You must have come across such questions on forums and message boards. You must have also noticed the reactions of irritated (mostly experienced K-Rad Elite Hackers) users who curse, spite and make such people feel worthless, as scums of the internet. Imagine asking this shitty question on Stackoverflow? You could count yourself lucky to get zero answers, than the usual barrage of word wrenching, agonizing comments with all sort of ill names. It was much worse in the 90’s and early 2000’s. Random kids log into a serious IRC channel and begs someone to teach them how to hack. They get to be called all sort of derogatory names before being kicked out. The frustrations of the elite K-Rads is 100% inversely proportional to the absolute sheer ignorance of these kiddies with infinitesimal knowledge of what hacking is or what it is about. But don’t worry, I will explain that frustration in this article. Keep reading. I promise you, if you follow all that is written in the next few paragraphs, you will have a great compendium of information of what hacking really is. Let’s go….
First things first, Elite K-Rads usually get upset when someone asks “how to hack” because frankly THERE’S NO SUCH THING AS HOW TO HACK”. Think about it, if they really was a thing as “how to hack”, then it will be easy for system administrators to keep you out permanently. They are thousands of professional cybersecurity experts whose sole job is to keep people like you out of networks and secure systems and they have been doing that long, long, LONG before you were born. Long before the term “cybersecurity” was even a “thing”. White bearded, real K-Rad hackers are usually hired to safeguard networks, top of their game, and highly experienced. These are the kind of people you would want to be like, before having a little chance on your dream.
Now let’s get the obvious stuff out of the way:
You are lame and possibly a waste of time. Please realize this. You know nothing of what you think you want to know or how to go about it.
You probably want to “know how to hack” after you saw a Hollywood movie where a guy putting on a black hoody hacked NSA by typing fast on a keyboard within 30 seconds. Or maybe you saw your friend use an already made script off the internet to hijack a random computer which so happens to be a Windows XP box used by a grandma in Australia. You are not worthy of anything resembling a hacker or cracker, so don’t walk around calling yourself that just because you saw Mr Robot Tv Show. The more you do, the more you won’t meet anyone to help you.
Again, you are wasting your time. Real K-Rad hackers (not you or your shitty script kiddie buddy) spend all their insomniac hours reading and tinkering. Most hacking are usually done without the close proximity to a computer at the first stages. Some hacking could be tinkering intricate parts of your operating system like building your operating system from scratch (Linux-From-Scratch), configuring and building the Linux kernel or stuffs like that. How can you even begin to hack without understanding of a host operating system?!
Now, with the obvious stuff out of the way, let’s begin: How do I start?
Have you tried READING? I will assume you know how to read. Stay away from your computer because you sure as shit don’t know what it is. Read everything and anything you can in on computer security, networks and operating systems. I don’t care if it’s out of date, the foundation is pretty much the same and it’s still very relevant.
STEP 1 : RECOMMENDED BOOKS
- Modern Operating System by Andrew S. Tanenbaum -pay more attention to file systems, kernel (Unix, Linux, NT), Shell Scripting.
- Unix For Dummies by John Levin - necessary to understand the operating system that powers most servers.
- The Unix Programming Environment by Brian Kernighan & Rob Pike
- Go to linux.org and read everything there
- The Linux Programming Interface by Michael Kerrisk
- Read up on : [IP Addresses [public & private IP Addresses] [ IPv4] [IPv6] [static & dynamic IP Addresses] [MAC address] [MAC Address spoofing] [DNS] [DHCP] [ARP - Address Resolution Protocol - IP TO MAC] [NAT - Network Address Translation - To facilitate connection from a public IP address to a private (localhost) IP address] [The OSI Model & Examples of each layer process] [TCP/IP Model - an abstraction of layer 4 in the OSI Model. They are 4 layers. Learn them - TCP, UDP - They are the train station of the internet] [Learn how VPN works via encapsulation] [Firewall - you will meet a lot of it] [Learn how Routers work]
- Quickly breeze through HTTP Requests - learn how to use your shell to form HTTP Request and modify headers to get back HTTP Response. This is a little practical play on layer 7 of the OSI model, to get an idea of how HTTP works.
- Now, chew on the RFC’s - RFC means Request for Comments. It specifies the standard (protocol) of the internet.
RFC 791 - Internet Protocol
RFC 792 - ICMP (read this carefully)
RFC 1034 & 1035 - They form the basis of the modern internet
RFC 5322 - Standard for electronic mail and Internet Message Format
RFC 5321 - Specifications for Short Mail Transfer Protocol (SMTP)
STEP 2 - WELCOME TO STEP 2. This step is extremely crucial. What is step 2? REPEAT STEP 1 ALL OVER AGAIN!!! Read everything again - this time, read much slowly. You need a firm grasp of step 1 on order to assimilate. When you finish reading step 1 for the second time, head over to step 3.
