to compromise the machine. I had to modify a few exploits with GDB in the background to get it working. Took me 3 days off and on to finish up the entire exam.

    • #36427
      bm5034
      Participant

      Thanks for the information; it’s much appreciated.  I figured things were taking too long, but I couldn’t be sure.  I’m using JTR on the passwords, and I’ve got two machines working together.  Best I can do, hardware-wise.  Looks like I’ll be searching for other wordlists.  I’ve already obtained the root password for the first host; only need to get the second one at this point, then I’m ready to submit my results.

      I’ve also considered taking InfoSec’s Advanced Ethical Hacking course in the spring of next year.  I understand that course focuses more on shellcoding, exploits, malware and the like.  I’ve heard good reviews, so I may go for that one next.

    • #36428
      UNIX
      Participant

      From the opinions I’ve heard of, InfoSec’s Advanced Ethical Hacking course is excellent. Looking at the instructors, I have hardly a doubt on that. If you decide to take it, a review would be nice.

    • #36429
      sil
      Participant

      @bm5034 wrote:

      I’ve also considered taking InfoSec’s Advanced Ethical Hacking course in the spring of next year.  I understand that course focuses more on shellcoding, exploits, malware and the like.  I’ve heard good reviews, so I may go for that one next.

      Here is a tip…  As with real world penetrations, you should perhaps seek to obtain the password of ANY account not necessarily the root password. With a normal user account, you could then use a local exploit to escalate privileges. So, again, depending on how your performing password cracking, there is a likelihood you went overboard and could have obtained root access by other means. “just a thought”

    • #36430
      Anonymous
      Participant

      bm5034:  Your description sounds like my own experience with the CPT practical – first machine’s root password was an easy crack, but the second one’s still running, 2 weeks later…  I’m also hardware limited, at least for now, so not much I can do to speed things up except perhaps a better wordlist.

      My 2 cents’ worth on InfoSec Institute – I thought their Ethical Hacking class was well-presented, and the materials seemed thorough and well-assembled.  The instructor (Keatron Evans) was very good, kept things interesting.  Passed the CEH, hoping to pass the CPT, then figuring out where to go next…

    • #36431
      sil
      Participant

      @jtb3125 wrote:

      then figuring out where to go next…

      *sigh* my biggest dilemna 🙁 Well I have GREM in Jan/Feb and I’m itching to take some training/testing again. Just don’t know which way to go with this. I don’t want to go the vendor route but I may be forced to do JNCIA + JNCIS soon because of the amount of Juniper crap I deal with nowadays… CCIE(s) reading + lab studies are still around but I do it more for perversion than anything else. (For those who don’t know, I’ve actually spent about 10 years learning Cisco things…) Just too darned lazy to opt for taking the CCNA, then the CCSP route to get to the CCIE(S). I started studying immediately for the CCIE in 98-99 (see appendix @ http://www.ouah.org/protocol_level.htm written 2000 imagine that!) and kept on studying at my own leisure…

      Anyhow, my big fear with the CCIE is the lab. Failure = a lot of moolah. It’s not a cheap exam. The written I don’t believe I’d have a problem with. It’s the lab because I don’t have enough time to create scenarios, etc., I still have my lab, IPExperts audio, books, etc., its just not worth studying at the level to me anymore.

      I like technical exams. I may do the OSCE soon, but I’m thinking… GREM first. Let me take a break for a month or two… Right after the GREM I may do, CREA, CCFE, EnCE one right after the other. I may follow up with other SANS classes depending on polit(r)ic(k)s. Unsure though. By next year if I was successful, I would be a bizarre professional

      CPT, OSCP, CEH –> attacker
      CHFI, EnCE CCFE –> analyst/forensic
      GREM, CREA –> reverser

      Not only that, would likely cost more to print my business cards. I was also looking at the NOP 😉 Now that would be hardcore… http://www.immunitysec.com/services-cnop.shtml

    • #36432
      bm5034
      Participant

      Thinking about this more, my next step will likely be the Advanced CEH class.  I personally have more interest in shell code, reversal, malware, exploits and the like, since I come from 12+ years in software/database development.  I would enjoy working with software and data, as well as how products can be better designed to prevent these kinds of attacks.  The pen-testing/ethical hacking profession will be a new endeavor for me, but I favor working with the software/data side of security, rather than the networking/admin side.

      If I fare well after that, I’ll need to determine what other certifications would be best to obtain with a focus on software/database exploits and security.  I suppose that would be my next question…

      (As a side note related to my original topic, I did successfully compromise the second host by logging in with a standard account, then performing a privilege escalation exploit.  From there, I was able to obtain the root password hash, and here I sit waiting, two weeks later…)

    • #36433
      SephStorm
      Participant

      So, I admit myself confused, the CEH/CPT by ISI does not require the shell-coding/programming knowledge?

    • #36434
      bm5034
      Participant

      In the CEH/CPT, you learn the concepts of programming exploits using shellcode, but you don’t actually do any coding.  The exploits you use are already prepared for you in the labs.  In the advanced CEH course, you actually write the exploits, so it’s *strongly* recommended that you have knowledge of assembler or C beforehand.

      My instructor in the CEH class suggested that I get a copy of the Shellcoder’s Handbook (J. Koziol) to do some advance reading in preparation for the advanced class.

    • #36435
      SephStorm
      Participant

      Okay, that explained it. What books did you guys use during the course? Did they provide any?

    • #36436
      bm5034
      Participant

      Two books were used: a textbook and lab manual.  You had the option of having the textbook sent to you in advance, when InfoSec received your course payment in full.  This is what I did, and it really helped me to prepare, as I had read through the textbook twice before the week of class.

      The lab manual was given out in class.  You were also given two DVDs to keep: one was a linux attack server VM, and the other was a collection of tools used in the class.

    • #36437
      edygert
      Participant

      I just passed the CPT exam last month and the CEH this morning after taking the online version of the InfoSec Institute Ethical Hacking course. I found the course materials to be excellent. However, for the CEH test, I also recommend studying the Michael Gregg book before taking the CEH. The CPT multiple choice was very easy but the practical took me several days to finish. Escalating privileges on the two machines was fairly challenging.

      I am currently taking their Advanced Ethical Hacking course and am about 1/2 done. I don’t recommend it if you are not a programmer. I have been programming for over 30 years so I am really enjoying the course.

      I am taking the GIAC GPEN test on Monday. I took one of GIAC’s GPEN practice tests and did really well on it. Just have a few things to brush up on. There is a lot of overlap between CEH/CPT and GPEN.

    • #36438
      SephStorm
      Participant

      Welcome to EH.net and thanks for the review. I have been wanting to meet someone who took their online training.  🙂

    • #36439
      caissyd
      Participant

      Also, what are your general feelings on the CPT and the amount of weight it carries in the pen-testing field?

      I am curious the hear what people think about CPT vs the other certs. Also, will it help getting through HR?

