Reddit HowToHack Wiki

HowToHack板での初心者向けQ&A,学ぶべき技術の紹介

I’d like to learn how to hack, how do I start?

This question has been asked and answered many times. We’ll summarize the opinion of our fellow redditors, but we encourage you check on every thread and read every single answer.

Define your interests

You really need to decide what area you are interested in. WiFi hacking and website exploitation hacking are totally different things, just to name a few.Thanks to hawaiizach.
What do you want to hack specifically? websites? opereating systems? webapps? reverse engineering programs? Trying to hack an iphone/droid? The field is extremely big so you might want to sample a lot of things before focusing on a niche. Thanks to Shock223.
if you want to know where to start i would recommend using and learning about unix/linux, learn how networks/the internet work (tcp/ip, osi model), learn some basic computer architecture, and probably some programming languages like javascript, html, and/or php. Thanks to stingrayd.

The learning method

earn by doing and keep yourself interested all along the way.
if you see a cool open source project in hacker news or on one of the many hacking subreddits, download the source and figure out how to compile and run it.
read and follow along with tutorials.
play around with the security tools at sectools, but don’t ever think you’re a security guru just because you can launch a scan with nmap or kill a tcp session with ettercap. Thanks to stingrayd.
I think the best place to start is to get a solid understanding of OS concepts first. The combo of Linux, C, and ASM are almost essential to really understanding how everything melts together. I like this resource: http://wiki.osdev.org/Expanded_Main_Page.
Once you start getting an understanding of how the OS is working, you can begin picking up security concepts as well. http://www.securitytube.net/ is a great resource for learning a wide range of security concepts. Not every video is great, but it’s a great starting point. Once you’ve begun to understand some of the issues involved in security, subscribe to some active security blogs like PaulDotCom or Dark Readings. /r/netsec also has pretty active member contributions. Thanks to hacker_sam.
You should practice by setting up your own web server and testing various attack/scan methods against it with pocs or tools that are available so you can see what happens on the front end and the back end. Thanks to ps-aux.
In the good old days you could just search for newbie hackits and hack how2s. Today it is a bit harder to come by. However the main points which really brought you near how to hack, solve problems and become a good programmer are practice, experience, communication and projects.
1.) Learn to program
2.) Learn to solder, build something (Microcontroller, or light sensor)
3.) Learn the basics of the PC how is data saved, what is assembler code, look at TCP/IP references, etc?
4.) Meet your local Hackerspace
5.) Install and maintain a Ubuntu, Debian, FreeBSD, OpenBSD network to test your services on with the standard and customized LAMP configurations.
6.) Read about some linux exploits and linux exploit courses, patch your system so you can try the exploits yourself
7.) I agree with pentesterlab.com
8.) Get a foot in the online hacker community, do projects with them. Read Open source code.
9.) Get the lingo right (watch Hacker movies, because a bit of fun is mandatory) Thanks to IamaRead.
Start off by reading book on A+ and Network+, which outline the very basics of how computers and networks work (actually get certified if you want in the industry). This will give you the knowledge required to actually understand a lot that is discussed in hacker forums, read through them. Pick up a book on Windows xp/7/8 (choose 1) and get to know it well (its the most commonly exploited). Many hackers/pentesters use Linux, so that would be a good second. I would suggest installing it on a spare computer and getting to know the OS slowly but surely. Next, begin learning a programming language. What language you choose is up to you. Think of what you would like to code and see what language is used to do that. It is more important that you learn programming paradigms than a whole bunch of different languages. Once you get decent at programming then move on to reading ethical hacker books/bogs. This will give you an understanding of the different types of hacks and the basics on how they are performed and recognized. Get familiar with common tools; nmap, wireshark, metasploit, and etc. From that point I would read books/blogs on pentesting. If you are thinking of getting into the industry I would look into getting GCIA/GPEN/OSCP certified. At this point you should have enough knowledge that you have already been researching and learning on your own. Thanks to Eshim906.
Definitely learn how computers work first. How does the OS interact with the system components? How is memory managed and handled? How does the filesystem work? Where are critical files stored? To “hack” something you need to understand how it works first. Otherwise you’re just running some script or tool someone else wrote. Thanks to lifosort.
Pick a language. Next, look up all of the amazing things you can do with it. Don’t discourage yourself from learning based on where other people are, or what they know. Thanks to lastactionSQL.
My suggestions on where to start based on my own experience.
  • Learn to code (this is HUGE and will help you a lot down the line. It’s not necessary at first, but if you want to be any good at all, this is a must)
  • search for forums online and get involved in the community. As said above, hackerspaces are awesome and definitely look into them. Most of what I learned when I first started was information I found within the community (and there is a LOT of info out there). eventually you’ll start figuring out some things on your own.
  • don’t quit. it’ll get tough. you’ll get frustrated. but you have to get through it. hacking isn’t as easy (or as fast) as hollywood makes it out to be
  • get vmware or use dualboot to run a linux operating system. you should know how to use the command line decently well before you try anything. Ubuntu is really user friendly but if you want to dive in the deep end, try Backtrack.
  • once you’ve learned the basics and sort of know what direction you want to go, start with the simple stuff. don’t dive into something super complex. try out the easy exercises on hackthissite or try cracking your wifi router’s password.
  • I hate to plug books on hacking but i genuinely believe that these two books are pretty decent. Hacking Exposed 7 and Violent Python. They are designed for those at an intermediate level so keep that in mind.
However let’s start with basics. Learn a language. This means, if you wanna exploit websites, learn how they work. There are cheatsheets, and tools, but this isn’t what you want. You want something of value. For exploitation of websites: PHP, SQL, Javascript. For software: C/C++, Python, Assembly ( pretty difficult without prior programming knowledge ). Common attacks are the sqli, and xss. I’m not going to go through them with you, I’m sure mentors on the irc chat would be a bit more adept at that at. Next you got your doxing, this is pretty simple. I mean doxing can be a vaulable skill among researchers and I think it is a bit looked down upon nowadays. However doxing is much more than a reverse ip lookup, or a simple google/pipl search. Real doxing comes from infiltrating the habitat of the target. From that point gathering information, by method of social engineering. I hate to say it, but sometimes you can’t just hack your way into it. It takes a manipulator, or a social engineer to really gain inside on a person. So there are books on SE’ing, but frankly it’s just about deception. It really is, and people will deny that all day long. Thanks to [deleted].

