please shed some light

Viewing 49 reply threads
  • Author
    Posts
    • #7728
      LT72884
      Participant

      I have been reading thomas wilhelms book pro pen testing and i have been reading some other resoirces from his site as well. Here is a question i have. I have noticed that every lab scenero from countless tutorials have you always preform a nmap scan to see what hosts are on the network that could be potentual placers for hackers. Such as open ports i assume. Thats fine but i noticed its all private side scanning. What if a hacker is from a remote location and has to go through public ip. He or they would have to gain inside private access first then do scans. So it seems pointless to me to do pen testing from private side cuz that assumes the hacker has gotten in apready. Can you scan a public ip for open ports? Thanks guys

    • #48217
      shadowzero
      Participant

      Of course you can scan public IPs for open ports. If a site allows you to SSH in, or serves web pages, or web applications, then there’s a port open somewhere. If you want to play around with scanning a public IP, scanme.nmap.org is designed for testing nmap.

    • #48218
      RoleReversal
      Participant

      If you want an authorized target to test against, try nmap’s own scanme.nmap.org.

      Provides a good opportunity to get used to nmap’s options different results you can get from different parameters and scripts.

    • #48219
      LT72884
      Participant

      Thats cool about the scanme.nmap.org site. thanks for sharing that.

      Ok, so why are all the tutorials out there about hacking from the private side? I dont understand that. IE, the de ice challange lvl 1, you scan and enumerate from the private side as if you had already gained access. But i thought the whole point of pen test training is to show how to gain access, but if you are attacking from the private side, then that assumes you already have gained access. Are you supposed to sorta”pretend” that the web server on de ice or any other challenge has a “public” ip and your just using a private ip as your fake/unreal public?

      thanks. I hope this is not confusing. Im just trying to make sense of it all. I am totally new to this whole hacking thing. I mean i need someone to hold my hand for levle one because i have no idea where to start or why. Even watching movies does not help because it does not explain why they chose to do that.

      thanks guys.

    • #48220
      RoleReversal
      Participant

      When working in a lab, try to ignore that your machines (and the publicly provided targets like De-ICE) are using rfc1918 address space. This is merely for convenience, if you needed public hosting and IP space for a test environment the costs would skyrocket. And it’s obviously not sensible to host vulnerable systems on public facing networks.

      Using De-ICE as an example, the server is built as a (poorly protected) public facing system. It’s not uncommon for public systems to have the same ports and services exposed to the wider world, rather than locking down administrative ports for example.

    • #48221
      shadowzero
      Participant

      There’s nothing stopping you from setting up De-ICE or any other vulnerable machine as a publicly facing external server. The issue is that you’ll be facing attacks and scans from other people who happen to come across your server.

    • #48222
      Triban
      Participant

      think of the book as a proof of concept.  It gives you the ability to learn some of the tools to perform a pen test as well as the reporting process involved.

    • #48223
      SephStorm
      Participant

      This is a good question and one that I struggled with in my early stages. The best way to think of it is to believe that you have established a foothold on the local LAN, and now you are scanning for additional targets. If you want a more realistic setup, you could build a backdoor, send it to yourself in a email (using SET), compromise your internal LAN, then scan and hack from a public location.

      The truth is, most hacking these days isnt external, its occurring on the LAN, or against a web front-end.

    • #48224
      Triban
      Participant

      Seph makes a valid point.  Even when it comes to advanced attacks, most of them have been done using a phishing email that gets them access to the victim’s machine.  From there they attept lateral movement through the network until they can gain access to an elevated account which can be used to lay in some backdoors for future use.  Now if the victim network has proper controls in place (egress filtering, network ACLs, a monitored SIEM etc…) then this may make internal movement/compromise more difficult.  Its tough to create an outbound reverse TCP shell if all ports are being filtered/blocked.  Unfortunately not all orgs do this and even filtered ports can be used if you can compromise the external host they are going to.

      If you wanted to setup a lab to simulate attacking from outside, you can always aquire a low end firewall and put that in front of the victim hosts.  Attempt to attack directly or create some SET or metasploit payloads you can apply to the internals.

    • #48225
      LT72884
      Participant

      AWESOME. ok. so i was somewhat right about just pretend they are public facing ip’s. I was just making sure.  It was really confusing me.

