Hey, IM LOST

[Lionofgod]

Hey people, I really need some help.

I don't know if this is the right forum where i should have posted, but i hope someone can help me.
Im going to start by giving a bit of background knowledge about myself.
I've been that brown kid who's been sitting at his computer since he was 4 playing tonka truck games. While i was growing up i spent my time playing MMo's and doing my fair share of torrenting games, mounting ISO's and using cracks. Then i get into grade 8 and its all about using sony vegas, Autodesk 3ds max, gimp and Photoshop .
Now I'm in grade 9. Compared to the average white kid at my school i know that i KNOW my way around a computer, as in i can follow instructions. i know how a computer is organized and all that until the point of registry and internet. I draw a total blank their.
Then all this talk comes up about TCP/Ip and hexadecimals. Like, i know what an ip address is (kind of) and i know what linux is (although i don't understand the purpose, just the fact that its an OS) but i really have that desire to know computers.

This is pretty general so let me go in deeper. I know a bit of HTML and a bit of JAVA. I'm no pro, when i say Photoshop and knowing my way around a computer, I'm not bragging because I know every person on this forum is probably better than me at this stuff. I just want to know where to start.
I don't want to be that newb who everyone hates on because he thinks he's cool for using some program to hack into stuff for him. i want to know what I'm doing. Some places say  i should start by reading a book, and learn about how the Internet works, or learn java for dummies. Others say to grab some source code and a compiler/editor and figure it out. Others also say to get a unix OS and do something.

I really don't know where to start. I feel like theirs an endless void full of knowledge sitting in this 21" screen but i do not know where to start. People say I should get straight down to hacking and learn PHP, SQL and all that. I got a java book, went about half-way through it and i was amazed. The thought of classes was amazing. But i got bored.
I just need someone to tell me some way to start, where to start, tell me the materials i need AND i will start torrenting it and get reading (or i might just get it from the library).

Basically, my question is, i'm lost what should i do? (in the context of hacking, programming, scripting (whatever you call it) Lastly, can someone post some other forums for help, this CyberXtreme.info site doesn't work anymore and everyone talks about it.

[PublicEnemy]

i just want to know where to start.

You need to find the "Enter" key on your keyboard.

[Lionofgod]

Alright
But im serious man, can you please tell me where to start???

[PublicEnemy]

Yes, start by editing and reformatting your post.

[Lionofgod]

Alright, Anything else before we delve into the heart of the matter?

[ande]

Alright, Anything else before we delve into the heart of the matter?

I fixed your post. Try using new lines next time. No worries, cheers.

I don't got time to write a long reply right now, but I will try writing one once I got time, hopefully a little later tonight or tomorrow. If no reply appears by tomorrow, just bump the thread and ill reply then

[Lionofgod]

Alright Thanks, I'll remember to keep my posts nice and tidy next time

[iTpHo3NiX]

Well it depends on how you learn and what you want to learn. For example, do you learn by reading, watching, or doing? As far as what to learn, what do you want to do? Root servers, Program a game, reverse engineer programs, etc.

To help you better I would need to know more of how you learn and what you want to learn.

There is no real starting point. There is a start, but you would need to narrow it down. For example if you wanted to program games for a PC platform, I wouldn't suggest spending your time learning PHP, SQL, and various web programming languages, rather then C++ or a C variant. Now just the opposite if you want to learn how websites work and want to get into rooting servers, developing web applications, finding POCs and 0days and securing a website, then you will want to learn PHP, SQL, etc.

So come back with some more information and users will be able to help you more with were to begin.

[ande]

Yes, I totally agree with iTpHo3NiX. However, it might be hard to even narrow things down when you don't know whats out there.

I will try to categorize the computer knowledge topics and also write a little bit about what you need to learn in order to understand the various categories.

• General computer knowledge
• Programmer knowledge
• Application security
• Web application security
• Other security
• Hacker

Now, okay. This is just a list I came up with right now, it takes care of all the aspects I can think of right now.

General computer knowledge
This one is the category which in my eyes, everyone that uses a computer should know.
This category will take care of the day to day use of applications, software, games and Internet wisdom. This category does not go in depth on any topics, its like a primer before you go any deeper into the system(s), the average user should know this stuff.

This category should discuss topics like

• GUI and CLI application usage, common sense and how things normally work
• Operating systems, use of OSX, Windows and Linux. Differences, weaknesses and features
• Common sense in the Internet

To learn this stuff you would need a little bit of interest in computing and just take it from there. Use your computer as much as you can. Perhaps read up on a book on Operating systems, as this topic is quite large.




Programmer knowledge
This category is for people who are creative, who want to create software / applications / services. There is many levels of programming knowledge, in todays world you do not necessary need to know anything about hexadecimal, binary, bits and bytes to be a programmer. However, I do encourage you to learn the very fundamentals on how computers work if you want to become a good programmer. With this knowledge, you should be able to create any kind of program, service or application in one or more languages(including scripts(perl, python, php, bash))

This category should discuss one or more of these topics

• The .Net framework programming languages (VB, C#, C++, (J#?))
• Native C or C++
• Perl or Python
• PHP with MySQL

These topics is a little harder to learn by using your computer alone, so you would most likely want to get a book, tutorial site or community were you can gain knowledge about your topic. Some general knowledge is also required here, as for PHP and such you would need to setup a local or remote server to do testing etc.




