WHERE TO BEGIN ON THE PATH TO BECOMING A PENETRATION TESTER
What you will need:
1) Books
2) Virtual Machines (or physical machines)
3) Operating Systems
4) Hardware
5) Software
6) Basics
2) Virtual Machines (or physical machines)
3) Operating Systems
4) Hardware
5) Software
6) Basics
So, let us begin with the most important part- the books. Now, most people here will tell you that you should hack to learn, not learn to hack, but you actually need to do BOTH simultaneously. To do this, you need books/knowledge of what it is you want to do, some form of tutorial or article on how it is done/ideas of where to start, and access to a virtual lab to try out new things.
Books You'll Need:
TCP/IP Il
lustrated, Volume 1 Protocols
This book should give you a fairly good grasp on basic concepts of networking.
You will also want to look into staying anonymous on the internet, so do some research into using Tor and I2P.
Nmap Network Scanning
This book will give you an in-depth look into the most popular and most effective port scanning tool.
Beginning PenTesting with Kali Linux
This book will give you a very good idea of the different tools in Kali Linux and will give you a great start on information gathering and how to approach gaining access into a system through different avenues and attack vectors.
Command Line Course
This book will take you through the basics in command line usage for both Windows PowerShell and the Linux command line.
Python Cookbook
Violent Python
Assembly Programming for Intel x64 Processors
Intel Assembly Developer Manuals
Learning Perl
Programming in C
PHP and MYSQL Web Development
Those would be the basic primers for languages that you will encounter and eventually need to know in order to change code or edit and write your own exploits.
There are multitudes of other available books, but these are some high quality ones that are recommended.
Virtual Machines:
There are two main software programs to run virtual machines in. One is the open source VirtualBox and the other is the commercial based VMWare. Either programs should be sufficient for basic lab testing. People use both, so you should always find someone you can help you.
Having your own personal lab to test on is vital. You should not test on real world machines because they can land you in serious trouble. Always make sure you have permission.The virtual environment will allow you to watch first hand what happens to both sides of the action. Plus, if something goes amiss, you can simply revert and tweak. You should be using Kali Linux (not BackTrack) as your attacking machine in your lab. You can use intentionally vulnerable VMs such as Metasploitable, Damn Vulnerable Web Application, and Damn Vulnerable Linux. You should also get images for the operating systems below as you'll have to gain knowledge on a wide spectrum of operating systems if you intend to be a decent penetration tester.
Operating Systems:
Server 2003
Server 2008 (R2)
Server 2012
Windows XP
Windows 7
Windows 8
Mac OSX
Ubuntu Server
RHEL
Server 2008 (R2)
Server 2012
Windows XP
Windows 7
Windows 8
Mac OSX
Ubuntu Server
RHEL
You will encounter every single one of these in the wild. You should become familiar with them, read about them, and break them.
Hardware:
You should obtain a firewall as you'll need something that can block off your test network from the rest of your network. This is provide a fairly close setup to what the real world offers. It can let you see what data can bypass the firewall and you can see what happens when someone port scans, requests data, etc. This can also help you practice avoiding intrusion detection systems (IDS).
Software:
Two pieces of software that aren't covered in the Kali book are Currports and Wireshark. Currports can be used to show you your active ports on Windows machines. It will show where your ports are going and pointing to; it will also help you get an idea of what services default to where so you can identify the points of attack. Wireshark is a program that sniffs all network traffic so that you can watch the packets fly back and forth in real time. Other software is better covered in the Kali book.
Basics:
Basic configuration for most networks:
The firewall will act as the main filter between the target network and the internet. Should this be compromised, the attacker will have full access to the internal network. A second, but less filtered, firewall between the wireless and the internal network can act as another nuisance to help thwart an attacker.
The target network's public IP address(es) is/are the link(s) between the attacker and the target network. By knowing the address(es), you can began a port scan. This will show you what services are running on the open ports, what operating systems are running those services, and if there are any vulnerabilities. There are often times multiple public IP address associated with a network, so it is advisable to scan a range of IP addresses to find several points of entry.
If you are unsure if the target network's IP address(es), you can try to ping their domain names (such as mail.companyname.com) to find it/them. Once you have found a domain name, you can run a nmap scan such as "nmap -vv -sV -Pn -T2 domain.companyname.com" to gather additional information.
Once you have solid information on their network, you can began to move on to vulnerability scanners such as Nessus, Nexpose, or OpenVAS to find vulnerabilities in the network. They can tell you if a network is vulnerable. They will also provide you more information on how to fix that vulnerability and/or how to exploit that vulnerability, if it is possible.
0 comments:
Post a Comment