April 12th, 2003, 12:38 AM
Hacking for newbies
I posted this as a response to a question. Considering it's fairly long I decided to post it here.
1. First off, I'd read the following FAQS, they'll help install a decent sense of ethics (hopefuly) in you and give you some pointers in the right direction:
http://tuxedo.org/~esr/faqs/hacker-howto.html http://tuxedo.org/~esr/faqs/hacker-hist.html http://tuxedo.org/~esr/faqs/loginataka.html
2. Unless you're ready to install UNIX on your computer, I would recommend you sign up with one (or more) of the following shell account providers:
http://sdf.lonestar.org/ http://m-net.arbornet.org/ http://theunixplace.com/ http://shellyeah.org/ http://nether.net/
Once you have a shell account you need to learn how to use it. There's a nice introduction to UNIX commands at http://www.bsd.org./ While nearly every shell account prevents you from using many commands, they definately help you get your feet wet. Additionally, read all of the Linux/UNIX tutorials you can find at the following sites:
http://www.linux.org/ http://www.linux.com/ http://www.linuxnewbie.org/ http://www.linuxdoc.org/ http://www.bsd.org/ http://www.google.com/linux (search engine) http://www.google.com/bsd (search engine) http://www.informit.com/ (free books!)
Eventually you will probably want to install some kind of UNIX on your system. You don't have to but it makes hacking and the like much more enjoyable and easier. I would recommend either some kind of Linux (check out the information on the various distrobutions available at http://www.linux.org)/ or BSD (go here for a nice comparision of the various BSD's: http://www.infosecuritymag.com/artic...security.shtml)
I would also recommend getting several books on UNIX/Linux (the "In a nutshell" books are good) and read some of the free ones on networking, etc. at http://www.informit.com./
4. Now we finally get to security . If you've already done all the above steps this part will be a heck of a lot easier. Try some of the Wargames, and work on securing your own Linux computer (various guides are available on how to do this). If you have a good ISP connection (cable/dsl) you might want to practice administration by giving out shell accounts to either your friends or the world (if you're doing this make sure your system is really secure, it's actually better to have a seperate computer for this purpose instead of hosting off your personal pc.
Subscribe to security digests like BugTraq at http://www.securityfocus.com/ and if your Linux vendor has a security mailing list, sign up for that as well. Stay up to date on the latest vunerabilities and exploits. Try using various security tools like NMAP, Netcat, etc. (not canned "hacking" programs) on your own computers or any friends who give you permission. And READ! I cannot emphesize this point enough. Remember to use a search engine like Google.com before asking any questions. The sites at the end of this post should help.
Also, remember to following the Golden Rule (in otherwords, don't break into systems unless you have permission).