      Im still trying to remember everything i learned from 5 years ago in my ccna and ccnp classes. i never used the info so its kind of dusty. haha.

      as for my lab, my ultimate would be to have an online lab that is virtual(vmware) and have some virtual cisco and firewall products in it. But that will be after i know what i am doing. haha. As of right now, i would love to have a vpn set up and run rdc over it to run my labs or some sort of online lab for this.

      My next question i need some light on is ssh. I know its a secure shell. I think of it like a type of vpn. it logs me into the system/network from a remote location. so sorta like the early stages of rdc. My question is this. once i have ssh’d from my ubuntu 11.10 laptop into a remote machine running backtrack5, i can issue backtrack commands that would be unfamiliar to ubuntu 11.10 if i were not in a ssh session right? IE, i can type metasploit and it will run the program because i have ssh’d into the BT5 machine right?

      Here is what my ultimate virtual lab would be. basically the hacking dojo has somehow read my mind and created it. haha.

      http://hackingdojo.com/lab/

      But for now, i need to learn how to set up a basic vpn that is easy to use and understand. i have no firewall. just a basic centry link router. I think hamachi or open vpn might be best.

      thnaks for the help so far. Im not sure where to post my other questions. I have no idea what i am doing when it comes to security. i have tried the last couple of years but i end up just stopping because i have no help or idea. I would love to find a full tutorial that explains how to complete de-ice lvl1 and why they chose that path and why it is important. I really do need my hand held. haha cuz i have no idea what im doing. haha

      thanks guys

    • #48226
      rance
      Participant

      I’m surprised nobody has actually mentioned this. Not to be snide, but if you’re having those kinds of questions about IP address classes and you’re on step number nmap in your learning, I’d say you need to stop now, and go read a good networking fundamentals book. You are going to be totally lost as you work through the technical details of pen testing, if you don’t know the fundies, you’ll never be good at it.

    • #48227
      Triban
      Participant

      Good point Rance.  LT, what is your current base of experience?  Have you been working in IT?  Do you have a programming or systems background?  The way to succeed in this industry is to build up the base.  Many of us have worked in IT for years doing one thing or another.  Knowing some network and system fundamentals helps a good deal.  I did notice you mentioned some Cisco books, did you get either of the certs or just picked up the books to get an idea of the material? 

    • #48228
      LT72884
      Participant

      @3xban wrote:

      Good point Rance.  LT, what is your current base of experience?  Have you been working in IT?  Do you have a programming or systems background?  The way to succeed in this industry is to build up the base.  Many of us have worked in IT for years doing one thing or another.  Knowing some network and system fundamentals helps a good deal.  I did notice you mentioned some Cisco books, did you get either of the certs or just picked up the books to get an idea of the material? 

      I have a degree in net engineering along with a CCNA and the routing part of my CCNP. I also have my RHCT. BUT that was 5 years ago and i have never had a job that uses it. I have had IT jobs and was department head BUT our network was sourced out before i got there. Prez said no touchy so i handled the lower end stuff. But i did work for IBM and i installed the back bone for the EBAY HQ in my area. But after that i switched to Mechanical Engineering because that had the career options i wanted. Hard to explain. haha.

      The IP addressing is not hard for me to do. I can supernet and subnet address space for route propagation and ACLS in cisco routers just fine. Supernetting is my favorite especially when you used wild card masks for the Control lists haha What was confusing me was why all the attacks were private side. I was getting the impression from the material that access had already been gained and know you were just trying to enumerate more info. It was confusing me because i thought the material was supposed to teach how to gain access in order to know how to protect. I was not under the impression that such a unsecure server could exist, but then again, this is levle one material and they have to present it somehow for the basics. haha.

      lol. BUT it has been 4 or 5 years since i have used my CCNP knowledge.  My friend is Todd Lammle and his ghost writer and editor was my professor(the book was not the professor, haha. It was a real person:)). It was kind of cool.

      Now, i will say this. Just because i was excellent at supernetting and configuring routers, does not mean i am good at security. I know how ICMP,TCP and other protocols work pretty well, but that does not mean i know how to manipulate them. I could never figure that part out. haha. Understanding things how they worked normally was easy for me, but to understand how to manipulate them or troubleshoot because they are not working so well, that was the hard part.

