.

Update: its been a while since I posted my " I want to be a p/tester noob thread

<<

YuckTheFankees

User avatar

Sr. Member
Sr. Member

Posts: 332

Joined: Fri Apr 08, 2011 3:07 pm

Post Wed Jul 20, 2011 2:06 am

Update: its been a while since I posted my " I want to be a p/tester noob thread

Hey everyone,
Last edited by YuckTheFankees on Tue Aug 21, 2012 6:17 am, edited 1 time in total.
OSCP in progress
<<

tturner

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Thu Jun 26, 2008 4:50 pm

Post Wed Jul 20, 2011 9:00 am

Re: Update: its been a while since I posted my " I want to be a p/tester noob thread

YuckTheFankees wrote:

Do professionals use metasploit? or is there a more professional framework platform they use?



Professionals use whatever get's the job done while maintaining acceptable risk levels for the client and staying in the confines of the rules of engagement and test scope. That might mean Metasploit, it might not. Your rules of engagement might specify only the use of built-in utilities or limit the types of exploits that can be used. Metasploit is a great tool but don't rely on it too heavily. Real pentesters can still do what they need to do without it, but usually don't unless they have to.
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, GSSP-JAVA, OPSE, CSWAE, CSTP, VCP

WIP: Vendor WAF stuff

http://sentinel24.com/blog @tonylturner http://bsidesorlando.org
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Wed Jul 20, 2011 9:15 am

Re: Update: its been a while since I posted my " I want to be a p/tester noob thread

tturner wrote:Real pentesters can still do what they need to do without it, but usually don't unless they have to.


<nod>

You'll find that many pentesters, who do it for a living, will often have access to the big, paid tools, as well (Metasploit Pro, Core, CANVAS, etc)  Comes with the territory.  The really good ones (pentesters) will tell you, though, that they don't always 'rely' on those tools, but having automated tools, which speed some of their testing, certainly comes in handy, and saves time, depending on the needs and scope of the engagement they're working on.  But again, the GOOD folks know how to accomplish the same tasks without having to rely on or use any given framework, at all.

That said, if you're a new 'up and comer' to the field, which you are, by nature of your own admission ;-), make certain you get your feet wet with Metasploit Framework, and understand what it does, and how it does it, at each step of the process, as that'll help you grow outside the box, when you start working on learning to perform the same tasks, for yourself, without it.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

YuckTheFankees

User avatar

Sr. Member
Sr. Member

Posts: 332

Joined: Fri Apr 08, 2011 3:07 pm

Post Wed Jul 20, 2011 2:45 pm

Re: Update: its been a while since I posted my " I want to be a p/tester noob thread

Thanks for the comments.

So if they dont use one of the framework platforms, how would they exploit the targert system? I dont know if I'm asking the right question, Im just trying to figure out how to word my question properly.
OSCP in progress
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Wed Jul 20, 2011 3:00 pm

Re: Update: its been a while since I posted my " I want to be a p/tester noob thread

Many 'sploits can be used without the framework.  Case in point, being able to pass the proper overflow to a vulnerable service, or something (me hints of some learning they teach from OSCP.)

The framework is just one tool for making an exploit run, but isn't always needed to accomplish the same thing.  A lot of what you'll learn, as you move on, is to analyze the source code for an exploit, and use or modify it, yourself, to accomplish the job. 

Frameworks just consolidate things, combine steps, etc, to speed the process.  They are great for time-sensitive tests, sometimes, where you really need to be quick, but not always as thorough.  But sometimes you need to step / think outside of the box, to accomplish something, or at a minimum, be able to port an existing exploit INTO the framework.

I'm of the camp that believes in understanding what is going on underneath the covers of a tool or exploit, not just being rather 'script-kiddie-ish' and using precanned stuff against targets.  You'll learn more and grow more, in the end, and if you're like me, it's very rewarding.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

YuckTheFankees

User avatar

Sr. Member
Sr. Member

Posts: 332

Joined: Fri Apr 08, 2011 3:07 pm

Post Wed Jul 20, 2011 3:13 pm

Re: Update: its been a while since I posted my " I want to be a p/tester noob thread

That does help. So alot of people who use metasploit are script kiddies? I'm thinking about joining hacking dojo, hacker academy, or elearnsecurity.com but after reading some reviews...I dont know if they are really worth the money.

Are you working in the security field?
OSCP in progress
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Wed Jul 20, 2011 3:21 pm

Re: Update: its been a while since I posted my " I want to be a p/tester noob thread

Don't mistake what I said / meant, there.  My point was in reference to learning, and relying solely on frameworks.

