Teach me to be a hacker

[abc123simple]

The title was to bring people in cause most people like to flame and or laugh at these threads. Now before you get your flamers ready please read the post. This post is more of a theory rather then please make me 1337!?!. So I want to start to learn ethical hacking and just want to make sure my theory on learning is correct.

Learn to...

Hide yourself - Can't hide yourself won't last long

-Using public wifi

-Securing public wifi

-Mac spoofing

-Mac cloning

-?

Find targets - Can't find someone can't make money

-Google

-News paper

-TV

-?

Find info on targets - Genral information to help you with next stop

-Google

-Social Engineering

-Dumpster Diving

-Company website (if they have it)

-?

Connect - Need to find a way in and then how to employ it

-?

Stop alerts and not cause them - Need to stay in

-?

Get past logins - Might be needed for info or files etc

-(X) Brute forcer

-?

Find/get info you need on machines - For proof there systems were not secure

-CMD

-Shell

Employ a backdoor - Encase you need to show them something and need a fast way in

-Self made

-?

Clean tracks of any trace to you - If they can find you then you are not going get paid as much, they will see it as Well they might gotten in but we can caught them.

-Script that log ins to routers and clears logs

-Some basic computer cleaner (CCleaner)

-?

Submit report to company - If you can not submit it in a none tech terminology they will not understand and might Effect your business

-English classes :P

-PowerPoint knowledge

-?

Clean up anything left behind - Backdoor / wire mess / computers / passwords that you might of changed etc.

-Detailed logs of what you did on the system and what you used in the testing

-?

This is in order of how I would see you would audit a company and find a company to audit. I would love some books or links to info for on the subjects that I listed if they are correct. I do not want to be spoon feed, I have no problem putting in time to read and test. I do not think there are magical hacking 1 hit OMGOWNZ!?!! ZOMG1337?!! Linux distros or tools. I believe that people that do this never stop learning and work very hard to gain and keep up with the knowledge that is needed to be able to have this skill set. I understand if I get flamed or if I get no feed back at all. This is something most people don't like to help answer because of the skipt kiddies that are out there. Like I said I am just looking for books or info on what area I should be looking for and if the things I listed under the areas is correct or in the right ball park.

[Masteroc]

Just watch any movie where they use the command "Upload Virus" (aka Live Free or Die Hard)!

[L1qu1D]

Ya.... Google is your friend and that in itself is a lesson to be learned lol. Anyway on the serious side, look up on getting Certified Ethical Hacker cert. Website - Certified Ethical Hacker Or a free online mag Ethical Hack Mag. As for books Amazon is a great resource, its not that hard to do a bit of searching, instead of posting to the forums.

[abc123simple]

You laughed at google, so I assume you truly don't know how to use it. You linked me to cert sites which just teach you how to past a test, and you avoid answering even a little. I am guessing you know as little as me when it comes down to it if not less. Don't try to act like you know more then you do with post that say nothing but try to look as if they do.

[h3%5kr3w]

Well, abc123simple, I don't think L1qu1D was really laughing about the google search. Google really is your friend when your trying to hack anything. You want the best way of learning how to do everything you imagined? Google for : Backtrack Video Courses. Yes it's all in Backtrack, but all Backtrack is, is a linux distro they remastered with a bunch of forensics and pen testing tools. If you want to learn how to get in deep, just go here and watch the tutorials on stuff like manual buffer overflows and things of that nature: http://www.securitytube.net/

Hope that helps.

Also.. It's just easier to do tasks for hacking in Linux, which is why all those hacking utilities are made for linux. There are very few things made for these tasks for Windows because of the closed source nature of Windows. Also, if you learn enough, you can do everything in equivalent in Windows that you can do in Linux for hacking, just that your going to have to create your own programs to do so.

[abc123simple]

Thanks for post, I knew backtrack had all of the tools in one place and figured most of it is just learning how to use tools and when to use the tools. I am working on learning python atm so making programs will come in time.

[h3%5kr3w]

btw.. I will say that there is a sticky on the main threads page for this thread called : Hacking: Where to begin

Also, if you haven't checked yet, go to phreaknic.info and check out some of their videos (I was there, and they are all educational)

[Zimmer]

Just watch any movie where they use the command "Upload Virus" (aka Live Free or Die Hard)!

Anyone with half a brain can recognize that it was for pure entertainment not education. (I don't get those who always analyze movies, these movies are not to educate you but for some good entertainment).

[Burncycle]

Being a hacker in the true sense of the word is being someone with an obsessive curiosity about how a system works, what makes it tick, how can I change it, etc. With that in mind, why don't you just start toying with your own system and see what you can figure out instead of falling back on someone else's research and knowledge? Someone mentioned backtrack earlier, boot up backtrack and start playing with the tools provided, there is EXTENSIVE documentation on these tools and how to use them.

[abc123simple]

I read the FAQ and most of the sites are good and watched allot of videos on them. As for backtrack i am reading and testing the tools one by one tell I have a general understanding of how they work and when to use them. As far as my machine goes, if you mean hardware I have built each one myself. If you mean OS and all that comes with it, I know allot of tricks for each OS and ways of fixing it. I did IT for 2 years so that help me allot with system itself.

Like to thank all the people that didn't go and flame, like said just trying to learn and wanted to make sure the way I was going is correct.

[digininja]

The title was to bring people in cause most people like to flame and or laugh at these threads. Now before you get your flamers ready please read the post. This post is more of a theory rather then please make me 1337!?!. So I want to start to learn ethical hacking and just want to make sure my theory on learning is correct.

Learn to...

Hide yourself - Can't hide yourself won't last long

-Using public wifi

-Securing public wifi

-Mac spoofing

-Mac cloning

If you are doing a real audit then you will have permission and you probably won't be don't be doing it over free public wifi so while you do need to learn to hide yourself it isn't quite in this way.

Also most clients want to know where you are coming from so they can differentiate you from any real attacks that happen at the same time. Makes the test less realistic but so do many other clauses in the contracts.

-?

Find targets - Can't find someone can't make money

-Google

-News paper

-TV

-?

Basically advertising your services. Get yourself a name/brand and sell it to clients. If you don't know advertising and marketing don't bother trying to do it yourself, pay someone to do it properly.

Find info on targets - Genral information to help you with next stop

-Google

-Social Engineering

-Dumpster Diving

-Company website (if they have it)

-?

All good, a test should be 90% recon but most people do less than 1% at it.

Connect - Need to find a way in and then how to employ it

-?

Stop alerts and not cause them - Need to stay in

-?

Get past logins - Might be needed for info or files etc

-(X) Brute forcer

-?

ye, scan and exploit

Find/get info you need on machines - For proof there systems were not secure

-CMD

-Shell

Employ a backdoor - Encase you need to show them something and need a fast way in

-Self made

Find out what the company values and show them that.

Be careful with backdoors as you can end up leaving holes that you forget to close or others come through.

-?

Clean tracks of any trace to you - If they can find you then you are not going get paid as much, they will see it as Well they might gotten in but we can caught them.

-Script that log ins to routers and clears logs

-Some basic computer cleaner (CCleaner)

If you've agreed a price that is what you get paid in most cases, even if you don't get in.

Cleaning up depends on the situation and the contract, some clients don't want you touching their logs

-?

Submit report to company - If you can not submit it in a none tech terminology they will not understand and might Effect your business

-English classes :P

-PowerPoint knowledge

-?

Submit at the level they want, a good high level summary is always useful but don't go real techie if the report is for the C level and don't go all flowery if it is for the techies.

Clean up anything left behind - Backdoor / wire mess / computers / passwords that you might of changed etc.

-Detailed logs of what you did on the system and what you used in the testing

-?

Always keep logs of what you did!

This is in order of how I would see you would audit a company and find a company to audit. I would love some books or links to info for on the subjects that I listed if they are correct. I do not want to be spoon feed, I have no problem putting in time to read and test. I do not think there are magical hacking 1 hit OMGOWNZ!?!! ZOMG1337?!! Linux distros or tools. I believe that people that do this never stop learning and work very hard to gain and keep up with the knowledge that is needed to be able to have this skill set. I understand if I get flamed or if I get no feed back at all. This is something most people don't like to help answer because of the skipt kiddies that are out there. Like I said I am just looking for books or info on what area I should be looking for and if the things I listed under the areas is correct or in the right ball park.

Best advice, get a good solid base in whatever area you want to specialise in then go from there. I'm a developer and specialise in web app testing, most good network testers have some sys-admin background. Without it you won't know what the targets are thinking and what mistakes they make.

You need linux experience. There are tools on all different platforms but most are in linux, learn it and about how it works so when you have a job to do you aren't thinking how to install the tools or, for example, how to setup the routing, you can concentrate on doing the job.

Finally, set yourself up a lab and play, install a virgin XP box in a VM, no patches, and experiment. Do some recon on some firms you know and see what info you can collect. Don't go for anything that isn't public domain though.

[abc123simple]

Very helpful replay's thank you. I also assumed that any ''hacker'' would be able to make anything he breaks into so he knows how it works.

[Sparda]

Very helpful replay's thank you. I also assumed that any ''hacker'' would be able to make anything he breaks into so he knows how it works.

Not necessarily, might only interested in the bit they can brake.

[abc123simple]

Good point, I would think that would limited you and also would take it away from ''hacker'' since the defination of that is pretty much knowledge of how things work. So if you could not make it would would not be able to unmake it in a sense?

