How to become a hacker or advice for a beginner.
I’ll make a reservation right away. It's hard to give advice on how to become a hacker without being one yourself. But with the development of freedom of speech, when almost any spoken phrase can seem to a young mind to be an immutable truth, often without any consequences for the speaker, this situation is normal. I'll be careful. So, what I would never do if I wanted to get super-secret data on controlling satellite combat lasers.
Which typical mistakes committed by a person who goes on the warpath with the digital world around him. I will try to outline those points that should be avoided at the beginning of this interesting but dangerous path.
At the beginning of my journey, I definitely wouldn’t trust those blogs and sites that ask for money for a link to some super collection of hacking programs. Nobody makes such assemblies. It is not an easily liquid product that is in wide demand. All absolutely links and any content on this topic should put an end to further visits to such a site.
It's funny to see how in videos on YouTube or anywhere else they offer a program for quickly hacking a popular social network. There are no programs for hacking a website. The principles of penetration are completely different from making changes to programs that are subject to cracking. You will be able to download some program, but most likely, along with it you will also download some kind of . It’s not for nothing that the “manufacturer” of such an application asks you to temporarily disable the antivirus and firewall.
I came to the conclusion long ago that the height of stupidity would be to use third-party keyloggers and Trojans, especially those that are freely distributed. Once you download and install such a program, consider yourself hacked first. We think – why spread such information? Help me track my friend? No, get rich off fools.
It’s not worth starting your own business if you don’t know programming languages and scripts and, most importantly, don’t want to delve into them. This point should be put first, of course. Don’t amuse yourself in vain, the knowledge needed here is by no means basic. What will you break? Internet resource? PHP and MYSQL are in your hands. Are we cracking the program? Apparently, C and Assembler. Hacking is an art. Sleepless nights and smoked cigarettes. That's a lot of wasted time. You can rely on stupid admins, there are many of them. But showing on the screen the result of a simple batch file, the script of which was downloaded on a site like mine, while calling oneself a hacker, is bad manners. There is a lot to learn: details of cross-site scripting, all kinds of injections, studying possible gaps and looking for vulnerabilities... I repeat, the author is a little far from this. But I think I managed to warn you against the points described above.
How to become a hacker? What is needed for this? Where are the instructions? You won't find that in this article. Absurd? No, this article simply does not fit the entire amount of knowledge that you need to know. The material will be devoted to more vital and important aspects, about which there is not a word in beautiful films and glossy magazines. So if you are expecting something like “click here, hop and everything is hacked,” then this article is not for you, and probably not hacking either.
First, I would like to draw your attention to articles 272, 273 and 274, which are required reading, as they are fundamental in this path.
The next point is that hackers are not the only ones who hack and commit crimes. Many hackers are engaged in completely legal activities. Security audit, stability testing, consulting on the creation and design of applications, creating your own tools to improve the level of security, etc. So hackers are not only “bad and hairy men and women.”
Note: To be able to defend yourself with a sword from another sword, you need to be able to use this sword.
How to become a hacker - closer to reality
If you are really interested in the question of how to become a hacker, then you should be closer to reality. This means that the idea of “bang, everything is blinking, three commands, wow, wow, the mouse is clicked and access is gained” can correspond to reality only after a huge amount of time in preparing all this. But, let's start in order.
Basic myths about hackers:
1. These are cool guys with cool outfits. In principle, this can happen, but in most cases everything is somewhat different. The need to spend a lot of time at the computer leaves its mark. No offense to hackers, but have you seen how avid online gamers dress? Comfortable and comfortable clothes, not “latest fashion textiles”. In addition, lack of physical activity also affects.
2. Super puzzles with mega music. In films, characters draw cool diagrams, run through corridors, and generally do anything to depict painful activity. And all this is accompanied by cool, intriguing musical accompaniment. In reality, most of a hacker's work consists of routine tasks. Digging into source codes, including library hex codes, tracing function calls, placing data in random access memory And so on. All this, of course, can be done to cool music, but this has nothing to do with those effects from films.
3. Cool gadgets with super technology. Of course, hacking is largely related to mathematics, and where mathematics can come in handy, large productive capacities can be useful. But, in reality, this has nothing to do with bells and whistles and cool “dangles”. It's like street racing. Car body kits can only make things worse. Well, the car won’t go faster if you attach a noisy silencer, especially since it can generally cause the car’s power to be lost, since the flow of exhaust gases can form a barrier, which will cause the engine load to increase (higher load - less power ).
4. Three lines of code or five minutes to crack. If a mega system can be hacked in five minutes with a couple of lines of code, then such a system can be safely thrown away. We are not talking about situations with stupid errors that were discovered by chance or after a year of research. Of course there are typical errors(SQL injections, buffer overflow, etc.), but even checking them takes a lot of time. So such a hack is only possible in cases where either the system has already been analyzed inside and out, or when it uses known or similar mechanisms. Remember that the hacker must still have all the necessary tools with him.
