General Hacking

Hey hey im rather new to this although i have read up on hacking such as reading Hacking exposed Web applications in its entirty. A lot of what you find on these challenges isnt really covered. Do any of you have some suggested reading? Just on a side note i see a lot of people asking about how to hack various things unrelated to the site sometimes ever referenceing whom the would like to hack…i would think that would be rather unwise and could potentialy get you into a crap load of trouble especially if you dont know what your doing. Am i wrong here? Much props to all of you whom really know what your doing. Thanks for any responces in advance happy hacking

Well, you're not really going to find a comprehensive site with primers for all of the concepts. Your best bet is to make a "laundry list" of hacking technique terms and, from there, do individual searches for references on each of those. Google is your friend there.

For a pretty decent starting list, complete the Basic, Javascript, and Realistic challenges. Also, the Hall of Fame here lists some terms and techniques that you won't find in the challenges.

A good source of discovering your very own exploit is to look through "White Papers" If you are just beginning, I would look at what you wish to be. The guy on the front page for hacking a dozen computers in one night, or the one preventing that. Either way, looking through white papers (google it) is a great way to gain a higher level of understanding on a programming language whether it be used for either side.

All in all, I guess to sum it up, to learn how to build onto something, you need to know how to take it apart and what makes it tick. If you want to hack javascripts, learn javascript, if you want to find SQL flaws, learn SQL, and to do all this, my big suggestion is: Read up on some white papers on what you wish to learn AND visit http://www.w3schools.com, an excellent resource for scripting language learning.

[EDIT]Ok, I forgot, I don't know how many people use it/like it, but I use a great tool for learning different techniques is http://www.owasp.org. It is a wiki which is solely intended for security purposes. It has many references to other websites to give you a full grasp of the concepts.[/EDIT]

Umm… I think whitepapers are a BIT too advanced for a newb. He needs to feel his way around the security universe first and figure out what he wants to pursue: basically, the same thing you said (after that strange first paragraph).

noober wrote: Just on a side note i see a lot of people asking about how to hack various things unrelated to the site sometimes ever referenceing whom the would like to hack…i would think that would be rather unwise and could potentialy get you into a crap load of trouble especially if you dont know what your doing. Am i wrong here?

Most of the people here are probably referring to web hacking techniques. To be perfectly honest, no one really cares about those.

I shouldn't say that, actually. The type of attack doesn't have much of an effect on the likelihood that you will be pursued. What matters is the size of the organization attacked, the amount of money gone down the drain, and the type/amount of damage caused (in that respective order of importance). If say, you target a large corporation, and they lose money, time, and data because of what you did, I would guess that they would go wild looking for you. If the impact of your attack is less devastating, and the organization targeted is less significant, it's probably less likely that you'll be pursued. Just common sense here.

While no one should feel safe to discuss their web-based activities, even here, they're probably not going to get into any trouble.

White papers are fine, really, but don't expect to see any new techniques in them. I find it that the new exploits are private for a few months/years before they start appearing in white papers.

To become a "real" hacker, install linux and learn Perl + C++. Learn about networking and just keep your eyes open for anything that could help you be any better.

Web-hacking is overrated, if uploading a PHP-shell is the only way you get root, you failed.

Nicely said guys, and yeah, I guess white papers are kind of a thing for the future. As spyware said, don't really on web hacking. Techniques like "rooting" and things are much, er, "funner" and more effective than web hacking. Honestly though, how many people DO install PHP shell scripts onto their website with little to no security on them if they do at all? (this isn't getting into XSS and things, you don't need one for that, and then you still have directory transversal via url… can't remember abbreviation…) I just think that web hacking is a good place to get started learning about flaws and things before opening up bash and going to work. You have to walk before you can run.