hexophrenic

The equipment is likely not as delicate as you might think. Garage, off the floor, should be fine in most cases.

Tell us how you really feel digip! :)

Metasploit is a great starting point for exploitation, but the strength is really in your ability to write custom modules and exploits for use. Monitoring exploitdb or bugtraq or the like to find vulnerabilities and then write custom exploits with defined payloads is where metasploit really shines for professionals. OOTB, yeah, many of the exploits are old.

Torrents worked better than I did yesterday. Got them downloaded in no time, but did not have time to play with them yet. Any issues anyone seen so far with the VM image?

Low(er) tech, but I just use K9 web protection on the machines in the house the kids use. I also use OpenDNS for botnet and malware protection, but nothing for categorization/filtering otherwise.

Ubiquiti SR71 is what I use if you can still get one of those.

Don't most garage door openers use rolling codes now such that you have to "register" your opener to the controller and it is not as simple as just duplicating dip switches? I am not educated on this, just kind of thinking out loud.

Or just run TAILS in VMs instead of installing TOR in each instance. It seems to work quite well. Just be aware that running in a VM is not the same as running off write-protected media on physical hardware, forensically speaking.

I use AxCrypt and it works pretty well. You can also use 7-zip (or a number of other compression apps) to use encryptions as well, depending on what your needs are.

Apache may be starting by default if using BackTrack. netstat -antpl | grep :80 should show you what you want to see. A service apache2 stop should do it.

I use an IOGEAR GKM561R (Newegg) on my HTPC. It seems fine for casual use, but I am not sure I would like the trackball on it for long term use.

Just ease into the trigger on it and measure under load slowly as well. A quick pull or heavy load may pop the fuse. I am not sure about combining the two 18v wall warts, but most will not operate at higher currents, but I would expect you to have difficulty finding an appropriate adapter. Under load I would see your drill could easily pull >10 amps.

You will need to use the fused lead and select mA (milli-amp) as the measurement. On a side note, it would probably be far more trouble/expense in doing all of this work (it is not a common power supply to convert 110v to 18v at sufficient amperage (6-10A at least under load) to make this a practical solution. Even a cheap corded drill is likely cheaper and possibly more effective than this solution.

One lead on battery v+, then other lead on wire that should connect to v+ on battery. You do have to be careful and select the current amperage rating or you can blow the fuse (unit if cheap) checking current. battery positive terminal ----wire--- probe (red) probe (black) ----wire---- drill positive terminal You need to make the current flow through the meter.

IIRC current must be read inline with a meter.

I would spend some time learning with them. It is useful to be able to use other payloads for av/ids evasion at times.

I think digip meant ms08-067 instead of 068.

Yeah, what he (Mr-Protocol) said. If there are not ports responding to network traffic, nmap cannot effectively fingerprint the OS. One of its fingerprinting methods relies on the response codes from certain packets to determine what OS it is as well as information about protocols, versions, etc.. But if it cannot get responses, it cannot guess the OS.

I have not tried to convert the VHDs to vmdks lately, but you might check here for Windows 7: http://usgcb.nist.gov/usgcb/microsoft/download_vhd.html Have used things like this in the past for some testing.

apt-get remove metasploit && apt-get install metasploit If that still does not fix it then apt-get remove metasploit --purge && apt-get install metasploit

They are fine and reputable. But like with any publisher, some works are better than others, so YMMV. Overall I have enjoyed the books to date.

It would depend. Did existing configuration get over-written? Some distros will prompt during an upgrade to keep existing or replace with new. It would depend on how the upgrade was performed. Always have good backups and run a diff on the configuration files after upgrade to see what changed. Just a part of change/configuration management (or bad luck in some cases :) ).

When you see incrementing BSSIDs/MACs like that, it is likely the software implementation of the SSIDs. Each BSSID will have a different MAC, and each is associated with a different SSID.

Don't know what else to tell you. I just fired up XP SP3 (I also know these work in SP2), ran the aurora exploit against it (ms10_002_aurora): meterpreter > getuid Server username: computer\user meterpreter > getsystem ...got system (via technique 4). meterpreter > getuid Server username: NT AUTHORITY\SYSTEM Then I tried your method, using the module getsystem.rb explicitly and same thing more or less. meterpreter > getuid Server username: computer\user meterpreter > run post/windows/escalate/getsystem [+] Obtained SYSTEM via technique 4 meterpreter > getuid Server username: NT AUTHORITY\SYSTEM Which exploit are you using? Which payload?

Why not just "use privs" then "getsystem" at the prompt? What happens then?