Comments for security.crudtastic.com http://security.crudtastic.com Security Nerd Stuff Thu, 02 Sep 2010 23:28:41 +0000 hourly 1 http://wordpress.org/?v=3.0.1 Comment on Ash’s mental thoughts going into the OSCP exam by ash http://security.crudtastic.com/?p=213&cpage=1#comment-12480 ash Thu, 02 Sep 2010 23:28:41 +0000 http://security.crudtastic.com/?p=213#comment-12480 nah ... dont quit!! Go back to your book and read up on what you can do. it may not be a single exploit or technique, rather multiple exploits or techniques :) If you can do all the exercises in the manual and get the final machines at the end of the manual, you should be fine. If you cant do them, I would suggest getting more lab time, reading the forums, and asking for some help in the IRC channel. There's some awesome people about that will be more than happy to help you (they helped me greatly) Feel free to contact me if you need to bounce some ideas around. Think about trying to recreate what you scanned int he lab as virtual images so that you can sit at home and practice hacking them as well nah … dont quit!!

Go back to your book and read up on what you can do. it may not be a single exploit or technique, rather multiple exploits or techniques :)

If you can do all the exercises in the manual and get the final machines at the end of the manual, you should be fine. If you cant do them, I would suggest getting more lab time, reading the forums, and asking for some help in the IRC channel.

There’s some awesome people about that will be more than happy to help you (they helped me greatly)

Feel free to contact me if you need to bounce some ideas around.

Think about trying to recreate what you scanned int he lab as virtual images so that you can sit at home and practice hacking them as well

]]> Comment on Ash’s mental thoughts going into the OSCP exam by Yaggi http://security.crudtastic.com/?p=213&cpage=1#comment-12410 Yaggi Thu, 02 Sep 2010 08:50:41 +0000 http://security.crudtastic.com/?p=213#comment-12410 Hi ash, Maybe I forgot the timing option, instead, I used unicornscan and netcat scan.. When I get the information like banner, software version, open ports, OS, I feel like stuck since I can't use more on vuln scanner and metasploit. I was completely stuck and i was not able to gain the confidence again.. I feel sorry that with this information at hand I can't hack a machine. Although I can go to exploit-db, still the process for me is confusing... I pity myself. I really wanted to know how the 4 machines was hack.. Im not sure to take the exam again coz until now I can't believe I failed. Hi ash,

Maybe I forgot the timing option, instead, I used unicornscan and netcat scan.. When I get the information like banner, software version, open ports, OS, I feel like stuck since I can’t use more on vuln scanner and metasploit. I was completely stuck and i was not able to gain the confidence again.. I feel sorry that with this information at hand I can’t hack a machine. Although I can go to exploit-db, still the process for me is confusing… I pity myself.

I really wanted to know how the 4 machines was hack.. Im not sure to take the exam again coz until now I can’t believe I failed.

]]> Comment on Ash’s mental thoughts going into the OSCP exam by ash http://security.crudtastic.com/?p=213&cpage=1#comment-12353 ash Wed, 01 Sep 2010 19:30:43 +0000 http://security.crudtastic.com/?p=213#comment-12353 Dont get discouraged :) You can definitely nmap the machines .. check the timing (-T) Your first machine you have to write an exploit for .. just remember what happened in the class The others are the same as machines you should have done at the end of the book ... there is nothing new here. When I resat the exam I completed it in 3 hours :) Let me know if you need to talk about this more .. good luck .. you can do it!! Dont get discouraged :)

You can definitely nmap the machines .. check the timing (-T)

Your first machine you have to write an exploit for .. just remember what happened in the class

The others are the same as machines you should have done at the end of the book … there is nothing new here.

When I resat the exam I completed it in 3 hours :) Let me know if you need to talk about this more .. good luck .. you can do it!!

