jimbob

Off the top of my head here’s a couple of things you need to look at for forensic exam post-compromise on a web server. No doubt there’s some repetition of what’s been said but here goes.

• Logs – check the access logs for the web server for attack strings, access to admin pages and anything else that looks anomalous e.g. access to backdoor…

[Read more]

Welcome to ethicalhacker.net. You’ll find a lot of like minded people here and a lot of answers to the same question you are asking. Start by searching the forums, you’ll find that most people suggest one or more of the following:

• Learn all you can about computers
• Learn to program
• Read, read, read.

There are a lot of good resources out there.…[Read more]

That’s an interesting take on things. Yes, people do have a habit of storing interesting info like passwords in plaintext files. While they are not exactly keyloggers it’s basically a different means to the same end. Trawling home directories is a great way to start privilege escalation and jumping to other systems and services.

Regards,
Jim

@tturner wrote:

There’s a big difference between collecting and alerting

Agreed. The big issue is what to expose via alerts, dashboards etc. and what to keep. If capacity is not an issue keep everything. By all means trim down on noisy alerts that add no value but let the value of this filter down. Frequently you don’t know what you need until…[Read more]

Hi,
I would approach this from a different angle. Storage is comparatively inexpensive so trying to justify reducing a retention period on this basis may be hard. It may be easy to counter your argument with space is cheep, we will keep everything forever.

What is your reason for wanting to reduce the retention period? I assume you mean to get…[Read more]

There are good people in law enforcement who are capable of conducting an investigation of this sort. What’s more they have powers to gather ISP logs and other information with a warrant to discover the identity of the culprit.

This is a sad tale but taking upon yourself (or expecting it from another) to investigate this type of incident may be…[Read more]

@Matthias2012 wrote:

Do you know/remember what happens if you place .LOG(CR/LF) in the first line of a txt-file and open it with notepad.exe?

I’ve never come across that one before, nice.

Books date at different speeds depending on the technology and the quality of the writing. Some older books like The Art of UNIX Programming are well worth…[Read more]

It never fails to amaze me how people still put passwords on sticky notes. I would expect the armed forces to know better.

Jim

@artistic wrote:

The privileges of law enforcement authorities – are they over privileged or not and why?can you please share your opinion and expalin.

I think the powers given to law enforcement are massively disproportionate. Large motorcycles, advanced pistol weapons and the role of judge, jury and execution in one does not allow for proper…[Read more]

@digitalvampire wrote:

This is what they suggested as the correct statement:

SELECT * FROM admins WHERE user = ” OR 1=1 OR ‘1’=’1′ AND pass = ”

Why are the two true conditions in there.. not sure why that fixes it?

What they may have meant was something like this:

SELECT * FROM admins WHERE user = '' OR 1=1 AND pass = '' OR 1=1

The two…[Read more]

Don’t forget to think out a deeper solution. If you can get file upload on the server you can upload arbitrary binaries and ASP content to achieve this. Don’t think of pen testing as, “I have one exposed service, is there a remote exploit?” Can you find SQLi and execute code that way?

Regards,
Jimbob