Then what can you do about it?
Sick of just being able to push buttons and not know what you’re doing? Tired of seeing error messages in aircrack and being frozen because you have no real idea of what you’re typing? I saw a thread here from someone saying he’s sick of being a skiddie, so I figured I’d write this post up to explain how I went from being a skiddie to someone who knows his way around various protocols and techniques. Not that I consider myself a l337 hax0r, by any means. Most of the posters here would blow me away with their skill and knowledge. But I feel I’ve got some stuff to share, and my girlfriend is doing her own thing tonight, so I’m going to write this post up for you. For good or for evil.
Disclaimer: I won’t be responsible for anything illegal that you do on account of what you read here. I abhor black hat hacking and I don’t recommend most grey hat stuff either. Be responsible.
First thing you should know is that most hackers aren’t interested in taking revenge on some idiot. They want to do more than change their grades or trash FB profiles for the lulz. If this is the kind of stuff you’re interested in, and only that, you’ll forever remain a skiddie and you should accept it. Accept that this is the apex of your evolution.
If, on the other hand, you want more, then you can follow these rough guidelines to get a handle on what you’re doing. Note that everyone learns differently. Maybe you hate PHP and you want to code in a very low-level language. Fine. This is a general purpose outline that I wish someone had given me years ago before I got into “hacking.” Some authors and posters may not agree with my methodology. That’s fine. Napsteren wrote a good guide that goes about this in an entirely different way, from building up from assembly to higher-level languages (http://www.hackforums.net/showthread.php?tid=1357342). I don’t agree with his ordering but I would recommend you check his post out for some good resources.
Learn about computers
This is basic and generic, but one of the main advantages of hacking is to learn about the intricacies of computers. Ever wonder how your monitor displays all of these fancy graphics from a bunch of transistors and wires? Or what all of that weird TCP stuff is in a Wireshark file? Hacking is the way to learn these things and way, way more. Pretty much any serious security professional will tell you that they had learned how to “hack” because from it they had learned so much. What’s great about hacking, imo, is that you can learn about computers AS you hack. Sure as hell beats reading textbooks.
It is this thirst for knowledge about computers that will drive you.
The first rule of hacking is: Cover your ass
Yes, there is a first rule of hacking. Even if you don’t do anything black hat, hacking is still illegal in almost every circumstance. Don’t listen to posters who argue that so long as you don’t do anything “bad” then you cannot get arrested. They are wrong. Of course you probably won’t get arrested, and no one will probably care that you’re poking around their systems, but if administrators want to pursue you then the law is on their side. Again: hacking is ILLEGAL in almost every developed nation. It doesn’t matter if you “do nothing.”
To that end, try to avoid doing anything serious from your home computer because that is easy as all hell to trace. Go to public WiFi. From there, you’re going to want to use proxies and / or a VPN. Refer to this subforum, http://www.hackforums.net/forumdisplay.php?fid=91 for more information.
For a VPN, I recommend using ProXPN because it is free, it provides good security, and it is easy to setup.
Get the hell on a Linux distribution
Sure, you can do a lot of hacking from Windows and, in fact, you’re going to have a lot of trouble finding a reliable VPN on Linux. But you’re going to do a lot of stuff from Linux. Pretty much any LAN hacking you’ll do should take place on Linux (stuff where you’re not worried about hiding your IP address so much). I’d go with Ubuntu. There are tons of tutorials on getting started on Linux, here and elsewhere on the web, so I won’t waste anymore time on it, but I’ll say that you should gain familiarity with consoles and command line arguments. It’s not as hard as it sounds.
K. Let’s Hack!!!! Start simple / Get Results
Time to whet your appetite and hax0r s0m3th1ng. What I recommend is performing some manual SQL injection to get the ball rolling. Why SQLi? Because it’s not terribly difficult, you’re doing things on your own, and it’s easy to see results (dumping information from a database). Hop on your proxy / VPN and head over to the SQL forum and take some of the EASY challenges. Read some tutorials to get a sense of what you’re doing. Phizo has a very good one for beginners,
Read, search the forums, and learn. Show respect to the posters there. Get in the habit of being independent. You cannot hack well, or at all, if you need to be spoonfed. You haven’t forgotten that you’re sick of being a skiddie already, have you? Good, didn’t think so. Next time you’re confused about something, look it up. Get used to this Google dork, because you should be using it A LOT: site:hackforums.net. It’s time for you to respond to adversity on your own.
Also, do not, I repeat, do not actually do anything with the information you get from SQLi. You dumped the admin password? Sah-weet! Now leave it alone. Once you use it, you’re going to expose yourself to a whole hell of a lot of risk, and people in general flat out don’t understand the consequences of their actions when it comes to hacking. Because you don’t have to put on a ski mask, buy a gun, and storm into a bank, you won’t appreciate that hacking is still illegal as all hell.
