.

Do you need to know programming to hack?

<<

Kev

Post Tue Feb 20, 2007 12:49 pm

Do you need to know programming to hack?

Do you need to know programming to be a hacker? That has to be the question I get asked the most. I would say yes and no. It all depends on your view.  The problem is no one agrees what a hacker is! I posted in the past what it takes to be a hacker and every body had their own and different idea, lol!

You can be a fairly good pen tester now without knowing any programming. In fact, the most famous hacker of all time, Kevin Mitnick didn’t know programming. If you understand all the tools and know them well, you can do some effective hacking. I am sure that’s good news to all the script kiddies out there.

My honest feeling is you should learn some programming. At least the basics. It will give you a deeper understanding of what’s going on. Yes it’s true we don’t always breach a system by running an exploit. Sometimes things are just wide open and not configured correctly. Even to this day, Admins use weak passwords. 

If you have never leaned programming I would suggest starting with HTML. Its very easy and you will get results quickly. Actually its fun.  Also, it will help you learn to read the source code on a website.

From there I would say to go into C. C programming is the mother of it all. Most exploits were written in C. Also many hacking tools were also written in C and once you know it, you can make changes to the code to facilitate a tool to do something a little different for you.  Come up with an idea of a program and then write it. My very first program was a simple code to ping all the IPs in a network. Easy to write and I suggest that one if you are stumped.

Don’t settle for being a point and click hacker. Don’t run blind. If you take the time to understand even just the basics of programming, an entire new world will open up for you
Last edited by Kev on Tue Feb 20, 2007 12:52 pm, edited 1 time in total.
<<

Cutaway

User avatar

Jr. Member
Jr. Member

Posts: 96

Joined: Mon Nov 20, 2006 5:02 pm

Post Thu Feb 22, 2007 10:11 pm

Re: Do you need to know programming to hack?

I believe that you are correct with your "yes and no" answer.  It really depends on where the individual wants to focus his/her skill set. 

If the focus is assessments then being able to compile exploits and generate quick shell/perl/c programs may not be necessary.  A basic understanding of coding will help but knowing how to use the tools, write reports, mitigate problems, and educate admins and end-users is more important.

To be a penetration tester, however, I believe that it is a necessity to have at least a simple understanding of how to program.  You have to be able to compile exploits.  You have to be able to look at shell scripts, html code, open source code, and other programs to understand how to they work.  (this is my skill level)  As you get better you will begin to move into understanding and generating shell code and exploits. 

To be a security researcher then you definitely have to be a good to outstanding programmer.  Coding is what is required to make and break things.
Go forth and do good things,
Cutaway
<<

Kev

Post Fri Feb 23, 2007 8:48 pm

Re: Do you need to know programming to hack?

Thanks for the reply Cutaway and those are good points you made.

Imagine for a moment you’re a black hat cracker and you have discovered a vulnerability that no one else has discovered. It would be a license rape, plunder and pillage. If you had the right connections and knew where to sell the information that you gathered, you would become worth millions. That is the dark temptation for crackers that  have good programming skills. The only thing that would stop you would be if the security was tight enough to react to you quickly once you were “in”. This of course has nothing to do with pen testing, but cracking into systems.

How does one go about learning that kind of programming?  The easiest way is to write a program yourself with lots of flaws. Use the well known poor programming practices. Make sure it’s a program that goes through the entire TCP/IP stack. If it doesn’t then it will have no value.  Once you have done that, write an exploit targeting the flaws you purposely placed in the program.  There are a number of good books that show you how exploits have been written. After that, see if your exploit actually runs and gives you a shell. You might say that’s cheating and you would be correct. But it is a good basic exercise that gets you started and from there you should be able to move to deeper things. The hardest part of exploring is discovering vulnerabilities without being given the source code. Once you know how to deal with that, you are on your way. 

PS- I am using the term "cracker" for lack of a better term. The only problem for me with that term personally speaking is that I grew up in the South. In the South the term cracker meant something totally different and certainly not someone intelligent enough to  break into systems, lol! I am sure some of you know what I mean.
Last edited by Kev on Sat Feb 24, 2007 8:58 am, edited 1 time in total.
<<

Cutaway

User avatar

Jr. Member
Jr. Member

Posts: 96

Joined: Mon Nov 20, 2006 5:02 pm

Post Fri Feb 23, 2007 11:24 pm

Re: Do you need to know programming to hack?

Good example, Kev.  Here is the capper for your last addition: http://milw0rm.com/papers/125.  It runs through a basic version of what you just covered. 

I just read this yesterday after listening to PaulDotCom's last episode:  http://pauldotcom.com/wiki/index.php/ListenerFeedback5.

It is definitely a good place to start.
Go forth and do good things,
Cutaway
<<

slimjim100

User avatar

EH-Net Columnist
EH-Net Columnist

Posts: 385

Joined: Wed Nov 08, 2006 12:50 pm

Location: Atlanta

Post Sun Feb 25, 2007 9:12 pm

Re: Do you need to know programming to hack?

Hey Kev... I'm a "Georgia Cracker" and it's not a technical term. :P Just kidding. Anyway I was forced to post by your added comments about the term "Cracker" and how alot of terms can mean alot of different things to people in different areas.

Brian

aka Slimjim100
Last edited by slimjim100 on Sun Feb 25, 2007 11:32 pm, edited 1 time in total.
CISSP, CCSE, CCNA, CCAI, Network+, Security+, JNCIA, & MCP
<<

Kev

Post Sun Feb 25, 2007 10:05 pm

Re: Do you need to know programming to hack?

