55

Hackercool's
5th
Free Gift
HOW TO
BECOME A
HACKER
IN
3 MONTHS
 2
How To Become A Hacker In 3 Months?
REAL WORLD HACKING
People ask me so many questions about hacking. The questions are all about hacking
but they vary so much that I feel like they are trying to connect earth to various points
in Solar System back and forth. Some of the questions include, how is Information
Security same as ethical hacking? What is the difference between Red Hat hacking and
Blackhat hacking? Which programming language should I learn to become a hacker?
What course should I take to become a hacker etc.
In this Issue, I decided to converge various points these people are trying to connect
and answer a question that appears at that convergence. That question is HOW TO
BECOME A HACKER? Yes. How to become a hacker? This question is special to me
for another reason too. The answer to the same question was the Feature Article of the
first Issue of our Hackercool Magazine six years back.
So, I feel like I am time travelling to the time of birth of this Magazine. OK, enough
science fiction or deja vu or whatever it is. Let’s come to the point (or question). How
to become a hacker?
To answer this question, I first need to define who a hacker is or who is a hacker according to
Hackercool Magazine. According to my definition, anybody who can hack is a hacker. That bring
-s us to another question just like clicking on an ISO file revealed a shortcut file in our Previous
Issue.
So, let’s first answer the question. What is it to hack? This is one question I don’t have words to
answer to. But I have one example. Although I think it’s a bit on the bad side. I don’t remember
if I used this example in my debut Issue.
A few years back, I read an article in a newspaper. The article was about mobile phones
found in a prison. In prisons in India, it is prohibited for prisoners to use mobile phones (I assume
it is same all over the world). To make sure this rule is backed up by technology, a particular pris-
on in India had Jammers installed to prevent mobile communication.
However, some prisoners somehow were still able to communicate with the outer world using
mobile phones. How did they do this while Jammers were installed on the prison premises? A
prisoner who happened to be an engineer suggested his fellow prisoners to place some salt on the
Jammer. Earlier, the prisoners poured boiling water and even urinated on the Jammer to disable
it. On the engineer’s suggestion, the prisoners formed a human pyramid with the engineer on top
and he placed the salt on the jammer. Within a few days the jammer became defunct.
How did they get salt? They used salt provided in their daily meals. How did they get mobile
phones? Smuggled or thrown by their relatives from outside into prison compound. How did salt
make the Jammer defunct? This is one question I don’t have answer to. I have googled but this
trick is nowhere and I don’t want to go that deep into the trick. But it’s still a cheap & awesome
trick.
What I want my readers to notice is that prisoners somehow made the jammers do something
which it was not intended to. That’s what hacking is according to me. It’s not about a device or
tool. It’s about your creative thinking that makes the hack work for you.
Nowadays, since hacking is mostly about computers laptops, Firewalls, Mobiles etc. I want to
 3
give you some baby steps, then small steps followed by big steps to help you become a hacker.
While giving you these steps, I am assuming you are a complete beginner. So first, let’s start with
the baby steps.
Baby Steps in Hacking
1. Get the basics of hacking right first. This is theoretical stuff. I want you to start with learning
what a network is, how is a network formed and various devices that form a network and what are
the functions of each device in a network i.e learn what is a Router and what it does, what is a swi
-tch and what it does, what is a Desktop and Server etc.
2. While you are getting a grasp on the basics of a network, try to learn a bit of HTML & Javasc
-ript (Don’t yet get into PHP. No, not yet). Why? HTML is the basic building block of websites all
around the world. I think w3schools is the best place to start it.
3. Once you have some knowledge about the devices that form a network, start learning about
some protocols used for communication between various devices in a network. Learn about OSI
protocol, TCP/IP protocol, etc. Learning about these protocols may be a bit boring and sometime-
s complex (at least it seemed to me) but these protocols help you to learn how exactly a network
works. Well, you don’t have to be so perfect that there is an exam in the topic the next day but
just get a general idea as how a network works.
