hayabusa

Let’s work on things one step at a time.

It might be helpful if you provide the contents of the dhcpd.conf file you’re testing, as I’m betting it doesn’t like one of the interface names used within the file.

Professional Penetration Testing, Second Edition: Creating and Learning in a Hacking Lab – https://www.amazon.com/Professional-Penetration-Testing-Second-Creating/dp/1597499935

Coding for Penetration Testers: Building Better Tools – https://www.amazon.com/Coding-Penetration-Testers-Building-Better/dp/1597497290

Penetration Testing: A Hands-On…[Read more]

Thanks for the tip. I went and checked it out, and recalled I’d won a free mile2 course and exam from ethicalhacker.net, a while back. While I’d gone through the C)SWAE course back then, I’d never circled back for the exam. (Now taken and passed. 😀 )

There are numerous software packages and services out there to block ‘unwanted’ sites.

Perhaps the easiest (free one) to START with would be to use something like OpenDNS’s FamilyShield.

https://www.opendns.com/about/press-releases/introducing-familyshield-parental-controls-the-easiest-way-to-keep-kids-safe-online/

Basically, you’d change your…[Read more]

I got bumped into a more ‘all-inclusive’ management role this year, myself. But it’s good in that it’s allowing me to play all sides of the fence for a bit, and drive some initiatives home that have been needed for some time. 🙂

Good to see you’re still at it (saw your post in the other thread, as well.) Good luck!

Did see that earlier, but thanks for the reminder. 🙁

I’d made a mental note, but the business of the day quickly wiped that from memory.

On to writing something for him, now.

And that’s the nail in the coffin for me, on C|EH. While the knowledge gained, early on, was beneficial and C|EH IS recognized, it hasn’t provided me with enough value to continue to maintain it, going forward. I had a great instructor the first time around, and chose to update it / recertify a while later, when he update course was offered to…[Read more]

The only suggestion I can give you is to look at ALL the resources Offsec provides to students (not just the specific course pdf’s and videos). They have a wealth of information at your disposal.

For the exam, itself? Not much we can help with / share. The exam is YOUR test of knowledge. Not really something that others should be doing with / for you.

What, exactly, are you asking about / looking for?

Not yet, but as per my response above this one (and my reply in the goals thread), it’s on MY radar for the year.

Looking to finish up the eLearn WAPTX exam, then likely Offensive’s Web App course, then up in the air, as I’m getting some priorities shifted at work, and the ‘winds of change’ are blowing. Got a lot going on right now.

muts acknowledged that to me, on Twitter, so fingers crossed.

Quick followup… If you’re at all interested in web application pentesting, it’d be well worth a look at eLearnSecurity’s courses. Don will be posting my review here on EH-net, in the next few days, of their WAPTX (Web Application Penetration Testing Extreme) course. I just submitted the writeup to him, last night. They cover a lot of SQLi…[Read more]

With ONLY that code snippet, I can’t say for certain if there are other exploits.

For example, depending on exactly what is in play on the site, here’s an example of where the built-in cleansing / sanitizing in wordpress isn’t always prohibitive of…[Read more]

As mowgli noted, in this case, the key importance is in that you know the services are there.

The version IS important to grab, as a habit, though, where you can, as often times that’ll lead you to a known exploit vector, etc.

First, let me tell you this has come up on the forums here, many times (one such link at the end of this reply). I’d suggest using the search at the top, to see if you can find more of those and read up on them, then bring more specific questions to us. 😉

The value of CEH depends on what you want it for. By that, I mean, are you using it to…[Read more]