How To Get Started Hacking
When I talk with people outside hacking
circles about learning to hack the most common question I get is, "Isn't teaching people how to hack dangerous? What if they use it to do bad things?" The question is rooted in a mashup of several overly simplistic and misapplied ideas, and syllogistic fallacies
1: Hacking requires "specialized" skills.
2: Learning "specialized" skills is a "dark art" and are only pursued by someone intent on doing evil. This is obliquely saying that learning to hack is akin to black magic and only evil people do black magic
so all hackers are evil.
3: Security through obscurity
4: Take all this and wrap it in a syllogistic fallacy
. Driving a car is a specialized skill. A bank robber uses a car in a robbery. Bank robbers are criminals. You drive a car so you are a criminal
It is easy to see how shallow thinking, fear, and logical fallacies has lead mass media
to portray hacking as always being a crime.
Is it possible to defend without knowing the methods used by your adversary?
How would police officers catch criminals if they did not know how they think and what methods they used?
How would our military protect us if they did not know the enemies tactics and have the skills to repel them?
The SANS Institute
is one of the premier information security training and certification organizations. They are famous for saying "your offense should inform your defense
I am a hacker. My skills were acquired through a lifetime of training on my own, with the United States Navy, and as an information security professional.
I use them daily to defend systems from both criminals and state actors
and I am actively training the next generation of hackers to do the same.
If you think all hackers are criminals, then see "Why Teach Hacking
" before continuing.
I am often asked, "How do I learn to hack?"
I have learned that the term hacker can mean many things to many people and is a highly debated topic. The meaning of hacker has evolved/devolved over time depending on your point of view (whether you are a hacker or not).
Many hackers today define themselves based on the roots of hacking
, which you can read about in "A Brief History of Hackerdom" and the Hacker Wikipedia article
However, the word hacker has morphed and mass media
uses it to mean a person who uses specialized technical skills to commit a crime. For more on this see "Why Teach Hacking
Hacking has evolved to address not just the use of skills but the process by which you acquire those skills.
Therefore, the simplest definition of hacking is the process by which you discover the difference between what something was designed to do and what it is capable of doing.
Many would argue that this definition is too broad and would include endeavors outside the scope of technology, computers, and networks.
I have come to see that the same quest for knowledge and skill prosecuted by the old school hackers is the same process used by those mastering other fields of endeavor from astrophysics to knitting.
Hacking is as much about the journey as it is the destination.
I will be focusing on hacking as it applies to technology, computers, and networks.
Our knowledge and skills are like a block of Swiss cheese, which appears solid but is full of holes. Hacking is not just about applying your knowledge and skills but also the process by which you fill in the holes.
Figuring out the best place to start can be difficult because we often are not aware of what we do not know, so I am providing a framework to get started. It will then be up to you to follow the breadcrumbs, find the holes in your knowledge and skills, and fill them in. During this process, you will find more holes to fill in and during that, even more holes. It is a lifelong, never-ending pursuit.
The "hacker ethic
", just like the term hacker, has morphed over time. Originally
, hacking was driven by a thirst to understand how things work and was conducted on systems that the hackers had a right to access. Mix the ideals of hacking with a bit of anarchy and you end up with hackers that prize ideas and exploration over personal property rights.
has camped on this idea and do not recognize that most of the hacking going on today is by people who do believe in property rights and are using their hacking skills to defend those who can't defend themselves.
In the non-fiction book "The Cuckoo's Egg
", Clifford Stoll
encounters a new systems administrator who adheres to the anarchistic version of the hacker ethic. Clifford underwent a change in his thinking during his experiences chronicled in the book and knew the systems administrator's philosophy was wrong but could not articulate it. By the time Clifford reaches the end of the book, he provides an excellent rebuttal. Based on Clifford's rebuttal I have formed one of my own.
Property ownership is a cornerstone of society and built using a fabric of trust. In many cases that trust is an unspoken agreement and in others the trust is codified in law. More often than not, the trust is not enforced until after the fact.
The dashed white line on the freeway reminds the drivers of that trust but it does not prevent another driver from making a left hand turn in front of me at 80 miles per hour. Likewise, when I get a drink out of the vending machine I trust that it will not kill me. If it does, my family will be rich after the lawsuit, but I will still be dead.
If we cannot trust one another in any circumstance then the fabric of trust unravels and people stop building the very systems we want to explore. You cannot have your cake and eat it too.
As hackers, we have a choice we can explore without regard to property rights and destroy the fabric of trust or we can repair and reinforce property rights and the fabric of trust.
With great power comes great responsibility.
You have to choose.
