.

Regarding CEH

<<

shampy_garg

Newbie
Newbie

Posts: 8

Joined: Tue Feb 12, 2008 3:27 pm

Post Tue Feb 12, 2008 3:36 pm

Regarding CEH

Hi Guys

I would like to introduce myself. I am doing IT job as sys admin and i am almost in this field from last 6 yrs. Got my Masters in C.S, CCNA,MCP and Juniper Routers.

Currently working on MCSE and also i am willing to learn abt Hacking from a long time but Just i am kind of lazy did not spend enough time on my study. Everyday work,work work. I am already 27 but still i don't have enough knowledge like you guys.

Today i was looking for CentosOS training but finally i end up with this Site.

This site seems to be good and i already seen alot of things abt Hacking tool like BT3 and BT2, Netmap and alot more,


I need your help If you guys will share knowledge on this topic with me i would really appreciate it.

Definitely my dream is to be a White Hat Hacker not a black one. I don't believe on Certifications but its good to have ..kind of first step to get a job.

I truly want to learn abt.it.


I want to create a lab at home ..So i can do some testing by myself and can learn about tools . My setup is : I have 1 Desktop computer and 1 laptop. On Laptop i have Winserver 2003 as Primary OS. and then i have VMWare server based and i already installed Linux, winxp, Win2000 Advanced Server.(Out of Date).  Going to install Vista soon.

what u guys would suggest me to do learn more abt Hacking and as well as for CEH exam and also i have CBT Nuggets for CEH.

Any Suggestion would be appreciated.
<<

shampy_garg

Newbie
Newbie

Posts: 8

Joined: Tue Feb 12, 2008 3:27 pm

Post Tue Feb 12, 2008 4:39 pm

Re: Regarding CEH

Hi Guys

I am still reading here alot of stuff regarding CEH ..Its not just about CEH ..Its abt skills and tricks and how to prepare yourself with help of Free Tools and Softwares instead of Paying thousands $$ to boot Camps.

Financially i am not strong so can't pay for this ..Cant save that kind of money so i can spend on these things Plus did not have enough time to attend classes while running between Home and Work (including Traffic)..

I just want to know which one O.S is best Fedora or CentOS?

I know here are alot of guys Like Don, Deen Ken and more who have alot of knowledge abt hacking stuff

I am so excited and happy ..Bcz today i joined this community. I hope you guys definitely will help me out and will share ur knowledge with me.
<<

Kev

Sr. Member
Sr. Member

Posts: 428

Joined: Sat Sep 29, 2007 12:26 pm

Post Tue Feb 12, 2008 7:23 pm

Re: Regarding CEH

Welcome to the forum.  Yes setting up your attack lab is good. For me I like real boxes if I have a choice. But to get started, just use vmware. Time is always our big enemy in learning anything. With vmware on a decent lap top with at least 1 gig of memory, there are so many things you can do and at times that you might normally waste.  Waiting at the airport or even sitting watching TV, you can play with tools like Nmap, etc...  The important thing is you dont need a lot of cash to get going.  In fact, there are so many free tools there really is no excuse anymore other than a severe  lack of time or just being lazy. 

Read some free tutorials on TCP/IP and grab a copy of vmware. Download a free linux distro and install.  Get the free program of Nmap. Start scanning away and try to understand what you are doing from the TCP/IP tutorials your reading.  Get this under your belt and you have made a good first step into the world of hacking. Spend sometime on this one thing and dont rush into exploits,etc... until you have this really under your belt.  Everything I have mentioned is free so just try and be creative in finding the time to do it. You will find there is more time available than you might think if you really THINK about it.

PS~ who is the Ken you mentioned?  :)
Last edited by Kev on Tue Feb 12, 2008 7:27 pm, edited 1 time in total.
<<

shampy_garg

Newbie
Newbie

Posts: 8

Joined: Tue Feb 12, 2008 3:27 pm

Post Tue Feb 12, 2008 9:45 pm

Re: Regarding CEH

Hi Kev

Its my apologize. It was not Ken its you man. My bad. Thanks for ur info.

Yes its very true. Yeah i can do it i have 3 laptops with 2gb mem and dual core processor with 3 gb desktop . I already have licensed vmware server and as well as all sort of stuff.

But for starting .. i was thinking i should have to start from here and need to discuss with you guys.

