And so spoke the god of hacking! Actually you don’t need to repeat it again and in fact you would do everyone a favor not to because it’s not true.  How much bad information can one person give in a single thread?  Accessing critical data might be the end result of a pentest, but not always. Many times just gaining a foothold on the network and planting a flag is all a company may allow in a blackbox test. That alone should have not happened and its enough to display vulnerability.  If doing a pentest from inside the network, collecting critical data might be part of the information gathering process before the hack like sniffing out a password, that is if you consider a password sensitive or critical data. But neither are the hack itself.  Not even in a BlackHat hack is it always the objective. Sometimes the hack is done just to snoop around out of curiosity. Sometimes the hack is done to do something malicious like wipe out a hard drive. With your narrow definition I could say anytime I turn on my computer and access critical data I just hacked it!  If I go in and put a gun to the head of the Admin and force him to turn on his box and access data , I guess I just hacked it?  Hacking as defined by the majority is gaining unauthorized access to a computer or network via another computer. 

You have got to be kidding me.  This thread has turned into the geek version of "tastes great! Less filling!"  and Ginger versus Mary Ann.  Cerberus, the straight answer is that the information security field is still really young, and there is no standard way that folks tend to get involved.  Some people are going to start from the OSI model approach and move into the tools, some folks are going to start from the tools and move into the OSI model.  To be worthwhile you are going to have to be able to do both.  If you get stuck on the OSI side of the house then you are probably not going to understand how to actually carry out or defend against an attack.  If you get stuck using just the tools then you are a scriptkiddie who is completely dependent on other people to make your tools, and if you can't find the perfect tool for a situation then you're stuck.  Try this approach:  If you are already in the OSI mindset (like most students, sys admins, etc) then go on bugtraq and lookup the most common attacks against the systems you are familiar with.  Since you are already familiar with your systems then you should be able to understand what the exploit is doing to break your stuff.  The next step is to research the tools that use that exploit in order to attack your system.  Keep doing that and you'll start to pickup a good understanding of the exploits and the tools.  If you are already on the tools side of the house, then just go the opposite direction.  If you're using nessus, take the time to actually read the reports, follow the links, and understand what the vulnerabilities are that it is finding.  If you're throwing around nmap then read the man page and every time you see a networking/protocol term that you're not familiar with, go research it.  If you're into metasploit then take 10 minutes to bring up the code of the exploit you are about to fire off.  You're probably not going to be able to make heads or tails of it, so take a couple of days to familiarize yourself with some coding.  You'll eventually have to get to this point if you are going to want to write some of your own toys, which is starting to become necessary to avoid mature IDS/IPS systems.  By the time you work through these steps you'll start to be able to figure out where you want to go next.  Before long you'll realize that each of these areas is an enormous field of study by itself, which is why most "super hackers" actually focus in one area at a time. 

Gotta throw in my two cents.  If you want to learn how to be the best at something, start with the BASICS.  If you want to know how to drive a car, you need to know how to start it first.  This is not to say that you need to know every detail at first, but to actually drive the car, you need to know some basic things.  When you start learning about how cars drive and how the engine works and all, you can actually drive better because you have studied it.  This is with ANY FIELD!

If you don't start with the basics, you won't be very good in the long run.

My suggestion, take a networking class at a local community college.  Read about how to make virtual machines so that you can practice.

I thought the proper use of all threads was to troll and flame.  On that note:

You all suck.  If it was physically possible you would suck and blow at the same time.

I'm pretty cool.  In fact, one time I got two gold stars on my drawing of Elmo.

Since don has the power to kill my account, he's tolerable... but just barely I guess.

 

Thanks. Hey but dont blame me for how this thread went,LOL!  Just kidding.
Eh-net is a small community or family if you like,  of contributors. Just like in any family there is going to be some butting of heads now and again. Not really a bad thing once in a while to stir up some passionate debate. Hey, its all good.

Ok, I'm trying to figure out where this thread went off the rails, and I just can't.  From my point of view I saw people getting very heated over the "OSI to tools" versus "tools to OSI" model, and both are perfectly valid paths to take.  That is why I made my "tastes great, less filling" comment.  Did I touch a nerve somewhere?