How To Hack – 1.1 – Purpose
Check out the podcast related to this article:
Now you are obviously here because you want to learn how to hack. Maybe you have tried in the past, maybe you have jumped around from topic to topic. Learning bits and pieces of this and that. But you just can’t put it all together. And maybe you just don’t know where to start in the first place. Maybe you are just confused about this whole scene, the hacker’s security scene.
Because I know there are lots, and lots of resources out there that you can learn from. But, in a way, that could also be a bad thing because it can get all confusing. There is so much information out there. It’s hard to choose where to start. Where to go from this and that. Not even that. A lot of these tutorials and videos in general. They assume you have previous knowledge in other areas, that allow you to completely understand that topic.
So, I will give you an example. Let’s say you are trying to learn SQL. Let’s say you pick up an article on the SQL injection attack. And, you read the article, you follow the example and you go try to find a target to practise it on. Now, you follow the steps, he gives you a couple of commands so. Put in to test to see if its vulnerable. And you put that command in your target, your practise target. Now it will either yield the results that the article shows, and if it does, great. You can continue. But what if it does? It doesn’t yield, doesn’t show the error or the result that the article said it would. So you assume automatically, oh boy, never mind this isn’t going to work here. And you leave, leaving that target along.
Now, if you don’t understand. If you don’t really understand that attack and the technology behind it. The thing is, that target probably is vulnerable, but just because that one simple test you rang against that target didn’t work. You left it alone because you didn’t understand that attack. You just followed along in the commands that this article showed you.
And another way to look at this is, let’s say that it does work. You find that its vulnerable, and you start trying to exploit it. Now, you get in, you try to get in. Via the commands the person showed you in the article. And it shows, because of that article you can see that some of the commands work and its vulnerable. Then you keep going down the step, down the step and bam! It doesn’t show what it is supposed to. Now you are confused. You don’t know what to do. You can’t go on. Because the steps that you read in that article don’t work anymore. That’s because that article, and something with other videos and tutorials online. They work in one example environment. But they don’t work in every environment. So, to really be able to get into that system and make that attack work.
You have to really understand, not only that attack and why that attack works, but the technologies that…that attack is attacking. So in this case it would be that data base server. Maybe it’s my SQL, get to learn how my SQL works. And how PHP, the programming language that…acts as that server. How they talk to each other and why that attack works. Once you understand all these commands, all these technologies, you will be able to, on your own. Figure out why, how, if its vulnerable, and you…once you are faced with different scenarios. You will be able to know how to actually exploit and get into that system. So, this is just an example of why you shouldn’t just learn the tech, but everything that leads to it. And everything that attack isn’t running on, not just attacking.
So the goal is to not only teach you how to follow along a couple of steps. But to think on your own. But, to think on your own and be able to basically, just know what to do in what situations. But you can’t just learn by reading material. You have to actually apply the knowledge that you have to really learn it. You don’t learn by reading, you learn by doing.