4. Also research about other protocols also like ARP, RARP, IP, SMB, FTP, SMTP, TCP,
TELNET, POP, SFTP, NTP, PPP, IMAP and any other protocols that come up when you are lear
-ning about these.
Learn what are ports? Learn how many ports are these? Which protocols/services use which
port etc.
5. How is that HTML training going on? By now, you should have got a general idea as to the
structure of the website.
Another question people often ask about hacking is how fast they can learn
hacking or how fast they can become perfect in hacking. Well, I don’t want to get into
all that stuff of how some people learn fast by reading and how some people learn fast
by watching videos etc. What I want to tell you is this. No matter which method is your
strongest way of learning things faster, your own research and practical training are
the only things that can make you perfect in the art of hacking.
So, my advice to aspiring hackers is this. Take your own time. Don’t be in a rush and
don’t try to cram everything at once. You know those crash courses that teach you
hacking is 1 0/1 5/30 days? There’s a reason why students who take those courses are
still confused.
While I was a cyber security trainer in institutes that were teaching ethical hacking, the
course time was like around 30 days. After 30 days they can take their exam and get
their certificate. Most of the students who take that course also wanted to become perfect
in the art of hacking.
So they work hard which brings pressure subsequently resulting in confusion and
then some extreme cases losing interest totally. I am not against hard work at all but
there are somethings which need to be achieved using SMART WORK. So, my advice
to aspiring hackers is this, don’t try to become perfect in short time.
 4
When people want to learn everything about hacking in a month it reminds me
of that woman Oxley (did I get the name right?) from the movie Indiana Jones:
Kingdom of Crystal Skull who wanted to receive knowledge about everything from the
crystal skulled aliens. Well, though her wish was granted, we all know what happened
to her.
I know what you want ask me. You want to ask me why I titled my article “How to
become a hacker by 2023?”. That’s because I assume that no matter which method you
follow to learn hacking, you will be at least be able to get basic idea about the things I
want you to learn. That timeframe can be 3 months on average.

Small Steps in Hacking

OK. In your own comfortable timeframe, you know a bit of about how networks work, different
devices in a network and their functions, how a website is designed, how and why JavaScript is us-
ed, what is OSI protocol, what is TCP/IP protocol, what are ports and different services that use
them etc. As I already said, you don’t have to be perfect in this. Now let’s take some small steps.
1. Go through some basic hacking terminology like what is a threat, what is a vulnerability and
what is an exploit. What is CIA triangle of cybersecurity? Don’t yet come to the types of hacker
stuff yet. I will explain them all to you by the end of this article.
2. Learn the difference between a Server and a Client. Learn about Client-Server network and
Peer-to-peer network. Learn about different types of Servers.
3. Now, since you now know what a server is and what a Desktop is, it’s time to install your first
server. Why not start with a webserver? Learn what are WAMP, XAMPP and LAMP servers and
learn how to install them on your operating system. Google if you get any doubts while doing this.
4. If you want to learn hacking, you need to have hands on experience with many operating
systems. You can’t get hands on experience unless you install them on your Host system. The best
way to do this is by using Virtualization software like Oracle VirtualBox and VMware. Oracle
VirtualBox is free whereas VMWare is a commercial product. Get your favourite virtualization
software and install it on your host system.
5. Since you have finished installing your favourite Virtualization software, it’s time to install ope
-rating systems on it. Start by installing Windows XP, Windows 7 and Windows Server 2003 to act
as target operating systems. Why only these? Because Microsoft has ended support to these OS
and hence they are easily available. Download Metasploitable2 and install it also on virtualization
software too. Metasploitable2 is the intentionally vulnerable operating system designed for ethical
hackers to practice hacking. You can install other operating systems too based on your requireme-
nt. Remember that the only limitation here is the availability of RAM on your Host operating
system.
