EH-Net

Hello my freinds  i really love this forum becuase i alway got useful info here and thank you all.

frist of all, i wanna say im not new in hacking world i had some pentest experience i can use back track metasploit and many other tools and im familiar with many concepts and so on.

But as im addicted to hack!!!! i wanna start studying it so seriously   and i know i must build a hacking lab so i bought VMware Workstation 8 (i know i can use Virtual box for free but i love Vmware its better) and i download Backtrack 5 R2 Gnome i installed to A VM and a windows Xp VM also so do i need anything more for my lab?

i need some hacking scenario for exercises i googled it but i couldnt find some efficient scenarios dose anybody has them?

Thanks again Take care!!

http://g0tmi1k.blogspot.com/2011/03/vulnerable-by-design.html

ok thankx and what about my hacking lab is it efficient?

Thanks.Great blog all newbies or serious security guru's shd read the link.
Cool mate.

@ cyber.spirit,
My candidy advise is read google hacking and pen test by Johnny Long,
any security officer needs this book.You will found millions of hacking scenarios
and above all you will be equip with billions of search codes.I was shocked how
the guy come up with such book.After reading the book you  will attempt to know how
to hack with other search engines like msn,yahoo,bing etc.Give it a try u loose nothing.
Good luck.

thank you both Magxtopher and sil that blog is really greate iDK who creates that its pretty well.

magxtopher, google hacking and pen test? Really? But i thought hacking with search engines is useless coz you cant choose ur target
u must select one of results anyway thanks again and i'll buy that book if its not free.

Cyber.Spirt:

You might also want to check out Thomas Wilhelm (aka Grendel)'s book
http://www.amazon.com/Professional-Penetration-Testing-Creating-Learning/dp/1597494259

There are some other good things on hacking lab design of the forum if you look. Jaddix and Laz3r (I think) had a good couple posts a few years ago.

You can't hack if you don't have information. You can get information passively or actively.

Yes chrisj i already know without Footprinting  i cant hack, and i can find info passively and sometimes actively. But if u used google hacking i may know in this type of attack u must use some Google dorks and choose a vulnerable  site from results and go further but my problem is i wanna choose the target by myself not useing the Google's results thats why i think its useless IDK maybe Im wrong.

and thank you for that book i guess its a greate book, and plese tell me is my lab efficient? do i need anything else for that? and which SP of windows XP is good for my lab


thanks again

As for the google stuff, treat it as if it's out of scope. :)

I was reading Basics of Hacking and Penetration Testing, or was it in the elearn security documents, last week, I can't remember. Pretty sure that was where I came across, get the lowest SP version you can find. It'll have more stuff for you to exploit. Doesn't mean newer ones won't have stuff to exploit but you'll get more bang for your training doing the oldest. Of course, if your system will handle it, do all service packs and see how each do.

Check out the "site:" or "inurl:" Google dorks...

Ok thank you all
chrisj what do you think if i'll buy the complete package of Professional Penetration Testing Creating And Operating A Formal Hacking. i think its expensive but as i said im addicted to hack and i dont care !!!! so what is ur opinion???

can you give me an example ZIGGY??

As author of the aforementioned book, I strongly support your purchase it.

 :D

Sure.

Say you're assessing a site for abc.com, and you want to look for sql dumps carelessly left on their webservers...go to Google and search for the following:

filetype:"sql" site:abc.com

As long as Google has indexed it, you're in business...

Really? but its look like that book which u introduced me its not a book only its a DVD Package.

Thanks Ziggy Now, I like Google hacking its useful but as you said As long as Google has indexed it, you're in business..

Complete package? the amazon link is a book with a dvd in it. Like amazon said it's a class room in a book

What is that exactly? what kind of class room?

g0tmi1k site is great I would say try the de-ice disk also try build your own this allow you to make your own scenario and also help other like yourself who trying to find scenario based vm to attack. You could also buy some hardware like Cisco kit set up some vlan and try other stuff like vlan hopping.

but by far best resource is g0tm1iks website it has all the boot to roots out there

As in the setup of the material is like taking a class.  Grendel starts off with some background around pen testing, along with methodologies and such. Then you get labs at the end of chapters with different types of scenarios.  The DVD contains a bunch of Live ISOs (De-ICE CDs), along with some other exploitable VMs.  There is also a chapter on setting up the lab (primarily virtual).

The book is designed to give you a taste of pen testing while also going over the business end of it.  Developing scope and such of the job.  After all, it isn't all about the hack, you need to be able to sell the need for the pen test and provide quality feedback to the customer when you are done.

Eventually you will want a decent replica of an enterprise environment for your lab.  Throw in some routers a firewall and maybe even some security devices to try and bypass or hide from.  After all that is what you will face on a real job.

Enjoy and good luck!

WooooOOOOooooW

3xban thank i think its so great i'll purchase it so soon.

thank you all i bought that class room and its greaaaaaaaaaaaaaaaatttt!!!!

Hi  Cyber spirit,
I am 100% newbie thatz security.
As for google hacking for pen tester.
Newbie needs it because for you to reach
your target u need to know the basics which the
book already explain like website address,email address
etc.You can as well check out this book-the basic hacking and
penetration testing(ethical hacking and penetration testing made
easy)by Patrick Engebretson.Plz recommend good hacking books for
newbies.I wanna study,men
Cyber spirit i like reading your blogs because your serious in this
business.kudos!Can you contact me at magxtopher@gmail.com?
Magxtopher.

Hi dear magxtopher
First i want to say welcome to this amazing forum i hope u enjoy of it.So if your completely newbie in security i recommend you to get some books:

1- Hacker high school(its a collection of 13 books)
www.hackerhighschool.org

2- The hacker's Underground Handbook
www.amazon.com/gp/aw/d/1451550189/ref=redir_mdp_mobile

I suggest you to learn html and perl too. As i asked above you need to create a hacking lab. So you must learn a little bit of Virtualization too

Man thank u so much for following my blogs i hope i can be useful here
Good luck