Topic: Network penetration and testing (Page 1 of 1) Pages that link to <a href="https://ozoneasylum.com/backlink?for=28132" title="Pages that link to Topic: Network penetration and testing (Page 1 of 1)" rel="nofollow" >Topic: Network penetration and testing <span class="small">(Page 1 of 1)</span>\

 
binary
Paranoid (IV) Inmate

From: Under the Bridge
Insane since: Nov 2002

posted posted 06-27-2006 11:07

Am trying to learn more on the field above.
Could anyone point me to some links with detailed information

~Sig coming soon~

CPrompt
Maniac (V) Inmate

From: there...no..there.....
Insane since: May 2001

posted posted 06-27-2006 12:42

Windows only? Mac's involved or Linux?

Later,

C:\

binary
Paranoid (IV) Inmate

From: Under the Bridge
Insane since: Nov 2002

posted posted 06-27-2006 13:51

Cprompt:- Windows and Linux

~Sig coming soon~

CPrompt
Maniac (V) Inmate

From: there...no..there.....
Insane since: May 2001

posted posted 06-27-2006 17:25

Windows : http://www.windowsnetworking.com/

Samba : www.hentzenwerke.com/wp/fileserver_tenminuteguide.pdf

If this is just a small network like at your home, it's one thing, but if you are going to set up a network for a lot of users you might want to focus on permissions and such for Users / Groups.

To get the Linux box talking with Windows you will need Samba of course. See if those links will help out. There's quite a bit to networking and "detailed information" is kind of vague.

Later,

C:\

JKMabry
Maniac (V) Inmate

From: raht cheah
Insane since: Aug 2000

posted posted 06-27-2006 17:34

I believe he's talking about cracking hacking penetration whatever term you recognize

astalavista.box.sk used to be a great place to start but that was years ago and I quit going there when it became principally supported by porn ads, that and I lost interest in the activity

CPrompt
Maniac (V) Inmate

From: there...no..there.....
Insane since: May 2001

posted posted 06-27-2006 17:35

you know....I must have read the title wrong the first time. I didn't see the "Penetration" part I don't guess. Those links are not going to help in that. Can't help on "network penetration". Sorry.

Later,

C:\

_Mauro
Maniac (V) Inmate

From:
Insane since: Jul 2005

posted posted 06-28-2006 01:26

I am totally against hacking, and even find the question should be moderated somehow, but freedom of speech being what it is...

It's the mindset that gets real "hackers" where they are, and real hackers are not about script kidding and network penetration.
Your asking the question is a display of the scriptie's mindset.

I am not gonna make assumptions, had you asked about "securing a network", I'd had showed you a few things.
But "network penetration"? ... are you? yeah, -script- kidding.

ONE and only ONE advice: don't mess around too much, white rats lurk, and with tools like the ones on astalavista,
you're most likely going to leave traces of nasty activity all the way, which leads to something between being fired from school, job, you name it... to prison
for a few years.
...

Once upon a time in beautiful France, a kiddie defaced a website and felt "leet": he had gone all the way there, passed the web server barriers,
and put a "m3h l33t h4x0r rulez tha w0r1d" kind of footprint.

My dear and old friend Cyco, the ultimate sysadmin, the guy who can close his eyes, compile a tailor made
Linux Kernel, and tell you "it'll weigh one MB" without the shadow of a doubt, was called to investigate, from Switzerland, near France.

The l33t h4x0r now rules a world of beatles and rats in a cell, for this single solitary act of...

perverse intrusion, property violation, and everything that disgusts me in it.
Cyco just told me "had to backtrace proxy logs, the guy had cleaned the server logs, but none of the proxy logs on the way, ten minutes overall..."

I recommend other forms of penetration instead ~cough.

WarMage
Maniac (V) Mad Scientist

From: Rochester, New York, USA
Insane since: May 2000

posted posted 06-28-2006 02:47

An E-Learning company I used to work for offered a program called "The Certified Ethical Hacker." Apparently it was a big deal for some peolpe to get this certification and to take the classes, we had people coming in from all over to take it.

So, do I recommend taking this class, sure if you can get into it, it never hurts to learn more. But what I really recommend is using google combined with the list of topics in their brochure.

http://www.eccouncil.org/ipdf/EthicalHacker.pdf

Page 9 begins the course outline. If you are interested in getting the knowledge about penetration testing and other hacking avenues learning about all the topics in there is a good start.

Dan @ Code Town

Xel
Bipolar (III) Inmate

From: NY, USA
Insane since: Nov 2002

posted posted 06-28-2006 03:47

Mauro,

In order to defend a network, it is first necessary to know how you can attack it.

There exist other reasons for learning to attack a network than simply attacking it.

The stereotype that exists around "script kiddies" is that of a juvenile using preprogrammed tools to do nefarious things.. I would not only be offended if someone insinuated that I was as such, but the stereotype isn't even a very valid one in and of itself.. It takes just as much skill to know how to use other peoples tools as it takes to make your own, just a different kind. It's also not what tools you use, but *why* and *what for*. I recently tested my own networks security with tools that would otherwise appear to have been made for illegal purposes. Was what I did illegal? Pretty sure it wasn't. Unless I want to press charges on myself.

