Budman and IT security experts, please come in man...

[marveloz]

Hi guys, could you help me please? This is like a matter of life and death to me. I'm so broke and I need to survive so I looked for a way and came across a dude who would educate me further about hacking and cyber security so if I will meet his criteria, he will employ me and pay for my professional certifications(you know like CEH, comptia,etc) and that means my survival. But first he gave me a half and a week to learn about a basic hacking, you know like: 1.Reconnaissance 2.Scanning & Enumeration 3.Gaining Access [Escalation of privileges] 4.Maintaining Access 5.Covering Tracks But since I'm new to this kind of thing(I'm only good at hardwares atm) I barely have a clue and google doesn't seem to help much so far. He expect to see if I can impress him by performing an array of job orders below:

 

All using command line in VMware

 

1. I have to access win7 C: drive from xp image remotely and vice versa

2. Find a tool that can scan the os of the image remotely

3. Port scan the ports of the image remotely

4. Then run calc.exe remotely

 

pretty much like that, I already had the VMware along with the required OSes installed and connected though but I barely have any clue what to do next, what commands I should use on CMD besides ping, arp, nestat, etc. For my life's sake, could you guys please help me impress him so I can finally survive? I need a step by step explaining, I only have 5 days remaining now, please help me, thank you guys up front!

[MikeChipshop Member]

The point of the test is to prove that you can do the required job. Getting people to walk you through it is just going to cause you extra headaches and eventual job loss in the future and is more pain than it is worth.

If you're desperate to survive, get a minimum wage job in a supermarket or fast food chain whilst you learn how to do the above things for yourself.

[marveloz]

Oh cmon man it won't cause me a headache, I promise, please... D;

 

I installed nmap but I'm stil unsure if it is what I need /:

[Nick H. Supervisor]

Mike is right. What you are asking is the equivalent of people asking us to do their homework for them, and we don't appreciate those sorts of posts either. The point of these exercises is to prove that you know what you're doing. If you don't know what you're doing then you should either think about another career path or go and do some reading.

We are here to help with issues if the person can demonstrate that they have already attempted the problem but we won't provide the answers, we'll only point them in the right direction.

[+BudMan MVC]

Well with nmap you can mark off 3 on your list. 

 

This really only is a little bit of google and reading.  Not asking you to hack the nsa   I will give you a hint on running calc.exe remotely.. If you have a password ms has a tool that can do this.. sysinternals "psexec"

[binaryzero]

LOL!!! Sounds like a scam to me. 

 

You're getting ahead of yourself, literally...

 

Go find yourself a helpdesk\IT support role, that'll get your foot in the door. 

[cork1958]

Frankly,

This topic/question shouldn't even be allowed here!

 

You asked for budman to help you and he did a very good job, especially about the part of using Google and reading!

[sc302 Veteran]

You want to learn, lock yourself in a room for a few years. Build a network, break it, fix it, break it, fix it, load up linux, break it, fix it, break it, fix it, break it, fix it, load up Windows server, break it, fix it, break it, fix it, keep doing this until you can fix most things without asking for outside assistance.

This will teach you what not to do, and how to fix it if you do it or if it happens. What your found friend has given you is a simple task and could be found by some good googling. The first part of it is learn how to use Google. Most people don't know how to use it properly to get the answers they need. Often times I can find things by using simple search terms they never thought about. Instead of looking up blue screen, try the Clyde with the dll. Instead of looking up hacking, try remote execution.

[vcfan]

you're basically asking for peopl

[marveloz]

Checked two points, two more points to go. Now help me with remotely accessing each C: drive and the calc stuff, please..

 

You guys sux but I liked you all anyway sigh.

 

Thanks Budman for answering my call, I'm a huge fan!

[Nick H. Supervisor]

You guys sux but I liked you all anyway sigh.

Believe it or not, we're trying to give you solid advice. Without knowing much about the job that this person is offering you, this test that he has provided you is probably a prime example of the type of work that you would be doing in the position. If you were to get the job, would you then be asking us to handle your workload as well? Will we get your pay check?

