>>
|
No. 310
if you try to learn to program just to hack, you probably won't be able to hack anything. You'll likely have to start messing around making things for their own sake.
Yes, C is a good language to learn because it will help you to understand some aspects of memory usage, and because it doesn't have a lot to prevent you from shooting yourself in the foot, which is the time you learn the most.
C is (unfortunately) kind of annoying to get running on a Windows or a Mac machine. Something like Virtualbox or VMWare Player is free and will let you mess around with a linux installation very easily, and without the chance of fucking anything up permanently.
There's a very wide array of directions a person can take security and penetration work. One of the biggest divides is whether you are trying to find holes in web applications or in binary files on your hard drive.
To learn about web application hacking, you kind of need to know how to write websites. You should mess around with PHP on a server, set up a forum system or a chan or something, and read blog posts about SQL injections, XSS (cross site scripting) vulnerabilities, and XML Entity injections.
If you want to do binary blob hacking, you've got a lot of reading about OS Memory organization, assembly language, buffer overflows and similar flavoured stuff.
It's helpful to have a goal. There's a lot of websites out there that have good example sites and good example programs that have known issues, and you can try to retrace other people's steps with them. Finding good places like that isn't always easy -- I bookmarked some and lost them a long time ago -- there's a big culture of network exploits in the US called CTF, and there are a number of people who have made sites dedicated to training their university teams and such. You might try looking for that as an information source. But you need to be capable of writing fizzbuzz first. If you don't know what fizzbuzz is, google it and try to solve the problem without looking at the answer. It's a "pulse test" for a programmer - if you can't do it, you're not capable of writing programs yet.
Lastly, be prepared to read. There's a lot of reading. There's also a lot of frustrated sitting in front of a screen thinking "what the fuck this doesn't make any sense", both in the "things are flying over my head right now" sense and in the "I swear I have checked every fucking piece of my code and it's all god damned fine and nothing is wrong so WHERE IS THE FUCKING PROBLEM" sense. And by "a lot", I mean those two situations are 95%+ of a real hacker (or programmer, or mathematician, or good scientist)'s life. The other 5% is just fun enough that it makes it worth our while, I guess.
Also, fyi: Stack Exchange and Stack Overflow are the best sites on the internet for technical answers to questions. There's a thing about 'how to be a programmer' here: http://programmers.stackexchange.com/questions/96504/how-can-i-teach-a-bright-person-with-no-programming-experience-how-to-program/96506#96506
Joel spolsky wrote that, and he kind of knows what he's talking about. If you buy (one at a time) and read those three books, you'll proceed through pop-culture, to coding, to solving hard fucking problems. It will make you capable of programming, and it will take you several months at least. Good luck. Python is cool too. (Lisp is implicitly assumed to be the coolest, but probably not directly useful for hacking stuff, haha)
|