If you reading this for the first time and i haven't said hi "HI and welcome to GSO."As we are growing in size i think alot of the same question's will keep coming up so i thought i would post a newbie resource to get you all started.

Why hack.

Because it's kool and your going to meet load's of birds,get laid,and then show of to your friend's.Well don't bother starting.We all have our personal reason's,maybe to get a better job to secure your our network's,exploration and beacuse it's brilliant fun and you will meet a good crowd from all over the world.

How to start.

If your new to all of this like i was i would take a few day's and read all the past post's specially in this forum.Also check out one of our affliate's Blackcode.com.Generally just read all the past post's in the newbie section so you can at least get a feel of what's it all about.
Reasearch your question.It's more than likely to have been answered somewhere on the net.YOU must learn to use Google to find the info and also rember to use our site's search facilty.There's ton's of it out there.Remember you will not make any friend's by posting a question which had just got answered in a previos thread.

Your Machine.

It's more than likely that you will be starting out with some kind of window's machine.You will often hear that Linux is the hacker's choice but as your only just starting don't worry you can still learn alot.

Hacker tool's

I recommend going to SecuirtyFocus.com and to the tool's section just to read up what's out there to get a general idea.

The first thing you will need is a portscanner.NMAP is the no1 but as it run's on Linux you will have to use some of the other's.

SuperScan by foundstone. A fast realiable port scanner.One i often use.

LanGuard Network scanner.This will detect share's,remote OS,exploit's and Dictionary attack agaisnt SQL server's. I liked the old model but since they have realeased this version i have found it doesn't always detect window's share's.

IPEYE is a command line port scanner (downside is that it only work's on XP and 2000)

FSCAN from FoundStone. Another command line port scanner which also doe's UDP scans

There are many more portscanners out there but the above are the one's i use.

The Law.

There are many Government agencies out there watching every move so remember the best way to learn is by securing your own computer and then possibly get together with your friend's and build a network or get them to try and hack your machine and vice versa.Check out the atricles section for how it's done.


I want to learn to programme which language is the best.

The most common one's out their are Visual Basic,C,C++,Java,Perl,Assembler,and Python.For the record i can't programme and i plan to start this autumn.I decided to start with Python beacuse the general opion say it's the easiest.

Good Luck.

Note to all member's.My finger's are hurting and come tomorrow going to lose my connection for a while.As i said before i would like this thread to be a good introduction for newbie's so if you have any good link's and basic articles re Telnet etc etc(rememer when you where new) can you post them.Many thank's.

Hello Novice Becoming Hackers,

Allitle add-to-jay's-'article'..

You have hackers and you have hackers, i'm not gonna tell who's who since there alot of articles about that (script kid, hacker, blackhat, whitehat etc etc).
My point is, scripts kids act other then hackers.

From a hackers view you should learn a programming languages, alot of text files say you shouln't start with C but i think that is bullshit, you should start with C and put some effort in it, it's not a piece of cake, make some small programs, just hussel around a bit with loops, pointers etc, they are the most important parts of your coding life.

Then get into socket programming, if you really want to do something on writing port scanners hijacking ip spoofing etc, get into raw socket programming, tutorials can be find at the internet.

Then read all the articles on BOF's (Buffer Overflows) preferable read the first few articles in your maiden language, will easy things up since you need to change your way of thinking a bit. Then start to read more and more articles about them, and understand them all.

When you did that you can try and make your first exploit with the help of the tutorials, just find a advisory and download the version that is vulnerable with source, search for default functions like strcpy sprintf etc etc (will be talked over in the tutorials).
And be happy with your first exploit!

And ofcourse, when you have problems etc, just post 'm on this forum there will be ppl around that will help you, trust me


Hmmm , maybe this is a bit to indepth for this topic afterwards, but i didn't know at while i was typing this

Anyway, do with it what you like.

One footnote:
Try linux. If you're new and got probs with linux just do this:
Get VMWare, legal or illegal i don't care, just get it Then install Knoppix (can bet gain at www.knoppix.org and play around with it, if you like it just install it perm (YES ITs POSSIBLE TO RUN A DISTRO FROM ONLY A CD!! that's what knoppix makes so beautiful ) plus it's debian, which i personally like best..

I'm still using VMware in windows and then running knoppix at the vmware, it rox It detects everything, i almost ensure you that you'll like it (Errr, i don't but hey i'm trying to make you enthousiastic )

Ok i hope this all helped a bit and was a decent ADD to Jay's topic...

Cya guys around

Greetings,
woutiir

I'll follow up here with a few links currently I'm in a little bit of a rush so there will be more added.

Encryption:
http://www.cs.auckland.ac.nz/~pgut001/tutorial/
http://www.cacr.math.uwaterloo.ca/hac/
http://www.cryptography.org/freecryp.htm

Linux:
http://www.linuxiso.com
http://www.linuxexposed.com
Linux Security Quick Reference Guide: http://www.linuxsecurity.com/docs/QuickRefCard.pdf

Programming:
-C:
http://server11.hypermart.net/davidbook901.../c/f8564334.htm

Hacking:
http://www.governmentsecurity.org
http://neworder.box.sk/
http://www.astalavista.com

Hacking Lexicon:
http://www.robertgraham.com/pubs/hacking-dict.html

A good way to go is books. Books are often better than online resources, here's a few examples why:

1) You can read when you're not at the computer.