      This is why i am wanting to complete the heorot courses. I feel that as an mechanical engineer, this can and will help my problem solving skills and a sense of accomplishment. haha.  I never know if in the future, i will be called to the office because the IT team needs some help. So i do like to review concepts every so often. BUT security is something i have never done. I mean its easy to follow a firewall tutorial to protect your house or company, but if you dont know why its doing what it is doing, well then. haha and thats why i am here. to learn security. haha.

      That was a LONG winded reply but i wanted to make sure i expressed my unawareness of security but also let you know that i have some excellent exp in networking.

      you guys are awesome and i trust you all. thanks much.

    • #48229
      Triban
      Participant

      ok so you can get the “fundies” as Rance put it.  Just wanted to check.  Yes the security mindset is definitely a different thought process.  You need to take yourself out of the shoes of an engineer who builds something to work and reverse that to look at how it shouldn’t work or where you can break it.  As we said, the private IP range is just easier to setup in a simple lab.  But by all means, build this out more complex, not only will you exercise your old skills but you will make a more realistic lab.  You can still do this with private IP addressing, just use a different private range for your “WAN” side.  Get a router or low end firewall and put that in front of the lab machine.  If you can get a hold of a box to run ESXi on and toss a bunch of VMs on it.  Including the De-ICE systems.

      As for the De-ICE systems remember you are doing more than scanning for ports.  Here’s a hint (though you probably found it), there is a webpage available on the first one.  This gives you a taste of doing recon and building some intel on the victim.  That is the first part.  The next part involves using that information.

      In pen testing, the more time you spend on building a portfolio of the client/victim, the more information you will have to use during the test.  This is especially important if you need to use social engineering to obtain more information that may not be publicly available. 

      Another item to note, if you really want to get in the mindset, try to hook up with the local community.  One of the best things I ever did was attend a BSides event.  They are great for meeting some cool people who don’t mind sharing what they know. 

    • #48230
      LT72884
      Participant

      Thanks for the awesome reply my friend. I didnt meant ot make the post soooo long winded, but i had to defend my honor of having a bachelors in network engineering that i NEVER use. I can totally see why you guys asked though.

      Ok first things frist, you all are gonna laugh at me. So about 2 or 3 years ago i purchased thomas willhelms book ” professional penetration testing” didnt read much and didnt check out the dvd. It was during a rough time in school and life so things got put on back burner. So last night i finally got a chance to watch the Heorot Penetration Testing Fundimentals course videos. The dvd comes with the full course for the issaf including lecture notes, videos and live cd’s. except hackerdemia must be out of date because all the lessons on it go to a page under construction… so the tutorial on hydra is not there. oh well.

      Here where i need to look at things backwards and i may need some help. I watched the video on the dvd where he scans using differnt techniques. He shows that port 80 is open and then goes to the webpage. What is so important about port scanning besides the fact that it shows what types of services are running?

      To tell you the truth, sarcastically i thought to my self” yeah so whats the big deal that port 80 is open or 21. So they have a web server up. who doesnt” ok thats what i need some correction on. the importance of open ports. You cant do much if you do not have a password.. which i assume is part of the challange BUT the tutorial on the live cd of hackerdemia does not exist so im stuck at the moment. haha. maybe the vids show me what to do in a sense.

      Ok, i also noticed on the webpage that it says pictures comming soon of the picnic and to send flowers and cards to a specific place. are finding the pictures and finding where the cards are going any part of the challange?

      ok thanks guys.  i know i have alot to say but im practicing to document everything so i can get a cert and also use the technical report for my engineering writing class.

      you guys are fantastic

    • #48231
      Triban
      Participant

      ok, sometimes an open port is just an open port to an open service.  But you won’t know unless you take a look.  So port 80 is up, well that’s a website most likely.  Check it out.  May throw the IP into a whois (not for a private but if you were scanning a public range).  See if it goes back to a site, maybe see if any other records are registered to that same IP.  Now as for finding ports like 21 or 22 open..  Well both of these are some form of remote access.  They could be a direct in to the environment and may be pretty open. 

