Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: how to get to that next level

  1. #1
    Junior Member
    Join Date
    Jun 2003
    Posts
    14

    how to get to that next level

    Right now Im fairly proficient in most facets of what I need to be to become a good pentester. I have the basics of C, networking, cisco etc down. What steps would you take, adn what would you guys read to take things to the next level....ie how would you go about taking someone that is fairly new to things (can program simple C programs, can admin hte basics of a linux box, knows some about cisco routers etc), to someone who can write and find thier own exploits in code, be able to understand everything about low and high level tcp/ip etc, set up cisco nets, and able to get cissp, use asm, bash perl, proficiently. What should I be learning\reading and in what order?

  2. #2
    Junior Member
    Join Date
    May 2005
    Posts
    28
    hmm... grab a library card, read books on the topics you just mentioned in your post, ask questions here if you don't get something, and practice what you read (or it wont stick)...


    For exploiting, you have to be able to not only read and understand code, but you have to be able to think about a misdirection that most normal people would overlook. I certainly do not have this skill or anything close to it. What I find helpful is looking over older exploits/source code and understanding how the code was exploited. This will help you understand what the intellegent person who discovered the exploit was thinking. If you look over old exploits and understand how they work, this might help you look at source code and spot possible exploitable pieces.

    For programming, just grab a book on whatever language you want, read it, and practice the language. Develop small programs, some of which could be meaningless, but it just helps to actually practice what you read. Then, take a look at larger programs. Understand how they work and try some advanced programming yourself.

    Network/TCP, again grab a book, read up on it, and practice it. If you a specifically trying to become a pentester, setup a dummy network in your house and try to break in. Setup the dummy network in different configurations and with different software. Have the computers you are trying to crack be running HIDS/NIDS/Firewalls/Whatever you want to detect port scans. This will help you understand not only how these kindsa network defenses operate, but also whether or not your attack was discovered. This will help you in finding ways to avoid such defenses and to further your pentesting skills.

    Just start practicing and learning. The dummy network is a good idea as it will give you real life experience that you cant get from a book. GL, I'm done
    An ancient chinese man once told me: \"The hotter the tea, the bigger the wang.\"

    My tea is extra hot.

  3. #3
    Junior Member
    Join Date
    Jun 2003
    Posts
    14
    Well, I have the books, pretty much all the books I need, but in which way would you guys go about taking in all this information? Should I start with C until I am an expert, then move on to to tcp/ip and then back to socket programming (just as an example). Thats really what I need help on, is where to start, and a plan of action if you will.

  4. #4
    Junior Member
    Join Date
    May 2005
    Posts
    28
    ahh sorry, didn't quite understand. C programming is definately a good start, you can also throw in some PHP or Perl. If you are doing network pentesting, TCP/IP is the basis of everything. Learn TCP/IP first and branch from there. If you understand TCP/IP up and down, you should be able to understand the theory behind a lot of network attacks. Then just comes translating that theory into C or any programming language that will allow such actions. If you are an expert in C, you should know sockets. I would get a strong knowledge of C and machine code. Learn assembly language(x86 or whatever) along with C. Then learn as much TCP/IP as you can. You want a strong understanding of how TCP/IP works. Then you can go ahead and learn sockets in C. It does you no good to learn sockets in C if you dont know crap about TCP/IP.

    For programming languages like Perl, PHP, etc, I think those are safe to learn independent of other stuff. PHP is linked strongly with HTML, so learning those two is an obvious. Perl is Perl, and you can learn that whenever you want.


    Learn C and Assembly -> Learn TCP/IP -> Learn how to program for TCP/IP seems to make sense, but then again, there are people smarter than me so maybe they have better advice
    An ancient chinese man once told me: \"The hotter the tea, the bigger the wang.\"

    My tea is extra hot.

  5. #5
    Junior Member
    Join Date
    Apr 2004
    Posts
    5
    is subnetting also a good thing to learn?
    Knowledge 2 Knowledge - [ n e r d i f i e d ]

  6. #6
    Banned
    Join Date
    Aug 2004
    Posts
    534
    subnetting is an ESSENTIAL "thing" to learn not good thing. (unless, of coucse, you plan to make money using ONE computer for the rest of your life)

  7. #7
    Senior Member
    Join Date
    Jun 2004
    Posts
    379
    is subnetting also a good thing to learn?
    Yes i would say it is a very good thing to learn learning about subnetting and things like VLSMs are an important part of networking just as learning how to config a router or put VLANs on a switch is it is something that should be know. If you have any specfic questions about subneting just pm me and I will help you out k.

  8. #8
    Senior Member
    Join Date
    Dec 2004
    Posts
    320
    I would recommend learning assembler, also. Etherreal is a great way to learn about the structure of the TCP/IP suite. I just picked up 'the shellcoder's handbook' it is pretty damn good. I have also read 'hacking: the art of exploitation' and it is also pretty good. The TCP/IP bible is helpful for reference when looking at ethereal dumps and it helped me learn the OSI model. 'Cisco: the beginners guide' is what I am currently on. It starts out pretty simple but gets better. These are a couple I recommend
    The fool doth think he is wise, but the wiseman knows himself to be a fool - Good Ole Bill Shakespeare

  9. #9
    Senior Member
    Join Date
    Dec 2004
    Posts
    320
    Didn't you already get banned once for flame wars ? Lets not start this crap.

    /* edit: He deleted his post )
    The fool doth think he is wise, but the wiseman knows himself to be a fool - Good Ole Bill Shakespeare

  10. #10
    Banned
    Join Date
    Jun 2005
    Posts
    445
    Didn't you already get banned once for flame wars ? Lets not start this crap.
    Flame wars are inevitable with discussions on such abstract topics as computer security. Because when it comes down to it, there are so many ways to do things, it is often a matter of personal preference as to which is the right way to do something.

    As far as this thread goes, TCP/IP is a good starting place, and branching it out into your programming language of choice is also good. But this all comes down to personal preference.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •