hexophrenic

That is the command you would run at a terminal on your ubuntu box (via SSH, console, whatever). sudo apt-cache search rdp | grep server sudo means run as root basically. apt-cache search rdp means search the available software repositories for entries that contain rdp (remote desktop protocol [ms term serv, vnc, etc.]). | means take that output and run it through the command that follows. grep server searches through the results containing rdp and outputs only those that contain server (and rdp) That will get a list of software you can look at and determine which one will best suit your needs.

No.

joeypesci - DPI in this case can allow an "authorized" MItM to inspect some encrypted elements. What happens, the DPI piece acts as a proxy between you and a far end SSL site. It exchanges certs with the far end site, then exchanges a different set of certs with the client, which are trusted. Therefore it splits the SSL stream into 2 distinct sessions, one between server and DPI and one between DPI and client. Decrypts server stream, inspects, then encrypts to client.

That appears to be an Aruba/Alcatel AP125. http://www.arubanetworks.com/product/aruba-ap-124-ap-125-access-points/

I tried to download just the .torrents and their servers are being hammered such that I was having difficulty even getting the torrent files. Will wait a bit. Looking more forware to BT5. Regarding the PSN hack, what exactly is there to talk about? Sony has not been very forthcoming with details.

Sure enough, sorry for the oversight/brainfart...indeed a 255.255.252.0 would not overlap the subnets. Some consumer equipment is still not able to subnet anything but a /24 as well, so that may be problematic. Without firewalling, the question to ask is why subnet anyway?

Check here: http://www.offensive-security.com/metasploit-unleashed/Antivirus_Bypass msfencode -h will show you the help contents for it

Trying to duplicate: cd /pentest/exploits/SET ./set 4. Create payload and listener 2. Reverse meterpreter 16. Backdoor port 31337 From console: [-] Backdooring a legit executable to bypass Anti-Virus. Wait a few seconds... [-] Backdoor completed successfully. Payload is now hidden within a legit executable. [*] UPX Encoding is set to ON, attempting to pack the executable with UPX encoding. [*] Packing the executable with UPX, one moment. [*] Your payload is now in the root directory of SET as msf.exe. [*] Packing the executable with UPX, one moment. [*] The payload can be found in the SET home directory. That seems pretty clear where you should find it. I did not start the listener since it is a test. After exiting SET I ls and see msf.exe listed in /pentest/exploits/SET. Do you see all of this as well or are you doing something different? Just trying to understand what you are seeing.

The flaw in your plan is that your wireless AP may not be able to route if it is just an AP. The easiest way is the change the subnet mask of all devices to 255.255.254.0 which would require no routing. Are you firewalling the phone/PC from the rest of the network? Does the wireless AP have a .1 address on it, which implies it is routing? If the WAP does route, just add a route to each of your devices (the proper way) to route 192.168.2.0/24 to 192.168.1.ip of wap. The easy way to add a route, which will generate a lot of ICMP redirects and is non-compliant RFC wise would be to add a route to your wireless modem pointing 192.168.2.0/24 to 192.168.1.ip of wap.

src is where the exe "template" file is located. when is the last time you updated SET? what version are you using? in the SET directory, do an svn up (this is all assuming you are using BT4, which after reading back through the thread may not be a valid assumption).

You could try to re-run the exe through msfencode through some other encoder. Nesting the encoding several times can help improve its ability to evade anti-malware. Shikata ga nai was the best for quite some time, maybe taking a backdoor executable and running it through 10-15 iterations of shikata may help. Obviously everything you do to encode will slow the execution of said program, but with smallish exes and fast hardware, it will likely not be noticeable. Backdoor typically does a pretty good job by itself, though. Some of the issues I have run into is with heuristics or behavioral based evaluation (ie sandboxing, etc.) in AV products do a really good job of catching bad stuff. However, most in-the-wild installs will not have this protection enabled because it can slow everything on the machine to a crawl. Have you uploaded your sample to any of the online virus scanning sites yet?

SET usually puts it in the SET home directory for current versions (/pentest/exploits/SET/filename).

This is another engine, often preferred by exploit writers: http://vscan.novirusthanks.org/ The reason is the do not distribute sample checkbox...VirusTotal submits the samples for av vendors to better their signatures...for testing stuff, IMHO, there is no reason to provide av vendors with your own samples. Of course virustotal offers scanning based on hashes, which is very handy for large executables/isos/whatever.

Nagios, ntop, Cacti.

Shameless plug, I have a Harris buttset I would be willing to part with...

Tomahawk (http://tomahawk.sourceforge.net/) should get you started.

dumeter (is not free but may have a trial) and bwmeter are 2 I have used in the past for monitoring bandwidth. Have you used wireshark or the like to see what your re-transmissions look like?

Open up said appliication in a hex editor and look through the ASCII representation as Sparda stated. It is a slow process, but sometimes you see them scattered about.

anonymous proxies (paid or free), VPS providers (preferably with an anonymous proxy [and reverse proxy] option, and hosting companies (VPS, colo, or otherwise) for external penetration testing? My current gig is less hands-on and more strategy so I am thinking about going back to consulting on the side. Let me know what you guys have seen, read, whatever. Obviously I have hit google, but was hoping for more anecdotal information rather than market-speak. Ideally points of presence outside the US may also be useful.

NAT also allows the host to be reachable from any of the guests, as does the default host-only network. What bridged does is bring everything else connected to the LAN that the host is connected to into the picture. When you use NAT, unless you specifically want otherwise, make sure the NAT interface is set to public rather than private (or whatever your firewall software calls it) to protect your host from yourself^H^H^H^H guests.

All due respect, he uses VMWare Workstation, not VirtualBox. "Internal network" has no meaning in VMWare, thus your explanation would not be too meaningful to someone who is asking this question. I was simply trying to offer a more clear idea of how to accomplish this in VMWare.

Like digip said, Konboot would be best as it does not really change anything itself (but does allow changes to occur), it just wedges itself in during the boot sequence and allows logging in as anyone without a password. Add a user, reboot. Maybe I am not sure what you are trying to accomplish I guess. If you get physical access, the game is over anyway, which I know you know.

If you want it truly isolated, choose a custom vm network (vmnet2) that does not have a host interface. That way each of the VMs can talk to each other, but none of them can talk to anything that is not using that custom vm network (including the host). Host-only networking OOTB still allows the host to communicate with the vm network. You can always change a host to NAT, hit the internet for updates, then change back to custom when you are done.

I have two Asus boards (p5k and p5q) that do this as well. I am wondering if it is a BIOS issue or chipset issue/feature that is causing this. It does not cause me any problems at all, just kind of strange. Seems like a plausible explanation, though, and it does only appear after switching off power completely as mentioned.

It just now worked for me. Try it again guys.