      Port 21, FTP, hmmm do they accept anonymous access?  If so what can I see as an anonymous user when I connect? 

      port 22, SSH, can it be brute-forced?  were there any possible hints to usernames on the website?  Maybe some email addresses?  Maybe those recipient names are the same as network user IDs?  Hmmm write those down for later.  That is where hydra will come in.  Once I get into SSH, do I have elevated privileges?  Can I sudo up?  Can I find some interesting files that may lead me to root? 

      Many people believe root is the key to the pen test, but actually root just helps you get further in.  Your ultimate goal is to show you were able to retrieve and exfiltrate critical data such as PHI, PII, PCI, IP or other types of juicy data.

      Now back to the accessible websites, you can go further than just recon.  You can spider site (with a tool like Burp Suite or manually) to look for possible vulnerable sections.  Is it vulnerable to cross-site scripting or SQLi?  Is the site running on IIS or Apache?  Any other types of plug-ins or 3rd party apps running on the site?  Basically, can I use the site as a jump point or a way to get more user information?

      OK, think I gave you a good amount to work with.  Good luck!!

    • #48232
      LT72884
      Participant

      Thanks for that reply. It provides some awesome info. Especially about the http://ftp.  I forgot about the ability to log into that as an unclaimed user,

      Ok, so i tried to use the hackerdemia live cd to learn hydra but even the new live cd of hackerdemia is still missing the hydra tutorial. is there a fix for that soon?

      Some of the other stuff you mentioned i am unfamilular with such as the sql injection stuff. I have never used sql. I think i need to finish the HPTF(thomas willhelms course) course first. haha before moving into more complicated stuff.

      FYI, in case your not sure what i mean by HPTF course. Thomas willhil has made courses to teach this stuff using the de-ice. i started last night. I found my dvd from his book that has the ISSAF course.

      Anyway, Back to topic. I was along the same thinking that an open port is just an open port. But ones such as ssh or ftp, that means a user can log in. BUT i do not have the user name or password. I assume my goal is to find a stupid mistake by someone(not stupid but un-logical) and that my give me a password.

      Im not sure how much can be done on the lvl 1 disk but i hope i can find the company picnic pictures. I want to see htem getting attacked. haha. But the other interesting thing on the site:

      “We hope that Marie M. has a speedy recovery – flowers and cards can be sent to the North Annex of “Our Lady of Unfortunate Demise, Hospital and Backhoe Rental”. We will post pictures of the picnic soon, so check back later”

      I see the backhoe rental hint  and wonder if i can grab peoples financial data from the rental records. IF the backhoe page does exist. Is there a way to see what other webpages they may have? IE an site map so i can see what other pages they have.

      Ill do some more digging but im not sure what has been thought of in the lvl 1 disk so im not to sure what can be done and what cant be done.

      Thanks for the help. Time to make a list of names and find that dang hackerdemia live cd tutorial.

      EDIT. well, i guess emailing the names from gmail aint a good idea. I was guessing that it would come back as a bad address BUT i was hoping the email address adamsa@herot.net actually worked and maybe be able to get a reply from it. nope. oh well.

    • #48233
      shadowzero
      Participant

      If you need a tutorial for hydra, you don’t have to depend on the course material to provide it, just look for it on Google. It’s a well known program and there are plenty of tutorials out there. You can even test it on one of your own machines to get familiar with it.

      Open ports like ftp don’t necessarily mean that there are weak passwords. It could also be a service that’s vulnerable to an exploit. If you’re looking for usernames, you typically need a list of employee names and you can generate your list of usernames from there.

      If you’re interested in looking for hidden files or directories on the webserver, you can use dirb and DirBuster. You give them a wordlist and they’ll start probing the server and let you know if they find anything. Nikto is another great tool for identifying vulnerabilities and interesting files on a webserver.

    • #48234
      Triban
      Participant

      Any emails you find in those built in sites are probably not active but may be worth noting for another use.  Like… I dunno, creating a username list for a potential brute-force attack on some open service port that allows logons. 😉 

      And Shadow makes a good point.  You are not limited to using only the tools provided on the DVD, some of the material is old and has not been maintained.  In fact the author has moved most of the material to hackingdojo I believe.  So further in the book you go, you may need to hunt down tools to assist you further.  One version of BT I had didn’t have any of the wordlists for Hydra to use, so I had to hunt them down from the net.  Found a number of even more useful lists as well.