    • #36440
      rpm5099
      Participant

      @sil wrote:

      @bm5034 wrote:

      Greetings all:

      I am in the process of taking the practical portion of the IACRB CPT exam. As most of you well know, you’ve got 60 days to complete and submit. I’m on the final step of the exam, which requires cracking of the root password on a Linux host. For me, this step seems to be taking quite a long time (15+ days now). While I realize that real-world password cracking can take days, months, or even years (depending on complexity), I’m curious to see if others have had the same experience. Also, what are your general feelings on the CPT and the amount of weight it carries in the pen-testing field? I’ve passed the CEH (InfoSec training) and have been considering the OSCP.  Thoughts on that?

      My planned direction is to “break into” this field starting next year, and I’m looking for suggestions on a sound approach. Ideally, I’d like to work as an independent, providing services to small companies (in the long run), but I realize that true pen-testing is seldom a one-man show.

      Thanks in advance!

      You may want to find a better wordlist. I cracked IACRB’s password in under 3 minutes. My method for cracking the password portion of the exam was to create a pseudo distributed system to do the cracking. I took 4 machines with about 2gigs of memory each, downloaded a couple of wordlists, made some voodoo regex’s of the files, put them on different machines and fired them up. At best I think I was able to generate about 20 million attempts per minute,

      The pw cracking portion was easy to me. It boils down to a few things when cracking passwords: 1) The PW cracker you’re using 2) the wordlist(s) your using 3) the processor speed/memory of the machine doing the cracking. Here is a quick primer on password cracking: http://geodsoft.com/howto/password/cracking_passwords.htm without giving up the keys to the kingdom, this portion should not take you that long.

      Did you manage to finish the second portion of the test or did you just start? There are always two ways to skin a cat you know 😉 But that’s all I will say on the exam.

      As for the OSCP, points of view differ on this. Depending on what exam you receive for the CPT (I’m assuming here they have a few different deliverables), my technical exam was difficult as I had to work around my own exploit on a Bastille hardened version of Linux. Trust me when I tell you this, there was NO publicly available exploit for me to compromise the machine. I had to modify a few exploits with GDB in the background to get it working. Took me 3 days off and on to finish up the entire exam.

      I’m in the same boat – I have successfully compromised both machines so I have the root password for one and a normal user account for the other.  I was able to do a privilege escalation and get the shadow file for the second machine and have been working to crack it but I’m stuck right now on that (to the user who posted about already having root access, cracking the password is required to pass).  Up to this point I have done every manipulation that I can think of without success.  I have used the wordlist mode with every permutation of rule possible that I could think of as well as the ones that are already built into john.  I’ve also used a number of additional dictionaries and applied rules to those, including adding known passwords and password formats from the root password of the other machine.  In incremental mode I’ve tried every different character set in john in password lengths up to the point where they can be cracked in a reasonable amount of time, and I’ve also tried some other character sets that were made more recently with very large sets of actual passwords.  The only real option that I havent tried is rainbow tables.  I know its a FreeBSD MD5 hash so I could try that next but I’m pretty sure that is not going to be the way to do it, even if it does end up working. 

      Another thing is that I’m only getting about 12k c/s, and I’m running a pretty beast overclocked new CPU (quad core 64bit, not that that matters) – does this seem slow?  If so, can anyone direct me to instructions on how to speed it up?  I’m out of ideas at this point, and concerned I may be on the wrong track here, so any input would be greatly appreciated.

       

    • #36441
      sil
      Participant

      @H1t M0nk3y wrote:

      Also, what are your general feelings on the CPT and the amount of weight it carries in the pen-testing field?

      I am curious the hear what people think about CPT vs the other certs. Also, will it help getting through HR?

      The easiest mechanism to determine the weight/validity/*sought_afterness is to see what’s being sought on sites like Dice.com for example:

      http://seeker.dice.com/jobsearch/servlet/JobSearch?op=302&dockey=xml/7/0/70bd6464f12b5852d249b887aee14659@endecaindex&source=19&FREE_TEXT=cpt+security&rating=99

      * IT Security Certification (CISSP) completed or in progress preferred
      * Other Security certifications, Security +, CEH, CPT, GIAC, CCSP recommended

      Certification such as CISSP, CISM, GSEC, GIAC, CEH, CPT, PCI are strongly preferred ABITLITY TO TRAVEL The position requires up to 60% out-of-town travel to client locations.

      http://seeker.dice.com/jobsearch/servlet/JobSearch?op=302&dockey=xml/7/0/700da35614c089061d4db102d1d09e3a@endecaindex&source=19&FREE_TEXT=cpt+security&rating=99

      ?Professional Certification such as CISSP, CISM, GSEC, GIAC, CEH, CPT, PCI are strongly preferred

      http://seeker.dice.com/jobsearch/servlet/JobSearch?op=302&dockey=xml/2/6/2631309644952da36536ec87339e0748@endecaindex&source=19&FREE_TEXT=cpt+security&rating=99

      Other Security Certifications (such as CEH, CPT, GCIH, etc.)

      http://seeker.dice.com/jobsearch/servlet/JobSearch?op=302&dockey=xml/0/2/029f5e40307a2c1b58ddf142d35df6a6@endecaindex&source=19&FREE_TEXT=cpt+security&rating=99



      We can see that HR departments know “OF” the CPT although most have zero idea of the differences in certifications. For example, I’ve seen penetration tester jobs where the requirements were a CISM or CISSP. I’ve seen security manager positions where the requirements were CCNA’s. At the end of the day, it all boils down to presentation. How you present yourself and your capabilities. A resume is used to pass stage 1, the HR individual who has a written detail of the job duties. Normally, its the second and every interview thereafter that matter.

      In 1998 I interviewed with Kroll O’Gara who had purchased Securify, who had purchased Packet Storm from Ken Williams. Back then I had zero certs but I had the experience. I was offered a job in their NYC office but turned it down the moment I was told I’d be wearing suits. (I kid you not). I prefer to be comfortable doing what I do without the suits thank you.

      I can tell you from experience, certs don’t always equate into offers. In fact, I had more offers before I had certs. Often for positions that were seeking CISSP’s, CISA’s, EnCE’s, etc. While it helps to have them (certs) it all boils down to two things that trump certs at the end of the day:

      1) What you know
      2) Who you know

      How I miss the dotcom daze

    • #36442
      hayabusa
      Participant

      @sil wrote:

      While it helps to have them (certs) it all boils down to two things that trump certs at the end of the day:

      1) What you know
      2) Who you know

      How I miss the dotcom daze

      Amen! (to missing the dotcom daze)

    • #36443
      caissyd
      Participant

      Thanks again sil (I often feel dumb when you answer my questions…  ;D)

      Yes, my goal is to pass the HR layer. Of course, it is 1) What you know and 2) Who you know. But very recently, I was giving my business card to a “CISSP” guy. He immediately looked at my certs and when he couldn’t CISSP, he turned it down… Man I hate that! But on the other hand, maybe I wouldn’t even want to work for a guy like that…

      So yes, certs and resumes get you an interview. Then you have to be able to answer the questions!

