Hi people!
I have been interested in hacking for a quite a while now. However, I never really had time to start. Until now. So, I have been reading some guides from here - the one about Linux from occupytheweb, for instance - and reading in general about networks. But I don't know if this is the right way to start or not. My aim was to read a lot of guides about more basic stuff not directly related to hacking (linux, network, etc) and only then, after having a grasp of all the more basic stuff, I would start using Kali hacking tools and following more specific guides.
However, I do have some experience in coding (mostly python but not cybersecurity related) and I usually learned everything by actually trying to do something. So, my biggest question is what do you recommend? Learn linux and a code language (I'm assuming one is not enough? Is it python a good place to start?)?
My second question is: how do you distinguish a script kiddie from an actual hacker? For instance, a lot of people rely on Kali tools - does that make them script kiddies? When do you really start to need to create your own scripts? Or are script kiddies just people that hack brainlessly, without actually understanding the concepts behind what they are doing?
Now related to security: when just learning and hacking your own computers, is VPN the only thing that you need to stay secured (or maybe you don't need anything at all?)? When do you really need to start going to coffee shops and using VPN and Tor all together? Anymore tips to stay anonymous and safe from detection? I know that there is no way to stay 100% anonymous, but do you people have any suggestions?
Another thing related to this. I would assume that white hat hackers can pretty much forget staying anonymous since they are not doing anything illegal (am I wrong?). But when do you hit the point where anonymity is essential? When you start doing really heavy crimes (like bank hacking)? Or hacking a third party (like a neighbor or a friend) without consent is already a huge deal to require a lot of precaution? For instance, I would imagine that for this last scenario a VPN, Tor, and public internet hotspot would be enough - am I wrong though?
I know that I have a lot of questions - but thank you if you lose your time trying to help me :)
11 Responses
Python is a good language since a lot of scripts are coded in python.
I guess everyone has their own definition of script kiddie. Mine would be just someone who be's a dick and boasts just because they can hack something without knowing the stuff behind it. If you're learning and not boasting or being a dick then you're not really a script kiddie, everyone starts like that.
Always use a VPN for anything to do with hacking, and if you're going to hack a big site (use your common sense to determine) then yeah go to a shop far away and use TOR. It's slow but it's faster than waiting in prison for 5 years or so. Get a paid VPN that doesn't keep logs and make sure it doesn't have a DNS leak or IPv6 leak or other vulnerabilities. NordVPN is good imo. You should just try to anonymize yourself to the fullest extent no matter what really. TOR isn't always needed but it's always gonna give you that extra bit of anonymity at the cost of speed.
There are other ways your anonymity can leak like xss, zero day exploits, beef hooks etc. Most good browsers will protect against this however there's not much they can do about zero days. The FBI raided a child porn site and hosted it with some malware to find the real public IP of the users and found 8000 IPs. I think this had been patched but they were using an older version of TOR, so update your stuff too.
Thanks for the help!
Python is a good first programming language as it is easy to learn and really powerfull for making scripts.If you want to go in creating malware C++ is a good choice (but you can make malware in really any language),C interacts with hardware ,if you want to go in reverse engineering C and assembly is a good choice
My opinion about script kiddies is that they just use an os like Kali Linux and use the tools withuot actually knowing what they do.They don't really care about hacking and just want to look cool.
About anonimity i see a lot of posts saying that you should use virtual machines (i think different connections are going through them ),also using a vpn is good choice atleast if you trust one,there was a case that a vpn service in the us was controlled by the govorment and users where exposed(don't know the whole story),proxy's is a good idea
Thanks!
Phew....where should I begin? I started from ground zero with no experience in IT 3 years ago. At least you're ahead of where I was because you have scripting knowledge. First off, have you already set up a Kali VM? If not, you should definitely do so. Also download and install Metasploitable. You can attack metasploitable using Kali and there are a ton of guides out there that will take you through the process. A good resource is http://computersecuritystudent.com . Specifically it will walk you through the process of installing your Kali VM. It also has a lot of other great tutorials. I signed up for the $10/mo access to all tutorials and it made a huge difference in my skill set and knowledge quickly.