      Also go google SQLi and do a quick read on it to understand it.  It is certainly worth knowing about it since it has been used in a number of high-profile breaches.  LulzSec and Anonymous used it for many of their attacks.

    • #48235
      cyber.spirit
      Participant

      For the ftp service try to crack the user and pass with ncrack. In back track open the terminal and type:
      Ncrack — v (user) (target ip address):(port which is 21 in this case)

    • #48236
      LT72884
      Participant

      @cyber.spirit wrote:

      For the ftp service try to crack the user and pass with ncrack. In back track open the terminal and type:
      Ncrack — v (user) (target ip address):(port which is 21 in this case)

      ah, thank you. i will read up on ncrack to see what switches are doing. Does ncrack actaully crack the password sorta like hydra?

      thanks guys. here is how i am doing this project. I hope you dont mind me telling you but i want to let you know my metho of doing things just in case some one can benifit from it. Plus you have answered my questions and i feel that i need to make sure your info is put to good use

      my plan of attack:
      watch the videos from my dvd course i purchased from thomas and take notes
      take notes on the slides from the movie
      document my notes from the movie and slides in a word file
      read the required pages he has posted in the course ISSAF .2.1.b (13-61,87-169)
      highlight the ISSAF reading and document the highlighted sections
      Then any tools he/ethicalhacker.net discuses, write small one paragraph summaries for what i find and what they do to each device including time stamps.
      take screen shoots(if i remember)
      Follow the examples thomas and you guys show me for de-ice and document those examples in my word file.
      take all the documentation including summaries of the ISSAF reading notes and create a technical report that i can give to someone for review.

      Thats my course plan. haha

      thanks guys.

    • #48237
      cyber.spirit
      Participant

      Hi im realy realy happy that my info was helpful for someone

      Ncrack is not a complete password cracker actually its a credential finder. Hydra and brutus is an advanced pass cracker u can perform brute force attack and so on.

      But ncrack is so fast. The first step is finding a valid username  u cant perform pass cracking without it no matter what u use ncrack or hydra and sometimes pass cracking cant help u in these cases u must exploit the machine

    • #48238
      cyber.spirit
      Participant

      And the pro penetration test creating and operating a formal hacking lab dvd is great go further and futher man dont miss practice take care

    • #48239
      shadowzero
      Participant

      Here’s a good comparison of ncrack, medusa, and hydra: http://hackertarget.com/brute-forcing-passwords-with-ncrack-hydra-and-medusa/

      You’ll find that hydra supports the largest number of protocols. I suggest playing with all three. There are many tools that can do the same thing, but sometimes, one just does it better.

    • #48240
      cyber.spirit
      Participant

      Yeah shadow zero i agree that hydra is more advanced and better and i said that before too but ncrack its not bad besides its too fast

    • #48241
      LT72884
      Participant

      @cyber.spirit wrote:

      And the pro penetration test creating and operating a formal hacking lab dvd is great go further and futher man dont miss practice take care

      Awesome. I am hoping the courses on teh dvd are going to help me complete at least level one. I tried reading the book first but got lost in some of the material for the actual pen test when he starts using other things. I then realized, the book is not what walks you trough the de-ice scenes, its the dvd. The book is just extra info that can be used to suppliment the dvd course. So i am doing the dvd courses first and then reading the book to get the more in depth info.

      @ shadow zero, thanks for the link of comparison. I will read up on those and once im in a state of understanding it, i wil use them.

      last minute question. i notice in the dvd lectures thomas always says to practice against de-ice1.101. i do not and can not find de-ice 1.101. i can find 1.110 but not 1.101.

      thanks

    • #48242
      shadowzero
      Participant

      @LT72884 wrote:

      last minute question. i notice in the dvd lectures thomas always says to practice against de-ice1.101. i do not and can not find de-ice 1.101. i can find 1.110 but not 1.101.

      Not sure about that… maybe he’s referring to an older release of 1.110, or just recorded it wrong.

    • #48243
      LT72884
      Participant

      @shadowzero wrote:

      @LT72884 wrote:

      last minute question. i notice in the dvd lectures thomas always says to practice against de-ice1.101. i do not and can not find de-ice 1.101. i can find 1.110 but not 1.101.

