Getting started
So, The patience has gone, many of you probably seeking to have something like this or something like that, let me put it straight, this is not this or that, it’s actually everything that you ever wonder to know to get started, Become a hacker my OneHacker I’m sure you will enjoy the topic, proceed to continue reading the Hacking Bible! here we go…What is Hacking?
Hacking is about identifying weaknesses and vulnerabilities of systems and gaining access to it.A Hackers gets unauthorized access by targeting system while ethical hackers have official permission in a lawful and legitimate manner to assess the security posture of a target system(s).
The goal of an ethical hacker is to reveal the system weaknesses and vulnerabilities for a company to document and fix them accordingly.
What Hacking is NOT?
There are a few things we would like to clarify before you delve into becoming the next best hacker. This might burst your bubble especially if you are not fully motivated to pursue this career/hobby but, hacking is simply put, not something you can learn in a few days or even in a few months.Yes, you will learn a lot in those days but to become a really good hacker or even one of the best, (and we’re not talking about showing a few awesome tricks to your friends for them to believe you are a hacker) you will need to dedicate at least several years to be even worthy of being called a hacker.
Hacking is also not a “press one button” and somehow you got into a system or cracked a Facebook account like in the movies. It takes weeks or even months to gather information about one company or target and exploit in the best possible way. Keep note that the more research you do, the more likely you will be able to pwn the target. (the same applies for learning for an exam. If you missed 2 chapters because you were lazy or didn’t double-check that there’s additional information. That can cost you to fail, and in the hacking world that could mean you’re either busted or you didn’t present the correct information to your client).
Hacker Types
Just like there are good and bad guys in the real world with different shades of their personality, the types of hackers vary by their agenda, methodologies and skill practice.White Hat Hacker
Meet the right guys on the dark web. White hat hackers, also known as ethical hackers are the cybersecurity experts who help the Govt and organizations by performing penetration testing and identifying loopholes in their cybersecurity. They even do other methodologies and ensure protection from black hat hackers and other malicious cyber crimes.Simply stated, these are the right people who are on your side. They will hack into your system with the good intention of finding vulnerabilities and help you remove virus and malware from your system.
Black Hat Hacker
Taking credit for the negative persona around “hacking,” these guys are your culprits. A black hat hacker is the type of hacker you should be worried. Heard a news about a new cybercrime today? One of the black hat hackers may be behind it.While their agenda may be monetary most of the time, it’s not always just that. These hackers look for vulnerabilities in individual PCs, organizations and bank systems. Using any loopholes they may find, they can hack into your network and get access to your personal, business and financial information.
Gray Hat Hacker
Gray hat hackers fall somewhere in between white hat and black hat hackers. While they may not use their skills for personal gain, they can, however, have both good and bad intentions. For instance, a hacker who hacks into an organization and finds some vulnerability may leak it over the Internet or inform the organization about it.It all depends upon the hacker. Nevertheless, as soon as hackers use their hacking skills for personal gain they become black hat hackers. There is a fine line between these two. So, let me make it simple for you.
Because a gray hat hacker doesn’t use his skills for personal gain, he is not a black hat hacker. Also, because he is not legally authorized to hack the organization’s cybersecurity, he can’t be considered a white hat either.
Script Kiddies
A derogatory term often used by amateur hackers who don’t care much about the coding skills. These hackers usually download tools or use available hacking codes written by other developers and hackers. Their primary purpose is often to impress their friends or gain attention.However, they don’t care about learning. By using off-the-shelf codes and tools, these hackers may launch some attacks without bothering for the quality of the attack. Most common cyber attacks by script kiddies might include DoS and DDoS attacks.
Green Hat Hacker
These hackers are the amateurs in the online world of hacking. Consider them script kiddies but with a difference. These newbies have a desire to become full-blown hackers and are very curious to learn. You may find them engrossed in the hacking communities bombarding their fellow hackers with questions.You can identify them by their spark to grow and learn more about the hacking trade. Once you answer a single question, the hackers will listen with undivided attention and ask another question until you answer all their queries.
Blue Hat Hacker
These are another form of novice hackers much like script kiddies whose main agenda is to take revenge on anyone who makes them angry. They have no desire for learning and may use simple cyber attacks like flooding your IP with overloaded packets which will result in DoS attacks.A script kiddie with a vengeful agenda can be considered a blue hat hacker.