2) The author puts in more time and effort, since they are going to make money with the book, whereas a text file author doesn't.

3) You can physically keep the book as a resource.

The list goes on.

Books I recommend getting are:

Hacking Exposed.
Hacking Linux Exposed.
Maximum Linux Security.
Maximum Security - Availiable to read online: http://docs.rinet.ru:8083/LomamVse/

There are MANY other good ones, such as programming books (you DO need to learn programming to be a "hacker"):

C++ for dummies.
Perl in a Nutshell.
C for Dummies.
C in a Nutshell.
C++ in 24 hours.
C++ in 21 days.

The list goes on...

www.amazon.com
www.amazon.co.uk

It is a good idea to learn a lot about Networking aswell.


Thank you for your time.
Shaun.

And to add to what Shaun has said, I would recommend getting a good book opn TCP/IP such as TCP/IP Illustrated(<---------------excellent book! ) or even TCP/IP for Dummies..to get started!

I had previously browsed through the Illutsrated series before it and learned through other sources of the TCP/IP structure prior to reading dummies so maybe it was an operational problem. did things backwards

this may come as a bit of a surprise as a post but i'd like to point out to woutir that he isn't all that.
Woutir, what you have to do is grab some code, learn how it works and make a similar one in another language, dont assume your an almighty lord of the heat because you can compile and use a program someone else has laboured over.

BTW NMAP is available for windows as well. It's called NMAPwin.

wow thnx for the info (all of you) I will start today . hmm that's a sweet suprize I know python never expected you can use that for hacking purposes....

VM ware is a gud program worked with it in the past Had a tv card that wasn't working under XP so I used it 2 run a other OS on it l8ter I found a xp driver so I gave up on VM Ware maybe i'll try it again to install linux.

what version of linux should be gud to start with?

greetz Alex Trust

Two comments from me.

On the first, and original post - Please may and admin/mod edit it and place a comment about the negativity of learning VB as a first language. Visual Basic, or VB, isn't a very good place to start your programming experience - basically due to it's orginality. It is very different to other, more widely used programming languages like C and Perl. If you learn a languge like VB, then learning more advanced and difficult languages like Perl and C will be more of a struggle. I reccomend starting off with a language like Python, as it's structure and usage is similar to that of the more widely used languages Perl and C. If you start with Python, then you will find learning more useful and more difficult languages like the ones mentioned, much, much easier.

As for the reccomended distro of Linux for the 'n00b', I would reccomend the distro 'Knoppix'. Basically dude to the fact that the user does not have to commit themselves into a full install - as this version runs straight of the CD. It may not be the fastest version of Linux out there, (and that is for obvious reasons), but will give the user invaluable experience in using Linux without the commitment of the full, and sometimes daunting, task of installing Linux. (Ex. No need to format and partion your HDD, nor mess with those tricky settings..)

Hope I have been of some use, and that I have helped a few people out.

sounds a bit lame i know but i started of with batch scripts, they can be very handy at times and you can do more than you think with them, but if you do use them compile them using bat2exe, the best thing is all it takes is notepad!

A quick search with google can bring up many useful sites try "advanced batch scripts"

Another thing that not many people explore is the built in "stripped down" vb editor in microsoft word, simple learning "hello world" programs can be made easily as can macros and some simple games, first prgram i made was a gambling machine that ran as a macro inside ms word just using the rnd number command

I'm also a noob at linux , and I think the best way to start linux is with mandrake 9.0.

I'ts a nice cd , just insert and follow.And on there site , they placed training stuff with pictures.It's a bit scary as a windowsuser too switch to linux.The only think I can do on the thing is play a movie and lissen to some music.

I also used redhat but that was to difficult .It also didn't recognize my videocard.

But there's still a lot for me to learn in windows.

My advice , keep on reading .

Hello i am a n00b at hacking but i need some of the words to use..!!!

heLLo Im from sweden and need some help with more info about hacking mostely want in swedich

Well guys,

All you guys wrote it simply and nicely and today only I got my eyes on it and well, basically I am concentrating on Security issues, but love to play with penetration to test the security, I am a beginner and I was nothing when I came here, but after reading a lot from here as well as from the urls which you people provided, I get a lot of confidence and well, thanks a lot m8...Improving a lil bit these days, thanks a lot...

Manu

Did somebody mention TCP/IP???

Well I have attached a few more of my much loved tut's
for anyone thaht's interested... and Awesome stuff for the above info... alwayz good to learn from More Experienced users... even if the're conciderably younger then you are. <Shaun2k> take care and have phun.

Wkd.

