ISamson Posted February 9, 2018 Share Posted February 9, 2018 Hello. As a recent interest in cybersecurity and hacking, I wish to develop myself in this field. However, I am afraid to step over the 'acceptable' and 'not acceptable' line within the legal context. So, I am getting a Wifi Pineapple Nano Basic, so I was wondering, what can I do with it? I am 13 years old, so it might not be much use in the pentesting area for me currently. Since 'Hacking' has a definition of "gain unauthorized access to data in a system or computer.", so what use can such device be to me? I value any contribution. Thank you so much. Quote Link to comment Share on other sites More sharing options...
Just_a_User Posted February 9, 2018 Share Posted February 9, 2018 (edited) 1 hour ago, ISamson said: so what use can such device be to me? I have found it useful to use (finally) a small collection of old devices I had gathered over the years. You may not have some/many but you can also pick up old devices on the usual second hand markets, they don't need to be pretty or have great battery life but just need to be working - some cracked screen devices still work and can be picked up cheap. I focused mainly on android devices as even old iphones/ipods seem to hold prices better prob due to stripping for parts. With things like linageOS firmwares you can have an old device such as a Samsung S3 running Android Nougat with latest security patches to test against. Other devices i had was old IP cameras, DVR (not fully working) and iptv devices basically anything with wifi. I'm still very much learning and make plenty of mistakes often but the Pineapples are forgiving and reset easily. if your determined you can use them as great learning tools but you may need to get to grips with Linux/OpenWRT before you can move onto other things, but everything in small bites works for me. Most of all have fun, show you mates, if they agree rick roll them. maybe if they like it you might get someone to join you in your explorations :) Edited February 9, 2018 by Just_a_User 1 Quote Link to comment Share on other sites More sharing options...
Broti Posted February 9, 2018 Share Posted February 9, 2018 11 hours ago, ISamson said: "gain unauthorized access to data in a system or computer." "Unauthorized" can be simulated of course. Same do pentester at presentations. 11 hours ago, ISamson said: However, I am afraid to step over the 'acceptable' and 'not acceptable' line within the legal context. If you hack around your own devices/local network, you don't have to worry. Even breaking into systems of friends (with their consents) is acceptable. As long as the target owner knows and approves there's nothing to worry about. 2 Quote Link to comment Share on other sites More sharing options...
ISamson Posted February 9, 2018 Author Share Posted February 9, 2018 3 hours ago, Broti said: "Unauthorized" can be simulated of course. Same do pentester at presentations. If you hack around your own devices/local network, you don't have to worry. Even breaking into systems of friends (with their consents) is acceptable. As long as the target owner knows and approves there's nothing to worry about. What about if I hack using a network, which includes many numerous input/output into other networks and devices, which could be beyond my 'approval'. Thanks for the reply. Quote Link to comment Share on other sites More sharing options...
thoregem Posted February 10, 2018 Share Posted February 10, 2018 This is more of a legal question. The way I look at it is: If I have to ask if I'll get into trouble doing something, I shouldn't do it. Only hack on your own network, and nobody elses. DO NOT bring your pineapple to school, or try to show off what you can do there. It's good that you're getting into this field early, but you have to understand that there are limits if you want to pursue this legally. I'd recommend installing linux on your computer and customizing it. Learn the CLI, and teach yourself how it works under the hood. This will come in super handy when you learn server exploitation in the future. Not to mention, Open Source is superior to windows. 4 Quote Link to comment Share on other sites More sharing options...
Broti Posted February 10, 2018 Share Posted February 10, 2018 11 hours ago, ISamson said: What about if I hack using a network, which includes many numerous input/output into other networks and devices, which could be beyond my 'approval'. Like a school network? I think I can answer that best with a movie quote: "Don't tempt me, Frodo." Stay local (as @GarrukApex said too). If you have the possibility (free space, equipment and/or financial resources) to set up a second isolated LAN at home just for pentesting/hacking. Perhaps the cheapest way is using virtual machines. 1 Quote Link to comment Share on other sites More sharing options...
0rang3 Posted February 12, 2018 Share Posted February 12, 2018 Hi ISamson, I am currently attending a university for Cyber Security where we are encouraged to "hack". Our network is completely separate from the rest of the campus and we only use virtual environments. So we can wreak havoc when doing Red vs Blue exercises. I also intern for a large private sector company that allows for some pentesting where we are actually trying to break into whatever our target is. So in time, I think you will find plenty of places to stretch your wings and have some fun. For a real challenge (at least imo) go to hackthebox.eu. As many others have stated, attack your own devices. VMs are your friend! You can clone and reset anytime you break something. Good luck! 1 Quote Link to comment Share on other sites More sharing options...
The Power Company Posted February 12, 2018 Share Posted February 12, 2018 Besides toying with old physical devices, I enjoy setting up small armies of tiny virtual machines, putting them in an enclosed network, and attacking each other. When I was in high school I got into hacking by rooting my old android phone and installing custom ROMs so I could get infinite gold in games for free. Also a great way to get introduced into malware infected APKs! Quote Link to comment Share on other sites More sharing options...
i8igmac Posted February 12, 2018 Share Posted February 12, 2018 The way I see it... if the water sprays over the fence onto your property, you can do what you wish with that water... Same goes for wifi. 1 Quote Link to comment Share on other sites More sharing options...
