ECSA review

truepentest

RSMCT2011 wrote: »

You got Arnold's password ? If yes then
It's just two clicks away from getting the excel file.

Don't give up mate.

That's what I thought too but I didn't get anything with those credentials and SMB...

ajithkumarts

HI.,i am stuck in challenge 8, can you help me?

airzero

I feel like you guys really need to put in the time studying and figure this stuff out on your own rather then asking for help on a forum. I'm sure EC-Council would not be all too happy seeing this.

faiz1977

Guys Understand that you don't need to answer everything 100%. 70% is required to pass. IF you are unable to get accross a couple of task it is okay.

your methodology and strategy is evaluated

WiSiPi

I have completed all challenges. I took around 50 hours with writing the report included. Just submitted the report.
I hope I will pass, the challenges were sometimes frustrating, but mostly fun.

JamesB67

Hi,
Could you give me a clue on how you got the message in the picture in lab 2 ? ok for steganography, but which tool ? I copied the personnal folder in the windows server, but I'm not able to find the tool
Thanks

WiSiPi

Please read this message carefully

walterg74 wrote: »

Hi Mike,

Yes, I know that...

The problem was searching for "steg" or similar only found 1 program which required internet installation (and as you know, there is no internet access from the vms)

Someone mentioned another program to me and I found it and was able to use it. The annoying thing is that his program also contained "steg" within the name/filename and it did not appear on the search as it should...

Anyway, done now and had my report approved, so now onto the exam in a few...

redman2018

any good luck at that time? I am stuck with ubuntu and cent os, could you suggest what to do.

redman2018

Guys, any one who completed all challenges, could guide me. I am stuck with Ubuntu and cent os.

redman2018

No need to reply last requests, I compromised ubuntu, ... do i need to calculate md5 hash for doc ?

Thanks

faiz1977

yes redman you need to do all what is required

WiSiPi

Yes, my report is approved!

The hash of the documents was unclear by me, so I wrote both the md5 and sha1 hashes in my report.

manishani

I am not here to ask for confidential things. Just to confirm.
I begin my ECSA Challenge 1.
If you could share how many IP address we should discover in this. I already have two NW Discovered. Is this fine or i need to something more ?
I'll appreciate your reply. Thank you.

moudane

Hi guys, it's been while. Congratulation to all off you who passed the practical exam. I plan to continue it next week because I was quite busy the last couple of months.

moudane

One thing worth mentionning is the fact that I kept using the Kali Rolling but it seems like the old kali is gold by reading through users messages.

manishani

manishani wrote: »

I am not here to ask for confidential things. Just to confirm.
I begin my ECSA Challenge 1.
If you could share how many IP address we should discover in this. I already have two NW Discovered. Is this fine or i need to something more ?
I'll appreciate your reply. Thank you.

Please Ignore this, because i have solved Challenge 1. Thank you.

moudane

The ubuntu machine is giving me headache also

moudane

RSMCT2011 wrote: »

Guys, today is fruitful for me, I managed to complete Challenge 5, & 8 ; and lab 3 is half way done.
so now only left 7 & 11. all of them are web applications. I plan to complete those 2 challenges this weekend.
If you have some advises, please PM me. also if you are still doing it, please join me and I can share what I did with you.

Cheers

I sent you a PM.

manishani

RSMCT2011 wrote: »

I managed to get ubuntu's root password and still figuring out how to use it to logon as SSH is disabled. I saw port 80 is open and running apache

Could you please give a small hint about challenge#5 ?

moudane

@manishani SSH is listening on a different port.

serigne

Hello everybody, this thread is really helpful to ECSA candidates, I found a lot of tips to complete the challenges, I start writing the report since a couple of days but I wanted to know if I need to edit every field of the documents or I should only fill in the challenges with the screenshots I took from the practical lab ?
Thanks in advance.

JamesB67

Hi serigne,
I sent My report friday and it was validated this morning
You just need to write the challenge part. I only changed my name in the first parts of the report.

wrickaz

Hello guys,
Congrats who completed this cert;
Currently not completed:3,4,8 and 11
I am currently going my way through the challenges but i am frustrrating with so much brutefocing;
Could you please tell me what wordlist worked best for you to complete the challenges?

moudane

JamesB67 wrote: »

Hi serigne,
I sent My report friday and it was validated this morning
You just need to write the challenge part. I only changed my name in the first parts of the report.

I am currently polishing the report, I just finshed writing it a couple hours ago maybe tomorrow or the day after I will send it.

wrickaz wrote: »

Hello guys,
Congrats who completed this cert;
Currently not completed:3,4,8 and 11
I am currently going my way through the challenges but i am frustrrating with so much brutefocing;
Could you please tell me what wordlist worked best for you to complete the challenges?

Through the challenges you'll have to use different wordlists sometimes the default one launched with metasploit modules will work.

wrickaz

Could I get any hints for ex. 11? Tried everything including bruteforcing forms with no success

philip33

Hello,
I have done challenge 1,2,3,4,5,6,7,9,10
I am stuck with challenge 8 and 11.
Do you have any tips? I probably have enough points to pass but I want to learn. Also I can give you tips. PM me please.

philip33

There is a network vuln in challenge 8 but I cannot managed to run it.
I think 11 is vuln webapp J**** but I cannot find a way to exploit it.

philip33

With which method you completed challenge 10?

moudane

deleted

manishani

I have completed my labs and writing my final report. Can you help me to remove confusion in final report?