As I move through Georgia Weidman’s book, Penetration Testing: A Hands-On Introduction to Hacking, it is for one, has moved in a direction that, while good, doesn’t quite do a gradual build that I was hoping, and two, many of the apps and commands just don’t work anymore. They have either been retired or replaced.
I have been eyeing the Cybrary Pro series for quite some time. When they were offering 20% off, I thought I would take the plunge. It’s $79.00/month, and I get a mentor and a structure – the labs should be a bit more up to date as well. Of course, I am taking the penetration testing courses.
I was eyeing SecureSet for a while, but their price tag was high. Like $20K high. I think this is for people fresh out of school – it would be great to have that hand on class interaction, but I just simply can’t afford it. Plus, I have been trying to get them to get a hold of me to talk about classes/courses, and they haven’t. So the door seems to be closing on that one.
…That’s not working either. The output I am getting is:
[-] No platform was selected, choosing Msf::Module::Platform::Windows from the payload [-] No arch selected, selecting arch: x86 from the payload No encoder or badchars specified, outputting raw payload Payload size: 341 bytes
Final size of exe file: 73802 bytes
I think I am going to keep on going….. and it looks like the multi/handler module isn’t working either. I’ll come back to this as well.
My mistake – I tried working with a 64-bit version of Windows 7 for Georgia Weidman’s Penetration Testing Book. If you do that, you are going to have a bad time. So, let’s do this again with a Windows 7 32-bit version.
I downloaded Windows 7 Ultimate 32-bit from Softlayer here. I plan to be done with this book within the 30-day trial window.
For Java 7, Update 6, get it here. I used the x86 version this time.
UPDATE: I tried following Georgia Weidman’s Penetration testing book with a 64-bit version of Windows 7 sp1. IIS just wasn’t installing (I think). I am blowing away the machine and going to try with a 32-bit version. Everything below in the post is when I was running through setting up Windows 7 sp1 x64.
Going through Georgia Weidman’s Penetration testing book, I am almost done with Chapter 1. Looks like the additional software for the Windows 7 target has some issues
Since I had so many problems with IE 8, I downloaded the latest version of Firefox as Georgia directs to do. I used this to download the other software requests.
For Java 7, Update 6, get it here. The link in the book doesn’t work. I had to create an Oracle account to download it.
Winamp 5.55 can be downloaded here. I didn’t even try to download it from http://www.oldapps.com/winamp.php?old_winamp=247/. I haven’t had any luck downloading any application from there.
Supplementary information on this book can be found here. This is where Ubuntu is and the BookApp Georgia asks to install at this point of the book.
I am running a 64-bit version of Windows 7. I started to think this would give me complications when I started seeing x86 versions of files. Everything actually worked until I needed to install SQLXML 4.0 sp1. Since the BookApp folders only have the x86 version of SQLXML 4.0 sp1, I went to Microsoft for the 64-bit version which can be found here.
A quick blurb – one thing about setting up the networks from Georgia Weidman’s Penetration Testing book is that she has the networks as bridged. Which is nice, until you start setting up your own static IPs. I use an Apple Express which has Class A public IPs (10.0.1.1 – 10.0.1.254), so I set my static IPs for XP and Windows 7 in that range. If you hop on a network that is in the Class C public IP space (192.168.1.1 – 192.168.1.254), it isn’t going to work. I remembered this when I started using the VMs at the coffee shop rather than home. The solution? Either revert back to DHCP to get on the Internet or create another network, this one should be a NAT (Network Address Translation). This way the VM creates its own NAT behind the LAN/WLAN router. I am going to then disable it after I get what I need from the Internet.
When I installed Kali 2018.2, after bridging the network in VMWare, I wasn’t able to get to the network. Through a Kali udemy course, I learned two commands that have been working for me in not only Kali, but other Linux machines to get an ip address and bridge the connection. In Kali, you are root, so I didn’t need sudo. If you are using a different user, you will need to sudo to run the commands (with the exception of ifconfig):
With ifconfig, look to see what your interface is (eth0, eth1). Mine is eth0 in Kali, so I wil use that for the next command
DHCP Client, dhclient, provides a means for configuring one or more network interfaces using the Dynamic Host Configuration Protocol, BOOTP protocol, or if these protocols fail, by statically assigning an address.
service smbd restart
smbd is the server daemon that provides filesharing and printing services to Windows clients. The server provides filespace and printer services to clients using the SMB (or CIFS) protocol. This is compatible with the LanManager protocol, and can service LanManager clients. These include MSCLIENT 3.0 for DOS, Windows for Workgroups, Windows 95/98/ME, Windows NT, Windows 2000, OS/2, DAVE for Macintosh, and smbfs for Linux
In Georgia Weidman’s Book, Penetration Testing: A Hands-On Introduction to Hacking, it looks like the link to XAMPP 1.7.2, Adobe Reader 8.12, and mona.py is broken.
I used SourceForge to download XAMPP 1.7.2, direct link here.
I used Brothersoft to download Adobe Reader 8.1.2, direct link here. (Disclaimer: Brothersoft has an executable wrapper around the software, where it downloads a Brothersoft executable which downloads Adobe Reader. Dumb.)
I used corelan’s GitHub repo to download mona.py, raw file here.
I have decided to continue working through Georgia Weidman’s book, Penetration Testing: A Hands-On Introduction to Hacking. I got stuck on page 40, chapter 1 when it Georgia asked me to install Zervit 0.4 on Windows XP sp1. Windows XP sp1 comes with IE6 which is so old, most web servers don’t even support the connections to it. So when I tried going to http://www.exploit-db.com/exploits/12582/ to download Zervit, I was getting a blank page.
So, I had two options, one, I thought about installing VMWare Tools and connecting a folder where I could download Zervit on my host machine, put Zervit in the folder, and then open it in XP. I couldn’t seem to be able to install what was needed on the host machine (when I went to Player -> Manage -> Install VMWare it was greyed out), so plan two, I updated IE 6 to IE 8 through automatic updates but didn’t install any of the security updates (I think I might have don’t killbits along with updating IE 6 to IE 8, I hope this doesn’t come to bite me later). Once I got IE 8 installed, I, of course, used it to install chrome.
Now I have access to many more sites, as chrome for XP is supported a bit better than IE 6. Went to http://www.exploit-db.com/exploits/12582/ for Zervit 0.4 on my shiny new XP sp1 chrome browser and viola, I am able to access it.