Skip to content

My journey of learning hacking

Disclaimer: I (Author) do not hold any responsibilities if anyone misuses the information provided here. This is my learning experience and educational blog post for testers who would learn from my experience and give them some tips on starting to learn security testing / hacking.

Tip to readers: Please install, “Google Dictionary” from Chrome Webstore [http://www.chrome.google.com/webstore/] which will help you in understanding the meaning of some hacking terms by just double clicking on a particular word.

My school days

I started to learn hacking when I was in my high school. My learning kept on progressing as I wanted more of it. I started from reading various forums, and tried malicious VBscripts and all sorts of such things. I used to be IRC addict those days and used to bypass the ban on IRC as I used to get banned often for advertizing my channel over IRC in other channels. I used HTTP Tunnel to change my IP address and used proxies to bypass the ban and again join the same channel irritating the channel operators there – Later, I stopped being lame and became official channel operator for DALnetHelp channel of DALnet IRC network which is one of the biggest IRC network among others & served there for some year(s) but, being lame helped me to know about proxies – Laughs.

 

During those days of my learning I used password unmasking software to crack the dial-up connection password, which was marked to “remember”. I was very excited to use software called as “Iopus Password Recovery”.

 

My college days

 

What happened next — I got to know about keylogger – Wow; I downloaded so many keyloggers and was exciting moment for me. My desktop machine was filled up with all sorts of adware / malware / virus / Trojan and I like to see them destroying my machine which was a cool learning experience for me about all these evil kiddos. Then I learned about hardware keyloggers where the anti-virus software doesn’t help to detect. I wanted to buy one of them but, I did not have enough money in my pocket those times. Later, I searched on how it’s really developed and learned about how to make one – Wait – I did not end up in making one but, I learned a lot on how it works.

 

What was next on my plate? Registry Hack — I started exploring the registry [Start à Run à Regedit] and learned about different things in registry repository. I searched for registry hacks and my first registry hack – Copied from somewhere on the web – was to set the maximum score for “Minesweeper” without playing it and amused my friends – I wanted to surprise them more and played a role of a “Script kiddie”.

 

In my college computer lab, I executed a VBScript which used to eject CD-ROM and close it in a loop till the script was stopped through the task manager or through Start à Run à wscript.

 

Then everyone was scared of me and they used to be so conscious while typing a password – Shoulder Surfing eh.

 

Some trick which I thought of sharing & implemented it,

I would like to share some trick to be employed to crack someone’s password from Yahoo Messenger,

Open the Yahoo Messenger and enter wrong credentials – Mark the “Remember my password” thingy and try to login – You will be notified that these are wrong credentials – Now, just close the Yahoo IM and when the victim comes to that machine, he / she opens the Yahoo IM and sees that there are wrong credentials – Unconsciously, he / she doesn’t notice the checkbox for “Remember my password” and logs in by entering the correct credentials – While logging out he / she just click on “Sign out” and credentials of that victim are stolen by the attacker using “Iopus password recovery” or any other such software – Some kind of Social Engineering would do to exploit!

 

My next step was to watch the videos on cracking, hacking

I started watching videos on hacking, cracking tutorials, learning about how something works at http://howstuffworks.com/ – I just did not watch them and leave it as most of them do. I implemented what I learned from those videos and when I saw the results I was so excited which motivated my motivation factor more and more.

 

I got to know about brute force, dictionary attacks, password hashes cracking – Downloaded the tools like Cain & Abel, Brutus etc. which could help in implementing the mentioned techniques.

 

After I met Pradeep Soundararajan

When I was under the software testing training by Pradeep Soundararajan during February 2009, I got to know that Security was one of the quality criteria and I am pretty good at it, which I have been doing for several years as of now. I did not know my learning experience about hacking would help me to add value to security testing. I started exploring more on hacking and learned many techniques about hacking a web application, experience of using web hosting control panel in my college days helped me to understand and attack some targets like Directory Listing, Port Scanning, finding vulnerabilities in the FTP software used [Know the vulnerability about WS_FTP.exe FTP client – Google it].

