Difference between revisions of "User:Hatter/getting started"
(Created page with "So you're new to offensive security, and one day you want to call yourself a hacker. Understanding the building blocks of a system is the first step towards learning to...") |
|||
| Line 1: | Line 1: | ||
| − | So you're new to offensive security, and one day you want to call yourself a hacker. Understanding the building blocks of a [[host|system]] is the first step towards learning to control it. A solid basis in [[administration]] is needed in order to know how to use a machine. | + | So you're new to offensive security, and one day you want to call yourself a hacker. Understanding the building blocks of a [[host|system]] is the first step towards learning to control it. A solid basis in [[administration]] is needed in order to know how to use a machine. A solid basis in [[programming]] will help you understand what leads to successful [[exploitation]]. |
| + | == Administration == | ||
| + | Administration can be broken into a few categories, but for the purposes of this library, administration is divided into system administration, and network administration. | ||
| + | |||
| + | Mastery of an [[Operating System]] is essential. Most [[server]]s on the internet are powered by [[Linux]]. While difficult, a head-first approach to learning [[Linux]] can be obtained with [[Gentoo Installation]]. We crawl before we learn to walk. | ||
| + | |||
| + | |||
| + | == Code == | ||
[[Programming]] is the next essential skill. Without knowing a [[programming language]] it is nearly impossible to abuse any [[application]]. [[Assembly]] and [[machine code]] are the building blocks of all other programming language. These are the predecessors to the [[C]] language, a mid-level [[compiled language]] which became the cornerstone for nearly all of the modern [[interpreted languages]], including [[PHP]], [[Perl]], [[Python]], and [[Ruby]]. The [[Linux]] operating system is written in [[C]] and [[C++]]. | [[Programming]] is the next essential skill. Without knowing a [[programming language]] it is nearly impossible to abuse any [[application]]. [[Assembly]] and [[machine code]] are the building blocks of all other programming language. These are the predecessors to the [[C]] language, a mid-level [[compiled language]] which became the cornerstone for nearly all of the modern [[interpreted languages]], including [[PHP]], [[Perl]], [[Python]], and [[Ruby]]. The [[Linux]] operating system is written in [[C]] and [[C++]]. | ||
| + | == Exploitation == | ||
Most beginners find [[web exploitation]] to be the easiest topic to start with. This requires a strong understanding of the [[HTTP|world wide web]]. [[Web application]]s are [[programming|programmed]] using a series of [[interpreted languages]]. This nearly always involves some form of [[HTML]] and [[CSS]], originally developed to be a document and that document's stylesheet. Dynamic content is usually powered by a [[database]], and usually involves [[SQL]] code. The [[programming language]]s used to render dynamic content are [[interpreted languages|interpreted]] on the web [[server]], while languages such as [[HTML]], [[CSS]], and [[JavaScript]] are interpreted and rendered by the client. | Most beginners find [[web exploitation]] to be the easiest topic to start with. This requires a strong understanding of the [[HTTP|world wide web]]. [[Web application]]s are [[programming|programmed]] using a series of [[interpreted languages]]. This nearly always involves some form of [[HTML]] and [[CSS]], originally developed to be a document and that document's stylesheet. Dynamic content is usually powered by a [[database]], and usually involves [[SQL]] code. The [[programming language]]s used to render dynamic content are [[interpreted languages|interpreted]] on the web [[server]], while languages such as [[HTML]], [[CSS]], and [[JavaScript]] are interpreted and rendered by the client. | ||
[[Web exploitation]] can be used to [[Command Injection|execute remote commands]], [[steal cookies]], [[SQL injection|extract database information]], bypass [[authentication credentials|authentication]], and more. Simply because [[exploitation]] of [[interpreted languages]] is easier than [[exploitation]] of [[compiled languages]] does not make it any less effective. This, in conjunction with the recent popularity of [[web application]]s makes it the best place to begin. | [[Web exploitation]] can be used to [[Command Injection|execute remote commands]], [[steal cookies]], [[SQL injection|extract database information]], bypass [[authentication credentials|authentication]], and more. Simply because [[exploitation]] of [[interpreted languages]] is easier than [[exploitation]] of [[compiled languages]] does not make it any less effective. This, in conjunction with the recent popularity of [[web application]]s makes it the best place to begin. | ||
Revision as of 19:23, 28 June 2012
So you're new to offensive security, and one day you want to call yourself a hacker. Understanding the building blocks of a system is the first step towards learning to control it. A solid basis in administration is needed in order to know how to use a machine. A solid basis in programming will help you understand what leads to successful exploitation.
Administration
Administration can be broken into a few categories, but for the purposes of this library, administration is divided into system administration, and network administration.
Mastery of an Operating System is essential. Most servers on the internet are powered by Linux. While difficult, a head-first approach to learning Linux can be obtained with Gentoo Installation. We crawl before we learn to walk.
Code
Programming is the next essential skill. Without knowing a programming language it is nearly impossible to abuse any application. Assembly and machine code are the building blocks of all other programming language. These are the predecessors to the C language, a mid-level compiled language which became the cornerstone for nearly all of the modern interpreted languages, including PHP, Perl, Python, and Ruby. The Linux operating system is written in C and C++.
Exploitation
Most beginners find web exploitation to be the easiest topic to start with. This requires a strong understanding of the world wide web. Web applications are programmed using a series of interpreted languages. This nearly always involves some form of HTML and CSS, originally developed to be a document and that document's stylesheet. Dynamic content is usually powered by a database, and usually involves SQL code. The programming languages used to render dynamic content are interpreted on the web server, while languages such as HTML, CSS, and JavaScript are interpreted and rendered by the client.
Web exploitation can be used to execute remote commands, steal cookies, extract database information, bypass authentication, and more. Simply because exploitation of interpreted languages is easier than exploitation of compiled languages does not make it any less effective. This, in conjunction with the recent popularity of web applications makes it the best place to begin.
