Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
No no no
And for you, professional is an insult?
Anyway..
Quote:
Something I would like to know tho is with the white-hat certifications that are out there I wonder if they do show you how to write your own. I would assume they would which would in my opinion take white-hat out of the 'script kiddie' classification. I dont know if they do tho so don't quote me on that.
[mylife lol]
When I was a bit younger (8-10 years ago), I wanted to do this kind of job and the fashion of security arrived and it was not funny anymore. I got sick by the hype and media around it.
I took a more general path and just made security my hobbie without doing any harm.
[/mylife]
So I can't give you an answer. But I would say that for testing a system, you first have to know it. The first step would be to have some basic and advanced linux/windows certification, general ones.
Then you probably have to make yourself a name or work for a company that is known for good results.
You can also concentrate on one precise subject (like pax, nx bit, web security,..)
But take care, this kind of jobs are ephemeral IMO. After 5 years, new kids will arrive and will hack your box in less than you can think because there are new techniques.
At the opposite, experience is very important. Understanding general security concept is a must background.
Quote:
One more thing, most definitions tie script-kiddies to using programs to 'attack' computers. So I was originally gonna say that most everyone could be classified as a 'script-kiddie' once they use nmap to scan, but now looking at it, since technically your not 'attacking' the computer do you think that would still count?
script kiddies are the ones who will use automated attack tool without understanding.
Also when massive attack tool are used, I really find this lame.
There is no fun, only fame.
nmap is used during the information phase of the attack. In theory, this is considered illegal (You are not supposed to access a service that is not referenced somewhere).
I would highly suggest to never ever scan back a system even if it's really tempting. It's illegal and you can get into trouble easily
Ya, I'm majoring in network security and I have my mcse and ccna. Even tho I spend hours on the computer a day (my wife doesn't like that) I'm still struggling to keep up with all the new stuff. (I just found out today about port knocking -- which I think is really awsome.) I think anyone would prefer professional over anything else.
Some good papers on the legality of port scanning can be found here.
A good one there breaks down the Scott Moultin case where the courts ruled that:
"act of conducting an unauthorized port scan and throughput test of
defendant's servers does not constitute a violation of either the
Georgia Computer Systems Protection Act or the Computer Fraud and
Abuse Act."
Basically what I got was that port scanning isn't illegal. However, I'm not sure about publishing the information you recieve. Either way there are a lot of interesting documents.
And kalabanta:
I posted a quick list for you at the end of page 1. Altho you're on your own for finding where to get them.
One more thing, most definitions tie script-kiddies to using programs to 'attack' computers.
And what about those people who use their own programs to attack computers? They are script-kiddies by your so called "definitions".
Quote:
I was wondering if it would help my Linux career to be more than familiar with hacking in all its forms?
What exactly is your "Linux career"? And I don't think you understand the amount of knowledge one would need in order to be "more than familiar with hacking in ALL ITS FORMS". Think: you need to know how to write exploits, reverse engineering, social engineering, cryptanalysis, etc. etc. etc.
Now if you mean: be familiar with "script kiddie techniques" and use those to try to break into your server, that's a whole different story. An administrator can make tests of greatly varying success on the network he looks after without being able to write a simple shell code to save his life. This doesn't make him a bad administrator, but it also doesn't make him "more than familiar with hacking in all its forms".
P.S.: I don't understand how, so far, nobody has yet complained about the so called improper use of the word "hacker". I suppose people are sticking to the important things, rather than tripping over nomenclature.
P.S.: I don't understand how, so far, nobody has yet complained about the so called improper use of the word "hacker". I suppose people are sticking to the important things, rather than tripping over nomenclature.
The terminology doesn't bother me so much, as I tend to read the context around the word to get the implied meaning and chalk it up to a misuse of the world and move on to other things.
Example: directory traveral attempts to gain access to /etc/passwd on an IIS server
Your response makes no sense. Just because you use directory traversal does not mean your a script kiddie. (didn't think this thread would get into this debate...) Directory traversal is an exploit which is usually done by hand. Hence takes it out of the script-kiddie classification. I guess maybe someone might use a premade script somewhere to do this but most people I know who have used this technique have always done it by hand.
