cameron2232 Posted December 31, 2017 Posted December 31, 2017 So I want to get into a career of pen-testing I just want to know some ideas of os (going to be kali) and laptops. thx, cameron Quote
Rkiver Posted December 31, 2017 Posted December 31, 2017 Honestly I'd say think about where in pen testing you want to get into, setup a test network using something like virtual box etc. What you want to do will determine what you NEED, which will determine what OS you use (Kali just has everything in a nice place it's no more or less special than most linux ones), and what hardware helps out the most. Quote
hackabus Posted December 31, 2017 Posted December 31, 2017 I agree with RKiver, what exactly do you want to do, Pentesting has such a broad field, ie exploits, wifi, password cracking, web applications, DB attacks etc, there is so much to learn that if you try do it all at once you will end up hating it. my job requires me to do alot of different test but i favour Wifi/mitm, forensics amd recon (information gathering). I would do as said above, install virtual labs and start with the basics like learning how tools like nmap work and then work your way upwards. Good Luck Quote
cameron2232 Posted December 31, 2017 Author Posted December 31, 2017 1 hour ago, Rkiver said: Honestly I'd say think about where in pen testing you want to get into, setup a test network using something like virtual box etc. What you want to do will determine what you NEED, which will determine what OS you use (Kali just has everything in a nice place it's no more or less special than most linux ones), and what hardware helps out the most. So I would love to get into wifi type of stuff, also how do i set up a virtual box? Quote
cameron2232 Posted December 31, 2017 Author Posted December 31, 2017 1 hour ago, hackabus said: I agree with RKiver, what exactly do you want to do, Pentesting has such a broad field, ie exploits, wifi, password cracking, web applications, DB attacks etc, there is so much to learn that if you try do it all at once you will end up hating it. my job requires me to do alot of different test but i favour Wifi/mitm, forensics amd recon (information gathering). I would do as said above, install virtual labs and start with the basics like learning how tools like nmap work and then work your way upwards. Good Luck I would love to work on wifi for now an expand, and yes I completely agree I shouldn't eat want I cant chew. what is virtual labs? Quote
Rkiver Posted December 31, 2017 Posted December 31, 2017 (edited) To answer your first question about Virtual box. Google it. To answer you question about Virtual Labs, google it. I don't mean to sound rude or stand offish, but the most important skill you can have with regards to pen-testing is finding things out for yourself. So, google Virtual box, learn how to install it, then read up on setting up a home virtual lab using Virtual box. Once you've that done, then setup a virtual machine with access to a USB wifi dongle and go from there. Hell just on these forums alone there is a topic about where to begin, to save you the search, here's the link: Edited December 31, 2017 by Rkiver Quote
hackabus Posted December 31, 2017 Posted December 31, 2017 there are tons of video tutorials online, alot of people prefer virtualbox, i myself prefer vmware as i think setting up the network works better. its basically a virtual enviroment on your computer for practising hacking check out this link http://samuraihacks.com/setup-virtual-hacking-lab-pen-testing/ Quote
cameron2232 Posted December 31, 2017 Author Posted December 31, 2017 4 minutes ago, Rkiver said: To answer your first question about Virtual box. Google it. To answer you question about Virtual Labs, google it. I don't mean to sound rude or stand offish, but the most important skill you can have with regards to pen-testing is finding things out for yourself. So, google Virtual box, learn how to install it, then read up on setting up a home virtual lab using Virtual box. Once you've that done, then setup a virtual machine with access to a USB wifi dongle and go from there. Hell just on these forums alone there is a topic about where to begin, to save you the search, here's the link: one more question should I install kali linux first? or should I use my current mac os? Quote
hackabus Posted December 31, 2017 Posted December 31, 2017 Just now, cameron2232 said: one more question should I install kali linux first? or should I use my current mac os? you install kali inside virtual box as a virtual machine Quote
cameron2232 Posted December 31, 2017 Author Posted December 31, 2017 6 minutes ago, hackabus said: there are tons of video tutorials online, alot of people prefer virtualbox, i myself prefer vmware as i think setting up the network works better. its basically a virtual enviroment on your computer for practising hacking check out this link http://samuraihacks.com/setup-virtual-hacking-lab-pen-testing/ thank you will check it out! Quote