After some SQLi, I’d try some WiFi hacking on your OWN access point with WEP encryption. Not only your own because then it’s all nice and legal, but because many of the difficulties with hacking networks relate to electromagnetic interference and range, and you don’t want to fail for unclear reasons (like being too far from the AP). Make sure you know why what you’re doing works. Why is WEP so vulnerable and not WPA? What’s it mean to say that WEP uses a stream cipher? What the heck is XORing and why can it be used to a hacker’s advantage?
Next I’d look into man in the middle attacks using Ettercap and Wireshark. Oh, yes. Learn Wireshark in and out. This part of hacking is great, because you’re going to learn about the Internet while doing so: TCP/IP and basically the entire OSI model.
Learn a programming language
Yeah, in theory I guess you could be a competent “hacker” and not know what a “for loop” is or even what a “string literal” is. But it’s pretty damn impossible. When you’re trying to hack things on your own, you often have to get down and dirty with the source code. How are you going to do that if you cannot understand it? Besides, programming helps you to train your mind to be logical, to understand why programs do what they do. This is invaluable when hacking.
But what language to learn? I’ll be somewhat controversial and advise you to stay away from C, C++, Java, and assembly if you have no prior programming experience. Stay away basically from all but the highest-level languages. It takes too long to see results, and you’ll be fatigued very easily.
I’d say you should learn Python to get the programming concepts down. John Zelle’s Python Programming ( http://www.amazon.com/Python-Programming…pd_sim_b_2 ) is a great introduction to not only Python but also programming. I think it’s phenomenal for teaching you the concepts of programming so that you begin to think like a programmer who recognizes that the world contains problems that need to be solved – and subsequently broken.
If you’re hellbent on learning C++, believe it or not but the Microsoft Visual C++ IDE is fantastic. I stayed away from it for a long time on the principle of Microsoft = bad. Foolish.
Stay the eff away from assembly. At least for now. You’ll be tempted to teach yourself how to write fuzzers and buffer overflows, because that’s what all the bad ass movie hackers do, but this stuff is most likely way beyond you. Sure, learn a bit about assembly so you know the basics of computing, and what really goes on in memory with pushing and popping. But coding exploits? Yeah. Good luck with that and not jumping out a window.
About books in general: some are hit and miss. The Art of Exploitation is bad, imo, because it spends way too much time on buffer overflows. Regardless, you don’t need to buy any books, and, no, I’m not discussing piracy. Use your local library or, if you’re a student, your university library. The librarians can get you virtually any book you want through inter-library loan.
DON’T UNDERESTIMATE SOCIAL ENGINEERING
This is bold-faced because a lot of people don’t consider SE to be “hacking.” I view that as nonsense. Social engineering is tricking people into doing what you want them to do. Why waste all week trying to write some exploit for some obscure port? Shoot off an email with an infected trojan, and watch magic happen as your dupe opens it.
Oh, yeah, to that end be persuasive. You wonder why so much spam fails? Because it looks like it’s written by a chain-gang of chimpanzees. Use proper English, learn a thing or two about your target, understand what motivates people, and move in that direction.
“Hi Bill – Sorry to be the bearer of what may be bad news, but the financial situation for us at our company, The Bogus Group, looks a bit grim. Check the stats out in this PDF. Not pretty. Thanks, Jim.”
Proper English, check. Preying on fear, check. Directly addressed to a specific individual, check. A tad more persuasive than “NUDE PIX FOR U ON THSS PGE HERE!!!” wouldn’t you say?
Many “great hacks” begin like this: hackers penetrate a weak part of a network, and then they pivot and move deeper. And many times that weak part is the human element.
Join a team or group: You don’t know everything
You should learn that no one knows everything, not even the best hackers. Security professionals have teams, and these teams consist of specialists. Hacking is no different. Learn from others, work collaboratively on projects. IMO you should try to give back to the community as best you can. That’s my personal ethic, anyway, to use hacking as a force of “good.”
Similarly, don’t think in terms of absolutes and don’t underestimate what hackers can do. A friend of mine is a web-developer and uses a pretty secure CMS. He knows about XSS and SQLi and believes he’s impervious to being hacked as long as he follows safe protocols. He told me there was no way anyone on his site could compromise it. But you and I both know that’s he’s arrogant and wrong. He gave me an FTP account and I uploaded a shell to my HTML folder, something any skiddie could’ve done. Remember: there’s always more to learn. There’s always more you don’t know.
Don’t get caught up in “hacker definition warz”
Who cares what constitutes a “true hacker”. What matters isn’t the title others assign to you. Many people consider the use of Havij to be hacking. Others don’t. Thousands of words have been spilled digitally on the difference between “hacker” and “cracker.” Who cares? Many wouldn’t call me a hacker because I use a lot of tools and I’ve written only a handful of exploits. That’s fine, because I don’t care what people call me. What I care about is trying to learn more about computer networks and systems. And one of the best ways to learn about them? Breaking them.
Thanks for reading (I know it was hella long) and good luck!