Page 11 of 13 FirstFirst ... 910111213 LastLast
Results 101 to 110 of 123

Thread: Pentesting Documentation

  1. #101
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by AnActivist View Post
    Hmm,

    That may confirm my hypothesis then because I have the 2004 edition (the second came out in 2007 correct?) This is a picture from my copy:
    http://i407.photobucket.com/albums/p...reenshot-1.png
    If it is a mistake its strange that there hasn't been any statement or documentation that there is an error, does anyone else have the 2004 version and can confirm?
    My guess is an author wrote one thing and a tech editor changed it or the graphic around based on who knows what and hence the error.
    And yes the second edition was published in 2007.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  2. #102
    Junior Member AnActivist's Avatar
    Join Date
    Apr 2009
    Posts
    77

    Default

    well in any event I can put this mystery to rest thanks for you help archangel.amael

  3. #103
    Just burned his ISO
    Join Date
    Jun 2009
    Posts
    23

    Default

    Great thread AnActivist!
    I've been reading it for a while now, but i wasn't registered, it's a good thing that all the communities are bound. (i'm from the french one)
    Please keep up the good work.
    The way you share your progress is awesome...

    hats off!
    http://ne0matrix.blogspot.com
    http://ne0matrix.blip.tv

  4. #104
    Member inf_437's Avatar
    Join Date
    Feb 2010
    Posts
    57

    Default

    Nice thread! I've read quite many threads in the few months that I've been to this forum and this is one of the most interesting threads I've seen so far.

    Keep up the good work and I'm looking forward to read more from you.

  5. #105
    Junior Member AnActivist's Avatar
    Join Date
    Apr 2009
    Posts
    77

    Default

    Its always great to hear people are enjoying reading this thread; thank you for the kind words.

    It has been a little while since I have posted anything useful. The reason for this is that I have been trying to learn more about buffer overflows and getting more into the nitty gritty; after all we can only last so long hanging on the tailcoats of champions like HDM or the rest of the Metasploit team. One day I would really like to actually contribute to some of the work they do. Because of this I've been trying to sift my way through the the low level world of buffer overflows.

    For the moment it is pretty unrewarding which is to be expected. When I say unrewarding I mean that I can't really write a fun report about key logging but its very exciting to learn about, just perhaps not as exciting to document.

    Still I have some good news: I found a project called the SEED project; I won't go into to much detail as to what it is since the link is right there but basically it explains how to set up an exploit lab and runs through some labs. At the end of each lab there is a lab report required to be submitted, however I think that is only for students. This appears to be exactly what I am looking for, and it also will add more modularity to my research.

    I'm just going to pretend like this thread would be the "professor" and I will be submitting my research/lab reports here for criticism and advice. I'm not sure how well this is going to work but I see no harm in trying it out. Feel free to join in, or just stay tuned.

    As always thank you for reading, and thank you again for all the kind words.

  6. #106
    Junior Member AnActivist's Avatar
    Join Date
    Apr 2009
    Posts
    77

    Default VMWare Tools with Fedora 8

    Basically the SEED project lab consists of MINIX3 and Fedora (I used 8) to be run inside of vmware. This turned out to be a little bit more of a pain than I thought, so I'm going to jot down some pointers for anyone else and for myself so I don't forget.

    1. Google for minix/fedora vmware images so you don't have to worry about the configuration, from there its easy just download the tar, then untar then open it up in vmware-workstation 6.5. I tried to install it myself from the .iso and both turned out to be a pretty big pain. The preconfigured vmware images were much simpler.
    links:
    minix3- I used the first one.
    Fedora8 - I used an older core however according to the documentation on the SEED site the core # shouldn't matter too much.
    Notes:
    -I haven't really messed with MINIX3 yet, for now it seems pretty bare, there is some configuration required but I think that as I progress through the labs it will explain more.
    -The 2 default users for fedora are as follows (username, password):
    root, fedora
    fedora, fedora
    -I recommend logging in as root first and then creating your own username/password. I also recommend configuring "sudo" to work properly, especially if your coming from Ubuntu like me: LINK

    2. Getting a compiler/header files to install VMware Tools for Fedora 8.
    This was a pretty big pain, the Fedora team in their infinite wisdom decided to not include the gcc compiler or the C headers.

    -To get both issue the following commands
    Code:
    yum -y install gcc gcc-c++ kernel-devel
    Note:
    The VMware-Tools script should be able to find both your compiler and your C header files now but if it can't these are the locations of the gcc compiler and the header files respecfully:

    /usr/bin/gcc
    /usr/src/kernels/2.6.23.1-42.fc8-i686/include

    One more not about finding stuff in linux, use the "which" command, aka if your trying to find your gcc compiler, "which gcc" will print you the directory it is located in.

