EvilZone
Hacking and Security => Hacking and Security => : Lionofgod February 26, 2011, 11:54:40 PM
-
Hey people, I really need some help.
I don't know if this is the right forum where i should have posted, but i hope someone can help me.
Im going to start by giving a bit of background knowledge about myself.
I've been that brown kid who's been sitting at his computer since he was 4 playing tonka truck games. While i was growing up i spent my time playing MMo's and doing my fair share of torrenting games, mounting ISO's and using cracks. Then i get into grade 8 and its all about using sony vegas, Autodesk 3ds max, gimp and Photoshop .
Now I'm in grade 9. Compared to the average white kid at my school i know that i KNOW my way around a computer, as in i can follow instructions. i know how a computer is organized and all that until the point of registry and internet. I draw a total blank their.
Then all this talk comes up about TCP/Ip and hexadecimals. Like, i know what an ip address is (kind of) and i know what linux is (although i don't understand the purpose, just the fact that its an OS) but i really have that desire to know computers.
This is pretty general so let me go in deeper. I know a bit of HTML and a bit of JAVA. I'm no pro, when i say Photoshop and knowing my way around a computer, I'm not bragging because I know every person on this forum is probably better than me at this stuff. I just want to know where to start.
I don't want to be that newb who everyone hates on because he thinks he's cool for using some program to hack into stuff for him. i want to know what I'm doing. Some places say i should start by reading a book, and learn about how the Internet works, or learn java for dummies. Others say to grab some source code and a compiler/editor and figure it out. Others also say to get a unix OS and do something.
I really don't know where to start. I feel like theirs an endless void full of knowledge sitting in this 21" screen but i do not know where to start. People say I should get straight down to hacking and learn PHP, SQL and all that. I got a java book, went about half-way through it and i was amazed. The thought of classes was amazing. But i got bored.
I just need someone to tell me some way to start, where to start, tell me the materials i need AND i will start torrenting it and get reading (or i might just get it from the library).
Basically, my question is, i'm lost what should i do? (in the context of hacking, programming, scripting (whatever you call it) Lastly, can someone post some other forums for help, this CyberXtreme.info site doesn't work anymore and everyone talks about it.
-
i just want to know where to start.
You need to find the "Enter" key on your keyboard.
-
Alright
But im serious man, can you please tell me where to start???
-
Yes, start by editing and reformatting your post.
-
Alright, Anything else before we delve into the heart of the matter?
-
Alright, Anything else before we delve into the heart of the matter?
I fixed your post. Try using new lines next time. No worries, cheers.
I don't got time to write a long reply right now, but I will try writing one once I got time, hopefully a little later tonight or tomorrow. If no reply appears by tomorrow, just bump the thread and ill reply then ;)
-
Alright Thanks, I'll remember to keep my posts nice and tidy next time ;)
-
Well it depends on how you learn and what you want to learn. For example, do you learn by reading, watching, or doing? As far as what to learn, what do you want to do? Root servers, Program a game, reverse engineer programs, etc.
To help you better I would need to know more of how you learn and what you want to learn.
There is no real starting point. There is a start, but you would need to narrow it down. For example if you wanted to program games for a PC platform, I wouldn't suggest spending your time learning PHP, SQL, and various web programming languages, rather then C++ or a C variant. Now just the opposite if you want to learn how websites work and want to get into rooting servers, developing web applications, finding POCs and 0days and securing a website, then you will want to learn PHP, SQL, etc.
So come back with some more information and users will be able to help you more with were to begin.
-
Yes, I totally agree with iTpHo3NiX. However, it might be hard to even narrow things down when you don't know whats out there.
I will try to categorize the computer knowledge topics and also write a little bit about what you need to learn in order to understand the various categories.
- General computer knowledge
- Programmer knowledge
- Application security
- Web application security
- Other security
- Hacker
Now, okay. This is just a list I came up with right now, it takes care of all the aspects I can think of right now.
General computer knowledge
This one is the category which in my eyes, everyone that uses a computer should know.
