agentaika

You're right. The post should have gone here: http://hak5.org/forums/index.php?showforum=20 Cool beans. Thanks. I won't.

Does it need any specific specs, or would any model do?

Not everyone has the time or the need to learn all of the ins and outs of their operating system. Sure, they should know some basics, but they really don't need to know how to compile programs from source, or add repositories through the command line. An operating system should help us get our work done. It shouldn't give us more work to do. I installed Ubuntu on my mother's computer and she uses it with no problem.

That might go against the point of the test. We're trying to verify the security of his online server. But I'll still be able to make use of the information you've provided. Maybe I should give USBSwitchblade a second look. Thank you. Running an exploit is the only way to get unauthorized access to someone's computer? I find it so odd that someone like me, who has been using computers since the 80s, is having a hard time understanding this when 12 year olds today are able to hack without any problem. :( What in the hell are these kids reading? I want that. lol. Oh noes. This is a white hat attack. I don't want to do anything that could do serious damage.

I could never understand why someone would recommend something like Debian, Fedora, and (especially) Slackware to someone who is new to Linux. I've been using Linux for many years now and I still have problems with those distros. Ubuntu is the epitome of ease. It's the only distro worth recommending to those who just want to get their work done, and would rather not spend too much time tinkering with settings. http://distrowatch.com/

Thanks for the replies. I'm not looking to make a career out of hacking. I just want to help my cousin with the security on his server, and move on. lol. What ever knowledge I gain I'll likely use for something else. Or maybe I could do a little white hat hacking on the side? I don't know. But right now I would prefer a book that just, flat out, told me how to hack, step by step. I learn best by watching examples, and then filling in the details later. And regarding programming, I already know Python and some C++. I'll give this a try.

I don't know. That is why I made this thread. Which program would I use? Here is the workflow I've figured out so far. Conceal Identity - I won't need to conceal my identity for this test. Exploitation - Use nmap and hping to get information (OS, software, etc) about Victim - Go to milworm, or a similar site, to find exploits for software used by Victim - Apply exploit using Metasploit - Backdoor the Victim using socat - Transfer files using --??-- - Upload a trojan (it'll just be a text file) to create a permanent backdoor for next hack - Clear the Victim's log so actions won't be cataloged using --??-- Administrator Access - Use nmap and hping to get information (OS, software, etc) about Victim - Use THC-Hydra to crack administrator password - Backdoor the Victim using socat - Transfer files using --??-- - Upload a trojan to create a permanent backdoor for next hack - Clear the Victim's log so actions won't be cataloged using --??--

Oodalalee! This is exactly what I need right now. For this test that might actually be a good thing. We'll be able to both look through the logs and see what I did wrong, and what he did wrong. Will do. Thanks again.

I just noticed that netcat hasn't been updated in 4 years. Does it still work as well today, or should I consider socat? http://www.dest-unreach.org/socat/ Ah. So I need to use 'back door' as my search topic? That clears up a little confusion. Thank you.

But wouldn't I need permission to install SSH onto the target? I apologize for not explaining the point of my question before hand, but my question relates to a hacking test that I'm doing for my cousin. Before he goes public with his site, he wants to see if I can hack it. netcat looks very promising. Thank you for the link. I'll look into it later today. Thank you all for your replies. Any additional information is welcome.

Someone told me this was possible. So there is no way to upload a file to someone's computer, or download a file from their computer, without authenticating?

Goodness.... If I wanted to get remote access of a Windows computer without the admin's permission using Backtrack Linux, what would I need to use? My guess is that I would have to start with a scan using nmap and/or hping, look for open ports and vulnerabilities, and then do a dictionary attack using THC-Hydra. I just don't know what to do after this point. My goal is to crack the admin's password, upload a text file into the c:/ folder, and download a file from the system32 folder. I want to do this for a test that I explained in detail here in this thread.

I don't think so. No.

Ugg... This is so overly complicated... For the last 40 minutes now I've been trying to log into my own ftp using PuTTY, pscp, and psftp, but I keep getting "connection refused" and other error messages. Is there an easy way to and transfer files to and from a remote computer using ssh and the command terminal in Linux? In a perfect world the command SHOULD read 'sshlogin username:password@55.123.55.12 upload /home/me/test.txt to c:/temp' but, of course, none of the examples I've found give anything this clear. lol

You can transfer files with PSCP, PuTTY's "secure copy client." http://the.earth.li/~sgtatham/putty/0.60/h...pter5.html#pscp I'll look them up. Thanks folks.