If your confused on exactly what directory traversal is and how it is used you can check here.
Quote:
Originally Posted by Crito
In my mind a "white hat" or "security professional" is someone who couldn't hack it as a programmer.
My everyday job is a programmer. I'm also majoring in network security and networking. I can tell you from personal experience most programmers might know 3, 4, languages well. Where most network admins (who also should be 'white hat hackers' or 'security professionals' if the are good at their job) not only probably know a few languages (I've not met a network admin yet who didn't) but also needs to know a ton of information about networking and security. So if anything I think you have your statement backwards.
Your response makes no sense. Just because you use directory traversal does not mean your a script kiddie. (didn't think this thread would get into this debate...) Directory traversal is an exploit which is usually done by hand. Hence takes it out of the script-kiddie classification. I guess maybe someone might use a premade script somewhere to do this but most people I know who have used this technique have always done it by hand.
If your confused on exactly what directory traversal is and how it is used you can check here.
It means you're using a tool to blindly assess a box without thought, which is what I see 9 times out of 10 when I'm performing my everyday work duties.
To run a tool that was designed to exploit a Linux application when the target machine is actually using a Win32 application is just plain dumb, which is what script kiddies are...dumb. They are either too lazy to check what the tool does or they lack the aptitude.
Believe me, I'm not confused when I see "../../../../../../../../etc/passwd" in Snort payload and Snort is triggering a definitive directory traversal alert. Directory traversal can be done by hand or can be used in a script which can be leveraged by another tool. Unless you're saying I just saw "../../../../../../../../etc/passwd" 100 times and each time I saw that payload, someone was behind the scenes copy/pasting that into a browser 100 times....I think not.
You might want to take a look at some Nessus plugins. I believe Nessus has some plugins that attempt directory traversal. Commercial products such as Foundscan and Qualys' VA tool also conduct directory traversal, in case you're wondering if Nessus only does this.
It means you're using a tool to blindly assess a box without thought, which is what I see 9 times out of 10 when I'm performing my everyday work duties.
To run a tool that was designed to exploit a Linux application when the target machine is actually using a Win32 application is just plain dumb, which is what script kiddies are...dumb. They are either too lazy to check what the tool does or they lack the aptitude.
Believe me, I'm not confused when I see "../../../../../../../../etc/passwd" in Snort payload and Snort is triggering a definitive directory traversal alert. Directory traversal can be done by hand or can be used in a script which can be leveraged by another tool. Unless you're saying I just saw "../../../../../../../../etc/passwd" 100 times and each time I saw that payload, someone was behind the scenes copy/pasting that into a browser 100 times....I think not.
You might want to take a look at some Nessus plugins. I believe Nessus has some plugins that attempt directory traversal.
I agree with your definition completly. And in your example I agree with you as well. It just seemed like you were saying "anyone using the directory traversal technique is a script kiddie." So I was just pointing out that it can easily be done by hand in which case I would disagree. Also, if that person wrote their script on their own I would also not classify them as a script-kiddie because they know how the directory traversal works.
Also, if that person wrote their script on their own I would also not classify them as a script-kiddie because they know how the directory traversal works.
Kiddies borrow tools that others create. I didn't state that kiddies create scripts. If I wrote a script that exploits a machine and I post it to the WWW, the script would be downloaded and most likely used, but used in a dumb manner by joe-shmoh script kiddie. While the kiddie wouldn't create a directory traversal script, he could certainly use it...he just wouldn't use it to its best effect.
Script kiddies are so dumb they need security professionals to tell them who they are. Good thing only people qualified to wear hats can create scripts -- white, grey or black only, sorry red hats.
Are all these tools mentioned before for windows or Linux?
Check out the Backtrack Security distro. It's a real Linux distro based on Slax and it contains just about every pen-testing tool you would need; except for nessus (due to a change in licensing), but it should be easy to install it on your own.
It also runs off of a LiveCD, or can be installed on the machine if you so choose.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.