]]> Comment on Ash’s mental thoughts going into the OSCP exam by yaggi http://security.crudtastic.com/?p=213&cpage=1#comment-12335 yaggi Wed, 01 Sep 2010 16:22:08 +0000 http://security.crudtastic.com/?p=213#comment-12335 Im glad you passed. Me, I failed... I think because of the limitations being set like 1 metasploit and no vuln scan.. I belive we can exploit this but their are tools that are not working during the recon like NMAP... Everytime you do the NMAP it says host is not UP even you will use almost all the options (i.e, -PN) Also, regarding the 4 machines, the instruction is confusing, it says to gain the root access. I believe the way to get the root of the 4 machines is to get an exploit in the internet and run it against the machine right? Hope I can pass in the next round.. Hope you can share more information my friend.. Its hard to ask help also..I guess your site give at least an encouraging hints Im glad you passed. Me, I failed… I think because of the limitations being set like 1 metasploit and no vuln scan.. I belive we can exploit this but their are tools that are not working during the recon like NMAP… Everytime you do the NMAP it says host is not UP even you will use almost all the options (i.e, -PN)

Also, regarding the 4 machines, the instruction is confusing, it says to gain the root access. I believe the way to get the root of the 4 machines is to get an exploit in the internet and run it against the machine right?

Hope I can pass in the next round..

Hope you can share more information my friend.. Its hard to ask help also..I guess your site give at least an encouraging hints

]]> Comment on Android – Exchange – Failed to create account by Tone http://security.crudtastic.com/?p=249&cpage=1#comment-11721 Tone Sat, 28 Aug 2010 04:54:42 +0000 http://security.crudtastic.com/?p=249#comment-11721 Thanks...you rock! Thanks…you rock!

]]> Comment on Note To Self – JMP ESP Locations by matu http://security.crudtastic.com/?p=199&cpage=1#comment-11577 matu Thu, 26 Aug 2010 15:53:42 +0000 http://security.crudtastic.com/?p=199#comment-11577 Anyone has a working site to look for opcodes,It's kinda stupid having to install every windows OS in every language just to have this information available... Anyone has a working site to look for opcodes,It’s kinda stupid having to install every windows OS in every language just to have this information available…

]]> Comment on Ubuntu Pentest Edition by ash http://security.crudtastic.com/?p=278&cpage=1#comment-10984 ash Thu, 19 Aug 2010 00:01:03 +0000 http://security.crudtastic.com/?p=278#comment-10984 Haven't used it yet .. but Backtrack is only as up-to-date as you keep it :) BT4 is pretty good .. its my choice of weapon for sure hahaha. Mines pretty customised now of course though :) Haven’t used it yet .. but Backtrack is only as up-to-date as you keep it :) BT4 is pretty good .. its my choice of weapon for sure hahaha. Mines pretty customised now of course though :)

]]> Comment on Ubuntu Pentest Edition by Kieran Jacobsen http://security.crudtastic.com/?p=278&cpage=1#comment-10920 Kieran Jacobsen Wed, 18 Aug 2010 04:47:53 +0000 http://security.crudtastic.com/?p=278#comment-10920 I must admit the idea of using something that is a little friendlier and alittle more up-to-date than the old trust backtrack, sounds interesting. Have you had a chance to try it yet? I must admit the idea of using something that is a little friendlier and alittle more up-to-date than the old trust backtrack, sounds interesting.

Have you had a chance to try it yet?

]]> Comment on Android – Exchange – Failed to create account by Kieran Jacobsen http://security.crudtastic.com/?p=249&cpage=1#comment-10841 Kieran Jacobsen Tue, 17 Aug 2010 05:19:19 +0000 http://security.crudtastic.com/?p=249#comment-10841 I saw similar things a few months ago when working with a BES server and permissions for the service account not being applied. Perhaps you should be using a admin account and std user account? :-) I saw similar things a few months ago when working with a BES server and permissions for the service account not being applied.

Perhaps you should be using a admin account and std user account? :-)

]]> Comment on Android – Exchange – Failed to create account by Mike Russo http://security.crudtastic.com/?p=249&cpage=1#comment-9709 Mike Russo Tue, 03 Aug 2010 15:58:26 +0000 http://security.crudtastic.com/?p=249#comment-9709 THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU!!!!!!! THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU

THANK

YOU!!!!!!!

]]>