Jump to content

Recommended Posts

Posted

Honestly I'd say think about where in pen testing you want to get into, setup a test network using something like virtual box etc.

What you want to do will determine what you NEED, which will determine what OS you use (Kali just has everything in a nice place it's no more or less special than most linux ones), and what hardware helps out the most.

 

Posted

I agree with RKiver, what exactly do you want to do, Pentesting has such a broad field, ie exploits, wifi, password cracking, web applications, DB attacks etc, there is so much to learn that if you try do it all at once you will end up hating it.

my job requires me to do alot of different test but i favour Wifi/mitm, forensics amd recon (information gathering).

I would do as said above, install virtual labs and start with the basics like learning how tools like nmap work and then work your way upwards.


Good Luck

Posted
1 hour ago, Rkiver said:

Honestly I'd say think about where in pen testing you want to get into, setup a test network using something like virtual box etc.

What you want to do will determine what you NEED, which will determine what OS you use (Kali just has everything in a nice place it's no more or less special than most linux ones), and what hardware helps out the most.

 

So I would love to get into wifi type of stuff, also how do i set up a virtual box?

 

Posted
1 hour ago, hackabus said:

I agree with RKiver, what exactly do you want to do, Pentesting has such a broad field, ie exploits, wifi, password cracking, web applications, DB attacks etc, there is so much to learn that if you try do it all at once you will end up hating it.

my job requires me to do alot of different test but i favour Wifi/mitm, forensics amd recon (information gathering).

I would do as said above, install virtual labs and start with the basics like learning how tools like nmap work and then work your way upwards.


Good Luck

I would love to work on wifi for now an expand, and yes I completely agree I shouldn't eat want I cant chew. what is virtual labs?

Posted (edited)

To answer your first question about Virtual box.

 

Google it.

 

To answer you question about Virtual Labs, google it.

I don't mean to sound rude or stand offish, but the most important skill you can have with regards to pen-testing is finding things out for yourself.

So, google Virtual box, learn how to install it, then read up on setting up a home virtual lab using Virtual box. Once you've that done, then setup a virtual machine with access to a USB wifi dongle and go from there.

Hell just on these forums alone there is a topic about where to begin, to save you the search, here's the link: 

 

Edited by Rkiver
Posted

there are tons of video tutorials online, alot of people prefer virtualbox, i myself prefer vmware as i think setting up the network works better.

its basically a virtual enviroment on your computer for practising hacking

check out this link

http://samuraihacks.com/setup-virtual-hacking-lab-pen-testing/

Posted
4 minutes ago, Rkiver said:

To answer your first question about Virtual box.

 

Google it.

 

To answer you question about Virtual Labs, google it.

I don't mean to sound rude or stand offish, but the most important skill you can have with regards to pen-testing is finding things out for yourself.

So, google Virtual box, learn how to install it, then read up on setting up a home virtual lab using Virtual box. Once you've that done, then setup a virtual machine with access to a USB wifi dongle and go from there.

Hell just on these forums alone there is a topic about where to begin, to save you the search, here's the link: 

 

one more question should I install kali linux first? or should I use my current mac os?

Posted
Just now, cameron2232 said:

one more question should I install kali linux first? or should I use my current mac os?

you install kali inside virtual box as a virtual machine

 

Posted

If you have a laptop or desktop machine already, and can install VMware or Virtual Box, then you can setup a lab at home with little to no cost for setup. Also, places like Vulnhub, offer freely downloadable virtual machines that will run in VirtualBox(VBox) and VMware, most of which will run better in VBox based on how a majority of them were created. I personally use Kali in Vmware on my desktop, and use VBox for all the downloaded virtual machines form Vulnhub for my home test lab, which is basically just boot and root CTF machines I attack from the Kali VM.

If you want more involved systems and scenarios, or windows machines to attack, sign up with Hack the Box, also a free service, and will require you to use a VPN to get into their networks to attack their machines(they provide the VPN), which are all on their systems that you remote into from your home machine over the VPN. No downloading or installing anything, other than the tools you choose to do the pentesting, which if you wanted to, could just be your desktop, although I'd advise you to use a VM or segregated machine, as this is a LIVE network, with other users, who can and may try attacking you! Be warned, it's a hostile network, so take precautions when on their network.

Posted
59 minutes ago, digip said:

If you have a laptop or desktop machine already, and can install VMware or Virtual Box, then you can setup a lab at home with little to no cost for setup. Also, places like Vulnhub, offer freely downloadable virtual machines that will run in VirtualBox(VBox) and VMware, most of which will run better in VBox based on how a majority of them were created. I personally use Kali in Vmware on my desktop, and use VBox for all the downloaded virtual machines form Vulnhub for my home test lab, which is basically just boot and root CTF machines I attack from the Kali VM.

If you want more involved systems and scenarios, or windows machines to attack, sign up with Hack the Box, also a free service, and will require you to use a VPN to get into their networks to attack their machines(they provide the VPN), which are all on their systems that you remote into from your home machine over the VPN. No downloading or installing anything, other than the tools you choose to do the pentesting, which if you wanted to, could just be your desktop, although I'd advise you to use a VM or segregated machine, as this is a LIVE network, with other users, who can and may try attacking you! Be warned, it's a hostile network, so take precautions when on their network.

So I currently use vb with kali. Now should I switch my kali to vm? And then put my test machines on vb? 

thx, cameron

Posted

You can leave kali in virtual box. I have it in both vbox and vmware, as well as natively installed in several places, but the point is, to pentest and practice, you don't really need expensive new equipment, or any specialized laptop for penetration testing. Any computer can be used to learn with for the most part, and in many cases, when you go into a real pentest, you aren't allowed to bring in laptops or equipment, often have to use their equipment, and use something like a Live DISC to load into one of their machines, or have to leave yoru equipment with them and not be allowed to leave their premises with anything, including thumbdrives, HDD's, etc.

The whole point BackTrack was invented, the predecessor to Kali, was because on some engagements, they were required to leave their HDD's or equipment with the companies they did the pentest on, so having a CD or DVD of an OS with tools on it, let them bring just that into the environment, and can be tossed in the trash afterwards when done. Your laptop just needs to have reasonably decent hardware support and stability for the kali distro, and if needed, some external Wifi cards where needed.

In some instances, people are using small appliances, like the Intel Nuc or a raspberry pi, as plugin devices to the network, and setup for remote administration, so a company doesn't even have to physically show up on site, only need a bridge to the internal network, to perform their assessment, depending on the scope and scenario in place,  or for when you are only allowed a connection from a conference room of a business, but not access to the data center or such, plug and play makes things convenient for the security companies, which is the main purpose of Kali, in putting all the things in a small package for a wide range of uses.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...