Penetration Testing Help

[Wizard22]

Hey guys,

Firstly I'm not a script kiddie or someone looking to H4CK systems. I am studying computer and information security and university and in my spare time help friends/family with computer related stuff.

Basically a friend of the family has asked me if I could carry out a penetration test on his network.

So far I have:

1 - Ran Whois scans to identify network range from domain given
2 - Ran Nmap to list all computers online
-- built company portfolio from online information
3 - Ran Nmap to try to identify services, all came back as filtered or closed
4 - Tried to use SNMP but failed - kept saying host not responding
5 - Used telnet to grab banners to try to identify services, all of which seamed up to date
6 - Ran Nexpose on hosts which discovered metasploit exploits all of which where scanner or dos

At this stage should I write the report and call it quits or are there any more scans I should complete. I explained to my friend I was still learning and just entering year 2 at University but I really want to get into pen testing and get a head start before I leave University.

Any links/tutorials ect welcome, I dont mind getting my hands dirty.

Also I know some people may be wary helping someone looking to pen test, I am more than happy to log into my University portal via a desktop sharing application or even send an email from my univiersity mail account.

I am here to learn white hat pen testing, nothing sinister and nothing without prior permission!

Thanks

[Sempurna]

Well, if this was an actual pentest, than your friend was either pretty brave, or extremely generous.

Anyway, just to get you going on your pentesting career, please look up the Penetration Testing Standard Execution (PTSE) as a basis for "proper" or "standardized" procedures. Individual preferences in actual practice may differ slightly, but the gist is there.

Secondly, I'd say stop doing anything further. You run the risk doing some damage to your friend's network or your own box if you don't know what you are doing. At the moment, you've done some pretty harmless scanning, and have not gone into actual exploitation (which does require more than a basic knowledge of what you are doing).

At this stage you can't write a report worth squat, so don't even bother. Just apologize to your friend for your lack of professionalism.

To get you own your way in the exciting world of pentesting, Google for the various certifications that you can acquire. They will get you going on the theoretical part of your education. Your university, or another higher education institution nearby, might even offer some of the more common ones. There are also online options, but I'm old school and prefer live courses, lol.

Secondly, since you managed to find your way to this forum, and have already started playing with some of the tools at hand, might I suggest you do this on virtual machines. You can download vulnerable boxes, set them up as vm's, set up BT as a vm, and familiarize yourself with the tools that way. After that, there are online playgrounds where you can further enhance your familiarity with these tools. Again, Google is your best friend here.

I got started in the most unusual fashion. Our company network was compromized, and our in-house techies had no idea what to do other than to clean reinstall backups (wow, incident handling was never in their dictionary, lol). Naturally, we got hit again. And, again, ad nauseum.

So, I went to the local book store to learn about hackers and chanced upon this nice little book; Dissecting the Hack, The Forbidden Network. In that little book, you will find all the references you need for your further research and education at this stage in your career.

I am no computer techie or geek, and I have no educational background in computing. Yet I was so proud just last week when I was at a half-day pentesting refresher and update workshop. The instructor actually pulled me aside and commended me for understanding concepts and tools better than the other guys (and gals) who were senior network admins for their corporations.

I have my paper certs, but I am no professional pentester (not my day job). The only real system I've ever used my knowledge and skills on are on my company systems. And, that also with the oversight of friends who are actual pentesters. I'm actually the head of marketing for our company, lol. Our chief information officer and his network guys should give me part of their salary for doing their work for them!

Anyway, good luck on your endeavours. May you enjoy many sleepless nights banging away at your keyboard and going blind looking at your monitor in the dark, lol.

[ShadowMaster]

I've read dissecting the hack, and while it *IS* a great book, it is *NOT* all the concepts you need by a long shot.
If you truly want to know what to do next, here's a list of books to read:

Grey hat hacking
Hacking: the art of exploitation
The shellcoders handbook
Buffer overflow attacks
The web app pentesters handbook
Stealing the network (Stories, but they do contain some great knowledge)
Nmap guide
rootkit arsenal
Metasploit: a penetration testers guide
Human hacking

That should be enough to get you started. Downloading hackme VM's is also a great idea, g0tmi1k has a list of them online. You may also want to consider signing up for courses online, like the offensive security courses. They made backtrack, after all, they know what they are doing.
I have read all those book, and taken the courses, and there is still much for me to learn.