LOL, no problem.
<<

Kevan

User avatar

Jr. Member
Jr. Member

Posts: 95

Joined: Fri Mar 16, 2007 7:20 pm

Post Sun Mar 18, 2007 11:46 am

Re: Do you need to know programming to hack?

Is this a forum for hackers or crackers? I know that there is a significant difference, and that most crackers do not seem to have the 'code of honor' hackers tend to portray. And cracking itself is so much easier than it used to be, programs have been written to do almost any dirty work 'needed' with a graphical interface and no skill. How many programs have been written that can hack into a network, find a problem, and fix it? I know that there are not as many as the programs designed to crack. Don't get me wrong, I have used dvd rippers, cd rippers, air snort tools, etc, but never to sell or ruin something, and why/how can a person be considered a cracker if their tool is not their brain, but a USB pen with hundreds of malicious programs?
I may be a newbie, but I am willing to learn.
<<

LSOChris

Post Sun Mar 18, 2007 4:41 pm

Re: Do you need to know programming to hack?

this a site for security professionals or people that want to be security professionals.  there are plenty of other l33t script kiddie sites out there that can keep the whole hacker/cracker/i wear this color hat crap.

my own opinion though...
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Sun Mar 18, 2007 6:11 pm

Re: Do you need to know programming to hack?

Just as clarification, a cracker in ethical hacking terms is not someone who cracks code. A cracker is someone who does the same thing a hacker does but does so illegally. So what's a hacker? In simple terms, a hacker is known as someone with the skill to make something (software, hardware, a car, etc) perform a task it was not originally meant to do.

And ChrisG is absolutely correct. This site is for the security professional. We are all here to help people with their careers. This is how we give back to the community that we feel gave so much to us.

Hope this helps,
Don
CISSP, MCSE, CSTA, Security+ SME
<<

Kevan

User avatar

Jr. Member
Jr. Member

Posts: 95

Joined: Fri Mar 16, 2007 7:20 pm

Post Sun Mar 18, 2007 6:55 pm

Re: Do you need to know programming to hack?

I guess my idea of the talent I want to have it the person that is hired to monitor and fix a given network or computer. I want to be IT Security, but to me it only makes sense to learn how to hack so that I know the methods I will be up against. 
I may be a newbie, but I am willing to learn.
<<

talkinelf

User avatar

Newbie
Newbie

Posts: 13

Joined: Fri Mar 09, 2007 11:49 pm

Location: Maldives

Post Mon Mar 19, 2007 1:47 pm

Re: Do you need to know programming to hack?

by reading you posts i get it that you really are someone who is looking for the right thing and unlike most others you are looking for it at the right place ;) you get what i mean

any ways from what i have read and what i know u need to know and think like a cracker if u are up to securing your network. you need to know how cracking softwares work, how they work on your network what results they display. As by thinking how a cracker thinks you get to know a lot vulnarabilties in you network than you think like the network admin. but the difference between us and the crackers is that we do it the legal and ethical way.
<<

WireSploit

Newbie
Newbie

Posts: 1

Joined: Tue Mar 20, 2007 5:19 pm

Post Tue Mar 20, 2007 5:25 pm

Re: Do you need to know programming to hack?

you only need to be able to do programming if you want to write exploits, or programs.

Exploit code can easily be used, as you can easily get hold of the code, copy, past and execute it.
<<

jimbob

Post Wed Mar 21, 2007 7:55 am

Re: Do you need to know programming to hack?

WireSploit wrote:you only need to be able to do programming if you want to write exploits, or programs.

Exploit code can easily be used, as you can easily get hold of the code, copy, past and execute it.

I think a certain level of programming knowledge is required for ethical hacking. Not every engagement will be as straightforward as find hole, run script. If your only tool is a hammer every problem will look like a nail and you'll get quickly frustrated when it doesn't work.

Programming is much more than writing programs. One big bonus is that it enables you to understand code that you find. I am not a PHP coder but I can read PHP scripts and assess them because my programming experience allows me to. Many languages share a common ancestry that knowing one can help you understand another even if you can't code with it.

On the point about exploit code you should always cast a wary eye over it before you execute it. It is now unknown for exploit writers insert deliberate mistakes into exploit so that the reader is force to fix it before it will work. Even worse it may contain malicious code that will end up 0wning you if your not careful.

Jimbob
<<

slimjim100

User avatar

EH-Net Columnist
EH-Net Columnist

Posts: 385

Joined: Wed Nov 08, 2006 12:50 pm

Location: Atlanta

Post Wed Mar 21, 2007 8:18 am

Re: Do you need to know programming to hack?

Jimbob Very good points!

I agree you should understand how to read code at the very minimum and it's always good to know how to code. There are so many areas in the network security field you may not have to worry about coding so I would just say the more you know the better off you will be. There is no check list to becoming a security professional (or a hacker). Any job field in IT now has a security aspect so just pick what interests you and learn to apply a security mindset to that job.

my 2 cents

Brian

(aka Slimjim100)
CISSP, CCSE, CCNA, CCAI, Network+, Security+, JNCIA, & MCP
<<

LSOChris

Post Wed Mar 21, 2007 4:24 pm

Re: Do you need to know programming to hack?

knowing how to code a bit will help you from making a boo boo and running some evil code like the latest new "Apache 1.X Remote Buffer Overflow getRoot() Exploit"
Next

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 2 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software