apollo

However if I do the same and show 5 words i get this:

Ex: 4
Code:
(gdb) x/5xw 0xbffff834
0xbffff834: 0x00000005 0xbffff898 0xb7eafebc 0x00000001
0xbffff844: 0xbffff8c4


Here is what is going on. 4 words = 16 bytes. What you are seeing here is the 5 words, printing out 16 bytes at a time for readability. The first grouping of…[Read more]

@DragonGorge wrote:

I think we all agree that plain text passwords are not a good idea. And while this is “just a forum”, to me it’s a matter of practicing what you preach. However, in saying that, I don’t really know how much extra effort is required to go from plain text to hashed/encrypted so maybe this is a case where the cost isn’t worth the…

[Read more]

If you’re doing this freqeutnly, I’d tke a look at hashcat (http://www.hashcat.net).  It has the ability to do a mask attack, and you can easily setup brute lists with just numbers using the masks.  This saves disk space when you want to enumerate over large groups in a static pattern.
 

Just to be clear, Cobalt Strike leverages Metasploit for a lot of it’s attacks.  It’s a further development for the Armitage front end that acts as a Java based front end for Metasploit, but Cobalt Strike has addressed a lot of the workflow, reporting, and other automation that isn’t easy from within Armitage, Metasploit base install or other…[Read more]

@chrisj wrote:

I’ve still got to read that. I’m a little disappointed there was no C/C++ or Assembler primer. Since I need help on those for the ElearnSec class. But still happy I have a copy. Maybe I’ll get to read it soon, like around October.

What sort of things would you like to see with c/c++/asm ?  I’m pretty sure we can build a whole…[Read more]

It does have a Metasploit module.  Have you tried reading the source to figure out what’s going on? 

Theres a whole set of info on bypassing NX protection in the comments, as well as information about the handle you have to bind to as well as the type of dceprc call that triggers the vulnerability.  I was currious what additional info was in th…[Read more]

The thing that will help you most in OSCE is to verify you really understand each lesson as it is presented.  For instance, you will be walked through an exercise, then you will have to complete it on your own.  You should try this:

1) Do the exercise with the video
2) At end of chapter, re-create the exercise referencing the manual
3) Rinse a…[Read more]

Hehe.. NOP is a funny little cert.  Immunity is still offering it it seems based on their site, but I think it started out as a marketing tool.  The deal was, get a random vulnerable binary, and see if you can write a working sploit in 45 mins using immunity debugger and their drag and drop sploit creation tool.  You end up having to understand ho…[Read more]

MaXe is spot on.  You don’t have to be able to write assembly, but you generally need to get binary math (bit shifting, OR, AND, XOR etc) and you should have a base understanding of registers from PWB.  From there, if you have a good assembly reference you can look stuff up,  but the more you’ve dealt with looking at assembly the faster you wi…[Read more]

Check out http://sourceforge.net/projects/laudanum/ .  They have some things that will do what you want.  There are also some cleansed versions of what the evil folks out there are using.  They have some advanced functionality such as ability to escalate privileges, deal with databases, etc. 

Then, there’s a fun one.  If you can turn it into a re…[Read more]

For the CCNA, you can use y200emu emulator.  Unless they have changed it substantially since i took it, most of the links required are serial, and most of the things you will have to do should work within the emulator, and most of all, no hardware required. 

http://7200emu.hacki.at/index.php

They even have sample virtual lab setups for CCNA.

NSE’s are written in LUA.  The biggest challenge when I was working on NSE devel is that LUA is missing some things I really wanted.  Read a basic LUA tutorial, and then on the Nmap site in the docs there’s a section dedicated to working with NSEs.  Once you understand the basics, you can look at the stock stuff to figure out more.  The big thi…[Read more]

So, their response isn’t business related it’s emotional.  So, in my opinion, you need to make an emotional case as well as a business case.  

For instance, knowing that during an outage, it cost you X, but it may have also meant that a manager had to explain him/herself to someone.  Nobody wants to be at the helm when the ship hits the ic…[Read more]

Good luck! OSCE was extremely challenging.  Knowing what you do now, I’m sure it will help a lot on the next attempt.  Let us know how you do! 

H1t M0nk3y, that wasn’t my understanding, so thanks for sharing your experience. 

There is another aspect to remember here in addition to the time management.  Your bonus points from the class (I assume you did them, if you didn’t get started now) apply to your final score.  So, you don’t have to get everything, you just have to get enough points to add up with your bonus points to pass.  I would say don’t shoot for 100%, in…[Read more]

exploit-db and search for Lan Party:
http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=lan+party

That will get you a pretty easy to configure app with mysql that it works great with.  That’s what I’ve done demos on, it was very easy.  If you have an up to date securely configured PHP, you will have to undo things t…[Read more]

Just wanted to bump this up.  I’m going to be speaking again this year and they have a good lineup.  If you have the opportunity, you should really try to make it.  There are a number of things which differentiate SecTor from other conferences.  First of all, you can expect the same quality of speakers you see at other large security con…[Read more]

I did v2.  I haven’t seen the content for v3 so no idea on the comparison. 

I will look back at my leo files, but I don’t think I used any sploits off the web.  I think everything I used was milw0rm or exploitdb.

I’m working on the OSCE writeup right now.  I hope to have it done within the next week or so.  It was a heck of a course.

I got all the boxes on the OSCP.  To get a perfect score, from my experience, you need to understand everything you did from the course well enough that you are only going back to reference commands and not techniques.  I did…[Read more]

j0rDy, I can relate to your feelings on doing the “humane” thing.  Based off of my experience, if you have gotten all of the boxes in the lab, then you probably can get a passing score on the exam.

I figured out something interesting about offsec courses doing the “Cracking the Perimeter”/OSCE content over the past month.  While they certainly d…[Read more]