[L1qu1D]

You laughed at google, so I assume you truly don't know how to use it. You linked me to cert sites which just teach you how to past a test, and you avoid answering even a little. I am guessing you know as little as me when it comes down to it if not less. Don't try to act like you know more then you do with post that say nothing but try to look as if they do.

Lmao, for one I didn't laugh at Google, I was laughing at you for not using it... As for Ethical hacking, I figured if some guy couldn't do his own research and came onto a forum and started to ask I want to be Mr. 133T hakz but only ethically I would just give a answer that pointed you to a place that would make you feel better. Hence, CEH cert... And as for you trying to say that I don't know more than you, that is just your ignorance... Then again you did make this post.

[tcas]

/\ /\ /\ /\ :lol:

[wh1t3 and n3rdy]

How about you set up your own network, take certification and learn how to secure it, and then try to break in yourself? Whilst better than the majority of the "make me 1337" posts, you still haven't really stated what you have tried and where you got and how you did it. The real hacking community is not going to just hand everything over to anyone that asks.

[H@L0_F00]

Virtual Machines

[VaKo]

Ethical hacking is bullshit, its just varying shades of gray.

[operat0r_001]

goto my site play with the portable download :) skiddie powers activate ! learn a programing lang the rest will come

[c0r]

Check out Thomas Wilhelm's website and download the pentest cd's.

And try to exploit it.It's fun and you learn alot from it.

c

[SignusX-1]

The ideas from everyone else are great.

Really what's essential to "hacking" is being curious, as Burncycle put it.

I'd say, grasp 1-2 or more programming languages, I'd suggest C++, Python, or Perl, and I would at least make sure you understand some HTML and CSS, and maybe a little PHP (which I don't highly suggest).

Then you need a good understanding of Linux, because most tools creating for exploitation are used in Linux, and one way that I learned a lot of reverse engineering was by taking any program in Linux that somebody else wrote, and reading the source code to understand how and why the program works. Source code is readily available for you to read on almost any program you'll find in Linux. Use the power of open source my friend.

A good way to do get an understanding of Linux is to get VirtualBox, download a few distros, and try them out. This way you'll get a real feeling for what you like.

Now I'd say you need a real grasp of TCP/IP and networking, which is not in my opinion complicated, but I learned TCP/IP flawlessly while working towards my Cisco CCNA certification, so yes, certifications are very helpful. Websites offer courses, Cisco has their "Net Academy", and Offensive Security has a nice program that will help you learn and utilize Backtrack and the programs it comes with.

You'll also need a strong math foundation, and the ability to think logically. So I would say taking advanced Algebra or Calculus might be useful for problem solving for programs.

It's great that you're interested in hacking, but the problem is that most "hackers" are self taught, usually with a few helpers, and are naturally curious. I don't think I've ever met a person who was taught out of a program on how to hack, because it requires so much of your time in learning and building that foundation, so usually hacking isn't a hobby, it's an occupation.

So if you're wanting to learn how to hack because you might want to impress someone or damage a system, then hacking is not for you. There is too much learning involved for such shallow inspiration.

[markie b]

i must admit for anyone new wanting to get into the pentest arena for employment it can be a long and very winding road,where do i look,which forums are safe which ones are bad,the tools needed,learning all the different languages needed,asking new people for help ect.

ive thought myself about becoming a pen-tester but i really dont have the memory or attention span to be able to keep up with the new exploits and tech which is being released all the time!wish i did tho its a awsome thing to be able to get into.

i just do a little here and there from time to time break into a friends network then change the password about make it harder and harder to crack port check ect.

i use bt3 live cd with a alfa network AWUS036H which i love its great fun playing around with even busted my girlfriend when using ettercap,driftnet,url snarf that will teach me aye ;)

hats off to the OP for asking about things tho id normally just come onto a site and browse for a while and jumping in answering tiny easy questions untill i got kind of accepted by the others (hopefully).

if the books you are wanting are to do with security and wifi then id look up in the torrenting world a man named TQW he does alot of these types of ebooks and is quite a skilled chap and if you find him on a torrent site then be nice he will find you pretty much any book you require ;) best of luck in your career in security all the best im going to go and carry on browsing again lol

[d1g1tal3nvy]

For those who said being a hacker in the "true" sense of the word takes a passion, they hit the mark perfectly. It's not like you can not have an interest in all things technology (more specifically security) related and just pick up a computer with software and "hack". Google really is an awesome resource for things. Be curious, test the boundaries. Start with the basics like using a packet sniffer (Wireshark for example) and seeing what you capture. I suggest going over the OSI model and learn a basic understanding of the various protocols first. The one thing you should take away from this abc123simple, is to BE CURIOUS.

[Infiltrator]

Moral of the story is no one can make you hacker but you can teacher yourself how to be one.