Ranish Posted January 2, 2018 Posted January 2, 2018 32 minutes ago, haze1434 said: Purchase Lenovo Thinkpad. Profit. Have to be right version so you don't get a daft touchpad :P Quote
digip Posted January 2, 2018 Posted January 2, 2018 If you have a laptop or desktop machine already, and can install VMware or Virtual Box, then you can setup a lab at home with little to no cost for setup. Also, places like Vulnhub, offer freely downloadable virtual machines that will run in VirtualBox(VBox) and VMware, most of which will run better in VBox based on how a majority of them were created. I personally use Kali in Vmware on my desktop, and use VBox for all the downloaded virtual machines form Vulnhub for my home test lab, which is basically just boot and root CTF machines I attack from the Kali VM. If you want more involved systems and scenarios, or windows machines to attack, sign up with Hack the Box, also a free service, and will require you to use a VPN to get into their networks to attack their machines(they provide the VPN), which are all on their systems that you remote into from your home machine over the VPN. No downloading or installing anything, other than the tools you choose to do the pentesting, which if you wanted to, could just be your desktop, although I'd advise you to use a VM or segregated machine, as this is a LIVE network, with other users, who can and may try attacking you! Be warned, it's a hostile network, so take precautions when on their network. Quote
cameron2232 Posted January 2, 2018 Author Posted January 2, 2018 4 hours ago, haze1434 said: Purchase Lenovo Thinkpad. Profit. I already have a maxed out macbook theres no problem there... Quote
cameron2232 Posted January 2, 2018 Author Posted January 2, 2018 59 minutes ago, digip said: If you have a laptop or desktop machine already, and can install VMware or Virtual Box, then you can setup a lab at home with little to no cost for setup. Also, places like Vulnhub, offer freely downloadable virtual machines that will run in VirtualBox(VBox) and VMware, most of which will run better in VBox based on how a majority of them were created. I personally use Kali in Vmware on my desktop, and use VBox for all the downloaded virtual machines form Vulnhub for my home test lab, which is basically just boot and root CTF machines I attack from the Kali VM. If you want more involved systems and scenarios, or windows machines to attack, sign up with Hack the Box, also a free service, and will require you to use a VPN to get into their networks to attack their machines(they provide the VPN), which are all on their systems that you remote into from your home machine over the VPN. No downloading or installing anything, other than the tools you choose to do the pentesting, which if you wanted to, could just be your desktop, although I'd advise you to use a VM or segregated machine, as this is a LIVE network, with other users, who can and may try attacking you! Be warned, it's a hostile network, so take precautions when on their network. So I currently use vb with kali. Now should I switch my kali to vm? And then put my test machines on vb? thx, cameron Quote
digip Posted January 2, 2018 Posted January 2, 2018 You can leave kali in virtual box. I have it in both vbox and vmware, as well as natively installed in several places, but the point is, to pentest and practice, you don't really need expensive new equipment, or any specialized laptop for penetration testing. Any computer can be used to learn with for the most part, and in many cases, when you go into a real pentest, you aren't allowed to bring in laptops or equipment, often have to use their equipment, and use something like a Live DISC to load into one of their machines, or have to leave yoru equipment with them and not be allowed to leave their premises with anything, including thumbdrives, HDD's, etc. The whole point BackTrack was invented, the predecessor to Kali, was because on some engagements, they were required to leave their HDD's or equipment with the companies they did the pentest on, so having a CD or DVD of an OS with tools on it, let them bring just that into the environment, and can be tossed in the trash afterwards when done. Your laptop just needs to have reasonably decent hardware support and stability for the kali distro, and if needed, some external Wifi cards where needed. In some instances, people are using small appliances, like the Intel Nuc or a raspberry pi, as plugin devices to the network, and setup for remote administration, so a company doesn't even have to physically show up on site, only need a bridge to the internal network, to perform their assessment, depending on the scope and scenario in place, or for when you are only allowed a connection from a conference room of a business, but not access to the data center or such, plug and play makes things convenient for the security companies, which is the main purpose of Kali, in putting all the things in a small package for a wide range of uses. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.