To the reader,
Before you begin to read this, you should know that before beginning anything, you must paint the picture in your mind about what you want to get from this. At the time of updating this guide I would be what you can consider a neophyte, which is known by hacker activists to be beginners to the subject of hacking. I decided to write this because there isn't a clear guide for this kind of stuff, and people on IRC are reluctant to show you a clear path, however there is a reason for this.
HISTORY AND BASIC TERMINOLOGY
Hacking in essence has a broad spectrum of interpretation. One can think of hacking to be what media has shaped the image to be that of someone who breaks into systems, cracks software, and so on. Though, this is wrong, because it paints the darker picture that has developed over the years. To hack is to use your knowledge (and intuition if you want to count that), and cleverness to your advantage in order to overcome an obstacle much better or faster than the average person can, like solving a Rubik's Cube using an algorithm instead of guessing which way to rotate the sides. Likewise, a hacker is someone who fits the stereotype mentioned previously. However, the type of hacking described for all intents and purposes of this website and this guide, is related to cyber security and systems alike.
The Hacker as an individual, can always be described by three major categories: a white hat, a grey hat, and a black hat. A white hat hacker is typically someone who hacks with the moral boundaries of an "ethical hacker" in order to hack a system the legal way or "to catch the bad guys". A grey hat hacker is one who hacks for neither good nor evil intent, but falls just in between. Finally, a black hat is one who hacks a system with malicious intent and are the ones advertised on the news when caught.
I can sit here and explain to you the origins of hacking, but there's too many things to do and so little time do them before you die so I will try to keep this short. Hacking in cyber security involves attacking three major elements to a system: confidentiality [level 2], integrity [level 3], and accessibility [level 1] (CIA). An accessibility attack, is one that attacks the ability to get access a system, an example of this would be the widely known Denial of Service (DoS) attack that has become popular to local media. A confidentiality attack is one that attacks the "trust" users have for a system, an example of an attack would be having the ability to pull data/files from a server without permission that contain sensitive information. An Integrity attack is one that attacks the way a system works, an example would include something along the lines of being able to change the way water is filtered in a water treatment facility through the use of changing code. Keep in mind that I described the elements of CIA with a respective level of severity or impact if you will to a system.
Hacking the security of a system can be broken down into two major categories:
Networking - (What happens before you break into a system) Being able to break into a system or disrupt a service by using tools, scripts, physical hardware, or networking skills.
Corruption - (I like to call it this way, what happens after) being able to destroy, take, modify, and manipulate a system.
Each branch of hacking is designated with the intention of attacking anyone aspect of the CIA a system has. One can use reverse engineering, for example, to disassemble a program and rewrite the way it works to do something in order to compromise the integrity of a system. If you want to know more about how each kind of hacking is broken down you can check out the neophyte's guide here: https://www.soldierx.com/Neophytes-Guide .
BEGINNING YOUR PATH
First and foremost I want to point out that there is a very high degree of philosophy I'm about to smack you with that will either make you walk away from this eventually or continue down the rabbit hole you've entered. Lets say you and a group of your friends decide to climb a mountain, and that there are many ways to go about climbing that mountain, for instance, this mountain has a set of stairs you can use in order to reach the top. And as far as you can tell, this seems to be the only viable option available to other people around you. Then apart from you just before you start going up the stairs you see a person in the distance far away from the base of the stairs, and this person has on a harness, hammer, rope, carabiners, and an assortment of other things that mountain climbers usually use to scale up a mountain. To put icing on this scenario, this is the first time this climber has ever attempted to climb a mountain. Eventually both the climber and yourself reach the top of the mountain, the climber just trailing longer in the amount of time it took to get there. However, deep down inside you know the winner isn't you for having reached the top, but instead the climber for having learned to scale its first mountain.
Learning to hack is almost parallel to the previous scenario. Let me ask you something, what is it that drove you to this website? It is the same exact thing that made you decide to wake up in the morning, it is the foundation for all of your experiences, what you eat, what you do, every single thing that applies to how your time is wasted on this earth is led by your natural sense of curiosity. To begin hacking you have to first be led by a strong and definite natural sense of curiosity into why things work the way they do on your computers. You have to decide by your own free will to explore various topics extending from the Windows and LINUX/UNIX Systems, to networking, to programming, and let what starts from something so small to develop into something explosive and full of chaos. From all the wisdom I've gathered in my time of embarking this long and arduous journey, I've come up with a set of rules to help give you an idea of how to go about this:
RULE 1: Start off by using one programming language to be able to do everything. Upon glancing and asking around the internet, the common response to people asking how to learn hacking, the usual response is that you should start off by learning one language that can do everything. For example Python can allow you to do pretty much everything from making GUI based applications to programming. Once you feel like you can do alot with the language, learn how to use dependent APIs that involve it, then expand your skill-set to other languages that you think you need. You might be asking "But Erra, how much programming should I know?" To which I reply, everything there is to know about everything you can do with it and that you are certain nothing else can be done with the language. It may seem unrealistic, but treat it as if it's not and you will realize that doors open for you in ways that you don't expect.
