Can i POST my PEntest log in this forum? i need some advice.

well, you should not consider US to anwer this question, you should consider the one who authorized you to do this. I don't think he would be happy to see his IP's, other infos and his vulnerabilities here.

Pentests are normally handled under Non-Disclosure Agreements....

http://smilies.zx6r.info/frage/7.gif When this should have been a legal pentest you should know this...http://smilies.zx6r.info/frage/7.gif

As long as it is sanitised I don't see why not...

hell... yeah. Why do i care. Go ahead.

WHAT? Why are you preforming a "legal" pentest anyway if you cant even understand the results and want us to examine it for you. I'm confused about what is your question or do you just want to post some poor persons info up here so we can see your a "hacker". The reason we set up test labs is so that this type of thing is not needed. For example note that most videos of penntesting that are made use the 192.168.... or whatever internal address because they are testing there own network.

WHAT? Why are you preforming a "legal" pentest anyway if you cant even understand the results and want us to examine it for you. I'm confused about what is your question or do you just want to post some poor persons info up here so we can see your a "hacker". The reason we set up test labs is so that this type of thing is not needed. For example note that most videos of penntesting that are made use the 192.168.... or whatever internal address because they are testing there own network.

I make it a point of conducting all my pentests against 12.110.110.204.

I make it a point of conducting all my pentests against 12.110.110.204.

Like it :eek:

I make it a point of conducting all my pentests against 12.110.110.204.

LOL:D They are on my list of targets:DLMFAO

WHAT? Why are you preforming a "legal" pentest anyway if you cant even understand the results and want us to examine it for you. I'm confused about what is your question or do you just want to post some poor persons info up here so we can see your a "hacker". The reason we set up test labs is so that this type of thing is not needed. For example note that most videos of penntesting that are made use the 192.168.... or whatever internal address because they are testing there own network.

its a free penetration test for the office i work in. i wasnt obviously about to post any personal data or ip etc etc
its the first pentest i performed and i just wanted to get some advices from more experienced people.

im not interested in showing "how much hacker i am", just wanted some help.

whatever, im not posting it anymore so we can hapily live like friends,

its a free penetration test for the office i work in. i wasnt obviously about to post any personal data or ip etc etc
its the first pentest i performed and i just wanted to get some advices from more experienced people.

im not interested in showing "how much hacker i am", just wanted some help.

whatever, im not posting it anymore so we can hapily live like friends,

Calm down. I just dont like helping people do questionable things. As you well know the internet is a big scary place and you never know who is wathching. Its not that I wont help I just like for people to try to start on their own and then when they have a specific problem maby I or some one else can help. If you have no f&#$king clue where to start just say so and I will give you a gentel but firm nudge in the right direction

You got me wrong. i performed a remote host analysis, then i tried a vulnerability test on ports
and services found by nmap i.e. port 2601 open zebra with all bt2 vulnerability identification tools.
the problem is that i dont know whats the next step.
well its obvious im still learning this kind of stuff, but i always been actracted by hacking.
i learn so fast, so any kind of advice or help would be apreciated.
regards
-LoX- ;)

ok now that's sort of a question. So first do you know what version of software is running on that port? probably not. thos is very important because of vendor patching. now then the next step is to google your ass of for a exploi for the version and port you've identified.I'm not going to do the grunt work for you but when you have found a exploit
post back at I can help you excecute it.

Or if you want to do it properly - map out the route from you to the host, pay careful attention to the hop before your target, or any hops that look to be on the same subnet.

Work backwards from your target until you find a host that looks to be the first on the subnet (on the same network). Examine this, use firewalk/netwox or similar (both available from the CLI) Try and learn if it is a firewall or not, if it is try and probe it to see what it is letting through, if possible try and determine what make it is, if you can get this info have a look at the spec's of it and see if it incorporates and IDS of any kind (the make, model and configuration of a firewall will tell you a lot about the IT strength of the company and their network abilities).