Also, telling people that they suck doesn't really motivate them to help your further.

[marveloz]

Well friend If I ever ask you guys to handle my workload then that would definitely mean I'm sharing some of my money, I'm not an ass don't worry about that though.

 

And don't get me wrong friends it's sux not suck, they are two different words with different meaning IMO

 

[Intersect]

Checked two points, two more points to go. Now help me with remotely accessing each C: drive and the calc stuff, please..

 

You guys sux but I liked you all anyway sigh.

 

Thanks Budman for answering my call, I'm a huge fan!

is this guy for realz? the points you listed such as "1.Reconnaissance 2.Scanning & Enumeration 3.Gaining Access [Escalation of privileges] 4.Maintaining Access 5.Covering Tracks" sound like you have just googled "how to be a leet haxor". sure budmans advice was great but you have a lot to learn when it comes to security testing.

[+BudMan MVC]

So 3 and 4 have already been answered..  As to 2, nmap can do basic OS identification. and ping sweep, etc.  So maybe that even answers 2 for you?

 

nmap -sP 192.168.1.0/24

 

C:\>nmap -O 192.168.1.31                                                                 
                                                                                         
Starting Nmap 6.47 ( http://nmap.org ) at 2015-03-28 09:49 Central Daylight Time         
Nmap scan report for pi.local.lan (192.168.1.31)                                         
Host is up (0.00060s latency).                                                           
Not shown: 996 closed ports                                                              
PORT    STATE SERVICE                                                                    
22/tcp  open  ssh                                                                        
80/tcp  open  http                                                                       
139/tcp open  netbios-ssn                                                                
445/tcp open  microsoft-ds                                                               
MAC Address: B8:27:EB:1C:6E:09 (Raspberry Pi Foundation)                                 
Device type: general purpose                                                             
Running: Linux 3.X                                                                       
OS CPE: cpe:/o:linux:linux_kernel:3                                                      
OS details: Linux 3.11 - 3.14                                                            
Network Distance: 1 hop                                                                  
                                                                                         
OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 2.70 seconds   

 

What do you want from 2 exactly?  You want a security tool? Nessus comes to mind, there is kali (use to be backtrack), metasploit, etc. etc.  All of which can be used to scan for vulnerabilities.. These are common security pen testing tools that anyone could find with a simple google for "security tools"

 

Do I have to provide a let me google it for you link?  I have already provided way more info than I have wanted too, if you can not even use google or bother to do some research you clearly are not suited for this sort of job.  As someone suggested maybe help desk is better suited?

 

As to 1, to access the C it has to be shared, to access share you have to have password - hmm wonder what its called when you try lots of different passwords really fast, etc.  Google that!  Maybe there is no password setup, maybe you exploit a service that is running to gain access, etc. Not going to teach a hacking 101 class   And really to be honest this is outside of what neowin is about.  Now if you want to use a tool to scan to make sure your box is secure and up to date.. Happy to help but not going to show you how to google for hacking tools   ask suggested just google how to become a l33t hax0r                    

[conna]

The newer generations of whippersnappers sure do like their instant gratification. Hard work is probably not even in the vocab.  When google'n is too hard the future is doomed. 

[TAZMINATOR]

Well friend If I ever ask you guys to handle my workload then that would definitely mean I'm sharing some of my money, I'm not an ass don't worry about that though.

 

And don't get me wrong friends it's sux not suck, they are two different words with different meaning IMO

 

Like others said. We don't give you the answers for that.   You do on your own, if you can't do it, then that course isn't for you... Find something else you like....   Such as become a doctor, truck driver, etc.

 

You are lying about Google searches...  Google has bunch of them ...  If you did, then you probably used the wrong term for the specific task.  You wanted us to do the work for you...   

 

Sux and suck is same thing.    Different spelling, same meaning.  Like this: Thanks and Thx.

