How to Hack
Essay by review • February 19, 2011 • Essay • 1,707 Words (7 Pages) • 1,029 Views
This was one of the first and most influential texts on hacking I ever read. Copied here, because it seems to be no longer available from mc2.nu, which is where I originally found it. (anyone remember mc2? jabukie? the original hackers.com? HNC? AS-Mag? dtmf.org? nmrc? get in touch, I'd love to share archives)
You stay up all night on the PC typing and typing. No, you're not hacking. You're begging someone on IRC to teach you how to hack! Let's look at the facts:
1. You're a luser and you're annoying. No one likes you if you ask others how to hack without taking the least amount of initiative.
2. You're not worthy of any title even resembling hacker, cracker, phreaker, etc., so don't go around calling yourself that! The more you do, the less likely you are to find someone willing to teach you how to hack (which is an infinitesimal chance, any way).
3. You're wasting your time (if you couldn't infer that in the first place). Many real hackers (not those shitty script kiddies) spend all their insomniac hours reading and, yes even, HACKING! (Hacking doesn't necessarily (but usually does) mean breaking into another system. It could mean just working on your own system, BUT NOT WINDOWS '9x (unless you're doing some really menacing registry shit, in which case, you're kind of cool).)
You're probably thinking, "Then what should I do. If no one's going to help me, how can I learn to hack?" Have you ever tried READING (I assume this far that you are literate). Read anything and everything you can get your hands on! I recommend hitting a computer store and looking for discount books (books that are usually out of date, but so are a lot of the systems on the 'net, so they're still relevant!). You'll be surprised what you can learn from a book even when you're paying a dollar for every hundred pages. I recommend the following books to start off with:
* Maximum Security I or II: this is not a guide to hacking, despite what you might have heard, but you can get enough info to learn the basics of how hackers hack! (Isn't that more fun than being lamed, email bombed, and kicked off IRC).
* Practical Unix and Internet Security (Sec. Edition): This is mostly a book about how to secure Unix (if you don't know what Unix is, either shoot yourself now, or read O'Reilly's Learning the Unix OS), but half of learning to hack is learning a system from the inside out. How can you expect to hack a site (w/o using a kiddie script, which i must restate, is NOT hacking) if you don't know how to use the system?!
* Linux Unleashed/Red Hat Linux Unleashed: these books are kind of cool. First of all, they come with Red Hat Linux (*sigh*, just go to www.linux.org and read everything there) 5.1 and 5.2 respectively (if you get the newest versions of the book, which you should). Read everything you can from it.
* Sendmail in a nutshell: This is only after you read everything else. Sendmail, for those of you who still don't know, is a program that sends mail. It sounds stupid, but this is a buggy program, and usually is the avenue of attack many hackers take because of it's vulnerabilities.
* TCP/IP Blueprints: this will clear up a lot of things concerning TCP/IP.
* TCP/IP Administration: haven't read it, but can't wait to! (I've been bogged down by a lot of other REAL computer stuff).
After you've read them all, re-read them! Trust me, you gain a ton of information the second time you read them just as you gain perspicacity the second time through a movie with a twisted plot.
Then, read a ton of RFCs. RFCs are Request for Comments by the people who practically shaped the Internet. Here is a good list of RFCs (the books above give about the same list):
* RFC0760 - DoD Standard Internet Protocol
* RFC0792 - Internet Control Message Protocol
* RFC0819 - The Domain Naming Convention for Internet User Applications
* RFC0821 - Simple Mail Transfer Protocol
* RFC0822 - Standard for the Format of ARPA Internet Text Messages
* RFC0976 - UUCP Mail Interchange Format Standard
* RFC1123 - Requirements for Internet Hosts -- Applications and Support
* RFC1135 - The Helminthiasis of the Internet (Morris Worm)
* RFC1244 - Site Security Handbook
* RFC1521 - MIME (Multipurpose Internet Email Extensions) Part One
* RFC1522 - MIME (Multipurpose Internet Email Extensions) Part Two
* RFC1651 - SMTP Service Extensions
* RFC1652 - SMTP Service Extension for 8bit-MIMEtransport
* RFC1652 - SMTP Service Extension for Message Size Declaration
* RFC1675 - Security Concerns for IPng
* RFC1704 - On Internet Authentication
* RFC1739 - A Primer On Internet and TCP/IP Tools
* RFC1750 - Randomness Recommendations for Security
* RFC1825 - Security Architecture for the Internet Protocol
* RFC1891 - SMTP Service Extension for Delivery Status Notifications
* RFC1892 - The Multipart/Report Content Type for the Reporting of Mail System Administrative Messages
* RFC1893 - Enhanced Mail System Status Codes
* RFC1894 - An Extensible Message Format for Delivery Status Notifications
* RFC1918 - Address Allocation for Private Internets
...
...