Re: A small question regarding IP

[Travis Phillips <perfect_insanity2004 () yahoo com>]

Okay. Do not hack a system that your not authorized to attack by that systems owner. This is illegal under the computer 
misuse act of 1990.

However. For finding the IP address of remote host. If you don't know how to do this then you shouldn't be using 
metasploit as you lack a proper foundation to work off of. You should read the hacking exposed book series. While its 
exploit section is out of date the "framework" of the testing methods are tried and true. I suggest you look at that 
first as the first step in any pentest is PASSIVE FOOTPRINTING! Meaning check everything you can without being 
intrusive.

This means finding their IP address and netblocks. Using whois to find admins and contacts and address, and searching 
forums for people who ask tech questions who may have revealed a little too much info about there systems. Find there 
servers that offer public services, and public offices with poor security.

If I were to give you a webserver, you should be able to tell me the IP address, the web server software and the 
version, the OS, and were its located. Till you can do that you shouldn't be using exploits as an attack should be more 
of a surgical attack, not throwing everything and the kitchen sink at the server.

Hacking exposed explained this as the same as a person looking to rob a bank may go look for cameras and guards in the 
bank first to make things go smoother. So practice this first.

Final thoughts. I implore you to learn as much as you can. I love my research and break no laws in doing so. Build a 
lab in your home with spare boxes or VMs or find a college that will allow your research in their labs (most schools 
have an IT sec program. In my school I found an IT sec instructor that has a lab that's got an offline network and he 
lets me use that and request help in making new labs and also captures memory dumps for his forensics class to analyze. 
A fair deal both ways.) You can also join wargame sites such as "hack this site" to practice your hacking skills and 
compete in hacking competitions like SANS NetWars and also see if colleges in your area run CTF challenges.

With all that said, there is no reason to break laws to learn hacking skills. So take the black hat off and throw on 
the white hat! You can't change the things you done but you can control your future. So its never to late to switch 
teams and call yourself a researcher! In the words of Spidermans aunt "with great power comes great responsibility."

Cheers mate,

Travis Phillips
(http://theunl33t.blogspot.com)

Sent from Yahoo! Mail on Android

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework