puremango.co.uk

“ The Only True Guide to Learning How to Hack ”

originally by R4di4tion (email), with a few updates by myself.

You stay up all night on the PC typing and typing. No, you’re not hacking. You’re begging someone on IRC to teach you how to hack! Let’s look at the facts:

1. You’re a luser and you’re annoying. No one likes you if you ask others how to hack without taking the least amount of initiative.
2. You’re not worthy of any title even resembling hacker, cracker, phreaker, etc., so don’t go around calling yourself that! The more you do, the less likely you are to find someone willing to teach you how to hack (which is an infinitesimal chance, any way).
3. You’re wasting your time (if you couldn’t infer that in the first place). Many real hackers (not those shitty script kiddies) spend all their insomniac hours reading and, yes even, HACKING! (Hacking doesn’t necessarily (but usually does) mean breaking into another system. It could mean just working on your own system, BUT NOT WINDOWS ‘9x (unless you’re doing some really menacing registry shit, in which case, you’re kind of cool).)

You’re probably thinking, “Then what should I do. If no one’s going to help me, how can I learn to hack?” Have you ever tried READING (I assume this far that you are literate). Read anything and everything you can get your hands on! I recommend hitting a computer store and looking for discount books (books that are usually out of date, but so are a lot of the systems on the ‘net, so they’re still relevant!). You’ll be surprised what you can learn from a book even when you’re paying a dollar for every hundred pages. I recommend the following books to start off with:

• Maximum Security I or II: this is not a guide to hacking, despite what you might have heard, but you can get enough info to learn the basics of how hackers hack! (Isn’t that more fun than being lamed, email bombed, and kicked off IRC).
• Practical Unix and Internet Security (Sec. Edition): This is mostly a book about how to secure Unix (if you don’t know what Unix is, either shoot yourself now, or read O’Reilly’s Learning the Unix OS), but half of learning to hack is learning a system from the inside out. How can you expect to hack a site (w/o using a kiddie script, which i must restate, is NOT hacking) if you don’t know how to use the system?!
• Linux Unleashed/Red Hat Linux Unleashed: these books are kind of cool. First of all, they come with Red Hat Linux (*sigh*, just go to www.linux.org and read everything there) 5.1 and 5.2 respectively (if you get the newest versions of the book, which you should). Read everything you can from it.
• Sendmail in a nutshell: This is only after you read everything else. Sendmail, for those of you who still don’t know, is a program that sends mail. It sounds stupid, but this is a buggy program, and usually is the avenue of attack many hackers take because of it’s vulnerabilities.
• TCP/IP Blueprints: this will clear up a lot of things concerning TCP/IP.
• TCP/IP Administration: haven’t read it, but can’t wait to! (I’ve been bogged down by a lot of other REAL computer stuff).

Editor’s Note: OK, some of these books are out of date now, so I’ve striked the ones that are no longer relevent. “Hacking Exposed” is a good substitute for “Maximum Security”.

After you’ve read them all, re-read them! Trust me, you gain a ton of information the second time you read them just as you gain perspicacity the second time through a movie with a twisted plot.
Then, read a ton of RFCs. RFCs are Request for Comments by the people who practically shaped the Internet. Here is a good list of RFCs (the books above give about the same list):

Editor’s Note: Yeah, I really wouldn’t bother with the RFC’s, they can come later if you get really seriously into it.

That’s it for now. If anything else interests you about the Internet, try to look up an RFC for it. Read anything you can about Internet security in general (but not stuff like “How to Hack” (but keep reading this!)). Subscribe to mailing lists. Some of my favorites are bugtraq, happy hacker (interesting stuff), and MC2. By now, you should be advanced enough to breeze through Carolyn Meinel’s “Guide to (mostly) Harmless Hacking.” It’s got some interesting stuff, but not enough to be “3l1t3.” Okay, now for the big step: the step from lamer to hacker! If you have not already, install Linux. Now it’s okay for you to go online to usenet groups and ask for help installing Linux, ‘cuz quite frankly, it’s pretty fucking hard! NEVER, EVER, EVER expect to get it on the first try just right. The next thing to do is learn programming. I recommend learning C++ first because it will help you understand a lot about programming, it’s easy to use, and is a lot like the other programming languages you should also learn. Read these books:

• Teach Yourself C++ in 21 Days: the name says it all
• Learning Perl: an AMAZING book on learning Perl
• Programming Perl: the next step after Learning Perl
• Perl Cookbook: the next step after Programming Perl
• Core Java (Volume I & II): these books are by the makers of Java. Java is a really cool language to say the least, but you should at least learn C++ before so you can understand classes.