Thanks for yr info.. Really appreciate it.
<<

pseud0

User avatar

Recruiters
Recruiters

Posts: 210

Joined: Sat Nov 17, 2007 8:26 pm

Location: Detroit, Michigan

Post Wed Feb 13, 2008 10:10 am

Re: Regarding CEH

I am in major agreement with Kev.  Before you go drop any level of cash pull down all of the free resources you can get.  BackTrack, Helix, Knoppix, etc for your tool sets.  Then grab VMWare Server (now free) and load up on different operating systems.  You can drop a full library on an external hard drive.  Don't forget to have different versions of the same OS so you can take shots at systems of different patch levels. One warning, don't expect to use the same setup for real testing.  It is well known that pen testing out of a virtual machine will result in slightly different results than testing "from the iron".  (ie.  you actually booted the OS and are using it live)  I got kicked in the pills over this just a short while ago.  One of the guys that worked for me forgot to bring our testing image (we boot off of external hard drives) to a client site so he used BT3 in a virtual machine to do some of his testing.  After we turned over our reports our client wanted to challenge one of the major findings. It turns out some of their admins followed behind us and used their own tools to validate our work, and they found one issue that they could not replicate.  It turns out that by using the VM the tester basically got a false positive on a fairly critical vulnerability.  This occurs because there is some level of abstraction occuring by your traffic having to pass our of a virtual network stack, into the real network stack, to the target, back to your real network stack, then back to your virtual stack.  It isn't common, but it can cause some odd behavior.  Morale of the story:  training with VMs is good, real world testing with VMs is not so good.
CISSP, CISM, CISA, GCIH, GREM, CEH, HMFIC, KTHXBIROFLCOPTER
<<

shampy_garg

Newbie
Newbie

Posts: 8

Joined: Tue Feb 12, 2008 3:27 pm

Post Wed Feb 13, 2008 11:13 am

Re: Regarding CEH

Thanks for your assistance Psedu0.

SO Right now overall i am having my personal 3 laptops and 1 desktop for testing.

One of my Laptop does have Winserver 2003 and does have 2 gb mem. and Desktop have winxp professional and rest of 2 laptops have Vista.

So i should have to start from scratch point. Today i am going to download all of free tools and will install on my Server Laptop. and will play around with BackTrack, Helix, Knoppix, NetMap etc.

Sounds good and interesting for me :)

Any Suggestion..Shld i have to install these tools on client side O.S like Xp or on my server .

Its just home based..At this point i am not scared if my OS will goes Croupt or something else.
<<

pseud0

User avatar

Recruiters
Recruiters

Posts: 210

Joined: Sat Nov 17, 2007 8:26 pm

Location: Detroit, Michigan

Post Wed Feb 13, 2008 12:16 pm

Re: Regarding CEH

I'd suggest putting VMWare Server on your win 2003 server for the simple reason that it has the most heavy duty hardware.  Then start pulling down or building the virtual machines you plan to use.  For very simple training you couple simply have two VMs running on the same system, one with your target OS and one with your testing OS (BT3 or similar).  A better setup would be to run your target OS in a VM on your win 2003 machine, and then boot a live CD (or real install from another hard drive) on one of your laptops.  Make sure the VM is getting its own IP and is not being NAT'ed through the IP of the win 2003 machine.  Once you do that you should be able to hack from your laptop into the VM as if it were a real machine on the network.  Once you start getting your hands dirty you can also start setting up a virtual network.  Basically you will take the target OS, give it an extra virtual NIC, and link it to another VM running on that same system.  That way you have to hack the first VM to be able to see the second VM.  This is fairly realistic in what you'd see in real pen tests.  Often you need to pop an external system and then use that as a "hop" to attack systems further into the network.
CISSP, CISM, CISA, GCIH, GREM, CEH, HMFIC, KTHXBIROFLCOPTER
<<

Kev

Sr. Member
Sr. Member

Posts: 428

Joined: Sat Sep 29, 2007 12:26 pm

Post Wed Feb 13, 2008 1:41 pm

Re: Regarding CEH

Yes, listen to pseud0.  Good advice there.  ;)
Last edited by Kev on Wed Feb 13, 2008 1:47 pm, edited 1 time in total.
<<

shampy_garg

Newbie
Newbie

Posts: 8

Joined: Tue Feb 12, 2008 3:27 pm

Post Wed Feb 13, 2008 6:22 pm

Re: Regarding CEH

Thanks for Info

I will try it as soon i can and will keep in touch with u guys here under this topic
<<

shampy_garg

Newbie
Newbie

Posts: 8

Joined: Tue Feb 12, 2008 3:27 pm

Post Thu Feb 14, 2008 8:44 pm

Re: Regarding CEH

Today i found NMAP Secret Training Course 35+ Hours Video Training Course.

