Why learn hacking knowledge? Some people do it to look cool, some do it to attack, and most people do it for defense. I think everyone should know some safety knowledge and understand the basic offensive principles. This way you can better protect yourself. This is also the original intention of this series of articles. Let everyone understand the basic offense and defense.
1. How to start learning?
1. Computer network
To become a hacker, basic knowledge of computer networks is essential. Understanding computer communication protocols and the principles of communication between devices is the first step to penetration. After all, how can you start an attack if you don't even know the path to your goal? Just learn the basics of the TCP/IP protocol and understand the principles.
2.DOS commands
A must-have for being cool! While other people use the graphical interface to operate the computer, you can use pure command line operations, which is cool. If you’re learning to hack just to be cool, here’s the point. Closer to home, DOS commands are the basis of hacking, because in most cases, we cannot directly operate the target. If we get the other party's shell and don't know how to operate it, it is of no use at all. Moreover, if you are familiar with DOS commands, the operation speed will be faster than the graphical interface. Here you must know the basic system commands of windows and linux. Because the target system is also changeable.
3. Hacker terminology
Bandits also have slang! If you want to integrate into a circle, you must understand the internal terminology, otherwise how will you communicate. For example: broiler, exp, poc, payload, port, shell, webshell, etc. You'll be familiar with this if you look at it more often.
4. A computer language
Python is recommended here, it is easy to get started and has powerful support from various libraries. A computer language mentioned here refers to the degree to which functions can be independently implemented. Of course, it's not the end. With the foundation of one language, as a hacker, you must also be able to understand other languages, such as: php, java, etc. When doing code audits, corresponding loopholes can be found.
5. Basic SQL statements
This is easy to understand. Most data is stored in the database. If you find a vulnerability in the database and gain operation permissions, but you don't know how to operate it, it is useless. At the same time, SQL injection is also a common vulnerability for penetration.
6. Common tools used by hackers
You should understand the basic tools of the kali system; such as namp, sqlmap, AWVS, and hydra. Generally speaking, if you can play with Kali, you are basically getting started. Of course, there are also some search engines that everyone usually doesn’t know about: shodan, fofa, zoomeye, etc. Common search syntax used by Baidu, Google, etc. If you are proficient in these, congratulations, you have become a script kiddie. It can basically start to penetrate.
7. Vulnerability learning
owasp top10 is a list of the 10 most serious web application security risks that we often say. The causes, principles, attack methods, and defense methods of each item. All need to be learned. At the same time, take a look at the big guy’s digging process and try to reproduce it. SQL injection, file upload, xss, csrf, rce, file inclusion, file download, deserialization, etc. are all must-know. You can build your own shooting range and try to attack.
8、waf
That is, the web application protection system. Offense and defense improve each other. If you want to know how to attack, you must also know how the defender defends. Common mainstream WAF protection principles, protection methods, and bypass methods. These are also things you must know and know. After all, in actual combat environments, waf is basically everywhere. Common safety dogs, pagodas, etc. There are also safety products from various safety manufacturers.
9. Target CTF and SRC
With the above knowledge, you can basically try to do CTF questions and exercise your problem-solving ideas. It can be regarded as enriching one's knowledge, finding shortcomings, and then strengthening them. At the same time, you can also do SRC and submit bugs in exchange for corresponding rewards.
You can learn specifically according to this learning roadmap.
If the picture is too large and has been compressed by the platform and cannot be seen clearly, please like and leave a message in the comment area to get it. I will always reply
Finally, the author compiled some learning resources for my friends, all of which I have used before. If you need it, you can deduct 1 in the comment area or follow it and it will be automatically sent~
Written at the end, but very important. Before starting above, study the "Cybersecurity Law of the People's Republic of China". Complying with laws and regulations is a basic requirement.
Finally, if you are interested in learning, please click follow. We start from 0 and expand each knowledge point.