RULE 2: Take the hard way out. You may be tempted to be the natural script kiddie, and be on your way, but you have to remember that although script kiddies are the ones caught by the news outlets for robbing a bank, they don't actually know what the tool's programming is doing when they run those scripts. Learn instead to use your chosen language(s) to do what those tools do instead. This is hard, but this is the part where I ask "You remember when I told you that this will either make you walk away or continue down the rabbit hole earlier?" If you so graciously decided that you want to go through with this, then just remember that this is never definite, you might even at some point quit the endeavor altogether. If you are stuck on something always keep in mind that there's always another way to overcome the barrier, no matter how hard, barriers are just walls you have to overcome to get to the other side.
"There is a crack in everything, it's how the light gets in." - Leonard Cohen
RULE 3: Don't do things for fame, and keep an open mind when it comes to EVERYTHING, including stupid shit like the Windows vs MAC vs Linux war. You have to keep in mind that there are people out there that are going to be able to do certain things that you can't. There shouldn't be any reason for you to become a condescending shit head simply because you think you know more than others about something. People in all hacking communities have strong mindset when it comes to people who condescend others. Consider the fact that you will by no doubt get shrekt by someone for spreading false information and being a shit head about it. Not only that, you have to be really careful who you mess with. Respect and you shall receive the same back.
I grantee a lot of the readers will not have enough of that natural curiosity I explained earlier, and some that do now may not have it later on. But keep it lit and you will receive the rewards. Below I have listed some topics to get into
On programming learning common languages:
-C/C++
-Java/ C#
-Python/Ruby
-Perl/LISP
-Haskell
-Bash/Linux
-Assembly (if doing lower level work)
-HTML/CSS/SQL/Clojure/PHP (when you have some networking background)
-Interfacing your desired language to work at the kernel level and exploit it
-Using your desired language to perform network based attacks
To grasp programming concepts better you should read about Data Structures and Algorithms(Lists, Queues, Stacks, Heaps, Graphs, Trees, Sorting, Searching, Path Finding, etc).
On Networking you should learn networking from the basics, and after that the OSI model(all 7 layers):
- Introduction to networking(bits, bytes, base conversion, IP, Netmask)
- Fundamentals of Computer Networking(LAN, WAN, MAN, VPN, intranet, extra-net, bandwidth, limits, OSI, P2P, TCP-IP)
- Layers of TCP-IP and OSI(Architecture, IP addressing, IP obtaining, transport layer and application layer, etc).
- Routing(routing protocols, IP routing, sub-network mechanism, router configuration, router functionality, IOS Cisco, etc)
- Hardware:Cabling, cable types, cable testing.
-Using a programming language with your networking skill set
On how the computers work you will want to learn about Electronics:
-Electronic Devices and Analog Electronics
-Logic Design
-Numeric computers
-Computer Architecture(Von newton Architecture, and Harvard architecture)
-Microprocessors(here comes the ASM Language)
-Digital Design
-Digital Design
-DIGITAL DESIGN
-D I G I T A L D E S I G N
I wont get into a touchy subject called social engineering, that's on you. However, what I will say is your path is developed by your curiosity into these things, and that will always be the answer; let the flow of your desire mold your skill-set, not a class making you run some tools. Although, learning how tools work in a pen testing class can give you an understanding of attack methods, just keep in mind it won't make you a hacker, as a hacker is defined by the ones who make the attack possible to perform. Also, something to keep in mind is anonymity, so learn how to hide yourself.
TIME TO DECIDE
Alas if you are ready to embark this path of darkness, it is time to sign that contract, once you begin, there is no going back, then begin by reading the hacker's manifesto here:
https://www.soldierx.com/Updated-Hacker-Manifesto-Conscience-Real-Hacker
Otherwise, if you think this is too hard for you, or that you will not make it because you don't have that curiosity beneath you, then leave and find something else to love.
-Erra
Edited Jan 11, 2018 (This is seriously my last time editing this)