.

Ultimate Newbie Question

<<

Kevan

User avatar

Jr. Member
Jr. Member

Posts: 95

Joined: Fri Mar 16, 2007 7:20 pm

Post Fri Mar 16, 2007 7:29 pm

Ultimate Newbie Question

I know I may be prone to flame wars for this, but I need to know where to start. What do I need? I have read the 'tutorial' by Eric Steven Raymond, multiple times. I have always felt some sort of calling towards being an ethical hacker. I appreciate all suggestions you have...
Last edited by Kevan on Fri Mar 16, 2007 7:39 pm, edited 1 time in total.
I may be a newbie, but I am willing to learn.
<<

Kevan

User avatar

Jr. Member
Jr. Member

Posts: 95

Joined: Fri Mar 16, 2007 7:20 pm

Post Fri Mar 16, 2007 8:28 pm

Re: Ultimate Newbie Question

No suggestions at all? I'm getting worried...
I may be a newbie, but I am willing to learn.
<<

LSOChris

Post Fri Mar 16, 2007 8:59 pm

Re: Ultimate Newbie Question

maybe you should ask a more specific question?
<<

Kevan

User avatar

Jr. Member
Jr. Member

Posts: 95

Joined: Fri Mar 16, 2007 7:20 pm

Post Fri Mar 16, 2007 10:03 pm

Re: Ultimate Newbie Question

I don't really have one. Lol, maybe I should ask what computer requirements are and operating systems that are the best for hacking. I want to be able to take care of my  network security, and be able to hack other networks I am supposed to take care of. And I would like to do it with as little programs as possible.
I may be a newbie, but I am willing to learn.
<<

heffnercj

EH-Net Columnist
EH-Net Columnist

Posts: 69

Joined: Thu Mar 15, 2007 2:45 pm

Post Fri Mar 16, 2007 10:30 pm

Re: Ultimate Newbie Question

Well I think before making any suggestions on where you should start, I'd ask what your computer background is. How much do you know about networking, software, hardware, or anything else computer-related?
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Fri Mar 16, 2007 10:44 pm

Re: Ultimate Newbie Question

Hey Kevan,

Thanks for joining us. I'm sure you'll find lots of people to help you on your quest. First thing to know as an ethical hacker is patience. Hope you don't mind if I politely mention that waiting longer than 1 hour to add a second post asking where the answers are is a little much.

As far as where to start, heffnercj is right. What do you know now? What experience do you have? What is your background?

One thing I can tell you, is that the first thing to know is TCP/IP inside and out. So try this:

http://www.ethicalhacker.net/component/ ... pic,370.0/

It will be nice for you and for others to keep in touch as you work towards your career goals,
Don
CISSP, MCSE, CSTA, Security+ SME
<<

Kevan

User avatar

Jr. Member
Jr. Member

Posts: 95

Joined: Fri Mar 16, 2007 7:20 pm

Post Sat Mar 17, 2007 3:56 pm

Re: Ultimate Newbie Question

OK, thanks for the advice! Sorry about the impatience, but I finally found the place I have been looking for quite a while and was somewhat surprised by the lack of response.

Background:(life/computers)

I am actually a missionary kid, and was in Africa for 8 years, therefore, my knowledge of computers has been recently acquired. (I was in Sierra Leone during the coup, and was evacuated twice, thus according to friends an family, I have a very 'adult childhood'. I have the problem of over-analyzing things and am regarded as not being enough of a 17-year old.) My friend who is a program/IT Security Technician for a local company first introduced me to linux, and his nephew helped me set up Fedora Core 5. (Unfortunately Windows crashed and my cousin unknowingly put a strong magnet on my hard-drive containing Fedora). So, I have pretty much done a lot with Windows for the last couple years. I am somewhat of a webdesigner (using raw HTML and Dreamweaver occasionally) and absolutely love the faces I get when I solve a person's computer problem. I recently bought a new HP Pavilion (customized) and install Linux at the first chance I got. I started with Ubuntu, then added KDE packages because it's shiny :-) I am interested in using Back Track or Slackware, but Slackware has not been loading that great for the install yet. I also am in the midst of trying to create my own distro based on Ubuntu 6.06 and adding security packages to it, I have not gotten around to compiling it yet...and yes, I have done it all with tutorial on doing it though command line. I have been told by many programmers or friends of mine that I am a hacker, but as Eric Raymond adequately put it, I am not one till a real hacker tells me I am. I know about 5 or so ways to ruin my High School's network, but am not interested in doing it and therefore let the administrator know what to change. (Although my friends tell me to do it anyway). I know HTML well, tried C++ without a lot of luck, and as Python does not compile under itself, I am not interested in it and hope that there is still a chance of becoming a hacker regardless of my lack of programming knowledge. 

Hopefully this answers some questions you may have, and once again, I appreciate feedback greatly...
I may be a newbie, but I am willing to learn.
<<

Cutaway

User avatar

Jr. Member
Jr. Member

Posts: 96

Joined: Mon Nov 20, 2006 5:02 pm

Post Sun Mar 18, 2007 8:05 am

Re: Ultimate Newbie Question

After you read Don's writeup you should then go and check out what Richard Bejtlich wrote a month or so ago in a blog post http://taosecurity.blogspot.com/2006/12/starting-out-in-digital-security.html.