Application security
This category will take care of security and hacking surrounding applications and services. This is one of the larger part of the "hacking" topic. This is definitely a category you must know in order to become a good jedi hacker.

This category should discuss topics like these

• Buffer overflow
• Stack overflow
• Programming security with non-typesafe languages
• General understanding of the underlaying concepts of programs and computing

These topics is very much based upon knowledge about programming. If you cannot do any programming, you will fail at this category. General computer knowledge is also very much required here.

Learning these topics, I suggest you learn one or more low-level programming languages and gain all the knowledge that comes with that, aswell as C or and C++. Then you should get some form of security book regarding application security.




Web application security
In todays world, web application security is posing the biggest security issues. Web application security is in a broad term, all hacking you can do from your browser. Meaning, PHP or other script engine flaws, SQL injection, remote file inclusion or remote code execution, local file inclusion or local file execution and so on and so forth.

This category should discuss topics like these

• Web servers
• SQL
• SQL injection with multiple script engines
• Code execution flaws
• RFI, LFI, XSS, CSRF

There are tons and tons and tons of tutorials for all of these topics out on the web, however. I do really, REALLY recommend you learn PHP with MySQL when learning XSS, RFI, LFI, CSRF and SQL injection. I read a ton of tutorials about these topics before I learned PHP, and I could exploit these type of vulnerabilities, however. I did not understand the underlaying happenings, and therefor limited me to only the type of flaws I had read about, not self-evolution of the flaw types.

This category does require some general computer knowledge, perhaps read up on TCP/IP aswell, there is many good books for it.




Other security
Security is a VERY broad aspect, there is physical security, social security, virtual security and so on. One who wants to learn x security may not want to learn y security, and so on. Therefore its important to know what topics within security you want to learn.

This category should discuss topics like these

• Social engineering
• Physical security
• Lock picking
• Pickpocketing
• Privacy

Same goes for this category, there is tons of tuts on it out on the web. But there is also a TON of books about these things, so for these topics, I would personally get some books.




Jedi Hacker
Okay, so. This category is a little special, because, being a hacker you don't need to know everything above. But you need to know alot of them.

This category should discuss topics like these

• 10 or more of the topics above

To learn this, learn everything else.





I hope you learn something from this awfully long reply, if you got further questions, do ask
Also, for all others, if you see fit for more topics or believe I am totally wrong. Do comment.

[Lionofgod]

Thanks a lot man!
     After looking at your post, i figured that I probably want to start with general computer knowledge then I'll go on to web application security, and i think I'm more of a read and then try it out myself type of learner.
I'll probably start going into programming next year, I'm taking a grade 10 course on java.
Once again, Thanks, you really helped sort things out
Any books you guys want to suggest??

[ande]

Amazon.com, check their computer/programming/Internet category. And read user reviews and book descriptions, alternatively, get it as PDF, read up a little on it, if you like it buy it.

[iTpHo3NiX]

For general computer knowledge take a look through an A+ book. That will get you familiar with all of the components. Then I suggest you pick up a busted computer somewhere and then rebuild it, finding whats wrong and fixing it. This way you learn the hardware aspects of computers.

As for web application security you are going to need to learn a web development language, most notably PHP. Most sites these days are PHP and in order to secure them, you need to learn how to program with it. w3schools has a great PHP tutorial where it teaches you the various aspects of building PHP scripts and will be really good in teaching you the variables. Also if you stop by IRC, there are a lot of knowledgeable web programmers in there (including ande) and whenever I need help with a PHP script I writing its my first stop.

PHP from w3schools: http://www.w3schools.com/php/default.asp

Hope that helps getting you started. Also in the ebook section I believe I uploaded some A+ books

[Lionofgod]

Thanks,
I've been doing a bit of reading and i picked up a book on unix.
Do you think it would be worthwhile to learn how to use unix?
Good skill or should i stick with windows for now???
 

[iTpHo3NiX]

Well Unix is pretty universal... Lol anyways it would be best to learn your way around a linux distro and the command line. Some, well most, hacking programs that you would commonly use for hacking are developed for a Linux Distribution. I would suggest checking out BackTrack. This is a Penetration testing distro and has a lot of tools to learn from.

[pl4f0rd]

Well Unix is pretty universal... Lol anyways it would be best to learn your way around a linux distro and the command line. Some, well most, hacking programs that you would commonly use for hacking are developed for a Linux Distribution. I would suggest checking out BackTrack. This is a Penetration testing distro and has a lot of tools to learn from.

I would suggest getting familiar with Ubuntu which is a little more user friendly than Backtrack at first.  To use some of the tools in BT you have to know your way around linux pretty well.  You can get most of the hacking tools installed on Ubuntu too.