Do you need to know programming to be a hacker? That has to be the question I get asked the most. I would say yes and no. It all depends on your view.  The problem is no one agrees what a hacker is! I posted in the past what it takes to be a hacker and every body had their own and different idea, lol!

You can be a fairly good pen tester now without knowing any programming. In fact, the most famous hacker of all time, Kevin Mitnick didn’t know programming. If you understand all the tools and know them well, you can do some effective hacking. I am sure that’s good news to all the script kiddies out there.

My honest feeling is you should learn some programming. At least the basics. It will give you a deeper understanding of what’s going on. Yes it’s true we don’t always breach a system by running an exploit. Sometimes things are just wide open and not configured correctly. Even to this day, Admins use weak passwords. 

If you have never leaned programming I would suggest starting with HTML. Its very easy and you will get results quickly. Actually its fun.  Also, it will help you learn to read the source code on a website.

From there I would say to go into C. C programming is the mother of it all. Most exploits were written in C. Also many hacking tools were also written in C and once you know it, you can make changes to the code to facilitate a tool to do something a little different for you.  Come up with an idea of a program and then write it. My very first program was a simple code to ping all the IPs in a network. Easy to write and I suggest that one if you are stumped.

Don’t settle for being a point and click hacker. Don’t run blind. If you take the time to understand even just the basics of programming, an entire new world will open up for you

 Thanks for the reply Cutaway and those are good points you made.
 
Imagine for a moment you’re a black hat cracker and you have discovered a vulnerability that no one else has discovered. It would be a license rape, plunder and pillage. If you had the right connections and knew where to sell the information that you gathered, you would become worth millions. That is the dark temptation for crackers that  have good programming skills. The only thing that would stop you would be if the security was tight enough to react to you quickly once you were “in”. This of course has nothing to do with pen testing, but cracking into systems.

How does one go about learning that kind of programming?  The easiest way is to write a program yourself with lots of flaws. Use the well known poor programming practices. Make sure it’s a program that goes through the entire TCP/IP stack. If it doesn’t then it will have no value.  Once you have done that, write an exploit targeting the flaws you purposely placed in the program.  There are a number of good books that show you how exploits have been written. After that, see if your exploit actually runs and gives you a shell. You might say that’s cheating and you would be correct. But it is a good basic exercise that gets you started and from there you should be able to move to deeper things. The hardest part of exploring is discovering vulnerabilities without being given the source code. Once you know how to deal with that, you are on your way. 

PS- I am using the term "cracker" for lack of a better term. The only problem for me with that term personally speaking is that I grew up in the South. In the South the term cracker meant something totally different and certainly not someone intelligent enough to  break into systems, lol! I am sure some of you know what I mean.

Hey Kev... I'm a "Georgia Cracker" and it's not a technical term. Just kidding. Anyway I was forced to post by your added comments about the term "Cracker" and how alot of terms can mean alot of different things to people in different areas.

Brian

aka Slimjim100

Is this a forum for hackers or crackers? I know that there is a significant difference, and that most crackers do not seem to have the 'code of honor' hackers tend to portray. And cracking itself is so much easier than it used to be, programs have been written to do almost any dirty work 'needed' with a graphical interface and no skill. How many programs have been written that can hack into a network, find a problem, and fix it? I know that there are not as many as the programs designed to crack. Don't get me wrong, I have used dvd rippers, cd rippers, air snort tools, etc, but never to sell or ruin something, and why/how can a person be considered a cracker if their tool is not their brain, but a USB pen with hundreds of malicious programs?

Just as clarification, a cracker in ethical hacking terms is not someone who cracks code. A cracker is someone who does the same thing a hacker does but does so illegally. So what's a hacker? In simple terms, a hacker is known as someone with the skill to make something (software, hardware, a car, etc) perform a task it was not originally meant to do.

And ChrisG is absolutely correct. This site is for the security professional. We are all here to help people with their careers. This is how we give back to the community that we feel gave so much to us.

Hope this helps,
Don

by reading you posts i get it that you really are someone who is looking for the right thing and unlike most others you are looking for it at the right place you get what i mean

any ways from what i have read and what i know u need to know and think like a cracker if u are up to securing your network. you need to know how cracking softwares work, how they work on your network what results they display. As by thinking how a cracker thinks you get to know a lot vulnarabilties in you network than you think like the network admin. but the difference between us and the crackers is that we do it the legal and ethical way.

I think a certain level of programming knowledge is required for ethical hacking. Not every engagement will be as straightforward as find hole, run script. If your only tool is a hammer every problem will look like a nail and you'll get quickly frustrated when it doesn't work.

Programming is much more than writing programs. One big bonus is that it enables you to understand code that you find. I am not a PHP coder but I can read PHP scripts and assess them because my programming experience allows me to. Many languages share a common ancestry that knowing one can help you understand another even if you can't code with it.

On the point about exploit code you should always cast a wary eye over it before you execute it. It is now unknown for exploit writers insert deliberate mistakes into exploit so that the reader is force to fix it before it will work. Even worse it may contain malicious code that will end up 0wning you if your not careful.

Jimbob

knowing how to code a bit will help you from making a boo boo and running some evil code like the latest new "Apache 1.X Remote Buffer Overflow getRoot() Exploit"