This category will take care of the day to day use of applications, software, games and Internet wisdom. This category does not go in depth on any topics, its like a primer before you go any deeper into the system(s), the average user should know this stuff.
This category should discuss topics like
- GUI and CLI application usage, common sense and how things normally work
- Operating systems, use of OSX, Windows and Linux. Differences, weaknesses and features
- Common sense in the Internet
To learn this stuff you would need a little bit of interest in computing and just take it from there. Use your computer as much as you can. Perhaps read up on a book on Operating systems, as this topic is quite large.
Programmer knowledge
This category is for people who are creative, who want to create software / applications / services. There is many levels of programming knowledge, in todays world you do not necessary need to know anything about hexadecimal, binary, bits and bytes to be a programmer. However, I do encourage you to learn the very fundamentals on how computers work if you want to become a good programmer. With this knowledge, you should be able to create any kind of program, service or application in one or more languages(including scripts(perl, python, php, bash))
This category should discuss one or more of these topics
- The .Net framework programming languages (VB, C#, C++, (J#?))
- Native C or C++
- Perl or Python
- PHP with MySQL
These topics is a little harder to learn by using your computer alone, so you would most likely want to get a book, tutorial site or community were you can gain knowledge about your topic. Some general knowledge is also required here, as for PHP and such you would need to setup a local or remote server to do testing etc.
Application security
This category will take care of security and hacking surrounding applications and services. This is one of the larger part of the "hacking" topic. This is definitely a category you must know in order to become a good jedi hacker.
This category should discuss topics like these
- Buffer overflow
- Stack overflow
- Programming security with non-typesafe languages
- General understanding of the underlaying concepts of programs and computing
These topics is very much based upon knowledge about programming. If you cannot do any programming, you will fail at this category. General computer knowledge is also very much required here.
Learning these topics, I suggest you learn one or more low-level programming languages and gain all the knowledge that comes with that, aswell as C or and C++. Then you should get some form of security book regarding application security.
Web application security
In todays world, web application security is posing the biggest security issues. Web application security is in a broad term, all hacking you can do from your browser. Meaning, PHP or other script engine flaws, SQL injection, remote file inclusion or remote code execution, local file inclusion or local file execution and so on and so forth.
This category should discuss topics like these
- Web servers
- SQL
- SQL injection with multiple script engines
- Code execution flaws
- RFI, LFI, XSS, CSRF
There are tons and tons and tons of tutorials for all of these topics out on the web, however. I do really, REALLY recommend you learn PHP with MySQL when learning XSS, RFI, LFI, CSRF and SQL injection. I read a ton of tutorials about these topics before I learned PHP, and I could exploit these type of vulnerabilities, however. I did not understand the underlaying happenings, and therefor limited me to only the type of flaws I had read about, not self-evolution of the flaw types.
This category does require some general computer knowledge, perhaps read up on TCP/IP aswell, there is many good books for it.
Other security
Security is a VERY broad aspect, there is physical security, social security, virtual security and so on. One who wants to learn x security may not want to learn y security, and so on. Therefore its important to know what topics within security you want to learn.
This category should discuss topics like these
- Social engineering
- Physical security
- Lock picking
- Pickpocketing
- Privacy
Same goes for this category, there is tons of tuts on it out on the web. But there is also a TON of books about these things, so for these topics, I would personally get some books.
Jedi Hacker
Okay, so. This category is a little special, because, being a hacker you don't need to know everything above. But you need to know alot of them.
This category should discuss topics like these
- 10 or more of the topics above
To learn this, learn everything else.
I hope you learn something from this awfully long reply, if you got further questions, do ask ;)
Also, for all others, if you see fit for more topics or believe I am totally wrong. Do comment.
-
Thanks a lot man!
After looking at your post, i figured that I probably want to start with general computer knowledge then I'll go on to web application security, and i think I'm more of a read and then try it out myself type of learner.
I'll probably start going into programming next year, I'm taking a grade 10 course on java.
