Nowadays, every other college or school student wants to be a hacker. Due to media hype, the term hacker is considered both cool and criminal at the same time. Now, since my blog is basically about my journey into hacking, I receive many emails on how to become a hacker. "I'm a beginner in hacking, how should I start?" or "I want to be able to hack my friend's Facebook account" are some of the more frequent queries. In this article I will attempt to answer these and more. I will give detailed technical instructions on how to get started as a beginner and how to evolve as you gain more knowledge and expertise in the domain. Hacking is a skill. And you must remember that if you want to learn hacking solely for the fun of hacking into your friend's facebook account or email, things will not work out for you. You should decide to learn hacking because of your fascination for technology and your desire to be an expert in computer systems.
|Image courtesy of Salvatore Vuono/FreeDigitalPhotos.net|
"Being a hacker is lots of fun, but it's a kind of fun that takes lots of effort. The effort takes motivation."
The first important step to becoming a hacker is to read this article by Eric Raymond http://www.catb.org/esr/faqs/hacker-howto.html It has become the de-facto standard guideline for aspiring hackers.
The hacker mindset
In order to become a hacker, you must start thinking like one. We encounter all kinds of technology in our real life. Look at them from a hacker's perspective by thinking of ways to hack them. Hacking is not only about computers. It is also about how you use logic and ingenuity to solve the problems you encounter in your day today life. Nothing is really hack-proof. Auto-rickshaw meters, electronic voting machines, electronic doors, biometric systems, cars and even a yatch have all been hacked in the past. Whenever you encounter any technology, think about how it can be exploited to perform another action. You should possess a natural curiosity for solving puzzles and taking up challenges.
Know your technology
Becoming a hacker is no easy task. It will not happen in days or weeks. It will take you many months and even years to reach to the level where you can call yourself a hacker. The main reason for this is that being a hacker requires a lot of technical know-how. If you want to hack a computer, it only seems logical that you first know how it works, right? You should be familiar with the ins and outs of computers and know a little bit about everything in the IT domain. For this, you need to learn many things. This learning phase is when most aspiring hackers will give up.
General IT knowledge:
· Learn how to install Windows and Linux. Use VirtualBox or VMware to practice this.
· Learn networking concepts like IP address, subnets, TCP/IP, OSI model, LAN,WAN
· Functions of switch, router, firewall, access point etc
· What is DNS, DHCP, SNMP, ARP, NAT?
· What is HTTP, FTP, Telnet, RDP, SSH, POP, SMTP, SSL, NetBios?
These bullet points are just bare minimum concepts, and you have to learn them thoroughly. For instance, you need to know how data travels through the OSI layers, and the role of each layer in the data transfer. I would recommend taking a networking course such as CompTIA's N+ certification.
Another language you should learn is PHP. PHP is also free and open source. It is a server side scripting language, meaning, login pages and other web based forms are handled by PHP. Knowledge of ASP. NET will also be helpful. You should also know MySQL commands and syntax. This knowledge will be vital later when you perform SQL injection attacks against websites. Download XAMPP package and start practicing PHP and MySQL
Another important thing to note is that most colleges will not teach you advanced programming concepts. File handling and Network socket programming are two very important concepts you should familiarize yourself with, regardless of the language.
The hacker community is a big supporter of Open Source software. You should contribute to open source projects when you can. In order to improve your programming skills, you can start an open source project and work on it. Download the source code of popular open source projects and study the code. Sourceforge and Github are excellent starting points. Alternatively, start your own project and post the source code online. This will help you get recognition.
The Windows operating system may be easy and convenient for most users, but it is certainly not suited for hackers. With the exception of few windows only tools, most hacking tools run best under Linux environment. I have given a list of 10 best hacking tools here. 9 out of those 10 tools run best under Linux. You can use any Linux distribution like Ubuntu or Fedora, but BackTrack and Kali are two major Linux distros specifically designed for hackers. They come loaded with all the popular hacking tools, saving you from the trouble of downloading them yourself. If you are not comfortable with leaving windows as yet, you can use VirtualBox to install BackTrack in your system, or you can dual boot your operating systems.
Information Technology is a huge field. If you look at your college or university, your professors know about programming concepts and theory, the System Administrator knows about networks and systems, the website developers know web programming and designing. You, as a hacker, must know all these things and more.
Even under the domain of hacking, there are many sub categories like web application security, network security, digital forensics, reverse engineering etc. Nobody can be good at everything. After you have adequate knowledge and experience in "general" hacking, you can choose a speciality and become an expert in it.
Now, let's talk about actual hacking. Create your own virtual lab and practice hacking. Here is a guide on how to do this. Learn the top ten hacking tools thoroughly and apply them in your practice. If you have a good understanding of the theoretical concepts of hacking and other technologies, these tools will be a breeze to use. Practice web application hacking using live websites that are meant to be hacked. A good example is www.hackthissite.org. There are plenty of other such websites. Google is your best friend.
One good way to learn hacking is to download pdf and video resources and studying them. CBT-nuggets and other institutes' video tutorials are available in torrents. YouTube hosts plenty of tutorials on every topic. Take a look at www.securitytube.net as well.
I would recommend a method that I used when I started off. Start by maintaining a journal and make a list of all the hacks you want to achieve. Example, if you are in college, your objective may be - bypassing web filtration, accessing the attendance logs etc. Work on these objectives until you achieve them. Similarly, your objective may be to get into someone's system. Work on it consistently without giving up until you are successful. Record everything in your journal. This will help you reflect on how far you have come.
Keep practicing and keep learning. That is the only way to go. If you are in college, don't waste your time partying or facebooking. Time is precious. Utilize your every waking moment. If you know people who have websites or small companies, talk to them and ask them to give you a chance at performing penetration tests(ethical hacking) for their websites and networks. This will give you real world experience. You must, however, remember to get their permission in writing. Hacking someone's website or system without written authorization is illegal and you could very well end up in jail. Verbal authorization is not valid in a court of law. Once you are able to hack their websites, write a report and submit to them.
So, that is how you become a hacker! As you can see, becoming a hacker is a long process so if you are in it only for the heck of it this is not the domain for you. After all that has been said, you should remember to be ethical at all times. Ethical hacking is a risky domain if you are careless and you do not want to end up in the wrong side of law.
Please feel free to leave feedback or ask any queries in the comment section.