Hey guys! I am new to ethical hacking and i wanted to know how is the best way to start learning all this stuff?

I know C pretty much in and out, i know a tad of C++ (going to be learning a lot more soon), and i some python. I am also moderately familiar with linux (having worked with Ubuntu, Mint, Fedora, and CentOS).

I also know HTMl, CSS, and Javascript. And am planning on learning PHP and MySQL very soon.

I got into ethical hacking because i just started my first ever home server ( a small webserver to host a personal website) and i wanted to get into security and learn the ins and outs.

I am very eager to start learning because it will give me a lot more knowledge about networks and security systems. Eventually i want to move the server back home (right now its with me at college but its a hassle to keep here), and be able to pentest with it over the internet (to simulate a real hacker who wouldn't normally have physical access to the server).

How do i start learning? I am very eager. I bought some books and checked some others out from the library after reading some other posts but i dont know which one to read first. I have the following:

• Counter Hack Reloaded, Second Edition
• Ghost in the Wires
• Hacking - The Art of Exploitation 2nd Edition (this one came with a neat CD but i have looked at it yet)
• Hacking Exposed Network Security Secrets and Solutions, 6th Edition
• Kevin Mitnick - Art of Deception (i think this is more social engineering but i picked it up anyway since it was recommened)
• Metasploit - The Penetration Testers Guide
• Social Engineering - Christopher Hadnagy (this one i KNOW is social engineering, haha)
• BackTrack 5 Wireless Penetration Testing (I hear that Backtrack 5 is the most widely used operating system for hacking)
• Gray hat hacking: The. ethical hackers handbook, 3rd Edition
• Practical Hacking Techniques & Countermeasures
• The Basics of Hacking and Penetration Testing

But those are sooo many books and i am a pretty damn slow reader

What book should i start on? Is there a better book to start out with than the ones i listed? Also after i finish my first book what one should i move on to?

If you're slow with reading, maybe watching videos might get you moving forward a bit faster: http://www.securitytube.net/groups?operation=viewall&groupId=0

As for books, Metasploit and Grey Hat are good. I'd also suggest playing around with vulnerable machines (De-ICE, Kioptrix, Holynix, etc, found here http://g0tmi1k.blogspot.ca/2011/03/vulnerable-by-design.html).

Reading is one thing, but experience is another. You have to immerse yourself in it, don't give up, ask questions, read, learn from your mistakes, try again.

So the consensus i'm feeling is for complete beginners who have my amount of experience with computers is Grey Hat Hacker as well as The art of Exploitation.

Is the art of exploitation more of a social engineering book?

Also are your guys' opinions on hacking exposed (6th edition)?

I use metasploit and Rapid7's online guides for a good deal of my penetration testing.  I'm one of those learn by doing weirdos.  It's a great platform for not only working, but learning as well.  If you're a command line nerd like me, the tool shows you some advanced functions available from other tools.  Since I've started, I've learned things that NMap can do that I've never tried.

I frequent Rapid7's website and register for their webcasts whenever I can.  They always have good discussion and follow it up with some practical examples using their tools.

Also, please don't overlook the social engineering/physical security aspect.  You'll need good information to provide a direction and avenues of attack once you've identified a target.  All the tool proficiency in the world is useless if you can't gain access (physical or network) to the system.

Good luck in your endeavors.

Thanks for all the great replies guys! I think i am going to start with Hacking: The Art of exploitation then move onto Grey Hat Hacking.

After i get those books in my head what should i move onto? Are those books "pre-beginner" or by the time i finish those will i actually be able to do something? What are the next set of books/ resources for learning?

remember, my goal is to do stuff through the internet so i can access my server without it needing to be in the local network? I hear TCP/IP by Addison Wesley is a good read, would that be next or what?

Thanks again you guys have been super supportive!

New here and relatively new to learning about CEH. But a couple of good books I've found so far are "Basics of Hacking and Penetration Testing, Patrick Engebretson", "Google Hacking, Johnny Long" (for learning to use advanced tools in Google to do recon). Oddly enough, "Hacking for Dummies" is pretty decent read. There are tons of good sites like http://www.learntcpip.com/LTSN/default.htm for learning things like TCPIP and Sub-netting. Also a lot of good youtube videos out there for things like setting up pen testing labs using VMware Workstation(costs a ton) or Oracle Virtualbox (free).
Having a home server is cool, but if you have a good laptop with a bunch of RAM, you can set up your own intranet in your laptop and hack it to your heart's content without ticking off anyone in a black suit. You'll need copies of different OSs to make different VMs and try exploits against them, but most of the Linux stuff is free to download and you can usually pick up different Client Microsoft OSs in a computer store or online. I'm in process of setting up my laptop as a pen test lab, so if anyone reading has a good tutorial on doing that using VMware Workstation 8, please send me the link if you would be so kind.
 "Ghost in the Wires" was a good read, but Kevin Mitnick's specialty was never so much the  mechanics of hacking. He has something that is extremely difficult to learn, he is a complete genius at social engineering. If you were in Hell, he would sell you a premium quality BBQ pit and a set of custom cigarette lighters. That is an art form that takes an understanding of human nature and psychology to get good at. BTW, This forum is awesome. I am just arriving and am a babe in the woods as far as hacking is concerned, but have looked around enough to know there is a wealth of encouragement and information here. I am looking forward to spending more time engaging and learning here.