At 17 you are going to find that your tastes, opinions, and goals are going to change.  But if you are going to continue through to being a security professional then these points will help you get there.  As you are getting to know Linux I would continue to work with it.  Maybe, for your next project, you should think about setting up a Gentoo or BSD box.  These tend to take a little more technical skill and the tutorials really get detailed and can be a lot of fun.  Once you have worked with Linux for a while you should turn back to Windows.  A security professional cannot do his job without it.  By delving into Windows and teaching yourself to use it by itself without tools like Cygwin you will be truly expanding your knowledge.  For instance, are you aware of the Windows Management Instrumentation Command-line?  You should check out Ed Skoudis' post at the Internet Storm Center called Windows Command-Line Kung Fu with WMIC http://isc.sans.org/diary.html?storyid=1229.  In fact you might want to search on Ed's articles here because they are all very helpful.

As to your programming skills learning anything you can will be helpful.  Stick with something you think is fun and just get to know it.  If I have to make one suggestion I would learn how to compile C programs as this will help you with some of your security work down the road.

As to your friends, not giving into peer pressure to use your skillz for malicious purposes is very important.  If you know of problems with your schools network I would be very careful.  It is possible that they may think your poking around is an attempt to breach their environment.  My suggestion (if you want to help) is to approach the staff.  First, go to your parents and to your guidance counselor and tell them that you are going to talk to the computer people about some problems you have found.  Let them know that your intent is to be helpful and not malicious.  That way you have something to fall back on and people to help you if things turn nasty.  Then go to the computer people and tell them that you would like to help.  Explain to them that you are interested in becoming a security professional.  Once they are on board let them know what you have found.  If they are not then you might want to back off before sharing the information.  Go back to your counselor and give the information to that person and let them proceed with the information.  They might be willing to listen to an adult more.

I know this sounds convoluted but you want to protect yourself.  Unfortunately it is necessary.  But just flat out hacking the system might get you arrested.  I know that your friends are alot of fun but are they worth a night or two in jail?  I am here to tell you that you want to stay as far away from a jail cell or drunk tank as possible.

I hope this helps,
Go forth and do good things,
Cutaway
Go forth and do good things,
Cutaway
<<

Kevan

User avatar

Jr. Member
Jr. Member

Posts: 95

Joined: Fri Mar 16, 2007 7:20 pm

Post Sun Mar 18, 2007 9:01 am

Re: Ultimate Newbie Question

Wow. Thanks for all the advice. I was kind of hoping I would never have to hear the part about using Windows, I am addicted to anything that actually works now. Have you ever read the book "Hacker-Cracker" by Ejovi Nuwere? I got in contact with him (via myspace...lol) and he pointed me to FreeBSD. I have two copies of it (one FreeBSD, one DesktopBSD), but neither worked. The DesktopBSD simply froze, and as I am a member at Linux Questions.org, I posted my problem there, but nobody knew what to do. As for my FreeBSD problem, well, take a look for your self: (I am kalabanta) http://www.linuxquestions.org/questions ... p?t=527170

Now, my great network administrator (who I have gone to) is grateful for my concern, but eats pizza and plays solitaire on his dual-screen monitors all day. He does not know a lot about Linux, yet uses a Novell network. I have used sniffers before on there, and obviously some had subnet masks, but I was able to get around 200 real IP's every 15 seconds or so. I have been accused 4 times of 'hacking' the school network when all I was doing was netstat -a in a Windows command prompt window. (the internet was down and I was was checking to see if the network itself was still up).

Yet another question, why are there so few people on this forum? Are there less hackers than I thought, or have they all been sucked into 'the dark side'?     

<edit>I am trying to download DesktopBSD from a different mirror and will try installing again. Is there a live BSD distribution?</edit>
Last edited by Kevan on Sun Mar 18, 2007 9:10 am, edited 1 time in total.
I may be a newbie, but I am willing to learn.
<<

Kevan

User avatar

Jr. Member
Jr. Member

Posts: 95

Joined: Fri Mar 16, 2007 7:20 pm

Post Sun Mar 18, 2007 9:49 pm

Re: Ultimate Newbie Question

I completely read the document on Great Hackers, and merely scratched the surface of the TCP/IP document. A question I have now though, how do you compile in Python? I was starting to learn it, but when I learned it doesn't compile under its own system, I gave up on it. I really like to learn code and soak HTML and Python up, C and C++ are somewhat of a more challenging language for which I will have to acquire a taste. Do you know of any good tutorials on C/C++ programming I can start with?
I may be a newbie, but I am willing to learn.
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Sun Mar 18, 2007 11:02 pm

Re: Ultimate Newbie Question

Although the ones in charge of your school computers know nothing of the true technical nature and potential of their systems (or students), they are nonetheless in charge. You're never too young to learn this lesson. So if they view something that you are doing as unethical hacking, then stop. Whether it is or it isn't... STOP!