    • #36444
      Brian Cowen
      Participant

      hello . . . !!!
      i am also new here ,24,male. nice to meet you !!!
      looking forward to get so much useful info and some good friends from here , nice forum , keep up the good work .Have a nice day . . !!!

    • #36445
      Anonymous
      Participant

      So, just to update – I passed the CPT!

      Here’s a word of advice – when you get to the end of the 60 days, whether or not you completed cracking both root passwords…  Document the pentest, in detail, demonstrating that you know what you’ve done and what the results mean, and send that puppy in…

    • #36446
      prtrnr13
      Participant

      jtb3125, Congrats on passing the CPT!!! I am trying to finish my CPT practical as well.  I have all the passwords except the last root password.  You said that you passed the CPT and your advice was to turn it in whether or not both passwords were cracked.  Did you crack both passwords?

    • #36447
      Smeghead
      Participant

      I too am on the last stage, I have escalated privileges on the second box but JTR is taking foooorreeeevver to crack this root password.

      Im getting 7100 c/s how long should I expect it to take?
      Should I be using something else? JTR is a hybrid so I would have thought it was the right tool to use.
      Dont suppose anyone would like a crack at my shadow file with your huuge clusters?  🙂

      My 2c about Infosec Institute is that you CANNOT do better than them for your CPT/CEH training, unless you are lazy and dont even try its virtually impossible to fail. Excellent class, excellent instructors.

    • #36448
      UNIX
      Participant

      As suggested by sil, you might try other wordlists. It shouldn’t take too long to solve this part of the challenge.

    • #36449
      Smeghead
      Participant

      I downloaded a 46MEG wordlist file and it got through it in about 10 minutes with no luck.
      I got a 400MB one im trying now but if that doesnt work…

      Is brute force the only option? It could take weeks! months!?!

      Also will JTR only try words in the wordlist? I thought it was a hybrid which means it would try those words + those words with special characters intermixed right?

    • #36450
      Smeghead
      Participant

      Yay! That did it in SIX minutes!

      command used:

      john –rules –wordlist=mangled.lst all.lst  shadow

      mangled.lst = 400MB
      all.lst – 45MB

    • #36451
      ziggy_567
      Participant

      With dictionary attacks, your success is not based solely on the size of the dictionary – its the quality of the dictionary. It doesn’t matter how big your dictionary is….if the word is not in there, you will never crack it.

      What you are looking for with a brute force attack in Jtr is incremental or external. Incremental is the one most often used. I would use brute forcing only as a last resort, as it is usually not successful (especially with a small set of passwords).

    • #36452
      SephStorm
      Participant

      EDIT:whoops.

    • #36453
      Joshsevo
      Participant

      I need some help on this. 

      I am a newbie as some of you know.  I passed the first part of the CPT test and now I am about to start the practical and am stuck. 

      Again I am a newbie and only played with VM player twice.  I have the disc the techer form the InfoSec class gave us.

      It loads fine.  I see instructions and two other files named “target1 & Target2” or something like that.  I’m at work and not sitting in front of the computer now so going off memeory here.

      But I load them up and they start to load and it stays on a black screen and says ” NO OS detected”.  Assuming I am understanding this coreectly I have to install my own OS into the VM that I got from class.

      Any help?  I have tried calling the teacher already to help me start and also tried calling Infosec. 

    • #36454
      lorddicranius
      Participant

      I haven’t used VMWare Player in awhile, but when setting up a new VM in VirtualBox you have to make sure you load the CD/ISO in the virtual CD-ROM, then boot up the VM.  It’s like you’re setting up the hardware (creating the VM to show up in your list), then installing the OS…if that makes sense.

    • #36455
      Joshsevo
      Participant

      I think I understand.  I will give that a shot when I get home.

    • #36456
      hayabusa
      Participant

      Most class VM’s SHOULD be good to go, already.  If they gave you the vmdk files, and they’re fairly sizeable, you shouldn’t have to install an OS.  You should just go to the file menu in VMWare, do an Open, and browse to the proper vmx config files, for each.  The only other thing you might have to do (maybe) is edit the vmx to make sure paths are set to your local machine file paths.

      Oh, and one more thing…  If you copied the files from CD or DVD, make sure to take off the Read-Only flag on them…  That might be contributing to your grief.

      (edit – you can’t run them from the CD /DVD unless they’re just ‘live dvd’ images)

    • #36457
      Joshsevo
      Participant

      Ok SO I’m home now and I here is what I have

      CD from InfoSec
      Instructions

      When I click on Start, Computer and then go to the CD that is in my E Drive I have a folder named CPT. 
      Double click CPT folder
      Opens to shows 6 files:
      ._CPT Instructions.htm…….can’t open this one
      CPT Instructions.htm…this opens to the instructions on the test
      CPT.VM1.rar
      CPT.VM2.rar
      VM-player 3.1.2-301548.exe
      wrar.393.exe

      Double click the file VM.exe and it installs VW player
      The CPT.VM1.rar files show them being as Itunes opened files.  Meaning there is an iTunes logo on the file because I probably have the .rar files being auto opened by this.  Don’t think this is a big deal though as I can just click “open with VM”…right?

    • #36458
      Joshsevo
      Participant

      Here are the instructions:

      On the DVD provided to you, will be a folder named CPT Practical.  In this folder you’ll find a copy of winrar, a copy of vmware player and two virtual machines.  You’ll need to uncompress the .rar files using winrar, then start the virtual machines included in these two .rar files

      (CPT VM1.rar and CPT VM2.rar).  Once these are started you’ll need to perform a penetration test against these two virtual machines.

      No IP addresses will be given.  You must first discover the ip’s of the two virtual machines first.  Once you’ve discovered them you will need to do recon on both machines. You’ll need to configure your network or computer appropriately to operate on the same network or in the same network range of the two VM’s.  You are allowed to use the Linux Attack VM you were given in the Infosec Institute Ethical Hacking class.  Discover if there’s any services running on them that might be vulnerable.  You’ll need to document your network recon efforts.

      It might be helpful to perform man in the middle per your instructions in class, against the two virtual mchines.  From this MiTM you should get at least one of the two root passwords!

      You must launch a network based penetration attack against the two machines and discover potential credentials.  The only hint you have in that regard is the paragraph above.  The end result should be that you obtain the root password to one of the virtual machines.

      Once you’ve gained root on one machine, you’ll need to crack some other user accounts on that compromised machine.  Remember credentials and accounts MIGHT be used on both machines, so once you’ve cracked the accounts on the first machine, consider that possibility.

      Once you gain some level of access on the second machine (it most likely won’t be root privileges), you’ll need to perform a local exploit or as it’s also called a privilege escalation exploit to gather the shadow file on the second machine.  Once you have the shadow file, crack away until you have the second root password.