Red Hat Hacker
Red Hat Hackers have an agenda similar to white hat hackers which in simple words is halting the acts of Blackhat hackers. However, there is a major difference in the way they operate. They are ruthless when it comes to dealing with black hat hackers.Instead of reporting a malicious attack, they believe in taking down the black hat hacker completely. Red hat hacker will launch a series of aggressive cyber attacks and malware on the hacker that the hacker may as well have to replace the whole system.
State / Nation Sponsored Hacker
State or Nation sponsored hackers are those who have been employed by their state or nation’s government to snoop in and penetrate through full security to gain confidential information from other governments to stay at the top online.They have an endless budget and extremely advanced tools at their disposal to target individuals, companies or rival nations.
Hacktivist
If you’ve ever come across social activists propagandizing a social, political or religious agenda, then you might as well meet hacktivist, the online version of an activist. Hacktivist is a hacker or a group of anonymous hackers who think they can bring about social changes and often hack government and organizations to gain attention or share their displeasure over opposing their line of thought.Malicious Insider / Whistleblower
A malicious insider or a whistleblower may be an employee with a grudge or a strategic employee compromised or hired by rivals to garner trade secrets of their opponents to stay on top of their game.These hackers may take privilege from their easy access to information and their role within the company to hack the system.
Getting your mindset right
Hackers solve problems and build things, and they believe in freedom and voluntary mutual help. To be accepted as a hacker, you have to behave as though you have this kind of attitude yourself. And to behave as though you have the attitude, you have to really believe the attitude.But if you think of cultivating hacker attitudes as just a way to gain acceptance in the culture, you’ll miss the point. Becoming the kind of person who believes these things is important for you — for helping you learn and keeping you motivated. As with all creative arts, the most effective way to become a master is to imitate the mind-set of masters — not just intellectually but emotionally as well.
Or, as the following modern Zen poem has it:
To follow the path:
look to the master,
follow the master,
walk with the master,
see through the master,
become the master.
Repeat the following until you believe them:
1. The World is full of fascinating problems waiting to be solved.
Being a hacker is lots of fun, but it’s a kind of fun that takes lots of effort. The effort takes motivation. Successful athletes get their motivation from a kind of physical delight in making their bodies perform, in pushing themselves past their own physical limits. Similarly, to be a hacker you have to get a basic thrill from solving problems, sharpening your skills, and exercising your intelligence.If you aren’t the kind of person that feels this way naturally, you’ll need to become one in order to make it as a hacker. Otherwise you’ll find your hacking energy is sapped by distractions like sex, money, and social approval.
(You also have to develop a kind of faith in your own learning capacity — a belief that even though you may not know all of what you need to solve a problem, if you tackle just a piece of it and learn from that, you’ll learn enough to solve the next piece — and so on, until you’re done.)
2. No problem should ever have to be solved twice.
Creative brains are a valuable, limited resource. They shouldn’t be wasted on re-inventing the wheel when there are so many fascinating new problems waiting out there.To behave like a hacker, you have to believe that the thinking time of other hackers is precious — so much so that it’s almost a moral duty for you to share information, solve problems and then give the solutions away just so other hackers can solve new problems instead of having to perpetually re-address old ones.
Note, however, that “No problem should ever have to be solved twice.” does not imply that you have to consider all existing solutions sacred, or that there is only one right solution to any given problem. Often, we learn a lot about the problem that we didn’t know before by studying the first cut at a solution. It’s OK, and often necessary, to decide that we can do better. What’s not OK is artificial technical, legal, or institutional barriers (like closed-source code) that prevent a good solution from being re-used and force people to re-invent wheels.
(You don’t have to believe that you’re obligated to give all your creative product away, though the hackers that do are the ones that get most respect from other hackers. It’s consistent with hacker values to sell enough of it to keep you in food and rent and computers. It’s fine to use your hacking skills to support a family or even get rich, as long as you don’t forget your loyalty to your art and your fellow hackers while doing it.)
