Sheepgobeep Posted January 1, 2012 Share Posted January 1, 2012 Hello all, a friend and I would like to start pentesting small, home networks around our area to make a little extra money. We are both 15 year old, and I was wondering if anyone had advice on pentesting in general. I have read some ebooks and have a fair understanding of what needs to be done in a pentest, but have fairly limited knowledge about writing a report after the pentest. Any advice or help would be great! Thanks, Sheepgobeep Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted January 2, 2012 Share Posted January 2, 2012 I agree with Morfir, most home users are either too dumb or not properly educated when it comes to home computer security. Secondly, going around each neighbor's network and pen-testing could backfire, you will need authorization from the owner, or you could be legally charged for it. Say, even if you had authorization to pen-test a network, how would you go about explaining to a person that has limited IT knowledge, what the implications of an insecure system are. Again it comes down to the individual, some would take the security matter seriously others not so much. Quote Link to comment Share on other sites More sharing options...
Sheeepgobeep Posted January 2, 2012 Share Posted January 2, 2012 It's sheepgobeep, I had to make a new account because I can't login through twitter on my iPhone. I don't think it would be too hard to explain what could happen if your network isn't secure. And the things we would be doing would only be like making sure they aren't using open/wep, haveing a secure wifi password, changing the default router pass ect. Quote Link to comment Share on other sites More sharing options...
xpath Posted January 2, 2012 Share Posted January 2, 2012 It does sound like a cool idea to help bring some awareness to those who don't have some basic form of protection on there wireless networks, it cant hurt to let your locals know that open are a bad thing. but as the others have said the average home user is not going to understand whats going on. you could write up some very basic reports to explain the issues to them. but this will also help you with your report writing skills because the report in a proper pen test is properly one of the most important things you are providing the enduser. but to be honest you would be better off setting up your own networks and pentesting them from out and inside and the writeup your reports. because you wont really get much use out of cracking the hockey moms WiFi password, other than developing your cracking skills or using tools like the pineapple. its a very grey area you are talking about but just be carful how you implement your plans. Quote Link to comment Share on other sites More sharing options...
int0x80 Posted January 2, 2012 Share Posted January 2, 2012 Prepare for bad reactions. This reminds me of a story with some kids from my city. I may be off on the details as it was a while back. IIRC, these kids won the WiFi Shootout at Defcon; then went around town finding APs with insecure configurations. They would then go ring the doorbell and offer consulting services to secure the network. People freaked out and the kids got no business; and I believe they were threatened with legal action on more than one occasion. It seems people will probably consider this as a personal attack, even though it's not intended that way. Here is the 2004 Wired article about them winning the WiFi Shootout -- http://www.wired.com/culture/lifestyle/news/2004/08/64440 Quote Link to comment Share on other sites More sharing options...
int0x80 Posted January 2, 2012 Share Posted January 2, 2012 As an alternative, have you considered teaching a free home computer security class at your local library or hackerspace? We offer classes at Hive13 all the time. There are a number of benefits to this approach: 1. You help people (though you might be saying "bfd"). 2. You have a conversation piece for job interviews and college applications that shows you do something useful with your time outside of school. Employers and colleges eat that stuff up. 3. People will know you as a helpful person and will call you to help them fix their computers/networks, for which you charge them. I strongly recommend creating an official business (I have an LLC) before any money starts changing hands. It's easy and inexpensive to set up, and can limit your liability and losses in the event that something goes horribly awry. Quote Link to comment Share on other sites More sharing options...
Sheepgobeep Posted January 3, 2012 Author Share Posted January 3, 2012 As an alternative, have you considered teaching a free home computer security class at your local library or hackerspace? We offer classes at Hive13 all the time. There are a number of benefits to this approach: 1. You help people (though you might be saying "bfd"). 2. You have a conversation piece for job interviews and college applications that shows you do something useful with your time outside of school. Employers and colleges eat that stuff up. 3. People will know you as a helpful person and will call you to help them fix their computers/networks, for which you charge them. I strongly recommend creating an official business (I have an LLC) before any money starts changing hands. It's easy and inexpensive to set up, and can limit your liability and losses in the event that something goes horribly awry. Thats actually a really good idea, thanks for all your help Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted January 3, 2012 Share Posted January 3, 2012 Its actually a brilliant idea and one that could land you on a real job one day. Going around and teaching people, the benefits of computer security, as well as gaining their confidence in you. Good luck dude. Quote Link to comment Share on other sites More sharing options...
Atomix.Gray Posted January 5, 2012 Share Posted January 5, 2012 There are a lot of great comments on this post. I honestly think you can CREATE a market for this. 'Eductional based marketing' is very powerful. Approach it like this: Create a report off from your lab (as mentioned above) Show how easy it is for any kid with a computer and youtube to 'hack into their network' In the report explain what infomration these people can get... Sniffing passwords etc...Create a business FB site - then direct people to your site for this free report (they will need to enter their email address - you can market to these there - as they are warm leads. At the end of the report offer a deal X% off a network scan or something.. yada yada... You could also have 6 months check ups - network/computer scans to insure data integirty. Quote Link to comment Share on other sites More sharing options...
digip Posted January 5, 2012 Share Posted January 5, 2012 (edited) There is another approach to take with this as well. Instead of going and knocking on doors to tell people, "Hey, your network is vulnerable to attack, can we fix it?", make up some business cards and staple the cards to a flyer with all the info on what your services are. List clearly what you can do for them, your rates, and why you are doing this. You can even play the whole angle of, "we're still in school, trying to gain real world working skills in information technology and hope to do this for a living someday". Then leave them in the mailbox or on door hangers for all the houses in your neighborhood. Let the people come to you, see who bites and go from there. Build a rapport with the customers, the more you gain new clients then word of mouth will help you get more business. Just make sure you are professional, dress well, and explain everything in plain english to the clients and take your time. Most home users who don't have any encryption on, probably don't have a clue they are vulnerable, so anything you tell them, they would have to take your word for it. You want them to feel comfortable with what you are doing for them, and assure them they are safe(er) from attack. Personally I don't trust wireless at all, but thats a whole other rant... Edited January 5, 2012 by digip Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.