Looks like another regular topic involving <17 year old kids wanting to hack or trying to get someone to hack their girlfriend's facebook account with the click of a big blue shiny button.

JayJayGee:

Bros, remember me?
I recently started my journey on cyber security and I have to say it's overwhelming but still I forge on.
You said when I am ready I should let you know for possible mentorship. So here I am.

Oh! That's cool. Ask me questions if you've got any and I'll answer them.

Najdorf:
Awesome write-up.

But my advice to anyone trying to enter the field is not to try tackling all this languages at once. Just pick them up as you need them.

Tackling all the languages at once ≥ suicide

As some of you may already know, I despise skids and sadly there are a plethora of them on nairaland. If you don't want to be one, then you need to understand code is an essential skill of an hacker/infosec professional, but there are so many languages to choose from. What language should you learn? As a coder, I thought I'd answer that question, or at least give some perspective.

The tl;dr is JavaScript. Whatever other language you learn, you'll also need to learn JavaScript. It's the language of browsers, Word macros, JSON, NodeJS server side, scripting on the command-line, and Electron apps. You'll also need to a bit of bash and/or PowerShell scripting skills, SQL for database queries, and regex for extracting data from text files. Other languages are important as well, Python is very popular for example. Actively avoid C++ and PHP as they are obsolete.

Also tl;dr: whatever language you decide to learn, also learn how to use an IDE with visual debugging, rather than just a text editor. That probably means Visual Code from Microsoft. Also, whatever language you learn, stash your code at GitHub.

Let's talk in general terms. Here are some types of languages.

Unavoidable: As mentioned above, familiarity with JavaScript, bash/Powershell, and SQL are unavoidable. If you are avoiding them, you are doing something wrong.
Small scripts: You need to learn at least one language for writing quick-and-dirty command-line scripts to automate tasks or process data. As a tool using animal, this is your basic tool. You are a monkey, this is the stick you use to knock down the banana. Good choices are JavaScript, Python, and Ruby. Some domain-specific languages can also work, like PHP and Lua. Those skilled in bash/PowerShell can do a surprising amount of "programming" tasks in those languages. Old timers use things like PERL or TCL. Sometimes the choice of which language to learn depends upon the vast libraries that come with the languages, especially Python and JavaScript libraries.
Development languages: Those scripting languages have grown up into real programming languages, but for the most part, "software development" means languages designed for that task like C, C++, Java, C#, Rust, Go, or Swift.
Domain-specific languages: The language Lua is built into nmap, snort, Wireshark, and many games. Ruby is the language of Metasploit. Further afield, you may end up learning languages like R or Matlab. PHP is incredibly important for web development. Mobile apps may need Java, C#, Kotlin, Swift, or Objective-C.


Conclusion

As I mentioned above, familiarity with JavaScript, bash/PowerShell, and SQL is unavoidable. So start with those. JavaScript in particular has become a lingua franca, able to do, and do well, almost anything you need a language to do these days, so it's worth getting into the finder details JavaScript.

However, there's no One Language to Rule them all. There's good reasons to learn most languages in this list. For some tasks, the support for a certain language is so good it's just best to learn that language to solve that task. With the academic focus on Python, you'll find well-written libraries that solve important tasks for you. If you want to work with a language that other people know, that you can ask questions about, then Python is a great choice.

The exceptions to this are C++ and PHP. They are so obsolete that you should avoid learning them, unless you plan on dealing with legacy.

PenHub:


hello bro please can u teach ,me hacking

Not doing it for free. You can go grab free contents online and learn yourself if you're looking to learn for free.

cixak95211:


Did you see where i mentioned a hardened server? or you just wanted to comment for "comment's sake"?
if i bought a regular bare-metal server, yes i could goof on implementing my own security, and you could 0-day the life out of it
but if i went to a hardened server, i'll love to see you try. A regular bare-metal server on GCP cost about $8 the cheapest, a hardened nginx server cost about $200+ per month for the base configuration. Once again, i 'll like to see you try an external hack.
We all know that hacks that happened to big corps, had an insider man .. e.g. the latest Twitter hacks; and your comment confirms it.. On a very good day, a thousand elites hackers cannot remotely break into Twitter, never, not gonna happen. And no way you're gonna use social engineering to break into Twitter's database or Google's database; cos you will have to "social engineer" lots of people on the admin chain.

