Hacking Hobby Limits and Possibilities

[ISamson]

Hello.

As a recent interest in cybersecurity and hacking, I wish to develop myself in this field.

However, I am afraid to step over the 'acceptable' and 'not acceptable' line within the legal context.

So, I am getting a Wifi Pineapple Nano Basic, so I was wondering, what can I do with it? I am 13 years old, so it might not be much use in the pentesting area for me currently. Since 'Hacking' has a definition of "gain unauthorized access to data in a system or computer.", so what use can such device be to me? 

I value any contribution.

Thank you so much.

[Just_a_User]

1 hour ago, ISamson said:

so what use can such device be to me? 

I have found it useful to use (finally) a small collection of old devices I had gathered over the years.

You may not have some/many but you can also pick up old devices on the usual second hand markets, they don't need to be pretty or have great battery life but just need to be working - some cracked screen devices still work and can be picked up cheap. I focused mainly on android devices as even old iphones/ipods seem to hold prices better prob due to stripping for parts.

With things like linageOS firmwares you can have an old device such as a Samsung S3 running Android Nougat with latest security patches to test against.

Other devices i had was old IP cameras, DVR (not fully working) and iptv devices basically anything with wifi.  I'm still very much learning and make plenty of mistakes often but the Pineapples are forgiving and reset easily. if your determined you can use them as great learning tools but you may need to get to grips with Linux/OpenWRT before you can move onto other things, but everything in small bites works for me.

Most of all have fun, show you mates, if they agree rick roll them. maybe if they like it you might get someone to join you in your explorations :)

Edited February 9, 2018 by Just_a_User

[Broti]

11 hours ago, ISamson said:

"gain unauthorized access to data in a system or computer."

"Unauthorized" can be simulated of course. Same do pentester at presentations.

11 hours ago, ISamson said:

However, I am afraid to step over the 'acceptable' and 'not acceptable' line within the legal context.

If you hack around your own devices/local network, you don't have to worry. Even breaking into systems of friends (with their consents) is acceptable.

As long as the target owner knows and approves there's nothing to worry about. 

[ISamson]

3 hours ago, Broti said:

"Unauthorized" can be simulated of course. Same do pentester at presentations.

If you hack around your own devices/local network, you don't have to worry. Even breaking into systems of friends (with their consents) is acceptable.

As long as the target owner knows and approves there's nothing to worry about. 

What about if I hack using a network, which includes many numerous input/output into other networks and devices, which could be beyond my 'approval'.

Thanks for the reply.

[thoregem]

This is more of a legal question. The way I look at it is: If I have to ask if I'll get into trouble doing something, I shouldn't do it. 

Only hack on your own network, and nobody elses. DO NOT bring your pineapple to school, or try to show off what you can do there. It's good that you're getting into this field early, but you have to understand that there are limits if you want to pursue this legally. 

I'd recommend installing linux on your computer and customizing it. Learn the CLI, and teach yourself how it works under the hood. This will come in super handy when you learn server exploitation in the future. Not to mention, Open Source is superior to windows. 

[Broti]

11 hours ago, ISamson said:

What about if I hack using a network, which includes many numerous input/output into other networks and devices, which could be beyond my 'approval'.

Like a school network? I think I can answer that best with a movie quote: "Don't tempt me, Frodo." Stay local (as @GarrukApex said too).

If you have the possibility (free space, equipment and/or financial resources) to set up a second isolated LAN at home just for pentesting/hacking.

Perhaps the cheapest way is using virtual machines.

 

 

[0rang3]

Hi ISamson,

I am currently attending a university for Cyber Security where we are encouraged to "hack". Our network is completely separate from the rest of the campus and we only use virtual environments. So we can wreak havoc when doing Red vs Blue exercises. I also intern for a large private sector company that allows for some pentesting where we are actually trying to break into whatever our target is. So in time, I think you will find plenty of places to stretch your wings and have some fun. For a real challenge (at least imo) go to hackthebox.eu. As many others have stated, attack your own devices. VMs are your friend! You can clone and reset anytime you break something. Good luck! 

[The Power Company]

Besides toying with old physical devices, I enjoy setting up small armies of tiny virtual machines, putting them in an enclosed network, and attacking each other. When I was in high school I got into hacking by rooting my old android phone and installing custom ROMs so I could get infinite gold in games for free. Also a great way to get introduced into malware infected APKs!

[i8igmac]

The way I see it... if the water sprays over the fence onto your property, you can do what you wish with that water...

