Next year my cousin is going to start an online business that will be hosted on his own servers. Because of my computer know-how (I'm fluent in Python, I know some C++, and I'm a Linux geek) he has asked me to perform some penetration tests to verify the security of his current setup. Although I don't know much about hacking, he insisted that I was the most qualified for this task because I'm "well trusted family."
For the last few days I've been digging through webpages and articles trying to find useful information on how to hack. So far I've learned a little about ip spoofing, package sniffing, vulnerability scanners, and password crackers. I even have a couple of programs favorites: nmap, wireshark, john the ripper, and BackTrack 3.
Right now I'm trying to figure out how to tie this loose knowledge together into a successful hack. My goal will be to silently monitor his incoming and outgoing traffic for packets (account information, passwords, etc), and to upload and download some files without authorization. His goal will be to find out my true identity (IP address), and to keep me away from his personal data using commercial software.
Do you know of a quality tutorial, e-book, or video that clearly explains the steps on how to do this? I'm not looking to make a career out of net security so I would rather not spend $200 on a training class, or $40 on a book from Amazon. I'm just looking for a little push in the right direction so I can get started.
Your help would be greatly appreciated.