Search This Blog

Friday, November 23, 2012

Where to Start: n00b 'pen-tester'? Part dos

        "Become very familiar with all of your basic linux commands, know how to navigate terminal,                       how to view different directories.  When you begin, it can seem daunting."
                                                     --n1tr0g3n...THS/forums.







>>>Read through the entire post before going through the links.<<<

Forget commands how do you:

-learn about dual booting OS's  (operating systems)      lifehacker: How to dual boot W$ 7 and Ubuntu?
-use Unetbootin and what is it                                       lifehacker: unetbootin how to


First you must begin to understand that you are going to have to start using a Linux distro (distribution..ie. Ubuntu, Linux Mint, being the ones that are user friendly).  Linux is a free OS and comes in too many flavors to name.  Distrowatch is a site to find what ever you are looking for.  Use the search function.  When you find the one you want download directly from the site to your box as an  .iso file.  This is the Ubuntu download section.  Use one that has LTS (long term support) after it.  Like 12.04 LTS.  Click the iso link and you should be able to take it from there.


Q.  Can I use M$ to further my pen-test knowledge?

 No, not here.  This is Linux full time.  I will show you other options though.  First. Dual-booting operating systems.  What is it?  (refer to the above article)  Putting two OS's on the same computer/machine/box.  Meaning, being able to use either M$ or Linux on your laptop/desktop.  When your computer starts you will be asked to choose which OS to use, scroll to the one you want and push enter, and it boots. 

You will need a downloaded  Linux .iso saved on your machine and a copy of unetbootin.

-Install unetbootin and insert a thumb drive or sd card at least 2 GB in size into one of your ports on your machine.  Make sure that it is the only device in your usb ports and then open unetbootin.  Choose> Diskimage>browse to where you saved your .iso file and open it.  Click okay and let it do its thing.       

-It will finish loading Linux onto your portable device/usb and ask you to reboot. Click reboot.

-Before your machine boots into M$ or any OS it first boots through it BIOS screen.  It does it very quickly, be ready.  As it boots you need to push f2 over and over.  If it doesn't work google your brand of machines function key that lets you into the BIOS menu.  If  it does work you find your self in the BIOS menu, use the arrows keys to find the section called Boot and press enter.  Under that section look for boot priority.  Open it up with enter.  Move the choices with the + and - keys.  We are looking to move usb/rev.device to the top with + or -.  When done SAVE what you have done, my machine is f10 to save, then press enter.  The machine will restart again, but this time let it boot normally.  *Note:  The first time I did this to my box I was about to wig-out, thinking I was going to destroy something.  It can happen I am sure.  It has never happen to me.  If you chicken-shit out, but don't save anything nothing will happen.  Back to the story.  Because we have given priority on the machines boot/restart to the usb with Ubuntu on it it will boot Linux.  Ubuntu has a self explanatory menu just pick:  Try without install or Default.  Press enter.

You will be greeted into a desktop environment that has application choices on the left.  Welcome to Linux.  I remember when I did this the first time I thought I was well on my way.  How I was mistaken. 

mrwhte




Posted by at No comments:

Where to Start: n00b 'pen-tester'? Part uno.



I would like to start by stating that I am a n00b.  Even after years of using Ubuntu as my sole OS, I don't really know that much about Linux, and even less about being a pen-tester.  Come to find out you can't just load up some videos off you-tube with some software and start doing whatever it is you do.  Negative.

This is where I will stop and say nothing in this blog is intended to teach you how to do anything malicious to anyone, anything, anytime.

Q.  Where do I find information on becoming a Pen-tester?
 
As a W$ (windows) user, I only had self-taught computer skills, and it is not like you can just go asking people on the street for information about network security, so I decide to start to become familiar with the information of it, through the Google and the You-tube.  You will learn it is almost impossible to learn about things if you do don't know how to search for them.  Putting hacking into a search engine is going to be about as useful for you as it was for me.  This is where we learn how to use Google to search for what really want, by being specific with our search terms.

Forget get adding articles (a,an,the) with your terms, instead use the'+' sign in between parts of the search.  Example:  If I am searching for information on penetration testing for beginners, instead of searching for: penetration testing for beginners, search for: pen-test+beginners+tutorials.  Or by looking over this information on it.  Get into the habit of searching for tutorials.

Q.  What information do I trust?  Does the author know what they are talking about?

I still have trouble with this one.  There are a couple approaches one can employ.  You could become a member of a forum and start asking questions about hacking and taking over networks, but this will usually get you banned.  It should.   Or you can do it all by yourself, too scared of everything, to nervous to ask any questions at all.  Not it either.  The smartest approach IS to understand people are not going to spoon feed you any information about these subjects, and expect at the very least for you make serious effort at solving your problems before you come to them.  You are going to have mentors, testers who you follow, whether through blogs, FB,G+, whatever, just make sure you look for patient teachers who provide you solid information.  The kind that keeps you out of trouble, because with this knowledge...well let's just say we things can get crazy.

One ninja/tester I follow is n1tr0g3n.  His page is at http://www.n1tr0g3n.com/, I highly recommend his information and his style.  Also you can check out a site called Top-Hat-Sec, THS.  Click the forum tab and register or stay a guest, whatever.  Look for General Discussions and your in. Before you ask questions there, USE THE SEARCH FUNCTION ON THE PAGE.  The artisans there won't flame you for asking dumbass questions, but appreciate the effort we were talking about earlier.  THS is a paid forum, and this is something I would recommend.  It is cheap for what you get.



I will be answering more questions I have had, up until now in part dos.  Please leave any comments you have.

mrwhte
Posted by at No comments:
Labels: , , , ,
Subscribe to: Posts (Atom)