Infiltrator

Exploitable yehh, what apache version are you using? and what exploit and payload did you use? Sorry for asking, I want to try on my computer lab. By the way, did you have Apache running on a normal PC or VM?

http://www.computerworld.com/ http://www.networkworkld.com http://www.pcworld.com http://www.itworld.com http://www.itsecurity.com http://www.techspot.com/ http://www.how-to-geek.com/ http://www.hak5.org http://www.securitytube.net/ http://www.irongeek.com/ http://hakin9.org/ http://maximunpc.com http://tomshardware.com http://www.smallnetbuilder.com http://www.lifehacker.com

Was it to rather difficult for you to understand or what? Its OK don't feel shy you can say! I guess it was my mistake in the first place. I am sorry, I will try to do my best next time.

I use Avast at home and never had any issues with, its very effective at blocking and detecting malwares. ESET NOD32, haven't really used it, but have heard some really good feedback about it. Where I work my employer, uses Forefront to protect all their PCs, I personally don't like it but it seems to do its job decently. Edit: Not as effective as Kaspersky.

So if I was to set up an Apache web server to host some web sites, I would set up some virtual hosts in the config file, is that correct. Edit: Did a bit of reading on that, so I now understand what you are talking about.

So you are really own a sub-domain instead of a domain is that correct? For instance, google.com/mydomain instead of mydomain.com

Each ip address can only point to a single and individual website or domain name. You can't point the same IP address to more than one websites at the same time. You can have multiple ip addresses pointing to a single website or domain and that's the purpose of dns load balancing. But going back to your question, when I did a nslookup on Cnn.com, it returned with an ip address, along with more than 5 ip addresses. When I did a test ping, it returned with an ip address that, did not match to any of the ip address in the nslookup results. I am guessing there must be a bad configuration somewhere. Since yahoo.com only returned me 1 ip address, instead of multiple.

Mac filtering won't be very effective, as it could be easily altered or faked. So any one could pose as that legitimate machine and attack the system. Limiting the number of connections and ensuring the system is fully harden by a high-end firewall is one way of securing the system. The system shouldn't be entirely relying on a single sign on interface, there should be other means for authenticating, that way if an attacker manages to crack the first sign on interface, he could be presented with a more sophisticated or hard to break authentication system.

Moral of the story, it will be useless for you to try to trace back the ip address. Its gonna be a waste of time and resources. I am sorry to say this, but that's how it works.

I haven't used ATMs for a very long time. I have a tendency of always using my banking cards, for purchasing goods, I know my bank may charge me transaction fees but its a lot safer that way. If I need cash, I could always go to bank and ask the teller I would like to redraw some money, or go to the supermarket buy something and then tell the check out operator that I would like to take some cash out.

Since the hijacker used a proxy server to conceal his ip address, it could become very difficult to trace back to the original ip address. 1. You will need to know the real proxy server ip address is. 2. You will also need to know the geographical location of the ip address. 4. You will need to know who is the owner of the ip address (eq, Internet Service Provider) 3. I don't want to discourage you, but I hardly doubt the proxy administrator will be willing to contribute, unless you take the matter to a legal court. 4. There is also the question, of whether the proxy server keeps a log of all the original IP addresses. In some cases, it does and in other cases it doesn't All I can recommend is to, change the password to a more complex password, and do not use easy to guess security questions. If willing to change over email provider, use gmail.

It can be installed, but I have to say that the speeds will be the limiting factor. Why don't you go with a laptop's hard drive, it will be smaller and will generate less heat.

Kevin Mitnick ruled back in the old days.

It makes perfect sense, not to rush out and buy something new as soon as it comes out. An example The Apple Iphone 4.

I use vibestreamer to stream music files from my computer to over the internet. It supports the following audio formats .MP3 and WMA Since it works directly from a web interface, all you need is to point your web browser to the server ip address that, the vibe streamer is running on. That good thing about Vibe is that it requires no client side software to be installed. Just select the audio you want to hear and it will play for you. Edit: And by the way, it works on both platforms Windows and Linux.

That's a very good question and we know that most AVs and Firewalls will block these attacks and I have tried executing the attack with both the Firewall/Antivirus turned on and off and was still unable to pull the attack. I then read the tutorial on the http://www.offensive-security.com/metasploit-unleashed/, on how to encode the payload so it does not get detected by any AVs and was still unable to exploit my target machine. It could also mean, that because I am so security oriented and I am always patching things up, that my VM may possibly have all the latest updates. I don't know what do you say?

What's the battery run time on one of those?

Great topics and excellent post Thanks Mnemonic Here are some of the topics I found interesting, and will later be listening to them. Detecting and Defending Your Network from Malware Using Nepenthes Design of a Wireless EMG Bakeca.it DDoS – How Evil Forces Have Been Defeated Botnet Resistant Coding: Protecting Your Users from Script Kiddies Easy Hacks on Telephone Entry Systems Behind the Padlock: HTTPS Ubiquitous and Fragile

That's exactly what I did, I set the RHOST to the target IP and the LHOST to the attacker IP. And there still no luck. I am still getting the same error message "Exploit completed, but no session was created." What's funny is that, I tried it with different exploits and payloads and I do occasionally get the same error. Have you ever run into this problem before?

I'm pretty sure, I did set the LHOST to 192.168.1.10, but will try again in case I haven't. I also did a bit of researching and found out, that it could be that the vulnerability that I am trying to exploit may already be patched.

Hi Community, I've just started learning Metasploit and I am having some issues at the moment. I currently have 2 VMs, running Windows XP Pro SP2. My first VM is the target machine IP address: 192.168.1.11 and the attacker machine, IP address: 192.168.1.10 I can ping both machines and both can get onto the internet with no problems. I've downloaded the Metasploit Framework 3.4.1, installed it on the attacker machine and also updated the metasploit database. Here is what I am trying to do, I am using VNCinjector to view the target machine but I am receiving the following error: These are the commands I am typing: MSF > use windows/smb/ms08_067_netapi MSF > exploit(ms08_067_netapi) > set RHOST 192.168.1.10 MSF > exploit(ms08_067_netapi) > set PAYLOAD windows/vncinject/bind_tcp MSF > exploit(ms08_067_netapi) > exploit Started bind handler Attempting to trigger the vulnerability.... Exploit completed, but no session was created. Has anyone experienced this error before.

This is not a netbook but a laptop, it comes with enough juice to power a few VMs and a lot more. http://www.techbuy.com.au/p/138466/NOTEBOO...-FHD-SZ152X.asp

What Linux distribution are you using? I haven't used Virtualbox, so I can't commend on that, but you should definitely try VMware, it may work for what you are trying to do.

I've taught about not blowing up the world, but engineering a super smart computer worm to bring down the whole world computer system. Oh yes, now we are talking about blowing things up.

Couldn't I agree more with you, if I could I would give chrome a 10 stars