Coming to operating systems, we need attacker system too. There are many OS precisely built
for penetration testing and hacking. The list includes Kali Linux, Parrot Security OS, Samurai
WTF, Black Ubuntu, etc. You need to install one (or many) of these to act as your Attacker Oper-
ating System.
Some aspiring hackers have confusion as to which among the above is the best. Choose
whichever one you like (don’t have a never-ending debate within yourself like that Alien X on
Ben 10. Don’t look for the best one. If you can’t decide, just do inky, pinky, ponky and select one.
While I was learning hacking, I was researching about all the tools used in hacking, I had a need
 5
Small Steps in Hacking
OK. In your own comfortable timeframe, you know a bit of about how networks work, different
devices in a network and their functions, how a website is designed, how and why JavaScript is us-
ed, what is OSI protocol, what is TCP/IP protocol, what are ports and different services that use
them etc. As I already said, you don’t have to be perfect in this. Now let’s take some small steps.
1. Go through some basic hacking terminology like what is a threat, what is a vulnerability and
what is an exploit. What is CIA triangle of cybersecurity? Don’t yet come to the types of hacker
stuff yet. I will explain them all to you by the end of this article.
2. Learn the difference between a Server and a Client. Learn about Client-Server network and
Peer-to-peer network. Learn about different types of Servers.
3. Now, since you now know what a server is and what a Desktop is, it’s time to install your first
server. Why not start with a webserver? Learn what are WAMP, XAMPP and LAMP servers and
learn how to install them on your operating system. Google if you get any doubts while doing this.
4. If you want to learn hacking, you need to have hands on experience with many operating
systems. You can’t get hands on experience unless you install them on your Host system. The best
way to do this is by using Virtualization software like Oracle VirtualBox and VMware. Oracle
VirtualBox is free whereas VMWare is a commercial product. Get your favourite virtualization
software and install it on your host system.
5. Since you have finished installing your favourite Virtualization software, it’s time to install ope
-rating systems on it. Start by installing Windows XP, Windows 7 and Windows Server 2003 to act
as target operating systems. Why only these? Because Microsoft has ended support to these OS
and hence they are easily available. Download Metasploitable2 and install it also on virtualization
software too. Metasploitable2 is the intentionally vulnerable operating system designed for ethical
hackers to practice hacking. You can install other operating systems too based on your requireme-
nt. Remember that the only limitation here is the availability of RAM on your Host operating
system.
Coming to operating systems, we need attacker system too. There are many OS precisely built
for penetration testing and hacking. The list includes Kali Linux, Parrot Security OS, Samurai
WTF, Black Ubuntu, etc. You need to install one (or many) of these to act as your Attacker Oper-
ating System.
Some aspiring hackers have confusion as to which among the above is the best. Choose
whichever one you like (don’t have a never-ending debate within yourself like that Alien X on
Ben 10. Don’t look for the best one. If you can’t decide, just do inky, pinky, ponky and select one.
While I was learning hacking, I was researching about all the tools used in hacking, I had a need
to download many tools and install them. It was becoming very troublesome this way. It was then
that a thought flashed in my mind. The thought was this “Is there any chance that someone install
-ed all the hacking tools at one place.” That’s how I found my first attacker OS. Martriux Krypton.
Then on further research, I found there are a whole lot of other pen testing distros. I tested all
and found Backtrack (the ancestor of Kali Linux) suitable to me. So, I shifted to it.
6. By now you have installed attacker and target systems on your favourite virtualization softwar-
e. Play with both these systems and get used to them.
7. Read about various web vulnerabilities starting with SQL Injection, LFI, RFI, CSRF, XSS etc.
Try to understand these vulnerabilities. Let me tell you once again. Take your own time. Grasp
things slowly but steadily.
"To some people I'll always be the bad guy. "
- Kevin Minick.
 6
Big Steps in Hacking
If you are here, let me tell you that by now you are a Green Hat Hacker. You may not feel like th
-at, but you are one. Now, it’s time to take some big steps.
