How To Become A Hacker From Scratch [Full Guide]

#1

Hello, 0x00’ers!

I am @r007c0d3 , My post is mainly for Beginners who have no idea about hacking & wants to learn Linux to be a Hacker or Penetration Tester. Here I am telling you the exact proper ways to become a successful hacker

There are many useful resources on the internet to start with. But if you want to be a Hacker then you always need to gather the best knowledge

First, you will need some books to start with. But from my personal experience, there are many books in the market but all of them are not written in the reader’s perspective. Here I am giving some awesome books to learn Linux from scratch

Then you will need a perfect Linux OS to practice & for penetration testing.
Finally, you will need some Hacking Resources to start with

I am giving everything in this post so that users can start learning Linux & be a Penetration Tester

Books: →

Linux Training from here download or read the books step by step and be sure to practice much because it will increase your skills.

Besides, you can read Hacking: The Art of Exploitation & Penetration Testing: A Hands-on Approach. These two are also cool books.

Operating System: →

Parrot KDE Security, from my experience I will tell you to use Parrot OS. Kali Linux is also very popular but probably not for beginners.

See differences Kali Linux VS Parrot OS

Programming Knowledge: →

For becoming a Hacker you should have learned at least (9-10) Programming languages and master of them.

Programming it is the toughest things but interesting (It’s funny when Bill Gates, Mark Zuckerberg & others saying it’s very easy to show them off). It is a matter of sorrow that people want to become a hacker without learning a single programming language

It will be better if you can master these: →

  1. Python (Very Popular & Easy To Learn) (Big Importance In Hacking)
  2. Shell Programming Language
  3. C/C++
  4. Java
  5. HTML5, PHP, CSS (Not Programming Language)
  6. Ruby
  7. JavaScript
  8. Windows Batch Scripting & PowerShell

Besides, there are also some modern programming languages like Cython Jython and so on (These are for advanced purpose)

If I am going to explain every single thing then the list will be increasing & won’t for a people learning from scratch :smile:

Skills: →

It’s really a hard task to become a hacker. You will need some skills to become a successful hacker.

There are some mandatory skills to become a hacker. Without these, you are not considered to be a hacker.

Fundamental Skills: →

These are the basics that every hacker should know before even trying to hack. Once you have a good grasp on everything in this section, you can move into the intermediary level.

1. Basic Computer Skills:

It probably goes without saying that to become a hacker you need some basic computer skills. These skills go beyond the ability to create a Word document or cruise the Internet. You need to be able to use the command line in Windows, edit the registry, and set up your networking parameters.

Many of these basic skills can be acquired in a basic computer skills course like A+.

2. Networking Skills:

You need to understand the basics of networking, such as the following.

  • DHCP
  • NAT
  • Subnetting
  • IPv4
  • IPv6
  • Public vs Private IP
  • DNS
  • Routers and switches
  • VLANs
  • OSI model
  • MAC addressing
  • ARP

As we are often exploiting these technologies, the better you understand how they work, the more successful you will be. Note that I did not write the two guides below, but they are very informative and cover some of the networking basics mentioned above.

3. Linux Skills:

It is extremely critical to develop Linux skills to become a hacker. Nearly all the tools we use as a hacker are developed for Linux and Linux gives us capabilities that we don’t have using Windows.

If you need to improve your Linux skills, or you’re just getting started with Linux, check out Linux series for beginners below.

4. Wireshark or Tcpdump:

Wireshark is the most widely used sniffer/protocol analyzer, while tcpdump is a command line sniffer/protocol analyzer. Both can be extraordinarily useful in analyzing TCP/IP traffic and attacks.

5. Virtualization:

You need to become proficient in using one of the virtualization software packages such as VirtualBox or VMWare Workstation. Ideally, you need a safe environment to practice your hacks before you take them out in the real world. A virtual environment provides you a safe environment to test and refine your hacks before going live with them.

6. Security Concepts & Technologies:

A good hacker understands security concepts and technologies. The only way to overcome the roadblocks established by the security admins is to be familiar with them. The hacker must understand such things as PKI (public key infrastructure), SSL (secure sockets layer), IDS (intrusion detection system), firewalls, etc.

The beginner hacker can acquire many of these skills in a basic security course such as Security+.

