EH-Net

Hi there

I am looking to sharpen my Pen Testing skills and my friend has kindly offered his home network to me.  I want to hack him remotely.  My concern are laws preventing this.  Can someone point me in the right direction?  Really want to find a resource which I can use in my favour for a get out of jail card.

I look forward to your posts.

1) It's helpful when you provide which country the testing is performed in, as the laws are not the same in the entire world. Some countries has very strict laws on hacking, where you can barely own a hacking tool, others prevent creation of viruses (even if they're not used), and some has very strict rules of eavesdropping / man in the middle attacks.

2) If he really owns this home network you want to hack remotely, the owner of the network and devices connected to it, must sign a real contract specifying various topics such as scope, liability, and so forth.

3) In some countries you may need to warn your ISP. Otherwise they may throttle, block or report your malicious traffic.

Final words: There's no easy way to obtain a get out of jail card, you need to have proper permission from the owner of the target network, and preferably also have permission from the ISP, and also check which countries or perhaps states your traffic passes through, because if your traffic passes through USA and you're based in e.g., UK, Germany, Spain, or whatever, then as soon as the traffic enters USA, it's under US-jurisdiction.

So, it's not just like "that", you have to be careful and do it right.


Conclusion:
You will probably learn more by installing Metasploitable in a VM on your own network and attack that, at least for starters. There's various Live CD OS's that you can sharpen your pen test skills with.

I would agree with the use of the lab.  There are a bunch of VMs out there that are used for various security tool testing.  They are relatively free and designed to be vulnerable to a particular type of attack or multiple attacks.  True they don't do 100% replacement to a realworld pen test, but they do train you in how to use the tools.

Some things you can do to simulate a more realistic site is to have your friend setup a system and not tell you anything about it.  Then either over a VPN or from his house/apartment/flat you can try to root the box and look for whatever easter eggs he left.  This way all activity is happening on your private networks.  Alternatively he could build a VM and give it to you for testing.

Though you should still check with the local laws regarding hacking.  As MaXe pointed out, they vary based on location.

A site for a great overview of diffrent vulnerable systems/apps for a pentest lab is:
http://g0tmi1k.blogspot.com/2011/03/vulnerable-by-design.html (http://g0tmi1k.blogspot.com/2011/03/vulnerable-by-design.html)

I see.  I am based in the UK and am waiting for an email response back from both ISP's i expect they get hammered with complex issues such as this one and will either go around the departments or will disappear.  Its quite a long process i know and I understand your points with regards to lab based equipment and I am familiarising myself with backtrack etc within my lab however I like to think forward and really enjoy the notion of hacking an external site purely to understand the differences, as in the additional steps which come into action.  I agree on the stance of the get out of jail free card which is way i have contacted both ISPs, if i get no response then i will have to call them.  Sounds long winded, but would be cool.  Adding an additional dimension into my studies in order to acquire another way of doing things.

I would definitely never just take the plunge when hacking is concerned.  Thanks for the tips.