# Programming language for 'ethical hacking.'



## Loki Grim (May 8, 2011)

Hi PC,

I'm a math and natural sciences major who can't take a computer class because it's off my ED plan and I won't get any Financial Aid to help pay for it. For the past month between school semesters I've been practicing Python as a hobbie. I ended up really having fun with it, pretty much any extra time is spent trying to learn more. Something that looks fun to me is penetration testing / ethical hacking. Things like key loggers and accessing parts of a computer remotely such as a webcam. For now I need to get my AS in Math and Natural Sciences but I'm staring to find it really boring at this point, might go back to learn computer science.

Also this is nothing that I would use for the wrong reasons, I just find ethical hacking to be the most interesting thing in the field of computer science. And I've tried searching Google for an answer but what I come up with is IT people that have a very unattractive level of narcissistic traits.

I'm thinking C and trying to get to know Kali? Or maybe SQL or PHP or HTML? I know it would be best to learn all of those but at this point it's just a hobbie..


----------



## Caveman Dreams (Nov 3, 2015)

I would say C++ not C, as you will learn OOP, also C++ has little margin for error, so if you can learn that, you should be able to transition those skills to other langugaes.

As far as web coding goes, HTML (shouldn't take long to learn basics), php, perl. Also a bit of SQL.

Finally its probably a good idea to learn about things like Servers (UNIX/LINUX and Windows) and also TCP/IP networking (learn the basics, then set up a home lab, get wireshark running and also play with packet injection).

By that point you should have some basic knowledge.

Most importantly though is don't just soak up knowledge and not use it.

Goto sites like hackthissite, they have tutorials and missions that are realistic. Also they have no qualkms with you hacking their site. Also build a home lab. A couple of servers, witches, routers. Then hack your own network.


----------



## Loki Grim (May 8, 2011)

@cybersloth81

Thanks for the response 

[Sorry about the bad grammar, running on very little sleep.]



> I would say C++ not C, as you will learn OOP, also C++ has little margin for error, so if you can learn that, you should be able to transition those skills to other langugaes.


That is pretty helpful because most people seem to be going for C. Because I'm doing this in my spare time at the moment I would estimate that it would take me around 4 to 6 months before I could say that I have a _good_ or at least _okay_ understanding of a language, that's why I'm really trying to find the most relevant one. Would you say that C++ is more relevant to ethical hacking that I should drop Python or will Python be enough to get my foot in the door?



> Then hack your own network.


I've been successful doing this with Ettercap and Wireshark, didn't feel like it required much skill and that may be due to an inept understanding of how to fully utilize them. And what I want is to get into the camera on my smartphone or retrieve files from another one of my computers, I do realize that would take skill that takes time to gain.



> Most importantly though is don't just soak up knowledge and not use it.


I'm very much trying to retain as much as I can, I'll repeat what I forget and do my best to find a practical application for everything that I have done so far.



> Goto sites like hackthissite


I've been there, I was able to get through the first 5-ish "missions." So, I need to catch up on my HTML and how to manipulate it using things such as Firebug but as you said HTML is something that should not take too long to get the basics of.

Anyways thanks for your response, that was a *MUCH* more coherent response that I've been getting in other places, and sorry about the grammar again going to need to read this a second time after getting some sleep lol.


----------



## Caveman Dreams (Nov 3, 2015)

VincentStark said:


> @cybersloth81
> 
> Thanks for the response
> 
> ...


A programming language is a programming language. Once you understand functions, classes, loops, If.. Else, pointers, inheritance, polymorphism and all that good stuff you generally have enough to use another language. 

As for Python, I have looked at that and it reminds me a lot of C++. I went the COBOL, VB, C++, JAVA route though. But they are all similar (except COBOL). Its just a matter of choosing one that's best for the job at hand.



> I've been successful doing this with Ettercap and Wireshark, didn't feel like it required much skill and that may be due to an inept understanding of how to fully utilize them. And what I want is to get into the camera on my smartphone or retrieve files from another one of my computers, I do realize that would take skill that takes time to gain.


How secure is your network? IE does it simulate a real live network? IE Dmain COntroller, DNS, Mail Server, File Server, DMZ, etc.







> I've been there, I was able to get through the first 5-ish "missions." So, I need to catch up on my HTML and how to manipulate it using things such as Firebug but as you said HTML is something that should not take too long to get the basics of.


Good stuff



> Anyways thanks for your response, that was a *MUCH* more coherent response that I've been getting in other places, and sorry about the grammar again going to need to read this a second time after getting some sleep lol.



IT Security was a route I used to consider. But trying to into development at the minute.


----------



## hohum (Dec 6, 2015)

what's hot this millisecond for web is ux, angular, node, java/spring, go lang. If you master these things I think everything else will be a cinch. PHP is very unpopular. Longer term AI, big data, quantum computing, infosec are the things that'll line your pockets.


----------



## PowerShell (Feb 3, 2013)

I would say Perl or another scripting language. That would be useful for dealing with the data the tools your use will generate.


----------



## Caveman Dreams (Nov 3, 2015)

hohum said:


> what's hot this millisecond for web is ux, angular, node, java/spring, go lang. If you master these things I think everything else will be a cinch. PHP is very unpopular. Longer term AI, big data, quantum computing, infosec are the things that'll line your pockets.



Im a bit puzzled by this. Your views on PHP, most job sites for development/web design and general IT jobs seem to be crawling with PHP oppurtunities.

Also it is cross platform.

And most web stacks use it.

WAMP and LAMP.

Please explain as I feel Im missing something here.


----------



## hohum (Dec 6, 2015)

Oh really? PHP is a powerful language & dangerous language imo & a language that you can get a team of Indians to do for the cost of one Aderall junkie. In Australia it is about as popular as a turd in the punch bowl. Perhaps it's a good short-term to make money, but as with everything tech, keep your eye 5 & 20 years in front of you to survive, & pay attention to what graduates think is cool.


----------



## Loki Grim (May 8, 2011)

> A programming language is a programming language. Once you understand functions, classes, loops, If.. Else, pointers, inheritance, polymorphism and all that good stuff you generally have enough to use another language.
> 
> As for Python, I have looked at that and it reminds me a lot of C++. I went the COBOL, VB, C++, JAVA route though. But they are all similar (except COBOL). Its just a matter of choosing one that's best for the job at hand.


After reading that it seems like Python would be a good first language. The reason being is that I got myself stuck getting a career in the medical field, I need to fallow through with some entry level job such as ER Tech or EMT or I'm going to lose all financial support for education. Python looks like a language that can be learned just messing around with it as a hobby and not something that needs to be what you are primarily studying. Then once I feel that I can claim to know Python that same statement would apply to a more complected language such as C++.

So I'm thinking get a good grasp of Python, then try to understand things such as Dmain COntroller, DNS, Mail Server, File Server, DMZ and then jump into a more difficult language such as C++



> How secure is your network? IE does it simulate a real live network? IE Dmain COntroller, DNS, Mail Server, File Server, DMZ, etc.


I really don't know what those are, some sound somewhat familiar but I need to look into these again when I have more time. I was logged into my Wifi network, didn't want to crack the password and send off a red flag to my ISP because I don't know what I'm doing lol. I'm sure that I can do things such as cracking a Wifi password but at this point I don't know where the line is between legal and illegal.



> I would say Perl or another scripting language.


I would need to look into Perl more, for whatever reason I've haven't seen a lot of people (really anyone) talking about it. I can't say that I honestly know what a scripting language is but it seems like Python falls under the term scripting language also?


----------



## hohum (Dec 6, 2015)

why not learn ruby & go and get up to speed with devops at the same time? python isn't bad, but it's a pita these days because the v3 verses v2 wars really screwed it up (imo)


----------



## Epherion (Aug 23, 2011)

VincentStark said:


> Hi PC,
> 
> I'm a math and natural sciences major who can't take a computer class because it's off my ED plan and I won't get any Financial Aid to help pay for it. For the past month between school semesters I've been practicing Python as a hobbie. I ended up really having fun with it, pretty much any extra time is spent trying to learn more. Something that looks fun to me is penetration testing / ethical hacking. Things like key loggers and accessing parts of a computer remotely such as a webcam. For now I need to get my AS in Math and Natural Sciences but I'm staring to find it really boring at this point, might go back to learn computer science.
> 
> ...



Kali, backtrack and CAIN should be used. PHP and HTML are used for web attacks, you need to know JS as well. 

C and C++ are useful for writing malware as is ASM in some cases. As a pentester, most of everything you need is in Kali. The webcam stuff is metaspolit. The programming aspect is really for people who are well established in the ifeld and need to build their own tools for particular situations. Also python, used for decrypting and quick port scanners. Key loggers are low tech and are easily detected, you could learn VBScript and build USB hacksaw, switchblade attack tools. Computer science will not teach you security, there are separate degrees for that. You could stydu in your spare time for CCENT, CCNA, CISSP. Rack these up and get an associates in networking. You will more hands on practice and making pen testing easier. Also, learn linux well.


----------



## Epherion (Aug 23, 2011)

VincentStark said:


> And what I want is to get into the camera on my smartphone or retrieve files from another one of my computers, I do realize that would take skill that takes time to gain.


Attacking smartphones is a bit tricky. There is Georgia Weidman's smartphone pentesting framework you can get off her git hub and her book, which i recommend. Generally the idea is to get the user to install an apk with a integrated trojan.


----------



## Erbse (Oct 15, 2010)

C++ / ASM for cracking and low level hacking.

Python / PHP / JS for webhacking and webexploitation. SQL can be added here, too as websites can be vulnerable to SQL injection.


----------



## bob007 (Jan 2, 2016)

Try to learn one programming language very well. By doing that you understand what programming is about and usually it easy to change from a language to another there a few difference but it only on syntax. After that, like someone say in the thread, make your own network at home and follow tutorial. You have also website that help you to show pentesting like https://www.cybrary.it/ . 

