Hacking Scenarios

[fred]

Hello my freinds  i really love this forum becuase i alway got useful info here and thank you all.

frist of all, i wanna say im not new in hacking world i had some pentest experience i can use back track metasploit and many other tools and im familiar with many concepts and so on.

But as im addicted to hack!!!! i wanna start studying it so seriously   and i know i must build a hacking lab so i bought VMware Workstation 8 (i know i can use Virtual box for free but i love Vmware its better) and i download Backtrack 5 R2 Gnome i installed to A VM and a windows Xp VM also so do i need anything more for my lab?

i need some hacking scenario for exercises i googled it but i couldnt find some efficient scenarios dose anybody has them?

Thanks again Take care!!

[sil]

http://g0tmi1k.blogspot.com/2011/03/vulnerable-by-design.html

[fred]

ok thankx and what about my hacking lab is it efficient?

[magxtopher]

Thanks.Great blog all newbies or serious security guru's shd read the link.
Cool mate.

[magxtopher]

@ cyber.spirit,
My candidy advise is read google hacking and pen test by Johnny Long,
any security officer needs this book.You will found millions of hacking scenarios
and above all you will be equip with billions of search codes.I was shocked how
the guy come up with such book.After reading the book you  will attempt to know how
to hack with other search engines like msn,yahoo,bing etc.Give it a try u loose nothing.
Good luck.

[fred]

thank you both Magxtopher and sil that blog is really greate iDK who creates that its pretty well.

magxtopher, google hacking and pen test? Really? But i thought hacking with search engines is useless coz you cant choose ur target
u must select one of results anyway thanks again and i'll buy that book if its not free.

[chrisj]

Cyber.Spirt:

You might also want to check out Thomas Wilhelm (aka Grendel)'s book
http://www.amazon.com/Professional-Penetration-Testing-Creating-Learning/dp/1597494259

There are some other good things on hacking lab design of the forum if you look. Jaddix and Laz3r (I think) had a good couple posts a few years ago.

[chrisj]

thank you both Magxtopher and sil that blog is really greate iDK who creates that its pretty well.

magxtopher, google hacking and pen test? Really? But i thought hacking with search engines is useless coz you cant choose ur target
u must select one of results anyway thanks again and i'll buy that book if its not free.

You can't hack if you don't have information. You can get information passively or actively.

[fred]

Yes chrisj i already know without Footprinting  i cant hack, and i can find info passively and sometimes actively. But if u used google hacking i may know in this type of attack u must use some Google dorks and choose a vulnerable  site from results and go further but my problem is i wanna choose the target by myself not useing the Google's results thats why i think its useless IDK maybe Im wrong.

and thank you for that book i guess its a greate book, and plese tell me is my lab efficient? do i need anything else for that? and which SP of windows XP is good for my lab


thanks again

[chrisj]

my problem is i wanna choose the target by myself not useing the Google's results thats why i think its useless IDK maybe Im wrong.

and thank you for that book i guess its a greate book, and plese tell me is my lab efficient? do i need anything else for that? and which SP of windows XP is good for my lab

thanks again

As for the google stuff, treat it as if it's out of scope.

I was reading Basics of Hacking and Penetration Testing, or was it in the elearn security documents, last week, I can't remember. Pretty sure that was where I came across, get the lowest SP version you can find. It'll have more stuff for you to exploit. Doesn't mean newer ones won't have stuff to exploit but you'll get more bang for your training doing the oldest. Of course, if your system will handle it, do all service packs and see how each do.

[ziggy_567]

But i thought hacking with search engines is useless coz you cant choose ur target
u must select one of results

Check out the "site:" or "inurl:" Google dorks...

[fred]

Ok thank you all
chrisj what do you think if i'll buy the complete package of Professional Penetration Testing Creating And Operating A Formal Hacking. i think its expensive but as i said im addicted to hack and i dont care !!!! so what is ur opinion???

[fred]

can you give me an example ZIGGY??

[Grendel]

chrisj what do you think if i'll buy the complete package of Professional Penetration Testing Creating And Operating A Formal Hacking.

As author of the aforementioned book, I strongly support your purchase it.

 

[ziggy_567]

can you give me an example ZIGGY??

Sure.

Say you're assessing a site for abc.com, and you want to look for sql dumps carelessly left on their webservers...go to Google and search for the following:

filetype:"sql" site:abc.com

As long as Google has indexed it, you're in business...