Once again, Thanks, you really helped sort things out :)
Any books you guys want to suggest??
-
Amazon.com, check their computer/programming/Internet category. And read user reviews and book descriptions, alternatively, get it as PDF, read up a little on it, if you like it buy it.
-
For general computer knowledge take a look through an A+ book. That will get you familiar with all of the components. Then I suggest you pick up a busted computer somewhere and then rebuild it, finding whats wrong and fixing it. This way you learn the hardware aspects of computers.
As for web application security you are going to need to learn a web development language, most notably PHP. Most sites these days are PHP and in order to secure them, you need to learn how to program with it. w3schools has a great PHP tutorial where it teaches you the various aspects of building PHP scripts and will be really good in teaching you the variables. Also if you stop by IRC, there are a lot of knowledgeable web programmers in there (including ande) and whenever I need help with a PHP script I writing its my first stop.
PHP from w3schools: http://www.w3schools.com/php/default.asp (http://www.w3schools.com/php/default.asp)
Hope that helps getting you started. Also in the ebook section I believe I uploaded some A+ books ;)
-
Thanks,
I've been doing a bit of reading and i picked up a book on unix.
Do you think it would be worthwhile to learn how to use unix?
Good skill or should i stick with windows for now???
-
Well Unix is pretty universal... Lol anyways it would be best to learn your way around a linux distro and the command line. Some, well most, hacking programs that you would commonly use for hacking are developed for a Linux Distribution. I would suggest checking out BackTrack. This is a Penetration testing distro and has a lot of tools to learn from.
-
Well Unix is pretty universal... Lol anyways it would be best to learn your way around a linux distro and the command line. Some, well most, hacking programs that you would commonly use for hacking are developed for a Linux Distribution. I would suggest checking out BackTrack. This is a Penetration testing distro and has a lot of tools to learn from.
I would suggest getting familiar with Ubuntu which is a little more user friendly than Backtrack at first. To use some of the tools in BT you have to know your way around linux pretty well. You can get most of the hacking tools installed on Ubuntu too.
-
I would suggest getting familiar with Ubuntu which is a little more user friendly than Backtrack at first. To use some of the tools in BT you have to know your way around linux pretty well. You can get most of the hacking tools installed on Ubuntu too.
BackTrack 5 (Unreleased at this time) is actually built off of Ubuntu ;)
BackTrack 5 will be based on Ubuntu Lucid (10.04 LTS), and will (finally) support both 32 bit and 64 bit architectures. We will be officially supporting KDE 4, Gnome and Fluxbox while providing users streamlined ISO downloads of each Desktop Environment (DE). Tool integration from our repositories will be seamless with all our supported DE’s, including the specific DE menu structure.
Source:
http://www.backtrack-linux.org/backtrack/backtrack-5-release-tool-suggestions/ (http://www.backtrack-linux.org/backtrack/backtrack-5-release-tool-suggestions/)
Not sure if BT4 is built off of slax or ubuntu for sure.
-
BackTrack 5 (Unreleased at this time) is actually built off of Ubuntu ;)
Source:
http://www.backtrack-linux.org/backtrack/backtrack-5-release-tool-suggestions/ (http://www.backtrack-linux.org/backtrack/backtrack-5-release-tool-suggestions/)
Not sure if BT4 is built off of slax or ubuntu for sure.
Yeah very true, I was just thinking back to the time when I was a newbie I could never get to grips with backtrack for some reason, I tried to immerse my self in it daily but it's just not built to be an everyday system, even BT R2 still doesn't feel finished if you know what I mean :o Let's hope BT 5 is just like Ubuntu as that's a pretty easy to use and stable OS.
My main point really is it's better to immerse yourself daily in what you want to learn, with Ubtuntu you can do this, for example your network/wireless will show up automatically in BT it doesn't and could confuse the beginner.
Also, the BT forums are not very friendly if you require help.
