Getting Your Foot In The Door
Just about every day or two, people come to these forums and ask the same typical question; "Where do I begin?", "How do I do this?", "Will you help me do this?". To make it easier for aspiring hackers, I have decided to take my time and make this post, which will outline some of the many things that will help you along your journey. I use the word journey, because it is going to be one. Do not think of hacking as something that you are just going to learn over a day, a week, a month, or even years. If you are serious, take the time to read this post. Yes it is long, yes you may know some of it. Does it hurt you, no. Can you possibly gain something from this, yes. This is almost a test to see how much you are willing to learn. If you are not willing to read a lengthy topic regarding how to get your foot into the door, then do not bother trying to learn at all. What This Post Is And Is Not
The information in this is not a clear cut doorway to hacking, it merely sets the footprints that you can follow and hopefully divert away creating your own footsteps as a hacker. This post goes over the very basic fundamentals and ideology behind hacking.What is Hacking?
You need to understand that while hacking is a way of manipulating something in a way that it was not meant to, it is also a lifestyle. This lifestyle is one that you personally have to conform to. No one can do this for you; and believe me if we could, this world would be a much better place. Say for instance that some hacker sent you a program he created that could pretty much deface any website ever made by a zero day exploit, if you use this and deface 1,000,000 sites, does that really make you a hacker? The answer is no. Why is the answer no? Because, you have no understanding of how the program you are using works. To be able to understand, problem solve, create, take apart, and know what and how something is working, that is the skill set of a true hacker. If you made a program so easy to hack with that your grandmother could log onto your computer, press a button and "boom", a site gets defaced, that does not make her a hacker.The Hackers Lifestyle
So what is a typical hacker's lifestyle? Hackers whether black hat, white, or grey, all have the same drive in their mind. The drive they have is for that of knowledge, wisdom, and understanding. To know how something was created, and to be able to recreate it, or better yet, to be able to take that program that Bob Joe the information security guru made, break it down, learn it, and make it even better, that is the drive. If no one was able to hack into a program, or manipulate it, there would be no hackers, and there would never be any advancement in technology.
Where To Start
So now you want to know where to start? I can understand that some may feel lost, but all of you that ask this question, are somewhat on the right path. Let me explain... Hackers research, study, understand, recreate, and then learn. You showed some sort of research because you ended up on hts.org! So do you think posting a question on the forums saying, please help me hack a facebook account is going to give you any knowledge? No, hacking is one of a personal experience, and as said before a lifestyle that you must choose to carry out. What a hacker will do for upcoming and inspired hackers is to lead them into the right direction to gain the knowledge and understand, that may one day lead to them being able to hack a facebook account. Honestly, you can look on my user-profile here, there is a kid that asked me a while back "can you teach me to hack fb", most of the time with poor English, and ignorance. I am not trying to sound rude, as I know some people are foreign and have a hard time, but him asking me to show him how to 'hack a fb' shows his ignorance. The questions I would love to see more often, is ones like "I really enjoy hacking and learning new things. I was wondering if anyone had any knowledge of what I could learn to possibly push me towards the direction of being able to hack a facebook account". It doesn't take a genius to see the difference in the posts, and the big separation from ignorance, and being inspired to learn.What Hackers Will and Will Not Do
So in short, no, we will not take the time out of our day to fully go over something that we probably learned years ago if you show ignorance. Why would we, when we can be studying or working on a project far more advanced. As a hacker myself, I am more inspired looking at people who are willing to learn, who are devoted, and show signs of research before posting into the forums. To ask the question "Where do I start hacking" on these forums is pretty absurd, and sad that I need to post this on a hacking forum, just take a look at this link
I quote this as of Jan, 25th, 2013; "About 26,500,000 results" Twenty six million, five hundred thousand results, give or take! You mean to tell me that you could not get any information out of that? This is the problem with upcoming hackers. The education system teaches you everything, how to do this, how to do that. What they fail to teach you is creativity such as trying to find another way to do this, and to do that. With this lack of creativity, some upcoming hackers expect some sort of supreme person with knowledge, to tell them how it is done. The answer is in a lot of the 26 million websites on Google. So here I am saying that if you truly call yourself a hacker, or want to become one, do a little research; it is what we have done for years. The time it takes for someone on a forum to get back and post to you, you could have already had an answer from the information from many of the millions of different sites. We refuse to help people who will not first try and help themselves.
Now What Do You Do?
