.

help

<<

H1PPY

Newbie
Newbie

Posts: 3

Joined: Fri Mar 14, 2008 12:11 am

Post Fri Mar 14, 2008 12:25 am

help

ok so i want to learn like the basics of programing and hacking and then move on from there but i don't know where to start.
<<

shawal

Jr. Member
Jr. Member

Posts: 88

Joined: Mon Mar 10, 2008 1:24 pm

Post Fri Mar 14, 2008 1:52 am

Re: help

H,
Welcome onboard. Start with the things you enjoy most, if you like to delve deep into the system, system and network programming in C could be good. if you do not know a programming language try learning Java and Java script, Web programming is another area that is quite hot at the moment. one good book i have seen that cover the start areas of security very well is "Hacking, the art of exploitation" I have not checked the 2nd edition, i might as well do. what current system, network, programming, mathematical skills do you have?
RHCE, GIAC GCIH.
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Fri Mar 14, 2008 3:24 am

Re: help

H1PPY,

I'll start with the programming aspect of your questions as thats where I got started. I'd recommend that you try to find a small project that you want to complete, I've found that nothing can be harder than trying to learn programming for the sake of programming. If you've got a project it will give you something to work towards, keep you focused and ultimately give you a sense of achievement as you complete various aspects of the project. From experience though, when starting out don't be afraid to through a project away if you realise you should have done it differently. Start again and use what you've learnt to build a better solution and learn more along the way (assuming you haven't got a boss looking over your shoulder.)

Whilst I'd agree with shawal that C (and derivatives) is a good language for systems and network programming, it can be a scary place to start. I've known several programmers and lecturers who advocate the use of web based coding for learning as it is easy to get interaction with the program without a lot of 'black magic'. Personally I think that the intergration between presentation and application logic can be confusing and the lack of structure can allow you to form bad programming habits.

For a starting point I'd recommend trying Visual Basic, although you'll probably want to graduate to a more 'advanced' language after you known the basics, VB can be a great starting point to learn to code and common programming structures. After all, BASIC was originally designed as an educational tool.

As you can probably guess from my response, there is no 'right' language for any programmer, or any situation. From reading your post I'm assuming that you are just starting out, if possible enrol an an introductory programming course. The guidance and assistance from an experienced programmer can make a large difference in your rate of learning and overall proficiency, possible making the difference between you being a 'code hacker' or a programmer.

If you know other programmers, try using the same language and toolsets as them, hopefully they should be able to offer assistance and recommendations whilst you are setting out. It can also be a nice sense of achievement and indication as to your progress when mentors who taught you the ropes starting asking for assitance and thoughts from you for their projects.

For the hacking aspect of your question, I'll mostly leave that to more experience members of this forum. Most of the recent books published should give you a good start, for a complete new entrant into the field Hacking for Dummies and Hacking Exposed seem to be the most accessable and are often recommended. Don't forget about Google aswell, should be every hackers best friend ;)

Good luck
<<

shawal

Jr. Member
Jr. Member

Posts: 88

Joined: Mon Mar 10, 2008 1:24 pm

Post Fri Mar 14, 2008 5:36 am

Re: help

H1PPY,

I do not totally agree with the visual basic as an introduction to programming even though my introduction was BASIC. BASIC is a mess, does not strict you to learn proper data, and programming structures.BASIC is good for prototyping and getting things done quickly, however depending on Interest and platform that will be used I would change that for either Ruby/python scripting languages, they are simple multiplatform (including the web programming if you want to consider ROR), I would add perl too as there are lots of scripts that are already written in perl, however i hate it  :(
some URLs to get you started on Security Basics can be found in here:

https://www.sans.org/reading_room/whitepapers/testing/
https://www.sans.org/reading_room/whitepapers/basics/

and of course David Wheeler document in secure programming http://www.dwheeler.com/secure-programs/, probaly it is not what you asked for, however take a look at it, and bookmark it for future reference

browse the older forum subjects, and most likely you will several interesting answers with different point of views to your question

W.
RHCE, GIAC GCIH.
<<

H1PPY

Newbie
Newbie

Posts: 3

Joined: Fri Mar 14, 2008 12:11 am

Post Fri Mar 14, 2008 7:18 pm

Re: help

shawal wrote: what current system, network, programming, mathematical skills do you have?

none at all...programming i only no sum php and wut u mean by mathematical skill
<<

shawal

Jr. Member
Jr. Member

Posts: 88

Joined: Mon Mar 10, 2008 1:24 pm

Post Fri Mar 28, 2008 2:53 am

Re: help

php is a good start if you want to pursue programming, however make sure you read articles about php security, or even better get a php security book.

Math skills as in interest in decoding/encoding encryption, statistical analysis type of skills or interest in researching these kinds of topics
RHCE, GIAC GCIH.
<<

blackazarro

User avatar

Sr. Member
Sr. Member

Posts: 368

Joined: Sun Aug 13, 2006 5:31 pm

Post Fri Mar 28, 2008 11:16 pm

Re: help

and of course David Wheeler document in secure programming http://www.dwheeler.com/secure-programs/


Hey, thanks for the link! Looks like a good read.
Security+, OSCP, CEH
<<

Kraxor

Newbie
Newbie

Posts: 4

Joined: Mon Mar 31, 2008 5:00 am

Post Mon Apr 07, 2008 5:13 am

Re: help

Hello  i think you first start with basic things like TCP/IP-"what's this" and all basic articles from google for network. Then start learning C++ ..
Am... C++ is more flexabile than C... You can start Learning C++ without to know C.


