How to get better without doing anything illegal?
I'm very interested in hacking, and I know quite a bit, but I want to know how to get better without doing anything illegal. I use to do illegal stuff for fun like defacing sites, but when I got suspended from school last year for this kind of stuff, I realized that there is no point in doing anything illegal. I still want to learn more, but I've heard that it is illegal to hack into a site, even if you do no damage what so ever. And yes, I realize there are hacking challenges, but the fun of hacking is exploring security and all that, but it is hard when everything is illegal :\
So does anyone have advice?
meh I-O-W-A has a good point… but basically anything you do outside of the walls of our little safe haven is gonna get you into trouble… Even if your being a good little 'white hat' and just telling the admin of a site that he has a hole in his security… youre probably gonna get boned in the end due to the stereotypes that have been placed against us…
Due to all the new laws that the US is issuing about the net and against 'hacking' pretty much anytime you get access to something your not supposed to have is going to get you into a lot of trouble… but yea thats why we're supposed to be the 'underground' ^_-
The most advise i can give you is Dont Get Caught doing something skiddish and try to improve the name of the hacker… instead of dragging it through the mud as many before have… So Good luck and have fun ^_^
as johnjuan728 said
this is a ground for you to try everything you could think of outsside this domain name (and the other ones lol) your fucked coz what ever you do unless u have been asked to do so will be interpretated as illeagal,
there are many ppl outside his envirimount tht have given each and everyone of us a fucking bad name not to mention the ppl in this envirimont tht have done the same so truely i wish tht as you being one of us you dont portray the same ignrance as them an give us all the shit like before like johnjuan728 sed " Dragged thru the mud like so many times befre"
If you're worried about legality issues, get yourself two more (trash computers) and a router. Set those two computers up with everything and anything you're interested in learning about and just bash away at it from the inside of your own privatized network. This helps in two ways….for one, you learn how to exploit the flaws of a system in the real world; and for two, you learn how to set these servers up and make them fully functional. That second goal will help in more ways that you can imagine…that's how I learn 90% of the things I do. Sites like these are more for fun to me personally…not saying it's bad that people learn from here, but there is very little understanding by the members as to why they beat the challenge, though they understand how they beat it.
I agree that alot of ppl including myself beat challanges and then say "Why?" so to help you i suggest getting buddies on sites like this that can help you explain Why you got the answer. I have gotten into the routine of asking people Why something works or Googling to find why it works becuse when you think about it most hackers are looking for the answer to one question "Why does this do that and what can i do with it?" so beating a challange answers what you can do but dosent answer the Why.
Thats my 2 cents ne ways.:p
Sometimes it would be cool to learn how to do some of the challenges, but you can't do anything about it because most of the time teaching how the challenges work is same as spoiling and when you can't do them on your own or with hints you'll never learn it.
EDIT: And because someone is going to mention using google: if you're completely stuck in the challenge you usually don't know what to google for.
johnjuan728 wrote: meh I-O-W-A has a good point… but basically anything you do outside of the walls of our little safe haven is gonna get you into trouble… Even if your being a good little 'white hat' and just telling the admin of a site that he has a hole in his security… youre probably gonna get boned in the end due to the stereotypes that have been placed against us…
I report holes all the time. As long as you are polite, they are (usually) Last time I reported a hole I got a job offer. One time, I reported and had my local police questioning me (nothing came of it, he couldn't prove monetary damages, meaning the state was going to drag it's feet, and once he realized he didn't have a case he dropped it.) It's a luck game. I've learned to just do it anonymously, give them a random yahoo account to send questions to, and if they want to talk in person/know who I am, I assess that on an individual basis.
regret wrote: If you're worried about legality issues, get yourself two more (trash computers) and a router. Set those two computers up with everything and anything you're interested in learning about and just bash away at it from the inside of your own privatized network. This helps in two ways….for one, you learn how to exploit the flaws of a system in the real world; and for two, you learn how to set these servers up and make them fully functional. That second goal will help in more ways that you can imagine…that's how I learn 90% of the things I do. Sites like these are more for fun to me personally…not saying it's bad that people learn from here, but there is very little understanding by the members as to why they beat the challenge, though they understand how they beat it.
This isn't that bas of a suggestion except that hacking is about learning how other people think. It's true that you can learn a decent amount by finding holes in your own code, but generally the only way to write truly safe code is to have examines a lot of vulnerable code, and think "this is what I need to look out for…" Sometimes other people code a certain way, and you think "that's stupid! Wait, in script X, I did something like that… shit."
And, the challenges only help the 10% of people that bother to do them without cheating. And even then, it's not very RW. They are great for learning about how to exploit a certain hole, but you only learn a few ways to exploit it. There are billions of opportunities with blind sql injection. For example, in a recent gig I used MS SQL to dump all the scripts into TEXT fields in a database, then sent the guy who I was working for the source and a note offering him $$$ for them. Show me a challenge where you can do this.
Here's what I finally ended up doing: get a certification (compTIA security+ is a good place to start) and then learn to program. Not because programming helps you in hacking, per say (I'd say there's not much truth to that, and there's more truth to it's inverse!) but rather because it will help you build contacts. And once you have proven you're smart and you know what you're doing, you can pull out your certification, find a firm, and say "hey, I'll program for you, if you let me spend 1/4 of my time making sure that the code you write is secure. And you can put on your company profile you have a certified security pro working for you. Plus, you get an extra hand for programming when you need it." then, you can hack real sites and not get butt raped :) And, it's a great way to make money as a part time job for a student!
Anyway, that was my $0.02
Hmm. I'm active on a couple of forums where the managers know that I'm a trustworthy, programming-savvy guy. So I get access to beta tests and everything, and one of my main roles is trying to break into everything and let the admin know if I can hack anything.
So, yeah. If you're worried, then I recommend only hacking in places where you're already established as a trustworthy member ;)