I too had to make this choice. Through providence, I was led away from the "dark side" and have spent a lifetime defending others. My hope is that you will join me in this endeavor.
You will find that everyone's background and skills are a little different so there is no best place to start (see How Do I Learn to Hack
I recommend reading through this page to get the big picture and see which area interests you the most and just jump in. No matter what you start with it will eventually lead to all the other areas.
You do not have to break the law to get systems to play with. It is possible to get lots of equipment to play with at little to no cost.
Tell everyone you know that you will take any old electronics they no longer want. You can also pickup systems alongside the curb
on trash day. Sift through the equipment and keep the useful stuff, scavenge
the rest for parts, and then recycle
what is left. Power supplies
are particularly useful when building Raspberry Pi
There is a charge of $10.00 to $15.00 each to recycle TVs and monitors with CRT
s. I have found that people are a little more willing to call you if you tell them upfront that you will use the equipment for training, find it a new home (like a Hacker/Makerspace
), or responsibly recycle anything you do not use. This relieves them of the burden of recycling but you might have to pay to recycle the TV's and CRTs; thankfully, they are becoming less common. The treasure trove of free useful equipment I have gotten over the years more than offset the small cost of recycling the occasional TV or CRT.
Atlanta Electronic Recycling Centers
Companies replace workstations
, and networking equipment
every three to five years. It is common to depreciate
the cost of the equipment on their taxes. If they then sell or donate the equipment to a charity they can end up paying additional taxes because they received a value greater than the depreciated value. The taxes can be more than what it would cost to pay a recycler to take the equipment.
This is an opportunity. It does not cost them anything to give you the equipment. Everyone you know works for a company. Talk to your friends and find the person in the company you need to talk to about getting their older equipment.
The best way to go through a minefield
is to follow someone. I highly recommend finding local like-minded people with which to trade ideas. I am located in Atlanta Georgia so I will list examples from here. I will also provide some links to help find similar resources where you live. If there are not any, then start a group. Hacking is all about improvising, adapting, and overcoming
(to borrow from the U.S. Marines
). You also have the Internet, and online groups are a good way to get involved with others.
Pick the groups you associate with carefully. Hanging out with the wrong crowd can get you arrested just by association. If you want to work in information security your reputation must be above reproach because they will give you access to their most sensitive information and systems. A single arrest can end a promising career.
You will hear stories of criminals that were caught and later got jobs in information security. This is the exception. What you do not hear are the stories of permanently damaged lives, which are far more common.
Atlanta Hacker, Maker, and Security Groups
Other Hacker, Maker, and Security Groups
The skills and technology I am listing here are interconnected. As an example, how do you know what networking option to select in VirtualBox
if you do not know how networking works? How do you experiment and learn how networking works without being able to simulate it with VirtualBox?
You are going to get stuck and frustrated. Will you quit in frustration or use it as fuel to drive you to improvise, adapt, and overcome?
I have chased solutions that took me years to solve. My secret? I did not quit in frustration. If there is one thing that makes or breaks a hacker, it is what they do when they get frustrated. This is when it helps to have other people to talk to (see Find Like-minded People to Exchange Ideas With
The first thing you will need is a computer that can run Windows
. OS X can run on commodity hardware
but generally you will need Apple hardware, which is expensive and not readily available from free sources. I will not be covering iOS
hacking although all the principals I am covering here apply to them as well.
You are going to be running virtual machines
so your computer will need enough resources to run the host operating system and two or more guests at the same time.
I recommend 4GB
and 256GB of disk space
at a minimum. The more processor cores
the better. It is not necessary to have a multi-core computer but it will be far more responsive if it is.
You can use a 32bit processor
but note that you will not be able to host 64bit
If you have a 64bit processor you can run both 32bit and 64bit guests. In addition, some 32bit processors will not be able to provide the proper virtual machine hardware extensions
All is not lost If you can not afford a computer (see Where to Get Equipment to Play With
). It does not matter where you start learning, there is no best place to start so if all else fails you can get a Raspberry Pi
Zero for $5 or for $10 you can get a Raspberry Pi Zero/W that has built-in WiFi. Talk to other hackers, they often have equipment laying around they are not using any more and will gladly give it to you knowing it will go to a good home and that it will be one more thing not cluttering up their home lab (see "Find Like-minded People to Exchange Ideas With
If you are running Windows
as the virtual machine
host operating system, you are going to need hardware that will run a currently supported version of Windows. You will also have to factor in the cost of a license
. You can use a demo
license but you will be rebuilding your host every 90 to 180 days because the license will expire. This is fine for a virtual machine guest but it is a real pain to have to rebuild your host every few months.
You can avoid the Windows licensing issue by running Linux
as the host operating system. I recommend using a long-term support
version. If you do not know which Linux distribution
to pick, use Ubuntu. I use Debian
, which is what Ubuntu
is based on. Once you get to know Linux, you can branch out and try other Linux distributions.
Windows is more resource intensive that Linux. This applies to the virtual machine host and well as guests. Despite this, I recommend you learn to use both operating systems as they constitute the majority of systems used.
There are three primary virtual machine
software vendors in the market, VMWare
, Oracle VirtualBox
, and Microsoft Hyper-V
. VMware and VirtualBox support more guest operating system types and will run on a Windows
host. Hyper-V only runs on a Windows host so I will not be covering it.
VMWare is the most full featured, however it is expensive. VMWare comes in three versions, ESXi
, and Player
ESXi is meant to run on bare metal. Workstation requires a host operating system and Player is used to run virtual machine appliances built using VMWare Workstation.
VMWare Player is free but if you want to build your own virtual machine guests, you are going to need VMWare Workstation.
Oracle VirtualBox is free bit it is not as full featured as VMWare. I have used VMware for many years but moved to VirtualBox exclusively in the last few years and have found that it is well up to the task. VirtualBox
is under active development so they are regularly adding new features.
VMWare and VirtualBox Documentation
Knowing how to use a search engine
is a hacker superpower.
The Internet is a treasure trove of information if you know how to dig for it. Search engines such as Google
have advanced search directives that can make it much easier to find what you are looking for.
Google Hacking (Dorking) References
The better your systems administration
skills the better you will be at hacking. You will need to be able to install operating systems
and configure basic services
. There are plenty of free online resources for learning systems administration. You will also find these skills are essential for reusing the free hardware you have been getting (see Where to get equipment to play with?).
You will need to learn how to modify the system configuration using the Windows Registry
, Linux config files
, and how to use init
Learn to embrace the Command line
(CLI). Some of the most powerful tools for systems administration and hacking do not have a GUI
interface. Often your foot hold
on a system will only be through a CLI. When you exercise a vulnerability
and find yourself with a shell
that that is not a fully interactive tty
your skill with the command line will let you easily overcome the problem. See "Learn to Code
" for Linux and Windows command line tutorials.
Systems Administration Training Resources
Learn How to Install, Configure, and Harden the LAMP/WAMP Stack
The default text editor
on all modern versions of Windows
so learn how to use it.
Virtually all Linux distributions
come with vi
installed by default. On some systems, vi is an alias
. All the vi commands also work in vim. If you learn how to use vi, you will be able to use vim as well.
Editor Training Resources
Originally, networking hardware
had a single function such as a router, gateway, hub, switch, or firewall. The reason was that the equipment was expensive. Costs have come down significantly and miniaturization has allowed manufactures to build multi-function devices.
Today you can commonly find sub $100 dollar devices that are a WiFi access point, gateway, router, switch, firewall, web server, file, and print server.
You need to learn what each of these devices do and more importantly what they do when connected together to form a network.
is not just the hardware
. It also entails the protocols
that carry the information across the network.
The OSI model
is a standard way of organizing the functions of a network stack
. None of the common network stacks in use today strictly adhere to the OSI Model but the OSI Model is commonly referenced when discussing the functions within a protocol stack and when comparing functions between different protocol stack implementations. Whenever you are reading networking documentation and you see a reference to a "layer
" they are referring to the functional layers of the OSI Model.
There are numerous types of computer networks
utilizing a blizzard of networking protocols
, suites, and communications protocols
. As you learn about networking it can be confusing and overwhelming. Remember the first rule of hacking, the successful hackers are the ones that don't quit.
The Internet Is an Amazing Source of Free Training Material
At Some Point You May Consider Building a Networking Lab
, at its heart, is simple and embodies the concept of Confidentiality, Integrity, and Availability (CIA
) of information at rest and in motion
Confidentiality - only those authorized can access the information.
Integrity - the information is only modified by an authorized person.
Availability - the data is available to an authorized person when needed.
What makes information security challenging are the technologies and people used to collect, store, and manage the information. Hardware and software can be patched
but people cannot. More often than not, the biggest challenge in security is how people implement operational security (OPSEC
). Hacker OPSEC
, maintained by The Grugq, has an extensive collection of articles related to OPSEC successes and epic failures.
We also live in a veritable blizzard of new technologies, software, and services, drifting high on top of older technologies and often security was never considered during their design. This is not to say that new technologies take security into account, most devices referred to as the Internet of Things (IoT
) are extremely insecure by design.
