Any LEGAL methods for exploring vulnerabilities outside penlabs?

Hi everyone.

Firstly clearly I'm a newbie with everything security related, and I figure I'll be straight with you all as to what I'm looking into rather than shitty euphemisms like "I forgot my Facebook password can someone hack it for me lolz". If the answer is no that's fine I'm just curious.

Looking into pen testing has been amazing for me. I'm finding it so interesting and reading a ton of books, watching a ton of videos and spending weeks on testing out different things in a pen lab. To me it's almost like waking up and looking at the internet in a new way, something extremely cool. My biggest urge now though is to try and find out how secure lots of different places are, and what "real world" security is like. It seems in a pen lab there is always a vulnerability, always a known result, and almost like a forgone conclusion. It seems so exciting to spot something "in the wild". Writing it down it sounds so geeky but hey, you guys probably understand.

Saying all that, I am genuinely not in it to damage something that isn't mine or have any malicious motivations at all, only my curiosity. My question then becomes - is there any way to explore a server in the real world, detecting vulnerabilities and finding out what could be done, but maintaining legality because you never actually exploit he system? If anything you could possibly notify the owners of the vulnerability. I'm thinking the answer will be no, but your advice is appreciated.

Cheers.

While this has nothing specifically to do with Backtrack.

As predicted by you the simple answer is "no" however I will try to sum up a few points and justify the answer.
In the post you mention you are a "newbie" this is not a bad thing after all everyone has to start as a newbie, however, these things can cause a lot of damages in real world and can cost companies a lot of money. I suggest you leave this idea alone until you get more experience and a security related job, doing this without legal authority of course is not supported on this forum.

If you really wish to stop building your penlab and make the vulnerability obvious there are a lot of Vulnerable Machines which you can download either as an ISO or VM and use them in your lab to learn, same thing goes for different websites with challenges. Another alternative with for this is simply find someone you know who's interested in security also and ask him to setup your penlab with different ideas.

As mentioned above real life attacks are to be made by professional pentesters who have legal authorisation to do it. There are many reasons for this and I suggest you follow the advice :)

Thanks for your well trout out and justified reply sickness. It's a shame, but I can completely understand the reasoning behind it. Its funny, becoming interested in security is like finally being able to see, but then being told that looking around the world is illegal haha.

Regardless of my frustrations, I'll take on board your advice and keep to the realms of pen testing labs and my own network. Perhaps as I start becoming more involved in the community I'll find some others which share my interests and could perhaps help me randomize my testing :D

Thanks again for answering a non-backtrack specific question. I mainly asked here as it was a mature community with a security focus, could you perhaps point me towards some other communities where general security questions (which I'm sure to have a ton of) may be more appropriate?

Cheers

To be honest I'm not really sure what "general" security communities to recommend.

Invidicous, have you looked into hackerspaces in your area?

I'm in the same boat Invidicous. It was like opening a new world, but like you, the writing on the wall was pretty clear - you can't practice out in the wild. I love listening to interviews with the likes of Steve Jobs, Steve Wozniak, Peter Zatko, etc. etc....they were free to play in their haydays without recourse in the infancy of the internet as we know it. It's simply not like that anymore.

I'm almost finished with my Info sec degree, so I chose to build my own home network using old computers. They're out there and they're cheap. You don't need a modern configuration to do testing (although it may be more realistic). I have one running BT5, 2 running Win XP and one running Windows 7 with a laptop that I can plug in if needed as well. If you have the money for it, go build your own network and practice all you want legally. Right now I'm slowly easing into Metasploit and doing some basics on that. I have a computer forensic class coming up next semester that I'm sure some of the BT5 tools will come in handy.

Unless you have a buddy(s) you're kind of on your own. There's also courses but they're kind of spendy.

Good luck!

Hello. just to point something it might help... it depends a lot WHERE you live - Us -Eu etc. every state has his own law against ' cyber crime' with different approach. if you let me know where u live i can make some research..i have more skills in law than in BT5 :)


just to make an example running BT5 is not a crime, trying to crack WPA it will sure considered unlawful.
this could at least considered a tentative to violate a system, not a violation until you get the code and/or use it. but there could be several rules about getting codes so crack a code without using it could also be considered a crime.


you can also talk with teachers and ask for a project to find weakness or something for study. if they agree you could do the work (and homework :P)
at school testing more environements.
i also discovered this new world and im triyng at home to strengthen security then in office to find weakeness.

honestly i dont think that normal users have the skills to find the attacke/er but it will be wise to follow the hints here, dont risk and avoid hazardous approach. :)

thank you all.