Results 1 to 7 of 7

Thread: Any LEGAL methods for exploring vulnerabilities outside penlabs?

Hybrid View

  1. #1
    Just burned their ISO
    Join Date
    Dec 2012
    Posts
    4

    Default Any LEGAL methods for exploring vulnerabilities outside penlabs?

    Hi everyone.

    Firstly clearly I'm a newbie with everything security related, and I figure I'll be straight with you all as to what I'm looking into rather than shitty euphemisms like "I forgot my Facebook password can someone hack it for me lolz". If the answer is no that's fine I'm just curious.

    Looking into pen testing has been amazing for me. I'm finding it so interesting and reading a ton of books, watching a ton of videos and spending weeks on testing out different things in a pen lab. To me it's almost like waking up and looking at the internet in a new way, something extremely cool. My biggest urge now though is to try and find out how secure lots of different places are, and what "real world" security is like. It seems in a pen lab there is always a vulnerability, always a known result, and almost like a forgone conclusion. It seems so exciting to spot something "in the wild". Writing it down it sounds so geeky but hey, you guys probably understand.

    Saying all that, I am genuinely not in it to damage something that isn't mine or have any malicious motivations at all, only my curiosity. My question then becomes - is there any way to explore a server in the real world, detecting vulnerabilities and finding out what could be done, but maintaining legality because you never actually exploit he system? If anything you could possibly notify the owners of the vulnerability. I'm thinking the answer will be no, but your advice is appreciated.

    Cheers.

  2. #2
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default Re: Any LEGAL methods for exploring vulnerabilities outside penlabs?

    While this has nothing specifically to do with Backtrack.

    As predicted by you the simple answer is "no" however I will try to sum up a few points and justify the answer.
    In the post you mention you are a "newbie" this is not a bad thing after all everyone has to start as a newbie, however, these things can cause a lot of damages in real world and can cost companies a lot of money. I suggest you leave this idea alone until you get more experience and a security related job, doing this without legal authority of course is not supported on this forum.

    If you really wish to stop building your penlab and make the vulnerability obvious there are a lot of Vulnerable Machines which you can download either as an ISO or VM and use them in your lab to learn, same thing goes for different websites with challenges. Another alternative with for this is simply find someone you know who's interested in security also and ask him to setup your penlab with different ideas.

    As mentioned above real life attacks are to be made by professional pentesters who have legal authorisation to do it. There are many reasons for this and I suggest you follow the advice
    Last edited by sickness; 12-18-2012 at 08:33 PM.
    Back|track giving machine guns to monkeys since 2007 !

    Do not read the Wiki, most your questions will not be answered there !
    Do not take a look at the: Forum Rules !

  3. #3
    Just burned their ISO
    Join Date
    Dec 2012
    Posts
    4

    Default Re: Any LEGAL methods for exploring vulnerabilities outside penlabs?

    Thanks for your well trout out and justified reply sickness. It's a shame, but I can completely understand the reasoning behind it. Its funny, becoming interested in security is like finally being able to see, but then being told that looking around the world is illegal haha.

    Regardless of my frustrations, I'll take on board your advice and keep to the realms of pen testing labs and my own network. Perhaps as I start becoming more involved in the community I'll find some others which share my interests and could perhaps help me randomize my testing

    Thanks again for answering a non-backtrack specific question. I mainly asked here as it was a mature community with a security focus, could you perhaps point me towards some other communities where general security questions (which I'm sure to have a ton of) may be more appropriate?

    Cheers

  4. #4
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default Re: Any LEGAL methods for exploring vulnerabilities outside penlabs?

    To be honest I'm not really sure what "general" security communities to recommend.
    Back|track giving machine guns to monkeys since 2007 !

    Do not read the Wiki, most your questions will not be answered there !
    Do not take a look at the: Forum Rules !

  5. #5
    Good friend of the forums scottm99's Avatar
    Join Date
    Feb 2010
    Location
    underwater
    Posts
    371

    Default Re: Any LEGAL methods for exploring vulnerabilities outside penlabs?

    Invidicous, have you looked into hackerspaces in your area?
    If I could figure out how to scuba dive & hack at the same time, there would be nothing I couldn't do...

  6. #6
    Just burned their ISO
    Join Date
    Dec 2012
    Location
    Minnesota
    Posts
    3

    Default Re: Any LEGAL methods for exploring vulnerabilities outside penlabs?

    I'm in the same boat Invidicous. It was like opening a new world, but like you, the writing on the wall was pretty clear - you can't practice out in the wild. I love listening to interviews with the likes of Steve Jobs, Steve Wozniak, Peter Zatko, etc. etc....they were free to play in their haydays without recourse in the infancy of the internet as we know it. It's simply not like that anymore.

    I'm almost finished with my Info sec degree, so I chose to build my own home network using old computers. They're out there and they're cheap. You don't need a modern configuration to do testing (although it may be more realistic). I have one running BT5, 2 running Win XP and one running Windows 7 with a laptop that I can plug in if needed as well. If you have the money for it, go build your own network and practice all you want legally. Right now I'm slowly easing into Metasploit and doing some basics on that. I have a computer forensic class coming up next semester that I'm sure some of the BT5 tools will come in handy.

    Unless you have a buddy(s) you're kind of on your own. There's also courses but they're kind of spendy.

    Good luck!

  7. #7
    Just burned their ISO
    Join Date
    Jan 2013
    Posts
    1

    Thumbs up Re: Any LEGAL methods for exploring vulnerabilities outside penlabs?

    Hello. just to point something it might help... it depends a lot WHERE you live - Us -Eu etc. every state has his own law against ' cyber crime' with different approach. if you let me know where u live i can make some research..i have more skills in law than in BT5


    just to make an example running BT5 is not a crime, trying to crack WPA it will sure considered unlawful.
    this could at least considered a tentative to violate a system, not a violation until you get the code and/or use it. but there could be several rules about getting codes so crack a code without using it could also be considered a crime.


    you can also talk with teachers and ask for a project to find weakness or something for study. if they agree you could do the work (and homework :P)
    at school testing more environements.
    i also discovered this new world and im triyng at home to strengthen security then in office to find weakeness.

    honestly i dont think that normal users have the skills to find the attacke/er but it will be wise to follow the hints here, dont risk and avoid hazardous approach.

    thank you all.

Similar Threads

  1. Exploring failure BigAnt
    By Bhior in forum BackTrack 5 Videos
    Replies: 1
    Last Post: 05-24-2011, 11:35 AM
  2. Legal question
    By imported_vvpalin in forum OLD Newbie Area
    Replies: 35
    Last Post: 05-29-2009, 09:45 PM
  3. Legal implications
    By caligula9999 in forum OLD Pentesting
    Replies: 4
    Last Post: 01-08-2009, 06:28 AM
  4. Legal Implications
    By caligula9999 in forum OLD Wireless
    Replies: 6
    Last Post: 09-21-2008, 08:22 PM
  5. Legal Hax0ring
    By Archangel-Amael in forum OLD General IT Discussion
    Replies: 12
    Last Post: 05-10-2008, 11:22 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •