I have some questions about pentesting

[zamo.zd]

hi everyone,

I have some questions about pentesting:

• does anyone get a contract to pentest a company in another country from where they live, actually I am in algeria, and I would like to know if a companies can accept pentester outside of their country.
• do I have to have everything about a network and system and coding knowledge, if not which are the importante one to begin with, I understand http, little dns, I know little coding in PHP, I have a basic knowledge in C, I am CCNA certified, I have basic knowledge in linux. but I still find myself a insanely beginner and ignorant about pentesting world, well the probleme is when I try to pentest a live virtual host such as metasploitable its blank in my mind, is it normal ??
• I want to know if pentesting is only for smart people, which they have the mindset of hacking, what I mean, is can I learn to think like a pentester ?
• does anybody can tell me which are the most useful techniques to use in pentesting, or which one did you use many times ?
• does a pentester use nessus or openvas for scanning ?, why I ask this question is because nessus is heavy in network traffic, is there some drawback in using them ?
• does a sniffer still useful ?, what I mean is when you sniff a network traffic you can have a network topology but for passwords are little hard because the output is heavy and maybe the keylogger do the work better than a sniffer.
• I asked the question before but I will ask it again in different form, what are the skills must I mean must any pentester have ?
• is an exploit of open port of service which is accessible from the internet is the only way to get in in the company network ? what I mean is it only bruteforce the vpn and exploit a vuln of http or ftp or dns server.

thanks :)

Edited June 13, 2014 by zamo.zd

[Guest spazi]

Hi Zamo.zd and welcome to the forum.
First I should say I'm only a hobbyist, I don't do this for a living (would like to)

I personally believe anyone can learn pentesting and getting the "hacker mindset"
the greatest hacks I've pulled off have been extremely random, and just pure luck. Very often, I had to pull if off manually. That means, not using any well known exploit or tool.
Don't become too tool dependant. Make your own tools with your knowledge in programming. Anything can be hacked, just a matter of how and when.

now to answer your questions.

• does anyone get a contract to pentest a company in another country from where they live, actually I am in algeria, and I would like to know if a companies can accept pentester outside of their country.
  
  Yes, very often a professional get's a contract to hack a company. An experienced lawyer should always be at your side when making these contracts to make sure you don't get involved in any legal issues.
  Some is done locally and some is done remotely. Depends on the client and what you can offer.
  Never do anything the client didn't ask for, for instance. Hack them locally if they asked you to do it remotely.
• do I have to have everything about a network and system and coding knowledge, if not which are the importante one to begin with, I understand http, little dns, I know little coding in PHP, I have a basic knowledge in C, I am CCNA certified, I have basic knowledge in linux. but I still find myself a insanely beginner and ignorant about pentesting world, well the probleme is when I try to pentest a live virtual host such as metasploitable its blank in my mind, is it normal ??
  
  Hacking involves a lot of intel gathering. Very often you have zero knowledge about a client other than a IP address.
  There are many great tools out there for intel gathering. Getting documentation like PDFs from searching in google, maybe download stuff they accidentally put on the website, like a user guide on how to use the mail or login system, Stuff that helps you understand what you are trying to hack.
  
• I want to know if pentesting is only for smart people, which they have the mindset of hacking, what I mean, is can I learn to think like a pentester ?
  
  Well I never thought myself a smart guy, I do it because it's fun and I find it interesting. Some people do it for the adrenaline.
  And as I stated before, I believe anyone can learn how to become a pentester.
  The more you get into the hacking scene, the more you start thinking like one.
  I always recommend reading books about real life events or watching a documentary about people who hacked stuff ilegally.
  
• does anybody can tell me which are the most useful techniques to use in pentesting, or which one did you use many times ?
  
  A really good question!
  In my experience, I can never use the same technique for every hack I've pulled off, I always have to try something new and just digging around hoping to find something golden.
  I do however use a certain set of tools when performing pentest, maybe that counts?
  One thing I always do is document everything, it's important for you to be able to track your steps of a hack. Especially if you are dealing with clients
  
• does a pentester use nessus or openvas for scanning ?, why I ask this question is because nessus is heavy in network traffic, is there some drawback in using them ?
  
  A hacker uses a lot of tools, Nessus being one of them. Not sure about any drawbacks
  
• does a sniffer still useful ?, what I mean is when you sniff a network traffic you can have a network topology but for passwords are little hard because the output is heavy and maybe the keylogger do the work better than a sniffer.
  
  Yes, anything that might help you achieve your goal is usefull. I don't use sniffers much myself, but many people do.
  Some even write their own custom sniffers.
  A lot of stuff is encrypted now, but you get lucky once in a while.
  
• I asked the question before but I will ask it again in different form, what are the skills must I mean must any pentester have ?
  
  No 1. is probably having the hacker mindset.
  You have to be efficient using the terminal/console/command line
  Programming skills is always good to have. In C or Python.
  Learn to fully master the tools that you do have to use, like Nmap, Nessus or Metasploit. But as I said before, you probably have to write your own exploits/tools every now and then.
  Be able to think out of the box and come up with creative solutions
  
• is an exploit of open port of service which is accessible from the internet is the only way to get in in the company network ? what I mean is it only bruteforce the vpn and exploit a vuln of http or ftp or dns server.
  
  Knocking on the front door is seldomly the way to go, but you can get lucky every now and then, bruteforcing logins and badly configured servers with default passwords. It happens, even on government websites.
  Sometimes it's through hacking the wifi locally or social engineering.
  One way to get into a company is doing intel and gathering emails of a company's employees, then send them emails with files or bogues reports, stuff they might be tempted to read or open. That file should be infected with a backdoor that triggers when they open the file. That backdoor then calls your sever via SSH that you set up remotely... You can guess the rest from there.
  

There are a few books I can recommend to get you started.

The Hacker Playbook (lots of great hints and info to get you started)

The cuckoo's egg (a real life diary published as a book)

Social engineering: the art of human hacking

Edited June 14, 2014 by spazi

[zamo.zd]

thank you very much, that enlightened me , I am ready to do as much as possible to become a pentester, I will comeback once a while to reread your answer