      Be advised you won’t be considered for being awarded the IACRB Certified Penetration Tester certification if both root passwords are not obtained and/or you don’t document your penetration test.

      Good Luck!

    • #36459
      hayabusa
      Participant

      So you need to install winrar (wrar.393.exe,) use it to extract the vm’s from the two RAR files, install VMPlayer, then point to the extracted VM’s and go.

    • #36460
      hayabusa
      Participant

      Oh…  And Good Luck!  😀

    • #36461
      Joshsevo
      Participant

      HA that was it.  It;s working now.

      LOL I swear I did this.

      Cool Thanks.

      Looks like I have to break the username and password just to get into the system.

    • #36462
      Joshsevo
      Participant

      Ok, been working on this for like 4 hrs now.  I have been trying a bunch of passwords to try and get into the first system.

      How am I supposed to attack this machine with a brute force if the computer is VM.  Can I attack it from my desktop?  I guess I don’t understand how I am supposed to attack VMware if I can’t be physically be in the VM yet?

      My goal right now is to get the username/password to get into the CPT VM1.

    • #36463
      hayabusa
      Participant

      Hint – did you clearly read those instructions you posted?  They almost ‘give’ you the key to getting your first root password.  (Man-in-the-middle)

      You’ll need to work for this, and in the interest of “fair play,” we can’t help you much more, if this is actually your exam.  But I will say, they pretty much handed you the keys to the kingdom in those directions that you posted…

    • #36464
      Joshsevo
      Participant

      Ya I got the username/password shortly after posting this.  That is common with me as I “jump the gun” on things sometimes.

    • #36465
      hayabusa
      Participant

      Glad to see you’re progressing.  Good job.

    • #36466
      Joshsevo
      Participant

      So let me ask this.  There is no real way to get the files that Infosec gave me on a 2nd CD that has most of the tools I would use to do this onto the VM machine, correct?  I am stuck here now.

      Trying to download things like Jon the Ripper and it saves it at the Home but since i have virtually no experience with Linux I am up the river without a paddle.

      So again my question is can I get files from my CD drive ontp the VM.  As of right now I don’t think so.

    • #36467
      hayabusa
      Participant

      VMWare should allow you to mount your physical cd drive into the guest.  My bet is that you need to do that.  I don’t have it in front of me to tell you the menu, but it’s like Devices – CD/DVD drive – then choose, when you’re in a particular VM guest.

    • #36468
      Joshsevo
      Participant

      I kinda got lazy on this the last few days.  I suppose I was happy I got the password and then didn’t do a thing to it since.

      Although the whole VM not being able to download all my tools is upsetting me.

    • #36469
      Joshsevo
      Participant

      I am the shit….. I think I got it now.  Now I need to see which folders can load up…so far none…LOL

    • #36470
      SephStorm
      Participant

      I think you are going about this the wrong way. i’ll try to help without spoiling it. Your host machine is your attacking pc. Your tools should be accessible on that machine. You need to review the hacker methodology to see what your goals are. Gain information, exploit that information to gain access, elevate privileges, get your token and ensure you have a way back in if the “company” discovered the first vulnerability. (The last part isnt required, but I thought it pertinent.)

    • #36471
      Joshsevo
      Participant

      I believe that you are correct.  Shows ya how new I am to the VM stuff.  This is like my 5th time using it and the most in-depth.

      Slowly learning.

    • #36472
      hayabusa
      Participant

      Security is ALWAYS a learning process.  Just keep moving forward!

    • #36473
      r2s
      Participant

      @hayabusa wrote:

      Security is ALWAYS a learning process.  Just keep moving forward!

      +1.

      In terms of the practical, make sure that you are documenting the steps you took to complete each phase of the pentest and the details involved. The final engagement report is a vital role in whether or not you pass in the end regardless of whether you get roots or not (actually rephrase; I don’t think you can pass with no root pws).

      My advice would be to take snap shots, title them according to what you were doing at the time, and maybe make a little notepad document correlating the events with the snapshots.

    • #36474
      Joshsevo
      Participant

      Oh I am.  The teacher mentioned how important this was as it could get yourself into a lot of trouble if you don’t and can save you if you can provide the documentation.

      I have to get hot on this, this weekend. 

    • #36475
      Joshsevo
      Participant

      So I am trying to get hot on this and everything is up and running except I have no idea how to connect to the VM.  I’ve tried playing with some settings like “host only” “bridged” “NAT” none of them seem to be working.

      I’ve gone onto the VM and went into the console and tried typing “ifconfig” to see if that works to get the IP so I can then Ping it from the host.  Nothing…any suggestions?

    • #36476
      hayabusa
      Participant

      A couple of thoughts.

      Assuming they didn’t hardcode the IP, then it should get a DHCP-assigned address from VMWare.  Look at VMWare’s config, see what subnet those adapters (host only, NAT, etc) are assigned to, then scan the subnet assigned to the adapter you’ve set the VM to use, from your host, to see what addresses are there / in use.  (You SHOULD only see your machine and the Guest…)

      You might also do an ‘ifconfig eth0’ up, or an ‘ifup eth0’, depending on the lunix variant of the guest, in the event the guest’s NIC isn’t even alive, yet.

    • #36477
      SephStorm
      Participant

      Agreed. If you are using the suggested setup, with Windows as your host machine, and no (unnecessary)extra devices, I can tell you that you should set all the machines as Bridged. Scan the network and you will find the VM’s with ease. To be safe, I would make sure your internal network is setup under a traditional subnet (i.e 192.168.1.0). If this doesnt work tell us your exact setup.

    • #36478
      Joshsevo
      Participant

      I will double check what I left the settings on.  Since the begining I had it on Bridged as that is what it was defaulted too but then after doing some research I fooled around with it.

      Using the terminal on the Linux box I can only run a few commands.  Most of the commands are not working so maybe they have it locked down also.  Life would be easier if I could just go in a do a “ifconfig” get the IP that way and then move from there.  But such is life.

    • #36479
      SephStorm
      Participant

      Wait, are you logged into one of the practical VM’s? i.e one of the Red Hat boxes or are you talking about the attack VM?

    • #36480
      Joshsevo
      Participant

      Um I tried both.  I was on the host which is my despktop and then tried to get the IP’s from there doing certain CMD’s IPconfig.  Nothing showed. 

      Then I logged onto CPTVM1 and tried to get the IP’s off it (ifconfig). Again getting nothing.

      I have not done anything yet to the second one CPTVM2, should I?

    • #36481
      SephStorm
      Participant

      ok, you cannot get an IP from your actual PC?

    • #36482
      Joshsevo
      Participant

      LOL ok, jeez I feel dumb. LOL so on the CPTVM1 how do I go about getting the IP ranges for CPTVM 1 & 2.

