?
Solved

Ethical Hacker - Penetration Testing  -Examples - security examples, exploits

Posted on 2010-03-31
11
Medium Priority
?
492 Views
Last Modified: 2013-12-04
Experts,

I have setup active directory, firewalls, sniffer updates and all that i can think of for security purposes on my network. I realized that all this is useless if i don't have a way to test.
I have seen many tools to test my network but I really don't know how to use them.
Can any one point me to some good websites that have some step by step documentation and preferably video tutorial and how to perform internal lab testing exploits.
I.E.
1- Taking control of pcs
2- Ethical hacking
3- Ownership, escalating priveleges etc etc
Some good video tutorials to secure my internal network, gain knowledge and try to keep "some" bad guys away.

thanks
0
Comment
Question by:ticowarehouse
11 Comments
 
LVL 14

Expert Comment

by:Roachy1979
ID: 29307171
you might want to go through the CEH exam review guide and tackle each of the topics in there in turn.  It's not too detailed but it does give enough insight to allow you to go and research the hundreds of techniques and tools it suggests separately. In particular you might want to read up on OpenVAS and Nessus, Metasploit, Nmap and familiarise yourselve with these tools.

Also get to know TCPDump and Wireshark, understand how their filters work and how to raise and lower the detail in captures.  Above all it's recommended that while you're getting to know any tools that actively attack the network you test everything in a test (possibky virtualised) environment first to make sure you don't *actually* break anyhing...
0
 
LVL 19

Assisted Solution

by:CoccoBill
CoccoBill earned 500 total points
ID: 29308564
0
 
LVL 12

Assisted Solution

by:jahboite
jahboite earned 500 total points
ID: 29328662
Irongeek has some good video demonstrations of techniques and tools:
http://www.irongeek.com/i.php?page=security/hackingillustrated

There's an online course which sounds very good (for those with a determination to learn)- I believe that the online (as opposed to the live) version is free - just requires registration.  I recommend you sign-up and wait for registration to see if it really is free.
http://www.offensive-security.com/penetration-testing-backtrack-online-training.php

and if you don't have backtrack, a linux distro designed for pentesting, I heartily recommend you get it and either install it on a linux host or get the virtual machine.
http://www.backtrack-linux.org/downloads/

you'll see backtrack used alot in the videos at securitytube.
0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 
LVL 1

Expert Comment

by:PazHRC
ID: 29330689
the way to hack some web app, pc and server are so much...
if you want a complete o.s. or doing this i can advice you

Linux BACKTRACK

is a wonderfull o.s. for doing all that you want about pen testing

you can download it from here
http://www.backtrack-linux.org/downloads/

and there is a forum with a wonderfull community that can help  you...

or question about this o.s. you can contact me with no problem
have a nice day
Paz!
0
 
LVL 2

Expert Comment

by:yuliang11
ID: 29352197
you won't go wrong with metasploit
0
 
LVL 3

Expert Comment

by:gmckeown99
ID: 29691480
Also try Samurai from http://samurai.inguardians.com/

I would also suggest attending SANS SEC504, then SEC560. These courses teach exactly what you are looking for.
0
 
LVL 1

Expert Comment

by:PazHRC
ID: 29694954
call me old or repetetive....but backtrack is unbeatable.....
0
 
LVL 12

Expert Comment

by:jahboite
ID: 29695977
I was wrong about Offensive Security's online courses.  They're not free and you can't get the course material without paying for the lab time.  Still, I've been told that the PWB course is fantastic.

You can get the course syllabus:
http://www.offensive-security.com/documentation/penetration-testing-with-backtrack.pdf
which might be a useful guide to the 'what'.

And Paz - the question was about documentation and video tutorials - not tools.  You repetitive old repetitive old person you.
0
 
LVL 25

Accepted Solution

by:
madunix earned 1000 total points
ID: 29778565
look @ http://projects.webappsec.org/Web-Application-Security-Scanner-List
i use nikto......Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired).
http://www.cirt.net/nikto2

i use Backtrack for vulnerability, i use opensource tools and my own scripts(perl/python), maybe you could use BackTrack, a nice distro with a lot of security tools....
http://www.remote-exploit.org/backtrack.html

1.      Nessus (Linux if you can) http://www.nessus.org/nessus/
2.      Nikto (Linux) http://www.cirt.net/nikto2
3.      Paros proxy (Linux if you can) http://www.parosproxy.org/index.shtml
4.      Ike-scan (Linux) http://www.nta-monitor.com/tools/ike-scan/
5.      SARA (Security Auditor's Research Assistant) (Linux) http://www-arc.com/sara/
6.      MBSA (discutable) http://technet.microsoft.com/en-us/security/cc184923.aspx
http://en.wikipedia.org/wiki/BackTrack
http://www.linux-magazine.com/w3/issue/77/BackTrack.pdf

0
 
LVL 12

Expert Comment

by:jahboite
ID: 30043590
0
 

Author Closing Comment

by:ticowarehouse
ID: 31709471
Thanks
0

Featured Post

Firewall Management 201 with Professor Wool

In this whiteboard video, Professor Wool highlights the challenges, benefits and trade-offs of utilizing zero-touch automation for security policy change management. Watch and Learn!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Last month Marc Laliberte, WatchGuard’s Senior Threat Analyst, contributed reviewed the three major email authentication anti-phishing technology standards: SPF, DKIM, and DMARC. Learn more in part 2 of the series originally posted in Cyber Defense …
This blog will spread awareness about Dropbox. We have given the statements based upon our experience. Along with this, there is a section of some new plans that should be added in Dropbox this year. This will make the storage service enhanced from …
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

601 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question