7. Wireless Technologies:

In order to be able to hack wireless, you must first understand how it works. Things like the encryption algorithms (WEP, WPA, WPA2), the four-way handshake, and WPS. In addition, understanding such as things as the protocol for connection and authentication and the legal constraints on wireless technologies.

To get started, check out the guide below on getting started with wireless terms and technologies, then read our collection of Wi-Fi hacking guides for further information on each kind of encryption algorithms and for examples of how each hack works.

Intermediate Skills: →

This is where things get interesting, and where you really start to get a feel for your capabilities as a hacker. Knowing all of these will allow you to advance to more intuitive hacks where you are calling all the shots—not some other hacker.

1. Scripting:

Without Scripting Skills, the hacker will be relegated to using other hackers’ tools. This limits your effectiveness. Every day a new tool is in existence loses effectiveness as security admins come up with defenses.

To develop your own unique tools, you will need to become proficient at least in one of the scripting languages including the BASH shell. These should include one of Perl, Python, or Ruby.

2. Database Skills:

If you want to be able to proficiently Hack Databases, you will need to understand databases and how they work. This includes the SQL language. I would also recommend the mastery of one of the major DBMS’s such SQL Server, Oracle, or MySQL.

3. Web Applications:

Web applications are probably the most fertile ground for hackers in recent years. The more you understand about how web applications work and the databases behind them, the more successful you will be. In addition, you will likely need to build your own website for phishing and other nefarious purposes.

4. Forensics:

To become a good hacker, you must not be caught! You can’t become a pro hacker sitting in a prison cell for 5 years. The more you know about Digital Forensics, the better you can become at avoiding and evading detection.

12. Advanced TCP/IP:

The beginner hacker must understand TCP/IP basics, but to rise to the intermediate level, you must understand in intimate details the TCP/IP protocol stack and fields. These include how each of the fields (flags, window, df, tos, seq, ack, etc.) in both the TCP and IP packet can be manipulated and used against the victim system to enable MITM attacks, among other things.

13. Cryptography:

Although one doesn’t need to be a cryptographer to be a good hacker, the more you understand the strengths and weaknesses of each cryptographic algorithm, the better the chances of defeating it. In addition, cryptography can be used by the hacker to hide their activities and evade detection.

14. Reverse Engineering:

Reverse engineering enables you to open a piece of malware and re-build it with additional features and capabilities. Just like in software engineering, no one builds a new application from scratch. Nearly every new exploit or malware uses components from other existing malware.

In addition, reverse engineering enables the hacker to take an existing exploit and change its signature so that it can fly past IDS and AV Detection.

Intangible Skills: →

Along with all these computer skills, successful hacker must have some intangible skills. These include the following.

1. Think Creatively:

There is ALWAYS a way to hack a system and many ways to accomplish it. A good hacker can think creatively of multiple approaches to the same hack.

2. Problem-Solving Skills:

A hacker is always coming up against seemingly unsolvable problems. This requires that the hacker be accustomed to thinking analytically and solving problems. This often demands that the hacker diagnose accurately what is wrong and then break the problem down into separate components. This is one of those abilities that comes with many hours of practice.

3. Persistence:

A hacker must be persistent. If you fail at first, try again. If that fails, come up with a new approach and try again. It is only with a persistence that you will be able to hack the most secure systems.

I hope this gives you some guidelines as to what one needs to study and master to ascend to the intermediate level of hacking. In a future article, I’ll discuss what you need to master to ascend into the advanced or master hacker level, so keep coming back, my novice hackers!

Phases Of Hacking: →

There are mainly Five Phases in hacking
Not necessarily a hacker has to follow these five steps in a sequential manner. It’s a stepwise process and when followed yields a better result.

1. Reconnaissance:

This is the first step of Hacking. It is also called as Footprinting and information gathering Phase. This is the preparatory phase where we collect as much information as possible about the target. We usually collect information about three groups,

  1. Network
  2. Host
  3. People involved

There are two types of Footprinting:

  • Active: Directly interacting with the target to gather information about the target. Eg Using Nmap tool to scan the target
  • Passive: Trying to collect information about the target without directly accessing the target. This involves collecting information from social media, public websites, etc.