A second reference is http://cybrary.it. <-- You can take their ethical hacking course and then their advanced penetration testing course, the latter being based on the book 'Penetration Testing for Highly Secured Environments'.
Using these two resources will definitely get you on your way.
The difference between a script kiddie and an actual hacker is hackers write their own exploits, etc. As long as you're running other people's exploits, you are considered a script kiddie.
Correct, white hats don't need to worry about anonymity for the reasons you explained. Anonymity comes into play when you're poking around in places you're legally prohibited against poking around in. At this point you would need a paid VPN service. I use private internet access. The cost is very low and worth it. On top of that you can use a proxy or proxy chains to be extra careful. When you get to know what you're doing, sometimes you can't help but poke your nose where it shouldn't be poked just out of curiosity. There's been a number of occasions where I have done so only to find something serious was going on with their security (or lack thereof). If I like the company, I whois the site and send the website's admin an email heads up about the issue. Even though technically I was doing something illegal, every site I've done this for have been very grateful. I guess that would make me a gray hat.
I eventually went on to obtain my C|EH which is an entry level certificate just so I could have some official credential to get my foot in the door considering I had zero IT experience. I passed in May with 85% using the resources I've provided along with http://skillset.com.
Best luck to you!
Thank you for the resources, I will be sure to check them out.
Just one question: I did installed Kali in an old computer - but I'm using it as my primary OS. What advantages are of having Kali as a VM? To be completely clear, this computer is only being used for Linux learning, programming and, later on, hacking - so, there are no visits to social media websites or movies or photos or anything like that in it. Should I still use Kali as a VM?
Many thanks for the help.
Kali is just a custom Debian distribution with preinstalled tools. Everything from Metasploit to Snort can be installed on more or less any Linux distribution.
ghost_
There is no advantage to using a VM as opposed to using Kali as your primary OS. Having it installed as your main OS is the ideal set up. That's what I have. I've used it as my primary OS since the day I installed it and it's helped me learn sooooo much. Just make sure you aren't using it as 'root'. If you use it as root, and screw something up (and you will), it will break your system and you'll be forced to reinstall. I learned this the hard way. I can't tell you how many times I've had to reinstall Kali following a screw up. Probably at least a dozen.
People dont recommend Kali as main OS because it use root account. If you are not familiar with linux, and you are using it as main, you can screw your os, for example, you can delete system itself. I hope you understand. Cheers
A good way to start is to get computer fundamentals down. This will help lay foundational knowledge which you can, and will, apply later on down the track.
Learning how to code is a big step in the right direction. You'd be correct in assuming that learning how to use Linux and how to script isn't actually enough, but again, foundational knowledge. Get the basics down and you'll find learning more and more advanced concepts easier. Also learning different languages will help you to identify flaws within other people's code which you can then exploit.
The definition varies from person to person, really. I see a script kiddie as someone who downloads tools with limited knowledge on how to use them effectively and how they actually work, then will boast about their "l337 h4c|<1ng 5|<illz" or whatever. They have no interest in learning anything and want to take the quick and easy way. Simply using tools that other people have developed doesn't make you a script kiddie, just like how a builder using a hammer someone else has made doesn't make him any less a builder. They're tools, they're there for you to use, but don't let them define your skillset.
If you're hacking your own machines, you do not need to use a VPN. However, using a VPN on an unsecured network is always advised, hacking or not. Another tip will be to use a proxy or proxy chain as OccupyForEles has stated, but be aware, that the added layer in security trades overall network speed.
You'd be correct in your assumption about white hats. I would say that any time you're hacking a system that you do not own or have implicit permission to do so, do it anonymously.
ghost_
Well I am always on that mindset "Use premade tools be a skiddie" that is obviously wrong....
Share Your Thoughts