A bit more on network security

If you don’t know anything about networks, protocols or how networks are set up I would start with the basics.
My main specialty is Wireless Network exploitation. Many of the tools needed for the job is in BackTrack, but some of the programs and scripts that I use I had to make myself. You will get far with a wireless adapter able to be set in promiscuous mode (monitor mode) and the Aircrack-ng suite. My main trick is to take over corporate wireless networks and use them against the company as part of a penetration test scenario. Usually I redirect them to a new corporate logon site for the wireless network to phish for their credentials. If this is not something the penetration test will cover I usually redirect them to my universal Java/Adobe/IE exploitation webpage before redirecting them to their homepage. I can also do “neat” tricks like upsidedownternet / DNS redirections / DoWi-Fi (Denial of Wi-Fi) and MITM stuff which are all good training scenarios. Thanks to roflnor_work.
My scripts are primarily python (easy to learn), but I have some perl (harder to learn) scripts as well. Thanks to roflnor_work.
Something that has helped me with network security is learning the other side of things. Meaning, how the network administrator or system administrator implement a service. By understanding the basics on that end that will help you to understand network level pentesting because you will know how things communicate with each device. I would say some good topics would be things that are in the Network +/ Security + certifications. These are good starting points or if you don’t know much about hardware them maybe learning some aspects of the A+ certification. Thanks to sharpie711.
You really want to get involved in the WIFI security world then you should join the community who makes the tools like reaper, aircrack etc and help dev the software and test with them. This is the best way to learn, hands on with a community that has experience already :) Thanks to ps-aux.

How important is to learn programming?