Now, you may be saying I may have been a bit hypocritical by saying not to ask how to hack but to ask about installing Linux. The thing is that Linux people are usually pretty nice, and the people who are Linux gurus want more than anything for Linux to prosper, and are willing to help you out. Oh, by the way, if you’ve installed Linux the way you want it (which does not include throwing you Linux box out the window and yelling, “I LIKE THIS JUST FINE!”), congratulations. You have now earned my respect.

Okay, I mentioned kiddie scripts earlier, and I’ll follow up on it now. Kiddie Scripts are auto hacking programs that will do all the work for you. You don’t want that. I do condone downloading them and learning from them, but don’t become a script kiddie. The only place they go in life is jail (not where you want to be).

Now, you should know a great deal about hacking. You have a compendium of information at your fingertips with a mental index. You want the best advice? Don’t hack. Odds are, you will get caught, and then it goes down on your criminal record, and unless you did something fan-fucking-tastic, like hacking the white house security cameras and get video of Slick Willie getting a BJ, you can pretty much kiss your computer future goodbye, cuz no one will hire a convicted hacker. If you do hack, be a white hat hacker. For example, upon breaking into a site, leave a note maybe including how to contact you (not through the phones, mail, real email address etc., do it through a hotmail account or something) or how to fix it. They may be nice enough to offer you a job! That’s right, there are some people who get paid to hack and do what they love.

In conclusion, you may have noticed that this was not a real guide to hacking. That’s because there is no one resource for hacking. This was a guide to LEARNING how to hack, which, if you want to be a real hacker, you will have to do. There is no one way to hack. (If so, it would be a lot easier for system administrators to keep you out!) It’s a variety of different tricks as well as the ability to keep up with current vulnerabilities in software and hardware. You should also learn how to program. Even though Kevin Mitnick was infamous among the hacker culture for being the most wanted cracker, he couldn’t even write his own exploits! That’s pretty sad. Please use whatever information you have wisely and responsibly, and distribute it only to people who are worthy of it.

OK, so that’s the article that first got me into hacking, I guess around 15 years ago. If you’ve read this far I congratulate you, you have my respect. A short attention span is not something prized by hackers.

And if you look at the comments to this page, you can see the same questions being asked again and again “How do I find x”, “What is Y”, “Where can I find Z”. If you have to ask, you’re probably not the right kind of person to be a hacker. Hackers use their initiative. Like, a lot. If you’re hacking into a website and get stuck, you can’t just call up the admin and say “Hey, where’s the password file kept?” you have to figure it out on your own. In many ways, learning how to hack is also learning how to learn.

Now you’re probably thinking “hang on, you read this fifteen years ago?!?!”. Yes, it’s an old piece of text. No, you didn’t waste your time. This hacking tutorial teaches you the basics of how to hack, and those aren’t ever going to change. If you didn’t catch them the first time around, here they are again:

1. learn to program
2. learn how the internet works
3. learn how unix/linux works

Go download wireshark, nmap, hping, and a C IDE and just play around with all of them. That’s what the essence of hacking is; messing around with technologies until you find something cool. Check out my Hacking Facebook post and you’ll see exactly what I mean; it’s not really “hacking” as such, all I did there was peek into facebook’s code using firebug, and I found some cool stuff. But the hacking skills are the same. Some of you will want to ask “how do I download wireshark” or “how do I use hping” – you must understand that answering the question for yourself is half the point.

I also very definitely agree with R4di4tion’s suggestion to subscribe to bugtraq but I’d suggest signing up a new email account solely for it; it’s very high volume. You may also want to sign up to the security-basics, vuln-dev, web-application-security and pen-test lists. Reading the conversations that take place on those lists is a gold-mine of hacking information.

ESR’s hacker howto

Gary Robson’s How to become a hacker

elfQrin’s open letter to wannabe hackers

donk boy’s tutorial – if you follow this you will know everything you need to

Top security tools, as voted by nmap users

Your suggestions/experiences/advice/resources/tutorials welcome.