If there is more than one hop that looks to be on the same network examine these in turn starting from whatever is closest to you, only a layer 3 device will show up as a hop so this should give you some idea of what type of equipment could/should be there. (although if it is your office you will probably know what is there and can think of a way around any 'obstacles that may be presented to you)

It may well be the compromise of one of the border hops could lead to a more successful compromise of the internal set-up or at least make for a better staging area than just directing all your efforts at one host and a single service, . If you are testing it for your employer, fixing one 'hole' and leaving other un-patched will not go in your favour if something untoward were to happen somewhere down the line.

Slowly move your way towards the last hop in the network and then take it from there once you have the big picture of what is there, how it is configured and what services are in use.

It may be that there are no hops before your target, but it is very rare to find something sitting on the Internet with nothing in front of it, even a transparent firewall...so presume there is something there until you can be 100% sure there isn't. (read as: you will leave logs and/or alert someone)

This will make for a lot more detailed and useful report to your boss than just metasploiting a single service you found and leaving a massive trail of log entries and IDS alerts behind you......I take it you have also started off by digging, whois'ing, DNS transfer etc?

Or you can blunder in, Nmap and metasploit guns blazing and hope for the best... as someone has suggested


*Note, I'm telling you the usual steps to take for a common environment, not the actual techniques*

You got me wrong...................................
well its obvious im still learning this kind of stuff, but i always been actracted by hacking.
i learn so fast, so any kind of advice or help would be apreciated.
regards
-LoX- ;)


You guys buying into this bullshit??? :confused:

C'mon...its painfully odvious by all of his post that this isn't his machine he's testing on! I would suggest no futher help untill he can prove otherwise...just to cover your own asses.

You guys buying into this bullshit??? :confused:

C'mon...its painfully odvious by all of his post that this isn't his machine he's testing on! I would suggest no futher help untill he can prove otherwise...just to cover your own asses.

First: ive neer said it was MY OWN machine i was testing. its my office's intranet.
in secundis: whats that red bold quote thing?
whats the problem in being a newbie looking for help? nobody is born skilled dude.
and how in the earth should i prove myself? and prove what?

It's up to him what he does with any knowledge's he gains. Usually the folks who hide behind the 'It's not ethical so I'm not going to tell you' banner are the ones who don't have the knowledge in the first place but like to give the appearance that they do... IMHO.

I assure you I can back up my information and excuse me for wanting the kid to learn on his own. anyway that comment you made sounds like something I read in a book......

so sorry lox harry messed up my helpfulness by trying to insult me and xploiz(my good friend). you better pm harry and see where you get with him since he is all knowing and has no ethics about penetration

First: ive neer said it was MY OWN machine i was testing. its my office's intranet.
in secundis: whats that red bold quote thing?
whats the problem in being a newbie looking for help? nobody is born skilled dude.
and how in the earth should i prove myself? and prove what?

your own machine..someone else's "with permission" its all the same. Sorry for not being accurate. :rolleyes: The red bold quote thing was just me pointing out you said "Don't get me wrong..and then you following it up with you are attracted to hacking...is not the best of words you could have chosen to use. (Makes you sound VERY SUSPICIOUS)
BTW>>Nothing is wrong with a no0bie wanting help. But there is a problem with a no0bie not wanting to help himself by NOT USING THE FORUM SEARCH BUTTON!!


Usually the folks who hide behind the 'It's not ethical so I'm not going to tell you' banner are the ones who don't have the knowledge in the first place but like to give the appearance that they do... IMHO.

Thats true..but if you look at my post and purehates from other threads with similar questions in them..we answered them. We have nothing to prove to you or anybody else. I do know what I'm talking about , and I assure you purehate does as well ....and his question has been asked ( Whats next after WEP, Nmap, Nessus..etc) and this SAME Question has been answered SEVERAL times before. I hide from nothing and no one.
BTW harry...People who start a thread with PENTEST AUTHORIZED!! Are usually lying as well ;) Why else would they be going out of their way to try to prove that they have permission?? None I can think of. Its a gut feeling you get. And most of the time its right.

