Options
Pentesterlab
g33k3r
Member Posts: 249 ■■□□□□□□□□
Comments
-
Options
636-555-3226
Member Posts: 975 ■■■■■□□□□□
Just set up your own lab. To destroy you must first create. To tear down you must first know how to build.
How can you hack something if you don't know how it works? How can you tell people how to fix stuff if you don't know how they set it up incorrectly in the first place? -
Optionsdeyavi
Member Posts: 23 ■□□□□□□□□□
No fun if you build your own lab, you would know what's wrong already, unless you build a lab with vulnhub machines or something...
-
Options636-555-3226
Member Posts: 975 ■■■■■□□□□□
Agree to a point. installing a SQL database with a default config will tell you it has a default config that can be hacked, but it isn't going to teach you how to, say, use sqlmap or burp.
also, what's the point of knowing how to use, say, sqlmap or burp if you don't know how to fix the problems? if i paid a consultant to break into my website and they said, yeah, we broke into it, thanks for the money, then i wouldn't pay them squat. At the end of the day I want a report-out telling me why these things should be fixed and how to fix them.
another example - set up a domain controller that uses volume shadow copy for backups. maybe you know that you can use that to pull off the passwords, but do you actually know how to do it, what commands are involved (powershell or otherwise), how to disable logging/alerting whenever the service is stopped or started? knowing there's a problem doesn't equate with knowing how to take advantage of it. -
Optionsg33k3r
Member Posts: 249 ■■□□□□□□□□
I was actually referring more to the training content on the site vs. the vulnerable machines available for download.