digininja

They deliberately left out a part that said the students couldn't attack your network to make the job of a pen tester easier. Your first message sounded suspicious, this is now incompetent and suspicious.

If you are allowed to screen capture then use a key logger

Confiscate the ducky and read the script.

Forgive the scepticism but this is a variant of the "how do I hack my wife's Facebook account?". We have no idea who you are, whether you have permission to do what you are doing or anything else. My generic suggestions would be to check the logs, check the config for anything that appears to be more open than it's supposed to be and try asking the student, he may be happy to boast about how he did it in return for a less harsh penalty.

If you have access to the server code then analyse it to see whats happening and you should get some idea of where the vulnerability is.

Blind injection is where you don't get errors or other visible differences from your injection. There isn't a specific set of commands that should or shouldn't work.

It isn't the glamorous, fast track into security that some people want, but I think the best way is to get a good solid grounding in all the associated skills first. Get to know Linux and Windows well, not just using them, but everything about them. Installing and maintaining services, building networks, routing, bouncing packets around, remote protocols such as ssh and smb. Understand how Windows privileges work across domains so you can take a user on one machine and user their privileges across multiple machines. If you want to look at web apps, learn some programming, install web apps in many languages and frameworks, PHP, .NET, Jango, Rails, get the different databases working, troubleshoot all the problems you have. Once you've done all that, making the transition across to security is a lot easier as a lot of it is suddenly obvious, for example Windows privilege escalation is easy if you understand user permissions and how to use them across the network. As I say, it isn't the quick and shiny way in but it is the best and will make you a much better tester and if you try to learn "hacking" or "pen testing" which are both just different ways to say using the system and understanding it well.

I've not tried it but you could probably use msfvenom to build a binary using multi handler and the payload and then run that on the machine you want to listen on. You would need a full Metasploit install to create the binary but it wouldn't need to be on the listening machine.

You could buy a cheap router that will take openwrt. Plug the wan side into your existing router and run WiFi and wired off openwrt instead. You'd then have a Linux box you could ssh to and use tools like tcpdump to watch traffic as you would be in the middle of everything.

Question one: I can put whatever IP I want in a device, it doesn't have to use DHCP. An IP of 172.16.40.48 with a netmask of 255.0.0.0 and default gateway of 172.27.0.254 may work fine on your network depending on the set up. Question two: you plugged into a switch, not a hub. You being in promiscuous mode means you see everything you are sent but the switch will only send you traffic meant for you which means your IP and broadcast traffic. What you are expecting is what you'd get off a hub or a span port.

It's not your router that is modifying the traffic, it will be something up stream from that so you can't get round it by putting in your own router. It's to stop spam, torrenting and also to try to stop people using home contacts for business use. Ear Trumpet is on my site digi.ninja, Google and you'll find it. It should work but may need some tweaks. For permissions, you should have permission by the company you are scanning but it is also sometimes worth checking with the ISP but maybe not for something this small.

If both were from outside the network then it is probably your home ISP dropping things. My ISP drops all port 25 traffic to stop home machines being used to send spam. I've worked with another one who always returned closed for port 139. If you want to find out for sure exactly what is going on you need a box that replies on all ports that you can scan. That will show you what's being blocked or modified. I wrote a tool called Ear Trumpet years ago that would listen on all ports but it hasn't been updated since. Mubix also released one but I can't remember the name, his is probably better. And add as digip says, make sure you have permission to scan.

Nikto and Skipfish are not part of the OSINT or passive section, both are very active tools. Haven't used Skipfish for years as it used to be able to DoS most sites unless you were very careful using it. Burpsuite maybe but only if you are using it to purely look at traffic when viewing the site and not sending any additional attacks from it. The other tools are all relevant, they tend to flow into each other, for example if Harvester finds a new domain then you pass that through dnsrecon, you could then Google hack and find other things that flow back into Harvester.

Locking this before anyone flames the poor guy. If you look at the Hak5 Youtube channel they have a section of videos on the Pineapple, those and the web site should tell you everything you need to know.

Get involved in open source projects and become active in mailing lists and forums. If you can get to conferences then do. Write blog posts about what you are learning. Use all that to build yourself a reputation and get to know people. Once you have that built up then when you are ready to try to find a job you have a network of people to ask a a portfolio to point interviewers at.

Curious why bother when you can just use an SMS service that lets you set the sender.

The reason your server (192.168.1.1) won't execute it is because it doesn't know to pass .txt through the php engine, assign that extension and it will. It will break your RFI example though as you will server out just the word test rather than the full source.

As digip says, this would be considered illegal activities and so is now allowed on this forum, please don't post questions like this again.

That is correct as you can't pass POST parameters in a URL. You could try swapping the method from POST to GET to see if the page accepts both, some do.

Not sure what you mean. To exploit POST based XSS it is easiest if you can get them to come to your site where you trigger the XSS from.

Use an auto submitting form in a hidden iframe on a site you host. Something like this: <form method="post" action="vulnerable site"> <input stuff> </form> <script> document.form[0].submit </script>

Did you read this line?

So you don't think he has run off, Bin4ry has reached his max on posts for today, sure he will be back soon to carry on the conversation.

As its is just a circuit board, no, not waterproof and probably doesn't float.

Gave the opportunity to show that this was for legitimate use but didn't get a response so assuming it is illegal use and locking the question.