3. Boredom and drudgery are evil.
Hackers (and creative people in general) should never be bored or have to drudge at stupid repetitive work, because when this happens it means they aren’t doing what only they can do — solve new problems. This wastefulness hurts everybody. Therefore boredom and drudgery are not just unpleasant but actually evil.To behave like a hacker, you have to believe this enough to want to automate away the boring bits as much as possible, not just for yourself but for everybody else (especially other hackers).
(There is one apparent exception to this. Hackers will sometimes do things that may seem repetitive or boring to an observer as a mind-clearing exercise, or in order to acquire a skill or have some particular kind of experience you can’t have otherwise. But this is by choice — nobody who can think should ever be forced into a situation that bores them.)
4. Freedom is good.
Hackers are naturally anti-authoritarian. Anyone who can give you orders can stop you from solving whatever problem you’re being fascinated by — and, given the way authoritarian minds work, will generally find some appallingly stupid reason to do so. So the authoritarian attitude has to be fought wherever you find it, lest it smother you and other hackers.(This isn’t the same as fighting all authority. Children need to be guided and criminals restrained. A hacker may agree to accept some kinds of authority in order to get something he wants more than the time he spends following orders. But that’s a limited, conscious bargain; the kind of personal surrender authoritarians want is not on offer.)
Authoritarians thrive on censorship and secrecy. And they distrust voluntary cooperation and information-sharing — they only like ‘cooperation’ that they control. So to behave like a hacker, you have to develop an instinctive hostility to censorship, secrecy, and the use of force or deception to compel responsible adults. And you have to be willing to act on that belief.
5. Attitude is no substitute for competence.
To be a hacker, you have to develop some of these attitudes. But copping an attitude alone won’t make you a hacker, any more than it will make you a champion athlete or a rock star. Becoming a hacker will take intelligence, practice, dedication, and hard work.Therefore, you have to learn to distrust attitude and respect competence of every kind. Hackers won’t let posers waste their time, but they worship competence — especially competence at hacking, but competence at anything is valued. Competence at demanding skills that few can master is especially good, and competence at demanding skills that involve mental acuteness, craft, and concentration is best.
If you revere competence, you’ll enjoy developing it in yourself — the hard work and dedication will become a kind of intense play rather than drudgery. That attitude is vital to becoming a hacker.
Understanding the Attack Process
Attackers follow a fixed methodology. To beat a hacker, you have to think like one, so it’s important to understand the methodology. The steps a hacker follows can be broadly divided into five phases, which include pre-attack and attack phases:- Performing Reconnaissance
- Scanning and enumeration
- Gaining access
- Maintaining access
- Covering tracks and placing backdoors
Phase 1: Passive and Active Reconnaissance
Passive reconnaissance involves gathering information about a potential target without the targeted individual’s or company’s knowledge. Passive reconnaissance can be as simple as watching a building to identify what time employees enter the building and when they leave. However, most reconnaissance is done sitting in front of a computer.When hackers are looking for information on a potential target, they commonly run an Internet search on an individual or company to gain information. I’m sure many of you have performed the same search on your own name or a potential employer, or just to gather information on a topic. This process when used to gather information regarding a TOE is generally called information gathering. Social engineering and dumpster diving are also considered passive information-gathering methods.
Sniffing the network is another means of passive reconnaissance and can yield useful information such as IP address ranges, naming conventions, hidden servers or networks, and other available services on the system or network. Sniffing network traffic is similar to building monitoring: a hacker watches the flow of data to see what time certain transactions take place and where the traffic is going. Sniffing network traffic is a common hook for many ethical hackers. Once they use some of the hacking tools and are able to see all the data that is transmitted in the clear over the communication networks, they are eager to learn and see more.
Active reconnaissance involves probing the network to discover individual hosts, IP addresses, and services on the network. This process involves more risk of detection than passive reconnaissance and is sometimes called rattling the doorknobs . Active reconnaissance can give a hacker an indication of security measures in place (is the front door locked?), but the process also increases the chance of being caught or at least raising suspicion. Many software tools that perform active reconnaissance can be traced back to the computer that is running the tools, thus increasing the chance of detection for the hacker.
Both passive and active reconnaissance can lead to the discovery of useful information to use in an attack. For example, it’s usually easy to find the type of web server and the operating system (OS) version number that a company is using. This information may enable a hacker to find a vulnerability in that OS version and exploit the vulnerability to gain more access.
