I may actually GPL it after I dink with it some more.  I just don't know if I want to be associated with authoring such a "tool"...

It really came about form my post a couple weeks back looking for an open relay server to use.  I started looking at scanners/testers, and they all seemed pretty lacking, so I figured I'd slap one together myself.  My goal was to do it in Perl though (since my perl-fu sucks)... but, I just find Perl to be... so... yuck.  So, after trying really hard to do it in Perl for a solid five minutes or so, I gave up and went to PHP, really just to see if it could be done.

All the other security people at my job (that can code) use Perl, and I'm always getting bashed because I script in PHP.  They keep saying how lacking it is, Perl's better, etc.  I actually gave my PHP code to one of the Perl guys and said "do this in Perl, so I can look at your code and relate."  It still looks like gibberish to me.

Which brings up another interesting topic to post... STAY TUNED!

When I took the exam a month ago, I was surprised by the number of questions dealing with:

-Snort Signatures (what does the following sig detect? which of the following sigs would you use to detect x? etc.)
-Packet Analysis
-What programs are used to do what (Loki is use for what?)
-Poor interpretation of the English language

G'luck!

Anyone get a chance to attend this?  I didn't make it in to the office early enough and missed it.  An overview would be swell!

...and wrote an SMTP open relay tester... in PHP... for no good reason.  (and it works pretty good, for only taking a couple hours to bang out.)

The moral of the story?  This post really has no relevant information.

Wow... a half million pictures of airhead teenage girls doing stupid poses in PhotoBooth from the Apple Stores.  Fun.

(Oh yeah, I work part time at an Apple store.  My comment probably isn't too off the mark.)

This probably teeters on the realm of ethical, but I have to do some testing for a scenario, and I need to detail what a spoofed email coming from an open relay looks like (headers and such).  Does anyone know of a repository of open relay servers?  Everything I've found so far is either outdataed or just leads to software to test for open relays.

If this crosses a line, feel free to delete.

Oh.  Really?  Errr... I  have to, uhh... leave the country for a while! 

Seriously though, even though InfoSec has become a "career path" and you can study at the university level for it, the classroom environment is so totally different from the real world environment.  Of course, maybe I'm biased, I barely squeaked through high school and never did the college thing, but I've worked with a lot of "just out of college" people (in many different IT areas), and when it came to real-world scenarios, they just seemed to be lost.  I even had one guy I was training get in my face and tell me, "that's not how they showed us in school!"  So, his lesson for the day was to try to fix it himself.

Now don't get me wrong, I'm not against the whole higher education thing, any knowledge is good knowledge (unless it's incorrect knowledge), but I still believe that there's no substitute for good `ol fashioned experience.  I think the fact that I started as a third shift button pusher and learned everything along the way is much more valuable that a degree that costs $120k or whatever college is going for these days.

Alright, done ranting... for now.

Step 0.1 in becoming a h4x0rzzz... practice your google-fu!   

I couldn't agree more.  I was going to post something similar to someone else's request of "how do I start?"  However, being new around here, I didn't want to come off as snobbish.  But now that someone else has said it first...

I don't think becoming a successful "hacker" or pen tester is just saying "I wanna be a hacker" and studying a few books on that subject.  To really be proficient at the art, you have to have a solid understanding of just about everything IT related.  Some 23 years ago, I wrote my first war dialer to snag... well, stuff.  Wrote it in basic on my Commodore 64.  While I did have a goal for that program, it was also a chance to learn how to interface my program with external devices and such.  Since then, I've tried to learn as much about everything as I can.

My professional career pretty much is as follows (the short, abbreviated list):  3rd Shift Button Pusher, Helpdesk/App Support, Desktop/Network Support, Server Support (Windows/Linux), LAN/WAN Administrator, WAN Manager, Security Person.

The list of technologies I've learned and studied are way too numerous to list (and surprisingly, one of the most enjoyable books I read (cover to cover) was a book on Frame Relay technology seven or eight years ago).  But you really do need an extremely well rounded skill set to do this kind of work. 

So, you kind of know about TCP/IP, and know how to use nmap.  Fantastic.  Now, go pen test this box running Linux, Apache, MySQL and PHP.  There are another handful of technologies you need to work with.

Anyway, I guess the short version of the story is, I don't believe there is a quick path to "being a hacker"...

That being said, the thing I would add to Kev's list of things to get started with would be, learn how to read packets.  Ethereal/Wireshark is also pretty indispensable for knowing what's going on under the hood.