-
I am also in the same boat. I am new to just about everything. Same grade level, and have an interest in hacking. From what I have read and taken from my readings Is that to be a hacker you should understand how the programs are written and how they work, in able to exploit them. I have began to read multiple books that explain programming, but from an advanced point of view even though it has said "beginner" right in the title. So, I decided to step down a notch and start completely from the beginning and read a book on Linux.. From things I have read online Linux is an operating system in which many people write their programs and then compile them, and is the closest operating system to the freedom and heart of hacking. I figure that it will get me familiar with some of the tools used by hackers. My interest in hacking started when I came upon the first iPhone jailbreak. I loved everything in it and what it could do. I thought to myself how far this could go. I then got into torrents and just figuring out ways to get around things. I used many different programs. But that's all I could use, programs. I began to wonder to myself HOW. How all of this was done. So mainly, my question is how do people such as Comex, geohot, muscle nerd and people like that do it with iOS jail breaking? What is it that they actually exploit in the software and how? Also, how do I build steps to get to even half of what they can do? Am I starting in the right place? What are the steps to get there? And Things like that.
Thank you.
Also, as you can see it is my first post , so please be easy on the criticism. :)
-
I am also in the same boat. I am new to just about everything. Same grade level, and have an interest in hacking. From what I have read and taken from my readings Is that to be a hacker you should understand how the programs are written and how they work, in able to exploit them. I have began to read multiple books that explain programming, but from an advanced point of view even though it has said "beginner" right in the title. So, I decided to step down a notch and start completely from the beginning and read a book on Linux.. From things I have read online Linux is an operating system in which many people write their programs and then compile them, and is the closest operating system to the freedom and heart of hacking. I figure that it will get me familiar with some of the tools used by hackers. My interest in hacking started when I came upon the first iPhone jailbreak. I loved everything in it and what it could do. I thought to myself how far this could go. I then got into torrents and just figuring out ways to get around things. I used many different programs. But that's all I could use, programs. I began to wonder to myself HOW. How all of this was done. So mainly, my question is how do people such as Comex, geohot, muscle nerd and people like that do it with iOS jail breaking? What is it that they actually exploit in the software and how? Also, how do I build steps to get to even half of what they can do? Am I starting in the right place? What are the steps to get there? And Things like that.
Thank you.
Also, as you can see it is my first post , so please be easy on the criticism. :)
May I suggest you go even lower down and learn the very fundamentals of bits and bytes part of a computer, then learn a highlevel language like C/++, then go on to Assembly. Once you got some experience with programming and computer logic you can start doing some development for iOS if you want to know how to exploit it. It might sound a bit overkill, but just take it step by step. Programming really is the one thing everyone in this field needs to learn, with it so many other answers are answered.
-
C++ Highlevel?
C/C++ was indeed considered high level but some years ago, right now it's considered low-level due to the possibility of editing memory directly.
High level would be Java with a good syntax, lots of stack, buffer protections and other stuff, like VB.
Anyways for those starting I hope you find what you're looking for.
As for WebApp I must say, it will get kinda straight after some reading, as you'll find out most of vulnerabilities are just due to user input and a poor validation, which means that from there you'll only need to know how to code in the vulnerable language to exploit it.
iHackiDevices I wish you luck, you just know your way around C/C++, Assembly, look into reverse engineering and should also check Overfows, heap, stack, buffer.
After all that you just have to defeat the protections such as ALSR, DEP which protect systems from overflowing.
I must say, you're going into the hardest, but also the biggest reward, so good luck :)
-
Hahaha thank you both very much. I realize it is no easy task. And yeah I have started to read c books before. Any recommendations on any books? Also I have realized you can learn a lot from forums so I try to enroll myself in as many of these as I can. I downloaded hacking the art of exploitation version 2 on my iPad and also the C programming language by Ritchie and Kernighan. Thanks again for the help and any other information will be very much appreciated.
-
geohot just likes taking credit for other peoples work. He can do some stuff, but meh. I do not like geohot. But anyways lose the iCrap and get a real phone like ANY Android out on the market and PROFIT xD