If you're curious what a specific tool does, do it on your own computer. There, you are the boss.

If you needed to know what was up when your internet connection went down, pinging localhost, then a system on the same subnet, then the router, then something outside of the router like microsoft.com, this method will have given you the answer you were seeking. And it can be done without using what the uninformed view as a bad tool.

Might I be so bold as to say that you are the exact person we want to reach with our efforts here at EH-Net. Catch them young and warn them of the dark side. It's hard to overcome your past, so be aware of your actions... especially at your age. See my Ask the Expert column on this topic here:

Options for a Former Black Hat Gone Ethical

As for the small number of members, that continues to grow. Although we only have 2,000 members, many of them are very knowledgeable and helpful not to mention ethical. On the bright side, we get 600,000 page views a month and growing. So the momentum is there. As more people like you become contributors instead of silent watchers, everything will move in a positive direction. Maybe with enough of us, we can turn the media into thinking that hackers are the good guys again.

Don
CISSP, MCSE, CSTA, Security+ SME
<<

Kevan

User avatar

Jr. Member
Jr. Member

Posts: 95

Joined: Fri Mar 16, 2007 7:20 pm

Post Mon Mar 19, 2007 5:49 am

Re: Ultimate Newbie Question

Well, my use of command prompt in general is limited by their fear. Pinging scares them because I have their IP, and occasionally, when I am bored, I'll ping the computer I am at, and they still freak out. Everytime I sit down at a computer they freak out.

That article you posted above was interesting, and the ultimate problem you will have as 'recruiters' is the fact that it is much more fun to screw up peoples computers than it is to fix them most of the time. And one is much easier...

My problem seems to be that since I am only 17, my skills as a computer administrator are thought to be premature as I have not been to college. Therefore, there are less employers that want/believe I have skills and do not give me the chance. Without that, the easiest thing would be to go blackhat as I would not have a place to practice and improve my skills.

I know that by some sort of unwritten code, hackers do not help others through the stages of becoming a hacker. But, I live in a small American town with one stoplight-actually, I don't even live in town. The pizza place doesn't deliver this far, and there is no bus route. I sacrificed the money for my car to get a computer because a computer has more career potential in my mind. What I am trying to say, is that I am not in a prime location for finding a meeting place for hackers. I just moved here and the most I have to be worried about is a redneck running me over in a tractor.

Maybe if some of you could tell me how you started that would help me start my learning process. 
I may be a newbie, but I am willing to learn.
<<

LSOChris

Post Mon Mar 19, 2007 6:37 am

Re: Ultimate Newbie Question

well 9 out of 10 times i would say that a 17 year old wont have what it takes to be a computer admin from a maturity and experience perspective.  not saying you cant do it, i dont know you, you may have plenty of both.

if you need a place to start you should start with the basics; you need to know TCP/IP you need to know basic networking, you need to start getting familair with different OSes, yes including windows (because everyone uses it), you need to start getting a handle on programming.  there are a couple of threads about this very subject 

hacking isnt running the latest ./sploit against a range of IP's and hoping you pop a shell. its more about figuring all of it out and gracefully entering and leaving a network (and usually maintaining that access) without the admin knowing.

how do you get there?  it takes years, you need to pick a topic and research the hell out of it, then pick another topic and research the hell out of it, etc.  luckily most of the "core competencies" are well documented and you only have to have the patience and discipline  to sit down, read the stuff, and practice it in a lab where you can play safely.

most people wanna talk about being a blackhat because its so "cool".  let those guys spend a nite in jail (even something totally unrelated to computers) they'll sing a different tune.  you'll see the money is better and life is better when you get paid to legally do security and dont have to worry about the FBI knocking on your door.
<<

talkinelf

User avatar

Newbie
Newbie

Posts: 13

Joined: Fri Mar 09, 2007 11:49 pm

Location: Maldives

Post Mon Mar 19, 2007 1:26 pm

Re: Ultimate Newbie Question

it is pretty nice to see a lot of explanations and guidance actually as i my self is a newbie all the articles u guys have pointed to and all the cautious points u are giving is really helpful.

and it kevan  might have noticed all the views are shared very very decent unlike any other place we go in where we newbies get flamed. EH-net is really a friendly environment to establish the foundation of ones career
<<

Kevan

User avatar

Jr. Member
Jr. Member

Posts: 95

Joined: Fri Mar 16, 2007 7:20 pm

Post Mon Mar 19, 2007 3:03 pm

Re: Ultimate Newbie Question

Yes, and I greatly appreciate it. According to Eric Raymond's article, when talking to hackers, always treat them with respect. I don't know any of you personally, but I respect you for how you handle some of my stupid questions.

I am a member at LinuxQuestions.org and posted a URL to a webpage I wrote trying to explain in very basic terminology what the difference between Windows/UNIX/BSD/Linux is, and all I got were people saying it didn't help them at all, people that have over a thousand posts and have been in the UNIX-based systems for years. Obviously, their wisdom did not expand to being literate. I had clearly stated it was for curious beginners...
I may be a newbie, but I am willing to learn.
Next

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software