Re: Intro to Hacking

[Jason Dusek <jason-dusek () uiowa edu>]

I have recieved a lot of emails like this. The IT Security office of my 
university has already contacted me, and they have informed me that I will 
suffer student sanctions if I am caught pen-testing the box. So that settles that.

_jason

Edmund wrote:

> Jason Dusek wrote:
>
>> I have built a web server and I would like to practice hacking it remotely. 
Are there any tutorials or a good introductory book that takes one step by step 
through the process of 'owning' an unsecured box? Here are the stats:
>>
>>   FreeBSD 4.10 (not updated for about a month)
>>     Default security profile
>>   Apache 2
>>     PHP 4.3.8
>>     No SSI
>>   No firewall
>>   On a university network
>
>
>
>
> *WRONG* decision,  Jason.  This is one thing you should never do.  Even if the
> machine is yours, you are doing this under a University environment.  If you have
> permission from the university(I doubt it), then proceed with caution.   But 
since
> you are just 'beginning', I would suggest you basically hook up two computers
> where-ever you are and do a small network.  Then from one, hack the other. Do 
not connect it to the university network.
> I like learning myself, but I wouldn't even dream of doing this in a university
> network, unless I'm interested in getting in trouble.
> Just my $0.02.
>
>