Practicing hacking and penetration techniques

[redrabbit29]

Hi ya'all

I am doing a lot of research and testing of new ethical hacking techniques which includes some experimentation of black hat tools.

I obviously don't want to start trying these out on any random site!

I've considered building my own server or mini network but that's not really feasible or adequate. Are there valid test networks or sites for this purpose, or any other method?

Thanks everyone
RR

 

[robfosters]

Penetration techniques you say. No experts on here.

 

[hornetstinger]

try hacking cia, mi5. Lemme know what happens.

 

[Sliver]

Came in for deep penetration. Left disappoint.

 

[Leprechaun312]

yeah there are, you can do it on your own pc with virtual box. There are even pre built virtual machines you can hack, and DVWA (damn vulnerable web apps) for website hacking. If you check out the Vuln hub you'll find tonnes of VMs all of which are hackable, most of them with walkthroughs if you get stuck

 

[itchy]

Looks for Tefal to respond!

 

[Leprechaun312]

check out this https://www.vulnhub.com/resources/ loads of stuff.
https://pentesterlab.com/exercises/ more stuff, some of it isnt free though
http://www.dvwa.co.uk/ bit of googling to set this up though, but once it's done there are loads of tutorials out there on it

and what you'll need for all of those https://www.virtualbox.org/

EDIT: forgot to mention, if you havent found it already kali linux is a good place to start for hacking tools https://www.kali.org/, like the stuff above i've linked you can set this up in a virtual machine aswell.

 

[LOAM]

Also

https://www.hackthissite.org

 

[Leprechaun312]

Also

https://www.hackthissite.org

can't believe i missed that one

 

[Sliver]

Noob question. Why do people want to hack?

 

[Leprechaun312]

Noob question. Why do people want to hack?

you not watched mr robot then
It's fun being paid to break things
Also doing a test on real life systems and finding out peoples secure password of Password123 is always a good facepalm moment

 

[Sliver]

you not watched mr robot then
In essence it's fun, being paid essentially to break things is fun
Also doing a test on real life systems, finding out peoples secure password of Password123 is always a good facepalm moment

So causing trouble then by violating innocent peoples privacy? Sounds very mature.

 

[itchy]

Noob question. Why do people want to hack?

Its more of an I want to know how it works type thing, then when you know you say "Lets see how far I can go".

I looked into years ago and just thought nope.

I don't have the patience.
I did not have the time to learn.
I also thought what is the point if your door goes in a few days/weeks/years later.

It has changed a lot now with bitcoin miner viruses, corporate hacking, password leaks etc.

Cracking and hacking your own personal devices is fair game as far as am concerned though.

 

[Sliver]

Cracking and hacking your own personal devices is fair game as far as am concerned though.

Yeah. However I bet a few people on these forums are up to mischief with other peoples accounts.

 

[Leprechaun312]

So causing trouble then by violating innocent peoples privacy? Sounds very mature.

ehh, it's not like that, the intent isn't to see who has the worst password and see there personal stuff. That isn't the point of pen testing, the point is to see what is vulnerable in a system, can it be exploited and if so what is the impact. Part of that is **** passwords, social engineering e.g. getting someone to open a malicious document or link. This side of things (passwords and social engineering) is the iffy area where your intruding on peoples personal data, however in real life.... if an attacker can exploit that they sure will and the impact can be massive.

My original response was a bad one i should have said the above first. "why people hack" malicious hackers either hack for personal gain or to say they've done it, pen testers hack to see how an attacker could get in and then provide a plan on how to fix the issues.

 

[neil_g]

So causing trouble then by violating innocent peoples privacy? Sounds very mature.

Ethical hacking and pen testing is a way of checking a system is secure. There are plenty of companies out there offering this service to businesses.

Some payment portal companies will insist on regular port scans on your network(s) for example to meet their security requirements.

 

[Sliver]

Ethical hacking and pen testing is a way of checking a system is secure. There are plenty of companies out there offering this service to businesses.

Some payment portal companies will insist on regular port scans on your network(s) for example to meet their security requirements.

I think I should be the person who decides that my systems are secure. I DO NOT WANT un-autherised people hacking my accounts. Even if they have no malicious intent. It's like pooping through my letterbox, I did not ask for it and DO NOT WANT IT !

 

[Leprechaun312]

I think I should be the person who decides that my systems are secure. I DO NOT WANT un-autherised people hacking my accounts. Even if they have no malicious intent. It's like pooping through my letterbox, I did not ask for it and DO NOT WANT IT !

Like that is illegal, companies don't just pen test other companies and send them a report without authorization. in fact my company has even sent a letter to a company after one of the pen testers mistakenly tested another companies ip address.

 

[darael]

I can see why it's done, it might be interesting and educational for those doing it, albeit unnerving for the users. As long as it isn't malicious, you aren't broadcasting your findings to the wrong people and you are reporting your findings to the people it matters, I don't see any harm. If nothing else, it helps build security.

I imagine in the similar way that open source allows developers to let others examine their code, then fix and develop it.

 

[datalol-jack]

Practicing hacking and penetration techniques

Next time don't swallow and move your hips more!