Lol... Guess Twitter and Google doesn't use an "hardened server" for a bunch of people to have found bugs "externally" and earned huge bounty payouts.
Damn! Google and twitter should stop using $8 servers and opt for the $200+ ones xD.

cixak95211:
hackers are not prevalent in this part of the world cos most corporations outsource their server needs to ready-made corps.
if i want to deploy a bank app, i would entrust it to a hardened server in either GCP, AWS or Azure.
So any hacker who dreams of hacking me, from the outside, will have to first contend with breaking the security implemented by those guys which are top-notch. They are billion dollar corporations and have the best hands.

The day local corporations start to heavily invest on on-premise solutions, then they will take penestration testing and all seriously, cos they have to invest in security themselves.

By the ways its, called white hat and black hat . . not white and/or black

Pwning corporations is a lot less difficult than you think. I don't need to find a crazy 0day in GCP or AWS.
People make mistakes and humans are the weakest link in any organization. Hacking is rarely finding crazy elite hacks to remotely break into systems. It's a lot of just coming up with creative ways to get the user or chain multiple users to get to an admin to give you their password or to run some malicious code.

So "What is the OSI Model?" It's the fact that the local network is independent from the Internet, and the Internet is independent of the applications that run on top of it. It's the fact you can swap WiFi for Ethernet, or IPv6 for IPv4, or Signal for Whatsapp.
When we eventually move to IPv7, we won't need to upgrade Ethernet switches. Ethernet and WiFi have no clue what are doing on top of them. Ancient alternatives like XNS or Novel or NetBEUI also work fine on the latest 802.11ax/WiFi6 router you just bought. There are a few more subdivisions. Layer 1 (Physical) gets the raw bits transmitted on the wire (or into air). Layer 2 (Link) gets packets across your local network to the next router. Layer 3 (IPv4/IPv6) gets packets from one end of the Internet to the other. Layer 4 (TCP/UDP) gets packets to one of many apps running on your machine to one of many apps running on the server. It may also retransmit lost packets. Layer 7 consists of a bunch of different protocols that services those apps.

SegFault:

Yah read about it. The OSI was a huge failure and packed dumb and unnecessary layers like the presentation layer into its structure, ISO and their rush to standardise everything. It's pitiful that some engineers still use it

Q: define the Session and Presentation layers
A: Levels 5 and 6 sound theoretical and silly, I'm going to pretend they don't exist.

Correct!

I hope we can finally get rid of the Session and Presentation layers that never really existed but which every student had to learn.

certified1:
I am looking for someone who can teach me hacking. It may not be a free service.Thanks

Shoot me an email

....

...

..

.

Some of my favourite hacking memes. Drop your best ones too.

.

Bahat:
Nice writeup, I would recommend changing of pass often and not recycle password use on different sites. Although most of us are guilty of password recycle.
Maybe making stronger pass with site recommendation makes decryption more strictier and longer time to decrypt.

Even changing of password is up to the enduser. It's not easy having 10 different passwords on your head.
I remember 2fa is not the best mechanism as its been bypassed on different occasions

Also 2FA is mostly bypassed either through phishing with tools like evilginx or modliishka or if the site is crap "lacks rate limiting, etc".

.

Bahat:
Nice writeup, I would recommend changing of pass often and not recycle password use on different sites. Although most of us are guilty of password recycle.
Maybe making stronger pass with site recommendation makes decryption more strictier and longer time to decrypt.

Even changing of password is up to the enduser. It's not easy having 10 different passwords on your head.
I remember 2fa is not the best mechanism as its been bypassed on different occasions

You're right

emmy512:

I thought about this last week but i i said to myself what can go wrong in nairaland.
The only personal details they have is our email scared of the email going to the wrong hands? Our email address is everywhere on the net already, what more can we fear?
Our messages and threads can be publicly accessed so what is their to be private about.

