A Hackers Beginner Guide

A place where newbies can post without (much) fear of reprisal. All mission posts should still go in the applicable forum.
Forum rules
Older HTS users: Be nice to the new people.

NEW USERS: This is NOT the place to post about missions! Refer to "Missions" category.

A Hackers Beginner Guide

Post by -Ninjex- on Sat Jan 26, 2013 1:33 am
([msg=72659]see A Hackers Beginner Guide[/msg])

Getting Your Foot In The Door
Just about every day or two, people come to these forums and ask the same typical question; "Where do I begin?", "How do I do this?", "Will you help me do this?". To make it easier for aspiring hackers, I have decided to take my time and make this post, which will outline some of the many things that will help you along your journey. I use the word journey, because it is going to be one. Do not think of hacking as something that you are just going to learn over a day, a week, a month, or even years. If you are serious, take the time to read this post. Yes it is long, yes you may know some of it. Does it hurt you, no. Can you possibly gain something from this, yes. This is almost a test to see how much you are willing to learn. If you are not willing to read a lengthy topic regarding how to get your foot into the door, then do not bother trying to learn at all.

What This Post Is And Is Not
The information in this is not a clear cut doorway to hacking, it merely sets the footprints that you can follow and hopefully divert away creating your own footsteps as a hacker. This post goes over the very basic fundamentals and ideology behind hacking.

What is Hacking?
You need to understand that while hacking is a way of manipulating something in a way that it was not meant to, it is also a lifestyle. This lifestyle is one that you personally have to conform to. No one can do this for you; and believe me if we could, this world would be a much better place. Say for instance that some hacker sent you a program he created that could pretty much deface any website ever made by a zero day exploit, if you use this and deface 1,000,000 sites, does that really make you a hacker? The answer is no. Why is the answer no? Because, you have no understanding of how the program you are using works. To be able to understand, problem solve, create, take apart, and know what and how something is working, that is the skill set of a true hacker. If you made a program so easy to hack with that your grandmother could log onto your computer, press a button and "boom", a site gets defaced, that does not make her a hacker.

The Hackers Lifestyle
So what is a typical hacker's lifestyle? Hackers whether black hat, white, or grey, all have the same drive in their mind. The drive they have is for that of knowledge, wisdom, and understanding. To know how something was created, and to be able to recreate it, or better yet, to be able to take that program that Bob Joe the information security guru made, break it down, learn it, and make it even better, that is the drive. If no one was able to hack into a program, or manipulate it, there would be no hackers, and there would never be any advancement in technology.

Where To Start

So now you want to know where to start? I can understand that some may feel lost, but all of you that ask this question, are somewhat on the right path. Let me explain... Hackers research, study, understand, recreate, and then learn. You showed some sort of research because you ended up on hts.org! So do you think posting a question on the forums saying, please help me hack a facebook account is going to give you any knowledge? No, hacking is one of a personal experience, and as said before a lifestyle that you must choose to carry out. What a hacker will do for upcoming and inspired hackers is to lead them into the right direction to gain the knowledge and understand, that may one day lead to them being able to hack a facebook account. Honestly, you can look on my user-profile here, there is a kid that asked me a while back "can you teach me to hack fb", most of the time with poor English, and ignorance. I am not trying to sound rude, as I know some people are foreign and have a hard time, but him asking me to show him how to 'hack a fb' shows his ignorance. The questions I would love to see more often, is ones like "I really enjoy hacking and learning new things. I was wondering if anyone had any knowledge of what I could learn to possibly push me towards the direction of being able to hack a facebook account". It doesn't take a genius to see the difference in the posts, and the big separation from ignorance, and being inspired to learn.

What Hackers Will and Will Not Do
So in short, no, we will not take the time out of our day to fully go over something that we probably learned years ago if you show ignorance. Why would we, when we can be studying or working on a project far more advanced. As a hacker myself, I am more inspired looking at people who are willing to learn, who are devoted, and show signs of research before posting into the forums. To ask the question "Where do I start hacking" on these forums is pretty absurd, and sad that I need to post this on a hacking forum, just take a look at this link I quote this as of Jan, 25th, 2013; "About 26,500,000 results" Twenty six million, five hundred thousand results, give or take! You mean to tell me that you could not get any information out of that? This is the problem with upcoming hackers. The education system teaches you everything, how to do this, how to do that. What they fail to teach you is creativity such as trying to find another way to do this, and to do that. With this lack of creativity, some upcoming hackers expect some sort of supreme person with knowledge, to tell them how it is done. The answer is in a lot of the 26 million websites on Google. So here I am saying that if you truly call yourself a hacker, or want to become one, do a little research; it is what we have done for years. The time it takes for someone on a forum to get back and post to you, you could have already had an answer from the information from many of the millions of different sites. We refuse to help people who will not first try and help themselves.

