Learning how to hack without breaking the law?

[5v3d3b0]

I'm interested in pursuing a security related job in IT after uni (penetration testing, network security or something like that).
Recently I've been learning about SQL Injection a bit, and trying to expand my knowledge in my free time.
I think it would be useful for me to learn at least basic to intermediate techniques to be aware of the potential threats and vulnerabilities that I'm oblivious to now, but I can't just go on a trial and error around random websites trying to break in to their databases
I'm doing it purely for educational purposes but I don't know where/how to do it without getting in trouble.
Any ideas?

[Zen Dog]

Setup your own servers. Hack away.

Zen Dog
____________________
Current - '94 VFR750FR (Dead), '00 VFR800FI, '11 600 Hornet - Previous - '11 CBF125, '10 Street Triple R, '92 MZ ETZ301, '05 TTR250, NSR125R, KMX125, "Honda" Win
My bike trip around S.E. Asia 2010/2011

[herulach]

[J.M.]

https://www.hackthissite.org

Quite cool. Haven't been on it in 5 years... my profile: https://www.hackthissite.org/user/view/EpicFailer/
____________________
2004 R1 & 2018 XSR900

[toshpot]

Install something like damn vulnerable linux in a VM, or install anything, and install/configure known exploitable software versions locally, and you can hack away as you see fit. If you just want web based stuff, maybe Mutillidae may be more suitable?

You can grab a VPS or similar, however, the host may not appreciate that kind of thing on their networks, read the AUS and TOS if you go this route.

Keep track of software vulnerabilities using security advisories, etc.

If you also want a windows specific thing, you can probably avoid licensing issues/fees with something like NT4 or other discontinued products.
____________________
Sometimes, I touch myself and smell my fingers.

[Frost]

almost all sites are now protected from SQL injection. Well all the proper sites anyway. Cross site scripting still works here and there, but the best attacks are usually man in the middle attacks.

[SQL]

https://www.hellboundhackers.org/

[bazza]

Start with the essentials:

https://www.youtube.com/watch?v=zixpms1oo40
____________________
"That's it. You people have stood in my way long enough. I'm going to clown college."
'98 Ducati 750SS, '08 Suzuki GSX650F ©2004-2014, Bazza's Harmless Banter

[Rogerborg]

<Geezer>I remember when hacking was just programming</Geezer>

As well as system penetration and SQL injection, I'd suggest that you take a look at application network protocol analysis as well.

We had a chap in who quite comprehensively reverse engineered our app's communication protocol by sending it sequences of data until he triggered a response, then hammered on those. He found a fair number of the holes that we already knew were in there, and also flushed out a few new ones.

Even I was moderately impressed, although in essence he was running a Very Small Shell Script and then applying some experience to the results.
____________________
Biking is 1/20th as dangerous as horse riding.
GONE: HN125-8, LF-250B, GPz 305, GPZ 500S, Burgman 400 // RIDING: F650GS (800 twin), Royal Enfield Bullet Electra 500 AVL, Ninja 250R because racebike

[J.M.]

[Rogerborg]

[J.M.]

There needs to be some structure to the mess though.

But no. Uni exams are done now. Need to spend my time doing something. Thinking about building an app/website. Totally going to hack it.
____________________
2004 R1 & 2018 XSR900

[Rogerborg]

[J.M.]

I can work with messy providing that I don't stop. If I come back to a messy project after a week or two break I just stare at it, lost as to what is going on.

That said, now I've been coding for years, structure comes easily whilst hacking. Apply a tiny bit of refactoring here and there, good enough!

I feel sorry for my Robot Programming lecturer though. My final assignment was a mess. GUI with a graphical map and bluetooth communication protocol, implementing A* search and some voodoo localisation code... all messy as hell. Implemented on a robot I programmed to implement the bluetooth protocol I designed and just act as a droid. I think I can count the number of comments I used on one hand... which isn't usually a bad thing except the code was hard to follow to a 3rd party! I was going to refactor it but it worked better than 99% of the classes stuff so I figured I had nothing to lose. Scored 100%. 96% in the module overall
____________________
2004 R1 & 2018 XSR900

[The Shaggy D.A.]

https://www.smbc-comics.com/comics/20120220.gif
____________________
Chances are quite high you are not in my Monkeysphere, and I don't care about you. Don't take it personally.
Currently : Royal Enfield 350 Meteor
Previously : CB100N > CB250RS > XJ900F > GT550 > GPZ750R/1000RX > AJS M16 > R100RT > Bullet 500 > CB500 > LS650P > Bullet Electra X & YBR125 > Bullet 350 "Superstar" & YBR125 Custom > Royal Enfield Classic 500 Despatch Limited Edition (28 of 200) & CB Two-Fifty Nighthawk > ER5

[Ste]

Hack BCF, replace logo with nobcat.

[supZ]

[Alpha-9]

[J.M.]

[Alpha-9]

That's amazing lmao, thank you
____________________
Fzr-600 1999

[Going]

[J.M.]

Don't underestimate the network capabilities of a Visual Basic GUI, my good sir!
____________________
2004 R1 & 2018 XSR900