EH-Net

I have been a computer user most of my life and know my way around windows and ubuntu. I know my way around desktop pc hardware but have no hacking or programming experience. I just started school and am planning on taking CIS classes in hopes of later becoming a network security admin and penetration tester as well as a comp hardware technician. Recently my financial aid was dropped because I didn't renew my fafsa and now I have 5 months of nothing to do as I am an unemployed felon (lol)
Now I've discovered several different courses of action in the last week as I have decided to go the way of working towards dynamic studies towards certification. I am considering CompTIA A+ because I've heard its a good place to start for someone with no experience in the field. However, I've also checked out Career Academy (which teaches CompTIA course) as well as elearn security and Hacking DOJO. I heard that CEH certification is not as thorough and deep rooted and is more the understanding of how to use specific tools. I want a full and thorough understanding for when the government takes over the internet XD

So my questions:

Where is the best place to start for a beginner like myself?

If CompTIA A+ is the best route, would I go with the CompTIA site's A+ courses or Career Academy's A+ courses?

I have a good number of reading material on the subject but as I have nothing to do for the next 5 months, I wouldn't mind spending my money where I have actual instructors and labs for which to get support and experiment with. Any other suggestions would be very appreciated. Thanks! :)

Welcome to the forum.

This is actually a pretty common question on the forum, so common infact that there are pinned topics in the Pentester section. You'll probably find the answer to your questions there.

As for labs. Some classes will let you use there lab for a fixed amount of time, or you could build your own. Building your own lab will give you some extra skills, like running VMWare, and system installation of different kinds.

You'll want programming skills too. They make some good network simulators that will work for what you want to do, or you could hit up ebay and buy used equipment.

I actually have VMware on my windows 7 boot. I'm running a windows/ubuntu x64 dual. I have been looking at CompTIA.org with their elearning bundles but I've also seen careeracademy and learnkey are viable options. Any suggestions or preferences? I'll likely be teaching myself python as I go seeing as how I have pretty much limitless time on my hands.

If you can afford it, take a look at courses offered by InfoSec Institute (http://www.infosecinstitute.com). Their basic Ethical Hacking course goes through some of the most important basics and offers enough hands-on practice to get your hands dirty. If you can't take the live course, you could opt for the online version, which is a recorded version of a live training. The course also prepares for both CEH and CPT.

I already checked out InfoSec and they are way too expensive. I'm taking TestOut's 7-day free trial and I got the CBT Nuggets 2009 A+ videos. Do you think TestOut + CBT Nugs will be sufficient? I'm teaching myself out of my house, just taking mad notes and reviewing everything. I have a good knowledge of hardware and software installation and operating systems.

To add to my recommendation above, get a copy of Dissecting the Hack: The F0rb1dd3n Network by Jayson Street, Brian Baskin, and Kent Nabors.

I got a copy the other week and have been reading it. It's pretty good, broken up in to a story section that gives you an idea of the tools are used, and the STARS (Security Threats Are Real) section that goes a little more indepth on the tools and tricks used in the story.

The book won't make you a hacker overnight, but it will give you some ideas of things to look at and play with.

Don't forget about metasploitable. If you don't have a lab, it'll definitely help beginners.

Thanks for the metasploitable recommendation, that looks like a great tool to use to learn metasploit (which is currently on my list of things to do :)).

Your welcome. I don't know why someone hasn't already done this but I think it might be a very good opportunity for someone to open a site that would let security students vpn into a lab with a whole bunch of vulnerable machines. Sorta like what muts does with the OSCP course. You could have deepfreeze on the machines and they would reboot every hour, wiping out all the pwnage. You could even have contests to see how many machines you can compromise before the hour is up.

Stay tuned. Something very much like what you describe is in the works, and we hope to have exactly such an environment available in the near future. When we have the beta environment nailed down, we'll be pinging the EH netters to test it out, so get your l337 h4X0r Sk1ll2 warmed up.

Check out http://www.hacking-lab.com/events/swiss-cyber-storm-3-cargame-challenge.html.  They have competitions running for hacking their systems.  Currently not doing it to win the car, just gain experience!

So I've finally gotten around to setting up some VM's (using VMWare Player), went to download Metasploitable and I can't seem to find a link that works.  Initially started here (http://blog.metasploit.com/2010/05/introducing-metasploitable.html) and found that the "torrent" link doesn't work anymore.  I tried a few searches around metasploit.com with no luck either.  Anybody know of a good link to download from?

There is a a link here http://www.metasploit.com/learn-more/how-do-i-use-it/test-lab.jsp (http://www.metasploit.com/learn-more/how-do-i-use-it/test-lab.jsp) This show how to setup a lab http://www.securityaegis.com/pentest-lab-web-application-edition/ (http://www.securityaegis.com/pentest-lab-web-application-edition/)

If you need any help let me know as I was at same stage you are around 6 months ago send me a PM

Awesome, thanks Jamie :)

So I think I'll check out the books you all suggested and the metasploit thing. I consider myself pretty apt with computers. Though I have no real programming knowledge, I figure I'll be starting with A+ which is more in my familiarity zone. I can upgrading and install hardware/software on windows no problem and have basic understanding of networking and troubleshooting so I think I'll just hit the books instead of fork out the cash for a fast track certification.

I am new to Metasploitable. I was wondering how to connect Metasploitable running in VIrtualbox on to an external machine  ( Linux Ubunto 10.04) through a LAN?
How do I connect Metasploitable to a LAN??