No no no
And for you, professional is an insult? :)
Anyway..
[mylife lol]
When I was a bit younger (8-10 years ago), I wanted to do this kind of job and the fashion of security arrived and it was not funny anymore. I got sick by the hype and media around it.
I took a more general path and just made security my hobbie without doing any harm.
[/mylife]
So I can't give you an answer. But I would say that for testing a system, you first have to know it. The first step would be to have some basic and advanced linux/windows certification, general ones.
Then you probably have to make yourself a name or work for a company that is known for good results.
You can also concentrate on one precise subject (like pax, nx bit, web security,..)
But take care, this kind of jobs are ephemeral IMO. After 5 years, new kids will arrive and will hack your box in less than you can think because there are new techniques.
At the opposite, experience is very important. Understanding general security concept is a must background.
script kiddies are the ones who will use automated attack tool without understanding.
Also when massive attack tool are used, I really find this lame.
There is no fun, only fame.

nmap is used during the information phase of the attack. In theory, this is considered illegal (You are not supposed to access a service that is not referenced somewhere).

I would highly suggest to never ever scan back a system even if it's really tempting. It's illegal and you can get into trouble easily ;)

Ya, I'm majoring in network security and I have my mcse and ccna. Even tho I spend hours on the computer a day (my wife doesn't like that) I'm still struggling to keep up with all the new stuff. (I just found out today about port knocking -- which I think is really awsome.) I think anyone would prefer professional over anything else. :D

Some good papers on the legality of port scanning can be found here.

A good one there breaks down the Scott Moultin case where the courts ruled that:

"act of conducting an unauthorized port scan and throughput test of
defendant's servers does not constitute a violation of either the
Georgia Computer Systems Protection Act or the Computer Fraud and
Abuse Act."

Basically what I got was that port scanning isn't illegal. However, I'm not sure about publishing the information you recieve. Either way there are a lot of interesting documents.

And kalabanta:
I posted a quick list for you at the end of page 1. Altho you're on your own for finding where to get them.

And what about those people who use their own programs to attack computers? They are script-kiddies by your so called "definitions".

What exactly is your "Linux career"? And I don't think you understand the amount of knowledge one would need in order to be "more than familiar with hacking in ALL ITS FORMS". Think: you need to know how to write exploits, reverse engineering, social engineering, cryptanalysis, etc. etc. etc.

Now if you mean: be familiar with "script kiddie techniques" and use those to try to break into your server, that's a whole different story. An administrator can make tests of greatly varying success on the network he looks after without being able to write a simple shell code to save his life. This doesn't make him a bad administrator, but it also doesn't make him "more than familiar with hacking in all its forms".

P.S.: I don't understand how, so far, nobody has yet complained about the so called improper use of the word "hacker". I suppose people are sticking to the important things, rather than tripping over nomenclature.

The terminology doesn't bother me so much, as I tend to read the context around the word to get the implied meaning and chalk it up to a misuse of the world and move on to other things.

That definition is from wikipedia, and that was my point exactly. Glad you see it my way.

In my mind a script-kiddie is someone who uses a program or any exploit for what ever purpose who doesn't understand how it works even a little bit.

Example: directory traveral attempts to gain access to /etc/passwd on an IIS server

In my mind a "white hat" or "security professional" is someone who couldn't hack it as a programmer. :o

Your response makes no sense. Just because you use directory traversal does not mean your a script kiddie. (didn't think this thread would get into this debate...) Directory traversal is an exploit which is usually done by hand. Hence takes it out of the script-kiddie classification. I guess maybe someone might use a premade script somewhere to do this but most people I know who have used this technique have always done it by hand.

If your confused on exactly what directory traversal is and how it is used you can check here.

My everyday job is a programmer. I'm also majoring in network security and networking. I can tell you from personal experience most programmers might know 3, 4, languages well. Where most network admins (who also should be 'white hat hackers' or 'security professionals' if the are good at their job) not only probably know a few languages (I've not met a network admin yet who didn't) but also needs to know a ton of information about networking and security. So if anything I think you have your statement backwards.

nomb

It means you're using a tool to blindly assess a box without thought, which is what I see 9 times out of 10 when I'm performing my everyday work duties.

To run a tool that was designed to exploit a Linux application when the target machine is actually using a Win32 application is just plain dumb, which is what script kiddies are...dumb. They are either too lazy to check what the tool does or they lack the aptitude.

Believe me, I'm not confused when I see "../../../../../../../../etc/passwd" in Snort payload and Snort is triggering a definitive directory traversal alert. Directory traversal can be done by hand or can be used in a script which can be leveraged by another tool. Unless you're saying I just saw "../../../../../../../../etc/passwd" 100 times and each time I saw that payload, someone was behind the scenes copy/pasting that into a browser 100 times....I think not.

You might want to take a look at some Nessus plugins. I believe Nessus has some plugins that attempt directory traversal. Commercial products such as Foundscan and Qualys' VA tool also conduct directory traversal, in case you're wondering if Nessus only does this.

:D I agree with your definition completly. And in your example I agree with you as well. It just seemed like you were saying "anyone using the directory traversal technique is a script kiddie." So I was just pointing out that it can easily be done by hand in which case I would disagree. Also, if that person wrote their script on their own I would also not classify them as a script-kiddie because they know how the directory traversal works.

Kiddies borrow tools that others create. I didn't state that kiddies create scripts. If I wrote a script that exploits a machine and I post it to the WWW, the script would be downloaded and most likely used, but used in a dumb manner by joe-shmoh script kiddie. While the kiddie wouldn't create a directory traversal script, he could certainly use it...he just wouldn't use it to its best effect.

Exactly I agree completly.

Script kiddies are so dumb they need security professionals to tell them who they are. Good thing only people qualified to wear hats can create scripts -- white, grey or black only, sorry red hats.

Should we submit that as the new wikipedia definition? :D

Check out the Backtrack Security distro. It's a real Linux distro based on Slax and it contains just about every pen-testing tool you would need; except for nessus (due to a change in licensing), but it should be easy to install it on your own.

It also runs off of a LiveCD, or can be installed on the machine if you so choose.


sleepy