Jump to content

Pentesting/Hacking at 16


Mr.Wrench

Recommended Posts

Hello everyone!

My name (not real name obviously) is Mr. Wrench and I am 16 years old!

I have been pentesting for about 2-3 years and have only done one job which was for my school and super easy!

I am thinking about buying the USB Rubber Ducky, LAN Turtle and the WiFi Pineapple Nano tactical edition but as I am only 16, and no big company really wants to hire a 16 year old for security, I was wondering.

A. is it worth spending about $250 dollars 

B. Where could I use it in my situation

 

Many thanks all!!

 

 

Link to comment
Share on other sites

USB Rubber Ducky is more of a little tool that's fairly easy to use. My advice would be to ditch the LAN Turtle and Rubber Ducky and get a Bash Bunny which can do both those things (with a little tinkering for the LAN Turtle - but the Rubber Ducky side is out-of-the-box built-in). However it also costs more than double the price of both, so might not be worth it.

You can look into making your own using a Raspberry Pi Zero or something like that. The Rubber Ducky/Bash Bunny is essentially just a Linux Gadget.
Here's a list of websites that could help you get started with that:
http://www.linux-usb.org/gadget/
http://linux-sunxi.org/USB_Gadget
https://events.linuxfoundation.org/sites/events/files/slides/LinuxConNA-Make-your-own-USB-gadget-Andrzej.Pietrasiewicz.pdf
https://www.kernel.org/doc/htmldocs/gadget/index.html
http://landley.net/kdocs/htmldocs/gadget.html
https://github.com/raspberrypi/linux/issues/1212

The WiFi Pineapple seems like a good AP to use for pentesting, but I myself do not have one but from what I can see it would be fun to play with. Keep in mind that the Nano is for portability and the Tetra for a non-portable powerhouse, so buy either depending on what you need. By the sounds of it if you are going into being a hired keyboard (as opposed to a hired gun) you would want a Tetra.

Hopefully this leads you on the right track!

Link to comment
Share on other sites

8 hours ago, Dave-ee Jones said:

USB Rubber Ducky is more of a little tool that's fairly easy to use. My advice would be to ditch the LAN Turtle and Rubber Ducky and get a Bash Bunny which can do both those things (with a little tinkering for the LAN Turtle - but the Rubber Ducky side is out-of-the-box built-in). However it also costs more than double the price of both, so might not be worth it.

You can look into making your own using a Raspberry Pi Zero or something like that. The Rubber Ducky/Bash Bunny is essentially just a Linux Gadget.
Here's a list of websites that could help you get started with that:
http://www.linux-usb.org/gadget/
http://linux-sunxi.org/USB_Gadget
https://events.linuxfoundation.org/sites/events/files/slides/LinuxConNA-Make-your-own-USB-gadget-Andrzej.Pietrasiewicz.pdf
https://www.kernel.org/doc/htmldocs/gadget/index.html
http://landley.net/kdocs/htmldocs/gadget.html
https://github.com/raspberrypi/linux/issues/1212

The WiFi Pineapple seems like a good AP to use for pentesting, but I myself do not have one but from what I can see it would be fun to play with. Keep in mind that the Nano is for portability and the Tetra for a non-portable powerhouse, so buy either depending on what you need. By the sounds of it if you are going into being a hired keyboard (as opposed to a hired gun) you would want a Tetra.

Hopefully this leads you on the right track!

Thank you so much for your input.

I was looking at getting the bash bunny as well as I've heard it can do a lot, but was unsure due to the high price...

The big problem is my age and being as I haven't got a job in cyber security and probably wont for another few years. Is there a point of me getting this, if yes, is there a way I can use my skills LEGALLY but also not just on myself?

Link to comment
Share on other sites

7 hours ago, Mr.Wrench said:

Thank you so much for your input.

I was looking at getting the bash bunny as well as I've heard it can do a lot, but was unsure due to the high price...

The big problem is my age and being as I haven't got a job in cyber security and probably wont for another few years. Is there a point of me getting this, if yes, is there a way I can use my skills LEGALLY but also not just on myself?

 

Early on, see if you can take some courses on Linux / Administration / Security. You'll need the ability to understand basic Linux commands and the fundamentals of IT Security, as well as the pentesting itself.

On the basis of 'if you don't ask, you don't get', ask companies if they will let you shadow / take part in work experience. You don't necessarily have to do this through your school / college, there will still be companies out there that will let you do work experience.

Build yourself a PenTesting lab. This doesn't have to be expensive or even cost anything at all; people actually give away old PCs all the time, and these are more than suitable early on. Look on Schpock, FreeCycle, eBay, ask friends and family etc. and see if you can grab some bargains. Routers are fun to pentest as well, and people generally just throw old ones out.

Get to the library and read as many books as you can on pentesting, security, hacking, Linux, Windows, iOS, networking, Python, C++/C#, PowerShell and whatever else you can find. Soak it all up like a sponge and practice things until you can write code in your sleep and hack in your daydreams (as well as in your lab :grin:)

You can delve deeper in to pentesting itself once you are old enough to work, but if you set yourself up with a good, solid foundation of scripting/programming knowledge and have a play with old PCs and routers, etc., you'll have a great head-start in the business when you do get there.

Download Metasploit and Metasploitable and have a play :cool:

Edited by haze1434
Link to comment
Share on other sites

You can go into being an IT Technician trainee or go into an IT Traineeship/Apprentice as well. This would allow you more opportunities to learn and you could ask your trainers to shadow them while they work.

I would recommend a Raspberry Pi, though, as it's pretty much perfect for every scenario you're going to have at the level you are at. It will give you a Linux environment that you can do you pentesting on, give you a hardware environment so you can build a router, AP,  USB emulation and all kinds of things that will help you along. They are cheap to get, cheap to build on and easy to get going and start working on. The screens/monitors are more expensive though, but you can just go and find any old monitor, or if you really want buy a smaller monitor and make a mini laptop powered by the Pi for your lab.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...