Dave-ee Jones Posted February 12, 2018 Share Posted February 12, 2018 1 hour ago, The Power Company said: Besides toying with old physical devices, I enjoy setting up small armies of tiny virtual machines, putting them in an enclosed network, and attacking each other. When I was in high school I got into hacking by rooting my old android phone and installing custom ROMs so I could get infinite gold in games for free. Also a great way to get introduced into malware infected APKs! Unfortunately most games out there have sale verification methods that block you getting infinite currency nowadays.. Can't say I like malware-infected APKs. Very frustrating. 1 Quote Link to comment Share on other sites More sharing options...
ISamson Posted February 13, 2018 Author Share Posted February 13, 2018 34 minutes ago, i8igmac said: The way I see it... if the water sprays over the fence onto your property, you can do what you wish with that water... Same goes for wifi. What if I poison that water and it accidentally leaks back into my neighbours garden? Same with wifi? 1 Quote Link to comment Share on other sites More sharing options...
Dave-ee Jones Posted February 13, 2018 Share Posted February 13, 2018 4 hours ago, i8igmac said: The way I see it... if the water sprays over the fence onto your property, you can do what you wish with that water... Same goes for wifi. Can't say the judge will see it the same way. The way I see it, if I kill someone accidentally I'm not responsible. Judge doesn't see it that way. (Completely hypothetical, I don't actually see it that way - but it does depend on the situation). 1 Quote Link to comment Share on other sites More sharing options...
Rkiver Posted February 13, 2018 Share Posted February 13, 2018 15 hours ago, i8igmac said: The way I see it... if the water sprays over the fence onto your property, you can do what you wish with that water... Same goes for wifi. I sincerely doubt any judge in any country will agree with you on that comparison. Quote Link to comment Share on other sites More sharing options...
i8igmac Posted February 13, 2018 Share Posted February 13, 2018 (edited) 1 hour ago, Rkiver said: I sincerely doubt any judge in any country will agree with you on that comparison. In that case. hack the planet! Hack the planet! Hack the planet! Edited February 13, 2018 by i8igmac 1 Quote Link to comment Share on other sites More sharing options...
C1PH3R Posted February 13, 2018 Share Posted February 13, 2018 On 2/9/2018 at 7:26 PM, Broti said: "Unauthorized" can be simulated of course. Same do pentester at presentations. If you hack around your own devices/local network, you don't have to worry. Even breaking into systems of friends (with their consents) is acceptable. As long as the target owner knows and approves there's nothing to worry about. Their consent has to be written tho, a spoken consent does not count! 1 Quote Link to comment Share on other sites More sharing options...
C1PH3R Posted February 13, 2018 Share Posted February 13, 2018 22 hours ago, 0rang3 said: Hi ISamson, I am currently attending a university for Cyber Security where we are encouraged to "hack". Our network is completely separate from the rest of the campus and we only use virtual environments. So we can wreak havoc when doing Red vs Blue exercises. I also intern for a large private sector company that allows for some pentesting where we are actually trying to break into whatever our target is. So in time, I think you will find plenty of places to stretch your wings and have some fun. For a real challenge (at least imo) go to hackthebox.eu. As many others have stated, attack your own devices. VMs are your friend! You can clone and reset anytime you break something. Good luck! Hey man, can you give me the name of that university (maybe in private?) if you want to be anonymous then do not give it to me. But I am looking into this types of University's myself so maybe reading about yours can help. Only do it if you want to :) Quote Link to comment Share on other sites More sharing options...
Broti Posted February 13, 2018 Share Posted February 13, 2018 2 hours ago, C1PH3R said: Their consent has to be written tho, a spoken consent does not count! I never had problems with given spoken consent since I personally knew the "client" or a person I know knew and introduced me, but yes it only counts in written form. Especially in business Quote Link to comment Share on other sites More sharing options...
Bigbiz Posted February 25, 2018 Share Posted February 25, 2018 Should be documented on the internet(obtainable) like a official Judicial report about your limitations in the matter. Google . Find best one. Download. 1 Quote Link to comment Share on other sites More sharing options...
ISamson Posted February 25, 2018 Author Share Posted February 25, 2018 4 hours ago, Bigbiz said: Should be documented on the internet(obtainable) like a official Judicial report about your limitations in the matter. Google . Find best one. Download. I tried to look for governmental reports, but I found not much. I am in Australia. Quote Link to comment Share on other sites More sharing options...
Bigbiz Posted February 26, 2018 Share Posted February 26, 2018 Try https://en.m.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act Quote Link to comment Share on other sites More sharing options...
Just_a_User Posted February 26, 2018 Share Posted February 26, 2018 (edited) On 2/25/2018 at 6:48 AM, ISamson said: I tried to look for governmental reports, but I found not much. I am in Australia. Maybe this is it? https://www.legislation.gov.au/Details/C2012C00776/Html/Text#_Toc339546943 Part 10.7—Computer offences in a more basic version https://www.afp.gov.au/what-we-do/crime-types/cybercrime/high-tech-crime#computer-intrusions Interesting. Edited February 26, 2018 by Just_a_User 1 Quote Link to comment Share on other sites More sharing options...
Dave-ee Jones Posted February 26, 2018 Share Posted February 26, 2018 Basically the consensus is if you want to start learn pentesting in a legal-safe environment, just have a play with scripting, programming, WiFi pentesting (using the Pineapple and maybe a VM with Kali on it to have a bit of fun with monitor-mode and packet-injection) and all that jazz. That won't hurt anyone until you take it into the real world which I wouldn't suggest doing unless it's your job description and someone's paying you to find flaws in their system. If you can learn what's under the hood of Linux and Windows you're pretty much set for any environment. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.