There is no given amount to learn of programming. It’s honestly as much as you want to learn. I mean generally, it’s important to learn the basic syntax; functions, loops, etc. etc. So just learn to be able to make semi complex programs. Going beyond a hello world for example. But going into the hacking side of programming (usually reverse engineering) is pretty difficult. So it’s not something you will become godly at in a week. Thanks to [deleted].
It depends on what type of hacking you’re looking to get into. You should know the basics (classes, loops, functions etc.), so you can at least read and understand what something does even if you don’t know that specific language. Personally, my strongest language is C++ but I can fairly easily follow Java/VBA/C#/C/PHP code. The basics are all the same it’s just a matter of syntax at that point. Also be able to write at least basic shell scrips in Linux.Thanks to AcBlind.
The answer to your question depends on what kind of hacker you would like to be. Hacking is a complex process that involves a lot of different skill sets: target research, network scanning and enumeration, social engineering, server and OS vulnerability analysis, and coding. If your primary interest is programming, you may be a malware writer/analyzer. If your main focus is operating systems, you may be more of a penetration tester. If you’re good with people, you can be a social engineer. It just depends on what you like to do and where you want to focus. Thanks to WilliamFingShatner.
Learn as much as you can or at least have ample understanding with as many as possible for reading/following purposes… This makes discovering/understanding exploits much easier in the long run… Thanks to ps-aux.
Programming is not super important to do all hacking… Plenty of hackers out there who can’t program and can still find vulnerabilities and exploit them… Thanks to ps-aux.
Learn as much as you can or at least have ample understanding with as many as possible for reading/following purposes… This makes discovering/understanding exploits much easier in the long run… Thanks to ps-aux.
Programming is not super important to do all hacking… Plenty of hackers out there who can’t program and can still find vulnerabilities and exploit them… Thanks to ps-aux.
Programming is not always a major part of “hacking”. It really depends on what you want to get into and were you want to end up. There are more way to crack passwords then brute forcing. Might want to look up rainbow tables and dictionary attacks. You`ll be using dictionary attack the most. Thanks to 454Satan.
Impossibly question really. All programmers have their preference. C is in my opinion the best place to start. It’s not too complex, teaches you basic programming logic, and the basic syntax behind most programming languages. C++ is an extended C pretty much. The syntax though, is weirdly different, so it might throw you for a loop. So “hacking” wise, c/c++. Java is more secure. But just find one you like, and go with it. Thanks to [deleted].
ASM, C, C++, C#, VB, JS, JAVA, RUBY, PYTHON, PHP, MVC/OOP FRAMEWORKS (various languages), HTML, CSS, LUA, SDKS (various ones) the list can go on forever…. Each language is only as important to the code you are working with… Why think C when you are reading VB source code? Etc…Thanks to ps-aux.
It’s helpful to know html so you know how to follow the code when you view source to determine what other angles -or- forms you can go after for hacking… The website you picked to learn programming from is perfectly fine… I suggest you finish off with this: Html5/Css3/Jscript/Jquery(Ajax)/Php (maybe Ruby-on-Rails) Then you can move on to Python/C/etc for higher development and more towards exploiting non web if you choose.. Thanks to ps-aux.

Programming learning resources

This isn’t a programming subreddit so we’re only pointing out basic material that may help you out while learning how to hack.

Coding

http://www.codecademy.com/#!/exercises/0 Learn to code Thanks to stingrad.

Learning C

K&R’s The C Programming Language the definitive C book Thanks to kaden_sotek.

http://stackoverflow.com/questions/803522/after-kr-what-book-to-use-to-learn-programming-in-plain-c Thanks to IamaRead.

Learning Solder

http://www.aaroncake.net/electronics/solder.htm Thanks to IamaRead.

Python

http://en.wikibooks.org/wiki/Non-Programmer%27s_Tutorial_for_Python_3 Non-Programmer’s Tutorial for Python 3

http://learnpythonthehardway.org/ Learn Python The Hard Way

http://www.learnstreet.com/language/python Learn Street Thanks to KonVirus.

Learning Java

http://www.bluepelicanjava.com/ Thanks to macleod2486.

http://www.codecademy.com/learn Thanks to amperages.

http://www.wikihow.com/Program-in-Java Thanks to ps-aux.

http://docs.oracle.com/javase/tutorial/ Thanks to ps-aux.

/r/java Thanks to ShredThePlan3t.

What OS do you recommend?

The best operating system, would be the one that best suits your needs and skillset… [Thanks to ps-aux](r/HowToHack/comments/196feb/os_that_you_prefer/c8lcxfo).

Windows

Windows is a perfectly fine operating system… I use a windows machine for gaming and GUI related things since I am not a huge fan of GUI on the linux world… With windows you can easily download an SSH client like Putty and log in to a linux terminal to use linux security tools like nmap and so forth… [Thanks to ps-aux](r/HowToHack/comments/196feb/os_that_you_prefer/c8lcxfo).