From your description, you have a company that's using an ISP services for Web Hosting and Mail.  Their connectivity to the internet is also probably through the ISP as well, so in theory, there are two different types of targets.

Your first target is going to be the web/mail server.  This is the IP address you should receive when you whois their web server.  Most likely, their web server and mail server are on the same box (most likely in a shared hosting configuration).  Your legitimate pen testing on this box will most likely be in the app pen testing arena, but you won't be "in the company" if you can get any access.

The second target is going to be the company connection to the internet  itself.  If the company is using a standard ISP for connectivity, they probably have a DHCP assigned address, and they are just like any average home user connected to the internet.  Performing black box recon against a target like this is difficult at best.

If you are testing assets owned by an ISP, used by a 3rd party company, make sure your written agreement has verbage that addresses any concerns of the ISP in case they come hunting you down.

If you can manage read the TCP/IP Guide cover to cover, I'll be impressed!   

Hey Don!  Thank you as well for the welcome.  From what I gather, you're the keeper of this place.  Thanks for creating a nice site for ethical discussions of hacking and the like.

From what I can deduce, the ChicagoCon appears to be put on by EH-Net.  I'm actually really interested in that if there's going to be an `08 version.  I'm just next door in Iowa, so that's be a quick and easy one to get to, and I really like the event list that was posted for `07.  Do you have any news on an `08 C-Con?

Thanks for the warm welcome.  My un-desire to approach the CISSP basically comes from the fact that I looked over the material in a couple of books, and it all seemed very management/policy oriented.  Booooring!  I'm a techhead, so really digging in to policy and the like is incredibly uninteresting.  Considering the length of the exam, and the breadth of the material, it just seemed like I would have to memorize a bunch of stuff I really wouldn't use in the real everyday world.  Who knows, my company will probably require it at some point, then I'll just be screwed, I mean, urged in to taking it. 

I've used the reference vijay quoted before.  Just because the door is left open, it doesn't give you the right to come in.

Also, it's very rare that you'll "accidentally" use someone's WAP.  You have to make a conscious decision to access their network.  Again, just because the signal is there, doesn't give you the right to use it.  In that theory, having a decryption system for satellite TV is fine and dandy, because the signal just happens to be being broadcast to your location; never mind the rights of the content owners.

While it's true that users need to be responsible for the technology they use, we all know that's just not true.  No patch for human stupidity, as they say.  Again, that doesn't give you the right to utilize someone else's stuff.

So, for one, you're accessing a private network without authorization.  That's a crime, period.  Second, you may be violating the ISP's Terms of Service (and in turn, the legal customer of the ISP is violating the ToS) by having computer not owned by the customer "sharing" their network.

Now, why is it illegal?  While the intentions of some may just be to check some email or hop on mapquest because they are lost, anyone reading these forums will probably know what kind of havoc can be wreaked with a little ARP spoofing and some Man in the Middle action.  Let alone default open shares on machines and such.  So the law is there to protect the ig'nint.

Okay, getting a little too preachy for my second post here, better stop before I really bury myself. 

Ahoyhoy,

Been reading the boards here for some time, figured it was time to chime in.

I took the C|EH exam on the 20th of Dec and passed with a 74%.  Not thrilled about the score, but I was studying off of older material (and I didn't study very hard), and many of the questions I thought were very poorly worded.  There was one I went over three times, even tried drawing out the question on the dry-erase card they gave me in the exam room to try to visualize the question, just couldn't do it.

The practice exam I used (Exam Prep) really seemed like it was nowhere near what the actual exam was like.  In fact, about 10 questions in to it I remember thinking "this is nothing like the practice test!"  Again, this could have had to do with the fact that I was going off older material (probably v4, book was published March 2006).  For the most part though, I sat for the exam with my "off the street" knowledge, and just really flipped through the book and practice exam.

All that being said, I thought the exam was pretty easy.  I was a little spooked because I've read numerous posts here stating how difficult the exam is/was.  With proper experience in the industry, one shouldn't have much problem passing the exam.  I feel that my failures were mostly related to silly memorization things like "What are the two cybercrime laws that.... blah blah?"  Things like that.  Reference items you don't use on a daily basis.  Tools wise, theory wise, etc, I thought it was all pretty rudimentary. 

Anyway, as a little background.  I've been a computer fiend since about `86 or so.  A Commodore 64 was the first computer I owned, and have been hooked and tweaking ever since.  I entered the IT world about 11 years ago, and the past five have been spent strictly in the Security arena, mostly on the technical side.  Which is okay, I really don't want to take the CISSP. 

Anyway, hello!