    3. Installing the VMWare tools:
    Alright all the hard work is finally done. Just boot into Fedora 8 with VMware; click on the VM tab; go the "Install VMware Tools...".
    Now a cd should have mounted to your desktop, double click; drag the tar file onto your desktop, untar it, change directories into the folder that was just made; and sudo run the install script (sudo ./vmware-install.pl).

    Everything should be good now unless you need to manually put in the directories I listed above, just restart afterwards. This is a pretty rough little howto, I plan on revising it tomorrow I just wanted to get everything down before I forget. I'm pretty excited to actually get into the labs now that my environment is all set up. Thanks for reading.

  7. #107
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by AnActivist View Post
    Still I have some good news: I found a project called the SEED project; I won't go into to much detail as to what it is since the link is right there but basically it explains how to set up an exploit lab and runs through some labs. At the end of each lab there is a lab report required to be submitted, however I think that is only for students. This appears to be exactly what I am looking for, and it also will add more modularity to my research.
    OK, very cool link, I have recently been reading about exploiting SUID binaries in *nix, and look, there's a lab on that right there on the site!

    Thanks for sharing AnActivist!
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  8. #108
    Junior Member AnActivist's Avatar
    Join Date
    Apr 2009
    Posts
    77

    Default

    Thats great lupin; I'm always happy to know that my posts are helping someone out.

    I'm going to give an update on my situation as much has changed since the last listing of my goals a couple posts back. Mostly what has changed is the technology around me.

    For graduation my uncle surprised me with an IPhone 3gs. I will say that this is quite a shock to me as I have gone from a large brick with metro pcs (think early 2000 nokias) to arguably the sleekest phone on the market. I'm a bit conflicted because to be honest I rage against materialism, I'm interested in knowledge not material things; it makes me sad to know that I'm now immediately grouped in with some of the yuppies I see with IPhones (this is just my experience from where I am from and my own environment not yours). At the same time I cannot believe how useful it is. I literally have the key to knowledge (the Internet) with me at all times and it is very exciting. I plan to make the most out this piece of equipment to try and make up for its materialistic curse.

    Second, I decided that my Dell XPS laptop was just too much. It just didn't meet the specs that I'm looking for; both for college next year and my own personal use. Its just too heavy, flashy, and has so little battery life that I can't use it for what it was intended for. I was actually able to sell it on Ebay for more than the original cost, which is very good. Currently I'm looking to purchase a Lenovo Ideapad but still haven't made up my mind, I should have an update pretty soon into the future. As always your input would be appreciated.

    To update some goals, I have decided to push aside my wireless ambitions for now, as well as the readings of the Shellcoder's handbook and the Rootkit book to work on the SEED Project; which by the way is coming along very nicely. I view the SEED project as the base that will push me off into whatever other projects I want to pursue with a solid foundation. That being said my update summer project/reading list should go in the following order:

    SEED Project -> Shellcoder's Handbook Second Edition -> Rootkits Subverting Win

    My currently the SEED Project is going very well, I am working my way through the first lab and learning more than ever. With Internet access always available to me I think I should be right own my way to success by the end of the summer.

    Some other side goals:
    -Purchase a laptop/get Ubuntu working flawlessly
    -Once BT4 final is released re-work wiki articles (purehate, whenever you have free time just send me that wiki account) and make sure that they are presentable.
    -Research the computer underground, and verify whether it even exists today.

    This post is just a reference to keep me on track, my apologies for its longwindedness. Like I said before if you do read and have any feedback that you think would help me, it is always appreciated; thank you for reading.

  9. #109
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    Congratulations on your graduation

    Well there is always some necessary evil (like the Iphone )

    Maybe you want to document the findings while working on the SEED project you think which are worth to share if there are any.
    Tiocfaidh ár lá

  10. #110
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by AnActivist View Post
    For graduation my uncle surprised me with an IPhone 3gs. I will say that this is quite a shock to me as I have gone from a large brick with metro pcs (think early 2000 nokias) to arguably the sleekest phone on the market. I'm a bit conflicted because to be honest I rage against materialism, I'm interested in knowledge not material things; it makes me sad to know that I'm now immediately grouped in with some of the yuppies I see with IPhones (this is just my experience from where I am from and my own environment not yours).
    Not everyone with an iPhone is a yuppie, I happen to have one too! Anyway, where I live it seems to be mainly the graphic design "style over substance" crowd that has iPhones. I just got one because I needed a new phone and I wanted to reduce my pocket load by not carting my iPod around any more. I'm aware that there are other phones around that can play music and videos but I already knew a fair bit about the iPhone and it could do everything I wanted (which is basically to make/receive phone calls, send/receive SMS and listen to music/play videos).

    Congrats on the graduation!
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

Page 11 of 13 FirstFirst ... 910111213 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •