A request

[cellularsnake]

Hey guys I'm completly new to the world of hacking and cracking both for good and evil. All of this stuff seems totally amazing and I want to learn how to do it. Would any of you fine people be willing to assist a N00b with a real desire to learn? Thanks for taking the time to read this and hopefully respond.

+Cellularsnake

[VaKo]

Read things like slashdot, kuru5hin and digg for a start. And play around with computers (yes you will break things, so maybe start with learning how to reinstall windows). A lot of people will suggest linux, but to be honest, this is unessacary to begin with. You can learn a lot with windows, and once you can make that sing and dance, linux will come natrually from there.

Most importantly, is goals. You cannot just "learn about computers", its a HUGE field, so start off by finding something you cannot do, but want to. Then work out how to do it. Things like converting a PC into a home media center, (as simple as buying a s-video cable (and maybe a graphics card with s-video output) and some audio outputs.). Or maybe just setting up a home network with static IP addresses.

Googling is another skill, learn how to narrow down choices and keywords to filter your results.

Personally, I've had computers in my daily life since i was born (i'm 23) so its kinda hard for me to see them as anything other than normal. Like hot water or TV's. So while it (and us) might be a bit confusing at first, stick with it and you'll get somewhere.

[cellularsnake]

I seem to have made myself seem like a complete computer novice in my last post when this is not the case. I can reinstall windows, use a static IP on a network t(hats what I'm using now since I have an FTP server) and many other things. I just dont know much about the differnet types of attacks and different programs that are used in hacking such as Linux. Phew, I'm glad to have that all cleared up.

+Cellularsnake

[VaKo]

Oh thank christ for that! In that case have a look at the various liveCD's you can find. http://www.frozentech.com/content/livecd.php. Don't like a distro? All you have to do is hit eject and frizbee it out the window.

This register article was a good place to start for me, although its nearly 6 months old, http://www.theregister.co.uk/2005/05/07/live_cd_paradise/.

Sorry for the confusion mate

[Neod101]

You're more of a newb than a n00b.

A newb is someone who knows little or nothing(and is new) but is willing to learn.

A n00b is someone who doesn't know much and ISN'T willing to learn. And generally just pisses people off.

There... now you've learned something.

[Sparda]

Thats a good point, how some bugs/vunrabilits have been discovered is obviuse. For example the bug I discoverd (at least to my knolage i'm the only person that discoverd this) in AntiVir 6 where you could change the config file to allow the use of all the Pro edtion featurs but only with using the free version, but vunrabilitys like that vunrability in the RPC service on windows that allowed for compleate remote access. Dispite my overall understanding of computers and networks, i fail to see how poeple discover such vunrabilitys. Perhaps some one could enlighten me on this.

[spektormax]

see "hacking" and "revers snegiering" and "programign" arnt things u can be taught. I can tell u liek liunx commands but u need to learn how to use them. I can teach u the syntax of a c++ program, but I can't teach you how to turn an idea into a program. I can showu program that can do some "hacking" I mena remote entry, but u haev to learn to use them. Itslike teachign you french or music, u just learn it, liek ti makes sence, u can be taught words and phrases and notes but not how to speak well,or to play buitiiful music. BUt for the most part, go google stuff, start easy get some nooby script kiddie programs, set up a network with a spare machine, and fuck around. READ ALOT of white papers. Listen to things leik security now. Hak5 will help a bit, but liek security now will REALLY teach u stuff whilst hak5 will give u a few cool things but not an overall basic understanding (sorry hak5) ehich is wha tmost of us need. Learn linux, im not say switch but u need to atleast knwo command prompt in windows. Learn a program launage, prefably C/C++ (maybe C#) beacuse its versitile and useful for leike everything. When u getprofisant learn asembler so u can understand how a compiler works, becuase the fundemental, basic knologeof how it works is VEYR importnat so that u can see what can go wrong. Learn some basic electronics so u can perfor hardware hacks. Learn to solder, and how to make simple circuts. Open up ur comptuer, ur watch, ur radiop, ur lamp, everythign u can and check it out, put it back to gether, if u break it well ull leanr more. Experamint with everything u can get ur hands on (expet drugs). The jurney form newb to 1337 is a long and hard one, but trust me it is WAY worth the work. Dont be afraid to get dirtty and beak things thats how we all learn. THe fact that you have found a forum of people that actully know soemthing is good, because you will definatly learn alot more then u woudld by urself. Experimant with EVERYTHIGN open source. FOr example (exept for windows yeh I knopw boo boo) I have everything open source (or torrented),

<rant>

[VaKo]

I'm thinking that its kinda like art, you don't have an explaination, you just see the problem in a totally different way, which makes the solution or exploit kinda obvious. Would be interesting, wonder if anyones done any research on the way hackers actually think?

[rFayjW98ciLoNQLDZmFRKD]

Take things apart, see how thay work, and make them do something that they were not disigned to do! Remeber, hacking is an art.

[cellularsnake]

I apologize for mislabeling myself a n00b when in fact I'm very willing to learn. I guess I'll have to get a live cd distro of Linux and mess around with it. Thanks very much for the replies guys.

+Cellularsnake

[cooper]

... but vunrabilitys like that vunrability in the RPC service on windows that allowed for compleate remote access. Dispite my overall understanding of computers and networks, i fail to see how poeple discover such vunrabilitys. Perhaps some one could enlighten me on this.

The Samba guys found a ton of bugs in Microsoft's SMB (filesharing) protocol when they were reverse engineering it. The way they went about their reverse engineering process can be found here. When you don't know how to work with a service, you just throw commands at it and see what happens, in hopes of understanding and replicating the behaviour. If however the server falls flat on its ass in this process, you've found something that's very well worth investigating.

When the Sony rootkit thing went down, there was also a guy who uncovered that the error handling provided by the services now overruled by the rootkit was rather flaky compared to the service it replaced. The guy in question clarified that he had a program that simply threw random commands at system functions and would report anomalies.

[thrall]

see "hacking" and "revers snegiering" and "programign" arnt things u can be taught.

....

Not true.

You can teach yourself C++ you can teach yourself Assembly. You can teach yourself how to unpack EXE's and change the assembly code around. You can teach yourself to Reverse Engineer.

I know this because I have taught myself. I reverse engineered my small MP3 player's firmware upgrade (no one was even interested in hacking the Lexar jumpdrive Music MP3 Player) so it wouldn't have DRM protections for Windows Media music (even though I don't use it). I also edited it to boot up the MP3 player 5 seconds faster. But then I couldn't use their software to update the device because of checksums. So I edited the updater and got it to unlock the settings page and also disabled the checksum feature.

That's bullshit. If you can't spell I doubt you know ANYTHING about Reverse Engineering or Programming. Please , research before you blow it out of your ass.

Edit: If I am misunderstanding your message (which I hope I am!) It's because you are spelling worse than my 6 year old sister.

[jollyrancher82]

see "hacking" and "revers snegiering" and "programign" arnt things u can be taught.

Ok, so lets put this into perspective, you say they cannot be taught? The how does someone learn them? Something must teach them, no matter what this is, saying reading, someone teaching. Everything (with exceptions) is pretty much taught. Yes you can teach someone "hacking", you can show them where to look for books, websites, etc. Sure you can teach "reverse engineering", you can show them things you have learnt, this is classed as teaching. Oh and yes you can teach "programming", they don't offer these College and University programming courses for fun? Even if you learn programming from a book, something is teaching you..oh the book?

[Vindicated]

Hey guys. You'll probably notice this is my first post on this board. I just started watching Hak.5. What a kickass show. Makes me miss TechTV. Well getting on with the poster's question...

As you mentioned you already know a fair amount of computers. If you want to get serious I recomend picking up the book Upgrading and Repairing PCs by Scott Mueller. It's in its 16th edition and will teach you amazing things about hardware. Then get your hands on an A+ training manual. Even A+ Certification for Dummies is a good enough book.

Once you know hardware and networking start focusing on the Security+ certification. Mike Meyers' Security+ Certification Passport is a good book to read on the subject. Then when you got those under your belt and want to become a true "hacker" prepare yourself for the Ethical Hacker Certification. You will have a lot of text books and maybe even take a few online classes. Things you'll have to master include: information gathering, objections & types of scanning, the different methods to crack passwords, tools & uses of steganography, and of course the law pertaining to this field so you know what you can and can't do.

While you can probably skip ahead and start taking a bunch of Ethical Hacker Cert prep courses and learn a few things that way. It's a lot smarter to go through the different stages and learn right.

[cooper]

I would actually suggest instead you try to specialise a bit first. You've got an FTP server running? Great! Read the RFC's on it, and get a thorough understanding of the process. Try to FTP something using plain old telnet and a pocket calculator. Now try to FXP something (it's described in the RFCs).

Make sure you know precisely what each command you can throw at a server is supposed to do. Now try playing with these commands. See what the server logs about the commands you threw at it. See what happens when you issue a command at a strange time in the FTP session, or play with the parameters by including strange characters in them ("'?* and % come to mind. Maybe try some UNICODE characters), or when you issue commands specified by the RFC, but that aren't typically used by an FTP program. Try to understand why things happen. The RFC specifies a certain command has to do a certain thing. Why did it impose limits? What might happen if those limites weren't there? Did your FTP server take those limits into account? Did any of the other FTP servers?

I still say that if you can't code it's next to impossible to do any actual hacking. You'd be more of a tester than anything else, which would still be a good thing as any coder will tell you we need more good testers (emphasis on 'good') but might not be what you're looking for.

[rFayjW98ciLoNQLDZmFRKD]

Watch every episode of Hak.5, twice, no, three times!!