Well, I did say I would chronicle my progress, so a rundown of this week.
I started studying this week, and one of my primary resourses is the Graves study guide. I read chapters 1 & 2, and started on chapter 3. As always, it is amazing reading information on the information gathering stage of hacking, as you can see just what information is out there about your orginization, and sometimes, you yourself.
I don't think I have any major problems with this section except that I really didnt have a hard target to test, while technicly I can use any company for this phase, and indeed I used ARIN and whois to lookup a few, I feel that ultimatly you are gathering this info to prepare an attack, and I have no intention of hacking any of these companies (unless they pay me for it. ; ). I also looked at Hacking Exposed vol6, the corresponding chapter, but it went, I think, overboard for my purposes. Excellent for use when actually using against a target, not so much I think for study?
Chapter 3 is the Scanning and enumeration section. I am only part way through this section, but I decided to throw up some practical excercise here. I used the Heorot.net De-ICE live cd 100.1. Now this "lab" has only limited usefulness because it is designed, I think, with a specific purpose in mind. on purpose, it is not "metasploitable" and certain things have been "broken" to add a touch of difficulty.
So after setting up my lab as decribed in the forum post on Heorot, I started my test. I am most familiar with NMAP, so I fired it up and took a swing. (FYI, I have done the scenario before, but I acted, for the most part as if I had not. Besides, I had forgotten many parts.) I attempted to practice the scenario with a touch of realisim, so first I preformed a scan to see if the host was online, followed by a scan, with the timing set to 3 as an attempt at staying a quiet as possible. I descoved several open ports, and preformed version detection on them. (again, I think the CD comes into account here, but I know its part of the methodology.)
At this point, I had my first real question, how does a beginner know where to go from here? From my previous experience, I knew what port to look at first. A year ago, I didnt. So how would I know what ports to look at and how to attack them?
An any case, I continued the 100.1 excercise up until the priviledge escalation portion, because I was using a different version of BT, that didnt have the needed password list to complete the excercise, and I sure as heck didn't remember it. But one thing I made sure to do was look at the tools presented for each purpose. NMAP and Hydra (cmd-line) were the ones I used. I was unfamiliar with Hydra, so I looked it up. I used the instructions given by the tool to perform the excersise, I did a YT search, but the video I looked at used the GUI option, which doesnt really help you learn much I dont think...
anyway, today I want to finish Chapter 3 and perhaps move on to Chapter 4. We'll see what the day brings... It is my birthday after all... Which begs a question... If youre born in the US, and you are aroundd the world on your birthday, should you celebrate it on the day in the timezone you are in, or when it is actually your brthday in the states? ....