January 11, 2012 at 10:01 pm #7229delusionParticipant
I am looking to sharpen my Pen Testing skills and my friend has kindly offered his home network to me. I want to hack him remotely. My concern are laws preventing this. Can someone point me in the right direction? Really want to find a resource which I can use in my favour for a get out of jail card.
I look forward to your posts.
January 11, 2012 at 10:37 pm #45199MaXeParticipant
1) It’s helpful when you provide which country the testing is performed in, as the laws are not the same in the entire world. Some countries has very strict laws on hacking, where you can barely own a hacking tool, others prevent creation of viruses (even if they’re not used), and some has very strict rules of eavesdropping / man in the middle attacks.
2) If he really owns this home network you want to hack remotely, the owner of the network and devices connected to it, must sign a real contract specifying various topics such as scope, liability, and so forth.
3) In some countries you may need to warn your ISP. Otherwise they may throttle, block or report your malicious traffic.
Final words: There’s no easy way to obtain a get out of jail card, you need to have proper permission from the owner of the target network, and preferably also have permission from the ISP, and also check which countries or perhaps states your traffic passes through, because if your traffic passes through USA and you’re based in e.g., UK, Germany, Spain, or whatever, then as soon as the traffic enters USA, it’s under US-jurisdiction.
So, it’s not just like “that”, you have to be careful and do it right.
You will probably learn more by installing Metasploitable in a VM on your own network and attack that, at least for starters. There’s various Live CD OS’s that you can sharpen your pen test skills with.
January 12, 2012 at 6:18 pm #45200TribanParticipant
I would agree with the use of the lab. There are a bunch of VMs out there that are used for various security tool testing. They are relatively free and designed to be vulnerable to a particular type of attack or multiple attacks. True they don’t do 100% replacement to a realworld pen test, but they do train you in how to use the tools.
Some things you can do to simulate a more realistic site is to have your friend setup a system and not tell you anything about it. Then either over a VPN or from his house/apartment/flat you can try to root the box and look for whatever easter eggs he left. This way all activity is happening on your private networks. Alternatively he could build a VM and give it to you for testing.
Though you should still check with the local laws regarding hacking. As MaXe pointed out, they vary based on location.
January 12, 2012 at 6:33 pm #45201GromicParticipant
A site for a great overview of diffrent vulnerable systems/apps for a pentest lab is:
January 17, 2012 at 4:54 pm #45202delusionParticipant
I see. I am based in the UK and am waiting for an email response back from both ISP’s i expect they get hammered with complex issues such as this one and will either go around the departments or will disappear. Its quite a long process i know and I understand your points with regards to lab based equipment and I am familiarising myself with backtrack etc within my lab however I like to think forward and really enjoy the notion of hacking an external site purely to understand the differences, as in the additional steps which come into action. I agree on the stance of the get out of jail free card which is way i have contacted both ISPs, if i get no response then i will have to call them. Sounds long winded, but would be cool. Adding an additional dimension into my studies in order to acquire another way of doing things.
I would definitely never just take the plunge when hacking is concerned. Thanks for the tips.
November 2, 2013 at 11:37 am #45203Elvira30Participant
WOW ! Thanks for the great information sharing with us. keep it up…
November 4, 2013 at 11:01 am #45204UKSecurityGuyParticipant
Couple of points from another UK based guy.
1. You’re probably not going to get very far with the ISPs. This is an edge-case for their technical support, and even if you could get through to the right team, getting an offical ‘go ahead’ isn’t easy. I’ve got a Remote Hosting based VM which I use for remote Pen-Tests, and getting offical approval from my ISP for my activities on that was a pain.
2. You’re probably not going to get very far remotely hacking your friend either. Unless he’s got a significant amount of remotely accessable services (Web/Database/Email/etc) running, you’re unlikely to find something to exploit him with over the internet, which means you’re into Social Engineering (and the other guy knows you’re trying to attack him……)
3. Which leads onto – do you have permission from the owner of the IT network you’re attempting to hack, for all devices on that network? If it’s a home network, you’re going to be attacking a guy who expects you, which possibily (depending on your friend) knocks out Social Engineering. Are there other people in the house you could Social Engineer? If so – do you have THEIR permission as well? It’s all well and good your friend giving you carte-blanche to black-box their network, but are there are users connected to that network that he can’t give permission to attack? How will you know which systems are his and which are theirs?
4. I agree with the VPN tunnel aspect. You shouldn’t have any issues with the ISP then (although technically you’re hacking across their network, it’s all encrypted traffic and you have permission from the owner on the other side). You also (and I can’t stress this enough) know which system is on the remote end of your attack. Does your friend have a dynamic IP address on his router? How often does it change? How do you know that you’re still attacking the same approved systems if/when it does change?
The scenario I use when I do things like this is as follows:
1. Get a signed approved letter of concent from my friend for a internal Penetration test. Have my friend give me the IP/Subnets that he owns within his internal network so I know what is in/off limits
2. Have my friend spin up a VM/Physical machine that I can connect into remotely via a VPN.
3. Pretend that I’ve remotely compromised this machine remotely somehow (Social Engineering with exploit/Browser Exploit/Java Attack/etc) and I’m now on the internal network with no real credentials.
Hope that helps.
November 4, 2013 at 7:28 pm #45205SephStormParticipant
another thought. Lets say you use some code on his network that corrupts/infects his data, is he prepared for that? Is he going to give you an all clear on that or is it going to cause problems. I had this opportunity on my own network, I refused.
- You must be logged in to reply to this topic.