Contents of package:
-------------------------
Maximum Security - A Hackerz Guide to Protecting your Internet
TCP 4 Cert
Teach yourself TCP-IP in 14 Dayz Sec. Ed.SAMS


ps: Wicked Could'nt hack his way outta a Paper bag with scissors...

pps: Yeah they're a little out Dated but still come in handy.

ppps: Wicked Ain't Really that old....

pppps: Don't Ask!
Laterz.

I guess i was away when you wrote this but on behalf of everybody no problem.

Beginning as an Information Security whatever...or Hacker....

Definately you will need to learn Programming. I have been at Information Security and Networking for a few years of my life...and I always run into the problem of compilation, or creation of my own tool.

The real problem comes when my limited programming experience stops me from completing my mission...it sucks.

I am glad I ran into GSO though. Tough to find local quality teammates to learn from....

So my 2 cents is learn Python or C to start....then go from there. I will.

-Hardcore

good tips...

I do like what you are saying but in the event of a total System DOS, what in the sense can we rebut with?

Do you have to learn to program to be good at security? What if you want to stay in the Windows world? Once Linux becomes as mainstream as Windows (which it will never be on the desktop side) it will be hacked and exploited the same as Windows. Tux is very cute!
~jimmy

For linux newbies and experts, a really good linux resource is linuxquestions.org. It's a massive forum with a lot of people posting every day. Very easy to get help there.
Another good linux-for-newbies page I just found the other day is http://www.linux.org/lessons ... it looks really good and in-depth.

To reply to Jacerra, Linux is hacked as much as windows. There aren't any widespread worms like there are for Windows, but it has its share of Sendmail, Bind, Apache ... exploits that I see tripped everyday on the networks I monitor.

TCP/IP is definitely something to know ... how else are you supposed to know how to craft those IDS-evading TCP packets? Or to decode those logged binary TCP packets

Another good/interesting "language" to learn, is shellcoding. There's a pretty good article about it on neworder (neworder.box.sk).

Didnt think there would be much in this thread of interest, as I have visited a lot of security sites and done a lot of reading but i am impressed with the amount of resources and advice posted in this thread. Will wear my noobie tag with a little more humility. Thanks to all who contributed.

I must admit I am confused. I read in these forums about how you are against hacking and everything, and then you guys start talking about hacking; is there some sort of double meaning to the word that I am missing?

We ara gainst hacking as a skiddie way. So we are against seeing how much computers we can hack with an autohacker that we know nothing about but it only takes a few commands and we have 400 computers on a botnet.

What we encourage is knowing about the computers and learning to do it all by hand becauise once you know how to do it you can successfully secure it on your home/business network.

So it's more like you try to know as much about computers as you can and then you try to understand how a hacker hacks to safeguard yourself against the hackers?

Oh and by the way why is this site called government security? How does the government fit into this?

click the contact us button at the top

Hey can anybody tell me what C:/scanregw.exe does. Oh and could anybody tell me if disabling it at start up would give me extra rights on a network.

hey i'm new here..tnx for all the tips!

.

Hi everybody, as newbie I'm going to do what I generally do on a board: read old posts... I'm not sure I can post before a lot of monyhs...
@+

Hi there well like adviced im going o read all that the forum has of security! im a newbie in several aways so you can say im starting at 0 knodledge!!! hope i can adquire the knodlege in here



thks alot

great site, i like the advices
i hope to learn a lot about scripting here

thanks! i really want to learn here

My goal is to learn all that I can about security and to share the knowledge. I will start by reading old post and new post.


Thanx for having me


DeepExplor3r


PS: If my sig offends anyone let me know and I will remove it @ their requeest.

shoot! looks like i got a lot of reading in front of me

lol , I have a question , sorry if its a dumb one , but I can post replys , but I cant start new topics...

Xanni

You should read the rules etc.While you are a trial member you can only post replies until you reach somewhere around 50 posts.We then review all your posts and see if you deserve to reach full member status.Remeber its quality rather than quantity.

DeepExplor3r. Go and read the rules. Sorry no big signatures.

hi, there

why is the the only thread i am aloowed to post in?


greetz
rockerx

//edit
ok, i read it

A great distro for newbies is called Phlak Linux.
I believe that Phlack stands for Professional Hackers Linux Attack Kit. It is a live CD type of distro based on Morphix (kinda like Knoppix) so you don't have to commit to installing linux on your HDD if you are not ready.
The cool thing about Phlak is that it has all kinds of security tools already compiled and ready to run on it, so you can mess around with all kinds of hacking tools without having to download and compile them yourself and deal with wrong library versions and dependancy hell.

Hi.

I dont't know where to post this, and I cannot create new topics, beacause I'm still trial.

My question is (please don't laugh) how can I connect to a sever like a SQL through a proxy. Is this possible?

Thanks for useful answers.

when shall i know i am not newbie now and ready for the next stage?

i have already known c and now i am learning c++ facilities but how you guys write exploits i mean in order to write exloit that something i dont know different topics (which i dont know) on c to write exploits