Jump to content
Hak5 Forums
ISamson

Hacking Hobby Limits and Possibilities

Recommended Posts

Hello.

As a recent interest in cybersecurity and hacking, I wish to develop myself in this field.

However, I am afraid to step over the 'acceptable' and 'not acceptable' line within the legal context.

So, I am getting a Wifi Pineapple Nano Basic, so I was wondering, what can I do with it? I am 13 years old, so it might not be much use in the pentesting area for me currently. Since 'Hacking' has a definition of "gain unauthorized access to data in a system or computer.", so what use can such device be to me? 

I value any contribution.

Thank you so much.

Share this post


Link to post
Share on other sites
1 hour ago, ISamson said:

so what use can such device be to me? 

I have found it useful to use (finally) a small collection of old devices I had gathered over the years.

You may not have some/many but you can also pick up old devices on the usual second hand markets, they don't need to be pretty or have great battery life but just need to be working - some cracked screen devices still work and can be picked up cheap. I focused mainly on android devices as even old iphones/ipods seem to hold prices better prob due to stripping for parts.

With things like linageOS firmwares you can have an old device such as a Samsung S3 running Android Nougat with latest security patches to test against.

Other devices i had was old IP cameras, DVR (not fully working) and iptv devices basically anything with wifi.  I'm still very much learning and make plenty of mistakes often but the Pineapples are forgiving and reset easily. if your determined you can use them as great learning tools but you may need to get to grips with Linux/OpenWRT before you can move onto other things, but everything in small bites works for me.

Most of all have fun, show you mates, if they agree rick roll them. maybe if they like it you might get someone to join you in your explorations :)

Edited by Just_a_User
  • Like 1

Share this post


Link to post
Share on other sites
11 hours ago, ISamson said:

"gain unauthorized access to data in a system or computer."

"Unauthorized" can be simulated of course. Same do pentester at presentations.

11 hours ago, ISamson said:

However, I am afraid to step over the 'acceptable' and 'not acceptable' line within the legal context.

If you hack around your own devices/local network, you don't have to worry. Even breaking into systems of friends (with their consents) is acceptable.

As long as the target owner knows and approves there's nothing to worry about. :wink:

  • Like 2

Share this post


Link to post
Share on other sites
3 hours ago, Broti said:

"Unauthorized" can be simulated of course. Same do pentester at presentations.

If you hack around your own devices/local network, you don't have to worry. Even breaking into systems of friends (with their consents) is acceptable.

As long as the target owner knows and approves there's nothing to worry about. :wink:

What about if I hack using a network, which includes many numerous input/output into other networks and devices, which could be beyond my 'approval'.

Thanks for the reply.

Share this post


Link to post
Share on other sites

This is more of a legal question. The way I look at it is: If I have to ask if I'll get into trouble doing something, I shouldn't do it. 

Only hack on your own network, and nobody elses. DO NOT bring your pineapple to school, or try to show off what you can do there. It's good that you're getting into this field early, but you have to understand that there are limits if you want to pursue this legally. 

I'd recommend installing linux on your computer and customizing it. Learn the CLI, and teach yourself how it works under the hood. This will come in super handy when you learn server exploitation in the future. Not to mention, Open Source is superior to windows. 

  • Like 4

Share this post


Link to post
Share on other sites
11 hours ago, ISamson said:

What about if I hack using a network, which includes many numerous input/output into other networks and devices, which could be beyond my 'approval'.

Like a school network? I think I can answer that best with a movie quote: "Don't tempt me, Frodo." Stay local (as @GarrukApex said too).

If you have the possibility (free space, equipment and/or financial resources) to set up a second isolated LAN at home just for pentesting/hacking.

Perhaps the cheapest way is using virtual machines.

 

 

  • Like 1

Share this post


Link to post
Share on other sites

Hi ISamson,

I am currently attending a university for Cyber Security where we are encouraged to "hack". Our network is completely separate from the rest of the campus and we only use virtual environments. So we can wreak havoc when doing Red vs Blue exercises. I also intern for a large private sector company that allows for some pentesting where we are actually trying to break into whatever our target is. So in time, I think you will find plenty of places to stretch your wings and have some fun. For a real challenge (at least imo) go to hackthebox.eu. As many others have stated, attack your own devices. VMs are your friend! You can clone and reset anytime you break something. Good luck! 

  • Upvote 1

Share this post


Link to post
Share on other sites

Besides toying with old physical devices, I enjoy setting up small armies of tiny virtual machines, putting them in an enclosed network, and attacking each other. When I was in high school I got into hacking by rooting my old android phone and installing custom ROMs so I could get infinite gold in games for free. Also a great way to get introduced into malware infected APKs!

Share this post


Link to post
Share on other sites

The way I see it... if the water sprays over the fence onto your property, you can do what you wish with that water...

