Who is the Whiz

Please make your first post here, and familiarize yourself with TAZ Forums by taking a moment and reading the stickies. Spank-you...errr....thank-you...and enjoy your stay!
airhead
Probie
Posts: 9
Joined: Fri Jul 21, 2006 12:56 am
Location: St. Lucia

Who is the Whiz

Post: # 33213Post airhead
Thu Aug 17, 2006 3:33 pm

Hi All,

I see you all ranting and raving about the Whiz. Could this Whiz help with my Pen testing and Vul Assessment of is he some other --dumbass-- on this forum.

Airhead.



User avatar
Shippwreck
I've posted HOW many
Posts: 4195
Joined: Mon Jan 09, 2006 5:38 pm
Location: Stevenage, UK
Contact:

Post: # 33215Post Shippwreck
Thu Aug 17, 2006 3:39 pm

He is a 14 Yr old english kid who hosted this forum originally. He is quite good at PHP but i doubt vulnerablility testing.

J_K9 was doing some of that, ask him :D
Image
Google is god... of the internet :mrgreen:

User avatar
Opus
I type, therefore I am
Posts: 935
Joined: Sun Mar 12, 2006 11:50 pm
Location: United States, Mississippi

Post: # 33216Post Opus
Thu Aug 17, 2006 3:42 pm

airhead

What sort of help are you looking for in your pen/vuln testing?
There are two rules for success in life:
Rule 1: Don't tell people everything you know.

User avatar
J_K9
THE Prancing Pirate
Posts: 8123
Joined: Fri Feb 24, 2006 10:47 pm
Contact:

Re: Who is the Whiz

Post: # 33236Post J_K9
Thu Aug 17, 2006 4:53 pm

airhead wrote:I see you all ranting and raving about the Whiz. Could this Whiz help with my Pen testing and Vul Assessment of is he some other --dumbass-- on this forum.
I'm sorry if we're not all as --clever-- as you, airhead :P

I was going to do some of it on a small office's network, but I've left my wifi card behind (in the UK).. Rats. Anyway, I might be able to help you with some stuff, but I am far from experienced - Opus, nokia, dino and quite a few others are the ones to ask ;)
"Don't gain the world and lose your soul, wisdom is better than silver or gold." - Bob Marley

[CS:Source Admin]

airhead
Probie
Posts: 9
Joined: Fri Jul 21, 2006 12:56 am
Location: St. Lucia

Pentration testing Proof of concept

Post: # 33237Post airhead
Thu Aug 17, 2006 5:00 pm

Opus,

Nice you of to inquire of my pen/vuln requirements.

Let me first give a bit of info about my --dumbass-- background. I am primarily a Windows user, although in my early days I used Sco Open Server Unix 5.0.5 quite a bit. I am now getting my hands and mind back into this environment through Linux. I recently completed my CEH (hehe) and I'm now getting my hands wet at being proficient at pen/vuln testing. I have experience developing apps primarily using Visual Studio (VB6 and .Net 2K3) mainly DB apps on (you guessed it Windows). Did I mention I completed my BSc Comp Sci however programmingwas not a stong point of mine, love it to death but don't think I am good enough at it - my issues.

My scenario is this: I have a corporate network at my disposal for deeloping my skill. There are two scenarios I would like to assess. One is assessing the networks vulnerability from an inside attack and two assessing it from the outside.

As part of my assessment I want to show proof of concept by exploiting non critical machines and obtaining some saucy confidential information, sniff for passwords, hijack sessions and the likes.

Now you have it.

Airhead.
Need to come up with a quote that makes me sound intelligent don't I.

User avatar
Opus
I type, therefore I am
Posts: 935
Joined: Sun Mar 12, 2006 11:50 pm
Location: United States, Mississippi

Post: # 33239Post Opus
Thu Aug 17, 2006 5:22 pm

My first suggestion is to not do anything without the permission of management.

As for the CEH, well, I'm not sure if it has been updated, most likely not, but the material in it is very outdated, but still good for concepts, but you can get those from the outline its self :)

I would work on other things first such as researching tools and their uses and becoming proficient in their use.

My last suggestion is to set up a lab, separate from your productions network. Many of these tools like ettercap and hunt can be very aggressive and disruptive.

Having an isolated networks prevents anyone in blaming your activities for anomalies that occur on the network. Then you end up wasting your time troubleshooting their problems. Plus, you can break things and not have any adverse affect.
There are two rules for success in life:
Rule 1: Don't tell people everything you know.

airhead
Probie
Posts: 9
Joined: Fri Jul 21, 2006 12:56 am
Location: St. Lucia

Merci

Post: # 33243Post airhead
Thu Aug 17, 2006 6:06 pm

Thanks Opus,

I do have a separate network that I work on in "developing" my proficiency.

Airhead
JK this was not another --dumbass-- trick, I really do need the help.

User avatar
J_K9
THE Prancing Pirate
Posts: 8123
Joined: Fri Feb 24, 2006 10:47 pm
Contact:

Post: # 33250Post J_K9
Thu Aug 17, 2006 6:39 pm

Opus wrote:My first suggestion is to not do anything without the permission of management.
Definitely - without the _written_ permission of the management. You'll need a Get out of Jail card if you disrupt something and the management decide to take you to court ;)
I would work on other things first such as researching tools and their uses and becoming proficient in their use.
Indeed. But, apart from tools, you'll need to be proficient in "manual" testing as well. So, apart from knowing the tools in your toolset inside out, you'll also need to learn things like SQL injection, etc, if you want to get into this field professionally.

