Hi hitmen,

First of all welcome to the site. I would say please you the search function on the site as this question has been asked many times and there are many good answer to it.

Well done on passing the CCNA this is a good start to learning to become a Ethical Hacker. However your journey has only started I am afraid to say working as Penetration tester is not a easy task and takes many years to be at a level where you can be self employed.

The best way to get experience is set up your own Lab where you can try news tools and practice then maybe try get a job as Junior Penetration tester where a company will be willing to train you more.

If you have money there are lots security courses online that will help your get expierence OSWP,OSCP and Hackingdojo to name a few.

I would also say being a Ethical hacker is a full time job there is so much to learn and in order to get work you have to try keep ahead of the game. If you only trying to do it for bit extra cash I would not recommended wasting your time and stick to setting up networks. 

lol Nice.  Totally saving that.

Pays to know variations of commands. Never know when you may be stuck and unable to use a specific command. This is very true if you ever run into something like Tru64, TrustedSol, SunOS and Solaris pre 8.

Also helps to understand as many commands as possible and the chaining of those commands in the event you're in a situation where you don't have a tool or the ability to install a tool (perhaps HIDS is in place).

E.g., let's assume I needed to do some recon/fingerprinting/bruteforce guessing to check hostnames in a domain. I have zero tools to work with other than whatever commands are available to me on a Linux system. What would I use?

Well, I could use the dictionary file, perhaps try something like:


So I'd have a pretty long list of potential hostnames to check against. t would be pretty ugly and long not to mention noisy. But in practice, I could make:


And there you have it, an instamagic bruteforce hostname finder from scratch. So another practical use for one liners in a McGuyver like environment? How about: GoogleSets + Links + awk



Same applies for scanning when a scanner is not an option:

$BSDs (free/open/etc)


$Linux


For kicks and giggles, you could hide a vast majority of crap in plain sight as an SSL cert

Stringing commands together like this is something that was just brought to light for me during a recent HackingDojo class.  Once you start diving into it, it's really amazing what you can do.

Thanks for those examples, sil.  Some more commands for me to analyze and learn

To bring us back to the original question, I could use a little clarification. What do you mean by "site where one can hack for profit legally?"

There are plenty on which to practice, but the profit part throws me. Makes me think we're getting close to the unEthical Hacker side of things.

Don

I was thinking the same thing. Something like a Hacker version of Rent a Coder

I'm working as a Network Engineer. It's paying me good too. 75% of my time is spent configuring VPN tunnels via the CLI and making ACL changes the same way. I'm supposed to take on some web app scanning in the future, after we get the new server built. Not sure why us, but we're the ones that do it.

Anyway, that's with an expired CCNA and no need to get any more Cisco Certs. Not that I don't plan on studying. I also want to get some firewalls for my lab to practice the IPSEC VPN tunnel configs for other devices.

My point is: Don't have to hack to be involved in security.