I use it all the time, as do MANY of the more seasoned people.  But you can't RELY solely on that, especially when you're learning, as if you do, you'll miss out on a lot of important understanding.

THAT is / was my message...
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

YuckTheFankees

User avatar

Sr. Member
Sr. Member

Posts: 332

Joined: Fri Apr 08, 2011 3:07 pm

Post Wed Jul 20, 2011 3:33 pm

Re: Update: its been a while since I posted my " I want to be a p/tester noob thread

I understand what you meant. I was just surpised script kiddies use metasploit. When I heard of SK's, I imagined someone using wireshark, nmap, or nessus and not really understanding what they are doing. Metasploit seems complicated, so I didnt think script kiddies used it.
OSCP in progress
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Wed Jul 20, 2011 4:35 pm

Re: Update: its been a while since I posted my " I want to be a p/tester noob thread

Depends on the script kiddie.  You'd be surprised at what I've seen...
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

YuckTheFankees

User avatar

Sr. Member
Sr. Member

Posts: 332

Joined: Fri Apr 08, 2011 3:07 pm

Post Wed Jul 20, 2011 9:15 pm

Re: Update: its been a while since I posted my " I want to be a p/tester noob thread

I wouldnt mind hearing some of your personal experiences. I dont want to be a script kiddie haha
OSCP in progress
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Wed Jul 20, 2011 11:01 pm

Re: Update: its been a while since I posted my " I want to be a p/tester noob thread

Find some 0 days on your own and put them in a safe. When you interview to be a pentester bust them out. The result? You're hired and you're not a "script kiddie."
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Thu Jul 21, 2011 8:52 am

Re: Update: its been a while since I posted my " I want to be a p/tester noob thread

Here's one example (I'll post THIS one to the thread, as it's more vague, and doesn't directly name anyone.)  Nearby, in the area where I live, there is a fairly new company, who promotes 'KNOWING HOW A HACKER THINKS, AND WHAT THEY LOOK FOR AND USE TO GET YOU."  I've seen copies of their 'pentests' from some customers, who have since called me.  The reports are canned output from nessus and MSF, but don't even go as far as showing they achieved any compromise, or any real detail, aside of the fact that nessus SAYS there are vulnerabilities, and that MSF SAYS they can be exploited.  In fact, in one such report, they show an attempt (that failed) to use MSF to exploit the weakness, and leave it at a statement of "Given time, we're certain that we could've compromised your system."  (yeah.....  given LOTS of time, for them to call in someone with a clue.)  I'm sorry, but the point is to actually achieve the compromise, to prove the validity of the discovery.  A little extra work by them, to understand the exploit and tweak it, and they could've easily made it work.  But instead, they proved (to me, anyway) that they're more or less script kiddies, who memorized their way through certifications (or not even,) but don't truly understand the realities and flaws they were seeing.

This is one of a handful I could give you, from personal experiences.  There have been several, not only by that company, but by others I've seen.  I've also seen reports and findings from other companies who've claimed to have found really serious holes, only to have to relate to my clients (whom I did NOT test, at all) that the holes were neither valid, nor exploitable, in the way that said company claimed.  I went on, in one case to show it was IMPOSSIBLE to have gotten in, via one reported finding, and the contracted pentest company later acknowledged to the customer they doctored up things a bit, since they hadn't proven anything, otherwise.  They had also been contracted for services in maintaining patching,etc, so they wanted to prove there was reason to pay them for their time and services.  Needless to say, said company will NEVER be called by that particular customer, again.  I give the company in my first paragraph props, at least, for leaving it at, "we didn't get it, but could've."  At least they didn't outright lie...

Just goes to show, like in the thread where sil is discussing certified versus experienced, etc, that folks really need to vet out their employees, and need to research carefully on anyone they are contracting in for security work, to make sure the credentials and knowledge are accurate, and not just a ticket to open the front door and make some $$.
Last edited by hayabusa on Thu Jul 21, 2011 2:47 pm, edited 1 time in total.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

impelse

Hero Member
Hero Member

Posts: 585

Joined: Mon Feb 16, 2009 3:40 pm

Post Thu Jul 21, 2011 10:38 am

Re: Update: its been a while since I posted my " I want to be a p/tester noob thread

Good post hayabusa, I saw similar situation but not only in the security side.
CCNA, Security+, 70-290, 70-291
CCNA Security
Taking Hackingdojo training

Website: http://blog.thehost1.com/

Return to Career Central

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software