.

The Path to Hacker Mastery

<<

Novice hacker

Newbie
Newbie

Posts: 43

Joined: Sun Apr 08, 2012 6:45 am

Post Sat Apr 14, 2012 6:45 am

The Path to Hacker Mastery

Hi guys!  :)

I'm Novice hacker and I'm new to the site. My first few posts came on somebody else's thread. (This was because I didn't know how to create my own thread then.)

Anyway, my last post was regarding the basic knowledge needed before proceeding to the topics mentioned below.


Read everything you can.  Read other hacking books--Hacking Exposed, Counter Hack, Hacking: The Art of Exploitation.  Read networking books--TCP/IP Illustrated, Odom's CCNA guides.  Read programming books (pick a language).  Read other security books--The Web Application Hacker's Handbook, The Shellcoder's Handbook, Inside Network Perimeter Security, Network Intrusion Detection by Northcutt and Novak, The Tao of Network Security Monitoring, Applied Cryptography, Understanding Cryptography by Paar and Pelzl. 

For certs, the CISSP is required/desired for a lot of positions, especially if you push toward management but it requires five years of experience so it's something to look at down the road but not now.  Many postings ask for the CEH so it's worth getting for that reason alone.  The SANS certifications probably don't show up in as many postings as the CEH but they are generally more respected by tech folks.  Look at GSEC, GCIH, and GPEN.  The OSCP is one of the most respected certs among pen testers as far as I can tell, but it won't help you much with HR/business folks since they don't seem to know what it is.

Learn Python to start with.  It's easy to learn, powerful, and great for developing small scripts, automating tasks, and parsing data.  You'll also need to develop some knowledge of Javascript and C, at least to be able to read code snippets.  You should know how to do basic SQL queries.  It's hard to be proficient in multiple languages unless you program a lot.  Focus on getting good with one (again, Python) and then learn to read and make small tweaks in others.  If you get to where you feel like you're really good with Python and want to start working on a second language in earnest, go ahead.
    -posted by unicityd.


Thanks a lot for your information and the amount of time you took to write it    :)  I found it very helpful.

But could you or anybody please mention what basic knowledge I would have to possess before I proceed to reading those books. And also please mention how to obtain that knowledge (like through  what books)

Thanks in advance
<<

Novice hacker

Newbie
Newbie

Posts: 43

Joined: Sun Apr 08, 2012 6:45 am

Post Sat Apr 14, 2012 7:27 am

Re: The Path to Hacker Mastery

Oh and I also would like to know if the info sec experts out there
approve of the following approach recommended?

http://www.infiltrated.net/pentesting101.html

Do you feel this is the best method or is there any changes or anything to add to this list?

Thanks for your contributions.
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1661

Joined: Mon Jan 29, 2007 2:59 pm

Post Sat Apr 14, 2012 7:42 am

Re: The Path to Hacker Mastery

I can tell you, sil's approach (the link you gave,) is very well organized, and I'd agree with the outline he has.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

unicityd

User avatar

Full Member
Full Member

Posts: 170

Joined: Wed Sep 03, 2008 5:33 pm

Post Sat Apr 14, 2012 12:15 pm

Re: The Path to Hacker Mastery

But could you or anybody please mention what basic knowledge I would have to possess before I proceed to reading those books. And also please mention how to obtain that knowledge (like through  what books)


Before you start reading books on hacking and security, you should have basic OS and networking skills.  Sil's link that you posted includes these general IT skills you need but it may be a little fast-going if you're really new.  Take a look at his page again and ask yourself how you feel about what he wrote.  If it seems too difficult, start build some basic skills and come back to it.  If it seems right at your level, then follow it and ignore the rest of my post.

