Info...

[troy at alvaka.net (Troy Fletcher)]

For improving your knowledge of the security field, there's nothing
better than reading. Read everything you can get your hands on. Note
that you can easily spend hundreds (if not thousands) of dollars on
security books if you're not careful, I'd recommend heading to a Barnes
and Nobel (or other book store that allows you to sit and read) with a
notebook, and start reading and writing down whatever is interesting.
Then go home, and research your notes for more information. Don't be
afraid to learn the low level stuff, it will give you an understanding
to HOW the exploits work, as opposed to simply knowing how to work the
exploits (this is often the difference between a true hacker, and a
script kiddie). Once you have an intermediate level of understanding,
I'd recommend doing some more pointed research on the internet; being
somewhat knowledgeable will allow you to truly understand internet posts
that might not be as clear as the books you cut your teeth on.

Remember that asking people to do work for you can be dangerous if you
don't know what you're doing. Someone may give you bad code, or worse,
code that does something illegal. Not to say that the metasploit
framework does any of that, but we all review and understand code before
we run it (I hope :| ). If you get a response separate of the list
telling you how to do something illegal you should not do it. (well, you
shouldn't do anything illegal anyways! :)

With hacking or any other kind of illegal activity, it's really easy to
jeopardize your freedom by making a mistake, it's even easier when you
don't fully understand the crime and the many ways you can be caught
doing it. You probably don't want to get caught, so you should learn all
you can about network security so you can be knowledgeable. Maybe after
you do, you'll realize that with skills like those you will have more
fun working in an industry that needs more people like you, rather than
attacking some website on the internet. Also, admitting on a public list
that you wish to attack a certain website pretty much guarantees that
you'll never be able to in the future.

Read all you can, maybe after you've developed your skills, you'll
realize that there are more important things to do with your time than
hacking some website.

-Troy



-----Original Message-----
From: mmiller at hick.org [mailto:mmiller at hick.org]
Sent: Tuesday, September 26, 2006 1:56 AM
To: framework at metasploit.com
Subject: Re: [framework] Info...

On Tue, Sep 26, 2006 at 09:25:44AM +0100, Karan Ahluwalia wrote:
> Hello...
>   All those great people out their . I m new to Metasploit Framework.
>   Please suggest me some references to improve my knowledge in the
security field.

First, I'd recommend that you focus less (far less) on the element of
hacking and more on understanding the basics.  You can't build a tree
without a trunk, let alone a system of roots.  Start by reading books
and articles on programming, systems architecture, and so on.  These
will provide you with the fundamental basis that you need.

>   Also , I searched for exploit of PureFTPD in metasploit ...But
unable to find it.

Metasploit is a BYOE (Bring Your Own Exploits) framework.  If you don't
find an exploit you're looking for you can write it, and send it back
for us, and chances are we'll integrate into the framework.  When we
have time, we (mostly HD) also write exploits ourselves, but the keyword
is when :)

>   To be Honest , I want to hack a website called 
> www.hackingmobilephones.com

I'm afraid we can't (and won't) help you there.  I'd encourage you to
find a better way to spend your time.

This message has been scanned by Alvaka Network's MailWorX service.