[sc302 Veteran]

The issue is that they haven't learned to change their search terms around. Or understanding that different trends will get different answers. Hacking is such a general term you will never get the answer you want our you will be flooded with so many answers that the results will be useless. Narrow down the search to exactly what you are doing...key words only...dont put in "how do I remote into a computer"....put in "remote support tools" or "heldesk assist software" or "computer remote control" change it up. Use different terms/phrases. Don't ask questions, look for key words, find out the keywords by researching and reading.

Do you think hackers found out how to do what they do by taking a class or by going to a site and asking how to hack. Read my first post in here and let that really sink in, and if you still ask how in a public forum cone back and read my post again..keep doing that until you are ready to turn off all communications to the outside world and are ready to sit down and learn how to talk and listen to the computer. When you start understanding what it says, you are on your way. When you can understand what the blue screen code is without looking it up, you are staying to understand the system. When you can fix the blue screen without looking it up, you have reached pro status. When you can move on from there and learn networking with sniffing packets to see where the issues lie on the network, reading those packets and finding out of it is a firewall issue, or a network issue..You have become a networking pro. We can go on, but you have a place to start and that will give you more than any test or cert well give you. You will probably be able to pass most of them once you get to that point of being a pro without ever craving a book.

[fusi0n]

You want to learn, lock yourself in a room for a few years. Build a network, break it, fix it, break it, fix it, load up linux, break it, fix it, break it, fix it, break it, fix it, load up Windows server, break it, fix it, break it, fix it, keep doing this until you can fix most things without asking for outside assistance.

 

This was basically all middle and high school for me.. It paid off so well.. 

[sc302 Veteran]

It paid off for me and a lot of others I know. I am making a six figure salary only have one cert (Windows 2000 professional) but can answer quite a few questions on here. I do have a 2 year computer technologies cert from a community college too (graduated in 96). Must not have invested time in the right technologies.

Though my little brother does work for google, so there is that (he has the masters from Stevens institute).

[TAZMINATOR]

It paid off for me and a lot of others I know. I am making a six figure salary only have one cert (Windows 2000 professional) but can answer quite a few questions on here. I do have a 2 year computer technologies cert from a community college too (graduated in 96). Must not have invested time in the right technologies.

Though my little brother does work for google, so there is that (he has the masters from Stevens institute).

 

Lucky brother. 

 

I wanted to work for Microsoft.. .but won't happen...  My friend got a job at Microsoft...  Lucky guy! 

 

I used to be a software programmer in '90s, Now I am doing the graphic design/pc tech.

[xrobwx71]

Believe it or not, we're trying to give you solid advice. Without knowing much about the job that this person is offering you, this test that he has provided you is probably a prime example of the type of work that you would be doing in the position. If you were to get the job, would you then be asking us to handle your workload as well? Will we get your pay check?

Also, telling people that they suck doesn't really motivate them to help your further.

What the difference in helping this guy out further than just telling him to Google it and say Donating money to buy ObiWan  a new laptop? It didn't occur to me then but I never received a paycheck share from Obi. If I had the experience and expertise in this particular area, I would help.

[sc302 Veteran]

The difference is learning. You will never truly learn if someone gives you the answer. I retain things less of someone gives me the answer, but if I search it for a few days I know what is bs, what is fud, and what works. If I were given the answer, I wouldn't be able to be efficient at what I do.

[Top Qat]

Can we safely assume this 'dude's activities are all legal?

You know, there are laws against unauthorized entry and use of computer systems.

[marveloz]

You guys are all kinda helpful in various ways, much obliged

[Nick H. Supervisor]

Can we safely assume this 'dude's activities are all legal?

You know, there are laws against unauthorized entry and use of computer systems.

There are plenty of questions asked here that in a different light could be used for nefarious purposes. We could take the question one step further and ask, "should we be offering advice to a user who is potentially using an illegal copy of Windows?" But then there wouldn't be a forum for support questions.

At the end of the day the questions that the user is asking could be used for bad uses. However, if people took the time to do a quick Google search they would be able to find the answers elsewhere. What is being asked here is fairly standard practice for IT support in a legitimate setting. That's the way I see it anyway.