Binarys purpose was not made known, so before getting on the "high horse", try and find out what the real issue at stake is.

binary
Paranoid (IV) Inmate

From: Under the Bridge
Insane since: Nov 2002

posted posted 06-28-2006 08:06
quote:

Xel said:

Mauro,In order to defend a network, it is first necessary to know how you can attack it.

Binarys purpose was not made known, so before getting on the "high horse", try and find out what the real issue at stake is.



Thank you Xel.

I really hate it when people jump into conclusion and start judging someone .....without even first flipping the coin on the other side....

Mauro:- for your information network penetration and testing is a major industry out there and its legit...the best form of defence is attck..so simulating an attack on our network is best way to know its weakness..i know you know this .

Again..not defending the script kiddies..but the OS, car, pc, mobile you use r they not also tools

~Sig coming soon~

(Edited by binary on 06-28-2006 08:14)

_Mauro
Maniac (V) Inmate

From:
Insane since: Jul 2005

posted posted 06-28-2006 20:46

Didn't know it, reminder: I speak french as the default...
Hence my:

quote:

I am not gonna make assumptions, had you asked about "securing a network", I'd had showed you a few things.
But "network penetration"? ... are you? yeah, -script- kidding.



Somebody said misunderstanding? I did my best to avoid making it judgemental, but had to tell the audience "hacking is bad bad bad".

Ok, soo....

The core knowledge required for this boils down to core networking (protocols, networking models and standards, rfcs, etc...)
Check the "Internet Engineering Task Force" website, it's the source: RFCs define the protocols, and theyre flaws - that's where hackers look for really interesting
things to test.

IEEE references may help too.

Good hackers will try to exploit those, low, core flaws.

Next major hint, along the lines of "give a man a fish..."
Re-ve-rs-e engineering.

Hackers have a foot in once they have managed to guess how a network is made.

And that's the core skill: don't use common subnets on wireless networks for instance, encrypt where you can, proxy and firewall where you can, etc.
Try to imagine scenarios that won't give out - any - information on a server, network, etc.

When Cyco simulates an attack, he perform the two above steps: documenting, he doesn't need.
He then sends "wrong" packets, commands, whatever, on ports he has scanned and knows are open,
and listens.

Sooner or later, the other party spits out something usable, he just has to know how to use it, and he does.


Two big factors, for a company network, help create gaps between the onion layers I like to quote:
Lack of stability of the network and...

Internet.

Java applets or ActiveX can often be wisely crafted to spy or do bad things... with recent JVM improvements, this becomes less and less true for Java,
but there is no such thing as a perfect security, but the easiest way in is the internet.

Next to it, people who numbly refuse to upgrade to SP2, for instance, expose theyre system to instabilities that Cyco could "tickle" using
the aboe mentionned strategies. In a way, an unstable system is a "call" to hackers: it will respond to some ways to tickle it,
and based on that, the black hat can guess how your network is made, and finally....

Spot the flaws.

Now you know what to look for.

_Mauro
Maniac (V) Inmate

From:
Insane since: Jul 2005

posted posted 06-29-2006 00:45

Very interesting actually... this article discusses several pros and cons
of penetration testing (bites tongue)
http://infosecuritymag.techtarget.com/articles/september00/features3.shtml

Based on the search tips from mage, specifically page 38.

These are things I observe, and some are things I "accidentally" do and use on a daily basis. Some of the quoted tools are sys admin tools,
and... once, in one of my past jobs, I had a possibility to use some web applications that replaced the functionalities of useful tools.

Like an online java compiler.
Didn't find it malicious, it was "for the job" or for my personal computer education, I was just compiling applets (dammit),
but this, and other usages of this kind, seemed to bother the security officer.

Because I had "guessed" and evaluated something he hadn't considered. Go figure... (since I can code, I actually naturaly "search" networks for
constructive tools I could build whenever I find time, querying the AD, etc..)

binary
Paranoid (IV) Inmate

From: Under the Bridge
Insane since: Nov 2002

posted posted 06-29-2006 06:48

There _Mauro was that to hard.. ....

Thank you for the info....and if you kind of remember something else that may be helpful dont be hesitate posting it

~Sig coming soon~

_Mauro
Maniac (V) Inmate

From:
Insane since: Jul 2005

posted posted 06-29-2006 08:25

You forgot to say "thank you", and exposing what I exposed above is tedious.. can fall in the wrong hands.

binary
Paranoid (IV) Inmate

From: Under the Bridge
Insane since: Nov 2002

posted posted 06-29-2006 11:39
quote:

binary said:

....Thank you for the info....






~Sig coming soon~

_Mauro
Maniac (V) Inmate

From:
Insane since: Jul 2005

posted posted 06-29-2006 12:34

Replied before coffee, *note to self* don't type a single word before coffee.



Post Reply
 
Your User Name:
Your Password:
Login Options:
 
Your Text:
Loading...
Options:


« BackwardsOnwards »

Show Forum Drop Down Menu