Beginner's Corner / Questions on what I should focus on learning.
« on: September 18, 2015, 12:09:47 AM »
Hey guys.
Obviously I'm pretty new to hacking, and the whole scene.
When I was younger, I used some keyloggers to get accounts for an online game I played, so that is about the extent of my experience. I have some questions, hopefully I am posting this in the right section.
I'd like to start by saying thanks for taking the time to read my thread
The last few days I have been reading a lot about SQLi, XSS, and Website Hacking in general, and it is something I would really like to learn. Like hacking into a website, getting into the database and seeing all the juicy info. Stuff of that nature. Although hacking in general interests me very much, that is what really grabs my attention.
Here are my questions:
1. Where should I start if I want to learn these things?(SQLi, XSS, Web Hacking) By reading some guides online, if so do you have any to suggest? Or is there any websites that are like interactive learning for this? Perhaps a book would be the best way?
2. What are some of the tools I will need? I have SLQi Dumper, Havij 1.17, SQLMap, Accunetic Web Vuln Scanner, and also a few dork scanners, although I don't know how to use any of them except a tiny bit with Havij. Is there any tools or software I should still get? (not looking for handouts, I don't mind finding the tool by myself, I ust need to know what to look for)
3. I guess this should have been first, but anyhow, am I too old to learn this type of stuff? I'm 23, and I notice a lot of people seem to have started in their teens, so this is something I was wondering.
4. Are there any tips, or suggestions you may have for someone wanting to start out doing this?
5. Should I focus on one area and get a decent understanding before moving on to the next? Like study at SQLi until I understand it pretty well, then move onto XSS training, or would it be okay to learn both at the same time.
Something else I was wondering, is the 'art' if you will, of SQL Injection, finding XSS exploits and Web hacking called Pentesting? Or is this something completely different?
As I mentioned before, I'm not looking to be spoonfed and just handed stuff. I would however greatly appreciate a nudge in the right direction. Like maybe a small list of the key points I need to learn, or anything that will help me. I don't mind putting in the work, that is what is actually supposed to make it enjoyable.
Thanks for any and all information, help, or input you post.
Obviously I'm pretty new to hacking, and the whole scene.
When I was younger, I used some keyloggers to get accounts for an online game I played, so that is about the extent of my experience. I have some questions, hopefully I am posting this in the right section.
I'd like to start by saying thanks for taking the time to read my thread
The last few days I have been reading a lot about SQLi, XSS, and Website Hacking in general, and it is something I would really like to learn. Like hacking into a website, getting into the database and seeing all the juicy info. Stuff of that nature. Although hacking in general interests me very much, that is what really grabs my attention.
Here are my questions:
1. Where should I start if I want to learn these things?(SQLi, XSS, Web Hacking) By reading some guides online, if so do you have any to suggest? Or is there any websites that are like interactive learning for this? Perhaps a book would be the best way?
2. What are some of the tools I will need? I have SLQi Dumper, Havij 1.17, SQLMap, Accunetic Web Vuln Scanner, and also a few dork scanners, although I don't know how to use any of them except a tiny bit with Havij. Is there any tools or software I should still get? (not looking for handouts, I don't mind finding the tool by myself, I ust need to know what to look for)
3. I guess this should have been first, but anyhow, am I too old to learn this type of stuff? I'm 23, and I notice a lot of people seem to have started in their teens, so this is something I was wondering.
4. Are there any tips, or suggestions you may have for someone wanting to start out doing this?
5. Should I focus on one area and get a decent understanding before moving on to the next? Like study at SQLi until I understand it pretty well, then move onto XSS training, or would it be okay to learn both at the same time.
Something else I was wondering, is the 'art' if you will, of SQL Injection, finding XSS exploits and Web hacking called Pentesting? Or is this something completely different?
As I mentioned before, I'm not looking to be spoonfed and just handed stuff. I would however greatly appreciate a nudge in the right direction. Like maybe a small list of the key points I need to learn, or anything that will help me. I don't mind putting in the work, that is what is actually supposed to make it enjoyable.
Thanks for any and all information, help, or input you post.