A push in the right direction?

[akh42010]

Hello Back|Track community!


I am a newcomer in the world of pen testing with BT4. I have been using Back|Track since BT3 and only for wireless cracking on my home network so I understand how it's done. Once I got started, I got addicted. Now I have friends of mine use more complicated WPA and WPA2 passwords at their house and come over with my laptop and make bets on whether I can crack it or not. lol. Needless to say that I have been losing the WPA2 battle with strong passwords. Anyway, to my point:

I have been reading up on the offensive-security certs (PWB and Wifu). I am pretty sure I can pass the wifu without too much difficulty. Only problem I have is with strong WPA and WPA2 keys. Regardless, cracking wireless has gotten redundant and boring for the most part. I have an older Dell Dimension that I keep networked just for practice, so that's what I am working with when not at my friends house showing him how unsafe his WEP key is. LoL. But I have reached my sticking point of self teachings. I can use wireshark to get HTTP POST content (usernames and passwords, etc.) but even that can be daunting to me sometimes. I am a Level 2 IT professional for Dell, so I am not foreign to servers and networking by any means, but pentesting is an entirely different monster. I have to admit that I am a nub in the field. I hear wonderful things about the PWB and Wifu courses and I have most of the lsited prerequisite knowledge that is listed on their site, so I guess what I am asking is whether or not somebody with a novice amount of network pentesting knowledge and a lot of willingness to crack down and learn would be able to take those courses and actually pass them and understand what I am doing afterwards. Online documentation is one thing, but advice from experienced pentesters that have been through the course and do this every day have no substitute. The Wifu course is cheap, but the PWB course is pretty hefty and I don't want to get caught with my pants down after signing up for it and realize that I have no clue what I am doing and waste my money. Any suggestions?

[lupin]

Now I have friends of mine use more complicated WPA and WPA2 passwords at their house and come over with my laptop and make bets on whether I can crack it or not. lol.

I almost stopped reading at that point - mentioning a bet with a neighbor/friend to crack their wireless network is a good way to immediately get dismissed as a lame social engineer here, so you probably want to avoid doing that in future.

Regards the Offsec course. There was a thread just recently discussing it, and a few people who have attended the course made some pretty detailed comments. In particular, I went over the circumstances under which I do and don't recommend people take the course. Your first test (should you choose to accept it) is to find that thread. You do need to be able to track things down on your own to be successful in the PWB course.

Next - do you have a good understanding of TCP/IP? By that I mean have you spent time looking at packet captures, configuring IP clients and servers, troubleshooting communication problems, etc? Have you attended any TCP/IP focused courses (e.g. CCNA) or read and understood any good TCP/IP references (The Richard W Stevens book for example). Know what DNS is and how it works? Have you run a port scanner or a vulnerability scanner before? Do you understand how they work? If so you should probably be OK for the information gathering/scanning phases of the course.

Third, try the free Metasploit Unleashed course. If you can follow all of it (by that I mean understand whats going on, and be able to take what you learned in the cours and apply it in different situations), then you should be OK for the exploitation portion of the course. Next Id recommend trying some of these buffer overflow exploit tutorials. If you can follow at least the first one or two you should be OK for the exploit writing sections of the course.

If you're OK with all of that you should be OK with the Offsec course. It probably has higher entry requirements than most other similar IT security style courses, but if you're willing to put in the effort you should be OK.

[akh42010]

First, let me apologize for the betting reference. I didn't look at it in that light. I'll be much more careful what I post from now on as I wish to get the most of this forum as possible and don't want to be viewed as a shameless social engineer. My intention was not to be disrespectful what-so-ever.

I was reading through a lot of threads in the last few nights before creating an account to actually post on here, but honestly, after days of Google searches and forum searches, everything seems to blend together, so I must have missed it. I'll browse for that after I submit this.


Thanks for all the pointers. There are certain things that you mentioned (Metasploit and buffer overflow exploits mostly) that I need to research. I would love to check that book out as well. Thanks a million man! Sorry again about earlier. I know better. Looking forward to seeing what I can get out of all this!

P.S- Is that avatar the father from Shin Chan? LoL. That show used to be friggin crazy! Old school Adult Swim FTW!

[lupin]

No need to apologise about the "bet" reference, just wanted you to be aware in future that seeing the term in posts here makes many long term members of this forum slap their foreheads and groan, because it's usually followed by a lame question about how to "hax0r teh WEP", and then a severe flaming (and possibly banning) of the OP. It's become a bit of a cliche here. Check out the archived Idiots Forum if you want examples. Most people will read your whole post before flaming you (and mods will definitely do this before banning you), but some other forum members might just dismiss you and stop reading when they see that, which is probably not what you want.

Added to the things I listed above, you may also want to have a look at some of the HowTos on this site. Just recently, purehate has been posting a number of tutorials on the use of information gathering tools - that type of information will help you further round out your skills before taking the PWB course. And you will get more value out of the course if you have some skill in the things covered before you take it.

The picture in my avatar is of the beloved Japanese manga character Lupin the Third, obviously the character upon which my forum alias is based. If you're into that sort of thing you may want to check out some of the movies featuring him. Some, such as The Castle of Cagliostro are considered to be classics.