How did you get in to "hacking"

Zac. · 01-23-2018, 11:19 PM

So i just want to know the best place for me to start if I want to learn some hacking skills. I pretty much have 0 knowledge about hacking. I have a little bit of coding and cracking experience but apart from that I know nothing. I wouldn't even know how to do something as simple as a DDoS (I wouldn't do it anyway).

sigma · 01-24-2018, 06:30 AM

That's good because "DoS" isn't hacking. The two are not synonymous or even related to each other. Hacking is unauthorized access or alterations and denial of service is just blocking online access.

Anyway, I got into it for fun and then I stayed for the wisdom.

VerdictofGod · 01-24-2018, 08:29 AM

I recommend trying to understand what hacking is. Because some people think it’s a guy wearing an anonymous mask smacking his keyboard like it’s a failed abortion w/ EBT & section 8.

Hacking is a term also used by companies to ensure their systems are resilient. They do things such as worms, RATS, backdoors, trojans and etc. basically it’s like bugfinding or glitching on a system/server/etc until u find what u want or suceed in what u r trying to achieve

reGEN · 01-24-2018, 09:48 AM

I've always been interested in hacking since I was young but at the time, I couldn't really get into it because I was a typical skid just wanting to learn how to break things using Kali. It was all pretty much just magic to me. After taking the second C course at university, I realised I could create my own programs to do whatever mischievous thing I wanted and that was my epiphanic moment.

At this point, I had developed both a slight understanding of how programs and memory worked together and also, most importantly, the ability to self-research so with this combined with my incredible fascination with hacking and my curious nature, I studied and studied, copied code from everywhere and experimented with it, constantly trying to understand how things worked. Because I understood how to code with C, I was able to read (some of) the code I gathered, the real challenge was understanding the finer details and how certain API interacted with the operating system. Now, don't get the idea that I succeeded every time because it was quite the opposite. Every time I tried to understand or experiment with something, I pretty much ALWAYS failed. But each time I failed, I learned something new so it wasn't pure failure so I left it at that and studied something else until I learned another thing that related back to it and then I continued from where I failed. Persistence is key.

So after about three years of pure self studying, here I am today. I'm no longer a beginner but I certainly feel like I'm still VERY far away from being decent. There is so much I still haven't learned, so much I have on my to-do list, I am literally studying, coding, poking around with things and trying to learn every single day. Literally. This is not just a hobby to me, it is my life and I live it.

My recommendations to you:

Understand what you want to do with hacking and have a REAL goal, nothing petty like wanting to hack some dude's Facebook or wanting to RAT someone for revenge because you will get nowhere
Learn to code in whatever language(s) that is relevant to your topics, e.g. for me, I learned ASM, C, C++ because I do reverse engineering
Learn to self-research using Google, utilize every single type of resource out there be it PDFs, websites, articles, white papers, etc. This is THE most important trait to have because it will carry you where it matters and will sustain your knowledge
Have patience and persistence because it WILL take you years to build the proper foundation, this is not an over-night achievement
Experiment with everything, especially if you don't have the necessary resources that provide such information
Find a group or community that have these traits because surrounding yourself with the right people will boost your development

Good luck.

(01-24-2018, 06:30 AM)sigma Wrote: That's good because "DoS" isn't hacking. The two are not synonymous or even related to each other. Hacking is unauthorized access or alterations and denial of service is just blocking online access.

While denial of service itself is not hacking, the process which causes such the result may be considered to be. DoS is not just bots flooding the network of a target machine but rather ANY method that disrupts the servicing of clients including any method of exploitation used such as RCE on the server to tamper with its services or even sending a few bytes that will cripple the application due it not being able to handle the request. If you state that using bots to flood a server is still not DoS then what about SYN flood? That technique is not trivial mass flooding like UDP or ICMP flooding but may also be considered exploitation of the underlying flaws of the TCP networking protocol design.

Zac. · 01-24-2018, 09:53 AM

(01-24-2018, 09:48 AM)reGEN Wrote: I've always been interested in hacking since I was young but at the time, I couldn't really get into it because I was a typical skid just wanting to learn how to break things using Kali. It was all pretty much just magic to me. After taking the second C course at university, I realised I could create my own programs to do whatever mischievous thing I wanted and that was my epiphanic moment.

At this point, I had developed both a slight understanding of how programs and memory worked together and also, most importantly, the ability to self-research so with this combined with my incredible fascination with hacking and my curious nature, I studied and studied, copied code from everywhere and experimented with it, constantly trying to understand how things worked. Because I understood how to code with C, I was able to read (some of) the code I gathered, the real challenge was understanding the finer details and how certain API interacted with the operating system. Now, don't get the idea that I succeeded every time because it was quite the opposite. Every time I tried to understand or experiment with something, I pretty much ALWAYS failed. But each time I failed, I learned something new so it wasn't pure failure so I left it at that and studied something else until I learned another thing that related back to it and then I continued from where I failed. Persistence is key.