 

Same goes for wifi.

  • Upvote 1

Share this post


Link to post
Share on other sites
1 hour ago, The Power Company said:

Besides toying with old physical devices, I enjoy setting up small armies of tiny virtual machines, putting them in an enclosed network, and attacking each other. When I was in high school I got into hacking by rooting my old android phone and installing custom ROMs so I could get infinite gold in games for free. Also a great way to get introduced into malware infected APKs!

Unfortunately most games out there have sale verification methods that block you getting infinite currency nowadays..

Can't say I like malware-infected APKs. Very frustrating.

  • Like 1

Share this post


Link to post
Share on other sites
34 minutes ago, i8igmac said:

The way I see it... if the water sprays over the fence onto your property, you can do what you wish with that water...

 

Same goes for wifi.

What if I poison that water and it accidentally leaks back into my neighbours garden?

Same with wifi?

  • Upvote 1

Share this post


Link to post
Share on other sites
4 hours ago, i8igmac said:

The way I see it... if the water sprays over the fence onto your property, you can do what you wish with that water...

 

Same goes for wifi.

Can't say the judge will see it the same way.

The way I see it, if I kill someone accidentally I'm not responsible.

Judge doesn't see it that way.

(Completely hypothetical, I don't actually see it that way - but it does depend on the situation).

  • Like 1

Share this post


Link to post
Share on other sites
15 hours ago, i8igmac said:

The way I see it... if the water sprays over the fence onto your property, you can do what you wish with that water...

 

Same goes for wifi.

I sincerely doubt any judge in any country will agree with you on that comparison. 

Share this post


Link to post
Share on other sites
1 hour ago, Rkiver said:

I sincerely doubt any judge in any country will agree with you on that comparison. 

In that case.

hack the planet!

Hack the planet!

Hack the planet!

Edited by i8igmac
  • Like 1

Share this post


Link to post
Share on other sites
On 2/9/2018 at 7:26 PM, Broti said:

"Unauthorized" can be simulated of course. Same do pentester at presentations.

If you hack around your own devices/local network, you don't have to worry. Even breaking into systems of friends (with their consents) is acceptable.

As long as the target owner knows and approves there's nothing to worry about. :wink:

Their consent has to be written tho, a spoken consent does not count!

  • Like 1

Share this post


Link to post
Share on other sites
22 hours ago, 0rang3 said:

Hi ISamson,

I am currently attending a university for Cyber Security where we are encouraged to "hack". Our network is completely separate from the rest of the campus and we only use virtual environments. So we can wreak havoc when doing Red vs Blue exercises. I also intern for a large private sector company that allows for some pentesting where we are actually trying to break into whatever our target is. So in time, I think you will find plenty of places to stretch your wings and have some fun. For a real challenge (at least imo) go to hackthebox.eu. As many others have stated, attack your own devices. VMs are your friend! You can clone and reset anytime you break something. Good luck! 

Hey man, can you give me the name of that university (maybe in private?) if you want to be anonymous then do not give it to me. But I am looking into this types of University's myself so maybe reading about yours can help. Only do it if you want to :)

Share this post


Link to post
Share on other sites
2 hours ago, C1PH3R said:

Their consent has to be written tho, a spoken consent does not count!

I never had problems with given spoken consent since I personally knew the "client" or a person I know knew and introduced me, but yes it only counts in written form.

Especially in business 

Share this post


Link to post
Share on other sites

Should be documented on the internet(obtainable) like a official Judicial report about your limitations in the matter. Google . Find best one. Download.

  • Like 1

Share this post


Link to post
Share on other sites
4 hours ago, Bigbiz said:

Should be documented on the internet(obtainable) like a official Judicial report about your limitations in the matter. Google . Find best one. Download.

I tried to look for governmental reports, but I found not much. I am in Australia.

Share this post


Link to post
Share on other sites
On 2/25/2018 at 6:48 AM, ISamson said:

I tried to look for governmental reports, but I found not much. I am in Australia.

Maybe this is it?

https://www.legislation.gov.au/Details/C2012C00776/Html/Text#_Toc339546943

Part 10.7—Computer offences

in a more basic version https://www.afp.gov.au/what-we-do/crime-types/cybercrime/high-tech-crime#computer-intrusions Interesting.

Edited by Just_a_User
  • Like 1

Share this post


Link to post
Share on other sites

Basically the consensus is if you want to start learn pentesting in a legal-safe environment, just have a play with scripting, programming, WiFi pentesting (using the Pineapple and maybe a VM with Kali on it to have a bit of fun with monitor-mode and packet-injection) and all that jazz. That won't hurt anyone until you take it into the real world which I wouldn't suggest doing unless it's your job description and someone's paying you to find flaws in their system.

If you can learn what's under the hood of Linux and Windows you're pretty much set for any environment.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×