HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 39 guests and 1 member online
 
Advertisement

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Compliance, Regulations & Standardsarrow Hacking friends network
EH-Net
May 23, 2013, 04:13:53 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Hacking friends network  (Read 6231 times)
0 Members and 1 Guest are viewing this topic.
delusion
Newbie
*
Offline Offline

Posts: 49



View Profile
« on: January 11, 2012, 04:01:01 PM »
Hi there

I am looking to sharpen my Pen Testing skills and my friend has kindly offered his home network to me.  I want to hack him remotely.  My concern are laws preventing this.  Can someone point me in the right direction?  Really want to find a resource which I can use in my favour for a get out of jail card.

I look forward to your posts.
Logged
You Cant Resolve Problems Whilst At WAR!
MaXe
Hero Member
*****
Offline Offline

Posts: 669


I've just upgraded myself to a cyborg muahahaa!!1


View Profile WWW
« Reply #1 on: January 11, 2012, 04:37:42 PM »
1) It's helpful when you provide which country the testing is performed in, as the laws are not the same in the entire world. Some countries has very strict laws on hacking, where you can barely own a hacking tool, others prevent creation of viruses (even if they're not used), and some has very strict rules of eavesdropping / man in the middle attacks.

2) If he really owns this home network you want to hack remotely, the owner of the network and devices connected to it, must sign a real contract specifying various topics such as scope, liability, and so forth.

3) In some countries you may need to warn your ISP. Otherwise they may throttle, block or report your malicious traffic.

Final words: There's no easy way to obtain a get out of jail card, you need to have proper permission from the owner of the target network, and preferably also have permission from the ISP, and also check which countries or perhaps states your traffic passes through, because if your traffic passes through USA and you're based in e.g., UK, Germany, Spain, or whatever, then as soon as the traffic enters USA, it's under US-jurisdiction.

So, it's not just like "that", you have to be careful and do it right.


Conclusion:
You will probably learn more by installing Metasploitable in a VM on your own network and attack that, at least for starters. There's various Live CD OS's that you can sharpen your pen test skills with.
Logged
I'm an InterN0T'er
3xban
Hero Member
*****
Offline Offline

Posts: 608


View Profile WWW
« Reply #2 on: January 12, 2012, 12:18:18 PM »
I would agree with the use of the lab.  There are a bunch of VMs out there that are used for various security tool testing.  They are relatively free and designed to be vulnerable to a particular type of attack or multiple attacks.  True they don't do 100% replacement to a realworld pen test, but they do train you in how to use the tools.

Some things you can do to simulate a more realistic site is to have your friend setup a system and not tell you anything about it.  Then either over a VPN or from his house/apartment/flat you can try to root the box and look for whatever easter eggs he left.  This way all activity is happening on your private networks.  Alternatively he could build a VM and give it to you for testing.

Though you should still check with the local laws regarding hacking.  As MaXe pointed out, they vary based on location.
Logged
Certs: GCWN
(@)Dewser
gromic
Newbie
*
Offline Offline

Posts: 38



View Profile
« Reply #3 on: January 12, 2012, 12:33:55 PM »
A site for a great overview of diffrent vulnerable systems/apps for a pentest lab is:
http://g0tmi1k.blogspot.com/2011/03/vulnerable-by-design.html
Logged
Thinking .... Please Wait...
delusion
Newbie
*
Offline Offline

Posts: 49



View Profile
« Reply #4 on: January 17, 2012, 10:54:24 AM »
I see.  I am based in the UK and am waiting for an email response back from both ISP's i expect they get hammered with complex issues such as this one and will either go around the departments or will disappear.  Its quite a long process i know and I understand your points with regards to lab based equipment and I am familiarising myself with backtrack etc within my lab however I like to think forward and really enjoy the notion of hacking an external site purely to understand the differences, as in the additional steps which come into action.  I agree on the stance of the get out of jail free card which is way i have contacted both ISPs, if i get no response then i will have to call them.  Sounds long winded, but would be cool.  Adding an additional dimension into my studies in order to acquire another way of doing things.

I would definitely never just take the plunge when hacking is concerned.  Thanks for the tips.
Logged
You Cant Resolve Problems Whilst At WAR!
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.077 seconds with 22 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.