The Absolute Beginner Hacking Tutorial

The Absolute Beginner Hacking Tutorial

The Journey to Unskilled One's Mind

- Oath:

Great. So you want to be a hacker. Another kid. Like there isn’t thousands of you bargaining in every month expecting to get their stupid, discussed-to-death, question, or even better, ask about the shit HF marketers feed you over there at the stickies. If you’ve began reading and at this point already - Houston, we may have a problem. Somebody’s using his brain. In Hack Forums that’s usually considered the taboo. Pay for a crypter, pay for a RAT, buy some slaves, upload more builds to # hoping to catch more sleazy 13 year olds masturbating to sleep and choking off their own saliva. Follow the hive mind. Read more stickies, and believe you’re in the best hacker community in the world. Debate more about ctOS vs LuminosityLink and suck some more dicks.

Or continue reading.
*Melodramatic que*

Now in these sort of write-ups the first spark of thought makes you question who wrote this bullcrap and who does this kid think he is. Great point, besides being here a little bit more and sleeping 24/7 he is nobody special. He can not dictate what’s good or bad, he is not an expert - he isn’t even good, for goodness sake. He’s just expressing an opinion and is willing to have it debunked which will probably happen. Until that happens, give him a shot. He worked some days for this thread, and he thinks he deserves one full attention span of yours, at least.

Back to our point: You want to be a hacker. Read my first paragraph again if you didn’t get my point, but I showed a mentality there. A hacker hacks, not uses. he is usually not the designated crowd for which the product was designed for; he tinkers, checks, learns, observes, understands, comprehends, analyzes and does more shit that describes what people refer to “smart” nowadays. That’s a hacker. What I wrote about in the first paragraph is a user. A tool. if you’re not a tool, great, if you are: you can still be saved. Simply understand you’ve done nothing but ultimately waste your time pretending to be something you’re not. Well, until now, that is.

Hacker is a word that is infected, infested to the bone by the media. Sometimes a hacker is somebody that used DNS zone-transfer attack to pull the inner subdomains of a website accessible only to the localhost, to bypass the IP restriction using a simple LFI inner resource request (Found on the main site) of which the host can be altered, revealing the site’s infrastructure to the point of which allows the attacker to pull the DBMS details on some dusty mysql_connection.php. Copying the IP, then run the known 2012-found MySQL Brute-Force exploit elevating to the MySQL root user on the public service on the badly-configured VPS node somewhere up in france, then using an INTO OUTFILE query to write into a discrete file on another linked subdomain a PHP file marking off a backdoor with code execution for later usage.

“Another one down”

And it’s also somebody that placed some automatically generated keyloggers on his local school computers, managed to grab his teacher’s PayPal and is now held under parental custody.

Ask yourself who is more interesting here. 

The answer is the key of whether you’ll actually continue to learn or “pick something up, try it out, and put it down two-minutes later".

The Path Less Traveled

The art of exploitation is divided to some main categories.
A lot of people categorize them differently, so obviously expect arguments, opinions, different ways etc here.
This how I separate them:

1. Website Application Exploitation
2. Code Injections, server-sided attacks, client-sided attacks, Phishing, defacement, Web firewalls, shelling, reverse connections, escalating to server, enumerating applications, platform research
3. Networking Exploitation and Penetration Testing
4. DoS (And DDoS), Protocol weaknesses (UDP, DHCP, ARP), MITM, seasoned attacks, cryptographic weaknesses, machine forensics, server hacking, server hardening, networking configuration, cloud work, p2p and p2s, scanning and fingerprinting, enumerating, forming payloads, etc
5. Game Hacking/Malware Development
6. Game Hacking: Reverse Engineer games, game engines, and Anti-Cheat applications, lead how to read memory addresses, and find correct values to modify, build wallhack & aimbot, fake human interaction and AI, work with DirectX / OpenGL and graphical handling.
7. Malware Development: Reverse Engineer Anti-Malware products, Work with obfuscated networking procedures, learn WinAPI and Windows, fake user interaction, embed and find 0days, learn social engineering and work on spreading tactics (Not the skid shit…),
8. Low-Level and Kernel hacking
9. Buffer overflows, Heap overflows, Integer overflows, Format String Exploitation, Bypassing stack protection (ASLR, NX Cookies, etc), elevating privileges, exploiting linux kernel and local root exploits, 0day hunting and exploit development on several rings
10. Phreaking and DYI
11. Lock picking, car hijacking & hacking, wireless hacking, hacking security cameras, robotics *I don’t have information about this at all. -Sorry*
12. Inside them you can find a lot of things. Some are obviously overlapping each other but I was trying to focus on the speciality and purpose of each “road”.
13. Also, the sources I’m about to list for each language are the sources I consider as good and not spoonfeeding or shit.