      Not sure about that… maybe he’s referring to an older release of 1.110, or just recorded it wrong.

      Thats what i was thinking. just wanted to make sure. he does say 1.101 multiple times so it must be an older version then. haha. hopefully what i can do to 1.100, i can do to 1.110

      but i will find out.

      thanks

    • #48244
      Triban
      Participant

      If memory serves, there was a 101.1, I have the labs at home and can take a peak later on.  There are some things that may no longer be valid since he has moved some of his material to HackingDojo. 

    • #48245
      LT72884
      Participant

      @3xban wrote:

      If memory serves, there was a 101.1, I have the labs at home and can take a peak later on.  There are some things that may no longer be valid since he has moved some of his material to HackingDojo. 

      awesome. yeah some things must have changed because in the video his nmap scan of 1.100 shows port 25 open. mine is closed. he creates a telnet session to port 25 to grab banners. haha.

      thanks

    • #48246
      Triban
      Participant

      hmmm, 1.101 may be referring to either your attacker IP or one of the targets.  The De-Ice labs I have from the book are 1.100, 1.110, 2.100.    Ok so each lab gives you the setup needed for the attacker system (BT) and the target (De-Ice ISO image).  The De-Ice system is typically matched up to the number of the lab (192.168.1.100).  You need to configure your attacking system accordingly.  My 1.100 image has the following open:


      20/tcp  closed ftp-data
      21/tcp  open  ftp
      22/tcp  open  ssh
      25/tcp  open  smtp
      80/tcp  open  http
      110/tcp open  pop3
      143/tcp open  imap
      443/tcp closed https

      Enjoy!

    • #48247
      LT72884
      Participant

      Yeha the ones that came with the book are 1.100 and 1.110 but in his videos he ays attack he 1.101 target as your individual pen test project. He has his back rack set to 1.10. Here are my open and closed ports. udp 53 is closed but book  gives hint that it is actually open. haha. but netcat dont wanna connect to it using nc -u 192.168.1.100 53. any way, i assume the 1.101 is now 1.110

      root@bt:~# nmap 192.168.1.100

      Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-08-02 23:14 EDT
      Nmap scan report for 192.168.1.100
      Host is up (0.00023s latency).
      Not shown: 992 filtered ports
      PORT    STATE  SERVICE
      20/tcp  closed ftp-data
      21/tcp  open  ftp
      22/tcp  open  ssh
      25/tcp  closed smtp
      80/tcp  open  http
      110/tcp open  pop3
      143/tcp open  imap
      443/tcp closed https
      MAC Address: 00:0C:29:9A:56:D7 (VMware)

      Nmap done: 1 IP address (1 host up) scanned in 17.37 seconds
      root@bt:~#

    • #48248
      Triban
      Participant

      yeah the videos might be sligthly newer than the book or vice versa.  The book goes along well with the labs and that’s how I’ve been using them.  I may fire that one up after I am done with my current read/lab combo. 

    • #48249
      LT72884
      Participant

      @3xban wrote:

      yeah the videos might be sligthly newer than the book or vice versa.  The book goes along well with the labs and that’s how I’ve been using them.  I may fire that one up after I am done with my current read/lab combo. 

      so far i like it. I have found that i need to follow the videos first and the ISSAF before i read all of his book. Some of the concepts in the book are more advanced than what i am used to. I want to complete the de-ice lvl 1 first before i read the advanced material in his book. haha.

      What read/lab combo you doing now?

      thanks

    • #48250
      cyber.spirit
      Participant

      im really sorry i typed the ncrack command wrongly here is the correct one :
      Ncrack -v –user

      Yeah can i use the dvd without the book? The book is so boring

    • #48251
      Triban
      Participant

      @LT72884 wrote:

      What read/lab combo you doing now?

      thanks

      Practical Malware Analysis.  Static/Binary analysis and reverse engineering.  Something I am much more interested in at the moment.  Working with IDA Pro at the moment.

