Pentest/Hacking Practice
Okay... I've reached the point in my InfoSec research and studies that I can go no further without putting in hours of practice to back the theory knowledge that I've gained. This is not a problem for social engineering, hardware and no-tech hacking techniques, as well as coding practice. I can also develop my skills in 'blackjacking' and a bit of wireless/cellular hacking as I only need either my phone, a laptop, or both.
My problem lies in the domain of OS exploitation, due to the fact that I have limited resources with which to devote to setting up an test network or anything of the like. I currently have 3 machines total. One is my MacBook Pro, which is capable of VM, has BT3 installed in it's own working partition and is setup for most of my needs in one form or another, but it is my dedicated work machine. So, I cannot use it for too many VMs, nor can I run more than one at a time without risking a crash due to memory allocation issues. I also have a desktop PC, with XP Pro SP3, but it is my personal machine that my wife and son use, so the last thing I want to do is compromise the security measures I have in place on it. The last machine is an old Dell PC, currently running Slackware 12 that I use for C programming practice.
So, I am stuck. Since not all of the tools I need will work under OS X and I cannot open more than one VM at a given time, I cannot setup a virtual test ground, I am left with a lack of what I can do to get the needed practice. Right now, I am stuck in the middle of a C|EH test prep (self-taught) course, as well as about 4 other books and can not really move further.
Anyone have any ideas on how I, with limited monetary and hardware resources, can legally and safely get the practice that I will need to effectively learn the skills that I need? Any advise is welcome. Thanks in advance.
My problem lies in the domain of OS exploitation, due to the fact that I have limited resources with which to devote to setting up an test network or anything of the like. I currently have 3 machines total. One is my MacBook Pro, which is capable of VM, has BT3 installed in it's own working partition and is setup for most of my needs in one form or another, but it is my dedicated work machine. So, I cannot use it for too many VMs, nor can I run more than one at a time without risking a crash due to memory allocation issues. I also have a desktop PC, with XP Pro SP3, but it is my personal machine that my wife and son use, so the last thing I want to do is compromise the security measures I have in place on it. The last machine is an old Dell PC, currently running Slackware 12 that I use for C programming practice.
So, I am stuck. Since not all of the tools I need will work under OS X and I cannot open more than one VM at a given time, I cannot setup a virtual test ground, I am left with a lack of what I can do to get the needed practice. Right now, I am stuck in the middle of a C|EH test prep (self-taught) course, as well as about 4 other books and can not really move further.
Anyone have any ideas on how I, with limited monetary and hardware resources, can legally and safely get the practice that I will need to effectively learn the skills that I need? Any advise is welcome. Thanks in advance.
Tags: beginner, hacking, learning, noob, penetration, pentest, self, study, testing
Replies to This Discussion
-
Permalink Reply by Grayn0de on -
I think I'll give that a try, but won't that put a bit of strain on my system resources? Also, do you know of any issues I might run into going through the hardware abstraction layers?
Thanks for the advice!
-
Permalink Reply by Scorpio on -
I'm in a similar position, where I cannot go further because I don't have a place to practice the theory.
-
Permalink Reply by dragenov on -
Install Virtuel machine on youre pc. So you can create a safe network.
-
Permalink Reply by ManFromDelMunky on -
HP do a nice deal on the ML115 for about £100, not sure what the exchange rate is in US or anything but its pretty cheap, only comes with 512MB ram but you dont need to use HP branded.
Either that or try asking around local bussines Small to Medium (big ones have policys and such) if they are upgrading anything.
Next its Skip Rat or dumpster diving, same principle Small to medium bussiness.
-
Permalink Reply by guessK on -
Maybe could you just try to upgrade the memory of all the computers to handle more vms.
-
Permalink Reply by root on -
Sorry for writing 2 months after the last reply but I just need to give my answer:
Wargames! There are some (?<_<) sites like rootcontest dot com the good old rootthisbox dot org etc that you can practice real life server attacks; for web there're sites like hackthissite (got a bit lame these last couple of years but it still does the job) hellboundhackers and many more; the servers and sites are there waiting to get owned... and it's legal :)
-
Permalink Reply by Nova on -
I use a have a 1.5GB laptop and use VMware quite regular.
I have a Vista host, running VMware server and i have an XP guest installed which has is a truecrypted system and an extra Virtual drive for storage this is also truecrypted.
I also have a BackTrack3 guest linked to the storage drive used by my XP drive. This is my main console so nothing is stored on my host.
My virtual drives are stored in a truecrypted container using a number of keyfiles which are kept on an old mp3 player :)
This was easy to setup and required vmware server and the relevent ISOs for the OS. The problem im finding is the bridging the virtual to the physical network.
-
Permalink Reply by regret on -
I personally bought 4 out of my 5 test machines (2 laptops, 2 desktops, and a server) for around $50 to $100 each by looking in the newspaper near the beginning of the school semesters. Rich parents like to give their kids brand new computers to look up porn on while their away at school, some put the old machines in the local newspapers for dirt cheap. My 5th test machine I found in a dumpster near a college dorm, it took a new power-supply, but it works perfectly for my test lab.
Truth be told, you can build quite a substantial lab like I have for VERY little money. Look for Cisco routers and switches that may or may not work on ebay. Many of them come from businesses that close down and have to liquidate their assets, minor repairs and you've got a perfectly functional machine. You'll gain more from the experience of making things work for your current situation than anything. There are two standards to the mindset of a hacker, #1 is a drive for mental advancement, and #2 is adaptation and a knack for bending the rules to fit your situation, not the standards of an outside source.
-
Permalink Reply by inzider on -
Working with two running VM instances works fine for me on the Mac Book Pro. But, consider an memory-upgrade. :)
I have a notebook and my PC - both with 2 GB of RAM - and together with VMWare you can easily try small scenarios. The VMs don't need that much memory when you don't really work with them. In most of the cases you just need a browser oder some services started.
Another solution would be to meet with other guys you know. Perhaps you have a small hacking group or friends that are interested into hacking. They will be pleased when they can help you to try new hacking techniques with their hardware.
-
Permalink Reply by Matrix on -
hi guys!
Personnally i use a usb boot bt 3 and vm bt3 under win xp (it work fine), a Ubuntun 8 livecd and Mandriva 2008 spring installed in the first partition, i tell you what! i'm "satisfate",
by the way !! i have a question :
in Nmap the option -D, i wanna know how does is work, does send many packets with deferent source ip to the destination?!!
thanks guys
© 2009 Created by pdp on Ning. Create a Ning Network!