They have your email address, browser type, IP address, and probably your OS type. It's a fucking big deal at the wrong hands

Bonatheripper:
Was just wondering... Is not important or the owners of Nairaland forgot to include it.

Still at that the Disclaimer seems to be the shortest Disclaimer of any popular websites I've visited throughout the years?


Is privacy policy useless for a forum?
Or don't The forum (Nairaland) care to tell us how our data is being used?

Seun?

It just means Seun won't think twice about selling your data for less than 2k.

There's no best laptop for programming. You can literally buy a RPI 4 or a cheap old thinkpad and just run linux + docker. It's all you really need.

Just worry about the portfolio you're building & skills you're learning.

Chuky7:


Tell me about it...Me too don tire...

No concentrate post on FP these days...politics politics sex...

You forgot to add snake

hardebayho:


Yeah, I did. Buh I ended up dumping cocos-2d sha cause it was just too much for my laptop

Totally didn't even notice the post was made in 2017. What was the alternative you opted for? I know it can't be Unity or Unreal cause they're heavier engines.

hardebayho:
Okay, so I wanted to install cocos2d on my bunsenlabs Linux (it's a debian derivative sha)... I downloaded the source code, uncompressed it, then went to the terminal to start compilation.

First, I used the install-deps.sh to download the dependencies. Then I also executed one python file to download external dependencies (like 150MB).

So I followed the procedures as described in the website and I hit(ed) several brick walls:

One opengl error.. Managed to fix that
Another fmod error.. Managed to fix that
Now the cemented wall is the one I don't know how to break..

Cannot find webp... Bla bla bla (you know all those useless cmake errors na.

Google couldn't help. So I'm thinking, if anyone here has one or two experiences with this cocos2d should share (No Windows is allowed ooo)

Have you fixed this yet? Might be able to help

lokoventurex1:
Hello guys,

I'm an aspiring data scientist with no science foundation. In fact, I studied accountancy and finance. However, I'm interested to be become a data scientist.

I've found a school that's ready to train me for four months though, but they want me to complete a task in R and Phyton which I've no idea about for now.

I need a God's sent individual to help me look into this task. My success at the task given determines my admission for the data science course proper.

It looks very weird looking at the task .

I'll be very grateful to get some help here....

Will help you out. What's the task?

MT:


Then you don't know what open redirect is all about.

Talk is cheap. I found 3 open redirects on NL months back, if you can find at least one, and tell me the vulnerable parameter, then I'll assume you're not dumb and you know what you're talking about.

Your time starts now.

MT:


I disagree with your write up. The blames should be shared between careless end-users who compromise their passwords as well as badly architected solution. If a software is badly designed, password can be easily hacked even if you don't compromise your password e g. Redirect vulnerability attack

1. Open redirects isn't a crit unless it exposes auth tokens.
2. Password security is 1% choosing a half-decent password and 99% not using it anywhere else, and also 2FA. Sites get pwned everytime.

emmy512:
Password reuse is the main problem, my girls mom lost her phone at home and i was trying to find out if it was stolen or somewhere in d house by checking it's location, she said she'd forgot the password for the mail. She gave me all sort of things to use and it wasn't untill she said i should use the name of the email as password and it opened....

Password = email address? This is an horror story o>_<o~

codeigniter:
I have been using NL seen last year, it is great but lack a lot of thing other forum has, which has let it retain it's speed, since it did not get better and we have gotten faster network.

Since a lot of people complains about NL and nothing is being done, I decided to start a fun project to make a forum for african not just Nigeria, on this forum you can create polls and share it with ur friends, you create jobs, create resume, blog e.t.c

Well, no amount word would explain it all until you check it out

afrikas.herokuapp.com

It has the potential to be the next big thing. If you ever need help making it better, beep me.

Looks like the last time it had a major upgrade was in 2012.