How does one learn to hack? Not getting passed your school firewall or DDoSing a stream streamer. But actually learning about system vulnerabilities?
Why do I want to know this? To be edgy and threaten people online? No, I just feel like it's probably a good idea to understand it myself to prevent it happening to me. I figure it's also a good skill to have at the very least.
>>54575078
wargaming, understanding core osi concepts, how services interact with eachother and of course practice. Also the term ethical hacking is bullshit, the only reason anyone wants to learn it is to actually use it.
>>54575078
>I just feel like it's probably a good idea to understand it myself to prevent it happening to me.
Yet you willingly install Windows and Chrome?
>>54575293
Sure just because I clearly do not fully realize their insecurities. Also, linux is great for dev but shit at entertaining me :P (TuxCart is still my shit tho)
>>54575078
google "how to open command promp" and "windows cheat codes"
>>54575340
How old are you?
>>54575351
while you're at it, set your terminal to green on black, that will raise your hacking skill by 17.
>>54575287
>the only reason anyone wants to learn it is to actually use it.
I started "hacking" by adding extra lives to C64 games.
>>54575351
This is the exact answer I was trying to avoid. It's a difficult subject to learn because nobody ever seems to take the question seriously.
If someone asked how they could learn calculus, few people would sarcastically remark "buy a calculator".
>>54575399
You're asking in the wrong place, a large majority of the people here are still tech illiterate, they're just shut in/anti social people who watch anime and rice destops or are generic windows users that have been redirected from other boards.
If you're serious about it seek out a forum or community that actively engages in the subject.
>>54575393
yeah same here dude, I'm probably a bit younger than you but for me it was using cheat engine on flash games.
>>54575433
Thank you, that is actually a solid answer.
>>54575078
I'll tell you what I tell everyone who wants to know about hacking.
There is nothing called 'hacking' or hacker.
There is nothing called learning hacking either, hacking as we know it is the pure collective application of knowledge. The knowledge here being talked about here is
>knowing your way through a shell
>knowing C, maybe even Python
>knowing socket programming in both the languages
>(optional) knowing how to make packets manually
>knowing cryptography basics at the least
>knowing how permissions work in UNIX, Linux and windows
>knowing common computer problems like buffer overflow, memory leakage etc
That's fucking it
If you can learn all of these you will realize that "hacking" isn't that big of a deal, it's just finding mistakes in others programs and using them for whatever you want to. When you learn all these, you will begin to see these mistakes in others source code just by looking
>>54575486
>That's fucking it
you forgot "trying 20000 different exploits blindly until you find one that works"
>>54575486
this is the correct answer, I was too lazy to write it all out.
Listen up OP. Computers are systems. Systems have rules. Study the rules and make them work to your advantage
>>54575381
>Le only children like games argument.reddit
Only children abscond from what they perceive as 'childish acts' because they want to be an adult. Adults who have realised it doesn't matter what entertains them as long as they're happy (and preferably not hurting others) are the truly mature.
>>54575486
You skipped over the social engineering aspect too, which in itself can also as indepth as the machine hacking perspective.
>>54575078
learn social engineering and hacking society. far more effective than hacking computer if you want to be ethical.
if you really want to hack computers learn reverse engineering, disassembly, networking, all those iso/osi layers, routing, http(s), java script, SQL, every web framework possible (their enviroments, deployment with them, generally their architecture)
if you know all this by heart... social engineering will be more effective, still.
>>54575500
Oh about that
There best way to find exploits is surprisingly simple, you just have to Google "[program name] [program version] exploits", then a billion websites will pop up, each with a huge list of exploits for that software version, and maybe even an example implementation if you're lucky
Its that simple
You can find the server program name and version simply by connecting to them.
>>54575529
I don't know anything about social engineering because I obviously don't do anything for illegal purposes or even with a specific target. I just try to find cool networks and learn about them. That's pretty much it.
You learn how things work and then you learn how to break them.
>>54575610
I only responded at all because of the implied 'games are for children ONLY' which is rampant from Linux ricing anime watching faggots on /g/ who think their hobbies are somehow better than everyone else's (yes its fair to say they're faggots, but I'm saying that because the elitism).
If the post was purely meant to be about the use of a smiley, then I take it back.
>>54575569
this just use exploit-db or 0day to get your exploits or at least inspiration, some fixed exploits can still be used if modified slightly.
first step kill yourself
>>54575078
Starts at FreeCST.com
>>54575486
>knowing how to make packets manually
How do you do this? Seriously, I can never find any good sources on this. It's always just MS word vids telling you to download there "hacker" program.
>>54575469
leddit and openrce.org, read old phrack articles, spend lots of time with books on debugging and reverse engineering and model based fuzz testing. you need to know cpu architecture basics, os internals, compiler design, c/c++/asm, network protocol basics, security software technologies, the attacker kill chain, metasploit, digital forensics basics and then check out ptes. you might want to start with ptes and look at what that is before you even start researching the rest.
>>54575500
NESSUS AND NMAP
>>54575529
art of human hacking by hadnagy is a good start
>>54575996
nMap is a good tool helps find services that are running from their you need to do a bit of research to find out if their are any known vulnerabilities in that service and then look into how to exploit it or find an exploit online for that service.