    • #48252
      Grendel
      Participant

      Just found this thread, and wanted to try and fill in the gaps regarding my book and the videos present in it…

      IP address:
      The De-ICE disks were designed to simply give a challenge of attacking a system. Because of the IP address and number of protocols available on the target systems, you can look at them theoretically as internal systems. However, I wanted those people using them to worry less about the network configuration, and more about the process of information gathering, vulnerability identification, etc. I also wanted to make them based on misconfiguration instead of exploitable applications, so that people would quit thinking pentesting was simply launching autopwn and rooting.

      Videos:
      The videos came first, the book second. Although the videos in the book are still valid and useful, they come from the Heorot.net training program, which has now migrated over the HackingDojo.com. To keep things in perspective, the videos in the book could be considered v1, while the Dojo material has evolved to about v4. Currently, for the same level of training in the book, there is about 10 hours of video training at the Hacking Dojo. In addition, there is a lot more hands-on activity at the Dojo as well, plus we have live sessions at the Dojo… much more evolved than what’s in the book.

      De-ICE 1.101:
      This image has not been released to the public, and is accessible only for students of HackingDojo.com (and heorot.net beforehand). It is used as a method of testing a student (along with a written exam) to see if they have absorbed and can demonstrate the appropriate knowledge to move onto the 2D Nidan level of training. Consequently, there is a De-ICE 2.101 disk as well that again has not been released to the public, and is used by students to test out of the 2D class onto the 3D.

      Hopefully that helps answer some of your questions. Now that I know that this thread is here, I will monitor it in case anyone else has questions about my book or the videos.

    • #48253
      LT72884
      Participant

      Awesome. that makes sense now. Ok so i was not just hearing things then. There is actually a 1.101 but it is only for student use. ok cool. So sine i do not have access to that, will 1.110 suffice for 1.101?

      I am trying to follow the dvd videos first then read the book. I plan on writing my technical report so i can turn it into my english professor as a grade. haha.

      Thomas? do you give a little demo or tour of the new online lab you have besides whats on the youtube video?

      it looks pretty cool what you are doing though. i wish when i was doing my ccna and ccnp, we had something like this to help us out. haha.

      thanks for all the help. i like the book, but i need to read the issaf and follow the videos fist before i understnad the book. haha

      thanks

    • #48254
      Grendel
      Participant

      Yeah, feel free to use the 1.110 as a target. It doesn’t track the same, but the concepts of the methodology are identical.

      I don’t have any additional videos of the online lab, since it can fluctuate in its design. On an unrelated note,I have to admit it’s fun watching what people do in the lab – as an example, I mention to students they should try to be like surgeons, and conduct surgical strikes… but they come in carpet bombing the targets.  ;D But that comes with time.

      Feel free to hit me up with any other questions you might have. Enjoy!

    • #48255
      LT72884
      Participant

      @Grendel wrote:

      I mention to students they should try to be like surgeons, and conduct surgical strikes… but they come in carpet bombing the targets.  ;D But that comes with time.

      Feel free to hit me up with any other questions you might have. Enjoy!

      I can appreciate that since i am a pre med student. Thopugh i am not studying to be a surgeon, but rather the possibility to make surgical tools or biomenitic legs and arms for those who need them. OR  posibly power generation. But my degree requires pre med. haha.

      I feel somewhat dumb in a way. i cant believe i struggle on levle one. haha. there is no way i could have figured it out by myself with out the movies. haha.

      I do have to say that the ISSAF is a funny ol thing. it gives you ideas of what to do without telling you how, not all the time though. haha.

      After this course i am doing. I will FINALLY get to my linuxcbt course i purchased 4 years ago. i got the security edition and the RHCT course as well. I took it in school and had to purchase the CBT. I completed the first course but not the other 2. so that is next. just need to build a lab for it though. thats the hard part. They sent me a picture of whathe VM environment should look like… holy crap its complicated. hahaha

      thanks for the info.

    • #48256
      shadowzero
      Participant

      @LT72884 wrote:

      I feel somewhat dumb in a way. i cant believe i struggle on levle one. haha. there is no way i could have figured it out by myself with out the movies. haha.

      If you’re new to this, you should expect to struggle for the first few attempts. As you progress you’ll start to learn what to look for and things will become a little easier. There will always be some degree of trial and error, especially when you get to more challenging machines, but there’s no substitute for experience and lots of practice.

