Whats Next

I have been "hacking" for almost a year now. Here are some of the the thing's I have picked up along the way so far…..

sql injection (simple, some advanced, working on blind) xss (escaping filters and also cookie stealing) Phreaking (a little bit) Social Engineering (very fun by the way) cookie poisoning RFI LFI etc. (basic web hacking I guess)

My question to you guys is whats next? Maybe some ways to exploit servers? Maybe more advanced web hacking? I just want some names of "hacks" for me to study and research. I'm not asking for you to explain them to me (unless you want to…). Any and all suggestions are welcome. :D (note: I haved used google but mostly come up with the skills I have already acquired.)

Well at the moment I am learnin C++ and Python (can't code anything useful yet but I got the basics down) and of course I know HTML and Javascript. I guess I am just at a standstill with web page based hacking, and am just asking what are some other hacking methods besides the ones I mentioned in my first post. And maybe some ways that servers/routers can be exploited (no need to explain I can do the research just looking for names I guess of exploits/vulns I can research)

Try looking this up: DNS cache poisoning ARP Spoofing Mail Spoofing Overflows(Stack, Heap, and Buffer)

Pwnzall wrote:

Try looking this up: DNS cache poisoning ARP Spoofing Mail Spoofing Overflows(Stack, Heap, and Buffer)

Thanks :D That will keep me occupied for a while.

EDIT: still up for ideas though :happy:

wow so relevant, I'm having same 'problem' kinda stuck on the web hacking basics. Anyway I would also aim just on one language now, and perfect it, write usefull scripts like ftp bruteforcer, port scanner, vulnerability scanner, md5 password cracker. That is what I wanna start work on myself. Also I would recommend to look at rooting little more ;)

You could give RCE a go. (Remote Code Execution)

SaMTHG wrote: You could give RCE a go. (Remote Code Execution)

username:
Using keyboard-interactive authentication.
Password:
Last login: xxx from x.x.x.x
[spyware@boo ~]$ how can I has RCE?
-bash: how: command not found
[spyware@boo ~]$ RCE -?
-bash: RCE: command not found```

Yeah. RCE is tricky.

Halp?

You should look up DNS injection.

Go down to your local bookstore like Barnes & Noble with your laptop when you get some time and go through some books on topics that look interesting.

Actually reading a book compared to an ebook can help you learn so much more.

i would move onto some seriouse stuff

HTML? very complicated stuff

Inject0r wrote: i would move onto some seriouse stuff

HTML? very complicated stuff Go fuck your self

@ Everyone else thank all of you for the suggestions :happy: this is what I wanted and more.

EDIT: Still wouldn't mind some names of "hacks" I could research and learn.

You have to know where you want to go. Instead of just looking up exploits, you should look 'behind the scenes' if you want to continue hacking be it from more of a rooting perspective, web hacking etc, know where you want to go and learn the code that goes along with it. You can't be a good hacker unless you know the language behind what it is you're trying to hack and when you learn that language well, hacking it should be like 2nd nature.

Uber0n once told me about "DLL injection" B)

Seems interesting, why dont you look it up.

=]

cueballr.

cueballr wrote: Uber0n once told me about "DLL injection" B)

Seems interesting, why dont you look it up.

=]

cueballr.

Interesting stuff thanks :D

^^Above 2 posts…you're getting way too far ahead of yourselves. Do you even know how to code your own custom DLLs?? From the sounds of your programming knowledge, you don't. One step at a time grasshoppa.

slpctrl wrote: ^^Above 2 posts…you're getting way too far ahead of yourselves. Do you even know how to code your own custom DLLs?? From the sounds of your programming knowledge, you don't. One step at a time grasshoppa. At least DLLs are extremely easy to code in C++ :p