EvilZone
Hacking and Security => Hacking and Security => : Phage January 14, 2013, 10:28:21 AM
-
I have seen a lot of members asking for a tutorial on "where to begin with hacking". So here is my opinion about how they should get around starting.
There are three types of hackers:
White Hats:
The White Hat hacker has dedicated himself to fight malware and help others with their computer problems. He is a person you can trust, and he will most likely end up in a good paying job as a computer programmer or a security consultant. He will most certainly not end up in jail.
Grey Hats:
The Grey Hat hacker are in between white Hats and Black Hats. He will most likely commit pranks at people that he thinks is harmless, but it can also be illegal. He can at one time be helpful and help you with a computer problem, but at the same time infect you with his own virus. There is a chance that the grey hat will end up in prison.
Black Hats:
The Black hat hacker also known as a cracker is the one who deface websites, steal private information and such illegal activity. It is very time consuming to become a black hat. It can be very hard for them to get a job because of the illegal activity. If law enforcements gets you, you can expect jail time.
So where to start?
You should know the answer to these questions before you start your hacking career.
- Which type of hacker do you want to be (white hat, grey hat or black hat)?
- Which type of hacking do you want to work with (website hacking, system exploits, pentesting etc.)?
- What is your end-goal?
You should meet these requirements to become a successful hacker.
- You shall be patient.
- You shall dedicate a lot of time to hacking. You will never stop learning, since hacking is a lifestyle.
- You should have a computer (I expect you to have one since you are reading this).
- You shall be interested in how the different computer systems works, and how to control them.
Now that you have an idea of what kind of hacker, you want to be we will look closer into the different topics you can work with as a hacker.
Website Hacking:
You properly already guessed it, but website hacking is about hacking websites. You use your skills to find exploits and vulnerabilities in websites and web applications. Almost all major hacking stories in the news are about websites and databases that have been hacked. Once you have enough experience in website security you will be amazed about how easy it is to find vulnerabilities in websites. However, it will take a lot of effort and time to reach that level of skills. You will need to know a large amount of server-side languages and website construction languages like PHP, HTML, JavaScript, SQL, ASP, ASP.NET and Perl. This was just some of the languages you should know about. I will recommend you to take JavaScript, SQL and PHP very serious since it is in those languages you will find the most vulnerabilities.
Pen testing and Forensics:
Pen testing and forensics can earn you big money. It is these guys the company’s call when they have been hacked. They are experts in operating systems, wireless connections and exploiting computers. This way will take A LOT of time and effort since there is so much you should know about. You shall know about how the different operating systems works, which exploit there is to them, how to exploit them, routers, encryption, malware etc. the list is almost endless.
Code exploiting:
Not many people know about this. This will require you to be a complete expert at programming. You shall be at least as good at these programming languages as your main language like English. This kind of hacking is taking a lot of time, and will require you to be patient. Do not get me wrong, every company that releases software like Symantec, Google, Microsoft, Adobe, and Oracle have hackers with these skills employed to check their software for vulnerabilities. Sadly, they cannot find every security hole and therefore some very smart black hat hackers are able to find them, and exploit them before the companies get the vulnerability patched. You should know the most popular languages like C++, Java and C etc.
Computer security:
The work these people do looks a lot like the pentesters. These people is able to detect and analyze new viruses and malware. They are working for companies like Symantec, KasperSky and Avira etc. Some of them are also working on labs that tests AV’s and new viruses. They are experts in how viruses works and how they infect systems.
You should now have an idea on where to start and in which direction you want to go. If you found any errors or typos feel free to contact me, and I will look into it. I will be updating this thread recently and add more details. I will soon add a dictionary, which explains the most basic hacking terms. I have putted a lot of effort in this tutorial and my goal with this tutorial is to give computer-interested people an idea of where they should start.
To the so-called “noobsâ€, who reads this:
I hope I have inspired you to begin at hacking. I hope that I have cleared things up a little bit, so it does not seem so messy anymore. If you have any questions or something you did not understand, I would gladly explain it to you again. Welcome to the hacker’s world, a new world will open up for you and you will never regret that you chose to become a hacker.
Please read my other article about what hacking is to get a better understanding about what hacking actually is.
https://evilzone.org/high-quality-tutorials/what-is-hacking-9398/
-
Not bad. Has enough keywords that will enable newbs to find and research what they need to research to get started. I would also add some statements to encourage people to Search, search and search some more before asking or before giving up on anything. That almost all answers and knowledge is already there in the interwebs and all you have to do is find it (google it), understand it, and apply it.