Social Engineering can be useful also finding a weak link to your target could help get you in most females are good to target guys on the other hand can be tricky.
>>54576108
there are various web fingerprinting tools out there so you can find out if they run common web software on public servers and you can search job listings like monster or linkedin profiles to get an idea of what software they run.
>Learn UNIX & GNU/Linux
>To be a security expert you have to be and expert in operating systems
>Learn networking
>Join a CTF team
>Realize that hacking is a learning experience
>You can spend 10, 20 even 30 years hacking and it's still the tip of the iceberg. There's always going to be some field that you need more work in. For example you forte might be networking but your programming and reverse engineering skills are shit.
>>54576344
this. specialize in something like web sec, networking, exploits, rootkits, social engineering, botnet herding or physical. then gather skills as you work.
>>54575078
I remember being like you
Books:
>Managed Code Rootkits
>Web Application Obfuscation, this is an especially fun one
>SQL Injection Attacks and Defense
>A Guide to Kernel Exploitation: Attacking the Core
>A Bug Hunter's Diary
>BIOS Disassembly Ninjitsu Uncovered
>Hacking the Art of Eexploitation, am good beginning book
>Practical Malware Analysis
>Reverse Engineering for Beginners
>The Art of Software Security Assessment - Identifying and Preventing Software Vulnerabilities
>The Database Hacker's Handbook
>The Shellcoder's Handbook
>The Web Application Hacker's Handbook
wargames:
>smashthestack.org
>overthewire.org
other:
>read about Grsecurity and the vulns it prevents
>phrack.org
>all of the shit about Cisco IOS rootkits
>understand that every protocol is dated and broken
My first advice would be to ignore the advice here.
Learn C, assembly, how to write shellcode, and a scripting language of your choice.
Download an older distribution or application, look at old vulnerabilities for it.
Replicate how they did it. Find other bugs yourself and then look at how other people did it.
Along the way you'll find the necessary tools you'll need.
If you just want to be someone who can read a book and think you're amazing then you're going to be disappointed.
No one will really teach you how to find vulnerabilities, not even people who charge others lots of money. You really need to go out first and look at it yourself.
>>54578444
>My first advice would be to ignore the advice here
>Proceeded to list advice here
Other than that fuck up; its solid advice.
>>54575078
sign up for cybrary.it.
take the com+ net+ and sec+ courses in that order.
after that take any programming or advanced security courses and you pretty much got anything you wanna know.
after that its practice and experience.
reminder though.
taking any security related courses is bound to land you on some government lists as potential threat. but everyone working in the security industry is pretty much content with that.
Certified Ethical Hackling Might be a good place to start learning.
Search KAT or PB for CEH or certified ethical hacker. Theres some really really good ebooks on there.
According to the internet. I would never pirate material, honest FBI agents.
>>54576452
I just copy pasted this to one note. It copies the font colour and even teh background color. What?
>>54575078
Fuck ethical hacking, cybercrime pays way better
>install gentoo
>open chrome
>ctrl-alt t
>"top"
>u hack the matrix
>>54576452
Whoa. Didn't know Phrack was back up. Thanks.
Or maybe it was another site that went down for some time.
>>54575078
To learn how to take things apart or exploiting them is basically learning how to build them and then applying that knowledge a different way.
Go learn networking and programming.
>>54579464
#antisec
>>54575399
>If someone asked how they could learn calculus, few people would sarcastically remark "buy a calculator".
Right, I would tell you to buy a calculus book.
Kind of related.
Let's say there is a chat service, any chat service (Facebook chat, kik, WhatsApp, anything), it's possible to write a bot to connect to it and post, right?
I'm pretty sure this is done by getting the server ip and port, connecting to it via socket or websocket, and then sending certain information like "user: anon" etc.
But how do I find out all those things? Especially if the data is encrypted?
>>54575486
>C is mandatory because you actually want to understand your exploits
>perl / bash / python
>extensive unix / linux / windows and networking knowledge SMB, CIFS, NFS
>firewalls, routers, managed switches
>know how to debug a process
>your bible is TCP/IP-Handbook
>WiFi-Security WPA / WPA2, Radius etc.
>XSS, JS, HTML godlevel
>Databases SQL, NoSQL, P/L, DB2
That pretty sums it up. You need deep knowledge about the inner working of protocols and services. Reverse engineering skills are a must.
Social eng can save you a lot time.
>>54579445
>one note
>has no idea about styling
why you browse /g/ ?
>>54575078
>hacucking ;^)
>>54581265
>using the smiley with a carat nose
>>54581290
>carat nose instead of up arrow
>>54575979
I second this request.
The easiest way now is looking for info on the tools or a random video.
Pls halp
>>54575078
reddit is a great source for that
>>54581659
Third this
I cant ever find anything on it
Either the info is in some obscure fat UNIX manual, or some Russian website with undocumented code
>>54581659
>>54582910
>>54575979
Here it is faggots
https://en.wikipedia.org/wiki/Transmission_Control_Protocol#TCP_segment_structure
Social engineering
>engineering
>>54575610
THIS NIGGER GETS IT
>>54575078
Related: http://pastebin.com/raw/0SNSvyjJ
>>54575078
god you're such a pathetic piece of shit. learn to program and if you git gud you might start to understand what hacking is. faggot.