Also, school wont teach you much about ethical hacking. The best way to learn it, it by yourself and when the time come you can always take security certification. You should consider to get kali linux, it help very much when you begining because they have all the tool for it. In some college and universities you have the chance to participate in some security competition with a group, so i would suggest that you join them and you can learn from it.


----------



## Handsome Dyke (Oct 4, 2012)

Loki Grim said:


> what I come up with is IT people that have a very unattractive level of narcissistic traits.


What exactly gave you that impression?


----------



## Razare (Apr 21, 2009)

Loki Grim said:


> Hi PC,
> 
> I'm a math and natural sciences major who can't take a computer class because it's off my ED plan and I won't get any Financial Aid to help pay for it. For the past month between school semesters I've been practicing Python as a hobbie. I ended up really having fun with it, pretty much any extra time is spent trying to learn more. Something that looks fun to me is penetration testing / ethical hacking. Things like key loggers and accessing parts of a computer remotely such as a webcam. For now I need to get my AS in Math and Natural Sciences but I'm staring to find it really boring at this point, might go back to learn computer science.
> 
> ...


You should learn Perl.

Any Linux based system, almost always has perl installed on it as pre-existing. The benefit of Perl over something like C is that Perl will perform complex stuff without needing to write as many lines of code.

So I can develop a script in Perl which will work on any system that has the Perl script executor... and you can get them installed on Windows systems as well. I use Strawberry Perl on Windows.

It will do everything PHP does, but it doesn't require a web server to be operational or installed, since it is a scripting language which can optionally be used for websites.

Perl can do other things like remotely connecting to websites or other services like FTP... and it has libraries you install to do this stuff, so it's already all pre-programmed and you just use the libraries. This is all done through CPAN, which is something like Strawberry perl has, you just type in the correct commands inside of perl and CPAN installs the necessary libraries.

It's all free of course.

Why I Use Perl...and Will Continue to Do So | Dr Dobb's

Here is a DVD encryption crack made years ago when that first began, it was written in perl using 7 lines of code: Cracking DVD in 7 lines of code | News | Geek.com

... so basically if an OS can run a decent version of perl with CPAN, you can basically execute any sort of hacking code on it.

Basically, it's a really good programming language.

The only downside I know about is that it probably wont execute as fast as C/C++ or even Java. Perl is faster than those languages, for implementation, however.

Like if you hacked into a system and had 30 minutes to write a program to do something meaningful, you could probably whip it out with perl, while you'd have a week development cycle with the other languages.

-------------
CPAN module example (LWP) which can access websites:


----------



## Razare (Apr 21, 2009)

Though, PHP is better for pure web-development. 

And I agree that C++/ASM is also good. Most C compilers allow you to insert ASM right into the code base, so you can actually mix and match C++ and ASM in a lot of instances if you do the low level stuff.

The only advantage of working on that level is if you're interfacing with hardware specifics or trying to optimize code to execute really fast... like with 3D game development.

Eventually, you can get good enough to where all languages are basically the same and you forget how to program in all of them, but then know how to program in any of them.


----------



## Razare (Apr 21, 2009)

Loki Grim said:


> I would need to look into Perl more, for whatever reason I've haven't seen a lot of people (really anyone) talking about it. I can't say that I honestly know what a scripting language is but it seems like Python falls under the term scripting language also?


Both are scripting languages yes. Scripting languages are never compiled, so you can open up the file and edit it in a text editor. Java is pre-compiled, which is like a scripting language that gets partially compiled, but never fully compiled so it can remain hardware independent. C++/ASM are fully compiled languages.

People generally don't talk about Perl much because perl is not the way to do any 1 thing in the computer world. If you want to make a good 3D game, make it in C++. If you want to do web development, use PHP. If you want a platform independent program/software, use Java. If you want a learning language, Python is good these days. For Microsoft Office products, VB is really good.

So when making software, there's no reason to use perl generally. But if you are making little rinky-dink things that are never meant to be distributed as a software package, then perl is great because it bridges a lot of different areas of computer programming without being excellent in any one area.


----------



## Caveman Dreams (Nov 3, 2015)

@Loki Grim

Have you thought of setting up a free tier with something like AWS (Amazon Web Services), this lets you deploy some basic instances(servers) in the cloud. 

You can then build your own basic systems (or complex ones). get an idea of how things work in the real world. You will also gain skills that can be useful when looking for work.

Also you will be able to set up virtual *NIX boxes, so you will have something to learn *NIX on in a life like scenario.

If you want to go the Windows Route there is Microsoft Azure and AWS also have Windows servers available for deployment. There are certifications available for AWS, this may at least make you stand out a bit.

Things like PGP encryption are required so you will gain a basic understanding of some of these concepts if nothing else.


----------



## PowerShell (Feb 3, 2013)

cybersloth81 said:


> @_Loki Grim_
> 
> Have you thought of setting up a free tier with something like AWS (Amazon Web Services), this lets you deploy some basic instances(servers) in the cloud.
> 
> ...


That's a good idea. You could also you could use Oracle Virtualbox and do the same thing on a local computer. This might work better where bandwidth sucks (like my parent's house).


----------