@LoX>>>>>>>>

And Nessus and Metasploit ..(host possibly)is ONCE again the answer to this question..and to the other people who have asked similar questions.


I just don't believe in him having permission..and I'm not willing to risk my freedom by helping someone commit a felony. This forum has been under investigation before concerning Starbucks MIM attacks..and it drew a lot of heat here.

If you do have permission..my apologies.

I assure you I can back up my information and excuse me for wanting the kid to learn on his own. anyway that comment you made sounds like something I read in a book.......

Pretty much that's what I consider a second level Social Engineering ploy. "You don't know what you're talking about, blah blah blah" the attempt is made to play against the ego of the other person and that person will then tell what they know just to prove that they know it.

Yawn...

Pretty much that's what I consider a second level Social Engineering ploy. "You don't know what you're talking about, blah blah blah" the attempt is made to play against the ego of the other person and that person will then tell what they know just to prove that they know it.

Yawn...


Shit..just like I just did. Damn it!:mad: I'm a sucker! :p

Shit..just like I just did. Damn it!:mad: I'm a sucker! :p

Live and learn...

your right streaker that was a lame ass atempt and social engineering. Any way I see this in the same theory as pipes and head shop. I can own a pipe stor and I can sell pipes, clean toxin stuff, even digital scales because they all have legit uses (i.e. Pentesting tools). If you buy them and don't tell me what your using them for than I have no responsibility because the law says I can selll them in good faith. but I you come in and say "he bro I need a pipe to smoke meth and some scales to weigh some dope on" then you have admitted you are using the items for illegal activities and now I can no longer sell to you.

........ but I you come in and say "he bro I need a pipe to smoke meth and some scales to weigh some dope on" then you have admitted you are using the items for illegal activities and now I can no longer sell to you.

Good point! Just like I smoke freaking roll up cigarettes for 1-2 bucks a pack -VS- a pack of Marlboro@ 6 bucks a pack, because I can't justify spending 6 bucks on a pack of smokes, but anyways...I have to buy cigarette papers all the time for my tobacco. And even though I'm not using them to smoke weed, like most papers are sold for(Zig-Zag, Joker..etc,) I still catch flack from cops. You know how many times I've been pulled over for "imitating illegal drug activity?" 2 MANY!!! :p And just like the cops stop and harass me over freaking papers...its necessary here that I / we "pull you over" and question you on this forum. So go ahead and call me an idiot..or say that I don't know what I'm talking about..cause in truth I really don't give a rats ass what your opinion of me is or what you think of me or anyone else here. I'M DOING MY JOB just like that cop is doing his job. You don't have to like it, cause neither do I. But its just the way it is around here. Play ball, or get laced up. Its your choice.

Good point! Just like I smoke freaking roll up cigarettes for 1-2 bucks a pack -VS- a pack of Marlboro@ 6 bucks a pack, because I can't justify spending 6 bucks on a pack of smokes, but anyways...I have to buy cigarette papers all the time for my tobacco. And even though I'm not using them to smoke weed, like most papers are sold for(Zig-Zag, Joker..etc,) I still catch flack from cops. You know how many times I've been pulled over for "imitating illegal drug activity?" 2 MANY!!! :p

You got it good.. Its been like 6 years since a pack of cigs cost that little, its more like about 10 bucks here :eek: I buy my papers by the box of 100 online now to cut costs a little more, which saves about 1/3rd.
Luckily the cops here don't have quite the same powers, either that or they don't abuse them to the same extent. I don't know of anyone who has been stopped for "imitating illegal drug activity?" but then again the drug problem is not quite "yet" at the same level as you have.

As for -Lox- I think you are well and truly BUSTED.

