• Content count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About 2point0

  • Rank
    Will I break 10 posts?
  1. I am not sure if I missed what you were saying, but it needs to be played back locally rather than remotely (against the machine from another) which is why I am trying to rewrite the destination IPs.
  2. Hi Everyone, I currently need a way to play a 500 meg .cap file against another host (not the one from which it originated on). I am not terribly familiar with this process so please try and follow what may be a confusing description. I need to work on a custom snort rule set and eliminate some of the more common/frequent false positives or alerts that are of no concern. I have 2 servers at my disposal for doing so. One is high traffic and cannot have snort installed on it (we'll call it web1). The other is less traffic but can have snort installed on it (server2). What I am trying to do is capture traffic from web1 and rewrite the destination IP addresses so that they match the IPs on server2 so that I can copy it over to server2 and use BASE to help me monitor alerts. Once the traffic from web1 has been captured, I have moved it to server2 via scp. The first problem was discovering that I couldn't simply rewrite the IP addresses without screwing up the checksum. The command I am currently using to replay the traffic is: tcpreplay --fixcsum --dstipmap=x.x.x.x/29:y.y.y.y/29 --mbps=3.0 --intf1=eth0 snortcapture.cap (web1 = x, server2 = y) I am out of ideas as to how I can replay this traffic and have snort listen for it appropriately as it is not logging any alerts that may exist within the .cap file. I also added the appropriate IPs to HOME_NET in my snort.conf for server2. Thanks in advance for any suggestions!
  3. Ok, I fired up Metasploit and I can't find an effective exploit...
  4. I'm not really interested in just being a script kiddie with this one.
  5. Hi everyone, as the title implies recently a friend of mine set up a linux server. As I am currently going to school for network security (first year) and have a minor amount of previous pen testing experience, I jumped at the opportunity to check it out. By no means am I anything close to an expert hacker but I have been reading as much as I can and practicing as ethically as possible. I'm a bit stuck now, I feel that I have a lot of information about the system but I'm not quite sure how to apply it. Here's what I know: From NMap... I also know there there is currently no firewall set up. A nessus scan didn't turn up a ton of useful information, at least not that I could see. From Nessus I actually retract what I mentioned about useful information. There was a www.websitehere.org/test.php but after I mentioned that I found it my friend deleted it. I did however manage to save a copy and can view the information at any time so let's assume I have access to everything test.php would tell me. In addition to NMap and Nessus, I ran Nikto and gathered some random info, namely it was pointing out test.php. There were other directories that required authorization to view and from what I could tell, SWL injection was not an option for hacking /phpmyadmin. With these things in mind, how should I go about getting into this machine? I read up on as much as I could on the services listed on test.php such as: and as I said, pretty much anything test.php lists and ways to exploit them. Unfortunately, I've hit a wall. Despite all the reading I've done I was hoping someone would be kind enough to point me in the right direction as to how I should proceed from here. Any and all help is much appreciated. Thanks!
  6. First, I finally got it going and it's a lot more work than I expected, but I am enjoying the learning experience. I wanted to set it up so that on boot, I could see all the files on my NTFS partition however, I have 2 drives mounted, both view the exact same thing, how can I remove one? Second, when I try to change my desktop theme, it tells me I need the file format tar.gz but when I try to install a tar.gz theme, it tells me incorrect file format. Any ideas? EDIT: All fixed.
  7. Never run your gnome session as root, and that should be enough security for a noob. In fact... the main security problem with Windows is just that... people running with administrative privileges. I am about to run the install now actually, again, being noob, I will set up different accounts in the process, one of which will be root log in options, I will want to create another user, a main one that I will use for normal usage, is that correct?
  8. I'm getting ready to do my first linux install (Ubuntu) and I was curious about setting it up for security. I have been reading a lot about various IDS, firewalls, network traffic monitors, etc. but I am not sure what is needed and/necessary for good, simple and stable security aimed at a beginner. I am looking for something that will be simple but informative and not impossible for a beginner such as myself to set up. Any assistance would be greatly appreciated.
  9. Greetings, I am, as you can tell, new here. Since about the age of 14 or so I have been fascinated with computer security. Around ages 14-17 I studied cryptography (MD5, MD4, RSA, etc.) but only the basic ideas and principles, read up on Kevin Mitnick, read up on phreaking. I decided to go school for it since I have always found it interesting. The only problem is that I don't really know the proper application of what it is I am learning. I am sure that school will help, but I can't avoid my fascination with this and a desire to know more. I have also visited sites like hackthissite and mod-x and made it through some of the easy and moderately difficult situations given on the site, but I can't help but get over the fact that I don't 100% understand the information that I am applying. It's just too much trial and error, and I don't like feeling so...clumsy with the approach(es) taken. With the scenarios I understand the reason for doing it, but what is the system behind it? How can you figure out what approach to take? Lots of these things are unanswered with the things I have read leave me with pieces of information, facts that I am not truly gripping. I guess if I had to sum up this post, I would ask, is there a site that will TEACH me instead of having me fumbling around looking for the right answer or a great way to LEARN the things I read? Thanks in advance for your help and replies, I hope to become a very active part of this community and contribute beyond the extent of what it has already given me.