Programming in relation to hacking???
I have been interested in hacking and beating computer security for a while now and everything i read says to learn to program. I have been doing a bit of c++ lately but i do not understand how programming is going to help to gain access to a remote machine. Do i just need to get better at it or am i missing something altogether? Thanks
Compromise wrote: Install linux.
I'm not even kidding. Just do it. I did last week, and my dick has already grown three inches!
Seriously, though, switching to linux'll change your whole perspective on things. While it's not strictly necessary, it'll definitely help.
Also: machines are run by code: their software has it, their hardware needs it- everything about them has some sort of correlation to it. Knowing how this works is the first step in leaning how to dismantle and exploit it.
Well for instance you could program something in C++ using the mysql++ API to brute force a mysql account on a machine locally or remotely. Or you could write a DOS / DDOS program. Or you could write a program to exploit a buffer overflow. The possibilities are endless.
EDIT: I wrote this to perhaps assist me in pen-testing: http://www.hellboundhackers.org/code/virtual-host-scanner-1404_c.html
Knowing how something works is the easiest way to find whats wrong with it. If somebodies watch isn't working, who can fix it? Some random guy on the street? No, obviously it would have to be someone who knows how watches work.
Same thing applies to programming. Learning how to hack is learning the problems with the code. If you don't understand the code, then you don't understand the Hack, and it becomes very unlikely that you can hack things on your own.
If you can't hack things on your own, you end up downloading scripts and exploits and trying to make them work, and next thing you know your a hated "script kiddie". Script kiddies don't get far in the hacking world, because most hacks and applications require at least "some" understanding of the concept of the Hack before they will work. And, again, if you don't know the code, then you don't know the vuulnerability, then you can't exploit the vulnerability.
Not to mention coding things yourself can be fun, once you actually learn the language ;)
that depends on how skilled the OP's skill is in programming. The OP should also consider delving into other languages as well, since there is no language that can be used to solve all programming issues.
Like the what skatgh420 said, you can write any program that can assist you in your endevours, and who knows, maybe you can even uncover your very own 0-day exploit, or write an even better tool than the ones most of use regularly.
what I recommend you to do is to get some source code, pick them apart and see how it works, and while you can get by with online tutorials, I usually recommend buying a few books on programming, for you to understand them better.
bostikpaste1 wrote: I have been interested in hacking and beating computer security for a while now and everything i read says to learn to program. I have been doing a bit of c++ lately but i do not understand how programming is going to help to gain access to a remote machine. Do i just need to get better at it or am i missing something altogether? Thanks The simplest example I can think of at the moment is the realistic 2 challenge. Write yourself a program to solve that.
Once you learn more about programming and start to learn about TCP/IP programming more doors will open. It's not an instantaneous thing that once you know the basics of a programming language suddenly you can use it to solve every problem you want solved.
And no, you don't need to install linux. It can be useful, but I recommend learning one thing at a time. Learn the language first, then learn how to use a new operating system.
ynori7 wrote: And no, you don't need to install linux. It can be useful, but I recommend learning one thing at a time. Learn the language first, then learn how to use a new operating system.
I seccond that. Even if you wanted to learn about operating system concepts, you don't need to install linux. Although, it never hurts to have a few live cd's around.
Programming is the foundation of a good hacker, in my opinion. In order to compromise a system you need to understand what you're doing. It's possible to do with with tools, mentioned above, or with some blind luck in some cases.
If you're really looking to directly relate the two however, write the application you are trying to crack. In a lot of cases this may require more skill than you may have (no offense, I just dont know your skill level) which is why a programming background is important.
Obviously I don't sit down and code up a full copy of everything I ever want to test. In some cases it's just too large and in others I don't need too. Either way, starting off with this technique will help guide you into what languages you should learn.
bostikpaste1 wrote: I have been interested in hacking and beating computer security for a while now and everything i read says to learn to program. I have been doing a bit of c++ lately but i do not understand how programming is going to help to gain access to a remote machine. Do i just need to get better at it or am i missing something altogether? Thanks
You're learning backwards.
it's like asking if you need to be a good runner to play baseball. Not if you can bat a thousand and can magically be where the ball is when you're fielding.