 Tips

1. This is going to be hard. I’m not gonna lie. None of these subjects suddenly “end” and you know it 100%. This is Hacking in the world of technology, when every passing day a new fork is made for a new application on a new framework on a new OS, you can’t stop learning and expect to be on top. You will need dedication, focus and persistence.
   
    Don’t push yourself to learn too much at the beginning - focus on a single subject.Know your limits. Don’t overburden yourself, as long as you keep a steady line of learning no matter how slow, note that you’re learning. You’re progressing.
2. Know Your Google. 
   When used right, google is an incredible source of information because it caches every single relevant thing to your keywords. 
   2.5 Always RTFM. Don’t ask impatient questions, always dedicate time for self-research and effort. Don’t expect to get answered - You don’t have that privilege. You’re being helped. Nobody is required to help you. Hacking is done lone-wolf, nobody will hold your fragile hand walking you down the path that grants the average joe immense power. Read this: http://www.catb.org/esr/faqs/smart-questions.html and http://www.lifehack.org/articles/technol...ently.html
3. Sort your sources. 
   Keep them updated. Sort your books. Be aware of communities, IRC chats, infographics, 4chan, reddit, etc. Learn from others, however do not become depended. Try to help others if it’s possible - The highest amount of retention obtained when processing raw knowledge is when it is being passed to somebody else.
4. Know English. Can’t stress this part enough.
5. Understand what you’re learning. 
   You’re learning how to abuse code, right? Keep the “code” part in check. Learn more code. A hacker is first and foremost a programmer, then it’s a hacker. Focus on the designated languages your road suggests, then use them creatively and keep on working with them. My generic recommendation is as follows:
   Master completely the language(s) associated with your roadKnow networking to a good extent (Understand the OSI model - Sockets, protocols, layers, addresses)Be familiar with software development and computer engineering, not just on the language side of things.Learn about productivity, efficiency, complexity, resource handling, and more importantly learn how to learn.Be autodidact.
6. Have responsibility.Keep yourself aware of your surroundings and do not do silly things. Remember you’re usually being logged, usually being recorded, usually being tapped and usually being stored. Disregard fame, acquire knowledge. Hack to learn, not the opposite.
7. Use Linux. It’s a tip, not a requirement, but you will learn so much more by grabbing an ISO and booting one off your PC. Windows sugars you too much.
8. Watch Defcons, Black-Hat conventions and more on YouTube. These are smart people having smart lectures and you should view these as there are bound to be subjects relating to your interests.
9. Keep yourself moderately private. This is a close one to number 6, but more focused. Use browser plugins such as Cookie Manager, NoScript and uBlock Origin to lay off anything that isn’t the content you want to ensure privacy and security.
10. Teach others.
12. Hack the planet.
    
    
    
    
    