So other than researching, and living a hacking lifestyle, what do you need to do?
If you find yourself asking this question, you clearly have not learned enough or desired to, but in this post, I will make an exception and draw an outline. Now personally, your list may be different, and this comes down to personal preference, and what you want to do. There is a variety of fields involved with hacking, and choosing your option, is not something I need to do. Maybe you want to learn how to crack wifi or maybe deface a website for no fucking reason, but you realize in your learning experience that you are just flat out great at programming. You may then want to become a programmer. So in a summary, I can not choose your path for you, nor do I know which roads you will take after you start. Therefor, I can not and will not try to draw a logical field for you to start in.Make The Switch
So to start this off, I will be very blunt on this, and will be regarding most of the things you need based on this. Switch to Linux! Windows just will not do the job as efficiently as Linux can. If you must, at least dual boot or install a USB/CD based Linux os. Why Linux? Linux is free, open source, comes with many installed tools needed for programming out of the box, updates are more frequent/faster, has less of a user population, and can be highly customized. If you are not sure why that is important, just save me the time of typing out the endless benefits of Linux versus other operating systems, and thank me in the future when you are less ignorant on the subject. As a side note, I am not at all familiar with Mac's, but I know they can be highly efficient as well. I say this after seeing many spokesman from Defcon presenting incredible projects using a Mac os, and it made it obvious to me that they can be optimized for hacking.A Question To Ask Yourself
So next you need to know what fields drive you to want to learn. What do you want to understand? What do you want to know how to do? What will inspire you to keep learning, and not to give up? Make an outline if you must, and ask yourself simple questions, and you are on your way to becoming a hacker already.
Here is a list of some of the main hacking categories:
- Website & Forum Hacking
- Reverse Engineering
- Bot-nets & Virus
- Social Engineer
- PhreakingKali Linux
- The quieter you are, the more you are able to hear. (Rebirth?)
Luckily for you, there is a free Linux system designed for these specific tasks. It's called Kali Linux, which is a branch off of Backtrack, and will prove helpful to you. As of now, the latest release is Kali Linux 1.0. You can click on this link
to download the operating system. It comes with hundreds of hacking tools installed on the operating system already, and has been optimized for the greatest hacking capabilities for any Linux distribution out of the box. In Kali Linux, you will find everything you can imagine from website hacking, reverse engineering, cryptography, to social engineering. I highly recommend you download the os, and get familiar with it, and a little advice for anyone that will be new to Linux, or installing Kali:
- Do not use Kali if you are unfamiliar with Linux, use an easier distribution first, such as Ubuntu
- Do not run as root! If you are using Kali you should know what you are doing, but if you are still learning, how to *nix, do not run as root!
- If you have questions, about the os or issues, refer to the Kali Linux Forums
! The people who made the product are the people with the best intentions and capability to help you, not others.
Once you have Kali Linux, it is up to you where your experience will take you. I recommend learning how the tools work by researching, and not posting before so.Testing Your Skills Legally
Hackthissite in my opinion is one of the most fun ways to practice your hacking skills. As you know, there are the forums and a large community at hand to help you in times of trouble, and to point you in the right direction if you are stuck. One of the best things about hts is that it takes no configuration to set up a pentesting environment.
I recommend you to dive into the plethora of challenges offered here!
- Damn Vulnerable Web App
DVWA is a free PHP/MySQL web application you can download, and easily set up. The application has several ranges of exploit types to play with (SQLi, XSS, XSRF, Bruteforce, etc), and allows you to change the difficulty of each attack with three options: low, medium, and high. Installation Instructions
If you have any problems and can't find a solution, get on IRC and join channel #coffeesh0p for assistance.
3. Metasploitable This pretty much covers it,
thanks to limdis for bringing it to life.
Similar in concept to metasploitable, with a vast range of different vulnerable virtual machines. Here
is some cool stuff to read about creating a pentesting lab.Other Useful Things
Other things I recommend would be to learn about how to become more anonymous and hidden, this is essential in today’s world. Be well in mathematics and algorithms. Also, if someone asks you, where do I start? Tell them, and try to help. That is the problem we have in this world, so much creativity and imagination shut down because of their delusion of a education system that teaches one way problems and one way solutions, and the lack of free knowledge spread for the advancement in hacking and society in general. Nothing can evolve without change, make the change, and watch the evolution unfold, that is the beauty.Other Pentesting EnvironmentsBlackboxPentooSamuraiNodeZero