“ The Only True Guide to Learning How to Hack ”

originally by R4di4tion (his email, but it’s no longer in use), with a few updates by myself.



You stay up all night on the PC typing and typing. No, you’re not hacking. You’re begging someone on IRC to teach you how to hack! Let’s look at the facts:

1. You’re
   a luser and you’re annoying. No one likes you if you ask others how to
   hack without taking the least amount of initiative.
   
2. You’re not
   worthy of any title even resembling hacker, cracker, phreaker, etc., so
   don’t go around calling yourself that! The more you do, the less likely
   you are to find someone willing to teach you how to hack (which is an
   infinitesimal chance, any way).
   
3. You’re wasting your time (if you
   couldn’t infer that in the first place). Many real hackers (not those
   shitty script kiddies) spend all their insomniac hours reading and, yes
   even, HACKING! (Hacking doesn’t necessarily (but usually does) mean
   breaking into another system. It could mean just working on your own
   system, BUT NOT WINDOWS ’9x (unless you’re doing some really menacing
   registry shit, in which case, you’re kind of cool).)
   

You’re
probably thinking, “Then what should I do. If no one’s going to help
me, how can I learn to hack?” Have you ever tried READING (I assume this
far that you are literate). Read anything and everything you can get
your hands on! I recommend hitting a computer store and looking for
discount books (books that are usually out of date, but so are a lot of
the systems on the ‘net, so they’re still relevant!). You’ll be
surprised what you can learn from a book even when you’re paying a
dollar for every hundred pages. I recommend the following books to start
off with:

• Maximum
  Security I or II: this is not a guide to hacking, despite what you
  might have heard, but you can get enough info to learn the basics of how
  hackers hack! (Isn’t that more fun than being lamed, email bombed, and
  kicked off IRC).
  
• Practical
  Unix and Internet Security (Sec. Edition): This is mostly a book about
  how to secure Unix (if you don’t know what Unix is, either shoot
  yourself now, or read O’Reilly’s Learning the Unix OS),
  but half of learning to hack is learning a system from the inside out.
  How can you expect to hack a site (w/o using a kiddie script, which i
  must restate, is NOT hacking) if you don’t know how to use the system?!
  
• Linux
  Unleashed/Red Hat Linux Unleashed: these books are kind of cool. First
  of all, they come with Red Hat Linux (*sigh*, just go to www.linux.org and read everything there) 5.1 and 5.2 respectively (if you get the newest versions of the book, which you should). Read everything you can from it.
  
• Sendmail
  in a nutshell: This is only after you read everything else. Sendmail,
  for those of you who still don’t know, is a program that sends mail. It
  sounds stupid, but this is a buggy program, and usually is the avenue of
  attack many hackers take because of it’s vulnerabilities.
  
• TCP/IP Blueprints: this will clear up a lot of things concerning TCP/IP.
  
• TCP/IP Administration: haven’t read it, but can’t wait to! (I’ve been bogged down by a lot of other REAL computer stuff).
  

Quote :

Editor’s Note: OK,
some of these books are out of date now, so I’ve striked the ones that
are no longer relevent. “Hacking Exposed” is a good substitute for
“Maximum Security”.

After you’ve read them all,
re-read them! Trust me, you gain a ton of information the second time
you read them just as you gain perspicacity the second time through a
movie with a twisted plot.
Then, read a ton of RFCs. RFCs are Request for Comments by the people who practically shaped the Internet. Here is a good list of RFCs (the books above give about the same list):

Quote :

Editor’s Note: Yeah, I really wouldn’t bother with the RFC’s, they can come later if you get really seriously into it.

That’s it for now. If anything else interests you about the Internet, try to look up an RFC
for it. Read anything you can about Internet security in general (but
not stuff like “How to Hack” (but keep reading this!)). Subscribe to
mailing lists. Some of my favorites are bugtraq, happy hacker
(interesting stuff), and MC2. By now, you should be advanced enough to
breeze through Carolyn Meinel’s “Guide to (mostly) Harmless Hacking.”
It’s got some interesting stuff, but not enough to be “3l1t3.” Okay, now
for the big step: the step from lamer to hacker! If you have not
already, install Linux. Now it’s okay for you to go online to usenet
groups and ask for help installing Linux, ‘cuz quite frankly, it’s
pretty fucking hard! NEVER, EVER, EVER expect to get it on the first try
just right.

Quote :

Editor’s Note: you can install cygwin to start with, it’s a small linux environment that you can run inside windows to get the feel of a shell interface.

