Check out the "site:" or "inurl:" Google dorks...

+1 Chrisj

I'm really looking forward to this one....

If you're completely new to Linux, I wouldn't worry too much with shell scripting just yet. I'd spend some time with your Ubuntu distro and on the support forums over there. What I love about Ubuntu is that there is SOOOOO much support right out of the box.

When you run into problems with a piece of software, try to fix it from the command line rather than through the GUI. Also, for everyday tasks such as moving files around, blahblah...use the command line. Just like anything new, it will just take time to get used to using a brand new OS.

Once you master the basics of Linux and want to move on to more advanced uses, I'd recommend picking up either the RedHat book meant for self-study for the RHCE or a self-study book for the LPI certifications. These will give you a little more in depth information about CLI use, and you'll start to learn how to configure and use services. At this point, you'll also want to start learning about shell scripting. There are a ton of books out there, but there are also a ton of free resources online. I'd say pick a shell (bash, ksh, csh, etc) and learn it first. Usually bash is the first shell. After that, you can branch out into other shells.

You got an extra AS400 lying around?!?! 

I imagine there isn't really a "typical" road to becoming a pentester. But mine was fairly windy....

I got my Bachelor's in Sociology/Anthropology. I got out of school and within a few years realized I couldn't find a job that paid enough to cover my bills. So, I went back to school to get my Master's in Information Systems. Upon graduation I joined a Fortune 500 company in FL on their Security Operations desk. I was very fortunate in that the head of the Computer Science department at my school had close contacts at this company, so they recruited heavily from our school. I spent two years working on the security desk configuring IPSEC tunnels and changing passwords while learning how to monitor a network for anomalous behavior. It was while I was here that I soaked up as much of the basics as I could - Linux commands and operation, OSI, basic networking concepts, etc. etc.

After a couple years, I decided to move back to my home state for family reasons. I had also begun to want to do something different at that time and was really interested in finding a Unix/Linux Systems Administrator position. So, I found a small, privately held telecommunications company that was looking for a linux admin and got the job. This was a very lucky break as this company didn't have anyone with a security background and they EXPECTED everyone to go to training twice a year. I racked up most of the certifications you see in my signature there. I worked for them for almost 3 years and actually got to start doing a little pentesting at the end of my tenure there.

The company I work for now is a small, boutique security consulting firm. We do a little of everything, but I would say PCI is our 'bread and butter." Because we're small, everyone does everything. In other words, if a Web App assessment comes up and I'm the engineer on deck, I do a web app assessment even though its not really my strength. Most of what I do, though, is external and internal penetration tests. Web app assessments are probably the third most common module I do. But, we also do interview driven assessments, console audits, password policy assessments, etc. etc.

It's an incredibly fun job for the most part. There are definitely parts that aren't nearly as exciting (documentation), but the thrill of the hunt is the best part, because at the end of the day when you can show a client the impact that a risk poses, you can see that light bulb come on where they realize that they really need to fix the problem. When I was in operations, it didn't matter how hard I pushed, my manager never really got how important it was to mitigate risk. That can be very frustrating.

As far as pay goes, that will depend largely on your situation. If you're an independent consultant, your pay is determined by how well you can market yourself. Typically, I think that security folk in IT tend to be paid a little over the median income of IT fields and I think the highly technical roles like penetration tester tend to be on the high end of the security pay scale. So, you are generally compensated well, but I don't know if anyone is raking in millions of dollars from pentesting alone. Go check out salary surveys  on the web. I know Information Week just released theirs this month. You can find them in other places too, though.

Anyway, good luck with your studies/development. You've found a good place in Ethical Hacker. Stick around and ask questions, but more importantly, look around for all the nuggets that are here already.

+1 for ajohnson!!!

I appreciate your enthusiasm and wanting to know more about pentesting and ethical hacking, but ALL of your questions can be found in other threads and/or Google.


http://www.eccouncil.org/courses/certified_ethical_hacker.aspx


http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6158.0/


http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/board,23.0/

Much of what you're asking about gaining access to multiple systems depends heavily on how a system or environment is configured. If you gain access to a system (server or workstation), you might have access to more systems if say the entire environment is configured with the same username/password. It's pretty common to find that the admins use the same password for local administrator accounts, so many times if you can gain that level of access to one system you will have administrative access to pretty much any workstation and possibly server in the environment.

To answer your question about what you'll be targeting, the answer is also "it depends." When you start professionally pentesting, you will have a rules of engagement that is determined in the pre-engagement phase. If workstations are included in the scope, you can certainly attack workstations. If you're focused solely on a few systems, those will be what you focus on. Period.

About Linux:

99 out of 100 times on an engagement, if you see Linux it will be on a server. In fact, I can only remember one time when I found a workstation with Linux installed.

The bottom line is that every environment is different. Even if they're using the same technology as a previous client, it will be configured differently. That's why its so important to know the technology so well or at least be able to research and learn the technology. You have to be able to learn quickly and adapt what you know to each individual environment.

If I'm reading that correctly, you're distinguishing Windows Server from an OS?

Windows Server IS and OS. Today, you will typically see either Windows Server 2003 or Windows 2008 R2, although I see Windows Server 2000 every once in a while still. You should know these OS's very well. Additionally, I'd learn Windows XP and Windows 7 too as most of the workstations you'll be attacking will be one of these.

For Linux, you need to be at the very least moderately fluent in the commands and how the OS works. I'd argue, though, (especially if you're using Linux as an attack platform) you should be just as fluent in Linux commands as Windows.

Congrats!

If you're going to attack something, its helpful to know a thing or two about it. As a pentester, I attack a whole lot more Windows than Linux/Unix.

Another thing to keep in mind is that 1 month is not that long to be looking for a job. I know its hard to be patient when you're looking, especially while unemployed.

Keep you head up...these situations typically work themselves out with time.

Good luck!

I would argue it makes it harder to cheat. The paper based testing typically has a large number of test takers to very small number of proctors.

Every time I've taken a certification test at a testing center, I've had a camera on me the ENTIRE time I took the test. I promise its easier for me to slip some crib notes past a proctor in a room full of test takers. It would be harder for me to do the same with the camera watching.

The camera also adds some audit-ability. You can go back to the video at any time whereas once I've taken the paper-based test, you can't go back.

Additionally, those proctors are volunteer CISSP holders that proctor in order to get CLE's. The likelihood of collusion between an employee at the test taking center vs the proctors would likely not be all that dissimilar.

I would also be hesitant to start the conversation with, "Do you guys have a security team?"

That would, first of all, put me on the defensive from the get-go. Secondly, I'd probably expect to hear you say something along the lines of, "Well, if you don't, I can help you out." After disclosing a security vulnerability unsolicited, this can be construed as unethical behavior.

I'm not trying to be flippant here, but have you thought of introducing yourself?

As they say, you catch more flies with honey than vinegar...