For building basic skills:

I would suggest reading some books and playing around in a lab environment to get comfortable with Windows (Server), Linux, and TCP/IP.  I don't know what a good introductory book on Windows Server is; check reviews on Amazon.  At any rate, setup a VM and install Windows Server 2008 (or '03).  Find a basic book and mess around with it until you feel comforable configuring it and setting up services.  You'll also want to learn a Unix OS.  Most people start with Linux although FreeBSD is also very good and is my first choice.  Pick one, install it, play.  For a Linux book, I think How Linux Works provides a pretty basic introduction.  You can also find tons of tutorials online.  For FreeBSD, get the book Absolute BSD by Michael Lucas.  On the networking side, I recommend starting with the CCNA books by Odom if you want to learn Cisco too or TCP/IP Illustrated vol. I if you want to go deeper with TCP/IP first.  You'll probably read both eventually so if you're not sure, start with Odom.  It's okay if you don't finish the entire books at this point.  It's probably best if you do, but I think it's okay for people to jump around.  If you start getting the hang of networking and want to go play with Linux or read a first security book rather than learn more about routers and switches or more advanced TCP/IP topics, go ahead.

For TCP/IP, you need to understand the OSI layers and the purpose/basic functioning behind Ethernet, IP, TCP, UDP, ICMP, DHCP, ARP, and routing protocols (you don't need to know any specific routing protocols to start, just the concept).  You should know how to subnet and understand how traffic gets from your local network to another network across the Internet.

For Linux/Windows, you should know how to install the OS, add/remove/edit users, move around on the command line, configure basic services (ftp, ssh, mail), and update software.  On Linux, you need to be able to pipe and redirect commands, use tar and gz, and know how to create a shell script.  On Windows, you should know how to join a computer to a domain and how to set something in group policy or the local policy. 

Eventually, you'll need to know a lot more than this, but this is enough for you to start reading security/hacking books and understand most of what is being discussed. This way you can experiment as you read and compare what you're reading with what you're actually seeing on the OS.  This is also enough that you can start working on Sil's plan in earnest.  His plan seems designed to turn you into a competent system or network admin who is starting to focus on security.  The things I've suggested will only bring you to a more basic level assuming you don't have some general IT skills already but are not enough to establish the foundation you'll need as a security (or networking/systems) professional.

Good luck.
BS in IT, CISSP, MS in IS Management (in progress)
<<

Deadpool614

Newbie
Newbie

Posts: 27

Joined: Sun Apr 01, 2012 7:59 am

Location: 'Merica

Post Sat Apr 14, 2012 12:49 pm

Re: The Path to Hacker Mastery

Welcome to the community NH :)
CIO/G-6 C|EH ....Taking the first steps down a long path.
<<

Novice hacker

Newbie
Newbie

Posts: 43

Joined: Sun Apr 08, 2012 6:45 am

Post Sun Apr 15, 2012 7:13 am

Re: The Path to Hacker Mastery

Thanks, everyone.

I made a stupid blunder again.

I typed a HUGE message (a reply ) that took me hours to think about and type and when I clicked reply it took me to the login page(I knew there was something suspicious when I left the "Time logged in check box ticked at 60 mins........:()

Now is there ANYWAY to retrieve that message? Or am I back at square 1?...........:(
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1661

Joined: Mon Jan 29, 2007 2:59 pm

Post Sun Apr 15, 2012 9:47 am

Re: The Path to Hacker Mastery

Sorry Novice hacker.  You're back to square one.  Has happened to most of us, before.

Suggestion, for longer posts, write them in notepad or something, first, and then copy / paste into your post.

Cheers, and good luck!
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

Novice hacker

Newbie
Newbie

Posts: 43

Joined: Sun Apr 08, 2012 6:45 am

Post Mon Apr 16, 2012 5:36 am

Re: The Path to Hacker Mastery

@haybusa

Thanks for the advice, it was comforting to read...

I've changed the time logged in from 60 to 0. And I checked the Always logged on checkbox....Am I free from danger now?

@deadpool  Thanks! I love this community. All the members are SO helpful.
<<

Novice hacker

Newbie
Newbie

Posts: 43

Joined: Sun Apr 08, 2012 6:45 am

Post Mon Apr 16, 2012 6:58 am

Re: The Path to Hacker Mastery

@ unicityd

This is most of what I could remember of my original post(which is no longer here.:()


Before I address your reply, I would like to thank all of the members who helped me. And a special thanks is due to unicityd (your posts have almost EXACTLY what I'm looking for)

Thank you VERY MUCH for your suggestions. I am sure it will help me a lot since now I actually have a PLAN of what to do.

Now onto the main part.....

Before you start reading books on hacking and security, you should have basic OS and networking skills.  Sil's link that you posted includes these general IT skills



I'm not in the IT industry yet. I will soon go to college and my PLAN is to MASTER the basics of hacking right now and then proceed to actual concepts the next year onward or so.

I would suggest reading some books and playing around in a lab environment to get comfortable with Windows (Server)


1) Can you please explain why it is necessary to learn Windows server and what use a hacker has for it?


"On the networking side, I recommend starting with the CCNA books by Odom"


2) Is Odom's book a 'complete reference' to networking and will it teach me all I need to know about neworking?(Everything?)
Or is it just used to prepare for the exams?

"For TCP/IP, you need to understand the OSI layers and the purpose/basic functioning behind Ethernet, IP, TCP, UDP, ICMP, DHCP, ARP, and routing protocols (you don't need to know any specific routing protocols to start, just the concept).  You should know how to subnet and understand how traffic gets from your local network to another network across the Internet."


3) Doesn't that mean I need to understand the OSI layers FIRST?(Before I start learning TCP/IP?)

4) Do you know any GOOD and CHEAP books about the OS and its working? (Most of the books that I saw on amazon were $100+)

5) Is all the information above included in Odom's book+TCP/IP illlustrated? (Can I learn all of this from those 2 books?)

"For Linux/Windows, you should know how to install the OS, add/remove/edit users, move around on the command line, configure basic services (ftp, ssh, mail), and update software.  On Linux, you need to be able to pipe and redirect commands, use tar and gz, and know how to create a shell script.  On Windows, you should know how to join a computer to a domain and how to set something in group policy or the local policy.  "


I already know some of this stuff, I will work on learning the remaining.

"This is also enough that you can start working on Sil's plan in earnest."


6) So,I should work on the skills you mentioned BEFORE I work on Sil's plan? (i.e. I shouldn't start on Sil's plan until I have learned everything mentioned above?)

Once again, I am EXTREMELY indebted to you (unicityd) for the immense amount of time you must have spent to help address my queries.


And thanks again everyone  :)
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Mon Apr 16, 2012 9:03 am

Re: The Path to Hacker Mastery

If you're on a budget for books, check out Safari: http://my.safaribooksonline.com/ That will allow you to access 10 books per month for $20 (or unlimited if you want to pay more). This should get you access to all the Cisco Press, MS Press, etc. books you can use to get started.

For good Windows books, check out the Unleashed, Mastering, or Inside Out series.

For Linux ninjutsu:
Practical Guide to Linux Commands, Editors, and Shell Programming, A (2nd Edition)
Linux Command Line and Shell Scripting Bible, Second Edition
The day you stop learning is the day you start becoming obsolete.
<<

ziggy_567

User avatar

Sr. Member
Sr. Member

Posts: 378

Joined: Tue Dec 30, 2008 1:53 pm

Post Mon Apr 16, 2012 9:40 am

Re: The Path to Hacker Mastery

1) Can you please explain why it is necessary to learn Windows server and what use a hacker has for it?



If you're going to attack something, its helpful to know a thing or two about it. As a pentester, I attack a whole lot more Windows than Linux/Unix.
--
Ziggy


eCPPT - GSEC - GCIH - GWAPT - GCUX - RHCE - SCSecA - Security+ - Network+
<<

unicityd

User avatar

Full Member
Full Member

Posts: 170

Joined: Wed Sep 03, 2008 5:33 pm

Post Mon Apr 16, 2012 10:38 am

Re: The Path to Hacker Mastery

Novice,

Odom's CCNA book + TCP/IP Illustrated will teach you a great deal about networking.  I believe both cover the OSI model.  Odom's book will teach you the basics of TCP/IP, but will not teach you all of the low level details you need to understand the techniques used for network mapping, remote OS identification, IDS evasion, or analyzing traffic.  It does, however, teach you about configuring and managing network device.  TCP/IP Illustrated will give you the background needed for those tasks but will not teach you about managing switches and routers or about routing and switching protocols.

With regards to Windows Server:  you need to be able to do more than just run an exploit program against a target.  You need to know how to use the target system so that you can execute local attacks to escalate your privilege and/or use the target system as a foothold into a network so that you can attack other systems from it.  You also need to be able to recommend changes to the system to fix the vulnerabilities that you find.  It's okay to be a Linux/Unix specialist with some Windows skills or vice-versa, but you're selling yourself short if you don't have some proficiency with both.

With regards to Sil's plan: I suggest starting with what I said first.  While Sil's plan does include things such as OSI, it also jumps into the more advanced Cisco material early on.  For someone already working in the field, that could work well. For someone who is just starting out, reading Odom's books and TCP/IP Illustrated first will give  you the background knowledge you need to understand the Cisco network security and routing books.  He suggests something similar to what I did for setting up and OS and playing with it, but he suggest attaining a much higher proficiency than I did.  I don't disagree with him; I'm only saying you can read some of the hacking/security books before becoming a proficient sysadmin.  You still need to learn everything he says and the hacking/security books will make more sense when you do. 

There is no one-size fits all path or plan.  I think what I suggested is probably the best start for someone at your level.  Someone more advanced should just jump into Sil's plan.  Someone already at an advanced level with networking or system administration might do some parts of Sil's plan and skip others that he is already proficient at.  As you go, you need to think about what you want to do, what it takes to get there, and where you're at now.  You can jump ahead a little bit at times, but if you neglect the basics you'll get stuck eventually.  If you're going to be a pen tester, you need a very broad knowledge.  If you're going to specialize in something like web application security, Cisco networking or databases, you will probably end up focusing more and neglecting some of the other areas.
BS in IT, CISSP, MS in IS Management (in progress)
<<

Novice hacker

Newbie
Newbie

Posts: 43

Joined: Sun Apr 08, 2012 6:45 am

Post Tue Apr 17, 2012 6:22 am

Re: The Path to Hacker Mastery

@ajohnson

Thanks but, is there any place where I can get the printed version(not e-books) of cheap books?
And thanks for the book suggestions too.

@ziggy

If I have to learn Windows server(I don't need to learn about the Windows OS then?) than do I have to learn about Linux servers too? (Most of the book suggestions here are for the Linux OS right?) Please clarify on that, thanks.

@unicityd

TCP/IP Illustrated will give you the background needed for those tasks


Is the content mentioned in this book enough to actually apply the above skills? (etwork mapping, remote OS identification, IDS evasion, or analyzing traffic.) (Or do you recommend a separate book?

to understand the Cisco network security and routing books


I'm sorry but could you please mention the actual books? (I've found many similar titles)

If you're going to be a pen tester, you need a very broad knowledge.


As a penetration tester, will I be writing my own exploits or will I just be using tools?

Thanks once again for the treasure trove of knowledge you have bestowed upon me :)
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Tue Apr 17, 2012 7:40 am

Re: The Path to Hacker Mastery

I get most my used copies from Amazon, but I've had luck with half.com too.
The day you stop learning is the day you start becoming obsolete.
<<

ziggy_567

User avatar

Sr. Member
Sr. Member

Posts: 378

Joined: Tue Dec 30, 2008 1:53 pm

Post Tue Apr 17, 2012 7:56 am

Re: The Path to Hacker Mastery

If I have to learn Windows server(I don't need to learn about the Windows OS then?) than do I have to learn about Linux servers too? (Most of the book suggestions here are for the Linux OS right?) Please clarify on that, thanks.


If I'm reading that correctly, you're distinguishing Windows Server from an OS?

Windows Server IS and OS. Today, you will typically see either Windows Server 2003 or Windows 2008 R2, although I see Windows Server 2000 every once in a while still. You should know these OS's very well. Additionally, I'd learn Windows XP and Windows 7 too as most of the workstations you'll be attacking will be one of these.

For Linux, you need to be at the very least moderately fluent in the commands and how the OS works. I'd argue, though, (especially if you're using Linux as an attack platform) you should be just as fluent in Linux commands as Windows.
--
Ziggy


eCPPT - GSEC - GCIH - GWAPT - GCUX - RHCE - SCSecA - Security+ - Network+
Next

Return to Greetings

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software