Hi everyone,

I'm looking to get some input on what is (in your opinion) the most relevant and useful programming language for an Ethical Hacker. 

I have experience with Network Pen testing, some web app experience, and *nix experience.  I have some basic understanding of what exploits are doing when executed.

I just purchased a book on perl and thought I would start there; input from the community will keep me on track. 

Thanks!

Iwas going to say the same thing as Ketchup but he beat me to it, but I'd add python to the list.

-a scripting language(s): perl, python, ruby
- sql then syntax for various databases
- javascript for web
- low level and high level languages...so assembly & some sort of C, you can also throw VB too.

oh an English, because alot of the stuff you need can be found if you just search for it.

XSS attacks, cookie stealing etc javascript come in handy

Perl and python. I've used perl for quite some time, to the point where I even use it for relatively major programming projects. Python is a more recent addition for me and is very handy for banging things out quickly. There are some places where it makes a a better utility language than perl even.

I think that you need both.  I would start with C and learn how memory is allocated and destroyed.  Learn about types, pointers, and so on.  Much of the software, especially in Nix is still written in plain C.   

After you master C, move on to C++ and learn the object oriented nature of the language.  It will be a quick pickup if you can grasp OOP.


I think you should learn SQL.  Before you move on to specifics in MSSQL, Oracle, or MySQL, you have to understand the concepts.   I would recommend becoming comfortable with doing SQL Injection on the three above.  Each RDBMS is going to have its own stored procedures, views, and functions.  The syntax is different, despite accomplishing pretty much the same task.  Those are the most common database engines. 

I'd say the more important thing is to understand "how databases work" i.e. database theory, learn about different types of statements, what a union does, what group by and having clauses do etc.  once you know this, then you just need to find the specific syntax for whichever RDBMS you're working with. 

having said that, it's pretty much the same for all programming languages - learn the fundamentals - varialbes, pointers, loops, conditional statements, functions etc. then you should be able to pick up any language with minimal effort.  next step up from that is getting your head arround object oriented concepts, but that's not too hard either.

I would say Assembly, C and a couple scripting languages (the more the better) .

But I think it depends on what you want to specialize in,
i.e. using tools/command line scripting attacks, etc.. or exploit development/analysis & reversing, in which case Assembly & C are a must.