This is a great list of Vulnerable Web Apps! Thank you!

Both of the links you posted are great! Thank you SO much! I had actually been to hackergames.net before, but had forgotten all about it.

I will definitely send an email to squidly1 and see if she...

That worked! Must have something to do with the referrer. I'm downloading them right now and will take a look when I get the chance. Thanks!

My question about a "Knowledge Quiz" still stands. Any...

Thank you!

Both of the links that you posted give me a 403. Any idea why?

I'm part of a student group that is attempting to get together a hack - defend game [probably a CTF type].

What I was looking for was if anyone was aware of a "Hacking Experience Quiz," or...

kysuke ... I think I love you.

Thanks! This looks like it will work. I'll try it here ASAP.

Well, the copy won't boot. I had some issues that just stopped Windows from booting, which is why I re-installed. [It's actually been quite a long time, two years or so]. I hate to get into what-ifs,...

I've tried on another forum with no avail. I was attempting to avoid posting a topic that is directly not related to pentesting, but I suppose that this category would be the place to do it.

I...

Just pointing this out: If you're having problems with mounting a device because you didn't make a folder, perhaps Backtrack is not the distro for you at this time. Now, maybe you just posted without...

Hmm... never thought of that; Not that I spend a large amount of time studying them.

Your comment makes it all the more funnier. I chuckled and sadly this made my day. (It was a slow day)

Check out http://www.openwall.com/john/doc/RULES.shtml.

I have a great book with a tutorial that I'll look at and let you know if it has anything valuable to your problem. I'll take another look...

Well, if it's executable, doesn't it need to be readable to user in some form. When a program is run, a shell script for example, someone must reads it so that it can process the commands.

I...

Trust me. JTR can do that. JTR is about as advance as it gets; you just have to play around with the rules file (can't remember the exact name). If you're still looking for a solution to what ever...

So, just to clarify (and I have no idea how), if the passwd file was non-readable/writable, but executable to a non-superuser, can you pull the hashes from the file?

I am also curious, but I don't...

I'll post the results tomorrow. It's just B|T 3.

The link is broken. Would you happen to have a mirror.

Edit: I didn't have an opportunity tonight. I'll post ASAP. Thanks

You can lol. Just watch the numeric words. They make me feel like I'm on a roller coaster reading them.

Just go with John. If you just need every possible combination then let JTR generate it. If...

Just out of curiosity: What do your modified hashes "decrypt" to? Or are they just random?

Of course. Just don't supply a target with arpspoof.

Edit: Forgot to mention: A segment arpspoof WILL set off a IDS if there is one on the network. Not sure of your contract terms, but can you be...

Thanks for the tip. I'll try it tomorrow and let you know.

EDIT: So, as promised here's the update. I'm having issues with the shell script and environment variables. This shell code terminated...

Is /tmp/file.exe the location it gets uploaded to?

Edit: Never Mind. I didn't see PEXEC. Do any other payloads work?

Here we go again. Overflows are so simple in theory; but practice is another story.

So, I am attempting to launch a shell in my Linux environment (BT3) but I keep seg faulting. The method that I'm...

You might consider placing this on it's own thread.

Losing the & didn't work. I figured out an alternative way, so I'm good for now.

Nice to see the forum again.

Thanks for the link. I haven't tried it, but bookmarked it. Any idea how to get this on tty2-6?

I'm actually curious about this as well. I don't really plan on using it in my installed distro, but it is quite a cool effect. Anyone know how this works or why it's only on tty1?

So here is what finally worked:

I used pattern_create 38 > ascii to create a file with "random" values. Because I knew that EIP was at 35-38, (I knew the buffer was 30), I then went through and...