A primer to offensive security

by Hash_Value

Every computer forum you find is flooded with questions about hacking. When lainchan makes it big, we are going to get these questions a lot on /cyb/, so point them to this guide when they ask!

Hacking has a lot of definitions depending on who you ask, but let’s go straight to offensive security (which I know is what you all want anyway). First, you will need a basic but strong foundation in programming, networking and operating systems.

To get a strong foundation in programming/scripting/coding you need to practice! I don’t mean following along with easy college intro to programming course either. You need to build something useful. It doesn’t have to be complex, just useful. Just run a web search every time you have a problem. Start off with some simple syntax and then go use that to solve problems and get better and go bigger. A lot of the time, you just need to know simple scripting languages such as python and ruby. If you plan on building something big, use C or C++. Personally, I always recommend this project based approach. That way you get to see how the pieces fit together and you actually end up with something at the end.

Next is networking. You will need to know how packets move, and how routers and switches move them! There are hundreds of tutorials on this, as with programming. Visit Cisco’s website and download a little program called packet tracer. This tool simulates creating a network, although it doesn’t have all the security measures and you don’t get the physical hands on experience. It’s one of the best tools available, though, and I highly recommend playing with it! If nothing else, you can buy an old Cisco router on the web for cheap and it will still be good, trust me. Businesses are usually slow to change their routers and switches. In addition to all of this, you also need a strong understanding of ports and TCP handshake.

Moving on to operating systems, the big three are Windows, OS X, and Linux. Back in the early days, if you wanted to do any hacking it had to be on Linux. That isn’t necessarily true nowadays, as many tools have been ported to Windows and Mac. However, Linux is still your best bet. Regardless of which operating system you choose to work with, you have to learn both Windows and Linux. Why? Each holds about half of the server market, and if you plan on breaking in to either you have to learn both, including Linux and Windows server versions.

Let’s not forget web applications! Since the arrival of web 2.0, HTML5 web applications have become more and more popular. You will need to know HTML (HyperText Markup Language) and Javascript (a client-side scripting language). You also have to know how websites work, and how databases interact with websites. You can start by installing LAMP (Linux-Apache-MySQL-PHP5) in a virtual machine (which we will discuss later).

Okay, now that you have a rough idea of what you should be learning, time for the good stuff!

First the age old question: “Should I download a hacking specific distro?” The truth of the matter is, you don’t really need too. You can download all the tools into any distro of Linux from the web, so the only real reason you would want to download a pentesting distro is the fact all the tools are the there and you don’t have to waste time finding all the dependencies for metasploit. So my advice for you is this: Download a pentester, but don’t install it as your main distro. Yes there are some distros that can serve both purposes, but I wouldn’t recommend using them that way.

Alright, you got your weapons and the skill to wield them, now all you need is a dojo. But why can’t I attack Shitbook or [insert other mainstream site here]?" I’m glad you asked! It’s because that would be illegal, and you would get caught. I recommend virtualizing everything because it’s cheaper; if you fauurrk something up you can revert back to a snapshot, and it’s cheaper. Now, many recommend VMware. It costs a lot of money, and I won’t lie, VMware is really well made. However, Virtual Box does the same thing at a price you can’t beat, free (as in both free beer and freedom).

Well, this was just a starter’s guide, rough and dirty. I do full time college and work, so opportunities to shitpost on the web are few and far between. I wanted to do a starter’s guide on BeEF (browser exploitation framework) as well but it was going to take longer than I first suspected. I’ll try for that next time, but no promises. If you want to talk to me, feel free to give me something to research; I love to learn new things. Chances are I’m lurking in #lainchan on freenode.

FAQ

Q: I’m just a poor boy who has to steal wifi.
A: Get Reaver or, if you’re using Windows, Cain.

Q: Kali Linux?
A: Only liveboot, don’t install it.

Q: Do I have to learn to code?
A: Tools can only go so far Anon.

Q: How do I hack Facebook?
A: Look into ‘SET’.

Q: What are the tools I need to hack X?
A:

• Portscanning: nmap
• Password cracking: hydra
• Web app: Burpsuite is popular, but I like w3af
• General use: Metasploit is an all-in-one tool which is pretty much perfect for everything
• Social engineering: payphone/SET

Q: Where can I get hands-on experience?
A:
Places to practice hacking:

• https://www.hackthissite.org
• https://www.hackthis.co.uk
• https://pentesterlab.com
• https://hack.me
• https://community.rapid7.com/docs/DOC-1875

Networking help and tutorials:

• https://www.netacad.com/web/about-us/cisco-packet-tracer
• https://www.youtube.com/user/danscourses

Very good resources and general use education:

• http://pastebin.com/cRYvK4jb
• https://udacity.com
• https://www.youtube.com/user/thenewboston

Exploit development:

• http://www.myne-us.com/2010/08/from-0x90-to-0x4c454554-journey-into.html