EH-Net

Hello,

First of all my name is Kevin, aged 19 and living in Belgium - Europe.
I've studied and graduated in network management this year, yet I feel like I don't know enough yet. I'd like to specialize in security as it's in my eyes the most fascinating subject in a computer network.
Now after googling and browsing a lot to find a decent community, I found this website.
It looks like my thoughts were right, and I do have a lot to learn about this all.
Some of you (if not most of you) think 'oh no, another guy who wants to become a hacker', well you're right, I do want to become a security expert and hopefully build a career with it.

Since one has to begin somewhere, here are some first questions, if someone would want to answer them, that would be great!
1) I am currently using windows xp, I will get myself a new machine and install Ubuntu on it, is Ubuntu any good or are all distributions basically the same except the way they work?
2) Currently I have no programming skills whatsoever. I don't want to go off and start using tools that do everything for me, giving myself the idea that I'm doing great, so what language should I start with?
3) Are there any tutorials for complete beginners such as myself to start with on this website? I've been browsing in the tutorial forum earlier, but by the looks of it, it's directed to those that are already skilled in the world of hacking.

Hopefully I'll learn a lot in this community, as I'm eager to get started.

Regards,
Kevin

Hi Kevin,

Welcome to EH-Net! We're glad you decided to register and join our community and we all look forward to your continued participation :)

Congrats on graduating in network management, sounds like you're off to a very good start! Can I ask what sort of studies were included in your network management courses?

Security is not really something that would be considered 'entry-level' and you can't just jump into it as you can with other computer aspects. To become a security expert, you'll need a very well rounded and in-depth computer background. Keep in mind, there are different paths within computer security as well, but I'll keep this reply pretty general. I also am still new to the field and you'll probably get some other great advice from some of the other members that have been working in the field for some time.

Anyway, onto your questions...

1) Windows XP is perfectly fine. If you have enough RAM, or have the finances to purchase some, I would highly suggest getting a copy of VMware (or MS Virtual Server). With a Virtual Machine, you will be able to run multiple computers within a single machine. This is great for people learning security! That way you don't have to worry about having multiple physical computers, or partitioning hard drives. Ubuntu is a great place to start on Linux. The reason being is that the support community for Ubuntu is incredible. I would also recommend Fedora for beginners as well. Both of those OS's have good community and hardware support.

2) Heh.. this is just asking for an argument :) Keep in mind, it's not required to know how to program to be in security (although it can tremendously helpful). Again, this somewhat depends on what type of security you're looking towards. If you don't know it already, I would suggest starting with something easy like (X)HTML. At least knowing that,  you'll be able to understand what's going on with websites. From there, you could either go further into web, such as PHP or ASP which will give you a better understanding of how dynamic sites communicate and work with a backend database, or you could go into C which will allow you to understand most exploit code and also allow you to write your own (as many exploits are written in C). C will also give you a good base for going to other programming languages.

3) I'm not sure if we have anything like what you're looking for in a tutorial form. I'm not sure you'll really find that anywhere. What I would suggest is checking out a couple of books.. Counter Hack Reloaded, Gray Hat Hackers Handbook, and the CEH Review Guide by Michael Gregg. Each of those provides clear samples/examples of tool usage. The Hacking Exposed books are normally good references also. In addition, this entire community can provide a lot of support on specific questions you have, and most of the time will provide you with an answer. All you have to do is ask :)

I hope that helps answer your questions at least a little bit, and I'm sure others will reply soon too.

Best of luck to you :)

Welcome to our growing community. There are plenty of resources on the site for the beginner. I'll try my hand at recommending what will work for you and answering your questions:

1. Any Linux distro has the same core, so, for a beginner, it's more important to get your feet wet with any distro than to stick with Windows only. After you get comfortable, then you can branch out and find the distro that works for you. As for a great distro with hacking tools, try BackTrack.

2. Go to the /root section and read the intro to programming articles by Craig Heffner. You won't be sorry. As for what language to start with, try these threads:

Steps for The Ethical Hacker to learn programming (http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,1426.0/)

Do you need to know programming to hack? (http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,1098.0/)

There are also lots of great resources on this site if you type in "programming language" into the search box at the top of the page next to the menus.

3. As for beginning tutorials, maybe a good place to start is the Book Reviews Section (http://www.ethicalhacker.net/content/category/2/8/2/).

I think if you utilize these resources, you'll find more along the way. Also, don't be shy. Ask as many simple questions as possible. You'll find that this community is unlike any other in acceptance of newbies. We all started aomewhere, and we're all willing to help. Plus, the more you ask in a public forum, the more others after you will learn and advance their careers as well. That's why we're here.

Hope this helps,
Don

Welcome! I'll not repeat the sound advice of other, just wish you a welcome stay here. Sounds like you are ready to see just how deep the rabbit hole goes  :)

Jimbob

For your third question, I'll have to recommend Learn Security Online (http://www.learnsecurityonline.com).  I'm a regular visitor to their site, and it's run by EH Net's own Chris Gates.  (there's my obligatory plug, Chris).

Chris and Joe McCray have put together some nice references for the beginner along with some hands-on tutorials.  You'll find that quite a few of us are members of both forums.

hey thanks for the shout out!

we're trying :-)

Thank you all for the warm welcome


Well we've seen quite a lot, but not that in depth. We've made our first steps into Linux with Ubuntu, later with SUSE 10. Our teacher wasn't any good himself, so it came down to self study, just to be bollocked by that teacher. This took away a lot of our courage to continue with Linux. But I'm sure this can't be a problem :)
What we've seen in linux was DNS, mySQL, apache, vmware, ipcop, but because of the teacher we didn't see it decently. So I know what they do, and I remember some of it, but I wouldn't be able to set it up without a guide or so (which I will look up later).