That's another thing - is this for a profession or a hobby? Either way, I think some of 9rules' rules apply here:
1. Love what you do.
2. Never stop learning.
3. Form works with function.
4. Simple is beautiful.
5. Work hard, play hard.
6. You get what you pay for.
7. When you talk, we listen.
8. Must constantly improve.
9. Respect your inspiration.
Almost all of them apply. Love what you do, never give up, strive to learn more, try to invest in commercial tools if you have the money (tools like Core IMPACT will be excellent additions if you can afford them), learn the ins and outs of the field, always give everything you do 120% effort, etc.

If you need help, or want to know where to start, ask here. We'll be more than glad to help :)
"Don't gain the world and lose your soul, wisdom is better than silver or gold." - Bob Marley

[CS:Source Admin]

|The|Specialist

Post: # 33269Post |The|Specialist
Fri Aug 18, 2006 12:25 am

:x Yuck...

User avatar
DaFoxx
DaBOSS
Posts: 8674
Joined: Sun Dec 25, 2005 1:20 am
Are you a Spammer: No
Location: 3rd Rock from the Sun

Post: # 33373Post DaFoxx
Fri Aug 18, 2006 9:59 pm

classic whore post--dumbass--:P
short yet informative
snipe shoot cos not every one checks
could spec be getting lessons from KY :shock:

would he admit it :oops:
and airhead
any questions ask em in a forum
cos intros are notorious for getting blown off course
Beware of Geeks bearing GIF's :mrgreen:

|The|Specialist

Post: # 33409Post |The|Specialist
Sat Aug 19, 2006 6:30 am

DaFoxx wrote:classic whore post--dumbass--:P
short yet informative
snipe shoot cos not every one checks
could spec be getting lessons from KY :shock:

would he admit it :oops:
and airhead
any questions ask em in a forum
cos intros are notorious for getting blown off course
Yeah but everyone else is posting just for the hell of it too. I think everyone's responses so far is grade-A shit to be quite honest... the sort of canned garbage one might recieve on AO (but without twelve pages of people flaming each other because Joe-NewGuy asked something about pwning.)

[size=0]I made a small drip of --poop-- here. Enjoy![/size]
Last edited by |The|Specialist on Sat Aug 19, 2006 8:03 am, edited 2 times in total.

User avatar
Egaladeist
I am the Eg man : Coo Coo Ca Choo
Posts: 18896
Joined: Sun Dec 25, 2005 1:02 am
Location: Canada

Post: # 33410Post Egaladeist
Sat Aug 19, 2006 6:37 am

Spec wrote:Yeah but everyone else is posting just for the hell of it too.
Damn straight! :D
Spec wrote:I think everyone's responses so far is grade-A shit to be quite honest
And proud of it! Grade-A quality shit all the way! None of that poor quality Grade B-shit for us! :D
Spec wrote:... the sort of canned garbage one might recieve on AO (but without twelve pages of people flaming each other because Joe-NewGuy asked something about pwning.)
Now I'm offended...none of our shit ever arrives in a can...it's freshly-laid prime cut quality Grade-A shit...not that processed canned shit like they serve on AO! :P

Eg ;)

User avatar
THE Doctor
Ex Und3rtak3r from OZ
Posts: 6583
Joined: Tue Dec 27, 2005 1:30 pm
Are you a Spammer: No

Post: # 33411Post THE Doctor
Sat Aug 19, 2006 7:08 am

in for a penny in for a pound
ImageImageImage[size=0]--dumbass--[/size]ImageImage
.. The trouble with life is there's no background music..

Remember Grasshopper: The original point and click interface was a Smith & Wesson.

User avatar
J_K9
THE Prancing Pirate
Posts: 8123
Joined: Fri Feb 24, 2006 10:47 pm
Contact:

Post: # 33423Post J_K9
Sat Aug 19, 2006 11:45 am

Eg - ROFL! Great post! :D

That's going into the Hall of TassZ :D
Spec wrote:post--dumbass--I think everyone's responses so far is grade-A shit to be quite honest... the sort of canned garbage one might recieve on AO (but without twelve pages of people flaming each other because Joe-NewGuy asked something about pwning.
LOL!

Well, if your response would be so much better, go for it - no-one's stopping you :mad:
"Don't gain the world and lose your soul, wisdom is better than silver or gold." - Bob Marley

[CS:Source Admin]

|The|Specialist

Post: # 33484Post |The|Specialist
Sun Aug 20, 2006 11:35 am

Opus wrote:I would work on other things first such as researching tools and their uses and becoming proficient in their use.

My last suggestion is to set up a lab, separate from your productions network. Many of these tools like ettercap and hunt can be very aggressive and disruptive.
Don't listen to stuff like the above.

My advice is don't do anything thats not in your job description. Never buy into something that's selling point is the H-word. If you want to look technical infront of others then pretend you don't know how to operate a mouse and keyboard

infact... just pretend to be a mod on AntiOnline.

Post Reply