January 24

Hacking Without Breaking the Law

After four years in a university exploring the academic side of offensive security, I have come to realize that no amount of theoretical knowledge can be considered a substitute for real world, practical experience.  I have had the undeniable advantage of working in the field for a number of years gaining a considerable amount of such experience, but the most useful practice I have gotten has been from another source altogether.  Best of all, this experience was both free and legal.

Most of the tools that professional offensive security practitioners use are free, and the majority of the most popular ones come in a free Linux distribution called Kali Linux (https://www.kali.org/downloads/).  Armed with a virtualization client, such as the free VirtualBox (https://www.virtualbox.org/) and some spare time to explore, there is a lot of practice available.

If you are just getting started, there are hundreds of options out there.  All of them will help aspiring offensive security practitioners, penetration testers, and hackers improve their skills.  A great tool to start with is provided by Rapid7, the owners of Metasploit, (arguably one of the greatest hacking tools in existence).  This tool is designed specifically to teach beginners how to perform a plethora of hacking exercises using Metasploit.  The Metasploitable 2 VM can be downloaded from https://information.rapid7.com/metasploitable-download.html.  Metasploit itself can be downloaded from the same site but is included as part of the Kali Linux distribution.

A couple of weeks ago I decided to undertake the “Brainpan 2” hackable VM challenge.  This is one of many virtual machines that are out there to help offensive security professionals and enthusiasts to hone their skills and get practical experience in a lab environment.  In general it was an educational system to work with.  It was enjoyable to hack into and challenging to find ways around the security.  This is more of an intermediate VM.  If you are interested in giving it a shot yourself you can access it and a ton of other great vulnerable VMs here: https://www.vulnhub.com/.  Vulnhub.com offers new VMs on a regular basis ranging in difficulty from beginner to expert.  Some even offer prizes for solving them first or in a new and interesting way.

Further hacking experiments are available elsewhere.  If you prefer not to install VMs, just install Kali Linux (available at https://www.kali.org/downloads/). Then, go to one of a large selection of websites that were designed to be hacked.  These websites are created for just this purpose, so there is no concern about the legality of honing your hacking skills by attempting to break in.  For example, check out https://www.hackthissite.org/ where there is a series of increasingly difficult challenges that teach practical web application hacking.

In short, there is no limit to the opportunities to practice hacking.  Anyone, as long as they have a computer and some time, can use them to their advantage.  If you Google “hack this site” there are over 45 million results and vulnhon.com has hundreds of VMs.  I have been working on these steadily for about six years and am not halfway through all the choices.  However, if you do happen to work through all of these, there are even more VMs on GitHub and a plethora of paid services that provide virtual networks, as well.  So if you are looking to learn how to hack there is no need to spend money or break the law.  Just install some free software and start hacking!

Copyright © 2014. John R. Nye, All rights reserved.

Posted January 24, 2015 by john.r.nye@gmail.com in category "Uncategorized

About the Author

Professional penetration tester with nearly a decade of experience in IT security. For more details look me up on LinkedIn.

Leave a Reply

Your email address will not be published. Required fields are marked *