1. Research what is Content Management System (CMS) and what it does. Learn about differen-
t CMS and their share of usage on the internet. Once you have finished doing it (it shouldn’t take
you more than half an hour), download Wordpress, Joomla and install them on that WAMP serve
-r or XAMPP server or LAMP server, whichever you installed. If you don’t want to install Joomla,
install Wordpress. Why Wordpress? Because Wordpress is the most widely used CMS on internet.
2. On the virtualization software you have installed, start your attacker system and Windows XP,
Find out the IP address of both the attacker system and the target system (ip -a in Linux and
ipconfig in Windows).
3. Almost all of the pen testing distros are made of Linux. To make it dance to your tunes, you
need to speak its language or at least sing in its language. Enter Linux shell scripting. You can’t
even step into the world of hacking if you are not well versed with Linux shell scripting. It’s like to
learn swimming without getting into water. The best way to start learning shell scripting is to start
it at linuxcommand.org.
4. While learning shell scripting, I advise you to also learn Batch programming). Batch is to
Windows what shell is to Linux. But remember shell is more powerful. Learn both of these practic
-ally. These two are called scripting languages and you will realise why they are so important in
future of your hacking journey. While hacking (I mean pen testing), you will most probably get a
reverse shell. These two languages will help you play on the target system whether it is Windows
or Linux.
5. Google about Metasploit. Learn how Metasploit works and research about its usage. Our
Magazine’s previous Issues would be very helpful in this case.
6. Research about the ms08_067 vulnerability. After thorough research, switch on your favourite
Attacker System, start Metasploit, search for ms08_067 exploit and load the module. Also start
Windows XP you installed earlier and exploit the vulnerability with Metasploit. This is probably
your first reverse shell.
7. By now, you have a fair idea about different web vulnerabilities. Research about different inte
-ntionally vulnerable web software. These are web apps that are made intentionally vulnerable so
that beginners in ethical hacking can practice website hacking. Install DVWA first in your WAMP
/XAMPP/LAMP server and practice exploiting different web vulnerabilities. See how they work
and what do you get when they work. Don’t worry even if you don’t get a perfect picture of these
vulnerabilities.
8. Read about various famous (or infamous) vulnerabilities. See if anything comes related to so
mething you have learnt. Keep on researching, keep on reading articles about hacking and keep
on practising hacking. Keep repeating all the baby, small and big steps again and again until you
are confident about yourself.
OK. Now the final step. This is an answer to another question aspiring hackers often ask me.
That question is, Should we learn a programming language to learn hacking? If yes, which progra-
mming language is best for hackers?
Look. It’s partly true that Elite Hackers write their own exploits to any vulnerabilities because they
know how to code. Yes, it is 118% true. But there’s a catch here. Many of the APTS and criminal
hacker groups are now buying exploits for zero-day vulnerabilities and even R.A.A.S (Ransomwa-
re As A Service). This turns the whole concept of ELITE HACKER upside down.
Yes, if you are hacking using tools developed by others in hacking field, you are a Script kiddie.
 7
Agreed. But if you are a beginner, it is definitely good to start as a Script kiddie (but remember,
you are a Green Hat Hacker). Try out everything. As you naturally progress in your hacking jour-
ney, you will feel a need to write your own exploits at some time. When you want to do that, you
get to the second question. Which programming language to start with? I know everyone has
his/her own favourite programming language among C, C++, Python, Ruby (the language Metaspl
-oit is written in), Perl etc. So which one to start with.
Start with the one you feel easy about or have little bit knowledge about. If you have no
knowledge about any programming language, my personal suggestion is to start with Python. In
my own experience, Python is a very simple language. When I code with Python, I feel like I am
wiling commands in simple English like Hey, You there, Come here. etc. Of course this is my per-
sonal opinion. But just because Python is easy it doesn’t mean it is powerless.
Python is one of the most powerful programming languages. The number of exploits for many
vulnerabilities written in Python are proof for this. Once you are almost perfect in any one progra
-mming language, you can learn how to write code for exploits for vulnerabilities on your own.