    • #36483
      Joshsevo
      Participant

      I feel I am over my head on this one.  Sucks cause I wanted it.  No luck on getting the two to be able to talk to each other.

      I suppose I am still a bit confusedon which computer am I supposed to use to do the attacking.  I first thought the cptvm1 was the attackeing and I was supposed to get info about it (IP ranges, users, username/passwords) then use that to attack cptvm1.  But in order for me to attack the 2nd one I need the tools loaded onto cptvm1 to use them.  If this is the case then I am having problems getting the programs to execute.

      Or..

      If I am supposed to use my host computer to attack the two VM’s and get the info from there.  This is a bit easier for me, but so far the things I have tried has not worked and I still can’t talk to the VM’s to begin the attack.

      Tried calling the oraganization that offers this cert and they have yet to call me back…..3 weeks ago.  tried calling my teacher from Infosec Institute and he has not picked up or called me back or emailed me back.

    • #36484
      r2s
      Participant

      @Joshsevo wrote:

      I feel I am over my head on this one.  Sucks cause I wanted it.  No luck on getting the two to be able to talk to each other.

      I suppose I am still a bit confusedon which computer am I supposed to use to do the attacking.  I first thought the cptvm1 was the attackeing and I was supposed to get info about it (IP ranges, users, username/passwords) then use that to attack cptvm1.  But in order for me to attack the 2nd one I need the tools loaded onto cptvm1 to use them.  If this is the case then I am having problems getting the programs to execute.

      Or..

      If I am supposed to use my host computer to attack the two VM’s and get the info from there.  This is a bit easier for me, but so far the things I have tried has not worked and I still can’t talk to the VM’s to begin the attack.

      Tried calling the oraganization that offers this cert and they have yet to call me back…..3 weeks ago.  tried calling my teacher from Infosec Institute and he has not picked up or called me back or emailed me back.

      Without violating NDA (for the networking issue), all I can say is think back to your pentesting methodologies and how networks work in general. Think about how hosts get IPs and what that interaction looks like. Think about what tools you could use to see network interactions.

      Your host machine (if bridged) or guest VM(s) is/are supposed to leverage the two VMs. If you happen to get root on CPTVM1 before CPTVM2 or vice versa then so be it. 🙂

      The networking advice sounds extremely basic but if interpreted right you’ll soon be on your way. In my experience with this exam, you will definitely find multiple sticking points where things just don’t work as expected but the pain and anguish is well worth it and  will be vastly beneficial in your overall development.

    • #36485
      Joshsevo
      Participant

      R2s,

      Thanks for the response. I am a bit frustrated to say the least.  If you have been keeping up with this thread since I brought it back from the dead you will see that I am a recent graduate and have never had a IT related job for the most part. 
      My knowledge of networks is very basic.  IP’s come from the ISP.  No idea what they look like or how they are really generated.  No experience in that.  What do you mean leverage the VM’s??  How can I get the root if I cannot even ping the VM to use certain brute force tools to crack the password.  Fomr playing around with John the Ripper, it asks for a Target IP to begin.  I don’t know that target IP.

    • #36486
      lorddicranius
      Participant

      @Joshsevo wrote:

      (CPT VM1.rar and CPT VM2.rar).  Once these are started you’ll need to perform a penetration test against these two virtual machines.

      No IP addresses will be given.  You must first discover the ip’s of the two virtual machines first.  Once you’ve discovered them you will need to do recon on both machines. You’ll need to configure your network or computer appropriately to operate on the same network or in the same network range of the two VM’s.   You are allowed to use the Linux Attack VM you were given in the Infosec Institute Ethical Hacking class.  Discover if there’s any services running on them that might be vulnerable.  You’ll need to document your network recon efforts.

      1) It looks like the CPT VM’s are both target machines.  Use either the Linux Attack VM you were given during class or another machine you’ve setup for attacking (BackTrack, Samurai WTF, etc).

      2) As for the IP situation, go back to the networking settings for the VM’s (e.g. bridged, internal, etc).  Understand the different network settings used by the VM software you’re using (VMWare Player, Virtualbox, etc).  Once you understand that, you’ll be able to configure the VM’s to the proper network settings and move forward.

      As for finding what IP’s they’ve acquired, per the instructions it looks like that’s part of the exam so I’m not sure how far I can go with helping…but given you aren’t getting any feedback from the cert org or your instructor,  I’ll just throw some terms out there and see if you can sort it out 😉 DHCP, ARP, Wireshark, nmap…

    • #36487
      Joshsevo
      Participant

      There was not an attack machine or VM given to me.  Just one disc with cptvm1 and cptvm2 on it and a good luck!

    • #36488
      SephStorm
      Participant

      There should have been another, but at this point, it doesnt matter (you can contact ISI if you cant find it in your packet). Actually, some of the videos go through all this, have you viewed the course videos?

      okay, my suggestion:

      Turn off your vms and boot up your pc. (Windows) Open up command prompt and insure you have an ip address. If you do, then boot up a new vm booting from CPTVM1. do a ping sweep using nmap from your windows PC. You should find a new device. (i.e the vm.) if that works, do the same with CPTVM2. If you have any problems going through this, PM me.

    • #36489
      Joshsevo
      Participant

      OK answer this for me.

      I log onto cptvm1 and I go onto the internet on the VM.  I have wireshark up and catching packets.  Why doesn’t wireshark show the HTTP traffic.  I’ve watched some tutorials about wireshark and they show HTTP traffic when using a regular computer.  (the videos were done on a computer and not a VM).

      This is what I am seeing so far.

    • #36490
      SephStorm
      Participant

      Couldnt tell you. You should never login to the VM’s, except via shell, they are representing remote systems you dont have physical access to.

    • #36491
      Joshsevo
      Participant

      Ok, I open the cmd on my computer.  I type ipconfig and I get the following

      Ethernet adapter local area connection:
      blah blah blah
      blah blah blah blah
      IPV4 192.168.1.XXX This is my IP
      blah blah blah
      blah blah blah

      Ethernet Adapter VMware Network Adapter VMnet1:
      blah blah blah
      blah blah blah
      IPv4 192.168.213.1

      Ethernet Adapter VMware Network Adapter VMnet8:
      blah blah blah
      blah blah blah
      IPv4  192.168.191.1

      I assume these are my VMware IP’s?  Why this didn’t show the other day I don’t know.  Maybe because I had the VM on “host only” and tonight when I got home I changed it to Bridged.

      This is what I have so far.  I’m goin to bed.

    • #36492
      lorddicranius
      Participant

      Those interfaces you’re seeing on your host computer (VMnet1, VMnet8) are interfaces created by the VMWare software that allow all the VM’s to communicate.  Picture a physical switched network all contained within your one host computer.  The VM’s need a switch to talk to each other.  That’s what these interfaces do.

      http://www.vmware.com/support/ws55/doc/ws_net_component_vswitch.html

      So what you can gather from that, is depending on the type of networking you configured for the VM’s, you’ll know which subnet they reside on.

