L30 Posted May 13, 2013 Share Posted May 13, 2013 Hello internet, I'm an XX year-old trying to get started with pentesting. A few years ago I discovered HAK5 and Hackthisite.uk and loved it. I met with friends who taught me how to use Cain & Able. After "cough" acquiring a facebook user and pass, posting a note(O HAI), I almost got my laptop smashed by both the random user and my dad. So I stopped for a while to let things cool down. In that time I was unable to practice with websites or live networks. That was 2 years ago. A few weeks ago while at the library I stumbled upon and exploited a few bugs in their system. I could login in without a username or pass, edit user credentials, and view my counties network in its entirety, and I had R/W privileges on some very important files on said network. I told the library manager about these bugs. Before going home She asked me for my email so that I “could speak with our(their) IT”. Later on my mom called the library to affirm that they were no going to press charges for what I’d done. I would love to continue with pentesting but I want to go about it in the right way. How should I go about learning and working as a network security consultant? --- sry if to long Quote Link to comment Share on other sites More sharing options...
Sebkinne Posted May 13, 2013 Share Posted May 13, 2013 If you want to be serious about this type of job, you will stop what you are doing immediately. What you are doing is illegal. You "aquired" someones Facebook account? Illegal I am guessing. You broken into your libraries system without permission? Again, illegal in most countries. Or at least not a good way to do it as they CAN press charges. So, how should you proceed? Study this subject more. I don't know how much you know in the security field, but you are definitely going about this wrong. Quote Link to comment Share on other sites More sharing options...
L30 Posted May 13, 2013 Author Share Posted May 13, 2013 (edited) I know that what I did was illegal, however at the library I discovered theses bugs by accident and after telling the manager she allowed me to proceed showing her more bugs. The facebook thing is something that I realize was wrong and would never try to do something like that again. I’m not trying to hack computers that I don’t own. Anyway thanks for the advice. Edited May 13, 2013 by L30 Quote Link to comment Share on other sites More sharing options...
potato Posted May 13, 2013 Share Posted May 13, 2013 Get some hardware and start doing labs. Download Kali and learn how to use Metasploit. Just don't hack anything you don't own. Quote Link to comment Share on other sites More sharing options...
L30 Posted May 13, 2013 Author Share Posted May 13, 2013 Thank-you Quote Link to comment Share on other sites More sharing options...
telot Posted May 15, 2013 Share Posted May 15, 2013 Get some hardware and start doing labs. Download Kali and learn how to use Metasploit. Just don't hack anything you don't own. You gotta own it, before you can pwn it ::aww yeah face::: telot Quote Link to comment Share on other sites More sharing options...
barry99705 Posted June 10, 2013 Share Posted June 10, 2013 You gotta own it, before you can pwn it ::aww yeah face::: telot Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted July 8, 2013 Share Posted July 8, 2013 (edited) What you did is considered Blackhat hacking. You clearly did something without authorization and you're lucky your school didn't press charges against you. If you keep doing this, you will end up in jail. So think twice before doing again. As someone already mentioned, I'd practice with your gear, setup a virtual lab and use it for improving your skills. And then once you are good, do it legally and professionally by working for a company. Edited July 8, 2013 by Infiltrator Quote Link to comment Share on other sites More sharing options...
Matt666 Posted July 13, 2013 Share Posted July 13, 2013 Hi, I run a small Pen-testing company in the south of France, I have one advice for you my friend. Get a lawyer (a good one), get him to cook bullet proof paper work and get you customers to sign it by the Kilo before you even switch on your laptop in he's premises. Then, once you have all the paperwork in place, start working on information gathering, this is what most companies are looking for. not actual pen-testing. If you want some pointers, just Pm me :) Quote Link to comment Share on other sites More sharing options...
levisiccard Posted October 14, 2013 Share Posted October 14, 2013 (edited) First of all: RESPECT LOCAL LAWS !!! Shouldn't be hard to figure out yourself what's black and white. Start building your own labs with all kinds of devices you can get your hands on. All my friends know if they want to throw old devices away they don't use anymore they should contact me first :-) talking about antenna's, old laptops, phones,hubs, switches, routers, NIC's, and a tool to cut your own UTP cables can come in very handy and will save you money in the feature. To get started with pentesting there is a GOOD book from vivek ramachandran: Backtrack 5 wireless penetration testing (wich you can also download), install backtrack on an old mashine. kali Linux is the newer version and is pretty much the same to follow the book. Took me about two months to complete and understand all the topics but it was not that hard. it's all basics and inspiring to get deeper into. Start STUDYing networking!(terminology and standards, tcp/ip, OSI, transmission media,architectures and acces methods, communication hardware,netBIOS, Network Security, Internet, Servers...) It really is a must to understand what's going on. Follow hak5 and other security forums! It's cool Never stop learning! Things are going fast so keep up with the new stuff. Social engineering toolkit is also interesting stuff! Wireshark! dos, dos, dos, dos, dos versus Linux, Linux, Linux, Linux, Linux and since you are still living with your parents...make shure they don't get angry and keep sponsoring you :-) Keep in mind networking is all about fun and you will find your way with your fingers in your nose. Anyway, that's how I feel about getting started :-) Edited October 14, 2013 by LeeVai Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.