1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Network Security Tools Assigment

Discussion in 'The Lounge - Off Topic' started by zimbo, Nov 22, 2007.

Click here to banish ads and support Certforums by becoming a Premium Member
  1. zimbo
    Honorary Member

    zimbo Petabyte Poster

    I got an assigment that i need to do for one of my modules. I need to be able to demonstrate the installation and use of network securty tools and then document my findings. From what i can gather im going to learn some ethical hacking. So this is how im going about this:

    I want to build a mini lab on Vmware - which i will use for my demonstation purposes to show the tools in action, so the question is what OS should i be running? Windows 2k3, XP and Linux (Debian)? That should be enough?

    Next i would like to know of any tools people have great experience with - hence i can pick your brains!! hehe but honestly any tools you think i could look into? Right now im looking at the following:

    Jack the ripper

    anyone got any more popular ones?

    Generally if you got any advice or suggestions i will be glad to hear them!

    Thanks guys

    Certifications: B.Sc, MCDST & MCSA
    WIP: M.Sc - Computer Forensics
  2. zebulebu

    zebulebu Terabyte Poster


    Download BackTrack - the de facto standard distro for pen testers. It's a Live CD, so you can run it directly from CD with no HD install - so no sodding about with partitioning your machine if you don't want to. However, for best results, you should install it either to a separate machine, a dedicated partition or a VM (though if you're running it from a VM, beware - MS broke the TCP/IP stack when they implemented it for windows so, for instance, lots of the more esoteric NMap scan options won't work for you.

    For password cracking, look into Rainbow Tables - they are pretty much standard for all password audits now and involve precomputed hash tables. This means more groundwork needs to be laid, but the payoff is immense - spend six days building 4gb worth of rainbow tables, then feed them into Cain and watch the results - 98% or thereabouts of alphanumeric passwords cracked in ten hours last time I ran it at work (c. 4800 users)

    For wireless, look into Aircrack, Airodump and CowPatty - packet injection tools and ARP replay attacks.

    Portscanning is pretty much all about NMap - there are others out there, but NMap runs tings in this arena - stick with it and learn all the different scan options (TCP Connect, Half Open, Xmas Tree, Null, Fin etc)

    TCPDump and Wireshark are standards for packet capture - but I can't remember the last time I used the former - its Wireshark across the board for me

    All the above, and much more - like Metasploit (vulnerability exploitation), Nessus (vulnerability scanning), AMap (port mapping) and Netcat (the doyen of all hacking tools - does so much here that I couldn't do it just - Google it to see what i mean) are available on BackTrack
    Certifications: A few
    WIP: None - f*** 'em
  3. zimbo
    Honorary Member

    zimbo Petabyte Poster

    thanks zeb! 8)
    Certifications: B.Sc, MCDST & MCSA
    WIP: M.Sc - Computer Forensics
  4. nugget
    Honorary Member

    nugget Junior toady

    Don't forget to check out zeb's tutorial here zim.

    L0phtCrack is also a good tool.
    Certifications: A+ | Network+ | Security+ | MCP (270,271,272,290,620) | MCDST | MCTS:Vista
    WIP: MCSA, 70-622,680,685
  5. newkoba

    newkoba Byte Poster

    i second zeb as i do the ethical hacking thing daily especially right now for the offsec course, but try looking into setting up a vm with xp no service pack or with sp1. then try using something real simple like metasploit3 from backtrack and use it to get a reverse shell so you have command line access to the box. on an unpatched system using metasploit you won't have to do a whole lot and you'll look like a genius.
    Certifications: Security + and CEH
    WIP: CWNA and CWSP

Share This Page