      There’s some images in these links that may help you visualize it:
      – NAT: http://www.vmware.com/support/ws55/doc/ws_net_configurations_nat.html
      – Host-only: http://www.vmware.com/support/ws55/doc/ws_net_configurations_hostonly.html

    • #36493
      SephStorm
      Participant

      ok, your computer is getting an IP address. I would ignore the VMNet ips. If you still cannot sweep the vms, I would check your router settings, and insure you are on DHCP and you have enough leases in your pool to give them IP’s, and make sure you arent doing anything crazy like MAC filtering, ect. Failing that, PM me and we’ll setup a call, i’ll try to get you setup.

      A very important question though, did you watch the videos?

    • #36494
      Joshsevo
      Participant

      No not yet.  I won’t have time until late tonight or tomorrow and over the weekend. Going to my internship to night for a few hrs as he has a new case he wants my help on.

    • #36495
      SephStorm
      Participant

      Oh, my friend, you need to view the videos before you start the exam!!

      I see you have the CEH… im a little confused…

    • #36496
      Joshsevo
      Participant

      What are you confused on?

    • #36497
      ttime245
      Participant

      When I took that course, I received a disk with the attack machine from class. The instructor told us we were allowed to log into the boxes as we probably wouldn’t be able to find remote exploits for the machines.

      You may want to consider using a network discovery tool like autoscan. It will find host even if they aren’t on the same subnet or network. That should help you.

    • #36498
      SephStorm
      Participant

      Oh goodness. I wish I had all of my material here.

      I’m confused because he has the CEH, so I assume hes taking the ISI CEH/CPT. If that is the case, then he should have watched the videos/read the books, and the lab manual. The lab manual does a pretty good job of giving setup instructions. If you do the labs as you watch the videos, you should be able to take the CEH, then, the written CPT, followed by the Practical CPT.

      As far as the boxes, I didnt log onto them locally, i.e I just booted them the only time I was on them was via telnet/ssh/ or some other remote shell session.

      Anyway, if the OP PM’s me, well set up a call, and il try to set you up.

    • #36499
      Joshsevo
      Participant

      Seph,

      Did you get my PM?

    • #36500
      Joshsevo
      Participant

      Reading over everything I am not taking the ISI CEH/CPT.  I am taking the IACRB and there were no videos
      http://iacertification.org/

      The links you provided I had already found and read through them.  I believed I then posted my findings about what was happening.

    • #36501
      Joshsevo
      Participant

      In regards to my router.  Here is what I have.

      Automatic Configuration DCP

      A few lines down it says :

      DHCP server:  X    Enabled      Disabled..>DHCP is enabled

      Jump to another screen under Advanced Settings and I have NAT currently enabled.

      Other than that, looking over the router setup there isn’t anything that needs mentioning.  Let me know what I need to do with these settings.

    • #36502
      SephStorm
      Participant

      Ok, got your PM and replied. I didnt know you weren’t taking the class. Obviously that changes a few things, but im confident we can get you up and running. We’ll post the results here.

    • #36503
      Joshsevo
      Participant

      Well I did take the class through Infosec but there was no tutorial on how to get the system for the CPT setup.  All they did was have a table in the back of the room and said when you are done with the CEH test, you’re done with the class.  Grab the CPT practical before you leave.

      The books have nothing in them on how to get this setup.  I looked a long time ago.  I only got two books anyways.  One of them were nothing but all the slides we went over in class.  The other being the “attack book” were it went through step by step on how to do an attack.  This is whatI will be using once I get up and running but there isn’t anything that explains how to get the VM up and running.  In class on the first day everything was already setup and running.

    • #36504
      SephStorm
      Participant

      Just an FYI, we were able to get everything up and running. Look forward to hearing your results!

    • #36505
      Joshsevo
      Participant

      Thanks Seph,  I swear I did this last week and I saw nothing like I did last night.  Thanks again.  Now time to get cracking.

    • #36506
      Joshsevo
      Participant

      Got some good things found already.  Getting Nessus up and running now.  Used Retina for the first time and it had some good results.  So far all the documentation is going good. 

      LOL I spent like 3 hrs doing the report side to make it look nice and professional.  So far my report is 13 pages and this is only done on cptvm1. 

    • #36507
      Joshsevo
      Participant

      So I am having some problems and could use some help.

      made some great progress.  But now I am trying to get root passwords for the two systems. 

      I have access to hydra and John the ripper.  I’ve tried a few cmds on both to try and crack the passwords but it’s not really doing anything.

      Watched some videos on youtube on how to use both tools but no luck.  My problem I think is that I can’t or don’t know how to get the tons of word lists that Infosec gave me on one of the CD’s into the VM to use. 

      Any suggestions?

    • #36508
      SephStorm
      Participant

      Wee you have a few options here. If you got the same test as me, I would say: Read the instructions for the practical carefully! It will guide you in the right direction. 😀

      Second, as far as wordlists, you can download them onto the VM you are running hydra from – from the internet. Or you can copy the tools/lists onto your windows machine (maybe in a tools directory) and share that folder with VMWare. (http://www.vmware.com/support/ws5/doc/ws_running_shared_folders.html)

      remember, those instructions are critical. 🙂

    • #36509
      Joshsevo
      Participant

      Can you get root passwords by using Snort? I am using it and and some of the outputs have a password with the IP address to one of the VM’s.

    • #36510
      Joshsevo
      Participant

      Joshsevo,

      Very good question.  I can see that you are learning quickly.  Even though you continue to ask questions without fully researching it.  To answer your question, Yes you can.

      AHH, ya I am bored kind of.  So I found the first root password by running Snort an then verified it by running Ettercap and that caught it rather quickly.  Making good progress.  About done actually.  Need to figure out how to get the 2nd root password as John the Ripper doens’t have a dictionary and I can’t figure out how to get the one I have on the host onto the VM.  Even if I do I can’t figure out the syntax to have JTR use the dictionary.

    • #36511
      SephStorm
      Participant

      There are many videos on youtube that can show you how to use JTR. Just keep searching and i’m sure you’ll do fine. Make sure you do lots of practice after you complete the cert. For me, this cert proved that I have a ways to go before I am ready for security prime time.

    • #36512
      Joshsevo
      Participant

      Ahhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh

      you can click and drag..didn’t know that.  That’s how you get the wordlists in.

      John the Ripper is still too hard to figure out for me.  All the videos are poor.  Using Hydra now. Got it to run.

      Wait for it………

    • #36513
      Joshsevo
      Participant

      Well using hydra the first try at breaking the password was unsuccesful.  It made it all the way through without finding it.  Either I need a larger wordlist or a new way to figure it out.

    • #36514
      hayabusa
      Participant

      I’ve never even seen/ taken the exam for CPT, so not breaking any rules by offering this advice (might be useful, might not, so take it at face value.)

