I get asked a lot about where you should first start if you want to learn hacking.  Rather than just give the more vague and generic answer like “learn all about networking and learn the ins and outs of operating systems” I thought I would recommend something a little more hands on and practical.  Something that could get a budding hacker’s feet wet quickly. 

The very first place to start is scanning. Yes scanning! Its not hard and it’s a fundamental technique that you must know and know well to be a hacker.  Don’t just open up your super scan and plug an IP range in a couple of times and think “ok I am done”!   Make it a point over the next 2 weeks to know all there is about scanning. Make it a goal to become a master scanner.

Nmap is really the tool to focus on. The majority of Hackers use it and gives you a good idea of what they can see.  Learn all the switches and variations. Don’t just use sS or sT but try all kinds of combinations and more importantly, try and understand them. Try making decoys, etc… The goal is to get to the point that you feel like you would be comfortable sitting at a table with a group of high level hackers and you could hold your own when discussing nmap.

The ideal place to scan is your own network or test lab. Yes you can scan blindly over the internet, but there is a little risk involved.  While scanning is not illegal (remember hackers consider illegal as nothing more than a sick bird-ok no more bad jokes) some ISPs look down on it and consider it a violation of your service agreement. If they catch you, they might suspend your internet connection.  For instance Cox cable has 3 strikes and your out policy. If they catch you the first time, they will suspend your connection until you explain what’s going on. That just happened to someone I know. No it’s not me, lol! The 3rd time they catch you, you will be permanently cut off by them and must look for a new provider.  If you do get caught and suspended, you will need to give them some reason for the activity coming off your modem. They assume you have been trojaned and expect you to run your anti-virus and fix the problem. In the case of the person I know, that’s exactly what he told them he had done.  He played dumb and said he forgot to update his anti-virus. He then claimed to update it and scan his computer and found all kinds of bad things ( probably that was true because the bad things were the stuff he placed on there himself, lol!) and now they were all gone and his box was clean. They quickly gave his access back but that was strike 1 on his record.  I am only telling that story in case someone reading this decides to go crazy scanning NORAD or something from their home network!  If you do, remember you have been warned. Just use common sense (like scan from your neighbor’s house  just kidding!)  and you will be fine. On a side note, I have never had a problem scanning even from home. The key is not to keep scanning the same target over and over and especially not the server of the ISP, jeeze!  Also, don’t try and telnet to anything, even just as an innocent banner grab. That’s will be seen as an unauthorized attempt to connect.  However, if you attempt that to a remote server that is not part of your ISP’s network, more than likely you will be ok. Most ISPs dont give a dang if you are scanning boxes in say, Nigeria!

I still say the best place to scan is your own lab. You can have the benefit of seeing how your snort logs respond to it, etc…  Commit  at least a half hour a day for the next 2 weeks and you will have a good understanding of nmap and have a solid grasp on a crucial fundamental.

Hey thanks and I look forward to seeing your findings that you post in 2 weeks.

Please keep the scanning to your own network till you feel you fully understand what you are doing. You can use VMWare to build a nice lab and do all kinds of fun stuff. Most ISP's are getting a lot tighter on what there customers do on and off of there network. It would relay suck to lose service and be black listed by all the Broadband providers in your area. I say before you decide to take on the internet and remote hosts off your subnet you should try to hack and crack your own lab. Get some windows and Linux tools (NMap, Snort, Cain, Ethereal/Wireshark, & many more). Once you understand how a local LAN works you can more to the next level. I say follow the OSI model and begin with Layer 1 (physical) then work your way up to layer 7 (Application). I feel once you understand how networks work by OSI layer your understanding of networking will be so much better. Anyway this is just my opinion and I come from a routing background.

Brian
(aka Slimjim100)

I guess I was hoping to stay on the topic of scanning.  Most people when they are starting to focus on hacking freak out and want to know all! They want to know all in 2 weeks, lol!  Hey, I understand and I wish it was that easy. You want to be good? Take baby steps. Don’t jump ahead until you really know each step. That was the point I was trying to make. If any hacker here says that’s not true, well please post!.  Learn scanning and learn it well.  Once you know nmap then play with other scanners. Research each one. Try and put a little pressure on yourself.  Don’t feel like you can go to a hacker meeting and say you have never tried scanline , superscan, or angry scanner.   The natural progression is to move to other scanners like hping2, etc... You might even try and write your own scanner. The first program I wrote when I was learning C was to write a very basic program that would ping all the hosts on a network. That is a very easy program to write and its a great place to start if you want to learn C and also understand the very basics of a scanner.   Again, the idea is to be a master of scanning. Are you?  Please don’t post asking whats the next step! If you have really learned scanning you should know the next step. Its obvious!  Learn this first one and I PROMISE it will pay off big time as a hacker-security pro!  Those here that have experience will agree!