Hacking lab
Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: Hacking lab

  1. #1
    Member
    Join Date
    Dec 2002
    Posts
    71

    Post Hacking lab

    Alright, I have a desktop running xp pro and recently got a laptop running xp home. I am going to dual boot the desktop w/ RH 7.3 as soon as I can. I really would like to start some penetration testing and getting some hands on practice about security with my two machines. The only problem is that I really don't know where to start. My two computers are on my schools ethernet right now. I am guessing i will need some type of hub, switch, router, but which one. I was thinking about the router. Is it perfectly legal for me to use these programs on my school's network as long as I am doing it on my own box? I really don't want to ask the admin and have him jump the gun that I am going to break in their systems and be watching my every move. The type of pen testing would just be with many of the tools that I don't really know how to use such as netcat. Well any help on how to set this hacker lab up or anything else is appreciated.

  2. #2
    Senior Member
    Join Date
    Jan 2003
    Posts
    274
    1) By "on your schools ethernet" do you mean that you live in a dorm room somewhere and are plugged into a wall jack, or do you mean you plan on taking your machines into you local high school and using their stuff? I ask because acceptable use policies typically vary greatly between a paid residence hall and a high school (or college) computer lab.

    2) Yeah sure it's legal to own programs that do penetration testing or network sniffing. I don't know how legal it would be for you to use those programs to probe your schools network though. Even though it isn't "illegal" in the strictist sense of the word, you may find the patch cord on the other end of your wall jack comletely unplugged -or worse- if the SysAdmin thinks you are screwing with his network.

    3) I'm not sure what hardware product to recommend to you because I'm not exactly sure how your physical topology is. Could you describe your network in a little more detail? We'll get it figured out.

  3. #3
    Member
    Join Date
    Dec 2002
    Posts
    71
    Thanks for replying. I live in an apartment on campus (university) that uses the schools t1 connection. We are paying for the internet unlike in the dorms though. As far as describing the network topology I am not real sure about their setup. What exactly would you need to know? I might be able to find out next week but I dunno since we are on spring break. Well thanks.

    coVert

  4. #4
    Senior Member
    Join Date
    Jan 2003
    Posts
    274
    Alright....if you are paying for it, you should be able to do *just about* anything you want with it. I used to do contract work for a University, and I have some contacts that are SysAdmins at a couple of colleges around here. In my experience, (your milage may vary) It is generaly viewed that since you live there, you should be able to do what you want with the connection.

    I wasn't really asking how the schools topology was, more like yours. Sorry 'bout that. Do you have a data jack in the wall to connect to the network, or do you dial in?

  5. #5
    Member
    Join Date
    Dec 2002
    Posts
    71
    we have a data jack connection. I was thinking the same thing, If I live there and am paying for it, I should be able to do this. Can they detect such type of activity, even though it is purely educational and on my own machine, and notify my or anything. That is the only thing that worries me is the legalities. For example, I would like to see a sniffer in action and what it picks up on the network so that I can learn. But if it gets me in trouble then that's no good. FYI I am MIS major and wanting to get into network security or forensics. I have read and read and need to do some hands on really bad. Thanks

    coVert

  6. #6
    Senior Member
    Join Date
    Jan 2003
    Posts
    274
    First lets settle the hardware issue. I'm going to assume two things, if either of these is incorrect, we'll have to re-think:

    1) Your connection is not MAC address specific. If they didn't give you a NIC or make you call and register your MAC address before your service worked, then it shouldn't be.

    2) You get assigned IP addresses through DHCP.

    If both of those are correct, just go buy a little switch at Best Buy (or, if you are patient, find a good one and order it at Froogle ). Then plug all your machines into that.


    As far as them monitoring you, they probably have better things to do as long as you aren't probing the school network. Notice the use of the word *probably*. My advice to you is don't do anything malicious, and they'll have no reason to bitch.

    When you get everything set up, send me a private message and I'll give you some IP addresses I control that you can test scanners on. Naturally, I'm going to harden them up a little first, but I'll let you hit a router or two.

  7. #7
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey...

    You have two boxes and you are looking into a hub/switch/router. The easiest thing to do would be to just disconnect your uplink... isolate your two computers on their own mini-network in your room. Then you can do whatever you want and no one can say boo.
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  8. #8
    Member
    Join Date
    Dec 2002
    Posts
    71
    thread_killer, yes you are correct about the MAC and IP. I will try and get a switch next week. Any specs I need to look for when choosing a switch? I will PM you when I get everything set up. Hopefully, if i can round up the money, I might have it set up sometime next week. Thank you soo much for your willingness to help me.


    HTRegz, I am not sure what you mean by disconnecting the uplink, and setting up my own mini network. Thanks

  9. #9
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    ok let's see if I can explain a little better..

    You have 2 Computer right? a desktop and a laptop. Plug them both into the switch. Then disconnect the uplink port from the Campus ethernet connection. Now you have two computers that you can network to talk to eachother (you'll have to do a little networking, because they'll no longer have the campus DHCP server to assign they're ip addresses).. anyways.. once you get the two computers talking to eachother you have just set-up your own mini-LAN.. Now you can go on one computer and do whatever you want to the other computer. It isn't interfering with Campus traffic, they don't know it's going on, and it's none of their business because you are only affecting your computers on your LAN. You can test any 0day exploits you want and try to find your own fixes. You can see how secure the default install of the linux box (or a win box) is and go from there securing it. Then when you are done playing, plug back into the uplink and go back online.
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  10. #10
    Senior Member
    Join Date
    Jan 2003
    Posts
    274
    Look for a switch that is 10/100 autosensing and has an uplink port on it. If it doesn't have an uplink port, you are going to use a cross-over cable to go from a switch port to your wall jack. If it does have an uplink, typically you can't use one of your other ports then. IE....The switch might have 5 ports on it, and if you have anything plugged into port 5 (the uplink) you can't use port 4. Some switches have a little button or toggle switch that you use to control whether or not the port is an uplink. If you're only using two boxes, pretty much any old four port switch will do. There are lots of manufacturers....Linksys, D-link, 3com, all of which can be had pretty cheap.

    Also- If you are doing what HTRegz suggests and not even connecting to the school network, you can save yourself the switch money and just use a cross over cable between the two NICs. Then you can hack away from box 'A' to 'B' and no one is snooping.


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •