How to Become a Hacker: A Beginner's Guide to the Basics 2021
Hacking is looking for vulnerabilities in a network or computer in order to gain access. Becoming a hacker is not easy, and in this article, we'll cover the basics.
To become a hacker, you need a deep knowledge of programming languages, hacking methods, searching for vulnerabilities, networking, operating systems, and so on. You must also have a creative mindset. You must quickly adapt to the situation, find non-standard solutions, and be creative.
If the skills described above can be developed over time, then to understand, for example, the MySQL device or to learn how to work with PGP encryption, you will have to learn a lot. And for a long time.
To become a hacker, you need:
Explore and use a UNIX system like Ubuntu or MacOS
UNIX systems were originally designed for software programmers, not for non-IT users. UNIX systems are systems on which almost the entire Internet is located, since they are mainly used as a server (most often Debian and Ubuntu). You cannot become a hacker without studying them and learning how to work with the terminal.
For Windows users
If you are using Windows, there is good news for you: you do not need to delete the current system and format the disk. There are several options for working with Linux:
- Explore VirtualBox (an emulator for the operating system). After examining it, you will be able to run the operating system in the operating system. It sounds scary, but the program can be very useful.
- Install Linux alongside Windows. If you do everything correctly, the system bootloaders will not conflict. This is done quite simply: there are many manuals on the Internet.
Learn HTML markup language
If you are not familiar with programming yet, then I don't understand at all what you are doing on this site then you have a great opportunity to start your journey by learning
Hyper Text Mark-Up Language. Regardless of what you see on the site, know that it is all HTML.
I will give an example of using HTML, even if it is a little related to PHP. In early 2015, a vulnerability was discovered in the WordPress theme that allowed uploading derivative (executive) files to the server. The file in which the vulnerability was found is admin / upload-file.php. Here it is:
Code:
<?php
//Upload Security
$upload_security = md5($_SERVER['SERVER_ADDR']);
$uploaddir = '../uploads/';
if($_FILES):
foreach($_FILES as $file):
$file = $uploaddir . basename($file['name']);
if (move_uploaded_file($_FILES[$upload_security]['tmp_name'], $file)) {
echo "success";
} else {
echo "error".$_FILES[$upload_security]['tmp_name'];
}
endforeach;
endif;
?>
To make a submit form for this file, you need to know HTML. By sending a file that, for example, pulls out all passwords or gives access to a database, you are free to do whatever you want with the web service.
So, knowledge of HTML is needed in order to:
- Search for vulnerabilities in web resources.
- Exploit these vulnerabilities.
Learn multiple programming languages
As we all know, in order to break the rules, you need to know them first. The same principle works for programming: in order to crack someone's code, you must know how programming languages work and be able to program yourself. Some of the more recommended languages for learning:
- Python: This is perhaps the best language for web development. Two large frameworks are written on it, on which a huge number of web applications have been created, these are Flask and Django. The language is well built and well documented. Most importantly, it is very easy to learn. By the way, many developers use Python to create simple and complete automation.
- C ++: a language used in industrial programming. It is taught in schools and universities. Servers are written on it. I recommend that you start learning languages from it, since it contains all the principles of OOP. Having learned to work with it, you can easily master other languages.
- JavaScript, JQuery: Basically, almost all sites use JS and JQuery. You need to be aware that these sites depend on JS, for example, password forms. After all, some sites do not allow you to select and copy some information, do not allow you to download a file or view the content, however, to do this, it is enough to disable JS in the browser. Well, to disable JavaScript, you need to know: a) in what situations the work (protection) of the site depends on it; b) how JavaScript is connected and in what ways you can block the work of scripts.
- SQL: the fun part. All passwords, personal data, are stored in databases written in SQL. The most common database management system is MySQL. To understand how to use MySQL injection, you need to know what MySQL injection is. To grasp the essence of MySQL injection, you need to know what MySQL queries are, what the syntax of these queries is, what the database structure is, how data is stored, what tables are, etc.
Explore network devices
You must have a clear understanding of the network design and how it works if you want to become a hacker. It is important to understand how networks are created, to understand the difference between TCP / IP and UDP, and so on. Find out which network you are using. Learn to customize it. Find out possible attack vectors.
With a deep knowledge of various networks, you can exploit their vulnerabilities. You also need to understand how the web server and website work and how they work.
Explore Cryptography
This is an integral part of the training. It is necessary to understand the algorithms of various ciphers, for example, SHA-512, the OpenSSL algorithm, etc. You also need to deal with hashing. Cryptography is used everywhere: passwords, bank cards, cryptocurrencies, trading platforms, etc.
Kali Linux: some useful software
- NMAP: - Nmap (“Network Mapper”) is a free open source program that comes preinstalled in Kali. Written by Gordon Lyon (also known as Fyodor Vaskovich). It is needed to discover hosts and various services, thus creating a "network map". It is used for network inspection or security auditing to quickly scan large networks, although it works great with single hosts. The software provides a number of functions for exploring computer networks, including node and operating system discovery. Nmap uses raw IP packets to determine what hosts are available on the network, what services (application name and version) those hosts offer, what OS they run, what types of packet filters / firewalls they use, and dozens of other characteristics.
- Aircrack-Ng: - Aircrack is one of the most popular WEP / WPA / WPA2 cracking programs. The Aircrack-ng suite contains tools for capturing packets and handshakes, deauthorizing connected users, generating traffic, and tools for network brute-force and dictionary attacks.
23 sites for hacking practice
For newbies who don't know where to start, we present a selection of sites where you can acquire and improve your hacking skills.
Approx. transl. The sites below are available in English only.
1. picoCTF
picoCTF is a cybersecurity research platform. On it, future ethical hackers can learn and compete in hacking skills.
2. OVERTHEWIRE
OverTheWire is suitable for everyone who wants to study the theory of information security and apply it in practice, regardless of their experience. Beginners should start with the Bandit level challenges as they are needed to further other challenges.
3. HACKING-LAB
Hacking-Labs provide CTF challenges for the European Cyber Security Challenge, but they also host regular competitions on their platform that anyone can participate in. Just register, set up a vpn and choose a task to your liking.
4. PWNABLE.KR
This platform focuses on pwn-like CTF tasks, the essence of which is to find, read and send the flag files that are in each task. To access the contents of the files, you must use programming, reverse engineering, or vulnerability exploitation skills before you can submit a solution.
Problems are divided into 4 levels of difficulty: easy - for beginners, intermediate, difficult and hardcore, where tasks require non-standard approaches to solve.
5. IO
IO is a wargame from the creators of netgarage.org, a community where like-minded people share knowledge about security, artificial intelligence, VR and more. 3 versions of wargame were created: IO, IO64 and IOarm, of all IO is the most mature. Connect to IO via SSH and you can get to work.
6. SMASHTHESTACK
SmashTheStack consists of 7 different wargames: Amateria, Apfel (currently offline), Blackbox, Blowfish, CTF (currently offline), Logic, and Tux. Each wargame contains many tasks, ranging from standard vulnerabilities to reverse engineering tasks.
7. MICROCORRUPTION
Microcorruption is a CTF in which you have to reverse engineer Lockitall's fictional electronic locking devices. Lockitall devices protect bonds held in warehouses owned by the fictional company Cy Yombinator. On the road to stealing bonds, you will learn assembly language, learn how to use the debugger, step through code, set breakpoints, and examine memory.
8. REVERSING.KR
Here you can find
26 challenges to test your hacking and reverse engineering skills. The site has not been updated since late 2014, but the tasks in hand are still valuable learning resources.
9. HACK THIS SITE
Hack This Site is a free wargame site to test and improve your hacking skills. We can find many hacking tasks in it in several categories, including basic tasks, realistic tasks, applications, programming, phreaking, JavaScript, forensics, steganography, etc. The site also boasts an active community with a large directory of hacker articles and a forum for discussing security-related issues. It was recently announced that the site's codebase will be overhauled, so big improvements can be expected in the coming months.
10. W3CHALLS
W3Challs is a multi - tasking learning platform in a variety of categories including hacking, wargaming, forensics, cryptography, steganography, and programming. The goal of the platform is to provide realistic challenges. Depending on the complexity of the problem solved, you get points. There is also a forum where you can discuss and solve problems with other members.
11. Hacker101 CTF
Hacker101 CTF is a Capture The Flag game, a classic challenge for hackers to gain access to a system and then find a flag (which is usually a string). The site has several levels, and there are hints for those who are stuck.
12. EXPLOIT EXERCISES
Exploit Exercises offers a variety of virtual machines, documentation, and tasks that come in handy in learning privilege escalation, vulnerability analysis, exploit development, debugging, reverse engineering, and more.
13. RINGZER0 TEAM ONLINE CTF
RingZer0 Team Online CTF offers over 200 challenges that will test your hacking skills in multiple areas - from cryptography, malware analysis to SQL injection, shellcoding and more. After you have found a solution to the problem, you can send it to RingZer0 Team. If your decision is made, you will receive RingZer0Gold, which can be exchanged for hints while solving problems.
14. HELLBOUND HACKERS
On Hellbound Hackers you can find traditional tasks with exploits and such task formats that are not available on other resources. For example, application patching and time-limited tasks. In patching tasks, you are given a vulnerable piece of code and you need to propose a fix for this vulnerability.
15. HACKINGLOOPS
HACKINGLOOPS is a site where you can find many tutorials on various types of hacking, from mobile phones to websites. Also on the site there is an opportunity to pass tests to prepare for Security + certifications.
16. HACK.ME
Hack.me is a large collection of vulnerable web applications for putting your hacking skills into practice. All applications are provided by the community and each can be run on the fly in a secure, sandboxed sandbox.
17. HACKTHIS !!
HackThis !! consists of 50+ tasks of different levels, for solving each of which you get a certain number of points depending on the difficulty level. Similar to Hack This Site, HackThis !! There is also a lively community, numerous articles and news about hacking, and a forum where you can discuss security-related tasks and issues.
18. ENIGMA GROUP
Enigma Group contains over 300 tasks with a focus on the top 10 OWASP exploits. The site has nearly 48,000 active members and hosts weekly CTF contests as well as weekly and monthly contests.
19. GOOGLE GRUYERE
Google Gruyere shows you how to exploit vulnerabilities in web applications and how to protect against them. You can do real penetration testing and actually hack a real application using attacks like XSS and XSRF.
20. GAME OF HACKS
Game of Hacks shows you a set of code snippets in a quiz with multiple choices, and you must identify the correct vulnerability in the code. This site stands out a bit from this list, but nevertheless it's a good game to spot vulnerabilities in your code.
21. ROOT ME
Root Me is a hacking site that offers over 200 challenges and over 50 virtual environments allowing you to practice your hacking skills in a variety of scenarios. This is definitely one of the best sites on this list.
22. CTFTIME
While
CTFtime is not a hacking site like the others on this list, it is a great resource to stay up to date with CTF competitions happening around the world. Therefore, if you are interested in joining a CTF team or participating in a competition, you should take a look here.
23. PENTESTERLAB
PentesterLab is an easy and convenient way to learn pentesting. The site provides vulnerable systems that can be used to test and study vulnerabilities. In practice, you can work with real vulnerabilities both online and offline. However, online access is only open to those who have a PentesterLab Pro subscription, which costs $ 19.99 per month or $ 199.99 per year.
Conclusion
In this article, we have sorted out the basics, without which you are unlikely to become a hacker. Speaking of employment. As a rule, people involved in information security either work as freelancers, fulfilling orders from individuals, or work for a company, ensuring the security of stored data, performing the work of a system administrator, etc.