Now What Do You Do?

So other than researching, and living a hacking lifestyle, what do you need to do?
If you find yourself asking this question, you clearly have not learned enough or desired to, but in this post, I will make an exception and draw an outline. Now personally, your list may be different, and this comes down to personal preference, and what you want to do. There is a variety of fields involved with hacking, and choosing your option, is not something I need to do. Maybe you want to learn how to crack wifi or maybe deface a website for no fucking reason, but you realize in your learning experience that you are just flat out great at programming. You may then want to become a programmer. So in a summary, I can not choose your path for you, nor do I know which roads you will take after you start. Therefor, I can not and will not try to draw a logical field for you to start in.

Make The Switch
So to start this off, I will be very blunt on this, and will be regarding most of the things you need based on this. Switch to Linux! Windows just will not do the job as efficiently as Linux can. If you must, at least dual boot or install a USB/CD based Linux os. Why Linux? Linux is free, open source, comes with many installed tools needed for programming out of the box, updates are more frequent/faster, has less of a user population, and can be highly customized. If you are not sure why that is important, just save me the time of typing out the endless benefits of Linux versus other operating systems, and thank me in the future when you are less ignorant on the subject. As a side note, I am not at all familiar with Mac's, but I know they can be highly efficient as well. I say this after seeing many spokesman from Defcon presenting incredible projects using a Mac os, and it made it obvious to me that they can be optimized for hacking.

A Question To Ask Yourself
So next you need to know what fields drive you to want to learn. What do you want to understand? What do you want to know how to do? What will inspire you to keep learning, and not to give up? Make an outline if you must, and ask yourself simple questions, and you are on your way to becoming a hacker already.
Here is a list of some of the main hacking categories:

- Website & Forum Hacking
- Pen-testing
- Forensics
- Reverse Engineering
- Cryptography
- Bot-nets & Virus
- Social Engineer
- Phreaking

Kali Linux - The quieter you are, the more you are able to hear. (Rebirth?)
Luckily for you, there is a free Linux system designed for these specific tasks. It's called Kali Linux, which is a branch off of Backtrack, and will prove helpful to you. As of now, the latest release is Kali Linux 1.0. You can click on this link to download the operating system. It comes with hundreds of hacking tools installed on the operating system already, and has been optimized for the greatest hacking capabilities for any Linux distribution out of the box. In Kali Linux, you will find everything you can imagine from website hacking, reverse engineering, cryptography, to social engineering. I highly recommend you download the os, and get familiar with it, and a little advice for anyone that will be new to Linux, or installing Kali:
- Do not use Kali if you are unfamiliar with Linux, use an easier distribution first, such as Ubuntu
- Do not run as root! If you are using Kali you should know what you are doing, but if you are still learning, how to *nix, do not run as root!
- If you have questions, about the os or issues, refer to the Kali Linux Forums! The people who made the product are the people with the best intentions and capability to help you, not others.

Once you have Kali Linux, it is up to you where your experience will take you. I recommend learning how the tools work by researching, and not posting before so.

Testing Your Skills Legally
1. Hackthissite.org
Hackthissite in my opinion is one of the most fun ways to practice your hacking skills. As you know, there are the forums and a large community at hand to help you in times of trouble, and to point you in the right direction if you are stuck. One of the best things about hts is that it takes no configuration to set up a pentesting environment.
I recommend you to dive into the plethora of challenges offered here!

2. DVWA - Damn Vulnerable Web App
DVWA is a free PHP/MySQL web application you can download, and easily set up. The application has several ranges of exploit types to play with (SQLi, XSS, XSRF, Bruteforce, etc), and allows you to change the difficulty of each attack with three options: low, medium, and high.
Installation Instructions
If you have any problems and can't find a solution, get on IRC and join channel #coffeesh0p for assistance.

3. Metasploitable
This pretty much covers it, thanks to limdis for bringing it to life.

4. Vulnhub
Similar in concept to metasploitable, with a vast range of different vulnerable virtual machines.
Here is some cool stuff to read about creating a pentesting lab.

Other Useful Things
Other things I recommend would be to learn about how to become more anonymous and hidden, this is essential in today’s world. Be well in mathematics and algorithms. Also, if someone asks you, where do I start? Tell them, and try to help. That is the problem we have in this world, so much creativity and imagination shut down because of their delusion of a education system that teaches one way problems and one way solutions, and the lack of free knowledge spread for the advancement in hacking and society in general. Nothing can evolve without change, make the change, and watch the evolution unfold, that is the beauty.

