digininja

I've never had to do it but I'd assume you could probably work it out by sniffing authentication traffic. Each of the main types should have distinct fingerprints, for example looking for anonymous usernames Vs real usernames in the visible traffic. I'd also look at their network and base a guess on that, eg if they are a committed Microsoft shop then it is probably PEAP and CHAP.

This is why I was asking about using the command line to check that the credentials supplied were able to be used to connect to the database.

I've got no idea what is broken either. The hints I'm giving you are how I would debug it. Make sure the database user is in place, check the creds are as expected, watch logs to see connection failures, get each individual bit working on its own then in combination.

Try the postgresql client, not the metasploit console.

A perfect first learning opportunity then. Find out how to connect to postgresql from the command line and check the user exists and is working, if not, create a new one and see what happens. Testing is all about learning, don't turn down this chance for some for free.

It's all changed since I last used it but from those errors it looks like you haven't created the msf user in postgresql or when you did you set a different password to what it is expecting. I've no idea how to set it, Google should tell you though.

You've provided a blob of hex, say that it is something to do with a password backup and nothing else. Think about what we might need to be able to help you with the problem, for example, something fairly obvious would be what software package the file is from. At the moment, the best I could say is that is a very strong complex password that I wouldn't like to try to type into any application that I use.

keep going...

And....

Do you have any context to this? Is this school homework, a CTF or some file you found lying around?

It all depends on the implementation. If done correctly then it shouldn't be, if done badly then it might be.

It's fun. Just remember though, that for all the time on screen, there is usually at least twice the time in the office planning, having meetings, writing specs and doing reports.

ye, I'd agree with that

I've no balls, that is why I stay away from random onion sites.

you were stuck on level 4, then 2, now 5. Keep persevering, you seem to be working your way through it on your own.

Yes you can know them. Access a few Debian boxes and checkout the file contents, you should then be able to make a fairly good prediction of the contents of the file.

If you can fingerprint the distro to one of the Debian varients, check /etc/debian_version or something like that, there are only a small number of possible values for that file. /etc/shells is probably also fairly fixed.

Go on, send me a PM and I'll have a look.

Best idea, get someone in who knows what they are doing. If you are having to ask on a forum about how to conduct a pen test, especially one that has anything to do with ebanking, then you really shouldn't be doing it. I know this sounds harsh and everyone has to learn, but this is not the environment to learn in, you mess up here and you could leave the company open to attack despite your report saying they are secure. I'd find someone who knows what they are doing, get them to do the job, and shadow them to learn from them. Do this a few times and then start to take a more active role with the second person watching what you are doing. It will take a while but you'll get to the point where you can do a test that will give the client what they actually need.

It is one of the reasons I recommend people have a go at dropping Windows and going native with Linux for at least a few months. If you can get used to using it on a daily basis then it makes your life a lot easier in the long run. And before people shout about Windows or OSX being a better desktop experience, I'm not saying switch permanently, just long enough to get comfortable with it and then make your mind up if you want to go back.

Please don't hijack other people's threads start your own.

So what you mean is you have seen problems with running Linux in a virtual machine with Windows as the host?

Sorry, I don't connect to random onion sites.

just enter the link and click the button, it is easy

Was just a basic CCNA, can't remember if it was anything specific.