5. They can hack anything and under any conditions. Due to circumstances, hackers need to know a lot and this is normal. However, this does not change reality. There are many technical aspects, various restrictions and other things. In other words, the apples fell and continue to fall. An example from history is the Enigma cipher machine. Invented in 1917 (a patent was issued), and how many problems it caused during the Second World War. Over time, its hacking became possible, but this is over time and this is taking into account the appearance additional funds. In 1917 it was impossible to hack it.
And so on. The point is, you probably got the idea that the reality of a hacker is far from what is shown in movies or described in blog posts.
As I already said, there will be no standard instructions, but if you are really interested in learning, here are a few things that make sense to start studying.
Required basic knowledge of hackers:
1. Knowledge of machine codes, including hardware.
2. Knowledge about the structure of the operating system.
3. Knowledge of the network structure, technologies used, etc.
4. Knowledge in the field of cryptography. Ciphers, strength, methods of cracking and analysis.
5. Installation of anti-virus and other security measures. Technologies used.
6. The main hacking methods and technologies used. Vulnerabilities and the like.
7. And everything else that in one way or another may be connected with the object being hacked.
Moreover, all this is quite detailed, since in order to hack something, you need to thoroughly understand how it works. Those. not of the “operating system provides to users” type, but something of the “how signals are transmitted to the kernel, how memory is allocated, in which registers data is stored, what are collisions, etc.”
Now, you know about a number of significant aspects of the question of how to become a hacker, and you are also a little more familiar with the world of hacking.
Let me guess - you liked films about spies since childhood. You weren't particularly interested in studying, but your grades were okay. You grasped everything faster than others. And from your youth you were drawn to computers. Something inside you was drawn to the hacker community, but you understood that you were a good person and did not want to ruin other people's lives or end up in prison.
What to do, you ask. The answer is to become a white hat hacker so you can do all these illegal things without the risk of getting jailed, but while still making money.
I want to warn you right away - I am not an expert. I was only able to get a legitimate hacking job once (and I'm still doing it). But I worked a lot in other IT sectors, dreaming of going into security. As a result, I was able to communicate with a lot of people and read a lot of useful information.
There is no one-size-fits-all way to get your first job in information security. Recently, Twitter launched the hashtag #MyWeirdPathToInfosec, where you could read the stories of different people about how they got into this field. They were completely different - some had been to prison (not the best option), someone used to be a musician, some got a job right after college, someone was offered a job after hacking a company and telling a story about how it was done (I don’t recommend this option either).
The main thing is to look around - career opportunities often come from the most unexpected places.
My journey into cybersecurity
I remember my first “hacking” experience. I was about ten years old and learned how to save web pages locally. I went to home page Google, downloaded it and edited it in Notepad so that the text “Luke was here!” appeared on it. When I opened the edited page, I was delighted. I felt like I had fooled Google. Just look, FBI agents will start knocking on the door. Maybe I should tell my parents before they find out?
Still from the TV series Mr. Robot
In my time, there were no challenge sites for hackers. Then there was almost no information at all, at least I found little. My first source of information about hacking was Caroline Meinel's site called A Guide to (Mostly) Safe Hacking. The manuals were typed in Comic Sans, which is considered a sign of bad taste among designers from the nineties and zeros. Among them were such classic guides as “Telnet: main tool hacking" and "How to hack with using Windows XP part 1: the magic of DOS." They can still be found on the site.
After graduating from school, I got a job in the IT field, started studying computer science, almost finished my education, but I was expelled. Then he became a bachelor of music and began working as a musician. I performed on cruise ships for a few years, then met my future wife, went to the UK, got married, returned to Australia and got a job as a web developer.
All this time, my love for hacking did not fade. I never liked development. I had a great job with great colleagues, but it didn't give me any emotion. One day I was working on a project related to e-commerce and confidential information, and my boss suggested I take a data security course. I wrote to the CEO of a local cybersecurity agency and asked what courses he could recommend. He advised me to get OSCP certified, which I did.
Still from the TV series Mr. Robot
This was perhaps a turning point in my career. The training took two months. and I devoted all my free time to studying the art of hacking. Even when I was tired, I couldn't sleep at night because my mind couldn't stop thinking about tasks. Then I realized that hacking, not development, would become my job.
A month or two after passing the OSCP, I took the online hacker challenge and landed my first job at a cybersecurity agency through a recruiter who posted the challenge.
But enough about me. Here are some tips on what you need to do to get a job as a hacker.