2. Scanning:

Three types of scanning are involved:

  • Port scanning: This phase involves scanning the target for the information like open ports, Live systems, various services running on the host.
  • Vulnerability Scanning: Checking the target for weaknesses or vulnerabilities which can be exploited. Usually done with the help of automated tools
  • Network Mapping: Finding the topology of the network, routers, firewalls servers if any, and host information and drawing a network diagram with the available information. This map may serve as a valuable piece of information throughout the haking process.

3. Gaining Access:

This phase is where an attacker breaks into the system/network using various tools or methods. After entering into a system, he has to increase his privilege to administrator level so he can install an application he needs or modify data or hide data.

4. Maintaining Access:

Hacker may just hack the system to show it was vulnerable or he can be so mischievous that he wants to maintain or persist the connection in the background without the knowledge of the user. This can be done using Trojans, Rootkits or other malicious files. The aim is to maintain access to the target until he finishes the tasks he planned to accomplish in that target.

5. Clearing Track:

No thief wants to get caught. An intelligent hacker always clears all evidence so that in the later point of time, no one will find any traces leading to him. This involves modifying/corrupting/deleting the values of Logs, modifying registry values and uninstalling all applications he used and deleting all folders he created.

Hacking Resources: →

At first, I will tell you that the Pentesing OS you will use as much and more penetration testing tools for various types of Hacking
But did you notice that maximum tools were taken from GitHub ???

Yes, from GitHub !!!
So here I am giving you a curated list of nice resources from GitHub to start hacking
Don’t awesome resources here The Book Of Secret Knowledge

Also, don’t forget to check out Awesome Hacking related Services & Tools [Wiki] from my friend @pry0cc to learn about various tools & their works

Besides, try to find other hacking tools and their manuals in GitHub (If possible join open-source software development programs)

Practicing The Stuff: →

Really practice makes a man perfect. You have to practice more and more to enrich your skills in this hacking field. For this, you can at first target your own machines (Not The Host Computer). Try to find the vulnerabilities & try to gain access

There are many websites on the internet to practice your hacking skills like HackTheBox for testing your hacking skills & do some CTF. Some are hosted on our website (This website). Try to solve the problems & find the answer. If you are continuously failing then you have to practice more & then you will be able to solve the problem

At Last: →

People laughed when I say Google & TOR is your best friend
for gathering skills to become a hacker

Just search the things with exact name & purposes then you will get it (Knowledge is free but it depends on how you use that)

Try to learn from hints and try to analyze them. Besides, for becoming a Successful Hacker you should have to learn more and more programming languages. At least which I have mentioned (Not telling you to learn every syntax & every use of these programming languages)

I really a hard task for becoming a Hacker. People really fails in this learning section as they can’t continue their continuous learning & self-assessment process.

Hacking — is a much-exploited arena of information technology & security. It has now become a billion dollar industry. Media are another game-changers to promote so-called hackers and such hackers become an idol for newcomers and cyber security training industry exploits them.

In the mid-80s & 90s, hacking was termed as programming subculture of the developers’ community. But later it was disguised by the moron media people who little understand hacking, and technology behind the security.

Media falsely related hacking to cybercrime. Some moron then started using a much pretty word — ethical to precede hacking and it’s become Ethical Hacking. Simply ridiculous.

There’s a mushroom growth of cybersecurity training since a couple of years. Most of them are just fake. And innocent young people who think cybersecurity is a demanding field of computer science, are aspiring to become a hacker.

No one can become a hacker by such street courses like CEH. Nor one can become a successful hacker (LOL!) by two or three-year nonsense graduate or diploma courses. To become a successful security expert requires lots of sweating hours to study and many sleepless nights to become well-versed with many systems.

People who cannot cope-up with CLI should simply get away from the information security field. Also, system scripting languages like bash, csh, sh, perl, python are required to write your own code to deal with systems and to talk with the network. By using the mere tool available in Kali Linux or using Metasploit etc., not means you are a good security expert or so-called hacker.

I often see the question on Quora asking I’m stuck with CLI or something like that in Kali Linux or any such Linux distribution are also aspirant hackers. This is like swimming in the deep sea after one or two-day training course of swimming.

Cybersecurity is a matter of own experience to deal with vulnerabilities & threats. I witnessed many students who successfully completed hacking courses like CEH and still struggle to escape if stuck in simple Linux gotcha.

So-called Ethical Hacking is a nonsense thing in cybersecurity. Do you really think you would really be wanted to be a sheeple?