These are obvious common sense things, but unfortunately common sense is not that common.
-
This isn't very bad. A quick summary, good for new people :) hopefully we will see less such questions. Since we don't have that many stickies in this board, I hereby declare this thread to be stuck!
-
there you go Phage.A single tutorial and it gets stuck, an increase in karma .etc. Make more tutorials and you should become VIP in no time! You definitely have the material and know your stuff. Oh of course +1!
-
Thank you all guys! I'm really appreciating this, and i listen and reads all of your comments. The last year or so i have been working with getting people started on hacking so I have seen a lot of the "skid" questions. I got tired of it and created this thread to answer most of the questions. But I will also say that i love helping people so I will of course answer all questions related to this.
-
This is a really good intro guide. Most people that want to learn how to "hack" is because some friend on facebook posted something they don't like and they want to press a button and make it go away. Your guide shows that hacking is more of a lifestyle almost, an entire mindset instead of a one time script run. +1, great work :)
-
thanks a lot for this thread it made me realize what I'm interested in .I'm interested in Pentesting and code exploiting . I'm a network engineering student , and I know enough about networks , protocols , and basic security issues . I know programming too in c/c++/c# most experienced in c , can you tell me what my next step should be ?? any help is appreciated
-
Really I wish I had this guide 4 years ago when I got into hacking, I'd probably be alot better than I am.
-
You know guys, this is why i make these tutorials. When somebody tells me that I have helped them it really boosts my enthusiasm. You guys are only adding more happiness to this awesome day, I have had one of the best days in my life today!
-
Thank you for the short but useful guide! I'm a beginner and willing to learn and sacrifice a lot of time into the art of hacking however it is a bit intimidating when you have no idea where to start. I think I'll get back to learning PHP and stuff and head into the web exploiting :)
-
I think the best advice really is, learn.
Web exploits and vulnerabilities? Learn about HTTP protocol, DNS, sockets, TCP/IP, SSL, whatever!
Want to rip into programs? Learn ASM and programming languages. Read lots of code. Learn how a PE executable works, among all others.
Remember one thing: it won't be easy, and it won't be fast. It will take years to learn enough to be competent, and you'll never ever stop learning once you start. Hacking and programming is for life.
-
Just wanted to thank you for the head start, and will start with website hacking/exploitation. :)
Any advice to start would be great! ::)
I think I'll head on over to google and learn javascript.
Cheers! ;D
-
Thanks for the great summary, This is a perfect guidelines for knowing what first is first. :) :) :)
-
Ok I'm interested in pen testing and forensics and I found a book called Understanding Operating Systems 6th edition would this be a good place to start?
-
Ok I'm interested in pen testing and forensics and I found a book called Understanding Operating Systems 6th edition would this be a good place to start?
That's more of a textbook about the theory and components of operating systems (kernels, IPC, file systems, mutexes/semaphores, interrupts, concurrency, system calls, shared libraries, display management, bootloaders, etc.) than anything related to your areas of interest.
-
Ok any advice on where I can learn the practical things about OS(s) for pen testing
ps. What is the plural of OS :P
-
@Traitor4000; look up 'OS dev' and check out OS Dev Wiki (http://wiki.osdev.org/).
Also, the plural for "OS" is typically "OSs" or "OS's". The former is technically more English-correct but the latter is more common, but oft context-specific. An apostrophe usually implies possession. Example: "The OS's kernel is responsible for providing an API for software to interface with hardware resources." This indicates that the kernel of AN OS, singular, has a responsibility. This is in opposition to: "Many OSs provide a micro-kernel." In such case, the subject matter involves multiple operating systems. Many spell checkers may also insist upon "OSes", but it is not a de facto standard even though it may be considered de jure. So, officially, "OSes" is 'most correct'[again, de jure], but "OS's" is 'most common', and "OSs" is an appropriate compromise as it is not a direct English violation nor ambiguous.
-
Thank you for this amazing guide! I am new to hacking and this made a lot of sense, right now i'm pretty much working on my scripting skills but I know quite about about networking analysis and hoping to move forward into more complex subjects. Once again thank yo u very much for this!
-
so which programming language is best to start of with ??? am currently studying and practising C ;)
-
so which programming language is best to start of with ??? am currently studying and practising C ;)
Why not just stay with C then?
-
Did anyone read this
http://www.catb.org/~esr/faqs/hacker-howto.html (http://www.catb.org/~esr/faqs/hacker-howto.html)
-
When you're on your way to becoming a great and fearsome hacker make sure to start building from the right foundation.