Phase 2: Scanning
Scanning involves taking the information discovered during reconnaissance and using it to examine the network. Tools that a hacker may employ during the scanning phase include- Dialers
- Port scanners
- Internet Control Message Protocol (ICMP) scanners
- Ping sweeps
- Network mappers
- Simple Network Management Protocol (SNMP) sweepers
- Vulnerability scanners
- Computer names
- Operating system (OS)
- Installed software
- IP addresses
- User accounts
Phase 3: Gaining Access
Phase 3 is when the real hacking takes place. Vulnerabilities exposed during the reconnaissance and scanning phase are now exploited to gain access to the target system. The hacking attack can be delivered to the target system via a local area network (LAN), either wired or wireless; local access to a PC; the Internet; or offline. Examples include stack-based buffer overflows, denial of service, and session hijacking. Gaining access is known in the hacker world as owning the system because once a system has been hacked, the hacker has control and can use that system as they wish.Phase 4: Maintaining Access
Once a hacker has gained access to a target system, they want to keep that access for future exploitation and attacks. Sometimes, hackers harden the system from other hackers or security personnel by securing their exclusive access with backdoors, rootkits, and Trojans. Once the hacker owns the system, they can use it as a base to launch additional attacks. In this case, the owned system is sometimes referred to as a zombie system.Phase 5: Covering Tracks
Once hackers have been able to gain and maintain access, they cover their tracks to avoid detection by security personnel, to continue to use the owned system, to remove evidence of hacking, or to avoid legal action. Hackers try to remove all traces of the attack, such as log files or intrusion detection system (IDS) alarms. Examples of activities during this phase of the attack include- Steganography
- Using a tunneling protocol
- Altering log files
Hacker Terminology and Attack Types
(To reduce the thread height, I have covered them on pastebin)Coding/Programming - The Hackers Language
The hacker attitude is vital, but skills are even more vital. Attitude is no substitute for competence, and there’s a certain basic toolkit of skills which you have to have before any hacker will dream of calling you one.This (coding), of course, is the fundamental hacking skill. Without programming you will never truly know what is happening behind the scenes. I mean, ask yourself this. Do you actually know what is happening when your computer boots up? Do you know how your windows are running your microsoft word or any other application? How are you even reading this on your browser right now? That amazing website you keep visiting, how was it built?
This is where programming comes into play. These are the type of questions you need to ask yourself throughout the journey and then find the answers. Understanding programming fluently, it will start to become clearer on how everything is built together.
Hacker 101 - Simple Setup
- Select Operating System
- Install a VPN and TOR Browser 76
- Get online Privacy Tools and a Secure Browser
- Create Fake Online Identity and become Anonymous
- Able to Access Dark Web, Darknet Markets and Onion links
- Join Hacking Forums and Discord Servers
- Watch Hacker Movies, Series & Documentaries
- Download Hacking Tools – Compiled List of Tools
- Get your Hacking Gear & Gadgets 309
- Read Hacking Books and signup to Hacking Courses
- Watch Hacking Tutorials on Youtube 87 and SecurityTube 139
- Customize your Terminal and OS – Windows 45 / Linux 32
- Change from GUI to Terminal – Windows CMD 37, WMIC 15, Powershell 16 Commands and Linux Commands 30
- Build your own Virtual Hacking Lab
- Write your own exploits and use Exploit-DB 48 with Hacker’s search engine 61 for vulnerabilities
- Complete Capture The Flag challenges
Recommended Courses
Here’s a list of courses you should take or read through in order to start your journey. If you are unable to attend somewhat a computer science degree at a top university the best way to go into this direction is to do the following courses which can be self-taught with online classes.Here’s a minimum requirement to follow, ask yourself this – Do you understand how a single computer works, know the different parts and their functions and how they interact with the operating system? If not, start with
- CompTIA A+
- CompTIA Network+ and Cisco’s CCNA
- CompTIA Security+
- CompTIA Linux+
- CompTIA Server+ / MCSA: Windows Server
- Bash/Shell
- Python
- C / C++
- LISP
- Perl
- Java
Additional Information regards to the above list
If you don’t know any computer languages, then recommended is starting with Python. It is cleanly designed, well documented, and relatively kind to beginners. Despite being a good first language, it is not just a toy; it is very powerful and flexible and well suited for large projects.If you get into serious programming, you will have to learn C, the core language of Unix. C++ is very closely related to C; if you know one, learning the other will not be difficult. Neither language is a good one to try learning as your first, actually, the more you can avoid programming in C the more productive you will be.
