When I was small I was really excited about hackers - I had seen some movies in which some hackers did magic things with only a few lines in command line. In reality it doesn’t work like this, but there are some movies or movie series (for example Mr. Robot) - in which at least they have shown real hacking environment on some stuff about social engineering.
If you want to become a hacker you should learn those fields:
- cryptography
- reverse engineering
- web
- exploits
Actually it’s plenty to learn and it’s hard to tell from where to start. So what you can do to learn this stuff?
Hacking resources
I started from wechall - it’s a web site on which there is a ranking of hackers. You can link your accounts from different hacking sites to it. Challenges there are pretty old - I recommend to just create an account and go to overthewire and link your account. At overthewire there are challenges in real unix environments to which you can ssh. There is a suggested order for wargames - from most basic ones to really hard. Usually there are some tips or recommended resources to each challenge - you know what to read to get necessary knowledge to achieve success.
The next site I can recommend for a start is hacker.org - there are plenty of fun challenges, starting from completely basic to become extra hard. Usually there are no tips and you are on your own. There is a forum on which you can ask questions, but I find it pretty scary. You can find there challenges from every area - from web to reverse engineering.
On wechall you can find plenty other sites, so I don’t want to spoil more - you should be able to find your way in this.
Minimal background to start
I think the most important thing is to be good at math - they say that math is not needed to do programming, maybe yes. But if you want to become good at hacking, strong logical reasoning is your best friend. It’s necessary when learning cryptography or reverse engineering. Also strong learning desire, patience and perseverance are the key.
The other skills you may have:
- knowledge about how http works
- basic knowledge about networks
- basic knowledge about memory
- ability to write code in some scripting language (PHP, Python, Perl, bash)
- ssh and unix - it’s a must
- relational databases - MySQL
It’s not that you have to master those things, but you have to know how to ask questions and where you can find answers.
You can ask why you should know these things? It’s quite hard to do any simple hacking without basic web knowledge - for example how POST request works. Or without knowing about binary or hex numbers, it’s quite hard to even understand some easy cryptography problems. Without unix knowledge it’s impossible to do some web challenges, because you need some awareness about directory structure for example.
Desired background to start
It’s really helpful when you are fluent at programming in some OOP or procedural language - functional paradigm isn’t so useful here. I think versatility is a key here - you should be able to switch between languages (from Java, C# to Python, C++ or even C) - it’s needed for reverse engineering (there are challenges in all these languages). Also knowledge about different architectures and overall awareness how computer works will be helpful for it. For reverse engineering challenges C/C++ and assembly knowledge is crucial - even the easiest problems are quite demanding. The best is when you know at least how to use gdb and how to read hex dumps.
For web challenges mastery of PHP and its flaws will make things easier, because you will know how to inject a code inside a script or how to perform SQL-injection. Personally I’m quite fluent at reading PHP documentation, but I’m very far from knowing how to write good code (is it even possible?!) in it. I can hack some scripts in it, but definitely I’m not a master of any of its frameworks. Some basic javascript is also very useful - usually you have to change something or just be able to understand what’s going on.
For cryptography challenges it’s sometimes good to know group theory and other math stuff like this. Being good at algorithms makes it easier to discover how some encryption/decryption mechanisms works. Also programming skills are useful here, because often it’s just faster to design a decryption algorithm and implement it, than do decryption by hand (in the most easiest challenges it’s possible).
Conclusion
Of course these are my opinions based on my experience. Joining this hacking community didn’t made me a better programmer, but it made me a better in security. It’s a specific community - don’t expect too much guidance or nice words there. Now, I’m more aware about security flaws, also I can see them more easily when surfing the internet. So I guess it’s really good thing to learn at least the basics.
Let me know in comments about your experiences!
Leave a Comment