.

Ethical Hacking

<<

lemon4879

Newbie
Newbie

Posts: 2

Joined: Thu Mar 18, 2010 11:08 pm

Post Thu Mar 18, 2010 11:13 pm

Ethical Hacking

I want to see how well i can protect my computer (i have two) and basically i want to know a simple non-harmfull hack or proof i can by-pass to check security. I obviously have full access to my own ip address so any help or links would be nice. and if i could do in a command prompt like power shell tell me please and thanks ahead of time
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Fri Mar 19, 2010 1:02 am

Re: Ethical Hacking

Hey lemon4879, welcome to EthicalHacker.net,

I'd start simple with running a few vulnerability scans against the machines you'd like to test. The tools I'd recommend would be nessus and possibly GFI Langard. That'd just be a start of course. In the end you don't want to only make sure your computers protected - there's no such thing as fully protected. Even workstations that have a smart IT Dept get penetrated.

Try to keep yourself educated on what to do & what not to do when your online. These could be simple things like not opening e-mails from untrusted sources, visiting links, etc. Social Engineering still remains an evil attack vector to a decent amount of people - try to learn how to spot these techniques!
Last edited by KrisTeason on Fri Mar 19, 2010 1:12 am, edited 1 time in total.
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

j0rDy

User avatar

Hero Member
Hero Member

Posts: 591

Joined: Tue Feb 23, 2010 4:55 am

Location: Netherlands

Post Fri Mar 19, 2010 4:05 am

Re: Ethical Hacking

some tips on securing your workstations:

apply a decent firewall
install a good virus scanner
always keep you os/system up to date with fixpacks
use you common sense! dont open untrusted emails/websites
if you have wireless, use WPA2 with a good password

there are tons more of security measures you can take, but you will see that these are pretty much sufficient to keep the bad guys out or atleast let them move on to easier targets.

after this follow the instructions from Kris, and you will see that your security is just fine...
CISSP, CEH, ECSA, OSCP, OSWP

earning my stripes appears to be a road i must travel alone...with a little help of EH.net
<<

pizza1337

Full Member
Full Member

Posts: 156

Joined: Mon Mar 08, 2010 5:29 pm

Post Fri Mar 19, 2010 5:08 am

Re: Ethical Hacking

Use something like Secunia Personal Software Inspector  http://download.cnet.com/Secunia-Person ... html&nbsp;   http://images.techtree.com/ttimages/sto ... .jpg&nbsp;

It will just make sure you have everything up to date.
Knowledge Resource is Power.
<<

n1p

Jr. Member
Jr. Member

Posts: 89

Joined: Tue Mar 16, 2010 5:31 pm

Post Fri Mar 19, 2010 5:17 am

Re: Ethical Hacking

All great advice. Whilst focusing on the security of your desktop is  important, I would also take a look at the security of your router if you are sitting behind one with your two machines. Using a site such as AuditMyPc will give you an indication of how visible your pc is to the internet. You should also scan it for any unchecked open ports that may be exploited by automatic scanners (ssh, ftp) etc.

You also asked for a simple check to determine the security . I would consider using some simple Man-in-the-middle attacks between the two PCs and see if you can obtain any information through that. Using some simple bruteforcers against the web interface of your router is also another simple check, as is some Wifi testing  against your WEP/WPA security :P

Any questions, just shout

n1p
<<

lemon4879

Newbie
Newbie

Posts: 2

Joined: Thu Mar 18, 2010 11:08 pm

Post Fri Mar 19, 2010 2:21 pm

Re: Ethical Hacking

hmm sounds like good advice and i just tried a brute force attack and i failed at it. it was tsgrinder and says timed_event_send_recv: Client is dead, sorry
connection dead after timed_event_send_recv

I don't know what I did wrong?
<<

n1p

Jr. Member
Jr. Member

Posts: 89

Joined: Tue Mar 16, 2010 5:31 pm

Post Sun Mar 21, 2010 11:11 am

Re: Ethical Hacking

A bit more description of what you are trying to achieve and your setup would help. Also ensure you terminal services server is accessible by you..
<<

Dengar13

User avatar

Sr. Member
Sr. Member

Posts: 380

Joined: Tue Sep 20, 2005 8:43 am

Location: The Steel City

Post Sun Mar 21, 2010 12:28 pm

Re: Ethical Hacking

In addition to what j0rDy stated, don't broadcast your SSID on your wireless set up.
A+, Net+, MCP, CEH
MCSE: Security/Messaging
MCSA: Security/Messaging
Former U.S. Marine and damn proud of it!
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Sun Mar 21, 2010 9:51 pm

Re: Ethical Hacking

if you have the 2 boxes on their own private network and no other computers on it, get Hacking for Dummies. Read it, and play with the two boxes as you go through the book. Set one up as a testing box, and the other the victim.

LanGuard has a free for 5 ip address version right now. I had some strange experiences with it though, but that could because I have to wait for the trial license to run out.

Happy Pentesting
OSWP, Sec+
<<

j0rDy

User avatar

Hero Member
Hero Member

Posts: 591

Joined: Tue Feb 23, 2010 4:55 am

Location: Netherlands

Post Mon Mar 22, 2010 4:26 am

Re: Ethical Hacking

Dengar13 wrote:In addition to what j0rDy stated, don't broadcast your SSID on your wireless set up.


a good one if you want to go all the way! but remember this is only security through obscurity!
CISSP, CEH, ECSA, OSCP, OSWP

earning my stripes appears to be a road i must travel alone...with a little help of EH.net
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Mon Mar 22, 2010 5:36 am

Re: Ethical Hacking

As long as we went off on wireless...

Lack of SSID broadcast will only take you so far, anyway.  Yeah, it's a mentality, as j0rdy said, of 'security through obscurity,' and ultimately, if you're going to be hit by a hacker, stopping broadcast will only give you a moment of security, as if an attacker is using good tools, the first time your client connects to the AP, they're GOING to have your SSID, anyway.

Wireless security really needs to include WPA2, MAC filtering, time and access permission configuration, and if you really want to be 'safe,' you should be using some sort of VPN or client auth mechanism in addition to the wireless.  Wireless, in and of itself, can only be secured so far (WPA2 is a pretty good start,) so putting that extra gateway / VPN behind the wireless router will add that extra layer of 'OOMPF' behind it all.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

Armando

User avatar

Jr. Member
Jr. Member

Posts: 93

Joined: Sun Sep 13, 2009 11:15 am

Location: Italy

Post Thu Mar 25, 2010 8:29 am

Re: Ethical Hacking

Thought I could add something to the discussion:

  • Check your NetBios shares and null sessions (in the end McKinnon managed to get into Nasa with this). It's something you do from command prompt
  • Get USB Firewall utility to stop autoruns on usb dongles
  • Get PSI as mentioned by pizza
  • Get Sandboxie to run executables which behaviour is unknown, or to run your browser (Hey FF 3.6.2 has some great holes btw)

My 2 cents.
Founder and Lead Author of eLearnSecurity
Training for Penetration Testers
http://www.elearnsecurity.com

Founder of HACK.ME Free community based web app security virtual labs
https://hack.me

Return to Tutorials

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software