Metasploit mailing list archives
Re: A small question regarding IP
From: Travis Phillips <perfect_insanity2004 () yahoo com>
Date: Fri, 16 Sep 2011 14:14:42 -0700 (PDT)
Okay. Do not hack a system that your not authorized to attack by that systems owner. This is illegal under the computer misuse act of 1990. However. For finding the IP address of remote host. If you don't know how to do this then you shouldn't be using metasploit as you lack a proper foundation to work off of. You should read the hacking exposed book series. While its exploit section is out of date the "framework" of the testing methods are tried and true. I suggest you look at that first as the first step in any pentest is PASSIVE FOOTPRINTING! Meaning check everything you can without being intrusive. This means finding their IP address and netblocks. Using whois to find admins and contacts and address, and searching forums for people who ask tech questions who may have revealed a little too much info about there systems. Find there servers that offer public services, and public offices with poor security. If I were to give you a webserver, you should be able to tell me the IP address, the web server software and the version, the OS, and were its located. Till you can do that you shouldn't be using exploits as an attack should be more of a surgical attack, not throwing everything and the kitchen sink at the server. Hacking exposed explained this as the same as a person looking to rob a bank may go look for cameras and guards in the bank first to make things go smoother. So practice this first. Final thoughts. I implore you to learn as much as you can. I love my research and break no laws in doing so. Build a lab in your home with spare boxes or VMs or find a college that will allow your research in their labs (most schools have an IT sec program. In my school I found an IT sec instructor that has a lab that's got an offline network and he lets me use that and request help in making new labs and also captures memory dumps for his forensics class to analyze. A fair deal both ways.) You can also join wargame sites such as "hack this site" to practice your hacking skills and compete in hacking competitions like SANS NetWars and also see if colleges in your area run CTF challenges. With all that said, there is no reason to break laws to learn hacking skills. So take the black hat off and throw on the white hat! You can't change the things you done but you can control your future. So its never to late to switch teams and call yourself a researcher! In the words of Spidermans aunt "with great power comes great responsibility." Cheers mate, Travis Phillips (http://theunl33t.blogspot.com) Sent from Yahoo! Mail on Android
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- A small question regarding IP dmz928 (Sep 16)
- Re: A small question regarding IP Tod Beardsley (Sep 16)
- Re: A small question regarding IP haZard0us (Sep 16)
- Re: A small question regarding IP Tommy Elliott (Sep 21)
- Re: A small question regarding IP kishore vekaria (Sep 21)
- <Possible follow-ups>
- Re: A small question regarding IP Travis Phillips (Sep 16)
- Re: A small question regarding IP Sean Keane (Sep 16)
- Re: A small question regarding IP Kurt Grutzmacher (Sep 17)
- Re: A small question regarding IP Sean Keane (Sep 16)