Other Pentesting Environments
Blackbox
Pentoo
Samurai
NodeZero
Last edited by -Ninjex- on Sat Jul 26, 2014 2:25 pm, edited 6 times in total.
If you're not willing to learn, no one can help you. If you're determined to learn, no one can stop you.⠠⠵
The absence of evidence is not evidence of absence.
I can explain it for you, but I can't understand it for you.
User avatar
-Ninjex-
Addict
Addict
 
Posts: 1237
Joined: Sun Sep 02, 2012 8:02 pm
Blog: View Blog (0)


Re: A Hackers Beginner Guide

Post by madsmaks on Sat Jan 26, 2013 12:27 pm
([msg=72663]see Re: A Hackers Beginner Guide[/msg])

Excellent post, Ninjex.

I really hope it does stop people asking the same questions over and over again.

I do wonder though if it's possible to learn to be a hacker if you don't already have the hacker mentality - the desire to really learn how stuff works and understand it fully.

I suspect that a lot of people that visit this site will think that hacking is just about breaking into computers and networks but it is so much more than that.
madsmaks
New User
New User
 
Posts: 4
Joined: Sun Jan 13, 2013 4:13 pm
Blog: View Blog (0)


Re: A Hackers Beginner Guide

Post by -Ninjex- on Sat Jan 26, 2013 12:39 pm
([msg=72664]see Re: A Hackers Beginner Guide[/msg])

madsmaks wrote:Excellent post, Ninjex.

I really hope it does stop people asking the same questions over and over again.

I do wonder though if it's possible to learn to be a hacker if you don't already have the hacker mentality - the desire to really learn how stuff works and understand it fully.

I suspect that a lot of people that visit this site will think that hacking is just about breaking into computers and networks but it is so much more than that.


Thank you for taking the time to read and post on this. I as well hope that this will stop people from asking, but I know it will not. I can at least just reference them to this link.
For your question, my personal opinion would be that you can not conform a man/woman to a hacker's lifestyle, he/she must do that alone. I also believe that person would have never of had the drive to obtain the skillset of a hacker, if they are not using a hacker's mentality, and if he/she has the knowledge to perform like one.
If you're not willing to learn, no one can help you. If you're determined to learn, no one can stop you.⠠⠵
The absence of evidence is not evidence of absence.
I can explain it for you, but I can't understand it for you.
User avatar
-Ninjex-
Addict
Addict
 
Posts: 1237
Joined: Sun Sep 02, 2012 8:02 pm
Blog: View Blog (0)


Re: A Hackers Beginner Guide

Post by limdis on Sat Jan 26, 2013 12:58 pm
([msg=72666]see Re: A Hackers Beginner Guide[/msg])

+1, great read
"The quieter you become, the more you are able to hear..."
"Drink all the booze, hack all the things."
User avatar
limdis
Moderator
Moderator
 
Posts: 1319
Joined: Mon Jun 28, 2010 5:45 pm
Blog: View Blog (0)


Re: A Hackers Beginner Guide

Post by fashizzlepop on Sat Jan 26, 2013 3:22 pm
([msg=72670]see Re: A Hackers Beginner Guide[/msg])

I stickied this and moved it to the NZone and left a shadow in Genera. TThis will now be my go to post for noon questions.
The glass is neither half-full nor half-empty; it's merely twice as big as it needs to be.
User avatar
fashizzlepop
Developer
Developer
 
Posts: 2303
Joined: Sat May 24, 2008 1:20 pm
Blog: View Blog (0)


Re: A Hackers Beginner Guide

Post by corbonium on Sat Jan 26, 2013 4:21 pm
([msg=72675]see Re: A Hackers Beginner Guide[/msg])

A good read, indeed. I've already taken a lot of steps mentioned in this guide. I've put up a dual-boot xp/ubuntu box on a secondary PC, and made good strides learning html, javascript, and php on w3schools with a xampp server. Somehow I don't yet feel any wiser, or adept at hacking. I intend to keep going, but how long is this gonna take before I start feeling like I've made progress towards being able to exploit weaknesses and find loopholes in systems?

