Shawal,


Nice tip, haven't come across that one before. One more for the toolbox

Already completed

if anyone hasn't at least checked 'el reg' I'd recommend it.

As for BoFH, much as I look forward to my Fridays, the early years were far better

just tried this one,

telnet connection is timing out and traceroute is showing fairly horrible latency.

Is this part of the challenge or am I doing something wrong?

Cheers for the link Manu sounds good.

Don't think my network likes it at the minute though, it's taking a pounding 500kBps

Can anyone translate this to English?

One word: nice

 

Makes you think,

I'm not sure computing has really changed the process of growing up, but it has definitely shifted the power balance between parents and kids where parents aren't 'down' with the new technology.

One of my first 'hacks' was to regain access to Doom when I was 8. My Dad had deleted the icon from the desktop, so I spent all weekend learning DOS so I could get back to my game.

Problem is most kids these days can use technology better than there parents, therefore the parents struggle to keep safeguards around the home network. Unfortunately I do not think this situation will change in the gerenarl populace for a long period of time, if ever (present company excluded )

Hack_80,

hadn't thought about the method Brian suggested. If it does work I'd suggest disabling (or at least changing) the SNMP community with right access as you can definitely have some 'fun' via this route.

Brian,

I'm unable to make ChicagoCon (Wrong side of the pond). Do you know if you talk/slides or anyother from the event will be available online for us unfortunate people that cannot make it?

I've looked at Cain&Able before but haven't had reason/knowledge to use it in the realworld, might need to give it another look now.

I'm in the Windows and Linux crowd,

forced to use Windows via company policy/infrastructure, but have a laptop running Linux on my desk permenantly for those 'Windows can't do it moments'.

It's been a life-saver as it's difficult to deal with user issues if you can't use the same kit as them.

No point being an ace motor mechanic if all you clients ride push bikes

hack_80,

depends how much information you can get. If you have a copy of the current config then you may be able to crack the password hash depending on the encryption used/IOS version, of course you may be able to just read the password in plaintext depending on config commands also.

Failing that, as far as I know it's password reset time, which will definitely interrupt the service and depending on model (I'm not familiar with the 3500 series) may wipe the config.

Hopefully you can get more specific info from someone with hands on experience of the 3560.

Guys,

sounded like this could have been interesting if it was done right. Being the wrong side of the pond to see this, did anyone catch it and is it worth trying to get a hold of?

BigTone82,

first off welcome to the forum.

Only thing I'd add to the list is that before you get any of the things previously listed you need one thing, patience.

From my experience it take a lot of time and a lot more work to be an 'ethical hacker'. I've been around IT and security for a while and don't come close to what I'd class as a hacker (leaving the holy-wars out of it  ) but I'm learning fast, have the ethical part and I'm still here wanting to improve.

As others have said learning the basics first helps (TCP/IP etc.) but don't expect to learn everything instantly. Most importantly though if you want to remain interested in the field for the long game, ignore all the advice here and study whatever makes you go 'ooooh, hows that work?' be it IDS, shellcode, scanning, etc. I found this has helped keep up motivation to learn through the 'do I really need this?' moments.

If you dive in wherever you're most motivated you'll find the basics come through time as and when you need them. (at least I'm finding that).

Good luck, and don't be afraid to ask the questions when necessary (just ask google first  )

Thanks for links pseud0,

managed to miss those stories event though I frequently visit the sources, must have been a busy day at work.

As Manu said, as long as humans are involved there will be weaknesses, and where there are weaknesses they'll be people trying to take advantage, that should be where we come in....

cheers for all the responses, hasn't helped me feel any more confident but knowing others have been through the process and still had positive outcomes should help my nerves

I would love to get to Hacker Halted and other cons but being stuck the other side of the pond makes travel and costs a bit prohibitive. Think my best bet is to try to get to one of the European SANs events events, aiming for the 504 course as a training for the GCIH. Might have to wait till next year to get the funds together though

I think that about sums up the arguements from my perspective.