You might also check out ping -R (find an IP4 compliant network node, like themanadrain.com) and see what goodies it reveals.

There are a whole lot of assumptions being made, the biggest I see is the assumption of a flat network. Most enterprise/corporate environments that are more than just 15 workstations have an...

Here's the thing, in my experience, a penetration test is something that doesn't get organized overnight. There's a lot of back and forth with legal, and it's usually a few days before the contract...

I don't know how useful this might actually be on pentests. It's recently come up a few times in work, and also a few times on IRC, so I thought I'd write a little script and primer on using GDB and...

As someone who develops a few different open source projects, trust me when I say, this is tough to get until you hit a pretty good maturity. In fact, don't count on people requesting features -...

I'd suggest also getting an older ASA/PIX and setting that up.
You can get a technet subscription for $200/yr, and it gives you dozens of licenses for various MS products (SQLServer, Win7, Win2k8,...

The theory is sound. It's not really a good way of preventing someone from booting BT4R2 - unless the OP manages to encrypt the entire BT partition as well. Otherwise, anyone could simply configure a...

This information is pretty easy to discover, and I've posted about it before.

The BOOT= and boot= lines are not "kernel" arguments. Rather, because you can have anything appear on the...

It also depends on greatly on the actual honeypot. For instance, something like kippo - detectable with regular expression matching. A real live OS that someone sets up to be broken - not so...

You may find a roundabout way using pstree, ps, and looking at the auth logfile.
As an example, I did a sudo bash on my machine. ps details:


root 27946 0.0 0.0 11208 2016 pts/3 S+ ...

In short - not without building a lot of stuff yourself. Take some time to read through the 3gpp docs. The OTA stuff has at least 9 different permutations of MAC where different logical links pass...

Additionally, ubuntu runs upstart, which is pretty easy to make a script for.

If you have an auto-login as root, why even bother with kdm? Just write an upstart script to start X.

Did you read the gdb error message at all? I understand that english isn't your first language, but the error message is pretty basic - you should be able to figure it out.

EDIT: I wish I had read...

In the same room - no obstructions.


As I posted - when I manually wrote out a wpa_supplicant config file, and used dhclient, the issue went away - which is why I suspect a WICD bug.

Tool name: Simple Fuzzer
Tool function: A highly configurable, intuitive, protocol fuzzer

Tool description: Simple Fuzzer is a very simply configured fuzzer which allows the user to construct...

Yikes! Why do you have the multicast bit set on your source mac address?

I'm using BT4R1 (haven't done a complete upgrade, yet). Seems like if I use wicd to connect to my WPA network, the connection randomly resets. I've looked through google and the logs, but haven't...

I'm not sure if there are any specific 802.11 headers that need to be set, it's an avenue for investigation.

Are you sure you're generating the request properly? I don't know how you're trying to accomplish this - I'm guessing you're sending out over a raw eth socket. Try this - try physically plugging into...

All that follows is from someone who has done both software engineering (currently) and network administration (10+ years ago).

Let me put it to you this way -

if you want to get into exploit...

+1 to this.

Your jmp calculator is really a 32-bit endian reverse.

Wish I had seen this thread earlier. There's already a decent project which does a lot of the stuff you'll want to do called Jasager. You might want to google 'hak5 pineapple', or 'jasager'. It's...

Just to correct a misconception that people derived - the EIP does not contain two halves. The system always behaves as if every non-branching instruction were followed by "eip = eip + [length of...

While I normally wouldn't question a mod's posting, I am curious whether or not you have read this:

http://www.backtrack-linux.org/forums/tool-requests/571-immunity-debugger-v1-73-a.html

If so,...

Did you try removing the map statements from the winxp section, like I suggested?