Comments on: Penetration Testing in the Real World http://www.offensive-security.com/videos/penetration-testing-in-the-real-world/ Offensive Security Fri, 13 Jan 2012 21:50:14 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Week 17 in Review – 2010 | Infosec Eventshttp://www.offensive-security.com/videos/penetration-testing-in-the-real-world/#comment-90 Week 17 in Review – 2010 | Infosec Events Tue, 04 May 2010 09:40:07 +0000 http://www.offensive-security.com/?p=2344#comment-90 [...] Penetration Testing in the Real World – offensive-security.com It’s a quick reconstruction of a Security Audit we preformed over a year ago, replicated in our labs. [...] [...] Penetration Testing in the Real World – offensive-security.com It’s a quick reconstruction of a Security Audit we preformed over a year ago, replicated in our labs. [...]

]]> By: adminhttp://www.offensive-security.com/videos/penetration-testing-in-the-real-world/#comment-89 admin Wed, 28 Apr 2010 14:35:51 +0000 http://www.offensive-security.com/?p=2344#comment-89 @ Matt - I believe you can download the movie from here - http://www.vimeo.com/11213607 - but need to login for the download. @ Matt – I believe you can download the movie from here – http://www.vimeo.com/11213607 – but need to login for the download.

]]> By: adminhttp://www.offensive-security.com/videos/penetration-testing-in-the-real-world/#comment-88 admin Wed, 28 Apr 2010 14:33:47 +0000 http://www.offensive-security.com/?p=2344#comment-88 @Marco - Yes, it was a reverse shell from the internal MySQL server to the attacker. @Marco – Yes, it was a reverse shell from the internal MySQL server to the attacker.

]]> By: Matthttp://www.offensive-security.com/videos/penetration-testing-in-the-real-world/#comment-87 Matt Wed, 28 Apr 2010 14:25:55 +0000 http://www.offensive-security.com/?p=2344#comment-87 Admin, I would like to get this video to some CS teachers but they can't access the video from the classroom (web filtering restrictions). Would you have a copy that I can get to these teachers so they can use it for classroom education? Matt Admin, I would like to get this video to some CS teachers but they can’t access the video from the classroom (web filtering restrictions). Would you have a copy that I can get to these teachers so they can use it for classroom education?

Matt

]]> By: Marcohttp://www.offensive-security.com/videos/penetration-testing-in-the-real-world/#comment-86 Marco Wed, 28 Apr 2010 13:02:15 +0000 http://www.offensive-security.com/?p=2344#comment-86 @admin to make it a bit clear. How is the SQL server get its connection through the webserver which is its default gateway if it is non routable. Did you enabled NAT on the webserver to get the SQL server do a reverse bind shell to port 3306 which is in the video port 80 when you get the reverse shell of the webserver.. Kind regards @admin to make it a bit clear. How is the SQL server get its connection through the webserver which is its default gateway if it is non routable. Did you enabled NAT on the webserver to get the SQL server do a reverse bind shell to port 3306 which is in the video port 80 when you get the reverse shell of the webserver..
Kind regards

]]> By: adminhttp://www.offensive-security.com/videos/penetration-testing-in-the-real-world/#comment-85 admin Wed, 28 Apr 2010 12:14:29 +0000 http://www.offensive-security.com/?p=2344#comment-85 @ Jidb - up.php inserted a binary blob payload to the Internal MySQL server, which was then dumped to the local filesystem of the REMOTE MySQL server. Google "MySQL binary Blob" or check out links like this - http://onlamp.com/pub/a/php/2000/09/15/php_mysql.html @ Jidb – up.php inserted a binary blob payload to the Internal MySQL server, which was then dumped to the local filesystem of the REMOTE MySQL server. Google “MySQL binary Blob” or check out links like this – http://onlamp.com/pub/a/php/2000/09/15/php_mysql.html

]]> By: adminhttp://www.offensive-security.com/videos/penetration-testing-in-the-real-world/#comment-84 admin Wed, 28 Apr 2010 12:12:28 +0000 http://www.offensive-security.com/?p=2344#comment-84 @Marco - Firstly, the video is MOST DEFINITELY manipulated. No attack is as fast and smooth as that. I'm not sure i managed to follow your question fully though... @Marco – Firstly, the video is MOST DEFINITELY manipulated. No attack is as fast and smooth as that. I’m not sure i managed to follow your question fully though…

]]> By: Adityahttp://www.offensive-security.com/videos/penetration-testing-in-the-real-world/#comment-83 Aditya Wed, 28 Apr 2010 12:09:28 +0000 http://www.offensive-security.com/?p=2344#comment-83 First of all your videos are always awesome.... I have opted for PWB but postponed till i get my hands on backtrack...And ya if am not wrong muts must be the one who prepared that video...Hats off Sir First of all your videos are always awesome…. I have opted for PWB but postponed till i get my hands on backtrack…And ya if am not wrong muts must be the one who prepared that video…Hats off Sir

]]> By: Marcohttp://www.offensive-security.com/videos/penetration-testing-in-the-real-world/#comment-82 Marco Wed, 28 Apr 2010 11:01:47 +0000 http://www.offensive-security.com/?p=2344#comment-82 The video looks great, but i do not get the picture completely as the video is telling that a connection is made from the Internal SQL server on port 3306 to the attacker. But the NC listener at attacker is listening on port 80. How does the connection comes too the attacker? Directly from SQL server or proxied via webserver?. If the latter which binary was used on the webserver as that is not shown. Also the tunnels are using port 445, 4444. Are these ports also open from teh SQL Server to the attacker. I would expect that these ports are closed on the firewall as only port 21 and 80 inbound should be open. Is it me or is the video a bit manipulated :-) The video looks great, but i do not get the picture completely as the video is telling that a connection is made from the Internal SQL server on port 3306 to the attacker. But the NC listener at attacker is listening on port 80. How does the connection comes too the attacker? Directly from SQL server or proxied via webserver?. If the latter which binary was used on the webserver as that is not shown. Also the tunnels are using port 445, 4444. Are these ports also open from teh SQL Server to the attacker. I would expect that these ports are closed on the firewall as only port 21 and 80 inbound should be open. Is it me or is the video a bit manipulated :-)

]]> By: jidbhttp://www.offensive-security.com/videos/penetration-testing-in-the-real-world/#comment-81 jidb Wed, 28 Apr 2010 08:42:41 +0000 http://www.offensive-security.com/?p=2344#comment-81 It isn't clearly explained how did you transfer malicious UDF library from compromised web server to the file system on MySQL server. Please explain what exactly the script up.php has done ? Thank you It isn’t clearly explained how did you transfer malicious UDF library from compromised web server to the file system on MySQL server. Please explain what exactly the script up.php has done ?

Thank you

]]>