How To Learn How To Pentest (please Help)

[grant_g]

Hello,

So basically, in the 7th grade I decided I wanted to be that cool movie black hat. I googled it and the first post I read was to learn some languages. So I learned Java and the basics of computers (like the basics of the architecture) and all that super elementary computer stuff.

Fast forward to now (11th grade). I lost my black hat aspiration because of morals/legality, but I love the concept, so I'd like to pentest. I've played with BackTrack and Metasploit and I love them. I've broken into an XP VM countless times, but I have a problem. I have a grasp on the concept of an attack (information, vulnerability scanning, exploit, etc), but my knowledge is so shallow! I have no idea how an exploit works (past the general ideas like buffer overflow [even that I barely know]).

I don't know where to put my time.

If you were me, what would you do? Everyone has to put in their countless hours to become proficient at something. I'm wondering how to spend mine.

I hate being a script kiddie. I want to know the underside so badly!

Any wisdom, guidance, references to a subject are greatly appreciated!

Thanks,

Grant

[Infiltrator]

The key idea to learn how to pen-test a network/system is to practice on your own, as well as watching videos and researching.

There are plenty of videos on the web, these are good places to start learning from, securitytube.net, irongeek.com and hak5.org.

I would recommend get yourself a copy of backtrack and install it on VM or a laptop if you have one.

Use your own home network to practice and find loopholes and learn how to patch them.

Now all I can say is read, research and practice, you will learn a lot doing this way.

Good luck.

[CPU_Jazz]

Keep learning about networking and how OS's are designed. Learn to program in a low level language that puts you more in touch with the system like C. That will help with understanding buffers, stacks, and so on. The more you learn the more you find there is to learn.

Edited November 28, 2011 by docbop

[bobbyb1980]

If you have a firm handle on metasploit and backtrack I'd say that's a huge part, if not all, of being a pen-tester right there.

If instead of using metasploit you'd rather write exploits for metasploit, then you need to become a programmer, which is very different than someone who does pentesting.

[grant_g]

Keep learning about networking and how OS's are designed

In addition to learning C (I've actually used it quite a bit for AVR programming), are there any good books on this? I've only found the abstracted block diagrams of an OS... I use kernel in my everyday speech, but if someone asked me to specifically define it, I couldn't! :/

If instead of using metasploit you'd rather write exploits for metasploit, then you need to become a programmer, which is very different than someone who does pentesting.

Really? I thought the best pentester is the one who knows exploits inside and out. I, however, am more interested in the pentesting side.

Thanks for the replies!

-Grant

[bobbyb1980]

I'd say the best pentester is the one who designs their own exploits, but programming is really a field in its own and I don't think it can be compared/put in the same ballpark as security.

[int0x80]

Randomize the MAC address on your wifi interface, go to other apartment complexes and places with wifi, and start seeing what you can find.

[Infiltrator]

Randomize the MAC address on your wifi interface, go to other apartment complexes and places with wifi, and start seeing what you can find.

I love it!

[Infiltrator]

In addition to learning C (I've actually used it quite a bit for AVR programming), are there any good books on this? I've only found the abstracted block diagrams of an OS... I use kernel in my everyday speech, but if someone asked me to specifically define it, I couldn't! :/

Really? I thought the best pentester is the one who knows exploits inside and out. I, however, am more interested in the pentesting side.

Thanks for the replies!

-Grant

Its all up to you, if you feel like you want to learn more, or take pen-testing to a different level, than you should write your own exploits.

[ewook]

I got into pentesting by an accident. I've designed networks, from the cable to the host - and somewhere along the line I just wanted to know - can I count on this to be somewhat secure (right now - remember, everything changes). First of, if you're talking about penetration testing applications (the hard part), you'll need to start learning about applications first - and before that, the platform (in my world, at least).

Second, if you're simply intrested in networks and what information you can gather - you've already been given the pointers from others - start out with what you wish to know - may it be wired or wireless, form an idea regarding what segments you wish to get information about, read some about it first, then put it to the test.

Just my 2-cents.

/cheers

[grant_g]

Thanks guys! For starters, I'd like a deeper understanding of networks. I have an intermediate knowledge but I want more. I'm starting to work with Nmap (the myriad filters). I've been doing this at school.

I've been meaning to ask, is it wrong to nmap my school? The last thing I want to do is be on bad terms with my school - I love that place. Actually, In a year (with enough skills) I want to pentest it. It's tech based - tablets are issued to every freshman. Very valuable servers are hosted there. I'd hope that if I pitch it right to administration, they'll let me.

I can't tell you the temptation to try metasploit there on classmates. Every laptop (in my class, at least) is re-imaged to Vista. Where's the moral handbook on this one :/

[nemo_nihil]

if I were you I would probably start off with some reading these are a few books/resources I found helpful:

BackTrack 5 Wireless Penetration Testing Beginner's Guide by Vivek Ramachandran (creator of securitytube.net)

also check out his WLAN Security Megaprimer course DVD (free download) and the Metasploit Megaprimer (also free to view)

metasploit the penetration tester's guide brought to you by Dave Kennedy (ReL1K), Devon Kearns (dookie), Jim O’Gorman (_Elwood_), and Mati Aharoni (muts)

http://www.offensive-security.com/metasploit-unleashed/Metasploit_Unleashed_Information_Security_Training (by the guys at OffSec)

http://www.social-engineer.org/framework/Social_Engineering_Framework

http://www.social-engineer.org/se-resources/ (same site this one is just videos though)

Viveck does a good job of explaining what is going on for most of these attacks (don't just ignore those parts that is what will help you really learn to hack) so i would read his book watch his dvd and poke around his site as much as possible. The other resources focus mostly on how to use the tools which is great, but that really won't make you a great hacker

[telot]

I too am in your boat Grant. The thing I've found most useful, is setting up a proper pen testing environment. You don't need enterprise level servers to learn this stuff. I did it on the super cheap even. Get a couple spare computers from friends/family (nothing fancy - p4 with 1 or 2 GB of ram is plenty) and NAT them off from your real network (just in case...) with an old router such as a wrt54G with openWRT, and just try some stuff out. I built my own ethernet tap (similiar to the lanstar in the hakshop) for 5 bucks. One of the laptops I got happened to be able to be put into monitor mode and now I'm sniffing ethernet and wireless simultaneously. I'm DeAuthing my family at will. I'm working on making an automated jasegar box with a raspberrypi (25 dollar computer - raspberrypi.org) right now. Not to mention ARP poisoning your parents is FREE!

I'd stay away from pentesting your school, at least until you're out. Schools hate hackers, trust me.

Man the world is your oyster if you've got the time and are able to teach yourself. Luckily you're in highschool still, with college in front of you - you've got nothing but time. Use it well, as in a blink of an eye you'll be working 40-60 hours a week with a house that needs constant maintenance and a wife you've got to keep happy. I'm lucky to get 2 or 3 hours to myself a week in my penshop playing around with this stuff. Most importantly though, document your progress - share the knowledge and how you gained it. Open a blog, grab a pick, post on these forums, hell start a freakin' internet tv show. The community always needs more extroverted hackers that are wanting to learn and willing to teach.

telot

[The Sorrow]

Start from the bottom (IE a PC tech) learn the ins and outs of a workstation. Hardware AND software. Then move to the next level. Network. Learn IP Addressing, Subnetting, protocols, ports etc etc etc. Ive been in the computing world for 6 years and started a little before you. I'm still learning every day. That's the only way to become anything is to play break fix and repeat.

[digip]

I'm still learning every day. That's the only way to become anything is to play break fix and repeat.

QFT.