Engage actively with the white hat hacker community
Contribute to the development of tools with open source, write your own, record podcasts, attend hacker conventions, and talk to people on Twitter. You'll learn a lot and meet a whole community of friendly, smart people who can help you.
Write to those you respect
Perhaps you know someone who works in your dream job. Write to them and find out how they achieved it. At worst, you will be ignored, and at best, you will find a mentor and receive important advice that can change your life.
Still from the TV series Mr. Robot
Earn Trust
You may have all the hacker certifications out there, but if during an interview you enthusiastically talk about some illegal deals you've done, no one will take the risk of hiring you. The white hat hacker community often works with top secret information, so employers and clients need to trust you.
If you can’t answer a technical question during an interview, it’s better to say “Sorry, I don’t know, but I’ll definitely look for the answer later” than to try to bluff. The recruiter will see through you, but he needs an honest employee. There aren't many great cybersecurity specialists out there these days, so many companies can hire even a less experienced person if they have the right mindset and attitude. For such an employee, additional training in technical skills is then simply provided.
Get certified
To be honest, many hacking certifications are not a measure of technical skill. However, their presence increases the chances of employment. Certifications show that you are interested in the industry and have spent time and money improving your knowledge.
Take part in challenges
Try some of these from HackerOne, BugCrowd, hackthebox.eu. And be sure to write about your successes on your resume. From the outside, all these challenges may seem like a game, but completing them shows that you are interested in your business and you have some skills.
Still from the TV series Mr. Robot
Don't be afraid of recruiters
Recruiters have a bad reputation - they constantly call and use cunning methods to get necessary contacts. But not all recruiters are like that. Find a good one with the right connections. In particular, you need to look for someone who specializes in the industry information security. Most likely, an ordinary IT recruiter does not know the right people.
Channel your current work in the right direction
Are you a developer? Find a bug in the app you're developing, show it to your boss, and ask for more extensive security testing. Do you work as a system administrator? Find a vulnerability in your network (you probably know where to look for it), inform your superiors about the danger and ask for further testing. No matter where you work, you can earn a reputation as a local security specialist.
You can now say on your resume or in an interview that you were a security specialist, even if your official title was “developer.” You can also mention in the “responsibilities” column that you performed some security tasks.
Before you start talking about the stages of training, you need to specifically answer the question: who is a hacker? It is impossible to become a hacker without knowing what he does and what lifestyle he follows. Almost every person has watched films where hackers hacked not only ordinary payment systems, but also government agencies with only one goal: to get vital information and use it for your own purposes, for example, sell it for a lot of money and so on. But is it really that simple? Why are hackers elevated to such a high level?
In fact, a hacker is an ordinary programmer who knows the program code and knows how to hack it. He does not pursue the goals that are demonstrated in the movies, he does not want to steal information and then threaten that it will become publicly available, and so on. First of all, a hacker is an experienced programmer, so in the past, when there was no opportunity to learn programming from the best institutes, they learned everything on their own and hacked websites and programs. Hackers were interested in how the program worked, so they thoroughly studied the code and made similar programs themselves.
Nowadays, hackers are considered criminals who do not know programming, but they even hack government agencies. There are many “hackers” who are not hackers, but lead a similar lifestyle and happily include themselves in the list of criminals. Even inexperienced “hackers” can harm your computer or website, so you need to have good antivirus. Inexperienced programmers work easier - create malicious script, and then send it to a website or computer under the guise of a normal program, and they don’t even know how this or that program works.
It is unlikely that in your life you will meet a truly experienced and effective hacker who knows the operating principles of the OS, programs, codes, and so on. Experienced hackers do not talk about their activities; most often they work alone, since the responsibility for their actions is too high.
5 steps to become a real hacker
1) Be patient, you must have an analytical mind and realize that mastering any skill will take time, possibly years.2) Study at the institute at the Faculty of Applied Mathematics, of course, this will take time, but every famous hacker has this education.
3) Buy books on the basics of operating systems and programs, security systems and networks, but the choice depends on what you are going to hack. You also need to master cryptography and learn how to develop cryptographic systems.
4) You must understand encryption models, learn how to create encryption systems and ciphers yourself. Without this skill you will never become a hacker.
5) Read thematic magazines, there is even a magazine called “Hacker”. It is read not only by hackers, but also by ordinary users who want to learn the structure and functioning of programs. You should also visit hacker forums where people share their experiences and give advice to newbies. Of course, you shouldn’t ask dozens of questions, since no one will answer them - learn gradually.
Are you a beginner pentester or are you looking for tips on where to start or how to become a hacker from scratch? We encourage you to explore and get started with this list of scanning programs to study your target and network. We looked everywhere for a beginner's guide, but couldn't find anything that was all in one, so we decided to create this article for beginners. Everything will be presented briefly. Here are our recommendations for the most popular and effective hacking and scanning programs. If you know the programs better, please leave your opinion in the comments.