    FAQ
    1. Is it possible to hack X online account?Maybe. Obtaining access to an account at the best case would require you the username and password credentials needed to perform the login. That can be done in quite a lot of ways, most of which usually end up by: Making the victim execute malware which gives you power over his PC, in turn allowing you to obtain credentials or direct your victim into a phishing page faking out to be the real site, and log the credentials. The majority of the ways are variations of these two, and social engineering would more often than not be used. The point here is that there’s no easy way and you’re only expecting results from the most technologically-unaware at any given time. In short - Small chances of success. Anything better than this would require actual skill.
       -
    2. I have this guy’s IP, what can I do with it?Not a lot. Purchasing a DDoS service on HackForums (=effectively wasting money on pinching your nemesis some of his bandwidth) is usually the most you can do. Any software suggesting the possibility of “Hacking using the IP” usually falls short to scanning ports and services on the machine and trying to attempt common CVE exploits on them, again, relying on the machine being a server and not a home-end PC that doesn’t run anything. To hack something from outside, you need it to communicate with outside. Home PCs don’t actually run any outgoing, open ports with binded services always looking for clients to connect.
       -
    3. How do I port-forward my RAT?
       Similar questions include
       (Refer tool-based questions to their sections. By imperial definition, Ratting isn’t hacking. Neither is crypting, nor keylogging, nor DDoSing. Argue with it as you like, you thread will be moved.
    - What is the best RAT to install? / What’s the best Keylogger to use? / How do I Crypt my RAT? 
    - What’s the best booter to purchase? / Can somebody crypt my RAT? / How do I dstat my booter?)
    4. Isn’t Hacking illegal?Compare hacking to lock-picking. It’s a hobby for some, really fun for others, and for some it’s a profession. Some abuse it to assist their criminal needs, some learn it to further educate themselves about an inner working of something that is embedded deeply in their everyday life and ignites curiosity from just any human once a discussion rises. How does a lock actually work? How do keys unlock doors? That’s what fuels hacking as well. The process of comprehending functioning systems, then mentally breaking down parts of them, affecting them in a way a part wasn’t designed to work, to a degree which affects the whole structure to produce something completely unexpected. Using the majority of the skills learnt in hacking in improper environmental conditions, without the allowance of those owning all the property hacked-to or involved technology… Is obviously illegal. In the more practical definition, hacking is the act of accessing technologically-unauthorized area: A secluded network, a website admin-panel, higher privileges on a computer that isn’t yours; They’re all illegal hacking. To better comprehend the possible outcomes of doing these things and getting arrested, you should consult with your country rules regarding cyber criminal activity.
       -
    5. Is there any money in this?Hacking will commonly go under Penetration Testing / Networking management / system management / InfoSec, all under the IT criteria. Some job notations might be available under the QA-styled jobs, under CS criteria. Of course, it’s common for companies to offer bug bounties for those who find vulnerabilities and ways to exploit them, so they offer money in return. As for the illegal side - Be creative.
       -
    6. How much time will it take me to learn X?Each one and his own learning pace. If you make sure to surround yourself with your learning materials (Wanna learn linux? DELETE WINDOWS) is good. Assuming you’re implementing what you learn daily, keep yourself updated and still have a healthy interest you will get things down rather quickly.
       -
    7. Can I hack X website? Is it possible?You probably can’t. Yeah it’s possible. Every website, hell, every target can get hacked. That is a golden rule within InfoSec, everything is hackable given the right approach, luck, and skill. The average human lacks all three. Don’t bother to learn hacking just to hack a single target, as well, it’s futile. Pointless. You’ll give up.
       -
    8. What Operation System should I use for hacking?Whatever you’re comfortable with… Usually. It depends what you’re after. For Wireless Hacking, Server Pentesting and low-level exploitation = Linux. For Website Hacking, it does not matter. For Malware Development, keep yourself on Windows.
       -
    9. Why is using tools considered bad?Because on most cases, you’re a beginner. A beginner shouldn’t use tools, as tools are merely extension and automation of already-known concepts and actions, hence to properly control the elements of whatever you’re learning you’re supposed to actually understand what is going on and what is needed to be done before approaching a tool that does it for you.
       -
    10. What VPN should I use?They’re all the fucking same. nVpn sucks the least I guess.
        -
    11. What Crypter should I use?They’re all shit. The one you code will be the best for you, as you’ll know how to properly use it and make the best of it. Didn’t make yours? Great, now you have absolutely no idea what has been added to your EXE. Trusting the developer? On a HACKING FORUM? Give me a fucking break. You’re just a lazy skid then.
    12. How do I dox?http://google.com
        -
    13. Which programming language should I start coding at to get better at hacking?Read all this article in it’s entirety then form your opinion on it.