On Windows platform we had an excellent teacher who taught us a lot, more than he had to. We've seen W2003 server, its functions & some applications (ISA, exchange), how to let them communicate with other computers, VPN, ...

Other than that, we've seen very basic stuff such as making network cables (not impressing but hey, it needs to be done :D), (manual) subnetting, network architectures, ...

In order to succeed, we had to make a project of our own choice, ofcourse it had to be related to networking. I did mine around DMZ's and devices in DMZ's (IDS, honeypots, ..).

Hope this answered your question.

Thank you to all the rest for the useful links, I will read the articles from Craig Heffner as soon as possible.
Learn Security Online has been added to my favourites, together with EH-Net.

Something that will make it easier for me to see the bigger picture might be making a list of things to read and to do. I'll get into that today & tomorrow.

About vmware, the cpu power isn't any problem, harddisk space will be.
Question is, do ubuntu and backtrack support dualcore cpu's trough vmware?
If not, I'll set up a pc with a singlecore cpu.

Now, on to the planning!

Good question. I'm not too sure. I just recently got my main computer back in working order and haven't gotten around to re-installing any Linux OS'es yet. I would imagine that you'd still be able to run them on a computer with a dual core whether they support it or not.

Hi bkevin,

Welcome to EH-Net.

Adding to what Bill and Don stated here, I suggest you to get into the core of TCP/IP and its associated protocol suite. Also under the programming list, you can add Perl which will always give you an upper hand.

Most distributions of Linux ship with kernels that have Symmetric Multi-Processing (SMP) support built in. The following command will tell you how many CPUs your kernel is recognizing, both physical and virtual.


If it is not displaying your dual core, you can compile and install your own kernel with SMP support enabled. Google for kernel compilation documents. This is a good link:

http://www.linuxfocus.org/English/July2002/article252.shtml (http://www.linuxfocus.org/English/July2002/article252.shtml)


Backtrack and Dual Core

Backtrack2 does support Dual Core. (Refer - http://remote-exploit.blogspot.com/2007/01/backtrack-2-new-base-design.html (http://remote-exploit.blogspot.com/2007/01/backtrack-2-new-base-design.html)) However, older versions of BT has issues booting on Dual Core machines. By default, BackTrack will use a single CPU. To attempt to use both CPU's on a dual core system, add the letter “d” to any boot parameter. For example:


would change into:



Wishing you all the best. Happy Learning.

Thanks for the guide Manu Zacharia.
Now I downloaded the latest version of Backtrack, tried to install it with VMWare server. After hassling with the resolution (which was in 640x...), I finally managed to let it install. I followed this guide: http://www.offensive-security.com/documentation/backtrack-hd-install.pdf
When it finished installing, i rebooted the virtual machine and put boot from HDD as first in the BIOS. After saving & exit, I couldn't wait to start exploring backtrack. Problem is: Backtrack won't boot at all, not from the harddisk that is.
I couldn't find any solutions trough google, so here I am, asking for advice ???
Thanks in advance :)

We're testing the final version of EH-Net's version of BackTrack 2. Our version not only has Metasploit 3 and some other enhancements not found in the current version of BT2, but it is also a stand-alone VMware Virtual Appliance. This means that you can download VMware Player, point it to our version and your running BT!!

This is a fully sanctioned version from Offensive Security put together by Mati himself.

Should be available any day now.

Hope this helps,
Don

Will there be an update on this site when this version of BT comes out, or should I be looking for it on the remote exploit site?

Let's not hijack this thread any more. I'll post some thoughts on the EH-Net - BT2 release in a new thread.

Don

Kevin,

The guide is inaccurate due to the installer program not working correctly (last I checked anyway). If you want to install it to a HD, or a virtual HD, follow my notes below. The notes are for a dual-boot configuration, so adjust accordingly if installing to a single HD (no need to partition). When copying the directories, it will take some time so be patient.

Or, you could just wait until the EH-Net version is released as it sounds like it'll be a bit easier :)

Thanks a lot Bill!

I followed your guide as much as possible. In some scenario's it was impossible to do so though.
qtparted didn't do as you described, so I removed the partitions with fdisk, since new ones are made afterwards. Creating the new ones didn't give any problems so it should be ok.
Copying, mounting and chroot worked fine, but then:
when I tried lilo -v, it gave me this:


I tried googling it but got back without any result.
Maybe I should wait for the EH-Net version of Backtrack. But then again, I will face problems in the future as well that won't be able to evade...
Dilemma ;D

Now I was thinking... is it ok to ask all these questions in an introduction thread? :D

You shouldn't need to use qtparted as you're attempting to install this in a VM as a single OS. The only time you need to use qtparted is when installing in a dual boot configuration. I'll run through it again when I have a chance tonight or tomorrow and PM you some more detailed instructions.

I got the same problem. I'll be happy to see what the answer is, because while my laptop support usb booting, it gets tiresome resetting everything each time.

bkevin: I think I managed to solve it. Go back into your lilo.conf file. You'll probably see a section that is commented so:

# Windows bootable partition config begins
other = /dev/hda1
*bunch of other stuff I don't remember*
# Windows bootable partition config ends

If you're not running a dual-boot system, you can delete that whole section. After saving and exiting, re-run lilo -v. It should complete successfully. Exit out of everything, reboot (make sure to remove usb or cd), and you'll see the lilo boot screen. I had trouble at first until I realized that if I needed to provide options, I had to type Linux (options). Hope that helps.

slag