Thanks everybody, I feel that with every post I'm closer to my dream..

I just have a few doubts to clear:


@ajohnson

Thanks, I will look into that. Do you know any sites where I can buy cheap books without a credit card?

@ziggy

Sorry, for the confusion created....From the posts, I'm guessing that the Operating systems that you mentioned are the MOST common ones I will be encountering as a pen-tester. So, I'm guessing that I will be attacking Server operating systems, not individual workstations/desktops? I know this will probably sound dumb but can Linux be used as a server OS?

Additionally, it seems as if I may have to keep up to date and I will probably have to learn Windows 8 when it comes out(If it becomes popular)

Oh and one more doubt: Can I access a workstation after gaining access into the server OS?

Thanks for sharing your wisdom   

@unicityd

I have a 2 questions regarding study of contents:

Which is the best chronological order for learning about the following:

I) OSI and its working, Programming, networking, database management?

II) Why do I have to learn database management? I think you recommended that I have to learn basic SQL commands?


Ouch, so, there's no way to go into the Infosec field directly?
I also read that the C|EH requires 2 yrs minimum experience in Information Security....Is there no way to write it directly? And if there's no way to do that what networking position would you recommend?

Thanks for mentioning those references:

Could you please also mention an additional reference for network mapping?

As for writing exploits, which programming languages would you recommend? Please give a list. I know you recommended starting with Python and then proceeding. But, could you give me a list of all the programming languages  a good pen-tester should know?


I'm not interested in web application related attacks that much....I wanted to learn those too but I don't know anything except for HTML and it looks like I have already loads to do at the moment.....(But, I can bear that cause I'm pretty interested in those stuff like networking)

Thanks yet again     

You could always buy a pre-paid card to use if you don't have a credit card. Otherwise. half.com is an eBay company, so they may accept PayPal (and any of the payment methods they support).

@ajohnson

                   Thanks. I checked out half.com and it looks pretty good.
Which do you think would be cheaper? Half.com or the used books on Amazon? (No, I don't mean the one's in really bad condition)

@ziggy


So, it depends on HOW the network is configured?


If I gain access to a server then don't I automatically gain access to all its clients?   


If they don't do I have to hack individually?

 Thanks for the rest of the info too   

Oh and could you please tell me a bit about the life of a pen-tester,

The pay(when you start out) (and as you gain experience)

 Every pen-tester's dream (like to get employed in _______________ company(please fill the dash))

And also working hours

Please also mention how(or where)(like which institutes)  to pick up pen-testing skills.

Thanks once again for your help   

@ unicityd

Thanks a lot for the order. I think I've got it figured out.....
OSI, networking, TCP/IP, Specific OS (Windows server, Linux, Windows XP and Windows 7), Programming and then databases.
I left one thing out though. Where does learning shellcode come in this list?

Oh and please also mention if this list consists of a pen-tester's knowledge.....if the list is not complete please edit, or add items to the list.


Ok, thanks. Do you know any good books on databases which will teach me enough?


Yay!  Please mention some of those companies.


Good college? Followed by? A master's degree in Ethical hacking?


I think I've heard of this before. Payload refers to the transfer of the buffer overflow program, right?


Don't web app security testers have to learn all that stuff?
As a pen-tester, won't I only be asked to hack into computers, and stuff like that? Do I also have to hack into web applications? Is it essential I have to learn that too? (My hands already seem kind of full........)

Anyhow, thanks for providing the information in a detailed and clear manner 

I appreciate your enthusiasm and wanting to know more about pentesting and ethical hacking, but ALL of your questions can be found in other threads and/or Google.


http://www.eccouncil.org/courses/certified_ethical_hacker.aspx


http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6158.0/


http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/board,23.0/

+1 for ajohnson!!!

Novice, I've got to echo some of the last few sentiments expressed here: What you're asking is equivalent to "Please tell me how to be a nuclear engineer/doctor/pilot". You're not going to learn pentesting on a forum. You can use it to augment your knowledge but not create it from the ground up.

There are a ton of books on pentesting. If you go to Amazon's site and do a search you'll find enough to keep you busy for a few months. Start with a one that gives you the basics of pentesting and introduces you to all the different areas - if it's got upwards of 3 stars as an average rating it will likely be pretty good. Once you've gotten the basics down, you can delve into the specifics from there. I don't think you need to be an expert in all areas, similar to a doctor, you can specialize (social engineering, web app, wifi, etc) but you need to know the basics of the different areas.

The CEH is a decent "Intro to pentesting" cert but you won't learn how to penetrate a system from it. It's too high level and covers somewhat antiquated methods. Plus, if you've got $500 - $1000 to spend on the CEH, you should be able to invest in a few pentesting books that'll give you as much if not more (minus the cert).

Hi! This message has been typed in MS-word and then edited. (The auto save feature comes in use some times)


Anyways, like I said I appreciate constructive criticism, so thanks for the suggestions 

@ziggy
Thanks, and I will try to post questions only after searching using Google and the search box in this forum.  If I can’t find an answer or I don’t understand anything, then I will post it here   
(Can you just answer the pen-tester’s dream question? I want an inside view of a pen-testing job, thanks )
@ajohnson
I don’t mean to actually learn Metasploit right now. I set up this thread with an idea of making a plan to become a pen-tester. Right now I’m just collecting details to construct the plan. i.e. I wanted to construct the overall plan and then jump into it. But, do you recommend coming up with the next steps of the plan after completing the initial steps? If so, then I will follow that idea    
Don’t worry; I don’t plan on finishing all of the things on my plan in one year or so. I am perfectly OK with the 10 year plan. Here’s my scenario:
I am currently about to turn 17.
I will not be able to properly study the hacking techniques for the next 1 year approx. (I have important exams that I am pressurized to do well at.) (That leaves me with approx. 9 years to learn hacking before I go into a pen-testing position. I am confident of my learning abilities and I will work hard, so I’m pretty sure that I can achieve all my goals in this gap.
Ok, but I did some research of my own and CCNA cert is not even mentioned here:
http://infiltrated.net/TechnicalSecurityRoadmap.html#   (I still plan on getting it, I just would like your opinion on this)
@unicityd
 I’ve done what you said and I would like to know if you would recommend getting Comp TIA or Microsoft certified in Security +.  Oh and someone once told me that self-study was the best way to become a hacker by researching on the hacking topics…can all the info about hacking topics be found using Google?
Thanks for all the other information posted in your last post too.

Finally, here’s a bit of my plan everyone:   (Master 1 step and then proceed to the next)
1)   Read A+ material.  (To capture the grains of knowledge that have thus escaped my grasp.
Read up on the OSI and its working. Purchase “Operating System Concepts, Seventh Edition” (Why is this more than 3 times cheaper than its successor?)
     
2)   Read up on networking. Master content in Odom’s books.
3)   Proceed to TCP/IP Volume Illustrated, learn as much as I can
4)   ? (Should I read the other Cisco books on routers and stuff now)
5)   Start gaining knowledge of specific OS. Preferably Linux, Windows server, XP, 7)
6)   Learn programming. (I already know the basics of C and C++ and I plan to promote this step up the order, is that ok? And one more q: Which programming language would you recommend for writing tools….I’m thinking Python is the easiest for this purpose.
7& Start learning database management (Is knowing basic SQL commands enough?) and assembler(knowing to read shellcode is enough or do I have to be able to write it too?


Well, this WAS my plan before you said to learn web-app stuff too….Hmmm,

Where do I fit in learning that?

Note: I plan to complete what unicityd said before proceeding to the content included in Sil’s link

So...... any changes to the plan(its not finished)? Or is it OK?

Awaiting your wisdom.........