RE: Intro To Hacking

["Young, Randy" <RWYoung () verisign com>]

You got that right!  I PRIVATE small network which is completely isolated, or what really works nice is using VMWare on 
a laptop and having both the machine to hack and the one you're hacking from on that same box so you can take it with 
you for practicing.

Just MY $0.02 worth


-----Original Message-----
From: Edmund [mailto:security () kdtc net] 
Sent: Monday, October 18, 2004 7:07 PM
To: security-basics () securityfocus com
Subject: Re: Intro To Hacking


Jason Dusek wrote:

> I have built a web server and I would like to practice hacking it 
> remotely. Are there any tutorials or a good introductory book that 
> takes one step by step through the process of 'owning' an unsecured 
> box? Here are the stats:
>
>   FreeBSD 4.10 (not updated for about a month)
>     Default security profile
>   Apache 2
>     PHP 4.3.8
>     No SSI
>   No firewall
>   On a university network


*WRONG* decision,  Jason.  This is one thing you should never do.  Even 
if the
machine is yours, you are doing this under a University environment.  If 
you have
permission from the university(I doubt it), then proceed with caution.   
But since
you are just 'beginning', I would suggest you basically hook up two 
computers
where-ever you are and do a small network.  Then from one, hack the other. 
Do not connect it to the university network. 

I like learning myself, but I wouldn't even dream of doing this in a 
university
network, unless I'm interested in getting in trouble. 

Just my $0.02.