Anyway, the point is unless you're an awesome social engineer you'll need to know how to program or at the very least understand what is going on.
viruses, worms, trojans; they're all programs.
buffer overflows, off-by-one attacks, reverse engineering, they're all program vulnerabilities.
You can't control a robot army if you don't speak robot.
Here's a classic example of smashing the stack for fun and profit
void ParseData(char *pwd)
{ char password[32];
strcpy(password, pwd);
this code copys pwd into password until it hits a null character. If you put it after the 32nd character in pwd, strcpy overflows the password buffer which is on the function's stack.
But once that is done, then what? The main point of an overflow attack is to be able to run arbitrary code on the machine. The code you will use to take control is shellcode. If you're a windows user, DOS prompt or "cmd.exe" should sound familiar. Writing and running machine code takes a bit of knowledge on assembly language . Just google the Metasploit Project.
Smashing the cloud is another obvious one. The web browser interprets html and renders it on your screen. So there are endless possibilities when creating a web page with malicious code. Send an email that links to your page, the user clicks a picture which downloads a program that sends the email to everyone in their contact list who then click on the link until it spreads across the internet. Then one day you command your zombie army to send bogus TCP SYN packets to a web server. The server is rendered useless while trying to resolve the millions of handshake requests.
Last but not least is crypto programming. Start by writing a program that can solve scrabble games and then work your way up to RSA.
Yea learning a programming language is definitly a start, when i first joined hbh i dint have a clue what some of the guys were talkin about when i asked them for help, now that i am familiar with a few languages (python, perl, java script) things are alot easier to understand now…but again knowing a language is only part of the puzzle…having a different thought process is just as important…some of the realistic challenges really fuck with ur mind and u really need to think like a crazy person to figure it out…i think that hacking on the whole is just like a puzzle you gotta figure out alot of different pieces, like one of the guys were talkin about social engineering, in other cases you can use something like metasploit to get the job done
htsl33t wrote: …having a different thought process is just as important…some of the realistic challenges really fuck with ur mind and u really need to think like a crazy person to figure it out…i think that hacking on the whole is just like a puzzle you gotta figure out alot of different pieces
Nah, for most people it's grepping for strcopy.
And while your learning, try this. http://www.projecteuler.com
yours31f wrote: And while your learning, try this. http://www.projecteuler.com That may help him get some practice learning the basics of the language, but it wont help him learn about hacking.
Once you feel confident in the basics, start learning about systems level programming and TCP/IP programming. Those will likely be the most useful in the security area.
yes you really do need programming knowledge to be a good hacker. good hackers will code their own advanced programs. these programs never are realeased to the internet or public, they are kept as the hackers tool only. These programs are usually a gazillion times better with hacking then any tool you will find on the internet.
cruizrisner wrote: yes you really do need programming knowledge to be a good hacker. good hackers will code their own advanced programs. these programs never are realeased to the internet or public, they are kept as the hackers tool only. These programs are usually a gazillion times better with hacking then any tool you will find on the internet. No, good hackers share their code. But let's not get into a fight over good vs. bad hackers.
SET wrote: i think all hackers should share code. Hacking is a way to force the evolution of technology. If no hackers many key areas of the computer world would be in a snail pace progress. The more hackers the safer the world in the shortest amount of time. That really depends on how you define "hacker". The bastards who make viruses aren't really helping.
Apophis wrote: That really depends on how you define "hacker". The bastards who make viruses aren't really helping.
I think they help alot also. Every time a virus sneaks through or information is stolen….. it causes a chain reaction and security gets stronger, better, faster. The Evolution on how we communicate / network protocols/ security standards / encryptions / app development have a strong growth…Not because of the people that sat back and stayed away from trouble …Thank the virus creators / app and system thieves. The guys that find new holes in the system and exploit them. We are in a age where we have advanced so far into computing that we are making apps thank for them selfs. the hacking community wont last forever sooner or later it will become to hard to hack. Your just riding a wave of new technology, computers just like man made atom splitting are fairly new. Man just has a want for perfection and hackers are helping the computers get there pretty quick.