So you think penetration testing might be a fun and valuable skill to pick up. You read some books on the subject and spend a good few evenings poring over the man pages of some common tools, what now? Chances are you set up a couple of unpatched or otherwise vulnerable machines and test out your skills. Next thing you know Metasploit has a system shell. Are you a pentester now? Chances are the experience left you somewhat unsatisfied; you did after all know the vulnerabilities ahead of time. To be a real pentester, you will have to start from scratch with little or no knowledge of the network at hand. So what now?
No doubt there are plenty of vulnerable boxes out there on the internet just waiting to be pillaged, but jail time doesn’t exactly seem like the best way to start a career. My colleague Tim recently posted about vulnerable WebApp scenarios that are definitely worth checking out. I’d like to point you in the direction of some additional resources at heorot.net. The de-ice penetration testing livecds are ideal for taking that next step in your penetration testing training. Multiple levels are provided as you progress and hints are provided if you get stuck. Here again, you know these hosts are vulnerable, but you certainly don’t know how. To successfully complete them, you will need to develop the critical thinking skills as well as mastering the tools of the trade. These livecds also come prepackaged with Thomas Wilhelm‘s book Professional Penetration Testing available from Syngress which I would also recommend picking up to aid your study of the exciting world of pentesting.