1. – there is both free and paid version. This tool has many purposes, but the most important one is Indicators for SQL Penetration and Cross Site Scripting.
It also has a built-in script parser. This security tool generates detailed reports that identify vulnerabilities in the system. Many developers use it to identify vulnerabilities in their programs and systems. A very useful tool for both hacking and identifying vulnerabilities.
2. Aircrack-ng is a complete set of tools network security which includes:
- (used for attacks on WEP and WPA)
- (used to decrypt WEP and WPA captured packets)
- (puts network cards in monitor mode)
- (Package injector)
- (represents a packet sniffer)
- (used for virtual tunnel interfaces)
- (stores and manages ESSID and password lists)
- packetforge-ng (creates encrypted injection packets)
- airdriver-ng (includes methods to attack clients)
- (removes WEP cloaking)
- airdriver-ng (to control wireless drivers),
- (manages the ESSID and can calculate the master key)
- (gives access to the wireless card from other computers)
- easside-ng (allows the user to run programs on a remote computer)
- easside-ng (means of communication to the access point, without a WEP key)
- tkiptun-ng (for WPA/TKIP attack)
- wesside-ng (for WEP key recovery).
3. Cain & Abel or simply Cain. Cool tool for those who are starting to write scripts. It is more used as a password recovery tool. This tool allows the tester to recover Various types passwords by listening to network traffic, and cracking encrypted passwords using either a dictionary or a Brute Force attack. The tool can also record VoIP conversations and has the ability to decode encrypted passwords, detect WiFi network keys and cached passwords. When used properly, the tester can also analyze routing protocols. The security tool by nature does not exploit any vulnerabilities in software or holes, but simply exposes security flaws in standard protocols. IT security students use this tool to learn APR (Arp Poison Routing) Man-in-the-Middle attacks (). New versions of this program allow you to crack the most used and popular encryption algorithms.
4. – there’s no need for many words here. I think to this day this is the coolest thing for a MITM attack. It uses ARP poisoning to attack. Allows you to see everything that is happening on the network you are on.
5.John The Ripper– perhaps the coolest name for this kind of instrument. A very popular security tool, often abbreviated simply "John" used to crack passwords. Originally created for the UNIX operating system, it currently runs on all major operating systems. Until now, this tool is one of the most popular for testing passwords and cracking programs that provide security. The tool combines various password crackers into one compressed package, which can then identify types of password hashes through its own custom cracking algorithm.
6. – is a security project that provides information about vulnerabilities and helps test and detect intrusions. Project with open source code– known as , is used by security professionals to execute code on a remote target computer – for penetration testing, of course! But Hackers love it very much; it allows you to work wonders.
7. Nessus is another giant for vulnerability scanning. Nessus scans for different types of vulnerabilities. Those that check for holes that hackers can exploit to gain control or access to computer system or networks. The tools also scan default passwords and general passwords, which can be used and executed through Hydra (an external tool) and launch a dictionary attack. Other vulnerability scans include attacks against the TCP/IP stack.
8. is another massive giant security tool that has been around forever, and probably the most famous. Nmap has been featured in many movies, including The Matrix - just Google it and you'll see what we mean. Written in C, C++, Lua Gordon Lione (Fedor) Since 1997, Nmap (Network Mapper) is the de facto and best security scanner that is used to detect hosts by computer network. To discover hosts on a network, Nmap sends specially crafted packets to the target host and then parses the responses. The program is very complex because unlike other port scanners. It sends packets based on network conditions taking into account fluctuations, congestion and much more.
9. Kismet is a wireless network detector, analyzer, and an excellent intrusion detection security tool. With Kismet you can monitor and listen to 802.11b, 802.11a, 802.11g and 802.11n traffic. There are many Sniffers out there, but what makes Kismet different and very popular is the fact that it works passively - meaning that the program does not send any packets, yet is able to monitor wireless access points and wireless clients. It is open source and widely used.
10. – has been around us for centuries and is extremely popular. Wireshark allows a penetration tester to put a network interface in promiscuous mode and therefore see all traffic. This tool has many features such as the ability to collect data from a live network connection or read from a saved file of already captured packets. Wireshark is capable of reading data from a wide range of networks, from Ethernet, IEEE 802.11, PPP, and even loopbacks. Like most of the tools on our security list, captured network data can be monitored and managed using GUI– which also allows you to insert plugins and use them. Wireshark can also capture VoIP packets (like Cain) and raw USB traffic can also be captured.
If you are a Professional Penetration Tester or a Hacker, then you already know how to use these wonderful Programs. Hacking and pentesting tools are easy, neat, and fun to learn. The people who created them were brilliant programmers and made everything very convenient to use.
Loading...