Don't wait to score big to build a new online identity. Everything leaves a trail these days and it's a must to start hacking while building a very good operational security routine.
1. Never mix your dark and public identity.
2. Never use the same computer for hacking and your social life.
3. Make sure to build the right environment to work with. Use operating systems like TAILS or Qubes and learn to use them instead of mainstream OSes.
4. Make sure to have a media-entry point which is not traceable to you.
5. Use vpns/proxies/shells/tunnels or whatever in as complex combination as possible.
and the most important of all : DON'T GET SPOILED OR LAZY OVER TIME.
Happy days.
-
thank you very much i though i am on the wrong directio when
i took computer science course, you open my closed doors now im
sure were im headng thanks alot :)
-
What about "system hacking" ( Computer security?)
Where would I start if I wanted to learn how to access someone elses computer, without them knowing, and be ale to go through their stuff???
-
Thats a very broad question and I don't know why I answer it as you seem to be a one-time poster. I'll just give you a little list:
1. learn programming to be able to write your own malware (or at least to be able to understand the malware you downloaded somewhere)
2. Social Engineering (get your victim to do something he would normally not do)
3. Networking (as you want to have access to a machine you want to have access to the network in some way)
4. remote exploitation :)
5. If it is not targeted maybe something like XSS?
6. Operating Systems (you can't exploit something you don't know enough about)
In the end you won't come very far. Guess you will end up typing random commands in the metasploit framework you don't understand. You totally have the wrong mindset.
Cheers,
RBA
-
This tut was just great, god, THANK YOU. +1
But here's a question for you; (sorry if it's stupid, total n00b talking here) but despite the fact that all these branches in hacking take up so much time, energy and of course, memory, is it possible to pursue two very different ones? Thanks. :3
-
Do what you like, learn what you want to. Otherwise it's going to be a long ass road.
-
Thank you. Although I have been a member of this site for a while I have yet to commit to learning more on this subject. I am going to be starting some reading immediately though. E-books here I come. I do have to say that even though this clears some things up the task of picking where to start is still daunting. :)
-
I might write an extended update to cover more things, and include some references.
-
Firstly thanks for this guide, really helped me to get started. I didn't know that hacking had lots of variations in it anyway, I'm totally interested in learning about penetration testing and forensics but I have no idea where to start and how to proceed about.
Status: Ultra nOOb (will learn quickly if guided well)....
-
Firstly thanks for this guide, really helped me to get started. I didn't know that hacking had lots of variations in it anyway, I'm totally interested in learning about penetration testing and forensics but I have no idea where to start and how to proceed about.
Status: Ultra nOOb (will learn quickly if guided well)....
Case is, in 99% of the time you're going to have to study on your own. Hacking is a world of self-teaching. As you probably already guessed, Google should be your best friend from now on. I'm sure, if you look around, you'll find guides on what's relevant to your journey. Otherwise, join the IRC channel. There are far more knowledgeable people on there than me, when it comes to pen-testing etc.
-
Thank you for the instructions but, I always wanted to learn how to exploit security holes[more like reverse enginering]. Tell me what i should learn next, I tried C,Python and they're not interesting to learn myself I get bored, do not have time to spend about 4-5 hours on coding. I already know how to program/code websites, html,css,not a lot of javascript but more of jquery.
-
Thank you for the instructions but, I always wanted to learn how to exploit security holes[more like reverse enginering]. Tell me what i should learn next, I tried C,Python and they're not interesting to learn myself I get bored, do not have time to spend about 4-5 hours on coding. I already know how to program/code websites, html,css,not a lot of javascript but more of jquery.
Are you kidding me? You will never learn to program, if you don't want to spend a lot of time on it. Besides, for reverse engineering I suggest find a good book about ASM and reverse engineering.
You have worked much with Javascript, but a lot with jQuery? WHAT? jQuery is Javascript...
-
One should try and start with Kali Linux. Brilliant set of tools to exploit vulnerabilities. Am a beginner here but am trying to get there.
-
One should try and start with Kali Linux. Brilliant set of tools to exploit vulnerabilities. Am a beginner here but am trying to get there.
That's probably the worst tip ever. If you follow this advice, you will become a skiddy and lose all credibility. Tools itself are not bad to use, but you need to understand why and how they are working first.
