Computer_Security Posted July 12, 2014 Share Posted July 12, 2014 So I am currently learning C with the all-in-one Dummies book and it is going well! but I want to know what language is best for hacking and pentesting? Is there any language that was very useful in a pentest? What I am thinking is that once I am good with C I will learn java and python, Is that a good idea or NO?? I am completely lost when it comes to programing so any help or pointers would be greatly appreciated!! -Thanks Quote Link to comment Share on other sites More sharing options...
Sitwon Posted July 13, 2014 Share Posted July 13, 2014 Hacking and pentesting is not really about writing code. It's more about creativity, and solving puzzles. Programming languages, like all other knowledge, are just tools that you can apply to try and solve the puzzle.The question isn't really what to learn, because you should learn everything you can to have the broadest set of tools to help you in solving puzzles. The real question is which tools you want to learn first.Learning to use a programming language is important because programming languages are one of a hacker's most useful and versatile tools. If you can write programs, you can automate tasks, compute important values, or poke and probe at the inner workings of an otherwise closed system. But often it's not the language itself, or even the programs you write, that is most valuable to a hacker. Rather, it's the deeper understanding of the underlying system. Understanding how software is made, how it works, how things are likely to be implemented, which approaches are easier or more obvious versus those which are cumbersome. The insight into what is happening, or likely to be happening, behind the scenes is what will really pay off when you're trying to solve the puzzle of breaking the system. Cracks tend to appear at the boundaries between different abstraction layers, so learn each layer well. Learning C is a very good start, because it is a lingua franca, or universal second language, in most of the field. Much like Latin is to the scientific community. If you can understand C, you can understand virtually any language you are likely to see published, as most of them are either direct descendants or were originally implemented in C. (There are some notable exceptions, but they are uncommon enough to ignore for now.)There is no bad language to learn, but there are some which you will want to put at the top of your list. First, figure out where you spend the majority of your time, and then learn the language which will help you best in that context. For some people, they spend a lot of time in the browser poking around at web applications. If that sounds like you, learn to use JavaScript and start writing user scripts to automate or transform the pages you interact with. Other people spend a lot of time in the shell. If you're a command-line junkie you should devote some time to really learning the ins and outs of Bash (or which ever shell you use). You might be surprised how powerful your shell's scripting language can be, and often a small investment can pay very large dividends in terms of automating or simplifying the tasks you do the most.For some tasks you may find that you need to write stand alone applications, but shell scripts are just not suitable. Since you already know C, that's a good option to turn to. However you may find that Python or Ruby or Perl is a bit quicker and easier than writing, compiling, and linking together a C application. If you've already been learning JavaScript, you might use that in conjunction with Node.js to similar kinds of applications.It's somewhat less common for hackers or pentesters to write code in Java, but it is still worthwhile to learn either Java or .Net to become familiar with languages which run in a VM and the ways in which their development cycle differs from other types of languages. It's primarily useful if you plan on attacking these languages. Java applications are commonly vulnerable to manipulation of the classpath, for example.I would point out, though, that even if you don't end up using every language you learn, it is usually still valuable to have learned them. Learning a new language gives you a different perspective on familiar problem sets. It shows you new ways of looking at problems and different approaches to solving them. Often, even if you don't end up using a language that you've learned, you will find yourself re-apply patterns from one language in a different language. And as I mentioned before, understanding the design and trade-offs of a given language can leak information about where to find mistakes or weaknesses in applications written in that language.Once you have a couple of languages under your belt, you might take a pass at Seven Languages in Seven Weeks.http://pragprog.com/book/btlang/seven-languages-in-seven-weeksOr even the sequel, Seven More Languages in Seven Weeks.http://pragprog.com/news/seven-more-languages-in-seven-weeksRemember, the point is not that you will ever have a need to directly use any of these languages. Rather, the point is to inspire you with different ways of looking at familiar problems. Because at the end of the day, hacking and pentesting are about your ability to be creative and solve puzzles with the tools available to you, not your ability to write code. Quote Link to comment Share on other sites More sharing options...
Computer_Security Posted July 13, 2014 Author Share Posted July 13, 2014 Hacking and pentesting is not really about writing code. It's more about creativity, and solving puzzles. Programming languages, like all other knowledge, are just tools that you can apply to try and solve the puzzle. The question isn't really what to learn, because you should learn everything you can to have the broadest set of tools to help you in solving puzzles. The real question is which tools you want to learn first. Learning to use a programming language is important because programming languages are one of a hacker's most useful and versatile tools. If you can write programs, you can automate tasks, compute important values, or poke and probe at the inner workings of an otherwise closed system. But often it's not the language itself, or even the programs you write, that is most valuable to a hacker. Rather, it's the deeper understanding of the underlying system. Understanding how software is made, how it works, how things are likely to be implemented, which approaches are easier or more obvious versus those which are cumbersome. The insight into what is happening, or likely to be happening, behind the scenes is what will really pay off when you're trying to solve the puzzle of breaking the system. Cracks tend to appear at the boundaries between different abstraction layers, so learn each layer well. Learning C is a very good start, because it is a lingua franca, or universal second language, in most of the field. Much like Latin is to the scientific community. If you can understand C, you can understand virtually any language you are likely to see published, as most of them are either direct descendants or were originally implemented in C. (There are some notable exceptions, but they are uncommon enough to ignore for now.) There is no bad language to learn, but there are some which you will want to put at the top of your list. First, figure out where you spend the majority of your time, and then learn the language which will help you best in that context. For some people, they spend a lot of time in the browser poking around at web applications. If that sounds like you, learn to use JavaScript and start writing user scripts to automate or transform the pages you interact with. Other people spend a lot of time in the shell. If you're a command-line junkie you should devote some time to really learning the ins and outs of Bash (or which ever shell you use). You might be surprised how powerful your shell's scripting language can be, and often a small investment can pay very large dividends in terms of automating or simplifying the tasks you do the most. For some tasks you may find that you need to write stand alone applications, but shell scripts are just not suitable. Since you already know C, that's a good option to turn to. However you may find that Python or Ruby or Perl is a bit quicker and easier than writing, compiling, and linking together a C application. If you've already been learning JavaScript, you might use that in conjunction with Node.js to similar kinds of applications. It's somewhat less common for hackers or pentesters to write code in Java, but it is still worthwhile to learn either Java or .Net to become familiar with languages which run in a VM and the ways in which their development cycle differs from other types of languages. It's primarily useful if you plan on attacking these languages. Java applications are commonly vulnerable to manipulation of the classpath, for example. I would point out, though, that even if you don't end up using every language you learn, it is usually still valuable to have learned them. Learning a new language gives you a different perspective on familiar problem sets. It shows you new ways of looking at problems and different approaches to solving them. Often, even if you don't end up using a language that you've learned, you will find yourself re-apply patterns from one language in a different language. And as I mentioned before, understanding the design and trade-offs of a given language can leak information about where to find mistakes or weaknesses in applications written in that language. Once you have a couple of languages under your belt, you might take a pass at Seven Languages in Seven Weeks. http://pragprog.com/book/btlang/seven-languages-in-seven-weeks Or even the sequel, Seven More Languages in Seven Weeks. http://pragprog.com/news/seven-more-languages-in-seven-weeks Remember, the point is not that you will ever have a need to directly use any of these languages. Rather, the point is to inspire you with different ways of looking at familiar problems. Because at the end of the day, hacking and pentesting are about your ability to be creative and solve puzzles with the tools available to you, not your ability to write code. Thanks SItwon for the in-depth review and the great ideas, it really helped!!! -Jack Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.