Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

Recent Profile Visitors

1,709 profile views

Tarbizkit's Achievements


Newbie (1/14)

  1. you should also scope out exactly what you are going to be testing and the times that you will be testing, and if exploitation is authorized. As a side note and best practice, you will want to write down everything that you do and take as many screen shots as possible when performing the test. <---- extremely important by having an extremely detailed set of notes, you can save loads of time, and have all your evidence ready when you are starting your final report.
  2. hmmmm.... if you cant modify the router settings and a NAT is already set up to one computer that use combatwombat27's number 2 solution. if the other computer has a NAT setup to it but not on 22, you could change the ssh service to listen on the other port. All that said the best way is to set up the NAT's manually that way you dont have headache's dealing with using standard ports with non standard services. if you dont like the ports listed below, maybe choose 10022 and 20022. but again this will require you to modify your router settings.
  3. I recently moved from support to info sec. The advice I would give you, if you are wanting to get a certification, look into CISSP, or GPEN. CISSP is good (most books read like a lawyer manual) but business like it a lot. According to Global Knowledge, the GPEN is more desireable to busineses than the CEH. I guess its an acceptance thing :) Advice about the job: If you work for a public company that has rules and regulations that they must comply to (i.e. Sarbanes-Oxley, ect...) then an info sec job will be more about policy and ensuring that policy is being followed via audits and such. What I have learned is that although cool info sec stuff happens, more often than not, an info sec job is being able to come up with good security policy, ensure it is followed and report on it. again your results may vary, depending on the exact job title that you have and what company you work for. I hope this helps.
  4. ROTFL @ youtube videos you all havent heard of "tracer T" isn't that the upgrade to "tracer S" built on the pinger T code :)
  5. psexec does infact run your executable on the remote machine. if you get an error code of 0 then all is well and the executable ran fine, a code of 1 means it didn't. you can run cmd.exe as the executable and then when you get a prompt run a seperate exe. if you are in a domain and already have rights to the server, then you will not need to supply a username and password. Just an FYI, but you might have a bunch of processes running on the remote server already because in looking at your post you said that you got a response of 1. so if you ran calc.exe 20 times, you might still have 20 calc.exe's running on the server. another thing to remember is that there is no userspace for remotely ran programs on the remote server. meaning if you did run calc.exe as yourself remotley and then remoted into the server using mstsc you will not see the calculator, but you would see the clac.exe process running.
  6. not sure you have a computer problem, it might be PEBCAK error. your grandpa seems like a smart man. let him know we fully support him.
  7. hmmmm.... you might want to look into novell's product line. suse, oes, e-directory, and zenworks. these products are really good. I have been using edir since it was named nds and this was way before active directory was around. We currently run both directories at my office, mainly due to the fact that even though i feel that some of novell's products are better than ms, none of us can escape the fact that we live in a ms world. With ms having so much of the market share in the enterprise, it tends to push software vendors to make ms only compatible software.
  8. you sound like you are providing internet through a cable or dsl connection, if so, you could put a hub (not a switch) between your router and modem then use wire shark to look at the traffic. this option would require you to be comfortable looking at network traces though. you could also do some port spanning on your switches, if your switches support that, and effectively do the same thing, however, with the 50 or so users that you say you have, you might need to do this multiple times depending on your network setup. again, these two options are fairly technical so if you dont feel comfortable rooting around in a switch or reading a network trace then definatly go with pfsense. they have made the software extremely easy to use and install.
  9. you could get a hub instead of using a tap. but building the tap would be cooler. :)
  10. rewrite in vbs, or call a vbs file from your batch file. if you take the call route, the vbs file could look something like this... If Wscript.Arguments.Count = 3 Then strYear = WScript.Arguments.Item(0) strMonth = "0" &amp; WScript.Arguments.Item(1) strDay = "0" &amp; WScript.Arguments.Item(2) set objShell = wscript.createObject("wscript.shell") objShell.Run("wget http://www.girlgeniusonline.com/ggmain/strips/ggmain" &amp; strYear &amp; right(strMonth,2) &amp; right(strDay,2) &amp; ".jpg"), 1, TRUE Else 'fail with a msgbox if you want End If
  11. having setup many osx servers on my company network which happens to mostly be a hybrid of novell (450+servers), microsoft (650+ servers), and about 50 or so linux flavor servers, I can say with out a doubt that setting up and configuring an osx server is a really easy thing. as far as stability goes there have been no real problems, at least no more than any other os. When it comes to performance, i have no complaints either. the os has never been a bottleneck for us.
  12. you could deploy NAP. if there are resource problems with that you might try using group policy. you could have gpo set up that would disable access to the network control and also run a login script that would set the nic's up the way you wanted. this is a little easier if you are dealing with company resources and in a perfect world identical hardware. :) a low tech way might be using some wifi shielding paint. I have not used this personally, and have heard mixed results, so your mileage may vary :( If setup correctly, the NAP solution could help protect you from an already infected computer, but when it comes to syware, malware, a virus, or any other network nasty, nothing is gonna be perfect.
  13. i am guessing that you are not wanting to do this from a windows machine. if you are then you could try this vb script file that uses text files to store the hostnames and the ip addresses. be sure to save this file as a vbs and also create the hostnames text file. 'set the next line to 1 to have the output entered like the following 'HOSTNAME 'otherwise leave it at 0 to only get the ip address blnHostAndIP = 1 CONST ForReading = 1 Set objFSO = CreateObject("Scripting.FileSystemObject") 'Set path to input and output files. change these to what ever you like strHostNameFile = "C:\hostnames.txt" strIPOutput = "C:\ipaddresses.txt" 'Open input log and create the output file strHostData = objFSO.OpenTextFile(strHostNameFile,ForReading).ReadAll Set objLog = objFSO.CreateTextFile(strIPOutput) 'Create the array arrLines = Split(strHostData,vbCrLf) 'Step through the array For Each strLine in arrLines if strLine &lt;&gt; "" then If blnHostAndIP = 0 then sHost = strLine For Each oIP in GetObject("winmgmts:").ExecQuery ("SELECT * FROM Win32_PingStatus WHERE address = '" &amp; sHost &amp; "'") strRealIP = oIP.ProtocolAddress Next objLog.Writeline strRealIP elseif blnHostAndIP = 1 then sHost = strLine For Each oIP in GetObject("winmgmts:").ExecQuery ("SELECT * FROM Win32_PingStatus WHERE address = '" &amp; sHost &amp; "'") strRealIP = oIP.ProtocolAddress Next objLog.Writeline strLine &amp; vbtab &amp; strRealIP End If end if Next msgbox "Done"
  14. I was looking for the dictionary file that was used to gen up the rainbow tables with no luck. Anyone here have a link to a large dictionary/wordlist file? I am wanting to generate my own for a router with a ssid that was not included in the church of wifi files.
  • Create New...