a consensus on the "best" way to learn?

[nasgold]

Hey everyone,

Sorry for the amazingly broad subject line... let me add some specificity:

I'm relatively new to HTS (this account is my second) and fairly quickly went through the basic missions after creating this new account. I'm studying computer engineering and economics at college right now, and I'm slowly amassing some basis of computer knowledge (I know a bit of C, some C++, fool around with UNIX commands in Terminal, etc.) and will be taking classes on C++ and computer networks this coming fall.

My problem and reason for posting in this forum is this: Going through the basic missions I feel that I am learning and getting little bits of information regarding different languages and methods that are fairly practical, yet I still feel lost when it comes to the bigger picture. I feel like I am learning bits and pieces of practical information before I have any real foundation of hacking/computer programming knowledge. Is this normal? In some cases learning this way has worked out for me, but never with so vast and complex a topic. And if this isn't normal, what can I do to get some base of hacking, computer network, and computer programming knowledge without jumping into the practical side of things? Currently when it comes to programming, I'm the guy who can make some code using Aquamacs and run it in Terminal yet I don't truly understand those tools or how they function and would be lost if my settings were changed in the slightest. I don't want a similar type of fragility or lack of big picture knowledge when it comes to hacking.

Sorry for the long post, I'm just frustrated trying to read Wikipedia articles where I understand less than half the topics mentioned and following links for hours on end. Any advice from more experienced programmers and hackers would be much appreciated.

Thanks in advance.

[cyberdrain]

First off: I won't call myself experienced or knowledgeable. I always found the best way to learn is to do what you think is right for you. Learn by doing also applies to learning itself.

The challenges don't give you everything you need to learn about a certain language, as you've probably found out already. The way they work is to teach a way of thinking. Learning to code for example, will only be a means to an end. You'll have to learn what to do with that knowledge and how it applies to a problem. You can learn that something works in a given situation, but why that works is way more important.

Edit: There really is no consensus or best way.

[WallShadow]

My problem and reason for posting in this forum is this: Going through the basic missions I feel that I am learning and getting little bits of information regarding different languages and methods that are fairly practical, yet I still feel lost when it comes to the bigger picture. I feel like I am learning bits and pieces of practical information before I have any real foundation of hacking/computer programming knowledge. Is this normal?



I'm just frustrated trying to read Wikipedia articles where I understand less than half the topics mentioned and following links for hours on end.

Hello nasgold,

To make things clear, you're on the right track. Gathering bits and pieces of information is exactly the way this is supposed to work. Keep on learning, and eventually you'll get where you want to be. Hacking isn't something that you can learn overnight in a cram session. Hacking is the knowledge of how programs work and the creativity to make the programs do something that they weren't designed for. The hacker mentality isn't something that you can write down in a book or force feed into a student's brain. It's something that you learn for yourself from those bits and pieces you collect.

And another tip, wikipedia isn't the place to learn about XSS or JS injection. google it for yourself and find some good reports, analysis, and tutorials of how and why it works. Wikipedia works by a policy of 'we teach you what meth is and what a meth lab is, but not how to make a meth lab or how to cook meth'. Copy and paste for everything that can be considered shady or illegal.

-WallShadow <3

[nasgold]

Thanks cyberdrain and WallShadow for the replies. That the site is also about helping one to develop the hacker mentality in addition to the technical skills is a helpful point. I'm still a bit curious though as I feel my original (poorly articulated) question isn't 100% answered, and I think I've come up with a better and more concise way of asking it.

Should I really be looking up SSI and SQL injections and pseudo using them in missions when I'm unsure as to the basics of how a web page is hosted, what specifically defines a virtual network, and similarly pervasive concepts? Will that basic conceptual understanding of the big picture come in time after working with the details or are those concepts ones that I should get down pat before moving on and attempting to learn and apply specific practical knowledge?

Maybe not tooo much more concise (sorry) but I still think a little more clear. Also I do realize these questions won't have a single correct answer and so I would appreciate answers from personal experience about what works best. Again, thanks for the replies and thanks in advance for any more.

[WallShadow]

What I recommend doing is just knowing that it exists and that it works some how, and when you will need it, you will learn it. If a mission or something else requires that you know SQL injection, go learn SQL injection. Once you've done enough SQL injection, your understanding of how it works will come naturally to you. If you feel like you are just solved the mission by guessing, then go through it and figure out why your answer worked. If you want even more practice with SQL injection, go ahead and set up your own free sub-domain somewhere, put a few pages which play around with SQL, and see what comes out of it. I remember that the source code for this site is laying around here somewhere.

-WallShadow <3

[cyberdrain]

I have to agree with WallShadow; in order to subvert a system, you don't have to know the inner workings. Knowing only what SQL injection is, will help you attack a web-application vulnerable to it. But when you can use the SQL injection to get more information about the server (for example) and you determine that the OS running is not patched properly and thus vulnerable to a certain exploit, you have an additional vector for attack. You wouldn't have known that if you hadn't had the knowledge of exploits or weaknesses of the underlying system. So to answer your question: yes, knowing more about how systems work, will help understanding and can help you where you would otherwise fail. However: you don't necessarily need that knowledge to be able to attack. An SQL injection in itself can subvert a system, without having to worry about the underlying OS.

For me it works best if I know how the underlying system gets a webpage on my machine and the bits and pieces working together to make that happen. But that can be overwhelming (Apache, servers, ports, DNS, URL, IP addresses, routing, packets, POST/GET requests, etc.), that's why you should start slowly. Judging by your reaction, you already know what you want as an answer ("Should I really be...") But then again, you should give yourself time to learn parts before getting to the bigger picture, just as WallShadow said.

[nasgold]

Haha, yes I guess that certainly was a leading question. Anyways, thank you to both of you for the advice! Much appreciated.

[cyberdrain]

Sure, anytime. I see you already have the basics down. Good luck with the learning experience and the rest