help the n00b
Someday, a reply to this question (which is a rather frequent one) will be submitted, and that thread will be stickied.
I pray for that day.
Anyway, I'd suggest you learn HTML and Javascript. They're not programming languages, but you CAN'T get by without them.
Then, learn a real language, such as C or C++. Many people find these too hard to start off with, but I think that if you learn either of them, they stand you in good stead to learn others.
PHP is a pretty useful language, since you NEED to know it if you want to make a substatial website. Well, either PHP or perl.
here you go.
http://www.hellboundhackers.org/newtohacking.php
I followed this guide, and learned HTML first, then Javascripting. I am probibly going to learn PHP soon whenever I stop feeling so lazy.
Please note that the following is not so much an introduction to the art of hacking as it is an introduction to the hacking culture in general today. This includes a guide to what you will need to know to become a functioning, active and contributing member of the hacking community. Since this is by no means going to be a short forum post, I will break it up into four categories: understanding the hacker community Becoming a functioning member of said community Becoming an active member of the hacking community Becoming a contributing member of the hacking community
You need to understand something to practice it, need to be able to request information and find it in order to lean new things, be able to contribute to the community with your new knowledge, and have a few places to look to for preliminary knowledge. hence the long ass article to explain what you will need to learn.
I will address each of these in order and as completely as I can. Please note that I will be including many, many links- and that in order to fully benefit from this primer on the hacking community, you will need to click on all of these and at least browse the contents of the link. While all of the content linked to is on my server, I did not write any of it. The authors of each work are noted on their respective page. So, without further ado, let us begin!
** Understanding the hacker's community** Hacking is one of the most misunderstood hobbies of today, and you MUST understand what hacking is to learn how to do it. Many people would say that hacking is something like breaking into computer systems and stealing money or data- or stealing an old lady's identity to pay for prostitutes and buy drugs. If this is hacking, well, then I'm not a hacker.
But I am a hacker. So this cannot be what hacking is. Let us turn to two primary texts which will define the term hacker for us. The first of these is the hacker's manifesto (http://dcs.drivecsucks.org/starters/manifesto/mentor.html). This document is a legitimate one to use to define a hacker because it is widely considered an great piece of writing- and a true one- by many hackers. In fact, you will run into this all the time when looking through forums or hacker's websites. When you see it, leave a comment and include your thoughts about it. What this document tells us about hackers is that we are: A. misunderstood B. Not conformers. That is, a GPA doesn't satisfy our thirst for learning C. generally, we love each other in the sense that we have a deep connection with other hackers, because they are the only people who will ever truly understand us. D. We don't care how old you are, you skin color, or your nationality. We don't care if you're 14 or an MIT grad. So shove your degree in network administration and your 4.3 GPA up your ass and prove you know stuff. Then you will get respect E. We only give respect to those who deserve it, and you have to earn respect.
The hacker's manifesto is a very powerful text. But it doesn't give a literal definition of a hacker. It's poetic. If you want a dictionary full of stuff that will explain the hacking culture to you, have no fear! The Jargon files can be found here (http://dcs.drivecsucks.org/starters/jargon/html). I don't really need to elaborate on this, just click the link and start reading. Now.
So, do you have a general view of what hackers are? To sum it up, I've never broken a law using a computer in my life, and I wrote my first command in BASIC on a IIGS in third grade. And I am a hacker. I work hard to earn what I make and I don't steal. And I am a hacker. I believe that everyone has the right to say what they want- anti-war protesters and the KKK. Redneck war-mongers and Martin Luther King. Malcolm X and Rush. And I am a hacker.
Becoming a functioning member of the hacking community To become an functioning member of the hacking community, you will need to know how hackers rate each other, how to avoid fights and flame wars, and what communication mediums are most used by hackers today- as well as where we hang out when we are not improving open source software, designing and maintaining informational sites, and running "play grounds." You need to be a functioning member so that you will be able to get information and learn from people- you'll need peers, if not teachers, to become a good hacker. No hacker has truthfully taught himself everything he knows. At at least one point, someone put his on the right track or wrote an article or something to help him out.
Hackers rate each other many different ways. The most popular way originated at hackthissite.org. The idea was expanded upon by the hellboundhackers.org. The idea is simple: different types of challenges that simulate real- world security flaws. On top of this, both sites offer up the chance to actually hack their site if they find a way to. Some hackers (such as myself) don't really like this method because too many people just read articles, and you can have idiots ranked in the top 200/7000, and prefer just judging people based upon what they demonstrate of their knowledge while helping others or talking about/developing stuff. Still others prefer head-on-head competitions, such as hackthissite's rootthisbox or HBH's webwars.
An easy way to avoid flames is to not be paternalistic. That is, to treat everyone equal, and only be rude to someone if they deserve it, not just because they ask for help with something you know how to do. It's as simple as the golden rule: treat others how you want to be treated. Don't nag for help, and don't act better than everyone else- but don't expect people to bow to you just because you know a bit more than them or are ranked higher than them on a system that anyone with gobs of time and tutorials could be ranked high on.