Linux

http://iso.linuxquestions.org/ [Thanks to ps-aux](r/HowToHack/comments/19wdnr/curious_enough_to_want_to_learn_but/c8s5qxg).

http://www.linuxhomenetworking.com/ This site covers topics needed for Linux software certification exams, such as the RHCE, and many computer training courses. [Thanks to LucidNight](r/hacking/comments/18m41z/looking_for_a_beginner_project/c8fzgyi).

https://github.com/WilliamHackmore/linuxgems/blob/master/cheat_sheet.org.sh Linux CLI cheat sheet! [Thanks to Gradivus42](r/HowToHack/comments/19x4fw/linux_cli_cheat_sheet/).

http://cb.vu/unixtoolbox.xhtml Unix Toolbox — great collection of tips for Linux Sysadmins. [Thanks to rushone2009](r/HowToHack/comments/19awbd/unix_toolbox_great_collection_of_tips_for_linux/).

Arch

Note you that Archlinux is looking sexier every release! [Thanks to ps-aux](r/HowToHack/comments/196feb/os_that_you_prefer/c8lcxfo).

Backtrack

[Thanks to ps-aux](r/HowToHack/comments/196feb/os_that_you_prefer/c8lcxfo).

Blackbox

BackBox is a Linux distribution based on Ubuntu. It has been developed to perform penetration tests and security assessments. Designed to be fast, easy to use and provide a minimal yet complete desktop environment, thanks to its own software repositories, always being updated to the latest stable version of the most used and best known ethical hacking tools. [Thanks to rushone2009](r/HowToHack/comments/196feb/os_that_you_prefer/c8lvz54).

Damn Small Linux

Damn Small Linux and put Back box Repository on it. [Thanks to rushone2009](r/HowToHack/comments/1atc91/question_about_linux_distros/c90m16b).

FreeBSD

I use FreeBSD on most of my machines and think it’s an excellent choice. The main differences you’ll encounter are:
  • File structure (BSD distinguishes when things go in /, /usr, and /usr/local, while most Linux package managers seem to just chuck everything in /usr and /etc)
  • Building from source (While there is a binary package manager for FreeBSD, it’s not used by many people. The BSD Ports collection is a much more common location to get your software from)
  • rc.d, the BSD startup system (Linux distros seem to differ on how they start daemons. They generally have either systemd or an rc script somewhat similar to BSD’s. In FreeBSD all daemons are managed from /etc/rc.conf or /usr/local/etc/rc.conf, depending on the daemon in question)
While there isn’t quite as much software that will run right out of the box on BSD, I tend to find the system well organized, and it usually isn’t hard to coax source into compiling. You’ll get a lot of command line experience quickly, and it’s nice working on a system with native ZFS support. [Thanks to nuclear_spines](r/HowToHack/comments/19xl0b/bsd/c8stcvj).

Gentoo

Personally I really enjoy gentoo. It has excellent tutorial on hardened gentoo. Which is where you secure your kernel (pax) against exploits and apply context to security (think selinux.) [Thanks to ByAnyMeansIDesire](r/HowToHack/comments/1atc91/question_about_linux_distros/c927bnb).

Linux From Scratch

It look me a couple of days on and off after to work. Definitely learnt a lot. I tried doing BLFS, but it seemed to be a bit hard and I kept getting a lot of errors. I would like to give it a shot again considering I’ve learnt a lot more about linux since then. [Thanks to nevertherym](r/HowToHack/comments/19auno/welcome_to_linux_from_scratch/c8raei5).
If you are feeling very adventurous you could try http://www.linuxfromscratch.org/ There you could compile your own distro. [Thanks to seraphrunner](r/HowToHack/comments/1atc91/question_about_linux_distros/c90mgb4).
I compiled LFS a couple years ago. I learned a lot about compiling software from source, the Linux file system, and compiled the Linux kernel for my first time. I wish I would have waited until I was somewhat familiar with the C programming language though. Some of the steps make more sense if you know a little bit about C. [Thanks to numbquil](r/HowToHack/comments/19auno/welcome_to_linux_from_scratch/c93naen).

Ubuntu

Ubuntu is fine… It’s quite bloated by default since it’s a great starter linux and has a new wide community supporting it… [Thanks to ps-aux](r/HowToHack/comments/196feb/os_that_you_prefer/c8lcxfo).
Further to this, if you’re used to Ubuntu and want to get rid of some bloat, try lubuntu.
Like what you read? Give Sonne Reisfeld a round of applause.

From a quick cheer to a standing ovation, clap to show how much you enjoyed this story.