-
I absolutely agree with your statement. But it's a good place to start wherein you can do research and experiment. I myself am a beginner hence am just beginning to understand the scripting. Any tips where to start as per your knowledge
-
I absolutely agree with your statement. But it's a good place to start wherein you can do research and experiment. I myself am a beginner hence am just beginning to understand the scripting. Any tips where to start as per your knowledge
Yeah, but you will become lazy. "Why should I learn the sql syntax, if sqlmap does the work for me?" , will become the result.
My tips:
-Pick a topic that you are truly interested in e.g network, web security research etc.
-Learn everything you can find about the topic
-use wargame-like sites to test your skills e.g:
overthewire.org
securityoverride.org
- don't use tools , if you can do it by yourself :)
These tips are pretty universal, but there is no other way.
-
couldn't agree more about needing to know how the toold actually work. you can use the scripts that are provided by kali and you might get a hit, however, you're much more likely to know how to hack something by knowing what you're actually doing.
Start with the OSI model. If you don't know that then there is not point in even starting.
-
I like 'Computer Security' I'm really interested on the Security Research. What about the career opportunities? I'm not seeing more opportunities on this. Can anyone advise me on this?
-
The last howto by Eric S. Raymond: "How to learn hacking (http://www.catb.org/esr/faqs/hacking-howto.html)", I think should be interesting for the purpose!
-
Thank you for giving clear instructions and ideas.I am new to this hacking world.got a good view.
-
I'm new to this site, but it seems somewhat unfriendly. I read the before you begin in introduction and the "My Advice For People Who Just Joined" and I almost didn't join.
Don't ask for someone to help you? Well then why have a forum. Ha ha.
Don't get involved if you don't know anything about it. Really? Then how do people learn??
I'm not sure if I belong here because I am looking to learn. Thoughts?
-
I'm not sure if I belong here because I am looking to learn. Thoughts?
Do whatever you like, but you took the advice too literally.
-
I didn't mean to. I'm just really new and don't want to waste anyone's time. Have someone give me a virus for asking "dumb" questions, etc.
-
I didn't mean to. I'm just really new and don't want to waste anyone's time. Have someone give me a virus for asking "dumb" questions, etc.
Please say you're trolling, please.
-
@AnonGirl - Go introduce yourself. Delete your last post - that was just thoughtless. And then go learn and realize what you said was wrong. Welcome to EZ.
@Phage - Congratz on 1111 posts.
-
New to the forum not the game. Great read! Thanks.
-
i have just learned something in this 5min reading +1
-
Thanks sir, is really helpful.
-
nice lecture from the admin, thank you.
-
HQ tutorial Phage Keep it up man! 8)
-
Very smart? I would rather have used the word, "dedicated".
-
i am grateful for this post. i have some knowledge in programming with a few languages and i will definitely take time to follow your post thank you
thumbs up
-
That writeup makes a lot of sense sir, i really like the way you break things down for those that don't quite understand all the details and subcategories of hacking. Excellent job :)
-
wow great guide for a noob like me..thnx
-
thanks a lot, this post gives me clear mind and direction where should i start learn hacking. Keep inspiring! god bless you :)
-
well i need to start somewhere, and this is a great start as i start getting more free time.
-
You inspired me really hard man! I have been thinking about my ICT career, I am studying now 4 years as a web designer / graphic designer... and they always asked me to come in the coding / security world, I always said "no thank", now I ended up here and I pretty much like it! Thanks bro
-
You inspired me really hard man! I have been thinking about my ICT career, I am studying now 4 years as a web designer / graphic designer... and they always asked me to come in the coding / security world, I always said "no thank", now I ended up here and I pretty much like it! Thanks bro
...the f*ck?
-
Thank you for the time that you have invested and the effort that you have put in to write this post. :)
Things get clearer and, finally, I've got an idea what do I approx. need and what directions to stick to.
-
Wow, i most say well put together tutorial. I am bit new to the hacking world.
I do know now whats my interest is in, thank you for the time you spent on this.
Love One
" The Mind is a trouble thing to waste"
-
+1 inspired me to continue my dream to hack the world bank when I was a child.
-
Thanks...i'm beginner and i'm ready to learn... :D :D :D
-
Thank you for this. Great post.
-
expert hacker like kevin mitnick :V
-
Read it and acknowledged :)
-
I have seen a lot of members asking for a tutorial on "where to begin with hacking". So here is my opinion about how they should get around starting.
There are three types of hackers:
White Hats:
The White Hat hacker has dedicated himself to fight malware and help others with their computer problems. He is a person you can trust, and he will most likely end up in a good paying job as a computer programmer or a security consultant. He will most certainly not end up in jail.
