HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 99 guests and 1 member online
EH-Net News Feeds
Latest Additions
 
Advertisement

You are here: Home arrow Forum arrow Ethical Hacking Discussions and Related Certificationsarrow Compliance, Regulations & Standardsarrow Hacking friends network
EH-Net
May 26, 2012, 09:04:21 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Advertise on EH-Net!! - Reasonable Rates, Highly Targeted Audience.
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Hacking friends network  (Read 3301 times)
0 Members and 1 Guest are viewing this topic.
delusion
Newbie
*
Offline Offline

Posts: 49



View Profile
« on: January 11, 2012, 04:01:01 PM »
Hi there

I am looking to sharpen my Pen Testing skills and my friend has kindly offered his home network to me.  I want to hack him remotely.  My concern are laws preventing this.  Can someone point me in the right direction?  Really want to find a resource which I can use in my favour for a get out of jail card.

I look forward to your posts.
Logged
You Cant Resolve Problems Whilst At WAR!
MaXe
Hero Member
*****
Offline Offline

Posts: 507


I've just upgraded myself to a cyborg muahahaa!!1


View Profile WWW
« Reply #1 on: January 11, 2012, 04:37:42 PM »
1) It's helpful when you provide which country the testing is performed in, as the laws are not the same in the entire world. Some countries has very strict laws on hacking, where you can barely own a hacking tool, others prevent creation of viruses (even if they're not used), and some has very strict rules of eavesdropping / man in the middle attacks.

2) If he really owns this home network you want to hack remotely, the owner of the network and devices connected to it, must sign a real contract specifying various topics such as scope, liability, and so forth.

3) In some countries you may need to warn your ISP. Otherwise they may throttle, block or report your malicious traffic.

Final words: There's no easy way to obtain a get out of jail card, you need to have proper permission from the owner of the target network, and preferably also have permission from the ISP, and also check which countries or perhaps states your traffic passes through, because if your traffic passes through USA and you're based in e.g., UK, Germany, Spain, or whatever, then as soon as the traffic enters USA, it's under US-jurisdiction.

So, it's not just like "that", you have to be careful and do it right.


Conclusion:
You will probably learn more by installing Metasploitable in a VM on your own network and attack that, at least for starters. There's various Live CD OS's that you can sharpen your pen test skills with.
Logged
I'm an InterN0T'er
3xban
Sr. Member
****
Offline Offline

Posts: 373


View Profile
« Reply #2 on: January 12, 2012, 12:18:18 PM »
I would agree with the use of the lab.  There are a bunch of VMs out there that are used for various security tool testing.  They are relatively free and designed to be vulnerable to a particular type of attack or multiple attacks.  True they don't do 100% replacement to a realworld pen test, but they do train you in how to use the tools.

Some things you can do to simulate a more realistic site is to have your friend setup a system and not tell you anything about it.  Then either over a VPN or from his house/apartment/flat you can try to root the box and look for whatever easter eggs he left.  This way all activity is happening on your private networks.  Alternatively he could build a VM and give it to you for testing.

Though you should still check with the local laws regarding hacking.  As MaXe pointed out, they vary based on location.
Logged
Certs: GCWN
gromic
Newbie
*
Offline Offline

Posts: 35



View Profile
« Reply #3 on: January 12, 2012, 12:33:55 PM »
A site for a great overview of diffrent vulnerable systems/apps for a pentest lab is:
http://g0tmi1k.blogspot.com/2011/03/vulnerable-by-design.html
Logged
Thinking .... Please Wait...

eCPPT (in process)
delusion
Newbie
*
Offline Offline

Posts: 49



View Profile
« Reply #4 on: January 17, 2012, 10:54:24 AM »
I see.  I am based in the UK and am waiting for an email response back from both ISP's i expect they get hammered with complex issues such as this one and will either go around the departments or will disappear.  Its quite a long process i know and I understand your points with regards to lab based equipment and I am familiarising myself with backtrack etc within my lab however I like to think forward and really enjoy the notion of hacking an external site purely to understand the differences, as in the additional steps which come into action.  I agree on the stance of the get out of jail free card which is way i have contacted both ISPs, if i get no response then i will have to call them.  Sounds long winded, but would be cool.  Adding an additional dimension into my studies in order to acquire another way of doing things.

I would definitely never just take the plunge when hacking is concerned.  Thanks for the tips.
Logged
You Cant Resolve Problems Whilst At WAR!
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.16 | SMF © 2011, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.115 seconds with 22 queries.
 

gk_static-ad_feb2012.jpg
Global Knowledge: Build Security Skills to Protect & Defend

els_130x200fixed2.gif
eLearnSecurity Student Course Now Live!
5% Off with Code
ELS-EH-5

SANS Deals 4 EH-Netters
$150 OFF Any SANS Course in Any Format!
Coupon Code: EHN_Connect Including SANS Security West 2012 & SANSFIRE 2012
Recent Forum Topics

cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!

Vote For EH-Net

Add to Technorati Favorites
technorati fave

 
         
Advertisement

© 2012 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.