Author Topic: please help me with my second step in hacking!!  (Read 6931 times)

0 Members and 2 Guests are viewing this topic.

Offline gr33n

  • Serf
  • *
  • Posts: 44
  • Cookies: 2
    • View Profile
    • Gr33nion.com
please help me with my second step in hacking!!
« on: March 07, 2013, 02:33:55 pm »
Hey guys I really want to start hacking systems but you guys say .. "learn some programming languages" so I did I am learning python and I know quite a bit of php and a bit of c++.
But now where do I go like how do I learn about all of the different exploits?
and how do I actually learn to hack a system?
I find it really hard to figure out how people know what to do when hacking a website or something?
how do I learn these different things?
do I just keep learning programming and learn what security risks different programs and services have?
or what?

I am sorry if this has already been asked and I know it gets really repetitive but I am just stuck on where to go next.

Thanks guys please help me out, Gr33n.

Offline ande

  • Owner
  • Titan
  • *
  • Posts: 2664
  • Cookies: 256
    • View Profile
Re: please help me with my second step in hacking!!
« Reply #1 on: March 07, 2013, 02:37:43 pm »
Without putting too much thought into this: Go for web application security next. That is, security problems with PHP(or other server-side scripts), SQL and HTTP. Alternatively go for software exploitation, which will lead you to C and some understanding of Assembly, machine code and shell code.


If you go for web application security I would recommend doing some PHP project(s) and read up on SQL injection, XSS, RFI, LFI, path disclosure, faulty checking of user input types and CSRF. We have a few of the topics in the tutorial section here. Some you might have to google.


If you go for the software exploitation I would recommend understanding.. Pretty much everything from when an executable is loaded by the OS to the executable exits. Some topics: Memory management, stack, heap, buffers and array sizes leading to buffer overflow attacks and alike. A good paper on buffer overflows is Smashing The Stack For Fun And Profit, Evilzone mirror: http://evilzone.org/docs/smashstack.txt

« Last Edit: March 07, 2013, 02:44:24 pm by ande »
if($statement) { unless(!$statement) { // Very sure } }
https://evilzone.org/?hack=true

Offline gr33n

  • Serf
  • *
  • Posts: 44
  • Cookies: 2
    • View Profile
    • Gr33nion.com
Re: please help me with my second step in hacking!!
« Reply #2 on: March 07, 2013, 02:41:49 pm »
Thanks ande, dude I love you. I really was expecting people to shout at me and say that too many people ask this but thanks I will look into that.

also thanks for the really quick response, Gr33n.

Offline ande

  • Owner
  • Titan
  • *
  • Posts: 2664
  • Cookies: 256
    • View Profile
Re: please help me with my second step in hacking!!
« Reply #3 on: March 07, 2013, 02:44:29 pm »
Thanks ande, dude I love you. I really was expecting people to shout at me and say that too many people ask this but thanks I will look into that.

also thanks for the really quick response, Gr33n.


Updated my post.
if($statement) { unless(!$statement) { // Very sure } }
https://evilzone.org/?hack=true

Offline gr33n

  • Serf
  • *
  • Posts: 44
  • Cookies: 2
    • View Profile
    • Gr33nion.com
Re: please help me with my second step in hacking!!
« Reply #4 on: March 07, 2013, 02:48:46 pm »
Even better Ande thank you for your help man :D

would you suggest I use the " Evilzone's official RFI training script" to help me learn the sql injection and php security exploits?
and thank you for that paper on software exploitation.

Gr33n.
« Last Edit: March 07, 2013, 02:55:37 pm by gr33n »

Offline ande

  • Owner
  • Titan
  • *
  • Posts: 2664
  • Cookies: 256
    • View Profile
Re: please help me with my second step in hacking!!
« Reply #5 on: March 07, 2013, 05:43:07 pm »
Even better Ande thank you for your help man :D

would you suggest I use the " Evilzone's official RFI training script" to help me learn the sql injection and php security exploits?
and thank you for that paper on software exploitation.

Gr33n.

That script is for RFI only, but sure. Have a look.
if($statement) { unless(!$statement) { // Very sure } }
https://evilzone.org/?hack=true

Offline gr33n

  • Serf
  • *
  • Posts: 44
  • Cookies: 2
    • View Profile
    • Gr33nion.com
Re: please help me with my second step in hacking!!
« Reply #6 on: March 09, 2013, 12:28:53 pm »
Hey Ande when you said read up on some php security flaws is this the sort of thing you mean?
http://www.cvedetails.com/vulnerability-list/vendor_id-74/product_id-128/version_id-97802/PHP-PHP-5.3.3.html

also how many things do you think appropriate to learn at once?
Like would you learn web script security and software security at once?
or do you think it better to take some time and learn them separately?

Gr33n.

Offline Sparky712

  • Peasant
  • *
  • Posts: 117
  • Cookies: 14
    • View Profile
Re: please help me with my second step in hacking!!
« Reply #7 on: March 09, 2013, 04:24:00 pm »
You will probably be MUCH better off learning the two individually. pick one and learn it, then learn the other, using your experience with the first one to ease the learning of the second. If you try and learn them at the same time, you will be trying to process information from two sources at the same time, and despite the different languages involved, the chances are, you will mix things up. sometimes doing things one at a time, is more efficient than all at once.

Offline ande

  • Owner
  • Titan
  • *
  • Posts: 2664
  • Cookies: 256
    • View Profile
Re: please help me with my second step in hacking!!
« Reply #8 on: March 09, 2013, 04:47:24 pm »
Hey Ande when you said read up on some php security flaws is this the sort of thing you mean?
http://www.cvedetails.com/vulnerability-list/vendor_id-74/product_id-128/version_id-97802/PHP-PHP-5.3.3.html

also how many things do you think appropriate to learn at once?
Like would you learn web script security and software security at once?
or do you think it better to take some time and learn them separately?

Gr33n.


I would do as Sparky here  says, learn them separately. And that link you posted is software bugs in PHP itself. What I mean by web application security is security problems with PHP code.
if($statement) { unless(!$statement) { // Very sure } }
https://evilzone.org/?hack=true

EMOKDOOM

  • Guest
Re: please help me with my second step in hacking!!
« Reply #9 on: March 10, 2013, 07:54:55 am »
Smashing The Stack For Fun And Profit, Evilzone mirror: http://evilzone.org/docs/smashstack.txt

For some reason i feel like i've seen this somewhere. I think it was suggestion to start with Phrack #49 in some PDF file i read; might of gotten it from here actually.


Offline vezzy

  • Royal Highness
  • ****
  • Posts: 771
  • Cookies: 172
    • View Profile
Re: please help me with my second step in hacking!!
« Reply #10 on: March 10, 2013, 10:04:06 pm »
For some reason i feel like i've seen this somewhere. I think it was suggestion to start with Phrack #49 in some PDF file i read; might of gotten it from here actually.

Yeah, it originated from Phrack 49. It's one of the most iconic and recognized papers on hacking and exploitation ever. Somewhat outdated nowadays, but still viable.
Quote from: Dippy hippy
Just brushing though. I will be semi active mainly came to find a HQ botnet, like THOR or just any p2p botnet

EMOKDOOM

  • Guest
Re: please help me with my second step in hacking!!
« Reply #11 on: March 11, 2013, 07:30:28 am »
Yeah, it originated from Phrack 49. It's one of the most iconic and recognized papers on hacking and exploitation ever. Somewhat outdated nowadays, but still viable.

Got some new toilet reading to do then :]