Whats the best way to learn Backtrack4 and Metasploit?

YuckTheFankeesYuckTheFankees Member Posts: 1,281 ■■■■■□□□□□
I know I can google the question but I'm looking for help from TE icon_cheers.gif.


Also, who all has a pentest lab at home? I have 3 or 4 hacking books, and Im so confused on to connect everything, what to get, blah blah blah

Comments

  • chrisonechrisone Member Posts: 2,278 ■■■■■■■■■□
    I am in the same boat as you , but i haven't begun the processes of studying pen test (i have other exams to worry about). However i found a book recently, JDMurry will be reviewing soon, that is geared towards pen testing with BT4.

    Check here if you haven't already been to this post.
    http://www.techexams.net/forums/security-certifications/65377-backtrack-4-assuring-security-new-book.html

    The book Amazon.com: BackTrack 4: Assuring Security by Penetration Testing (9781849513944): Shakeel Ali, Tedi Heriyanto: Books
    Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
    2023 Cert Goals: SC-100, eCPTX
  • JDMurrayJDMurray Admin Posts: 13,023 Admin
    Im so confused on to connect everything, what to get, blah blah blah
    You can't be a pen tester unless you know how networks are constructed and configured. The CCENT, CCNA, and CCNA:Security are a good set of certs to get prior to studying pen testing.
  • YuckTheFankeesYuckTheFankees Member Posts: 1,281 ■■■■■□□□□□
    Okay thats most likely why I'm so lost...I hope to have it all done by the end of summer. I want to pentest ALREADY!
  • ChooseLifeChooseLife Member Posts: 941 ■■■■■■■□□□
    JDMurray wrote: »
    You can't be a pen tester unless you know how networks are constructed and configured.
    QFT!
    Pentesting in a nutshell is the analysis of a target based on one's understanding of systems/networks - not to be confused with launching nmap/metasploit/nessus. How good of a pentester one is has direct correlation with one's knowledge of computer systems.
    “You don’t become great by trying to be great. You become great by wanting to do something, and then doing it so hard that you become great in the process.” (c) xkcd #896

    GetCertified4Less
    - discounted vouchers for certs
  • white96gtwhite96gt Member Posts: 26 ■■■□□□□□□□
    JDMurray wrote: »
    You can't be a pen tester unless you know how networks are constructed and configured. The CCENT, CCNA, and CCNA:Security are a good set of certs to get prior to studying pen testing.

    Should be a sticky. This usually takes years not months.
  • contentproscontentpros Member Posts: 115 ■■■■□□□□□□
    There is a good tutorial on Metasploit (Metasploit Unleashed) from the guys at offensive-security which can be found here:

    Metasploit Unleashed By Offensive Security

    but as others have said this is not something you learn overnight. Master the basics and get solid on your fundamentals and keep working from there.

    Lab the hell out of it, any os you can get your hands on and see how you do. Master the common tool and learn them inside and out. Remember its the tester that makes the tool effective not the other way around.
  • ChooseLifeChooseLife Member Posts: 941 ■■■■■■■□□□
    And to answer your original question,
    Whats the best way to learn Backtrack4 and Metasploit?
    I learned both of these, along with other tools, during "war games" at school. Here's how it worked: we split into teams, set up our "base" networks that contained vulnerabilities (each team had to verify their vulnerabilities were _practically_ exploitable), then on the agreed day exchanged public IP's of our networks and attempted to hack each others' networks. At the final phase, we analyzed own networks to find out what was exploited, how, and what changes were made (e.g. rootkits). It was a great learning experience... but I should mention again that by the time we got into these wargames, we had solid knowledge of a multitude of things - TCP/IP layers and their flaws, packet analysis, OS fingerprinting, programming languages, x86 CPU and memory architecture, buffer overflows... without such foundation one risks to be blindly pressing buttons without gaining much.

    Now generally, I'm not a big fan of group studying, but for this type of exercise, if you can find a few like-minded people and practice something similar, it could be a lot of fun and awesome learning experience!
    “You don’t become great by trying to be great. You become great by wanting to do something, and then doing it so hard that you become great in the process.” (c) xkcd #896

    GetCertified4Less
    - discounted vouchers for certs
  • YuckTheFankeesYuckTheFankees Member Posts: 1,281 ■■■■■□□□□□
    ChooseLife wrote: »
    And to answer your original question,
    I learned both of these, along with other tools, during "war games" at school. Here's how it worked: we split into teams, set up our "base" networks that contained vulnerabilities (each team had to verify their vulnerabilities were _practically_ exploitable), then on the agreed day exchanged public IP's of our networks and attempted to hack each others' networks. At the final phase, we analyzed own networks to find out what was exploited, how, and what changes were made (e.g. rootkits). It was a great learning experience... but I should mention again that by the time we got into these wargames, we had solid knowledge of a multitude of things - TCP/IP layers and their flaws, packet analysis, OS fingerprinting, programming languages, x86 CPU and memory architecture, buffer overflows... without such foundation one risks to be blindly pressing buttons without gaining much.

    Now generally, I'm not a big fan of group studying, but for this type of exercise, if you can find a few like-minded people and practice something similar, it could be a lot of fun and awesome learning experience!

    how long did it take to learn the things you listed? I know Tcp/IP layers, but what flaws are you referring to?
  • ChooseLifeChooseLife Member Posts: 941 ■■■■■■■□□□
    how long did it take to learn the things you listed?
    For myself, by the time I arrived to these wargames, I had been playing around with computers for ~10 years.
    I know Tcp/IP layers, but what flaws are you referring to?
    ARP's inherent quality is existence of gratuitous ARP (GARP) packets. ICMP has redirect and router advertisement packets.
    If we look at these from a pentester's perspective, both can be used for Man-in-the-Middle traffic redirection attack. Now, in order to know whether you can use one or the other, you need to understand how the protocols work and how network players react to the packets. What logical proximity to the target would be required to launch ARP poisoning? Would a router drop this packet? What about a switch? A hub? A wireless access point? Same questions for ICMP redirect packets... What is the target's normal behaviour upon receiving these packets? And so on...
    “You don’t become great by trying to be great. You become great by wanting to do something, and then doing it so hard that you become great in the process.” (c) xkcd #896

    GetCertified4Less
    - discounted vouchers for certs
  • alan2308alan2308 Member Posts: 1,854 ■■■■■■■■□□
    Whats the best way to learn Backtrack4 and Metasploit?

    When I took the first 2 pen testing courses in my program, we used this book, which I thought was pretty good.
Sign In or Register to comment.