 

Now

I read more articles on hacking / exploits / vulnerabilities to keep myself updated and learn the new things from other hackers. I try to write my own programs and find vulnerabilities in them – This helps me to learn about how a programmer might have injected vulnerability knowingly or unknowingly. Personally, after learning all this, others feel that I am a cool at testing for security quality criteria but, for me it’s not enough. There is a lot for me to learn and I am game for it.

 

My next learning include,

  • More about XSS
  • Server exploits
  • Licensing – Protecting the product license from being cracked
  • Discussing on http://bangalorehackers.com/ with other ethical hackers / security testers and learning from them actively
  • Securing captcha’s – Learning about decoding captcha’s – Suggest ways of creating more secured captcha’s

 

Tips for testers wanting to learn security testing,

  • Read articles on hacking techniques
  • Watch the video tutorials about hacking
  • Learn about authentication, password hashes
  • Interact with ethical hackers / security testers at BangaloreHackers.com
  • Keep yourself updated with Security Testing news – http://softwaretestingnews.com/
  • Follow @packet_storm on twitter to get the updates on recent exploits and hacking news
  • Practice hacking at http://hackthissite.org/ — Exercises from basic to advanced level

 

I thank my readers for reading about my experience about learning hacking. I hope that this blog post has helped testers who want to learn security testing and also those who have already been in security testing.

 

If this blog post has been of help to you, then please spread by word of mouth or share about http://softwaretestingnews.com/ with your colleagues, friends, family etc. via Twitter, Facebook, LinkedIn, Digg, Reddit, StumbleUpon etc. and help them to keep themselves updated with Software Testing news.

 

SanthoshTuppad

I have been as a software tester for over 5 years. I am a hands-on tester and I've been winning bug battles & testing competitions across the world. I am a testing enthusiast, who conducts free workshops on security testing across India (Covered locations: Bengaluru, Pune, Hyderabad & Chennai. Invite him to come to your location), and monthly meets for testers in Bengaluru. I am also an avid testing blogger.

My interests include traveling, driving my SUV, health & fitness and many others. I mentor budding entrepreneurs, testers, teams in any profession.

Latest posts by SanthoshTuppad (see all)

Share/Bookmark

7 Comments

  1. Mohit Verma wrote:

    Hi Santhosh,

    Thanks for sharing your experience with us. Your experiences are not only educational but also motivational.

    Also, thanks for sharing the resources.

    Regards
    Mohit

    Thursday, April 14, 2011 at 10:59 am | Permalink
  2. Hi Santhosh,

    This was a very interesting read, I like how you’ve learned and applied.

    Often people read interesting articles which talk about techniques and approaches they could apply in their workplace, then move on and forget. It those like yourself that apply the knowledge that benefit, and always remember.

    Thanks for sharing, I’m looking forward to the next one.

    Cheers,

    Darren.

    Friday, April 15, 2011 at 12:09 am | Permalink
  3. Thanks Mohit & Darren :)

    Friday, April 15, 2011 at 10:34 am | Permalink
  4. Martin Hall wrote:

    Nice write up,

    I always find it interesting to read how other people make the leap from testing to security and even vice versa from security to QA sometimes.

    Sunday, September 4, 2011 at 1:37 pm | Permalink
  5. Abrar wrote:

    Hi Santhosh,

    Thanks for sharing with us your experience.

    I am also started learning Security Testing based on the information given by you in “How do I start security testing” article.

    How can I contact you if I need any further help in learning security testing.

    Thanks a lot….Santhosh.

    Friday, August 31, 2012 at 4:17 am | Permalink
  6. You can contact me on +91 97422 64809. However; I would prefer e-mail when it’s not that urgent (Santhosh.Tuppad@gmail.com).

    Monday, September 3, 2012 at 9:40 pm | Permalink
  7. ABRAR wrote:

    Thanks a lot Santhosh…..

    Sunday, September 9, 2012 at 9:31 pm | Permalink

Post a Comment

Your email is never published nor shared. Required fields are marked *
*
*