EH-Net

Hi, I've been reading a lot about hacking/security and now I would like to get some real experience, since I don't want to hack other peoples computers I was hoping for some wargame, or maybe set up a hacklab at home.

So the questions are:

1. Do you know any good active wargames?

2. What software, operating systems etc. should I install in a hacklab?

I'm surprised Chris hasn't jumped at this one yet, so I'll point you in that direction in the meantime :)

Have a look at LSO - Learn Security Online at learnsecurityonline.com (http://www.learnsecurityonline.com). They host some wargames.

As for setting up a lab, you'll need (at the least) a victim computer and an attacker computer. Just think of what you'd be attacking in the real world, and what you'd use to do that, and you should have your answer. I'd recommend at least a Windows client, Windows Server, and a couple of various linux distributions.

Definately check out LSO, from time to time they will have rootwars open to the public, and chock full of knowledgable people.  Also leverage the ability of vitual environments to create a varied and large network.

Provided you have the requisite ram with two "victim" machines, the possibilities for different OSes are staggering. 

However there is so much more to infosec then pentrating a network.  Take some time to work on enumerating networks, and getting to figure out all the information that is out there...google google google ;)

Thanks for your answers, I've checked out LSO and subscribed to their newsletter and it seems like a good site, but I'll also see if I can set up some kind of hacklab. Or secretly use the schools network  ;)

*ahem* ethicalhacker.net *ahem*

Using someone else's machines for you hacklab is a big no-no. Of course, I'm sure you were just joking ;)

Jimbob

dannioni,

If you don't have the resources to set up your own lab, or even if you do, check out these sites:

www.hackthissite.org --> lots of challenges including web app, application/crackme's, coding, logic, etc...

www.rootthisbox.org -->various boxes contributed by members to hack.

www.smashthestack.org --> high quality challenges including reversing, overflows. etc...

and of course the LSO root wars.

Cheers,
Dean

jimbob, of course I was joking, if not i would have joined blackhat.net  ;)! And thank you, dean for the links.

OHHH man I forgot completely about rootthisbox!
dang thanks for reminding me.
But yeah just grab a cheapo wireless router and a creapo computer with XP on it (because, honestly, most all people use XP, if they use linux the only thing you are going to steal are hack tools to get into XP :P)

telent 74.95.90.171

user: level1
pass:level1

try this one.. pretty good wargame

That's already been posted... the IP belongs to Learn Security Online.

just tried this one,

telnet connection is timing out and traceroute is showing fairly horrible latency.

Is this part of the challenge or am I doing something wrong?

have anyone passed level4?

yes

got a specific question

If you are into this as a career, and will be doing this professionally I suggest that you invest your time in having a virtual machine setup with both Linux, and windows, you will use this later to test expliots, and penetation techniques, and this will be your safe haven not breaking any laws, or inviting bad people to your machine while you have not gained enough skills to secure your self yet. check de-ice.net pen-test live cds, and there is a course covering it in http://heorot.net/livecds/, also they are some free videos will be available soon as they promise. other than that offensive security do set up a virtual lab as well as sans if you take ondemand courses. the bottom line if you create your own lab it is a skill investment by itself