People have asked me this question several times so here’s my attempt at answering my number one question: How do you get into hacking?
To answer the original question, we first need to define what we see as hacking. I agree in general that the answer to this question will differ for each and every one of you, but i also think there will be some similarities.
For me hackers are people who like to use tools others use to construct things in a way which helps them figure out how things work. While this definition may seem broad, i believe hacking is a very broad term.
Using things in an unintended way is the one thing all hackers share in my humble opinion, and it’s what connects us all.
It was important to define what a hacker is because if we are expected to use things in an unintended manner, we are supposed to know how they work first.
For the sake of this video, i will assume we all want to become some kind of general IT/ software hackers. This is important because we will be using this as a general guideline for what to learn.
For all of the following techniques, if you want to learn them, the best way is to simply think of a useful project and get to designing. We will go over an attack strategy later on.
We need to get started somewhere and in my opinion, the best place to start is to learn HTML, CSS and javascript.
This will teach you the basics of scripting/ markup languages and also some solid javascript which will help when it comes to things like cross site scripting and finding other vulnerabilities related to javascript.
So you know how to make a basic website with some cool javascript, now its time to make it interactive. I’m going to make some enemies by saying this but i think you should learn PHP. A lot of people are against PHP because it is old and insecure, that doesn’t matter much for our cause.
So why should you pick up PHP? It’s simply easy. We want to get you started with the concepts of programming but not burden you with dependencies and complexity. This will make it easier to persevere because the timeline is not looking too optimistic. More about that later.
Now as for the project, we want to make something useful. PHP will help make something useful non-static quick and all you need is a text editor and a PHP server. The PHP theory is out of the scope of this video however :).
Do not involve databases yet or local storage systems unless you feel adventurous.
Whenever user input is involved, hackers run their hands... these points of interaction are usually where we can find our entry points for attack but before you can attack something, you need to know how to build it.
The reason i would advice you to learn about databases is because networking AND databases will come into play, which togheter with programming, make up a lot of the core concepts of hacking IT systems.
Look up why user input is insecure and how you can prevent insertion of insecure data. If you have this working, put your database onto a different computer and connect it up to your project.