NFS Performance: Brain Teaser (Solved!)


After spending multiple hours trying to diagnose a performance issue with NFS in my lab, I've suddenly stumbled upon a situation in which I can honestly say, I'm completely bewildered.

When copying a 256MB test file to the NFS mount the transfer takes ~70 seconds, which equates to roughly 3.6MB/s, i.e. very slow. The client and sever hardware is modern and equipped with Gigabit NICs and an accompanying Gigabit switch. With this hardware I'd expect average transfer speeds of 30-40MB/s, with the hard drives being the bottleneck.

So here's where it gets strange... more ...

Installing Hacme Shipping on an XP Pro VMWare Image


Hacme Shipping is a ColdFusion Web Application from the Foundstone, Inc series of vulnerable "Hacme" tools. As its name implies, Hacme Shipping is a mock Shipping application much like one you would find major on-line retailers using, except loaded with insecure code (on purpose!).

So in continuing the theme of my previous post, which detailed the process of Installing Hacme Bank, this article will hopefully provide another easy to follow, step-by-step guide to installing and configuring the application. more ...

Installing Hacme Bank on an XP Pro VMWare Image



I've created a newer article for installing Hacme Bank on Windows 7

Whether you're evaluating a new vulnerability assessment tool, or looking to hone your application hacking skills, the Hacme Bank application by FoundStone, Inc offers a perfect "victim" for you to use as a testing target. Hacme Bank simulates an online banking website with the added bonus of having numerous vulnerabilities purposely designed in for you to discover.

In this write-up I'll walk you through the necessary steps for getting the application up and running on a Windows XP Professional VMWare image. I prefer this setup for a couple of reasons. First, if an unrecoverable error condition occurs (while hurling malicious packets at the application perhaps?) you can simply revert the Virtual Machine back to a known good state. Second, by positioning Hacme Back on an isolated machine I'm able to use my everyday penetration testing rig as the attack platform. more ...