 

Same goes for wifi.

[Dave-ee Jones]

1 hour ago, The Power Company said:

Besides toying with old physical devices, I enjoy setting up small armies of tiny virtual machines, putting them in an enclosed network, and attacking each other. When I was in high school I got into hacking by rooting my old android phone and installing custom ROMs so I could get infinite gold in games for free. Also a great way to get introduced into malware infected APKs!

Unfortunately most games out there have sale verification methods that block you getting infinite currency nowadays..

Can't say I like malware-infected APKs. Very frustrating.

[ISamson]

34 minutes ago, i8igmac said:

The way I see it... if the water sprays over the fence onto your property, you can do what you wish with that water...

 

Same goes for wifi.

What if I poison that water and it accidentally leaks back into my neighbours garden?

Same with wifi?

[Dave-ee Jones]

4 hours ago, i8igmac said:

The way I see it... if the water sprays over the fence onto your property, you can do what you wish with that water...

 

Same goes for wifi.

Can't say the judge will see it the same way.

The way I see it, if I kill someone accidentally I'm not responsible.

Judge doesn't see it that way.

(Completely hypothetical, I don't actually see it that way - but it does depend on the situation).

[Rkiver]

15 hours ago, i8igmac said:

The way I see it... if the water sprays over the fence onto your property, you can do what you wish with that water...

 

Same goes for wifi.

I sincerely doubt any judge in any country will agree with you on that comparison. 

[i8igmac]

1 hour ago, Rkiver said:

I sincerely doubt any judge in any country will agree with you on that comparison. 

In that case.

hack the planet!

Hack the planet!

Hack the planet!

Edited February 13, 2018 by i8igmac

[C1PH3R]

On 2/9/2018 at 7:26 PM, Broti said:

"Unauthorized" can be simulated of course. Same do pentester at presentations.

If you hack around your own devices/local network, you don't have to worry. Even breaking into systems of friends (with their consents) is acceptable.

As long as the target owner knows and approves there's nothing to worry about. 

Their consent has to be written tho, a spoken consent does not count!

[C1PH3R]

22 hours ago, 0rang3 said:

Hi ISamson,

I am currently attending a university for Cyber Security where we are encouraged to "hack". Our network is completely separate from the rest of the campus and we only use virtual environments. So we can wreak havoc when doing Red vs Blue exercises. I also intern for a large private sector company that allows for some pentesting where we are actually trying to break into whatever our target is. So in time, I think you will find plenty of places to stretch your wings and have some fun. For a real challenge (at least imo) go to hackthebox.eu. As many others have stated, attack your own devices. VMs are your friend! You can clone and reset anytime you break something. Good luck! 

Hey man, can you give me the name of that university (maybe in private?) if you want to be anonymous then do not give it to me. But I am looking into this types of University's myself so maybe reading about yours can help. Only do it if you want to :)

[Broti]

2 hours ago, C1PH3R said:

Their consent has to be written tho, a spoken consent does not count!

I never had problems with given spoken consent since I personally knew the "client" or a person I know knew and introduced me, but yes it only counts in written form.

Especially in business 

[Bigbiz]

Should be documented on the internet(obtainable) like a official Judicial report about your limitations in the matter. Google . Find best one. Download.

[ISamson]

4 hours ago, Bigbiz said:

Should be documented on the internet(obtainable) like a official Judicial report about your limitations in the matter. Google . Find best one. Download.

I tried to look for governmental reports, but I found not much. I am in Australia.

[Bigbiz]

Try https://en.m.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act

[Just_a_User]

On 2/25/2018 at 6:48 AM, ISamson said:

I tried to look for governmental reports, but I found not much. I am in Australia.

Maybe this is it?

https://www.legislation.gov.au/Details/C2012C00776/Html/Text#_Toc339546943

Part 10.7—Computer offences

in a more basic version https://www.afp.gov.au/what-we-do/crime-types/cybercrime/high-tech-crime#computer-intrusions Interesting.

Edited February 26, 2018 by Just_a_User

[Dave-ee Jones]

Basically the consensus is if you want to start learn pentesting in a legal-safe environment, just have a play with scripting, programming, WiFi pentesting (using the Pineapple and maybe a VM with Kali on it to have a bit of fun with monitor-mode and packet-injection) and all that jazz. That won't hurt anyone until you take it into the real world which I wouldn't suggest doing unless it's your job description and someone's paying you to find flaws in their system.

If you can learn what's under the hood of Linux and Windows you're pretty much set for any environment.