Pointers for Script kiddies / Beginners to the field - General Security Discussions

Xin

I would appreciate it if you guys could post with more suggestions to be added to the list.

1. You are not anonymous on the internet, you can almost always be tracked so learn anonymising methods such as proxys, tunneling, proxy changing, mac spoofing and more.

2. Get and learn how to use a linux operating system, most webservers will use linux.

3. Do NOT assume your eleet and secure by using linux, a poorly configured linux is less secure than Windows.

4. Don't ask pointless questions without spending time googling them yourself first.

5. Using a RAT, Trojan, Botnet is not hacking.

6. Nobody cares about your mumbo jumbo you wrote on a website you just defaced using a prewritten tool, that also doe's not make you a haxor.

7. Spend time learning to program and how networking works.

chroniccommand

Read, read and read some more.
Just because you're taking a "certified pen-testing course", doesn't mean jack sh*t.
Criticism helps you learn. If you're flamed by somebody who has more skills than you, don't cry about it. Do something about it and take his/her advice.

Sh3llc0d3

I'll disagree with the 2nd and 3rd above, some right arseholes go about preaching they know everything, especially when it comes to programming. Constructive criticism means just that, not flaming. A lot of penetration testers and security professionals would beg to differ on the 2nd point. I see no difference between a 'skid' learning the same material as a professional pentester. If they pass they must know the shit especially in a practical test such as PWB.

Xin

I agree most of these penetration testing causes aren't easy ive seen the past papers. I would have a lot of respect for someone holding CISSP, CCIE Security etc, over someone who didn't. Chronic there is a point where you can read Tooo much phrack :p as i know that is their beliefs.

chroniccommand

said:

I agree most of these penetration testing causes aren't easy ive seen the past papers. I would have a lot of respect for someone holding CISSP, CCIE Security etc, over someone who didn't. Chronic there is a point where you can read Tooo much phrack :p as i know that is their beliefs.

My mind is set on old school :p
I just think that the older exploiting techniques(Stack corruption/cryptography/network exploitation), are generally harder than web exploitation. You see new web exploits every day on exploit-db, but the occurrence of local root exploits are more rare. But I guess it's really what your opinion is. Web exploitation is fun and it is a good thing to learn but I think it's better to learn PHP and such and look for vulnerabilities yourself, not just take a pen testing course to learn to look for and exploitation SQLi's and such.

Sh3llc0d3

...ok....

[spoiler=....]

older exploiting techniques(Stack corruption/cryptography/network exploitation), are generally harder than web exploitation.

Comparing two totally different subjects, it's like saying a degree in neuroscience is harder than a degree in surfing.

Web exploitation is fun and it is a good thing to learn but I think it's better to learn PHP and such and look for vulnerabilities yourself

Same thing, they're both web exploitation I guess.

pen testing course to learn to look for and exploitation SQLi's and such.

That'd be a shit pentesting course.[/spoiler]

Xin

Chronic you need to check out the syllabuses of these pentesting courses there so much more than just SQLi, infact barely of them even teach SQLi.

McKittrick

it seems to me almost every board i have visited (even this one) always seems to succumb to "flame wars" and that gets old

for one, i am SICK of the windows bashing on here! guess what, half the shit you do on a linux box, windows can now do since libs/etc have been ported. and those who laugh about windows and discard it like it is something trivial, i HIGHLY doubt most have a clue how the core of windows actually works (like subsystems/alternate streams/messaging/etc), not counnting the fact that few on here could manage or even set up a large active directory forest of 1,000 or so nodes, or run a MOM server or anything else that windows users run in large business environments

you post that "just because you learn a pen-test course don't mean shit", but at the same time you have people on here praising and tripping over themselves to show us the new "toolkit OSes" that pop up every week! i think most on here, or even people in general in "hacking" forums, have never taken the time to read books or actually set up a complex network environment (multi-protocol routing/security/etc). just because they have read a damn phrack article, they feel they know it all. also, just because you can code, does not mean you are leet. it is a GREAT step, but you still need to be able to apply it when you need to, so that would mean knowing the network environment/OS you plan on using it on/etc

i felt i had to say something here because this "i'm better than you at this because" is just getting old and annoying. that, and i am sick of the downplaying directed at windows users

Xin

said:

it seems to me almost every board i have visited (even this one) always seems to succumb to "flame wars" and that gets old

for one, i am SICK of the windows bashing on here! guess what, half the shit you do on a linux box, windows can now do since libs/etc have been ported. and those who laugh about windows and discard it like it is something trivial, i HIGHLY doubt most have a clue how the core of windows actually works (like subsystems/alternate streams/messaging/etc), not counnting the fact that few on here could manage or even set up a large active directory forest of 1,000 or so nodes, or run a MOM server or anything else that windows users run in large business environments

you post that "just because you learn a pen-test course don't mean shit", but at the same time you have people on here praising and tripping over themselves to show us the new "toolkit OSes" that pop up every week! i think most on here, or even people in general in "hacking" forums, have never taken the time to read books or actually set up a complex network environment (multi-protocol routing/security/etc). just because they have read a damn phrack article, they feel they know it all. also, just because you can code, does not mean you are leet. it is a GREAT step, but you still need to be able to apply it when you need to, so that would mean knowing the network environment/OS you plan on using it on/etc

i felt i had to say something here because this "i'm better than you at this because" is just getting old and annoying. that, and i am sick of the downplaying directed at windows users

I have never put any downplay towards windows users, i just said "Get and learn how to use a linux operating system, most webservers will use linux." i didnt say dont use windows, i still use it.

