Monday, July 29, 2013

Welcome to Hacking!!!

To become a professional in IT Field ( whether you are a security Expert or a Black / White / Grey hat Hacker) , you need to know the information below.


1. Learn TCP/IP, Basic Information gathering, Proxies, Socks, SSL, VPN, VPS, RDP, FTP, POP3, SMTP, Telnet, SSH.

2. Learn Linux, Unix, Windows - You can do this using vmware or any virtual desktop utility.

3. Learn a programming language that's compatible with all OS - Perl, Python, C, ASM

4. Learn HTML, PHP, Javascript, ASP, XML, SQL, XSS, SQLI, RFI, LFI

5. Learn Reverse engineering and crack some programs for serials easy ones like mirc, winzip, winrar or old games.

6. Code a fuzzer for common protocols - ftp, pop3, 80, 8080 - Pick some free software like ftp server, mail server, apache or iis webserver or a webserver all-in-one pack, or teamspeak, ventrilo, mumble.

7. Code a tool that uses grep to sort out unique code in source codes.

8. Make a custom IPtable, IPsec firewall that blocks all incoming traffic and out going traffic and add filters to accept certain ports that your software or scripts use.

9. Pick a kernel in linux or unix, also pick a Microsoft OS version lets say Winxp pro sp2 put them on the virtual desktops (vmware) and find and code a new local exploit in those versions, then install a Apache webserver on the Linux/Unix and a IIS webserver on the winxp pro and attempt to find and code a new local reverse_tcp_shell exploit.

10. Learn Cisco Router and Switch configuration and setup.

11. Learn Checkpoint Setup and Config

12. Learn Wifi scanning, cracking, sniffing.

13. Pick a person in you phonebook for the area code you live in or city then ring the person on a anonymous line like skype or a payphone or a carded sim and attempt to social engineer the person for his name, address, data of birth, city born, country born, ISP connected with, Phone company connected with, What bank he/she uses and anything else you can get. Then Attempt to ring using a spoof caller ID software with the person's phone number - call the ISP and try reset the password to his/her internet connection/webmail, get access to bank account or ask them to send out a new *** to a new address (drop) with a new pin, reset of phone company passwords.

14. Use your information gathering skills to get all the information off a website like a shop then use the spoof callerID software or hack your phone to show a new number of the Webserver's Tech Support number then ring the shop owner and try get the shop site password.

15. Do the same thing but attempt to use a web attack against a site or shop to gain admin access.

16. Once got access upload a shell and attempt to exploit the server to gain root using a exploit you coded not someone else s exploit.

17. Make your own Linux Distro

18. Use your own Linux Distro or use a vanilla Linux gnome (not kde) keep it with not much graphics so you can learn how to depend on the terminal and start from scratch install applications that you will only need for a blackbox (Security test box), make folders for fuzzers, exploits, scanners..etc Then load them up with your own scripts and other tools ( By this stage you shouldn't need to depend on other peoples scripts).

19. Learn macosx and attempt to gain access to a Macosx box whether it be your own or someones elses.

20. Create a secure home network and secure your own systems with your own Security policies and firewall settings.

All this isn't a over night learning it will take a nice 3 - 4 years to learn a bit of this 5+ years to learn most of it and even then you may need time to keep learn as IT keeps changing ever day.

As long as your dedicated to learning you won't have any problems and if you learn all that you should easy get a job in any company if you show proof that you can do these things (print out scripts that you made or put on disc) to show the companies.

ENjoy


No comments:

Post a Comment