      Look for services, website scripts, or bash scripts, that might connect from the server you already got root for, to the other box.  Perhaps one or more of those will contain a noteworthy password.

    • #36515
      Joshsevo
      Participant

      Any idea what tools I would use to search for that stuff?

    • #36516
      Joshsevo
      Participant

      Called ICARB and asked about an extension on this as I technically have 2 days to get this last part and to look over my report and make any changes and get it turned in.

      Thanfully they granted me an extension.  Whew….

    • #36517
      hayabusa
      Participant

      Nope, only because I’ve never seen the boxes or exam, so wouldn’t have a clue.  If the IP’s were dynamic, it’s unlikely that this will work, or be the case.  If they are static, then, IMHO, the probability goes up.

      Just depends on what’s there.  Might be as easy as grep’ing through files, recursively, on server1, to try to spot server2’s IP address…

      Perhaps revisit the instructions, yet again, as SephStorm mentioned.  Maybe you’re overlooking something painfully obvious (happens to the best of us, so don’t think I’m picking on you, or giving you a hard time)

    • #36518
      Joshsevo
      Participant

      No you guys have bene great and I try to not ask specifics about the exam but rather the tools.  Again no experience and I am at the limits of my knowledge but with Seph guiding me to read stuff over again, the youtube videos etc it’s helped a lot.

      So I am learning so much and I am really excited. So excited and want to get back at it that my mind has not been where it should be.  I’ve been thinking about what I need to do with JTR and hydra to get it to work and different combinations of the syntaxs that will get it to work faster.

      Most of the tools I have are CMD and that’s where I have a hard time understanding how the order of the CMD’s.

      In regards to the instructions, it says to do a MiTM attack and I did that but it didn’t work SO maybe i am doing it wrong.  But they also said that can be used to only get one of the Root passwords, not both.  So I already got one and with some more hard work and determination I will get it.  I just want it now.  But making me earn it and work for it will make it that much sweeter once I crack the root psswd.

    • #36519
      r2s
      Participant

      @Joshsevo wrote:

      No you guys have bene great and I try to not ask specifics about the exam but rather the tools.  Again no experience and I am at the limits of my knowledge but with Seph guiding me to read stuff over again, the youtube videos etc it’s helped a lot.

      So I am learning so much and I am really excited. So excited and want to get back at it that my mind has not been where it should be.  I’ve been thinking about what I need to do with JTR and hydra to get it to work and different combinations of the syntaxs that will get it to work faster.

      Most of the tools I have are CMD and that’s where I have a hard time understanding how the order of the CMD’s.

      In regards to the instructions, it says to do a MiTM attack and I did that but it didn’t work SO maybe i am doing it wrong.  But they also said that can be used to only get one of the Root passwords, not both.  So I already got one and with some more hard work and determination I will get it.  I just want it now.  But making me earn it and work for it will make it that much sweeter once I crack the root psswd.

      Sorry I’m late in responding post my initial guidance (been a crazy week). Hayabusa and Sephstorm definitely make a strong point. A major key to passing this exam is to think simple and to just stick to what is right in front of you. From personal experience, I can say hitting the sticking points and being forced to wrack your brain will prove extremely beneficial in your long term progression through infosec.

    • #36520
      SephStorm
      Participant

      I would remove the specifics above about the MITM attack, to keep from spoiling any1’s fun.

      if I am correct, you already got the password to the VM you were “given”. The other one will require determination, and/or the right wordlist. one tool I found helpful was a relatively unknown one to me called hashcat.

    • #36521
      UNIX
      Participant

      Joshsevo, you really shouldn’t post and publish such details about a certification exam.

    • #36522
      SephStorm
      Participant

      I understand the compulsion, but the above poster is correct. If you are having difficulty (I did too) Then I suggest reviewing everything you know (and dont know) about cracking passwords for that OS…

    • #36523
      Joshsevo
      Participant

      As stated before I am not here to cheat but to pass and have my peers know that I did it on my own.

      The only problem I have is the limited experience doing this as well as other tools restricts me.  So I get happy when I figure certain things out and get overzealous at times.  Sad for a 32 yr old. LOL.

      Anyways see the next post.

    • #36524
      Joshsevo
      Participant

      Question:  If I can change the root password does is that equal to gaining root access and then having full control of the system? 

      Instructions don’t say that I can’t nor say I can.

      Give me your opinions.

    • #36525
      hayabusa
      Participant

      I’d say if you can change root password, and PROVE you did it, then you’ve proven you root’ed the box (because if you change it, you can login as it.)  But I don’t know their rules, so I have to yield to SephStorm, and those who have.

    • #36526
      Joshsevo
      Participant

      That’s my assumption.  If I can get the key to your front door and then change the locks, your locked out while I pillage your fridge.

      Let’s wait to see what others say and then I will try it from there.

    • #36527
      r2s
      Participant

      @Joshsevo wrote:

      Question:  If I can change the root password does is that equal to gaining root access and then having full control of the system? 

      Instructions don’t say that I can’t nor say I can.

      Give me your opinions.

      I’m back! Getting “root” is very subjective but I would not change the pre-set root password as I believe cracking the password may be part of the objective set (<- does not violate NDA as per the instructions).

      I can’t go any further than that advice wise as any further information could eventually start to steer the direction of your executive post engagement report and potentially walk the NDA line (I have huge respect for IACRB).

      Dig deep and you’ll get this.

    • #36528
      Joshsevo
      Participant

      Cool,  Thanks.  I have not changed it yet as I saw it as a cheap way around it.  Sure in real life I would be golden but this is not what it was desgined for.

    • #36529
      SephStorm
      Participant

      Lol, its awesome, we both thought alike on so many things on this exam. No, I would not change the password. 1. If im not mistaken, there are instructions to recover both root passwords. Now, you can change the user passwords all you want, but i wouldnt. 2. Think of this as a live pentest, would you change their root passwords, or any for that matter? If you do, you lock out the user, causing a denial of service, especially if its theri only root account on that system. It will also (hopefully) trigger their incident response mechanisms.

      i’d do some research on the type of password hash you have and see if there are any tools that can crack that hash, then google/ youtube/ ask the creators about how to use the tool.

    • #36530
      Joshsevo
      Participant

      Any good sites to look up CVE’s to see if I can use an exploit to gain root access on the server?

    • #36531
      Joshsevo
      Participant

      Are there any expolits that I can run without having to do any scripting/coding?

    • #36532
      SephStorm
      Participant

      You are unlikely to find any remote exploits giving you root access. If anything, you may find some local privilege escalation exploits. But i wouldnt use CVE, I would look at well, things that are commonly used for privilege escalation….

      As for modifying exploits, you may have to search for a working copy of an exploit. I came upon the same issue, you just have to find either another exploit, a working version of the one you are working on, or learn how to find the problem…

    • #36533
      Joshsevo
      Participant

      I am pretty much at a stand still with this cert.  Researched everything I could.  Just stuck.  Have roughly two weeks to get root or it’s a FAIL.