McKittrick

no but i have seen on here where windows was mentioned as rather laughable (maybe not in those direct words)
my point still stands. those who bitch about windows (or even IE), i usually find don't know how to use it properly

Xin

said:

no but i have seen on here where windows was mentioned as rather laughable (maybe not in those direct words)
my point still stands. those who bitch about windows (or even IE), i usually find don't know how to use it properly

Well take up your argument on the threads themselves so the OP knows if he went wrong.

chroniccommand

said:

it seems to me almost every board i have visited (even this one) always seems to succumb to "flame wars" and that gets old

for one, i am SICK of the windows bashing on here! guess what, half the shit you do on a linux box, windows can now do since libs/etc have been ported. and those who laugh about windows and discard it like it is something trivial, i HIGHLY doubt most have a clue how the core of windows actually works (like subsystems/alternate streams/messaging/etc), not counnting the fact that few on here could manage or even set up a large active directory forest of 1,000 or so nodes, or run a MOM server or anything else that windows users run in large business environments

you post that "just because you learn a pen-test course don't mean shit", but at the same time you have people on here praising and tripping over themselves to show us the new "toolkit OSes" that pop up every week! i think most on here, or even people in general in "hacking" forums, have never taken the time to read books or actually set up a complex network environment (multi-protocol routing/security/etc). just because they have read a damn phrack article, they feel they know it all. also, just because you can code, does not mean you are leet. it is a GREAT step, but you still need to be able to apply it when you need to, so that would mean knowing the network environment/OS you plan on using it on/etc

i felt i had to say something here because this "i'm better than you at this because" is just getting old and annoying. that, and i am sick of the downplaying directed at windows users

Valid and great points. But I disagree with SOME

For one, the true meaning of hacking is learning how something works. Just because you've never actually set up a complex network environment doesn't mean they can't, and it certainly doesn't mean they don't know HOW it works.

Also I don't exactly bash windows, I'm just not a fan. If you actually learn how windows works and the inside core of windows, then you can deem yourself a windows expert and a real hacker ;)
But at the same time it's a great thing to learn how to use a *nix box. After all, *nix came first ;P

McKittrick

all i was trying to get across is this: hacking is nothing more than learning to manipulate what is in front of you, whether that be a conversation, a piece of code, or being on an OS (could be ANYTHING)
just because one has a nix box, does not mean diddly. same goes for you with a windows box in front of you. those are nothing more than the CHANNELS you have to produce the creativity--it is up to you to delve into that medium and manipulate it

and again, because you have 4,000 haxor tools and a bunch of packetstorm sploits and run 4 OS toolkits doesn't make you a god. i feel that if you can master WHAT YOU HAVE IN FRONT OF YOU, then you can be given your credit and dues (just because one can copy over shellcode from a module and throw it onto their code doesn't mean they know how to actually place and use it, get what my point?)

and one more thing i should say before i forget. please stop labelling everyone a "kiddie".do you know how many pen-testers out there don't code, run testing kits all day long in business environments and get paid to do it!? they actually know what they are doing and have taken the time to read and learn and KNOW AHEAD OF TIME (if i push this button or scan this i know the outcome because i know how this works). a "kiddie" is one that can run the toolkits and scan and do all that but he SIMPLY WANTS THE RESULT, NOT WHY IT WAS OR HOW IT WAS ACHEIVED

just making sure to emphasize that

sangf

ugh, i don't know what to say to this.. but, it is ignorant to debase someone's area of expertise/knowledge without a good reason, and even more so to do the same based on a judgement of a few idiots mis-using that knowledge. there are extremely talented users and developers for both windows and linux, there are talented pen-testers with and without certification, and there's also the opposite of those. certifications are generally specific, where as hacking is not. i think there is merit in certifications, in that it represents what someone can do in a specific area/subject.. and it's not wise to disregard that simply because you don't appreciate it.

however, with that being said.. hacking is generally a very broad and vague term, and with the many areas of computing, i can see where chronic is coming from.. a pen-tester certification is not a guarentee of other (even basic) knowledge in related but untaught areas, such as programming (for example). but once again, i think the main issue here comes back to the circlejerk question of "what is a hacker?". in summation, we've (most likely) all learned different parts of computing, we all have our strengths.. be it in programming, pen-testing, networking or otherwise, and there's no use in an absolute judging of "hacker" vs "skid" (i hate both of those terms, btw) based on a seeming lack of knowledge. many people here who lack a certain expertise may have something valueable to share. for me, my knowledge of pen-testing and the possibilities of wi-fi hacking were almost non-existant, but thanks to the members here who provided information on those topics, i now have a much better understanding.

Sh3llc0d3

This shit is getting old. Sangf could not have put it better. I'm not one for proving what I can do or not do so I won't but this really is getting boring with the skid/hacker argument. I too hate the term skid, and I'm getting to hate the term hacker as It is more and more commonly used out of it's correct place.

McKittrick posted a valid argument, however it is not right to make unfounded assumptions. He has not been the only one to do so, as it has occurred multiple times in this thread.

Now this thread is designed to help new-comers, Xinapse had good intentions starting this thread and I see no problems with anything he's put in the list. The Linux comment is valid, whilst I see no problem with it, windows is just as good for certain things (like I use windows for rooting). Linux administration is a good discipline to learn, I'd guess McKittrick would agree especially if you want to run a linux specific network as it does happen in the wild.

I advise everyone to go through these posts again, look at what you've posted and think about it. Past this post I want to see no more flaming in this thread. Sensible suggestions/additions to the list only. Flaming is against the rules outside the lounge, it will be enforced from here on out.

Howdy, Stranger!

Top Posters

Who's Online (2)