C is very efficient, and very sparing of your machine’s resources. Unfortunately, C gets that efficiency by requiring you to do a lot of low-level management of resources (like memory) by hand. All that low-level code is complex and bug-prone, and will soak up huge amounts of your time on debugging. With today’s machines as powerful as they are, this is usually a bad tradeoff — it’s smarter to use a language that uses the machine’s time less efficiently, but your time much more efficiently. Thus, Python.
Other languages of particular importance to hackers include Perl 7 and LISP 8. Perl is worth learning for practical reasons; it’s very widely used for active web pages and system administration, so that even if you never write Perl you should learn to read it. Many people use Perl in the way we suggest you should use Python, to avoid C programming on jobs that don’t require C’s machine efficiency. You will need to be able to understand their code.
LISP is worth learning for a different reason — the profound enlightenment experience you will have when you finally get it. That experience will make you a better programmer for the rest of your days, even if you never actually use LISP itself a lot. (You can get some beginning experience with LISP fairly easily by writing and modifying editing modes for the Emacs text editor, or Script-Fu plugins for the GIMP.)
It’s best, actually, to learn all five of Python, C/C++, Java, Perl, and LISP. Besides being the most important hacking languages, they represent very different approaches to programming, and each will educate you in valuable ways.
But be aware that you won’t reach the skill level of a hacker or even merely a programmer simply by accumulating languages — you need to learn how to think about programming problems in a general way, independent of any one language. To be a real hacker, you need to get to the point where you can learn a new language in days by relating what’s in the manual to what you already know. This means you should learn several very different languages.
Moving On
Atleast completing the Comptia courses (basic ones listed above A+,N+,S+) and knowing 2 programming languages (bash & python) now its a good time to dive into the advanced courses.Advanced Courses to take
- CISSP – Certified Information Systems Security Professional
- CISM/CISA – Certified Information Security Manager / Certified Information Systems Auditor
- CEH – Certified Ethical Hacker
- OSCP – Offensive Security Certified Professional
- SANS (GSEC/GPEN/GWAPT) – Cyber Security Essentials Certification / GIAC Pentest /GIAC Web Application Penetration Testing
- CREST – The Council for Registered Ethical Security Testers
Practice your Skills
Capture The Flags are one of, if not THE best way to get started in security.They can be a little hard, you definitely won’t be spoonfed. You’ll probably get stuck at some point, but if you stick with it, you’ll learn more about computers than you ever thought possible.
There’s no better way to learn something than to experience it for yourself. And in the computer security world, Capture The Flag is the best way to learn by doing.
Read, read and read some more!
Books are there for a reason, references and already confirmed working methods are a great way of learning new things. here are a few books recommended you “must” read to understand the methodologies being used in today’s playground.- A hands on Introduction to Penetration Testing 268
- Mastering Kali Linux for Advanced Penetration Testing 123
- The Hacker Playbook series (1 – 3) 97
- Red Team Field Manual 58
- Blue Team Field Manual 34
- CTF Field Manual 56
- Hacking : The Art of 95
- Exploitation 95
- Linux Command line and Shell Scripting Bible 91
Career Pathways
Becoming a Hacker you have multiple career pathways to choose from and successfully completing our recommended courses and guidance you will most likely have to make a choice.Conclusion
Remember that hacking takes a lot of time but its also rewarding, so be willing to go the extra mile, always be curious and expect to make some sacrifices to your social life.Find a person, mentor or a friend that’s also in the hacking culture and ask them questions, question their thinking and just ultimately be prepared to take in as much information as possible. You can check this topic to know further Skills Required To Become A Ethical Hacker A Complete Guide! 255
I hope this page has helped you immensely and on behalf of Onehack, I wish you a happy hacking journey! feedback if possible, Regards, SaM