    • #36534
      UNIX
      Participant

      It’s still enough time to search for an appropriate way to root your box, just don’t give up. If they haven’t changed the exam since when I took it, then there are quite a few exploits available which will lead to root.

      Also, if you have learned something during the course or the process itself, you really shouldn’t consider it as a simply fail.

    • #36535
      Joshsevo
      Participant

      LOL I don’t know how to run the exploits.  Sure I learned stuff in the course but it was mostly aimed at the CEH and not so much CPT and nowhere did we touch running expolits.

      I’ve tried asking the right questions without trying to get inside hints or make it seem like I am cheating but I just have no idea how to run the expoloits.  Finding them is easy.  But how to input them and how to complie them isn’t something that I know.  Never been taught.  Besides me and coding don’t get along the greatest.

      I’ve been looking and reading but most of this stuff goes way over my head.

    • #36536
      tturner
      Participant

      The best way to learn is to do.

    • #36537
      Joshsevo
      Participant

      It is I agree.  I was able to get Metaspolit runining last night for the first time.  Nothing postive though came from it.  But just being able to get it to run is an accomplishment in itself.

    • #36538
      Joshsevo
      Participant

      I did it, found the root password for the server.  I am done.  I was running a Hascat for 18 hrs doing a brute force attack and it finally had a hit.  Double checked it by trying to log into the server under root and it worked. 
      I had one day to complete this as my extension ends on Jan 1, 2012.

      Thanks for everyone’s help.

    • #36539
      hayabusa
      Participant

      Congrats, Josh!  Well done, and way to stick with it!

    • #36540
      SephStorm
      Participant

      I knew you could do it! Now add that cert to your signature and sit back and have a beer! (Then get back to work! *cracks whip*)

    • #36541
      Joshsevo
      Participant

      Well I haven’t officailly passed per se.  I have yet to turn my results in but seeing as the instructions say that to pass I need to get full root access to both systems and then also document everything I should pass.

      InfoSec’s website to submit my results is not letting me. I am trying to contact them to see what the deal is but when I go to their link and hit submit after loading my either Doc/Docx, or a zip file it says “this option is not available”

    • #36542
      UNIX
      Participant

      You should send your results directly to IACRB, see here.

    • #36543
      Joshsevo
      Participant

      I did, that’s the webpage that is having problems.  I’ve contacted InfoSec which runs the IACRB and they are looking into it and will get back to me within a few days.

      I sent them a screen shot of the problem. 

    • #36544
      SephStorm
      Participant

      If I remember correctly, my instructions were to submit online and to email, I remember emailing them. I would send an email with the report to IACRB.

    • #36545
      Joshsevo
      Participant

      Any idea on how long they take to grade this and see if I passed?  I emialed the doc to the address that they emailed me to send it to since the original one on the honepage isn’t working.  haven’t heard anything back.

      I tried sending an inquiry about my results to the same person and have not heard anything back.

      Any idea’s??

    • #36546
      SephStorm
      Participant

      I think I ended up emailing then calling a few days later, it did take a while, But after calling, wait a few days, if nothing, ill look back and see if there is a specific person who emailed me.

    • #36547
      Joshsevo
      Participant

      YIPPPPEEEEEEE

      Just got the official word.  I passed.  I’m now offically CPT certified.

      YA I’m so happy.  LOL I’m never doing this one again….

      Going to pick up another frame tonight and it’s going up on my wall in a few days.

      Thanks for everything guys.

    • #36548
      Darktaurus
      Participant

      @Joshsevo wrote:

      YIPPPPEEEEEEE

      Just got the official word.  I passed.  I’m now offically CPT certified.

      YA I’m so happy.  LOL I’m never doing this one again….

      Going to pick up another frame tonight and it’s going up on my wall in a few days.

      Thanks for everything guys.

      Congrats! Taking time off or on to something else to study?

    • #36549
      Joshsevo
      Participant

      I have a few things I am deciding on.  I got the money to pay for the Network+ which is my achilles heel in terms of certs.  I also won that cert from Mile2 that I need to do.

      CIH is one that I have printed off all the material to start studying for.  But Once I start my new job with the DEA I will need to hammer out my ACE, CCE, and then the EnCe.

      So ya, not much..LOL.  No time.  Doing master degree as well right now.

    • #36550
      SephStorm
      Participant

      lol congrats and good luck in the new job. Actually I have a friend who wants to go DEA after he finishes his stint in the Corps in about a year, maybe you can help him out, keep in touch!

    • #36551
      dynamik
      Participant

      Congratulations on the pass.

      The Network+ seems like an odd choice to go along with the rest of your more advanced certifications. If you want to round out your network skills, why not pursue a CCNA?

    • #36552
      Joshsevo
      Participant

      Why?  Because I failed the Net+ before with a 705 and I needed a 720 to pass.  I have zero experience with networking in general. So for me this is difficult. 

      This was close to 3 yrs ago that I took it and I’ve never let it be forgotten that I failed it and I want to earn it.

      It’s personnel now..LOL  I have most of it all embedded into my brain now but need to polish up on things like the wire lengths, Fiber optic stuff, and what cables to use to connect to a swtich from a router or a hub to a server.  That stuff tripped me up last time.

    • #36553
      dynamik
      Participant

      If it’s a personal goal, that’s obviously something else. I just don’t think you’re going to see much ROI on it out in the real world. CompTIA certs are entry-level and fine for someone with little or no experience, but do you think it’s going to do much to compliment your CHFI, CEH, and CPT? Additionally, considering you have to renew it every few years, is that something you really want to keep up?

      The CCENT covers similar material and will get you halfway to a CCNA, which in turn opens the door to the professional track and other CCNA specializations. Just my two cents.

    • #36554
      Joshsevo
      Participant

      It is personnel goal.  Nothing more.  Seeing as I have a Computer Forensics job lined up with the DEA the CCNA or CCNET are not needed in my field.  Would they be helpful, yes of course.  But they are on the outside.

      I have thought about taking the CCNA and have ton’s of study material for it but it’s just not directly related to my career goals right now.  Now if the DEA job falls through, meaning I don’t get my clearance then yes the CCNA is back on the table as I have been doing a crazy amount of interviews for a Jr Pen Tester (did an interview today actually).

      But as of right now with my CF job there are a few certs that I plan on getting, short term and then long term.

      Net+
      ACE
      CCE
      EnCe
      GCFA
      GCFE
      CIH
      CCFE
      CISSP

      After these I am done unless I am required to a vendor specfic cert. 

    • #36555
      sherly
      Participant

      Hi

      I came to know about your information security website by one of my friend who is undergoing Certified Ethical Cracker Course at infysec chennai. Your site and forum is awesome. Keep rocking.  🙂

    • #36556
      Joshsevo
      Participant

      Update……

      Got Network+ knocked out this past Saturday.

Viewing 133 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?