I think it must be nice for starting as well.
<<

Kev

Sr. Member
Sr. Member

Posts: 428

Joined: Sat Sep 29, 2007 12:26 pm

Post Thu Feb 14, 2008 10:22 pm

Re: Regarding CEH

Please dont waste your money on that.  There are no secrets. The nmap site has every thing you need and there are many good free tutorials on the net.
<<

shampy_garg

Newbie
Newbie

Posts: 8

Joined: Tue Feb 12, 2008 3:27 pm

Post Fri Feb 15, 2008 10:50 am

Re: Regarding CEH

Thanks for suggestion Kev

I don't have enough money But yes yesterday instead of buying NMAP i bought good wine bottle for my girl friend on Valentines Day.

I found link on internet and i downloaded it and i was just listening that video.. its just simple routine things Not something special.

But may be thats the thing for guys who are starting their carrier in this line.
<<

rance

User avatar

Full Member
Full Member

Posts: 212

Joined: Thu Jan 03, 2008 5:24 pm

Location: Earth

Post Fri Feb 15, 2008 12:11 pm

Re: Regarding CEH

pseud0 wrote:...
It is well known that pen testing out of a virtual machine will result in slightly different results than testing "from the iron".  (ie.  you actually booted the OS and are using it live)  I got kicked in the pills over this just a short while ago.  One of the guys that worked for me forgot to bring our testing image (we boot off of external hard drives) to a client site so he used BT3 in a virtual machine to do some of his testing.  After we turned over our reports our client wanted to challenge one of the major findings. It turns out some of their admins followed behind us and used their own tools to validate our work, and they found one issue that they could not replicate.  It turns out that by using the VM the tester basically got a false positive on a fairly critical vulnerability.  This occurs because there is some level of abstraction occuring by your traffic having to pass our of a virtual network stack, into the real network stack, to the target, back to your real network stack, then back to your virtual stack.  It isn't common, but it can cause some odd behavior.  Morale of the story:  training with VMs is good, real world testing with VMs is not so good.


I'd really be interested in the technical details of this discrepancy, if you're able to elaborate further.  I plan to consolidate testing platforms to a single machine using virtualization, and I'd like to understand what you saw here.  About the only thing I can imagine would be some sort of TCP/IP vulnerability, but I can't think what specifically you encountered.
Poking at security since 1986.  +++ATH
<<

shampy_garg

Newbie
Newbie

Posts: 8

Joined: Tue Feb 12, 2008 3:27 pm

Post Fri Feb 15, 2008 1:09 pm

Re: Regarding CEH

They found one issue that they could not replicate

Its sort of communication prob between 2 machines. :Like RANCE said TCP/IP Vulnerability.
<<

pseud0

User avatar

Recruiters
Recruiters

Posts: 210

Joined: Sat Nov 17, 2007 8:26 pm

Location: Detroit, Michigan

Post Fri Feb 15, 2008 2:17 pm

Re: Regarding CEH

rance, I can try to get into specifics but it'll have to wait at least a week.  I'm leaving for my honeymoon tonight.  The short version of the story is that we consistently kept getting false positives on a type of DOS attack that used operating system response times as part of the signature, and we were getting random false positives on some windows xp/200/2003 buffer overflow attacks.  For the second set, this only happened when we tested servers that had the same 3 third party apps installed on them.  (an IBM app and two custom apps) The really shitty part is that we couldn't consistently replicate the problem.  We'd scan the same box 10 times in a row and it would come back clean 6 of the 10 times, and not clean the other 4.  This all happened after the customer challenged our findings so it was pretty embarrassing to have to backtrack and go through it again.  After I found out my staff was using a VM to do the testing I told them to boot from an image I'd burned onto a hard drive.  No more problems.  Systems were clean 10 out of 10 times, and we later got admin rights to the boxes and manually confirmed that the vulnerability wasn't present.  After we were done I reached out to some friends in other pen testing shops and got the same story.  "Testing from a VM will work just fine 95% of the time, but expect that last 5% to bite you in the ass."
CISSP, CISM, CISA, GCIH, GREM, CEH, HMFIC, KTHXBIROFLCOPTER

Return to CEH - Certified Ethical Hacker

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software