    • #48257
      LT72884
      Participant

      @shadowzero wrote:

      If you’re new to this, you should expect to struggle for the first few attempts. As you progress you’ll start to learn what to look for and things will become a little easier. There will always be some degree of trial and error, especially when you get to more challenging machines, but there’s no substitute for experience and lots of practice.

      True. it is completely new to . I went back and looked at my ccna and ccnp security and it was all packet filtering and port forwarding stuff. nothing on how to attack a system. haha.

      I want to learn to use nmap in an environment with routers and firewalls, but im not sure how to run those apps in a vmplayer, nor do i know what config settngs should be configured on the firewall a well. IE, how secure should i configure it or how open. Wish there was a router/firewall challenge disk ISO.

    • #48258
      Jamie.R
      Participant

      You do have a few options you can get some cheap kit on ebay and setup a router. or you coudl take a look at http://www.gns3.net/

    • #48259
      LT72884
      Participant

      @Jamie.R wrote:

      You do have a few options you can get some cheap kit on ebay and setup a router. or you coudl take a look at http://www.gns3.net/

      i forgot to mention that i have real equip but no room. so i must go virtual. GNS3 was like packet tracer in its day. haha. it looks like you can run virtual box with it but not vmplayer. dang it.
      thanks

    • #48260
      shadowzero
      Participant

      @LT72884 wrote:

      True. it is completely new to . I went back and looked at my ccna and ccnp security and it was all packet filtering and port forwarding stuff. nothing on how to attack a system. haha.

      That will come in handy. Some attacks require you to analyze network traffic (fuzzing, man-in-the-middle, etc), and having a solid understanding of networks will help you when it comes time to pivot through internal networks.

    • #48261
      LT72884
      Participant

      im hoping it will. haha. The rules you have to follow for adding acls to routers is tough but writing them is pretty cool. I remember during my CCNA, it took me 45 minutes for one of the sims because it was soooo wicked hard. advanced firewall config was the exercise. haha. got 100%on security though.

      I want to start a new thread for a new question but i am not sure when i should. haha. I want to discuss two firewall programs(entangle vs smoothwall) and how to add them to my vmplayer network for a lab. but i dont want to start to many threads.. haha. I want to learn how firewalls work and be able to use namp against one and then read the logs and see what it is doing. Then i want to tighten security on the fire wall and see if i can get past it to see if i can get access to de-ice 1.100

      thanks guys

    • #48262
      Jamie.R
      Participant

      I would say get copy of CCNA material and go thought it as it will help you loads understand networks better.

      You can find material online but I recently went thought the CCNA material and it just help me understnad networking alot better how things likes firewall rules work, ACL , NAT this only help you when doing pen testing.

    • #48263
      LT72884
      Participant

      @Jamie.R wrote:

      I would say get copy of CCNA material and go thought it as it will help you loads understand networks better.

      You can find material online but I recently went thought the CCNA material and it just help me understnad networking alot better how things likes firewall rules work, ACL , NAT this only help you when doing pen testing.

      exactly, its been 5 years since i have used any of my CCNP knowledge or CCNA. last time i used it, i installed the back bone for ebay HQ here in draper. That was a crazy project.

      I still have access to the ccna learning center and i have all the books for my ccna and ccnp.

      My next course after the pen test is my linux RHCT and security. Linux cbt has contacted me and i own there cbt. they are trying to help me build a lab. hahaha.

      Im also talking to another group of how to make challange disks for firewall pentesting and also router pen testing. i want to at least contribute to the security group. haha. Even if it means i have to just make tutorials on it for now and tell people how to set up the firewall for some challanges.

      thanks guys.

      I just started reading the issaf, very interesting. Hopefully with the knowledge from that i can complete the lvl 1 disk.

    • #48264
      Jamie.R
      Participant

      I found knowing the basic does really help loads. You can also pratice more complex attack like vlan hoping with cdp so on…

    • #48265
      LT72884
      Participant

      @Jamie.R wrote:

      I found knowing the basic does really help loads. You can also pratice more complex attack like vlan hoping with cdp so on…

      i think i have seen that once before in my ccnp class. Is that were you take advantage of the way the trunking protocol works and by using cdp, you can see info passing from each vlan?

      See my problem is i know basics but could never figure out how to manipulate the basics to find security issues. haha

Viewing 49 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?