Welcome ELITE HACKER.
OK. Now, you are a hacker (even though you are not yet ELITE HACKER). It’s time to decide
what type of a hacker you want to be. Let’s start with different types of hackers. There are various
types of hackers classified based on what they do and their level of skill.
Black Hat Hackers: Black Hat Hackers are also known as crackers or the bad hackers. They
are the hackers with malicious intentions. If they find any zero-day vulnerability in a software, they
may sell it for profit or exploit it themselves for some profit. Malware Writers, Hackers For Hire,
Ransomware Groups and Criminal Hackers also come under this group.
White Hat Hackers: While Black Hat Hackers are the big bad of the hacker domain, White
Hat Hackers are the good guys. They are also known as Ethical Hackers. They hack for only a sin
-gle purpose, that is to improve the security of any company’s network. Pen testers, Security Resea
-rchers and other cybersecurity professionals can be termed as White Hat Hackers.
Grey Hat Hackers: This type of hackers can be termed as both bad and good. A Grey Hat
Hacker can be a cyber security expert who finds a zero-day vulnerability in a software but he does
-n’t exploit it for malicious purposes like Black Hat Hackers.
Green Hat Hackers: While giving our readers some steps to become a hacker above, I used
a term called Green Hat Hackers. Well, it’s time to define it. A Green Hat Hacker is a person wh-
o is a beginner and still learning hacking skills. Although beginner he is determined to become a
Elite Hacker at some point of time.
Bug Bounty Hackers: Companies nowadays are paying hackers to hack their product or ser-
vice and report any detected vulnerabilities to them. These vulnerabilities are known as bugs and
people who find these bugs and report them to vendor will get a cash reward or swag depending
on the company that is offering a bug bounty.
Blue Hat Hackers: Blue Hat Hackers are those hackers who are hired by the organizations to
test for any vulnerabilities or bugs in the network or software. The only thing they do differently is
that they do this testing before the product is launched or the network has gone LIVE.
Red Hat Hackers: Red Hat Hackers are the radical and extreme versions of White Hat Hack
-ers. They also try to find vulnerabilities in systems and networks but they do this with a specific p-
urpose of hunting for Black Hat Hackers. They are hired by Governments and hence they are rut-
hless in their hunt for Black Hat hackers. In one sentence, their end justifies their means.
Script Kiddie: The beginner stage of almost every hacker. Script kiddies lack any skills like wr
-iting exploits etc. The only thing they are good at is using tools made by other hackers. So, if you
are downloading that Facebook hacking software to hack Facebook, you know what you are?
 8
Elite Hacker: Elite Hacker is the complete opposite of Script Kiddie. He is an expert in cyber
security who not only writes his own exploits for the vulnerabilities but also finds those vulnerabili
-ties himself/herself. Everyone is the hacking world aspires to become an Elite Hacker one day or
other. Ex: Phineas Fisher.
Hacktivist: A hacker who doesn’t have any personal profit in hacking. He hacks for non-profit
causes or public causes. These can be either environment, public interest or human rights etc.
Likes of Edward Snowden and Julian Assange.
Suicide Hacker: A hacker who is so interested in hacking that he doesn’t really care about th-
e consequences.
Spy hacker: A hacker who spies on the targets. These are normally used in corporate espionag
-e or maybe even nations.
State Sponsored Hackers/Nation sponsored Hackers: These hackers are appointed
by the Governments of the Nations to hack into another nation’s computer systems or networks.
They are more popularly known as Advanced Persistent Threats (APTs).
Now, you know how to become a hacker and also what type of hacker you want to be. So wh
-at are you waiting for? Start taking those baby, small and big steps and then choose your own
hat.
Follow Hackercool Magazine For Latest Updates

USEFUL RESOURCES

https://haveibeenpwned.com

Hackercool Magazine is a
Digital Magazine That Teaches How
Hackers Hack In Real World.