Everyone just wants easy success. But believe me for becoming a Successful Hacker it really takes years & a great sacrifice to become a Pro

Practicing more and more will really help you do that. So It’s your choice that what types of hacker you want to be (BlackHat, GreyHat, WhiteHat) really depends upon your choice & works.

Think that you have got your answer :smile:

19 Likes

(Leader & Offsec Engineer & Forum Daddy) #2

Nice little intro for beginners! I definitely agree with those languages, however why MATLAB?

Also I’d love to add that people trying to learn security should definitely learn the development process for web applications. Things like making secure webapps, how MySQL databases interact with PHP apps is so important.

And since we’re not in 2010 anymore, every hacker needs to learn Docker and containerization technologies, perhaps even Kubernetes. When you’re attacking something, you need to understand it intimately.

It would be a good idea too for people to make some very basic React or Angular apps, attacking modern SPA apps requires a bit of a different approach, in that you can sometimes dump dependencies and modules using left-over Gruntfiles.

For OS, in my humble opinion, I think that you’re actually better off just using an OS like Ubuntu or Ubuntu Minimal, especially when you’re starting out. You should get comfortable with installing custom tools on your own operating system. Most tools these days are just python/ruby/go and are mostly just hosted on Github.

Books? My favourite book when I was learning (abeit a tad dated now - but still very great for foundation) is Penetration Testing: A Hands on Approach and once you’ve done reading that (and have attempted the very basic buffer overflow!), try Hacking: The Art of Exploitation. I actually got bored and stopped reading this half way through, but I think I will probably reattempt it later after I get my OSCP.

Hope this helps anybody - this is what I wish I told 13 year old me when I was just starting out!

5 Likes

#3

Thank you very much @pry0cc :smile:

Yes I also love those 2 books you have mentioned. Added to my post’s booklist :smile:

Yes everything is changed. For becoming a successful hacker one should also learn docker

Yes its nice to start building a custom OS. But people should spend much time collecting those tools and their manuals to learn. Here pre made OS can help them out I think :smile:
Customization is a cool things but needed to be somewhat experienced. People from scratch won’t do this I think :smile:

Here MATLAB is not mandatory but needed for logical analysis, signal processing, making some software etc. [Just for fun] :smile:

1 Like

#4

I think you make the programming languages section look a bit too hard. You make it look like you NEED to know all those languages and that is simply not true. Also if you know one programming language, it will be much easier to learn other languages, you should probably add that in the OP :slight_smile:

Right now it looks like you’ll have to spend years preparing to fulfill one of the requirements, but if you know where to look, you can step into one of the hacking fields in a couple of months. You should probably make categories for the programming languages based on what field of hacking they are associated with.

For example:

  • Web exploitation: HTML / JS / PHP / MySQL
  • Binary hacking: C++ / ASM
  • Forensics: No programming language required
4 Likes

#5

Hacker is the person who has no fixed syllabus :smile:
For attacking a system you are welcome to learn any programming language.
Or if you don’t want to learn a single programming language then at a time will come when you will get caught for your doing. Because learning programming language is mandatory to understand how things are working [For understanding the basic principles of tools you will use to attack a system].
I don’t like script kiddies [Sorry, I don’t mean that to you]
Beside it is very much needed to make your own tools to make your work great again. Because you will not get every features in every tools you want :smile:

0 Likes

#6

You are right, my point is that you just made it seem too difficult in your OP though :stuck_out_tongue:

0 Likes

#7

Yes and no. If somebody is a script kiddy probably will use some tools without understanding how thous tools worked.

Good point.

1 Like

#8

Thanks @coffeina
Yes exactly it is. That’s why I personally don’t like any ScriptKiddies
For this learning Programming languages is mandatory

0 Likes

(Arnab_AXOM) #9

I was a scriptkiddie but now this article will help me alot

1 Like

#10

Thanks @axom_hexor,
I am very glad to help you a little :smile:
Stay with us to get latest hacking related updates

1 Like

(Arnab_AXOM) #11

Which programing language should I choose ? Python or other

0 Likes

#12

At first if I wanna say that you should learn C programming. Because C programming is the mother of all programming language. So for basic concept you should learn C. Then you can learn Python, Java…etc :smile:

2 Likes

#13

Sorry @r007c0d3 but I don’t agree with it. If you want to learn programming it almost doesn’t matter which language you choose. C/C++ will become very complex and it’s possible that it will overwhelm you at the beginning. All programming languages are following the same rules:

http://www.wou.edu/las/cs/csclasses/cs161/Lectures/rulesofthumb.html

The only thing that really changes is the syntax. The simplest way to understand programming languages syntax can be Python, Ruby or Perl. It isn’t necessary to start with C/C++.