Hackers like two forms of communication best: forums and IRC. Mainly because both are free, and both are secure. Forums are mainly for sharing knowledge and extended articles, while IRC channels will generally be full of conversations, with single sentence replies in most cases. You can read more about forums here and IRC here. Phreakers, who are often hackers also, prefer teleconferences. These are very fun, and if you are invited to one, ask your local phreak about a red box (or beige box- use a chordless phone on an out of town neighbor, lol) and then go to a pay phone and dial in for some great fun!
Hackers hang out everywhere on the net. I know I help out with wikipedia fact checking, coding for fan sites, HTS and HBH, and several smaller forums, as well as being a member of 2 hacking crews (a group of hackers who give themselves a name and a cool website, such as dcs.drivecsucks.org) So basically, just start here at hellboundhackers.org and hackthissite.org- these two sites are often spokes that will lead to other places soon enough (but more than spokes, they are great places to hang out!)
Becoming an active member of the hacking community Ah.. now this is the fun part! Doing something! Well, not quite. I will tell you what you will do with your knoledge once you aquire it (all in good time. Don't worry, I will eventually get to this!) generally, most of the projects hackers work on are open source projects. For me, this is because I don't believe in proprietary software, and I'd rather share my work then profit off it (I'm a tortkian, can you tell? lol). For others, it is because they like to see what others can contribute to what they have started. Others still are just looking for a cheap way to get what they want and end up developing it, then sharing it. One such person went by the name of linus, and he developed an operating system known as linux. If you're serious about hacking, you should take a look at this. I wouldn't consider it a requirement, but alot of opensource software is designed only for linux, and I am much more at home in linux than in a windows environment, just as a personal preferance. To learn more about Linux and other open source projects, use Google or wikipedia. Further, you could try the OSI at www.opensource.org. the idea of open source is sharing. It may confuse then, when people give you scornful looks when you use other's applications. they may even call you a script kiddie. If you went to the above site and looked around, you will know that open source software is designed for sharing- and it's a good thing to use other's work. Don't waste time building stuff from scratch- how many of those people insulting you wrote their own operating system or web browser? not many, if any. So, just move on,. don't get in a flame war. But at the same time, make sure you eventually contribute the the author of the program in some way if you use the program alot. You could add features to the program when you learn how to code or even just donate a few dollars.
Becoming a contributing member of the hacking community To start contributing the the hacking community, you will inevitably need to understand how hackers think. Remember the jargon files and the hacker's manifesto? Well, hacker's thoughts reflect them. The hacker's mind is like a cat's- very curious. In order to become a good member of our wonderful community, You'll need to ask yourself how everything you see works, and then how you could use what it does to make it do something else. That said, let's get to the learning part. I will discuss the newest phase of hacking: web hacking. Basically, web hacking exploits holes in common web software- or even software only used by one company, to make the site do something it wasn't designed to- be that offer the hacker a more officiant service or a way to deface the site. The emergence of this type of hacking is no accident, with the Internet become the median for storing and sharing data. So, in order to get into hacking, you will need to know alot about web development. Generally, there are 2 parts to this: web design, and web programming. Web design uses things like CSS, HTML, and images- while web programming has more to do with javascript, PHP, and PERL- actual programming. You will need to learn both eventually, I would suggest mowing a few lawns and going to your local bookstore and getting books on javascript, PHP or PERL, and perhaps HTML. That is, as long as http://www.w3schools.com/ doesn't tell you all you need. Generally, you will want to learn things in this order: -HTML -Javascript -do a few javascript challenges and try to use the hacker's mindset when looking the these scripts- thinking about how you can make them do things they aren't supposed to. -PHP and SQL (get a book with both PHP and SQL in the title :D) -read white papers on SQL Injection (Google it) -try a few basic challenges :D -now, develop a basic site that will allow the user to login and check their password. Once you start programming, you will be sure to notice a security hole at some point. The first time this happened for me I was browsing a page and signed up for an account. it gave an error that the sql syntax was wrong- the admin of the site must have been working on the script and had been printing out the SQL query for debugging purposes until he could implement the feature he wanted to. Well, from the structure of the command, I noticed I could SQL inject my way into the admin account. I sent the admin an email, and that was that. he didn't respond, but the hole was fixed. Don't expect people to praise you when you help them. But what if the PHP script on this site was used on 20000 other sites? many people report holes in popular software to places like http://milw0rm.com or www.securityfocus.com/. The problem with this is hundreds of people who don't hear fast enough will be attacked meaninglessly be rouge script kiddies. This opens up an age old debate about what to do when you first find an exploit (before the developer knows about the exploit, it is called a zero day, or 0day exploit) Most hackers don't tell the developer because they won't get credit for their contribution. I tend to agree with those people.
So, you have learned alot about the hacking culture, and now you have what little you need to begin learning. Your journey will be long. Have patience!
Well, happy hacking!
written by deathRape Inspired by the CFC crew, the mentor and Jeremy Hammond.
contributions by: Darth_Pengo -> correcting my horrible spelling :D YOU? This can always be improved :D- send me a PM with any updated you think prudent and I'll add them and put you on this list.
thanks all :D.
I think I'll expand upon PHP, HTML, and javascript- and places to learn about specific things about them, ie, Injection, etc. next time I get a chance, but it probably won't be for ra couple weeks, and Sarah is taking the liberty of fixing all of my spelling and grammer mistakes (I failed both subjects…lol)