STEP 3 - INSTALL LINUX
DO NOT install Kali Linux. Because :
A. Kali is filled with hundreds of tools and scripts that you know nothing about
B. Contrary to lots of myopic opinion, Kali Linux is for penetration testing. Even though they are several attack tools, you’d be stupid to use them now, when you know nothing about them, how they work and inability for you to attack a specific target, other than any random vulnerable box. Don’t be a script kiddie.
Install Debian Linux or Slackware Linux (pretty much any distro, but these 2 listed are super flexible like bubble gum). Play around with the Linux directories. Learn BASH scripting. It’s fun yea …!
STEP 4 - LEARN PROGRAMMING
- Start with C++ ( not python….NOT PYTHON!)
- Read “Teach yourself C++ in 21 days - the only way to escape learning C++ is to learn C which is like jumping from the frying pan into the fire. And if you must escape C, then you must learn Assembly (which will become jumping from the fire, into a volcanic molten lava). So stay safe with C++. You just have to learn from the C family. It’s the native language of all operating systems and many hardware.
- Learn Perl. Yes Perl programming. There’s a reason why most of your favorite Kali Linux tools are written entirely with Perl. Perl is excellent with text parsing. Perl shines with text processing & performs 20x more than Python (real benchmark statistics). Python may have a far wider reach, but you will want Perl’s one-liner to extend to your bash script. Perl is wonderful for shell script. Read [Perl Programming] & [Perl Cook Book]
- Read [Head First Java 2nd Edition] - Get clearer perspectives on Objects & Classes.
- Read [Head First Python 3rd Edition] - We can’t ignore python because of its vast libraries (that’s just it..it’s libraries). They are good libraries e.g most malware are written in C & C++ but Python has a library, ctypes library, so you can call C functions. You can even call Windows API with Pywin32. Python has vast libraries to do lots of shit and so for that, we must learn it, BUT PYTHON COMES LAST ON THE CHAIN. At this juncture, after coming this far, you have successfully earned my respect
STEP 4 - Ok, run Kali Linux (preferably from a flash drive ) on persistent mode. Time to play with those tools and script. But unlike before, you now have a clearer perspective and a sharp mental index. You wouldn’t want to use those tools to do kids stuff. Now, you want to see HOW those tools work, the modus operandi, the techniques. Of what use is a dictionary attack or a rainbow table technique when your target machine’s password length is
15 characters mixed with special characters, numbers, symbols etc with a 1 chance of success in 22,000 years?? You must then find another way in by programmatically exploiting vulnerabilities of a running service.
The issues with hacking a box or infiltrating a network with already made scripts and tools is, these tools aren’t specific. They run a random search on the internet like clueless bots, searching which box is without firewall or weak passwords or that which has a particular vulnerability from a particular year (which must have been patched a long time ago). This is now when you build your own tools and malware, which won’t be a problem to you because you made it all the way to step 4.
Learn penetration testing tools and mess with them. Learn to use pen testing tools to scan for vulnerabilities. Exploit those vulnerabilities programmatically. For example, to gain superuser privileges, you can write an insecure program to trigger a buffer overflow, causing the memory to dump , allowing you to inject your code on a memory block as superuser on a target machine to gain superuser privileges. But this is just one in a billion possibilities. It all depends on the use case, the target machine and the vulnerabilities involved. Writing your own malware and viruses to give an advantage will determine on what you already know about the host Operating System, Network architecture, the vulnerabilities to be exploited and your purpose (payload).
That is it. You now notice this wasn’t “how to hack “ because that doesn’t exist. This is simply a GUIDE on LEARNING how to hack. It is simply the ability to keep up with latest vulnerabilities, tricks and ways to programmatically exploit those vulnerabilities in software and hardware. Subscribe to security news and mailing lists. Read everything about security and networks. A hack run (time to accomplish a successful hack) can be as long as 2 years or as short as a month. You have to be patient and learn to think. DON’T BE A BLACK HAT. Chances are you will be caught and there’s nothing cool about being a convict. Be a WHITE HAT. Help secure the internet. Break in to help, leave a note on victims machine telling how you got in and how to protect their machine more adequately. Get a job as a cybersecurity expert and only share your arcane knowledge to ONLY those worthy of it. Peace!
Top comments (0)