Jump to content

How do I get started (without gettig areasted)?


L30
 Share

Recommended Posts

Hello internet, I'm an XX year-old trying to get started with pentesting. A few years ago I discovered HAK5 and Hackthisite.uk and loved it. I met with friends who taught me how to use Cain & Able. After "cough" acquiring a facebook user and pass, posting a note(O HAI), I almost got my laptop smashed by both the random user and my dad. So I stopped for a while to let things cool down. In that time I was unable to practice with websites or live networks. That was 2 years ago.

A few weeks ago while at the library I stumbled upon and exploited a few bugs in their system. I could login in without a username or pass, edit user credentials, and view my counties network in its entirety, and I had R/W privileges on some very important files on said network. I told the library manager about these bugs. Before going home She asked me for my email so that I “could speak with our(their) IT”. Later on my mom called the library to affirm that they were no going to press charges for what I’d done.

I would love to continue with pentesting but I want to go about it in the right way. How should I go about learning and working as a network security consultant?

---

sry if to long

Link to comment
Share on other sites

If you want to be serious about this type of job, you will stop what you are doing immediately.

What you are doing is illegal. You "aquired" someones Facebook account? Illegal I am guessing.

You broken into your libraries system without permission? Again, illegal in most countries. Or at least not a good way to do it as they CAN press charges.

So, how should you proceed? Study this subject more. I don't know how much you know in the security field, but you are definitely going about this wrong.

Link to comment
Share on other sites

I know that what I did was illegal, however at the library I discovered theses bugs by accident and after telling the manager she allowed me to proceed showing her more bugs.

The facebook thing is something that I realize was wrong and would never try to do something like that again.

I’m not trying to hack computers that I don’t own.

Anyway thanks for the advice.

Edited by L30
Link to comment
Share on other sites

Get some hardware and start doing labs. Download Kali and learn how to use Metasploit. Just don't hack anything you don't own.

You gotta own it, before you can pwn it

::aww yeah face:::

telot

Link to comment
Share on other sites

  • 4 weeks later...
  • 4 weeks later...

What you did is considered Blackhat hacking. You clearly did something without authorization and you're lucky your school didn't press charges against you. If you keep doing this, you will end up in jail. So think twice before doing again. As someone already mentioned, I'd practice with your gear, setup a virtual lab and use it for improving your skills. And then once you are good, do it legally and professionally by working for a company.

Edited by Infiltrator
Link to comment
Share on other sites

Hi,

I run a small Pen-testing company in the south of France, I have one advice for you my friend. Get a lawyer (a good one), get him to cook bullet proof paper work and get you customers to sign it by the Kilo before you even switch on your laptop in he's premises.

Then, once you have all the paperwork in place, start working on information gathering, this is what most companies are looking for. not actual pen-testing.

If you want some pointers, just Pm me :)

Link to comment
Share on other sites

  • 3 months later...

First of all: RESPECT LOCAL LAWS !!! Shouldn't be hard to figure out yourself what's black and white.

Start building your own labs with all kinds of devices you can get your hands on. All my friends know if they want to throw old devices away they don't use anymore they should contact me first :-)

talking about antenna's, old laptops, phones,hubs, switches, routers, NIC's, and a tool to cut your own UTP cables can come in very handy and will save you money in the feature.

To get started with pentesting there is a GOOD book from vivek ramachandran: Backtrack 5 wireless penetration testing (wich you can also download), install backtrack on an old mashine. kali Linux is the newer version and is pretty much the same to follow the book.

Took me about two months to complete and understand all the topics but it was not that hard. it's all basics and inspiring to get deeper into.

Start STUDYing networking!(terminology and standards, tcp/ip, OSI, transmission media,architectures and acces methods, communication hardware,netBIOS, Network Security, Internet, Servers...)

It really is a must to understand what's going on.

Follow hak5 and other security forums! It's cool

Never stop learning! Things are going fast so keep up with the new stuff.

Social engineering toolkit is also interesting stuff!

Wireshark!

dos, dos, dos, dos, dos versus Linux, Linux, Linux, Linux, Linux

and since you are still living with your parents...make shure they don't get angry and keep sponsoring you :-)

Keep in mind networking is all about fun and you will find your way with your fingers in your nose.

Anyway, that's how I feel about getting started :-)

Edited by LeeVai
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...