1 Like

#14

Yes I agree with you. Most of the programming languages are almost same & they follow almost same rules But people should know the C language. But Python is great and easiest programming language to start with. But I also mentioned that people are welcome to learn another according to their needs :smile:

1 Like

#15

Is Kali exactly not for beginners?

I did hundred plus problem solving in C. I little bit knew about Python. So, Now how can I go through to be a Hacker?
I didn’t know about Cython Jython after seeing your article I got some new knowledge.

1 Like

#16

@duXpr0

Yes and No.

It doesn’t matter where you should start. The question is
“How much diligence you want to invest in this field?”,
“How fast you want to move?” and
“What is your goal?”

These questions you should ask and answer on your own.
If you want to move fast and you’re ready to invest a lot of diligence and passion to it you should start with Kali or with OSCP as I did.
It depends on your properties and on your answers to these questions.

The essential part here is to understand that even if you start with Exploit Development and Debugging you will always return to the basics. If you don’t know how to work with a terminal it will become a pain to debug a Linux application.

3 Likes

#17

Yes, @duXpr0

As you have solved hundreds of problem in C then its time to make some softwares of your own or try to crack software by reversing it :smile:
You are welcome to learn any programming language according to your need :smile:

You are free to choose any pentesing OS or you can build custom pentesting OS
There are plenty of Operating Systems of various taste. Kali will win because of being older pentesting OS. But for beginners it will be tough to start with Kali. Because you will get lost very soon when you are using Kali. I mean not properly organised. Besides not updated frequently & has lesser tools than ParrotOS. Besides Parrot requires very low RAM and not need higher graphics cards, Well organised & has most of the tools for a professional pentester uses daily in a day. I think that you are welcome to choose any of them but I will appreciate you to use ParrotOS

Pros: →

Parrot has plenty of tools than Kali & requires less space than Kali and so other nice features. Besides Parrot uses Kali repositories. One OS with two flavous. They are also providing a great community support where you will find the answers of your problems.

Cons: →

Kali has both 32 bit & 64 bit architecture support but Parrot dropped 32 bit support some months ago. In this place Kali wins. But I think that hackers will be so smarter to use latest technologies so that they will probably use latest 64 bit architecture. Think that you will also :smile:

These are the major differences I have mentioned. You will find detailed differences, just google Parrot VS Kali :smile:

1 Like

#18

In my honest opinion, to start with Kali and to choose the hard way to learn will make you better and I will tell you why:

ParrotOS is a great OS. As you said @r007c0d3 it has a lot of tools. But do you really need them all?

No.

A real good pentester/ethical hacker who knows what he is doing will need just 3 or 4 of them. The most tools I am using are:

  • Burp Suite
  • Netcat
  • wfuzz
  • Firefox
  • tcpdump/Wireshark

First of all, a good pentester/ethical hacker is a good researcher. He has to master this skill. These researching skills must be trained a lot. And even if something goes wrong with Kali you have to search for information until you solve your problem with it.

And this is just one of the easiest researches you will make in this field.

If you don’t want that or it is too painful/stressful for you I am referring you to the previous questions I wrote.

4 Likes

#19

Yes @Cry0l1t3,

I also use the tools you have mentioned. They are very popular and preinstalled with maximum pentesting OS. Besides, I use my own written tools rather than using every tools :stuck_out_tongue: But people loves to find differences of which OS has the most tools preinstalled, Which OS is Lightweight & so on.

As @duXpr0 asked, for this I have also showed differences about them. But both of the OS are good enough. It really depends how you are using it :smile:

1 Like

#20

Thanks a lot @Cry0l1t3

That’s truth that No one can’t get the success in any sector without his investment, diligence, efforts, etc. I’m really passionate about it though I’m at the seed level to this sector. I’m gathering knowledge and doing practice every day.

2 Likes