Haven't started using BT yet, maybe this is the missing link? I've been avoiding it because I really feel like I'm going to end up as a script kiddie if I just start using premade tools.
corbonium
New User
New User
 
Posts: 15
Joined: Wed Jan 02, 2013 8:11 pm
Blog: View Blog (0)


Re: A Hackers Beginner Guide

Post by limdis on Sat Jan 26, 2013 4:24 pm
([msg=72676]see Re: A Hackers Beginner Guide[/msg])

corbonium wrote:I really feel like I'm going to end up as a script kiddie if I just start using premade tools.

There is nothing wrong with using tools. As long as you know what's going on. Anyone can youtube a 2 min guide to hacking WEP encrypted networks using the aircrack-ng suite. But do you really know what you are doing when you execute these commands? This is the difference between a skiddie and someone in the pursuit of bettering their skills and understanding.
"The quieter you become, the more you are able to hear..."
"Drink all the booze, hack all the things."
User avatar
limdis
Moderator
Moderator
 
Posts: 1319
Joined: Mon Jun 28, 2010 5:45 pm
Blog: View Blog (0)


Re: A Hackers Beginner Guide

Post by fashizzlepop on Sat Jan 26, 2013 4:27 pm
([msg=72677]see Re: A Hackers Beginner Guide[/msg])

corbonium wrote:Haven't started using BT yet, maybe this is the missing link? I've been avoiding it because I really feel like I'm going to end up as a script kiddie if I just start using premade tools.

BT's not going to help much at your level. Keep learning, building stuff, and working on some of these missions. These missions might not pertain directly to what you are hoping to learn but they will force you to research and test out various things.
The glass is neither half-full nor half-empty; it's merely twice as big as it needs to be.
User avatar
fashizzlepop
Developer
Developer
 
Posts: 2303
Joined: Sat May 24, 2008 1:20 pm
Blog: View Blog (0)


Re: A Hackers Beginner Guide

Post by -Ninjex- on Sat Jan 26, 2013 7:23 pm
([msg=72683]see Re: A Hackers Beginner Guide[/msg])

Limdis, thank you for reading up on the post, and I am glad you enjoyed it!
Fas, if you fixed my title, thanks for that, as well as making it a sticky!

Now,
corbonium wrote:A good read, indeed. I've already taken a lot of steps mentioned in this guide. I've put up a dual-boot xp/ubuntu box on a secondary PC, and made good strides learning html, javascript, and php on w3schools with a xampp server. Somehow I don't yet feel any wiser, or adept at hacking. I intend to keep going, but how long is this gonna take before I start feeling like I've made progress towards being able to exploit weaknesses and find loopholes in systems?

Haven't started using BT yet, maybe this is the missing link? I've been avoiding it because I really feel like I'm going to end up as a script kiddie if I just start using premade tools.


I can not tell you how long it will be until you feel like you are any wiser on the subject, that is totally based on your feelings, and how much you are striving to advance. I believe you are smarter than the average noob that comes around, as you have shown research, as well as a push towards your goal(s). If you keep the right mindset, as well as learning, you will be fine. Stop worrying about time, and worry about learning, the rest will unfold.

For the BT5 as Limdis pointed out, it is not using a tool that makes you a skid. If you use a tool without understanding the mechanics behind it, that will make you a skid. I highly recommend that with your mindset and goals, that you go ahead and try out BT5.
If you're not willing to learn, no one can help you. If you're determined to learn, no one can stop you.⠠⠵
The absence of evidence is not evidence of absence.
I can explain it for you, but I can't understand it for you.
User avatar
-Ninjex-
Addict
Addict
 
Posts: 1237
Joined: Sun Sep 02, 2012 8:02 pm
Blog: View Blog (0)


Re: A Hackers Beginner Guide

Post by 3vilp4wn on Sun Feb 10, 2013 2:12 am
([msg=73613]see Re: A Hackers Beginner Guide[/msg])

Great post!

But I'm curious what counts as "experience" with linux.

I've tried ubuntu and debian, and can figure out how to do most things with the internet and the commands "man", "help", and "info". I know my way around the filesystem (It makes so much more sense than the windows one! :D ), and I know a bit about file permissions. Do I count as experienced?

And also, why not use BT as your main distro?

Thanks,
3vilp4wn
Do not mistake understanding for realization, and do not mistake realization for liberation
Evil Ninja Hackers
???
٩(͡๏̯͡๏)۶

1A4EAMboaXpgvUSmtRbVRqbfJrbyuGhyoo
User avatar
3vilp4wn
Poster
Poster
 
Posts: 144
Joined: Sun Feb 10, 2013 2:05 am
Location: The darkness.
Blog: View Blog (0)


Next

Return to NZone

Who is online

Users browsing this forum: No registered users and 0 guests