timmedin

@d3l0n wrote:

jonas, unless you managed to run it as a scheduled task which runs with system privileges  you won’t be able to dump the hash.

d3l0n is right, you have to have admin or system level privileges in order to dump the hashes.

It all depends on the “rules of engagement”.

From practical experience, I haven’t seen an intentional DoS against productions systems be allowed.

I’ll second BillV’s response.

CEH is more well known, but from what I have been hearing it isn’t keeping up in the certification market. GPEN is great. Not only does it give you good training on the tools it teaches the business side of things which is very important. You can be the best pen tester out there, but if you can’t communicate findings…[Read more]

@d3l0n wrote:

Thanks timmedin

Pash-the-hash works because the hash is reused without modification and it is the sole piece used for authentication. This is the same reason that cookie and session hijacking work in web apps.

How can you get transparent access to network without storing users’ credentials somewhere?And without asking users to…

[Read more]

Pash-the-hash works because the hash is reused without modification and it is the sole piece used for authentication. This is the same reason that cookie and session hijacking work in web apps.

The attack is specific to the protocol and its authentication mechanism, NTLMv1 authentication. You won’t be able to authenticate to a *nix ssh server or…[Read more]

Where did you download it from? It should be http://www.oxid.it/cain.html

Depends on the router, but the router would also need to keep the dhcp request timestamp

I have always heard that…
-fingerprinting is seeing what the machine or service is
-footprinting is seeing what machines and services are out there

@don wrote:

It’s also similar to finding a lawyer. You get very different results going with the more expensive ones. “You get what you pay for” seems to fit in with pen testing as well.

This can’t be emphasized more. The quality of your test is directly proportional to the quality of the tester.

What is your goal here?

– If it is to write snort rules then look at the metasploit exploits (not payloads)

– If you just want the rules then check out http://wwww.bleedingsnort.com (free) or even better look at http://www.sourcefire.com/products/snort/rules (paid)

I would recommend the online training with vLive, taught by Ed Skoudis and John Strand, both of whom are fantastic. Here is the link.

I have an older one and I got one from EH.net/IronKey. I love it. It is so rugged. Normally I am afraid of breaking them in my bag and I wouldn’t trust them to be carried with my keys, but this thing is solid.

I like all the cool features and the cross platform support too.

Sweet! What is the recommended age on this thing?

I’ve seen the hourly rate from $150-$250 and I would guess that this would take 20-40 hrs depending on the services and the size of the website. That would put the range between $3,000-$10,000.

If you are scanning your internal systems, GET WRITTEN PERMISSION!

The tool isn’t illegal, except maybe in Germany. Anyone know the details of the German law?

Cain & Abel allows you to “read” the password boxes and retrieve the key even if it is blanked out by ******.

It has been a while but if I remember correctly Paul Asadoorian (from PaulDotCom Security Weekly) did a webcast that gives some good justification.

http://www.coresecurity.com/content/zen-and-the-art-of-maintaining-an-internal-penetration-testing-program

I have taken and passed both tests, and I would say that the overlap is a maximum of 40%. Not having the course material will make it much tougher to pass  the test. I have Counter Hack Reloaded, but I haven’t read it yet so I an’t tell you how helpful it would be. Good luck.

I’m still confused, but…

If you can export the message I would think you could open it. Try it (with permission of course).

I don’t know if Kon-Boot would work but it might. I would suggest trying it. All it does is load its code then calls the normal boot loader.