Sry for my english it's not so good... i think you understand me ...  8)
<<

shawal

Jr. Member
Jr. Member

Posts: 88

Joined: Mon Mar 10, 2008 1:24 pm

Post Mon Apr 07, 2008 10:57 am

Re: help

Kraxor,
Java would be suited better if are thinking Object Oriented Programming. C++ is more flexiable and complex than C, it is more extensive. C is simple, the only complications peopel have with C is pointers, however for system programming, and for security purposes it is much stronger to program in C. saying so could be also misleading as i see metasploit among other applications are written in Ruby, some others are written in python. so i again emphasize to learn programming you can start from any where, whoever this will affect the way you model and design your prorgams, if you start with python or ruby, this would be a very nice neat choice as you will think in objects, and in python you will produce a very readable code, while in ruby your code will be short and will make sense :)
RHCE, GIAC GCIH.
<<

vijay2

Full Member
Full Member

Posts: 220

Joined: Wed Mar 28, 2007 6:22 am

Post Mon Apr 07, 2008 11:11 am

Re: help

I would say learning a programming language is not a absolute requirement for ethical hacking though it would help after who have had got down the advanced TCP/IP skills and all the networking concepts. I would say, you should be proficient in advance TCP/IP and networking concepts and protocols first before you learn coding for ethical hacking.

Thats just my 2 cents.
GPEN GCFA GCIH CISSP CISA GSEC OSCP C|EH Security+
<<

shawal

Jr. Member
Jr. Member

Posts: 88

Joined: Mon Mar 10, 2008 1:24 pm

Post Mon Apr 07, 2008 11:32 am

Re: help

vijay2,

I do have a different opinion in here, scripting as an automation tool, and understanding exploits, and controling security tools from workflows, or control programs will differentiate an ethical hacker from a script kiddie big time. I do agree with you that network, and system administration are a must have skill, and i do see trend in system admins these days not to script things, and get away with it. however to understand what is going on a Linux/Unix system shell scripting is a must have skill.

my 0.02
RHCE, GIAC GCIH.
<<

vijay2

Full Member
Full Member

Posts: 220

Joined: Wed Mar 28, 2007 6:22 am

Post Mon Apr 07, 2008 11:52 am

Re: help

I think you are just taking this all wrong, programming language (ruby, python, C etc ) and system programming (shell scripting, windows command batch files, wmic) are 2 different things, for ethical hacking its better to be proficient in the automation with native commands is much more important than know how to code in other language and compile them. You rarely have that option. Publicly available exploits always needs to be modified and complied on the target system most of the time and you are making a assumption that you will have the required  compiler is available there. 

All I will say is never there never a good or bad OS, its just a personal choice and a opportunity.
GPEN GCFA GCIH CISSP CISA GSEC OSCP C|EH Security+
<<

Kraxor

Newbie
Newbie

Posts: 4

Joined: Mon Mar 31, 2008 5:00 am

Post Mon Apr 07, 2008 11:58 am

Re: help

Good system administrators make own patches :)........... First exploit then fix ...
To exploit you must "read" the source code.... i speak for OPEN Source right now ...

if you think Administrator do ./configure ./install ./blabla ./run  :o hope you will not Administrate my network

All is linked... . This is the true, you cant start from - ][Half --->Top

you start from - ][nothing ---> Half -----> Top this is very long process...
To become good you need time ...
Time is money ....
You cant rollback the time ...
so TIME > ALL












Shawal you are right but as i say this is my thinking ... Ruby and python are good too but C++ is the best.... you can do things like Ruby and Python but rly it's more hard.... but you can do all and ++++++ extras... that you cant do in Ruby and Python. But all is require sense and "what you want to do like a Programmer" Im beginer in Programming so i can say BIG WORDS.... but this is my opinion.
<<

g00d_4sh

User avatar

Sr. Member
Sr. Member

Posts: 394

Joined: Tue Sep 18, 2007 1:50 pm

Location: Guayaquil, Ecuador

Post Tue Apr 08, 2008 8:19 pm

Re: help

Not overly related to the original post, but something I found rather entertaining related to C++

http://its-different.blogspot.com/2008/ ... rview.html

I remember reading this a long while ago, on a different spot, and I actually saved the original.  I dont' remember where I found it, this is a copy though.  Anyway, it's an interesting read for you code monkeys.
"Bad.. Good?  I'm the guy with the gun"
<<

shawal

Jr. Member
Jr. Member

Posts: 88

Joined: Mon Mar 10, 2008 1:24 pm

Post Wed Apr 09, 2008 12:04 am

Re: help

vijay2,

so you would like to use an exploit without being able to dissect it? most Linux boxes will have python/perl by default, most webserver will have php/asp by default. in windows you will have the cmd.exe , wmic, among other new shells, and sometimes you will be lucky and get a cygwin

the development environment does not have to be complex, scripting is about simplicity.

I never made the assumotion that you will need the compiler on the victim machine, however if it is there he/she is only to be blamed to make your job easier, same applies if he/she provides a tftp client, or vnc. even worst netcat or some sort of netcat functionality

any security topic is not limited to one thing and no one person can master all skills.  so ethical hacking is a wide domain where several skills can be usefull, the more you have them in your utility belt or hacktool box, the more resourceful you are, however this is only valid if the skills of how to use them goes along with the tools availability including coding

have a nice day
RHCE, GIAC GCIH.
Next

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software