Asphyxia

Owner
Administrator
Apr 25, 2015
1,844
2
2,197
327
Today you are going to start learning how to hack* but this takes time, hacking can be fun and legal! It is your responsibility to uphold good ethics and do what is morally right. Do not harm others, instead help! It is up to you.

Firstly, join our Discord community of other hackers and cybersecurity experts because teamwork is very important in learning these skills: https://discord.gg/eYz7aPk

A lot of computer-related security ties in military acronyms and heavily involves intelligence. The idea is that if you can outsmart the adversaries, you will overcome their systems and win with a compromise. Simply: know more and do more.

Let me introduce myself: Between ages 9 and 14 I regularly found vulnerable systems daily and quickly escalated to root (Linux) user or system (Windows). Eventually I began automating this process which I highly recommend not doing for obvious legal reasons:
  1. Scan for weak systems; discovery (sometimes Google dorks, ZMap to scan ports, then perform banner grabbing, craft an exploit in PHP or Python after finding a vulnerability in the system on affected ports)
  2. Once we are employing our scanner with vulnerability signature detection, we are onto target generation. Scanning tools can generate files, we then have our target.txt file perhaps?
  3. Run your script (assuming you made one) exploit.py target.txt, if you developed this to implement multithreading, you will notice your Python script filling the screen rapidly with targets actively being provisioned with a web shell or other backdoor method (IRC joined, enter channel where attacker has operator; IRC botnet).
  4. With all your successful targets, ideally placed in win.txt or yay.txt (whatever you want), now you have a list of hosts to escalate access if you only scored user rights, or you have a list of rooted hosts. Regardless, you have shells and these are valuable because you may have access to 1,000 machines with resources. Assuming each has 512 MB of RAM, you now have 512GB of RAM!
  5. With the above hosts, perhaps we load target.ip/c99.php with a login API of sorts. This is essentially how most modern-day booters are developed to my knowledge.

Learn programming quickly by picking an easy language like PHP, then begin learning Python, and eventually dive into learning more about exploit development.

While gaining traction into the depth of this content, your tires (brain) may begin to slide on ice. Keep in mind there is never a time to completely give up, only to take a break and play a game (or maybe a hacking-related game to learn while playing). Some examples of fun hacking games include:

While learning to use scanning tools like Nmap, ZMap, and others to discover open ports on your own systems - try using tools like tcpdump and Wireshark to find the scanning activity. Companies like Hetzner will detect massive scanning activity on their network and file abuse reports to your hosting provider.

I plan to make tutorials on hacking along with security videos related to common hacking topics like anti-DDoS, DDoS, and programming with emphasis on systems security. I highly encourage you to make your own tutorials here while you learn both attack and defense. While making tutorials you will learn but also help others! I am especially interested in incident response lately. An awesome Wiki filled with computer forensics/digital forensics is also a great way to start in the defense area.

*All content within this page and all references are for educational and information purposes only.
 
Top