HackerXXX Posted September 29, 2016 Posted September 29, 2016 I am a security tester and I have been hired at a public school. What I'm wanting to achieve is to be able to access the school network from my home. I understand on connecting my computer and the turtle to a vpn. Example: «My home computer» > VPN > lan turtle > school computer > «school network» Basically the goal is to plug the turtle (with the right modules) into a computer and plug the Ethernet cord into the lan turtle. Then go home and access the network and do what I need to do. Example: Ethernet > lan turtle > school computer > school network The questions are: 1. Does the host computer (the one with the turtle plugged in) need to be on? 2. Does the host computer being logged off matter? 3. Would my theory work? 4. How could I get a list of every user on the network (school systems are tricky, any user can be Logged in on any computer)? 5. Will it just be that school network or will I also access the entire county school network? Quote
HH1 Posted September 29, 2016 Posted September 29, 2016 From what i know the computer only needs to be plugged into a power source (turned on) and the network cable plugged in That answers 1 & 2 4) You should be able to scan for ip address which may give you some names 5) I believe it will only give you access to the router its plugged into(unless you can hack the others) Quote
digininja Posted September 29, 2016 Posted September 29, 2016 If you are hiring out your services as a security tester then 4 and 5 are things that you should know about and how to do already. 4 Quote
digininja Posted September 29, 2016 Posted September 29, 2016 No we aren't... Some people read books then go out and sell their services as testers and let people down. That reflects badly on the industry and can get clients into trouble if they trust bad advice or rely on faulty results. Some people pose as testers to ask questions that they know if they asked offering their real intentions that they would be kicked off. Some people are just hobbyists. Someone who is a working pen tester would know how to scan a network to find user names and would know that you can't know what reach you have into a network without looking. 6 Quote
HH1 Posted September 29, 2016 Posted September 29, 2016 Good point But you always have to start somewhere and schools in my opinion are a great start Quote
digininja Posted September 29, 2016 Posted September 29, 2016 I'd say they are a really bad place to start. If you mess up the security for a school think about all the sensitive information that could get out, personal information for tens or hundreds of kids. Add to that the potential for grade changes and cheating by looking at papers and staff notes. A bad test for a school could be pretty disastrous. 3 Quote
HH1 Posted September 29, 2016 Posted September 29, 2016 My bad i meant a good place to start under supervision Quote
digininja Posted September 29, 2016 Posted September 29, 2016 Shadowing and having a mentor at the start of a career is vital I think. I mentor a few people and watching them go from no idea to be able to go out on their own is great. Also trusting them enough that they will ask for help rather than BS through things makes a big difference. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.