The
next thing to do is learn programming. I recommend learning C++ first
because it will help you understand a lot about programming, it’s easy
to use, and is a lot like the other programming languages you should
also learn. Read these books:

• Teach Yourself C++ in 21 Days: the name says it all
  
• Learning Perl: an AMAZING book on learning Perl
  
• Programming Perl: the next step after Learning Perl
  
• Perl Cookbook: the next step after Programming Perl
  
• Core
  Java (Volume I & II): these books are by the makers of Java. Java
  is a really cool language to say the least, but you should at least
  learn C++ before so you can understand classes.
  

Now, you may
be saying I may have been a bit hypocritical by saying not to ask how
to hack but to ask about installing Linux. The thing is that Linux
people are usually pretty nice, and the people who are Linux gurus want
more than anything for Linux to prosper, and are willing to help you
out. Oh, by the way, if you’ve installed Linux the way you want it
(which does not include throwing you Linux box out the window and
yelling, “I LIKE THIS JUST FINE!”), congratulations. You have now earned
my respect.
Okay, I mentioned kiddie scripts earlier, and I’ll
follow up on it now. Kiddie Scripts are auto hacking programs that will
do all the work for you. You don’t want that. I do condone downloading
them and learning from them, but don’t become a script kiddie. The only
place they go in life is jail (not where you want to be).
Now, you
should know a great deal about hacking. You have a compendium of
information at your fingertips with a mental index. You want the best
advice? Don’t hack. Odds are, you will get caught, and then it goes down
on your criminal record, and unless you did something
fan-fucking-tastic, like hacking the white house security cameras and
get video of Slick Willie getting a BJ, you can pretty much kiss your
computer future goodbye, cuz no one will hire a convicted hacker. If you
do hack, be a white hat hacker. For example, upon breaking into a site,
leave a note maybe including how to contact you (not through the
phones, mail, real email address etc., do it through a hotmail account
or something) or how to fix it. They may be nice enough to offer you a
job! That’s right, there are some people who get paid to hack and do
what they love.
In conclusion, you may have noticed that this was
not a real guide to hacking. That’s because there is no one resource for
hacking. This was a guide to LEARNING how to hack, which, if you want
to be a real hacker, you will have to do. There is no one way to hack.
(If so, it would be a lot easier for system administrators to keep you
out!) It’s a variety of different tricks as well as the ability to keep
up with current vulnerabilities in software and hardware. You should
also learn how to program. Even though Kevin Mitnick was infamous among
the hacker culture for being the most wanted cracker, he couldn’t even
write his own exploits! That’s pretty sad. Please use whatever
information you have wisely and responsibly, and distribute it only to
people who are worthy of it.

---

(end of article – originally by R4di4tion (email).)
OK,
so that’s the article that first got me into hacking, I guess around 15
years ago. If you’ve read this far I congratulate you, you have my
respect. A short attention span is not something prized by hackers.
And
if you look at the comments to this page, you can see the same
questions being asked again and again “hey pls teach me to hack”, “guys
can u crack msn passwords?”, “Where can I find free ebooks?”. If you
have to ask, you’re probably not the right kind of person to be a
hacker. Hackers use their initiative. Like, a lot. If you’re hacking
into a website and get stuck, you can’t just call up the admin and say
“Hey, where’s the password file kept?” you have to figure it out on your
own. In many ways, learning how to hack is also learning how to learn.
Now
you’re probably thinking “hang on, you read this fifteen years
ago?!?!”. Yes, it’s an old piece of text. No, you didn’t waste your
time. This hacking tutorial teaches you the basics of how to hack, and
those aren’t ever going to change. If you didn’t catch them the first
time around, here they are again:

1. learn to program
   
2. learn how the internet works
   
3. learn how unix/linux works
   

Go
download wireshark, nmap, hping, and a C IDE and just play around with
all of them. That’s what the essence of hacking is; messing around with
technologies until you find something cool. Check out my Hacking Facebook
post and you’ll see exactly what I mean; it’s not really “hacking” as
such, all I did there was peek into facebook’s code using firebug, and I
found some cool stuff. But the hacking skills are the same. Some of you
will want to ask “how do I download wireshark” or “how do I use hping” –
you must understand that answering the question for yourself is half
the point.
I also very definitely agree with R4di4tion’s
suggestion to subscribe to bugtraq but I’d suggest signing up a new
email account solely for it; it’s very high volume. You may also want to
sign up to the security-basics, vuln-dev, web-application-security and
pen-test lists. Reading the conversations that take place on those lists
is a gold-mine of hacking information.
ESR’s hacker howto
Gary Robson’s How to become a hacker
elfQrin’s open letter to wannabe hackers
donk boy’s tutorial – if you follow this you will know everything you need to
Top security tools, as voted by nmap users
Your suggestions/experiences/advice/resources/tutorials welcome.