So after about three years of pure self studying, here I am today. I'm no longer a beginner but I certainly feel like I'm still VERY far away from being decent. There is so much I still haven't learned, so much I have on my to-do list, I am literally studying, coding, poking around with things and trying to learn every single day. Literally. This is not just a hobby to me, it is my life and I live it.

My recommendations to you:

Understand what you want to do with hacking and have a REAL goal, nothing petty like wanting to hack some dude's Facebook or wanting to RAT someone for revenge because you will get nowhere

Learn to code in whatever language(s) that is relevant to your topics, e.g. for me, I learned ASM, C, C++ because I do reverse engineering

Learn to self-research using Google, utilize every single type of resource out there be it PDFs, websites, articles, white papers, etc. This is THE most important trait to have because it will carry you where it matters and will sustain your knowledge

Have patience and persistence because it WILL take you years to build the proper foundation, this is not an over-night achievement

Experiment with everything, especially if you don't have the necessary resources that provide such information

Find a group or community that have these traits because surrounding yourself with the right people will boost your development

Good luck.

(01-24-2018, 06:30 AM)sigma Wrote: That's good because "DoS" isn't hacking. The two are not synonymous or even related to each other. Hacking is unauthorized access or alterations and denial of service is just blocking online access.

While denial of service itself is not hacking, the process which causes such the result may be considered to be. DoS is not just bots flooding the network of a target machine but rather ANY method that disrupts the servicing of clients including any method of exploitation used such as RCE on the server to tamper with its services or even sending a few bytes that will cripple the application due it not being able to handle the request. If you state that using bots to flood a server is still not DoS then what about SYN flood? That technique is not trivial mass flooding like UDP or ICMP flooding but may also be considered exploitation of the underlying flaws of the TCP networking protocol design.

Wow, well written and great story. Thank you for this.

mothered · 01-24-2018, 10:47 AM

(01-24-2018, 06:30 AM)sigma Wrote: That's good because "DoS" isn't hacking.

This ^

The same can be said for RATs/keyloggers/stealers. Such tools (In this example) obtain the target's credentials, thereby allowing the attacker to simply log In to the accounts. Having credentials "handed to you", Is not hacking. Identifying, manipulating and circumventing the target and/or security measures In place without the aid of tools of any type, Is what defines a true hacker.

sigma · 01-24-2018, 11:25 AM

@reGEN

Well said. I'm so glad to be around people on sinister.ly - you all (at least the serious ones) understand the fundamentals. You've not only set goals, but you've tasted failure to meet them. You haven't just hacked with Kali, you've written your own tools and done your own research independently.

I like that you came up with that elaboration of remote code execution and other methods to disrupt systems being forms of a denial of service. I wasn't really trying to be as constructive as I should for the OP and that's something I'm going to work at.

We all start somewhere. I started at 13, coding python and bash scripts to automate my school laptop to do whatever the fuck I wanted, now, I've been in companies that paid me to do that same thing, but on a much larger scale. I'm in my late twenties and I realized years ago that I had a skill and I surrounded myself with likewise people that had my same trade skill and knowledge. It takes you further than any amount of tapping CTRL+C and CTRL+V ever will.

I appreciate the time you took for your post, I really do. I look forward to seeing things like this in the future.

Synthx · 01-24-2018, 02:34 PM

@"reGEN"
I can agree with you on the failing part. Just about when I first started coding in Python, I think I was trying to make a folder locker, and I couldn't get something to work, so I had to use an external API, and I ended up not having to use it because I figured a small little trick out. That goes to say that you WILL fail, and you need to just keep your head high. Like Alabama did in the championship game Tongue

. I will add my story of "hacking" later, I just had barely enough time to say this. Smile

Edit:
This is what I was talking about, it was actually a MacOS RAT I was working on.. I either couldn't use "os.system", or something like that to hide the directory, I had to use the "stat" API.
It took me so long to find out how to do the following, and just to get it to work, and I eventually got it.

Spoiler:

Just the simple:

Code:
os.chflags(mainInput, st.st_flags ^ stat.UF_HIDDEN)

was extremely hard for me to get working, and I can't remember the reason, but I failed so many times, and I was getting really burnt out on it.

Now, to "unhide" the directory I had to do the following:

Spoiler:

This is what I learned, and I was testing with.. I can't give an exact account of what this is because I don't have Python3 on my school lappie.
The 1 in this line: " os.chflags(mainInput, 1) " changes something about that directories permissions that makes it visible in whatever directory, and makes it not hidden anymore. I think 0 would literally lock the folder like seen below:

Spoiler:

Whatever this is, I remember it being so hard for me, and I was having to ask people so many questions.
My whole reason in saying all this is because it shows people that you will end up achieving what you want even if you don't get it the first few times.

How did you get in to "hacking"
Author Message