I was wondering about ethical hacks.
 

Do many Admins do ethical hacking of their own network looking for potential threats?

I was wondering if it would help my Linux career to be more than familiar with hacking in all its forms?

if your a network administrator, it would absolutely help. there are companies devoted to just this. sorry for the short answer!

My view of ethical hacking is this: a policeman has to know how to shoot a gun to protect the community, but the criminal can also shoot a gun. Hacking is like a gun, the knowledge in the right hands is a useful tool, in the wrong hands of a cracker or black hat is dangerous.

I agree completely...

And it's my opinion that good admins know how to identify break-ins, but the GREAT ones break in to their own systems (or at least know how to test for vulnerabilities with real "blackhat" tools and what to do with problems they find) so they're ahead of the game in terms of prevention. Like Kalabanta stated, the knowledge is just a tool...it's up to you to determine how you use it.

I don't think you will have one person who is knowledgeable about network administration tell you otherwise. I have a few servers myself and I might not be able to just go out and take over any computer (or want to for that matter) but I definately scan my own with tools looking for vulnerabilities. I would say tho, don't focus on the 'tools'. If you can learn how to do something manually you need to so you can understand what the 'tool' is doing. Obviously I'm not talking about port scanning or anything easy like that but go out and (for example) if you have ftp running, find an exploit for your version of ftp and take a look at the source code. It's probably be some sort of buffer overflow but still try to learn as much as you can about how it is done and not so much on what can do it for u. (please keep in mind that knowing the tools is important as well.) However if u take the time to learn what is going on, where u might have only been able to block the vulnerability from one program u then can fix it for all. I just had a son and haven't gotten any sleep for awhile so if this doesn't make since I apoligize.

nomb


***EDIT*** I would look into running some virtual machines for you to test agains so u don't mess up your box.

Google for Darknet.[org|com|net] if you want 'ethical' hacking tools designed to help you try to hack into your own server for educational purposes.
There's some very well written stuff there; just keep in mind though that as good as they are, every hack leaves behind a trail.
I helped admin a re-seller server for a while and it was very slickly hacked by some of the tools available from Darknet, and they left the tools behind as an example. Had they not, there was still the server logs and ISP records to track them down. They didn't 'destroy' anything, but were just showing us how crappy our security was..

Ya they were definately trying to make a statement. LoL If they had been serious they would have crond a script to remove their lines out of the logs. Thats really funny they left the tools.

***EDIT***

Few other sites:

insecure.org
securityfocus.com
neworder.box.sk

It's usually called "penetration testing" by professionnals

http://www.derkeiler.com/Mailing-Lis...ocus/pen-test/

Who said any of us were professionals?

ethical/penetration testing/white-hat its all the same.

I was answering to the person asking the question
Admin
Carrer
...

Professional

"White hat" and "ethical hacking" is script-kiddies terminology.

Well, the tool they did leave behind was something of a self-contained shell, and was quite capable of wiping the entire server AND the MySQL databases with less than 2 or 3 clicks. It was a full GUI-based shell with replication abilities etc.. I think if they had intended to be malicious, erasing the logs would have been unnecessary, as the entire machine would have been empty :D

Sry, thought you were refering to myself.

And yup they are 'script kiddie' terminology. Considering his question I figured I'd use terms he's probably heard before.

Something I would like to know tho is with the white-hat certifications that are out there I wonder if they do show you how to write your own. I would assume they would which would in my opinion take white-hat out of the 'script kiddie' classification. I dont know if they do tho so don't quote me on that.

One more thing, most definitions tie script-kiddies to using programs to 'attack' computers. So I was originally gonna say that most everyone could be classified as a 'script-kiddie' once they use nmap to scan, but now looking at it, since technically your not 'attacking' the computer do you think that would still count?

Port and host scans may not damage, but I don't think they're acceptable either. I think it depends on the intent. Why are they scanning? Just because its considered legal (some countries deem it illegal)? I try to avoid scanning hosts and networks that aren't mine unless absolutely necessary (ie, if I am almost certain the box that scanned me is compromised, I'll almost certainly scan it, unless it is a government system, and I'll only scan it from a non-home and non-work system). You may also want to check your ISP's policy on conducting scans, as I normally send automated reports of scan activity found in my logs to ISPs...depending on the nature of the activity, I do get responses back informing me that IPs were taken offline. Remember, compromised machines do attempt to propagate their badness...that usually involves scans of some sort (although they usually generate large scans).

In the broad sense, scanning is usually a precursor to some type of questionable activity. I do incident response for a living and normally report scans, although they are usually considered low priority since a scan usually isn't malicious. If I see a host scan against a Class B, I report it, and, one hour later, see more scans from the same source IP but looking for running services on hosts found during the first scan, the priority escalates. Granted, its nothing but scanning, but there's a definitive trend.

Why the diatribe? People use the technicality that a scan isn't an attack a good bit these days, while, behind the scenes, there ARE people out in the world wide web that consider it rude and actually watch for this type of activity...all because of a few truly bad people. If you wouldn't scan an FBI/CIA/NSA computer from your home, you probably shouldn't scan anyone else's IP(s) either. If they don't hunt you down (depends on what you're doing and how they perceive it), its almost a guarantee that your ISP will be notified. The potential trouble lessens when you scan a home account...business/govt netrange owners will probably react differently.

Are all these tools mentioned before for windows or Linux?

what r u looking for i can tell u for either.

For linux I would definately recomend:

nmap
nessus
john the ripper
wireshark
netcat

For windows I would recomend:

nmap
lc5
john the ripper
cain n able
wireshark
netcat

For webbased pages I would recomend:

any structure downloader
firefox with web devel addon and agent switcher

Since none of these actually 'attack' the computer, you shouldn't be called a script kiddie for using them. Altho from a programming standpoint, why wasted the time writting your own when u can recycle someone elses.