YI don't know of anyone who has been stopped for "imitating illegal drug activity?" but then again the drug problem is not quite "yet" at the same level as you have.

As for -Lox- I think you are well and truly BUSTED.

Well, they pull you over and call the reason "Probable Cause". (Gives them the right to search and harass you) I was just trying to think of a laymen phrase that most people would know of and could relate to by saying imitating illegal drug activity...cause to me thats what it is..

Well, they pull you over and call the reason "Probable Cause". (Gives them the right to search and harass you) I was just trying to think of a laymen phrase that most people would know of and could relate to by saying imitating illegal drug activity...cause to me thats what it is..

I understood that,;) was just keeping the same terminology so as not to confuse things.

Y'all have valid answers and I fully agree with them, but the way I read that was he wanted to post what he had done, and then get opinions on what he could look into further, what was a waste, what was wrong etc.

I'll have to reread the OP, but I don't remember a "How do I" question.
Shouldda let him post what he wanted, wore case it becomes "Idiot Corner" morning laugh, and a waste of his time.

Now Settle down, I'm just thinking y'all jumped the gun by 1 or 2 posts, and you could be totally right, or totally wrong.

Oh on the drug side.. Selling drywall, gypsum board, as crack is still illegal.

Good evening

Y'all have valid answers and I fully agree with them, but the way I read that was he wanted to post what he had done, and then get opinions on what he could look into further, what was a waste, what was wrong etc.

I'll have to reread the OP, but I don't remember a "How do I" question.
Shouldda let him post what he wanted, wore case it becomes "Idiot Corner" morning laugh, and a waste of his time.

Now Settle down, I'm just thinking y'all jumped the gun by 1 or 2 posts, and you could be totally right, or totally wrong.

Oh on the drug side.. Selling drywall, gypsum board, as crack is still illegal.

Good evening

Thanks for your opinion patton. in all actuality I was trying to help the kid when this "harry" charecter jumped in and pretty much said we were all posers and had no idea how to pentest and then he went on to tell that kid what to do but I swear it sounded like he copied it right out of a book. Any way I just got pissed and had a tantrum. I offered to help him when he had a specific question or had found a exploit. He may be pulling our legs but he asked what to do when he found a vunerability with nessus and I said search for a exploit. Then "harry" goes on this long trip about a complicated mapping of a network and all kinds of other fancy stuff he heard somwhere else. All Im saying is that if he wants to listen to him go right ahead makes me no difference

No Idea where Harry came from either... Beside from his mommy... And I did notice there was help offered, just ennough to get him going.. in his test, or to his jailhouse wedding. ;)

I just find there's certain people that fly off the holier than thou attitudes... Oh well, probably said to much and I'll get lashed.

bye bye

Yea..we don't know Paton...thats the problem. Maybe I did jump the gun a little...who knows...oh well..either way one of the 2 following statements is true in his case.

1. He embarrassed himself enough that he just learned he needs to help himself a lot more before posting "idiot corner" material.

or 2 ...

He just found out that we don't tolerate criminal mischief here at all..

So either way, its all good.

BTW...And here in Dallas Texas..apparently its legal to sell sheet rock as crack cause we released a shit load of dealers who got off scott free cause it wasn't real crack. Don't ask why...they just let em' go.

Talk about an off-track thread... ;)

Talk about an off-track thread... ;)

Did kinda lose it way somehow :rolleyes:

Talk about an off-track thread... ;)

Maby we should have a off topic area like a lot of forums do so we can poke fun at politicions,rules,fat girls and each other.

We had an Off Topic forum up to a few months back. It was just a spam magnet.

more than a offtopic zone i still think we need a development zone.....
where we can discuss and help each others with coding software or even help in bt dev (why not)....

We had an Off Topic forum up to a few months back. It was just a spam magnet.

I figured it had been tried and something happened. Thanks:D for responding though