Grey Hats:
The Grey Hat hacker are in between white Hats and Black Hats. He will most likely commit pranks at people that he thinks is harmless, but it can also be illegal. He can at one time be helpful and help you with a computer problem, but at the same time infect you with his own virus. There is a chance that the grey hat will end up in prison.
Black Hats:
The Black hat hacker also known as a cracker is the one who deface websites, steal private information and such illegal activity. It is very time consuming to become a black hat. It can be very hard for them to get a job because of the illegal activity. If law enforcements gets you, you can expect jail time.
So where to start?
You should know the answer to these questions before you start your hacking career.
- Which type of hacker do you want to be (white hat, grey hat or black hat)?
- Which type of hacking do you want to work with (website hacking, system exploits, pentesting etc.)?
- What is your end-goal?
You should meet these requirements to become a successful hacker.
- You shall be patient.
- You shall dedicate a lot of time to hacking. You will never stop learning, since hacking is a lifestyle.
- You should have a computer (I expect you to have one since you are reading this).
- You shall be interested in how the different computer systems works, and how to control them.
Now that you have an idea of what kind of hacker, you want to be we will look closer into the different topics you can work with as a hacker.
Website Hacking:
You properly already guessed it, but website hacking is about hacking websites. You use your skills to find exploits and vulnerabilities in websites and web applications. Almost all major hacking stories in the news are about websites and databases that have been hacked. Once you have enough experience in website security you will be amazed about how easy it is to find vulnerabilities in websites. However, it will take a lot of effort and time to reach that level of skills. You will need to know a large amount of server-side languages and website construction languages like PHP, HTML, JavaScript, SQL, ASP, ASP.NET and Perl. This was just some of the languages you should know about. I will recommend you to take JavaScript, SQL and PHP very serious since it is in those languages you will find the most vulnerabilities.
Pen testing and Forensics:
Pen testing and forensics can earn you big money. It is these guys the company’s call when they have been hacked. They are experts in operating systems, wireless connections and exploiting computers. This way will take A LOT of time and effort since there is so much you should know about. You shall know about how the different operating systems works, which exploit there is to them, how to exploit them, routers, encryption, malware etc. the list is almost endless.
Code exploiting:
Not many people know about this. This will require you to be a complete expert at programming. You shall be at least as good at these programming languages as your main language like English. This kind of hacking is taking a lot of time, and will require you to be patient. Do not get me wrong, every company that releases software like Symantec, Google, Microsoft, Adobe, and Oracle have hackers with these skills employed to check their software for vulnerabilities. Sadly, they cannot find every security hole and therefore some very smart black hat hackers are able to find them, and exploit them before the companies get the vulnerability patched. You should know the most popular languages like C++, Java and C etc.
Computer security:
The work these people do looks a lot like the pentesters. These people is able to detect and analyze new viruses and malware. They are working for companies like Symantec, KasperSky and Avira etc. Some of them are also working on labs that tests AV’s and new viruses. They are experts in how viruses works and how they infect systems.
You should now have an idea on where to start and in which direction you want to go. If you found any errors or typos feel free to contact me, and I will look into it. I will be updating this thread recently and add more details. I will soon add a dictionary, which explains the most basic hacking terms. I have putted a lot of effort in this tutorial and my goal with this tutorial is to give computer-interested people an idea of where they should start.
To the so-called “noobsâ€, who reads this:
I hope I have inspired you to begin at hacking. I hope that I have cleared things up a little bit, so it does not seem so messy anymore. If you have any questions or something you did not understand, I would gladly explain it to you again. Welcome to the hacker’s world, a new world will open up for you and you will never regret that you chose to become a hacker.
Please read my other article about what hacking is to get a better understanding about what hacking actually is.
https://evilzone.org/high-quality-tutorials/what-is-hacking-9398/
So you've told me where to begin and what i want to be. How do i start though, do i like start with a random tutorial or is there a series? I know i might be sounding childish but, i still don't know where to begin. I want to become a pentester/forensics but is there a whole bunch of tutorials showing how to become one? ;-; Or is there like a section for each tutorial. Other than that, this tutorial cleared my mind alot. Thank you <3
-
This post is really cool, but there is missing a more objective one...
this is a good guideline, and i really liked it.
-
People should try the resources here:
https://evilzone.org/hacking-and-security/great-linkstools-to-learn-from/
-
Well so that was an incrediblue post!
I believe that a lot of people has now a clear opinion about what hacking is...especially when you explain the black,grey and white hat hackers is, because almost everyone without knowledge believe's that the word "hacker" is only something illegal! ;)