Search:

Type: Posts; User: Liuser; Keyword(s):

Page 1 of 3 1 2 3

Search: Search took 0.00 seconds.

  1. Replies
    2
    Views
    17,171

    Re: AW: sqlmap - SQL injection Scanner

    To add onto pigtail23, You should do an svn checkout of .9-dev. It looks like the algorithms for sql injection is better than .8. I tested both .8 and .9 on an identified vulnerable web app and .8...
  2. Re: Choosing appropriate MSF Payloads in case of Anti-Virus

    Thanks spudgunman. I'm going to watch all of them and check out the script you've modified for meterpreter. I have some additional questions at the moment, but will first check these out first. I...
  3. Choosing appropriate MSF Payloads in case of Anti-Virus

    Hello all,

    In case this is a newbie question, moderators feel free to move and apologies for the trouble.

    We all know that certain vulnerabilities out there that can be exploited via MSF is a...
  4. Replies
    143
    Views
    68,161

    Re: [Script] [Video] fakeAP_pwn (v0.3)

    Script works great - I noticed that you want to incorporate support for OSX in the future. Have you been able to connect to the fake AP using OSX and have the DHCP issue an IP? It is the problem...
  5. Replies
    7
    Views
    10,224

    Re: Re : WPA Stealer & All-in-One

    Just tested this Rogue AP script.

    I had to make a few changes to the script since the Python interpreter complained. I'm not sure if there is a discrepancy in versions between BT4 (which I...
  6. Replies
    3
    Views
    2,350

    Re: Split words into two words from wordlist

    cat [filename] | cut -d"|" -f2
  7. Discussioni: Nessus on backtrack4

    by Liuser
    Replies
    7
    Views
    3,048

    Re: Nessus on backtrack4

    Sounds like you need to create a user account. It's required prior to logging into Nessus. Newly updated Nessus uses a web interface as the client.
  8. Replies
    6
    Views
    2,068

    Re: MS09_050 Vulnerabilty through nessus

    A quick google search already turned up useable code for MSF.
  9. Replies
    2
    Views
    1,815

    Re: weired issue with John brute force

    phocean - it is a cache password. Use JTR flag: --format=mscash
  10. Replies
    2
    Views
    2,660

    Re: Bypassing ASP validaterequest?

    I appreciate the input and lead compaq. You have me thinking about what is occurring under the hood of ASP. I will integrate your suggestions while I continue my fuzzing.
  11. Replies
    2
    Views
    2,660

    Bypassing ASP validaterequest?

    ASP.net enables validaterequest filter by default on its installation. For those unfamiliar with this, it is essentially a filter that checks for potential malicious cross site scripting and...
  12. Replies
    5
    Views
    2,725

    Re: Connections in Meterpreter while using proxychains?

    Thanks killadaninja -- I will test this out and let you know. I expected this was just a shortcoming in my knowledge on msf.
  13. Replies
    60
    Views
    7,235

    Re: forum culture debate :/

    Thanks! I really appreciate it, no need to apologize - again, I completely understand. I am still getting accustomed to how things are run around here as well.

    I noticed when sending PMs there...
  14. Replies
    60
    Views
    7,235

    Re: forum culture debate :/

    Hi Lupin, no it was not you. I thought I did respond to the moderator clearly and politely. I stated that it was a legal pentest and I have the appropriate signed paperwork from both parties to...
  15. Replies
    60
    Views
    7,235

    Re: forum culture debate :/

    I have a question for the moderators - do we need to explicitly specify that we are performing legal activities in posts when we ask for help on a particular scenario? I asked for help a little...
  16. Replies
    5
    Views
    2,725

    Connections in Meterpreter while using proxychains?

    Hello,

    I am having some difficulty with my setup that I hope someone here can lead me in the correct path. Here's the background:

    [My Machine] --> ( Internet ) --> [ Compromised Machine ] ...
  17. Replies
    15
    Views
    4,636

    Re: Web App Assessment Tool Opinions

    Awesome - thanks for the replies and insight thorin.
  18. Replies
    15
    Views
    4,636

    Re: Web App Assessment Tool Opinions

    It looks like the predominate tools listed here are scanners that test the web application externally. However, would you have any recommendations for scanners that analyze code?
  19. Replies
    2
    Views
    1,745

    Re: Local Admin -> Domain Admin

    What command are you using for JTR? JTR will not crack the cache passwords unless you explicitly state the format that it is of cache format.
  20. Replies
    7
    Views
    2,260

    Re: Challenging penetration test

    Learning to use msfpayload and msfencode is something you should have learned as a pentester.

    You stated that social engineering is out of scope, however e-mails are a form of social engineering.
  21. Discussioni: backtrack on ps3?

    by Liuser
    Replies
    2
    Views
    3,151

    Re: backtrack on ps3?

    Why not just load the tools itself rather than the entire BT OS?

    I am assuming that installation of BT on PS3 will be similar to installing Ubuntu on PS3, which they have documents online for. ...
  22. Replies
    6
    Views
    3,715

    Re: Becoming a Successful Pentester

    This is just my experience and the road that led me to becoming a pentester:

    I did my Comp Sci undergrad at UC Santa Barbara (renowned for their security research) and took their security course. ...
  23. Replies
    5
    Views
    10,173

    Re: Meterpreter: Reverse_TCP

    You can pick any arbitrary port you want to listen for that reverse tcp connection. It is possible to take control over someone's computer that is remote (ie. different subnet, external to your...
  24. Discussioni: Password Generators???

    by Liuser
    Replies
    3
    Views
    1,361

    Re: Password Generators???

    I don't think you googled hard enough.

    Example:
    /pentest/passwords/jtr/john -incremental=All --stdout
  25. Replies
    15
    Views
    4,636

    Re: Web App Assessment Tool Opinions

    I have been using Skipfish. Very impressive with the amount of requests it makes and presents the data in a nice user friendly web GUI. It takes quite a bit of time to sift through the results. ...
Results 1 to 25 of 58
Page 1 of 3 1 2 3