It is vital to learn how to hack in order to understand the interplay between the hardware, software, people because without this understanding you will not be able to provide defense in depth
Information Security Training Resources
In a CTF
(capture the flag) (see "How to Practice Without Getting Into Legal Trouble
") you will need to find what services
are running on the target and if there are any known vulnerabilities
is the go to tool for scanning
systems on a network. Once you have discovered the systems, you will need to find what services are running and what vulnerabilities they have. Service and vulnerability discovery is also a critical tool that defenders
need to master.
Vulnerability Scanners and Databases
maintains the CVE
(Common Vulnerabilities and Exposures) database. CVE Details
is a site that makes it easy to search for CVEs based on multiple criteria.
is a search engine for Internet connected devices.
is an open source fork
of the Nessus vulnerability scanner
is a proprietary vulnerability scanner. Nessus Home
is free and allows you to scan up to 16 IP addresses on your personal home network.
- Vulnerability Scanning with nmap
the open source cross-platform utility for network discovery and security auditing.
are not the only vulnerable processes
you will find on a server
. Fully patched
system can be compromised
through web applications
running on them. Web applications can be vulnerable due to bugs
in the technologies used to create them or through errors in their configuration
but the most common vulnerabilities are the result of insecure coding practices
on the part of the web application developer.
The Open Web Application Security Project
) first published its "Top Ten
" most critical web application security risks in 2003. Each category in the top ten represents a class of vulnerabilities that may contain more than one example.
The best place to start learning how web application vulnerabilities work and how to prevent them is to use OWASP WebGoat
a self-contained web application security training environment with lessons, labs, and walk-throughs
. WebGoat is written in Java
so you will need to install
When you run WebGoat the machine you are running it on will be vulnerable. The best way to do this is to run WebGoat in a virtual machine
networking. This will protect the virtual machine while allowing you to connect to the Internet through the host computer.
If you run WebGoat on your own computer I recommend placing your system behind a dedicated firewall
so you do not get compromised.
You will need a web application attack proxy to complete some of the WebGoat lessons. Burp Suite
has the most features and has free and professional editions. OWASP Zed Attack Proxy
) is open source
Web Application Security Training Resources
You do not need to code
to get started but as you master the command line
(CLI) (see"Learn Basic Systems Administration
") you will eventually need to automate a process
or modify someone else's code to get it to do what you want.
The most common coding is shell scripting
, and on Windows
it is batch
. Many of the security tools you will be learning to use are written in Perl
Linux Shell References and Tutorials
Windows Batch References and Tutorials
Windows PowerShell References and Tutorials
Perl References and Tutorials
- multiple titles
Embedding Perl in HTML with Mason
Picking Up Perl
Perl 5 Internals
Practical Mod Perl
Perl & LWP
Python References and Tutorials
Free Programming E-Books
- multiple languages
A penetration test
(pen test) is a simulated attack on a system to determine weaknesses
. There are Linux distributions
specifically made for pen testing that come with an assortment of the most common free
and open source
Pick a penetration testing distribution and install it in a virtual machine
. Use it to test security on you home network
. You can also install a boot2root
image in a virtual machine to train with (see "How to Practice Without Getting Into Legal Trouble
"). If you do not know which pen testing distribution to use, I suggest using Kali Linux. Once you get the hang of it you can branch out and try some of the other pen test distributions.
Popular Linux Penetration Testing Distributions
It is possible to practice your new found hacking skills without the risk of being arrested (see "Ethics
is the name given to virtual machine
images designed for penetration testing
and capture the flag
(CTF) training. I recommend starting out with Boot2Root images that have walk-throughs
. Try to complete the challenges on your own. If you get stuck you can look at the walk-throughs for help.
It is also helpful to read multiple walkth-throughs for the same Boot2Root as pentesters don't always use the same tools and methods (see "Learn to Use a Penetration Testing Linux Distribution
A good Boot2Root to start with is Metasploitable 2
which is designed to train pentesters in the use of Metasploit Framework
. You can also try your hand at Metasploitable 3
has created a VirtualBox OVA file
that makes building Metasploitable 3 much simpler. You just Download
and import the OVA, start the virtual machine, and sit back and relax as it builds your Metasploitable 3 virtual machine.
Once you have got Metasploitable 2&3 under your belt you can visit VulnHub
, a repository of free Boot2Root images you can practice on.
As your skills improve you can also try your hand at competitive CTFs such as NetKotH
(Network King of the Hill) which are run at the monthly DC404
meetings. You can also get free CTF training from the Atlanta Ethical Hackers, Penetration Testers, & Information Security
DC404 has a CTF team you can join (all experience levels are welcome) and alos check CTF TIME
for a calendar of CTFs.
Back to Keith's Home Page
Keith R. Watson
Email me at: