How to Learn Hacking? My Path!
So you want to Learn Real Hacking.If so, you are in the right place.The Reason why i have written this article is Because a lot of people randomly approach me and i have to spend at least 10 minutes on every person trying to explain them how to learn hacking and giving the some good resources to learn from. This is my Most Viewed & Appreciated Article out of all.
If you are serious about learning Ethical Hacking or perhaps making a career in cybersecurity as a hacker/penetration tester,i highly recommend you to read this article carefully.This article is about my personal path.The things i have learnt and the resources that helped me gain the knowledge i have today.
SO lets get started.I assume you are a beginner and a “script kiddie” (if you don’t know what this word is,use google).Firtstly stay curious and clear your basics about computers,computer hardwares,how os works,basic networking and get yourself familiar with using linux commands.Just clear your very basics using online resources such as video,articles and blogs.
[STEP 1]
Finish this YouTube playlist by Hackersploit.It has 145+ videos in total and this channel is helpful for beginners:
https://www.youtube.com/playlist?list=PLBf0hzazHTGOEuhPQSnq-Ej8jRyXxfYvl
If you face any error,use google and YouTube.Troubleshoot the problem by yourself.Knowledge is earned by researching,falling into troubles and researching.People can Help You/Guide/Assist You or even Teach you to a certain extent but It is You who has to Put in the Effort.Focus on clearing your fundamentals first.You might see a few of his videos have been deleted but you can skip them and continue learning.
[STEP 2]
After finishing this,Try to gain knowledge of the CEH certification.[NOTE]:Avoid going for ceh certification as it is no longer demanded in the industry.What i want you to do is finish this syllabus of CEH from an institute i had studied in.Research on the topics and practice them.This was a 3 month course covering basics.Use Internet & Youtube to learn about these topics-
Chapter 1 — Introduction to Ethical Hacking
What is Hacking
What is Ethical Hacking
Types of Hackers
White Hat Hacker
Black Hat Hackers
Gray Hat Hackers
Script Kiddies
Hacktivists
Spy Hackers
Cyber Terrorists
Vulnerability
Exploit
Remote Exploit
Local Exploit
Zero-day
Zero-day vulnerability
Zero-day Exploit
Brute force attack
Phishing
Remote access
Payload
Chapter 2 — Steps of Ethical Hacking Information Gathering
Active Information Gathering
Passive Information Gathering
Scanning
Gaining Access
Maintaining Access
Covering Tracks
Chapter 3 — Types of Malicious files
Viruses
Worms
Trojan Horse
Spyware
Adware
Backdoor
Rootkits
Ransomware
Chapter 4 — Penetration Testing
What is Penetration Testing
Types of Penetration Testing
What is white box Penetration Testing
What is Black Box Penetration testing
Introduction to Linux OS
Social Engineering
Chapter 5 — Google Hacking Using Dorks Demo
Lab Setup
What is Virtual Machine
What is VMware
What is Virtual Box
Install VMware
Install Parrot OS
Install Windows XP
Install Windows 7
Install Add on in Mozila
Tamper Data
Burp Suite
No-Redirect
Install Nessus
Chapter 6 — System Hacking
System Hacking using Kon-Boot
Network Scanning
Port Scanning
Service Scanning
What is Nmap
Scanning With Nmap
Nmap Various Command
Firewall Bypass Using Nmap(learn in depth)
Chapter 7 — Scanning With Nessus Hacking With Metasploit
What is Metasploit?
Xp Remote Exploit using Metasploit
Msfvenom
Windows7 UAC Bypass
Chapter 8 — What is SE-Toolkit
SE-Toolkit Usages
Create Phishing page with SE-Toolkit
Hacking Facebook & Gmail password
Chapter 9 — What is Remote Administration Tool
What is RAT
Exploit With RAT
Protect System from RAT
Chapter 10 — What is Sniffing
Types of Sniffing
Network Sniffing with Wireshark
Get FTP Login Details Using Wireshark
Chapter 11 — What is DOS
Details of DOS
What is DDOS, Installation and use of Xerxes tool
Chapter 12 — Wireless Network Hacking
Wireless Encryption
Hacking WPA 2
Chapter 13 — Web Application Pen-testing
How Web Application Works
Request and Response
Installing Scanner (Acunetix,Netsparker)
Scanning Website
Chapter 14 — OWASP Top 10
What is Sql-Injection?
Types of Sql-Injection
Live Demo on Sql-Injection
Chapter 15 — What is XSS
Types of XSS
Live Demo on XSS All types
Chapter 16 — What is CSRF
Live Demo On CSRF What is HTML Injection
Live Demo on HTML Injection
Chapter 17 — What is Directory Listing
Live Demo on Directory Listing What is Broken Auth
Live Demo on Broken Auth What is Tamper data?
Live Demo on Tamper Data on Ecommerce site
Session Hijacking
Chapter 18 — What is Phishing?
Create a Phishing Page What is Web Shell
Hack Web-Server Using Web-Shell
Chapter 19 — Hacking Android Phone using Metasploit and FatRat tool
Chapter 20 — Solve full DVWA (full solution on youtube)
__________________________
IF you have completed STEP 1 and 2(the Hackersploit video playlist and the CEH syllabus given above),Now you have a decent knowledge of what Hacking and Penetraton testing is and you can explore things (Bonus:Solve Over the wire Bandit Challenge.Its very easy and fun way to learn more about Linux Command Line-
[STEP 3]
Start SOLVING CTFs And Boot to root machines on Vulnhub or HTB or TryHackMe.If you want to learn real practical hacking,The time has come.
> https://www.youtube.com/watch?v=Lus7aNf2xDg
Start solving CTF which is the most fun way to learn hacking.It feels like a game.I consider CTF the best resource to learn hacking.Try to start with some easy boxes from Vulnhub(such as metasploitable 2 and mr robot ctf) and move on to some hard ones.In CTF you will be applying all the knowledge you have gained.Personally i spent 3–4 months and solved 15 CTFs from vulnhub.If you are comfortable with very easy level CTFs,I highly recommend you to solve this list of 17 vulnhub ctfs.It gets harder as you proceed but you will learn something new and unique in every machine.If you get stuck,watch the walkthrough(solution) on youtube or read it on google and understand and solve it.When you learn something new in a ctf, find out more about it and make Notes.Avoid the temptation of watching walkthroughs(solutions).See it only if you have spent hours trying to solve but failed to find the solution.CTF platforms such as HackTheBox and TryHackMe are worth the money and bang for buck.This is a list from Vulnhub Platform:
1)metasploitable2
2) bulldog
3) bulldog2
4) Matrix
5) Kuya
6) Matrix2
7) Android 4
8) Mercy
9) Bravery
10) Development
11) Goldeneye
12) Nullbyte
13) Pinkeys palace v4
14) Matrix3
15) Moonraker
16) Prime 1
17) Pegasus (reqires buffer overflow knowledge and C )
Note: Solve them one by one and follow the list.Some machines may need Programming/exploit development knowledge and you can skip them but try your best to solve as many as you can.(Watch the walkthrough ONLY when you are stuck for many many hours).This is the best material to learn real hacking.Solve ctf!!! MANY OF THE MACHINES ARE OSCP LIKE.And are hard too but you can get a touch of oscp by solving them and hone up your skills! In case you find this list very hard, start with some easy level ctfs and work your way up.
Privilege Escalation is a technique tricky to master so i am sharing one of the resources to learn them.This will prepare your privilige escalation skills beyond OSCP-
https://github.com/sagishahar/lpeworkshop
https://www.youtube.com/playlist?list=PLjG9EfEtwbvIrGFTx4XctK8IxkUJkAEqP
Tib3rius also has helpful materials on Privilege Escalation and Adithyan AK has a 1.5 hr video on oscp preparation and an article on “Medium Platform”
There are also many tutorials on privilege escalation on youtube and many articles online which you can read.At end of every CTF you will have to escalate your privileges from user to root.So practice more Ctfs.There are many scripts for it as well but always prefer trying manually.
Now you have a pretty good knowledge and can call yourself as a Penetration Tester/Hacker.Follow the steps further to keep getting better.
[STEP 4]
Solve OTW Natas Web challenges.This will improve you knowledge of web hacking.The challenges will be tough but feel free to see the solutions by Chris Dale and try to learn the skills.Watch and follow him- https://www.youtube.com/playlist?list=PLag7W-lJE2Aw8hzezQl17ZlE6CfNS3nYu
NOTE: if you have done STEP 3 and 4 (CTF and NATAS) you will see that you require programming or scripting knowledge.Don’t be disheartened now.Its time i break the Truth that Programming is important.A real hacker makes his own tools and knows how to write scripts and exploits.I suggest you to learn C programming.Yes its a bit hard and old but its really good when you will be learning advanced topics like buffer overflow in future.Learn basic C programming.What you should highly focus on is PYTHON.The Language HACKERS USE to write scripts,Tools and automate stuff.
[STEP 5]
THE TIME HAS COME!….LEARN PYTHON.It might be a bit boring but trust me its VERY important.I learnt python by reading this book called- Beginning python from novice to professional by Magnus lie hetland(read it till ch 15) and see the python3 video playlist on youtube by TheNewBoston if you are a total beginner.Reading documentation helps a lot when you are stuck in python. https://www.youtube.com/playlist?list=PL6gx4Cwl9DGAcbMi1sH6oAMk4JHw91mC_
[STEP 6]
After learning python, finish a book like BlackHat python or Violent python which will teach you how real hackers leverage python for offensive hacking by writing your scripts and tools so you will no longer be a script kiddie.This will take a long time but will take you to the next level! I Have Completed The Book — Black Hat Python and it is considered a Advanced Book which teaches u to make your own Hacking tools, from scanners,burpsuite plugins,man in the browser attack, trojans, file monitoring programs,keylogger and etc.. (NOTE:This is not a book for beginners and you need to learn python before reading it). The New Edition is in Python3.You can find all the programs in my github account:
Now you will be having pretty good Knowledge with Python and you can try solving OTW Natas using python.In the following playlist, John Hammond has solved it using python:
https://youtube.com/playlist?list=PL1H1sBF1VAKWM3wMCn6H5Ql6OrgIivt2V
IF Android /IOS Hacking interests you, feel free to Learn about Android and IOS Penetration testing.The market is full of developers making android and ios apps and a lot of projects you will receive as a hacker/pen tester in a company will involve android and ios application and frameworks.Read android hackers handbook and ios hackers handbook as a learning resource.
WHAT NOW?
Now you can do as you wish.Try solving the TJ Null Playlist on youtube which contains OSCP like machines from HTB.Maybe start perparing for OSCP(This is the most demanded and challengingexam in the field of hacking(Penetration Testing).It is the recommended certfication to make it easier to enter the industry.The playlist below contains 37 Oscp like HTB machines which every oscp uses as a training ground.Infact the practice machines you will get in pwk labs are pretty similar to it.Ippsec has solved every machine and explained you every possible to Root the machines in great details.HTB membership is paid but its a bang for buck! Once I crack OSCP, i will be making a full path for that too.TryHackMe has a “Offensive Path” which is also really good
- https://www.youtube.com/playlist?list=PLidcsTyj9JXK-fnabFLVEvHinQ14Jy5tf
- https://www.netsecfocus.com/oscp/2019/03/29/The_Journey_to_Try_Harder-_TJNulls_Preparation_Guide_for_PWK_OSCP.html
- https://www.youtube.com/watch?v=Wqkr5S1b9gA
MOVING ON…
You should learn REVERSE ENGINEERING.Yes its a tough topic but its a really important one and a valuable skill as a penetration tester.Read the book “Secrets of Reverse Engineering” and follow Live overflow on youtube who is a really good in binary exploitation and IOT hacking. Learn topics like Exploit Development OR Malware analysis or IOT hacking or Forensics or Rootkit Analysis.Feel Free to expriment.Maybe Learn web hacking using “web application hackers handbook” and “Portswigger labs” and try doing Bug bounties on platforms like Hackerone,Integriti and bugcrowd.You can also learn Android/IOS Hacking since a lot of apps are made for android and IOS.Some good books for this are- Android Hacker’s Handbook and IOS Hacker’s Handbook.(if it interests you)
Hacking is all about learning new things and solving challenges.There are a ton of topics to learn.Its a Journey where you keep learning and meeting new people.Having errors,problems and questions is the part of learning.Hopefully the people in infosec community are very helpful and you learn a lot by talking to them.You can even find a mentor who can guide you and help you out if you face a common problem.I am always there to help people who want to learn, Although it has to be you who has to put in effort.
ALWAYS REMEMBER THESE THINGS-
Age,race,nationality,educational background doesn’t matter in this field.What matters is your hunger and dedication to learn new things.It is NEVER Late to start.Doesn’t matter if you are a Commerce/Arts/Science student.Your dedication to learn matters the most.It is Never too late to start learning no matter what your age is.
Don’t run after money or certs.Run after knowledge.If you have knowledge and skills,Cyber Security is a Highly rewarding field.Certifications act as HR Filter and you need it only in case you want a job.
Talking to people is the BEST secret to get more knowledge.Talk to cybersecurity professionals and Ethical Hackers, whom you can find them on linkedin,discord,twitter,slack,instagram…
There is no secret forum to learn hacking on DeepWeb.You learn it by reading books,blogs,researching,solving CTFs and doing real life projects.
There is no x y z path to learn hacking.Every hacker has his own path/journey.You learn it by doing it! Just keep learning…Focus on learning and you will figure things out.
Share Knowledge to those who are dedicated and help others.I have answered at least 1000-1500 messages on my channel till now and personally helped many people & guided them as a brother.
If you are stuck somewhere while learning or have any technical problems or errors or any doubt, APPLY YOUR OWN RESEARCH FIRST. Generally you will get the answer by searching it by your own, or on internet/online Forums.
Remember to take breaks.You are human and take care of your body and mind.Don’t get BURNOUT take rest and go at your own pace.There is no hurry.IT TAKES TIME.(took me around 1.5 years to finish till STAGE 5).Take your time and enjoy learning everyday.Stay curious and dedicated and be hungry for knowledge.
Avoid Attacking random websites/servers as you can fall into trouble. I did gain Unauthorized Access in a lot of servers and websites XD (long back) but i wont suggest you to do it as you can fall into trouble.Also i am legally NOT Responsible for any Malicious Activity caused by the information i share.
If you are confused of -WHERE TO START LEARNING? and feel confused, Then Just Start! Pick any online resource and start.How did i learn so much? -i learned from where ever i could find knowledge online.There are many videos and articles online.Start from [STEP-1] of this article.If You Want Career Guidance, start watching some Cybertalks on youtube.Also talk to people who are in the field.
SOME AMAZING BOOKS-(These are some of the most famous and best books every hacker has!)
Penetration testing by Georgia Weidman(1st book u must read), Hacking the art of exploitation, web applications hackers handbook, The hackers playbook 2 and 3 ,Tribe of Hackers,The Hackers Blueprint (EASY BOOKS)
Blackhat Python,Serious cryptography, practical malware analysis,Shellcoder’s handbook, Secrets of Reverse Engineering, The Art of Memory Forensics(ADVANCED BOOKS)
MOVIES - Who Am I(No system is safe) is by far my favourite Hacking Movie so do watch it and you will understand how deep this field is.
_____________________________
WHERE AM I NOW ? / FUTURE PLANS !
I am a bit busy these days and currently preparing for OSCP which will take time but once i am done with it.I PLAN to cover MY FULL(This Article) Practically and share everything i have learned.i will also be doing Cyber Talks with other Cyber Security Professionals on YouTube and starting Reverse Engineering & Malware Analysis.Once i am done with Oscp, i will also be launching my Course to teach everything that i have learned.
_____________________________
CONCLUSION
If you have come this far,my time and effort has not been wasted.Covering my Complete Journey and Everything i have learned will not be Possible in a single article.Thank you for reading my article.It took me a lot of time and Hard Work to reach the level of knowledge i have today.Wishing you luck on your Cyber Security journey and i would like to thank everyone in the community that has helped me just like i am helping you today. I will always be grateful to my mentor Strike Rider for guiding me and helping me throughout my journey and My Viewers for the immense Love & Support.This was MY Journey and one day YOU will be writing your own !
- Website → https://sparshjazz.medium.com/z-e-u-s-c-y-b-e-r-s-e-c-5e6815cebd89
- Instagram → sparsh_jaiswal_
- YouTube → ZeusCybersec
- DISCORD → Z3US#2814
- GitHub → https://github.com/zeuscybersec
Make sure you follow me on This Platform called “Medium” to stay updated with more such informative articles on Hacking.
